Documentation ¶
Overview ¶
The macaroon package implements macaroons as described in the paper "Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud" (http://theory.stanford.edu/~ataly/Papers/macaroons.pdf)
See the macaroon bakery packages at http://godoc.org/gopkg.in/macaroon-bakery.v2 for higher level services and operations that use macaroons.
Index ¶
- func Base64Decode(data []byte) ([]byte, error)
- func EcdsaSignatureVerify(pubKey []byte, m *Macaroon) error
- func HmacSha256KeyedHash(key []byte, text []byte) []byte
- func HmacSha256SignatureVerify(key []byte, m *Macaroon) error
- func MakeKey(variableKey []byte) []byte
- func MarshalBinary(macaroons *MacaroonSlice) ([]byte, error)
- func RandomKey(size int) ([]byte, error)
- func VerifyMacaroon(macaroon *Macaroon, context Context, rawOperations [][]byte) error
- type Caveat
- type Context
- type EcdsaSigner
- type Emitter
- type HmacSha256Signer
- type Macaroon
- func (m *Macaroon) AddCaveat(caveatId, verificationId []byte, loc string) error
- func (m *Macaroon) AddFirstPartyCaveat(condition []byte) error
- func (m *Macaroon) Bind(sig []byte)
- func (m *Macaroon) Caveats() []Caveat
- func (m *Macaroon) Clone() *Macaroon
- func (m *Macaroon) Equal(m1 *Macaroon) bool
- func (m *Macaroon) EraseSignature()
- func (m *Macaroon) GetCaveatById(cavId []byte) *Caveat
- func (m *Macaroon) Id() []byte
- func (m *Macaroon) Location() string
- func (m *Macaroon) SetLocation(loc string)
- func (m *Macaroon) SetSignature(sig []byte)
- func (m *Macaroon) Sign(signer Signer) error
- func (m *Macaroon) Signature() []byte
- func (m *Macaroon) Version() Version
- type MacaroonSlice
- type Operation
- type Signer
- type Version
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Base64Decode ¶
Base64Decode base64-decodes the given data. It accepts both standard and URL encodings, both padded and unpadded.
func EcdsaSignatureVerify ¶
func HmacSha256KeyedHash ¶
func MakeKey ¶
MakeKey derives a fixed length key from a variable length key. The keyGen constant is the same as that used in libmacaroons.
func MarshalBinary ¶
func MarshalBinary(macaroons *MacaroonSlice) ([]byte, error)
MarshalBinary implements encoding.BinaryMarshaler.
Types ¶
type Caveat ¶
type Caveat struct { // Id holds the id of the caveat. For first // party caveats this holds the condition; // for third party caveats this holds the encrypted // third party caveat. Id []byte // VerificationId holds the verification id. If this is // non-empty, it's a third party caveat. VerificationId []byte // For third-party caveats, Location holds the // ocation hint. Note that this is not signature checked // as part of the caveat, so should only // be used as a hint. Location string }
Caveat holds a first party or third party caveat.
func (*Caveat) IsThirdParty ¶
isThirdParty reports whether the caveat must be satisfied by some third party (if not, it's a first person caveat).
type EcdsaSigner ¶
type EcdsaSigner struct {
// contains filtered or unexported fields
}
func NewEcdsaSigner ¶
func NewEcdsaSigner(key []byte) *EcdsaSigner
func (*EcdsaSigner) SignMacaroon ¶
func (s *EcdsaSigner) SignMacaroon(m *Macaroon) error
type Emitter ¶
type Emitter struct {
// contains filtered or unexported fields
}
func NewEmitter ¶
func RecreateEmitter ¶
func (*Emitter) AuthorizeOperation ¶
func (*Emitter) DelegateAuthorization ¶
func (*Emitter) EmitMacaroon ¶
type HmacSha256Signer ¶
type HmacSha256Signer struct {
// contains filtered or unexported fields
}
func DeriveHmacSha256Signer ¶
func DeriveHmacSha256Signer(m *Macaroon) (*HmacSha256Signer, error)
func NewHmacSha256Signer ¶
func NewHmacSha256Signer(key []byte) (*HmacSha256Signer, error)
func (*HmacSha256Signer) SignData ¶
func (s *HmacSha256Signer) SignData(data []byte) ([]byte, error)
func (*HmacSha256Signer) SignMacaroon ¶
func (s *HmacSha256Signer) SignMacaroon(m *Macaroon) error
type Macaroon ¶
type Macaroon struct {
// contains filtered or unexported fields
}
Macaroon holds a macaroon. See Fig. 7 of http://theory.stanford.edu/~ataly/Papers/macaroons.pdf for a description of the data contained within. Macaroons are mutable objects - use Clone as appropriate to avoid unwanted mutation.
func (*Macaroon) AddFirstPartyCaveat ¶
AddFirstPartyCaveat adds a caveat that will be verified by the target service.
func (*Macaroon) Bind ¶
Bind prepares the macaroon for being used to discharge the macaroon with the given signature sig. This must be used before it is used in the discharges argument to Verify.
func (*Macaroon) Caveats ¶
Caveats returns the macaroon's caveats. This method will probably change, and it's important not to change the returned caveat.
func (*Macaroon) EraseSignature ¶
func (m *Macaroon) EraseSignature()
func (*Macaroon) GetCaveatById ¶
func (*Macaroon) Location ¶
Location returns the macaroon's location hint. This is not verified as part of the macaroon.
func (*Macaroon) SetLocation ¶
SetLocation sets the location associated with the macaroon. Note that the location is not included in the macaroon's hash chain, so this does not change the signature.
func (*Macaroon) SetSignature ¶
type MacaroonSlice ¶
type MacaroonSlice struct {
// contains filtered or unexported fields
}
func UnmarshalBinary ¶
func UnmarshalBinary(data []byte) (*MacaroonSlice, error)
UnmarshalBinary implements encoding.BinaryUnmarshaler. It accepts all known binary encodings for the data - all the embedded macaroons need not be encoded in the same format.
func (*MacaroonSlice) Add ¶
func (s *MacaroonSlice) Add(m *Macaroon)
func (*MacaroonSlice) GetLength ¶
func (s *MacaroonSlice) GetLength() int