persona

package module
v0.0.0-...-0e84504 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 25, 2014 License: BSD-2-Clause Imports: 26 Imported by: 0

README

go-persona

A Persona IDP server written in Go.

Current limitations:

  • This is very much a work in progress. The implementation is not complete. Some things that shouldn't be hardcoded are.

License:

Copyright (c) 2014, Ryan Rogers
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met: 

1. Redistributions of source code must retain the above copyright notice, this
   list of conditions and the following disclaimer. 
2. Redistributions in binary form must reproduce the above copyright notice,
   this list of conditions and the following disclaimer in the documentation
   and/or other materials provided with the distribution. 

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Documentation

Overview

Package persona implements a Mozilla Persona Identity Provider.

Index

Constants

View Source 
const (
	ContentTypeHtml  = "text/html; charset=utf-8"
	ContentTypeJson  = "application/json; charset=utf-8"
	ContentTypePlain = "text/plain; charset=utf-8"
)
View Source 
const (
	MinKeySizeDSA = 2048
	MinKeySizeRSA = 2048
)

Minimum supported key sizes.

View Source 
const SessionMaxDuration = 86400

SessionMaxDuration is the maximum duration, in seconds, that a session can be valid for.

View Source 
const SupportDocumentURL = "/.well-known/browserid"

SupportDocumentURL is the URL to the BrowserID support document.

Variables

View Source 
var (
	AuthenticationTemplate *template.Template
	ProvisioningTemplate   *template.Template
)

Templates used to render the authentication and provisioning pages.

View Source 
var (
	AuthenticationTemplateParams = make(map[string]interface{})
	ProvisioningTemplateParams   = make(map[string]interface{})
)

Parameters passed to the authentication and provisioning templates.

View Source 
var PrivateKeyTypeToAlgorithm = map[string]string{
	"DSA":   "DS",
	"ECDSA": "EC",
	"RSA":   "RS",
}

PrivateKeyTypeToAlgorithm is a human-to-Persona mapping of supported private key type algorithms.

FIXME: ECDSA is not well documented in the Persona specs, so I'm not sure that "EC" is proper for ECDSA keys.

View Source 
var SupportedEllipticCurves = map[elliptic.Curve]string{
	elliptic.P224(): "P-224",
	elliptic.P256(): "P-256",
	elliptic.P384(): "P-384",
	elliptic.P521(): "P-521",
}

SupportedEllipticCurves is a curve-to-label mapping of the supported elliptic curves.

View Source 
var SupportedPrivateKeyTypes = map[string]bool{

	"ECDSA": true,
	"RSA":   true,
}

SupportedPrivateKeyTypes is a list of the supported private key types.

FIXME: DSA is only unsupported due to Go not having a builtin Parse<x>PrivateKey function that handles DSA keys.

FIXME: ECDSA is not well documented in the Persona specs, so support is questionable.

Functions

func Authentication 

func Authentication(w http.ResponseWriter, r *http.Request)

Authentication responds with the authentication page template.

func BrowserID 

func BrowserID(w http.ResponseWriter, r *http.Request)

BrowserID responds with the BrowserID support document.

func CheckSession 

func CheckSession(w http.ResponseWriter, r *http.Request)

CheckSession responds with StatusOK (200) if the given user has a valid session, or StatusUnauthorized (401) if not. On error, it responds with StatusInternalServerError (500).

func CloseSessionBacking 

func CloseSessionBacking()

CloseSessionBacking closes the session backing.

func CompressResponse 

func CompressResponse(f http.HandlerFunc) http.HandlerFunc

func GenerateCertificate 

func GenerateCertificate(w http.ResponseWriter, r *http.Request)

GenerateCertificate responds with a signed identity certificate on success. On error, it responds with StatusInternalServerError (500).

func GenerateSupportDocument 

func GenerateSupportDocument(config *Configuration) (doc []byte, err error)

GenerateSupportDocument reads the given configuration and returns a support document based on that configuration.

func Provisioning 

func Provisioning(w http.ResponseWriter, r *http.Request)

Provisioning responds with the provisioning page template.

func SetPrivateKey 

func SetPrivateKey(key interface{}) error

SetPrivateKey uses the supplied private key.

func SetSessionBacking 

func SetSessionBacking(backing SessionBacking)

SetSessionBacking uses the supplied session backing.

func ValidateConfig 

func ValidateConfig(config *Configuration) (err error)

ValidateConfig validates that provided Configuration.

Types

type CompressedResponseWriter 

type CompressedResponseWriter struct {
	http.ResponseWriter
	Compressor io.WriteCloser
	Encoding   string
}

func (CompressedResponseWriter) Write 

func (crw CompressedResponseWriter) Write(b []byte) (int, error)

func (CompressedResponseWriter) WriteHeader 

func (crw CompressedResponseWriter) WriteHeader(code int)

type Configuration 

type Configuration struct {
	PrivateKey struct {
		Type string `json:"type"`
		File string `json:"file"`
	} `json:"private-key"`
	Authentication struct {
		Url      string `json:"url"`
		Template string `json:"template"`
		Disabled bool   `json:"disabled"`
	} `json:"authentication"`
	Provisioning struct {
		Url      string `json:"url"`
		Template string `json:"template"`
		Disabled bool   `json:"disabled"`
	} `json:"provisioning"`
	Delegation struct {
		Delegate bool   `json:"delegate"`
		Host     string `json:"host"`
	} `json:"delegation"`
	Session struct {
		Url     string `json:"url"`
		Store   string `json:"store"`
		Backing string `json:"backing"`
	} `json:"session"`
	CertificateUrl string `json:"certificate-url"`
}

Configuration represents the Persona IdP configuration file.

func DecodeConfig 

func DecodeConfig(rawJson []byte) (config *Configuration, err error)

DecodeConfig loads a Configuration from the provided JSON structure.

func LoadConfig 

func LoadConfig(filePath string) (config *Configuration, err error)

LoadConfig loads a Configuration from the provided file.

type DelegatedSupportDocument 

type DelegatedSupportDocument struct {
	Authority string `json:"authority"`
}

DelegatedSupportDocument is a BrowserID support document that delegates its duties to a different host.

type IdentityCertificate 

type IdentityCertificate struct {
	Iat       int64                        `json:"iat,string"`
	Exp       int64                        `json:"exp,string"`
	Iss       string                       `json:"iss"`
	PublicKey map[string]string            `json:"public-key"`
	Principal IdentityCertificatePrincipal `json:"principal"`
}

IdentityCertificate represents an identity certificate.

type IdentityCertificateHeader 

type IdentityCertificateHeader struct {
	Alg string `json:"alg"`
}

IdentityCertificateHeader is the header for an identity certificate.

type IdentityCertificatePrincipal 

type IdentityCertificatePrincipal struct {
	Email string `json:"email"`
}

IdentityCertificatePrincipal is the principal element of an identity certificate.

type PrivateKey 

type PrivateKey struct {
	// contains filtered or unexported fields
}

PrivateKey represents the private key that is used for all of Persona's cryptographic operations.

func (*PrivateKey) IdCertHeader 

func (pk *PrivateKey) IdCertHeader() (header IdentityCertificateHeader, err error)

IdCertHeader returns the header for an ID certificate.

func (*PrivateKey) Sign 

func (pk *PrivateKey) Sign(data []byte) (signature []byte, err error)

Sign signs the provided data.

func (*PrivateKey) SupportDoc 

func (pk *PrivateKey) SupportDoc() (interface{}, error)

SupportDoc returns the public-key component of the support document.

type PublicKeyDSA 

type PublicKeyDSA struct {
	Algorithm string `json:"algorithm"`
	G         string `json:"g"`
	P         string `json:"p"`
	Q         string `json:"q"`
	Y         string `json:"y"`
}

PublicKeyDSA represents a DSA public key.

type PublicKeyECDSA 

type PublicKeyECDSA struct {
	Algorithm string `json:"algorithm"`
	Curve     string `json:"crv"`
	X         string `json:"x"`
	Y         string `json:"y"`
}

PublicKeyECDSA represents an ECDSA public key. FIXME: I'm not 100% certain that the parameters here are correct.

type PublicKeyRSA 

type PublicKeyRSA struct {
	Algorithm string `json:"algorithm"`
	N         string `json:"n"`
	E         string `json:"e"`
}

PublicKeyRSA represents an RSA public key.

type RequestCheckSession 

type RequestCheckSession struct {
	Email string `json:"email"`
}

RequestCheckSession represents the body of a CheckSession request.

type RequestGenerateCertificate 

type RequestGenerateCertificate struct {
	Email     string            `json:"email"`
	PublicKey map[string]string `json:"public-key"`
	Duration  int               `json:"duration,string"`
}

RequestGenerateCertificate represents the body of a GenerateCertificate request.

type SQLiteBacking 

type SQLiteBacking struct {
	DB *sql.DB
	// contains filtered or unexported fields
}

SQLiteBacking implements that SessionBacking interface, and allows for manipulating sessions stored in an SQLite3 database.

func (*SQLiteBacking) Close 

func (b *SQLiteBacking) Close() (err error)

Close implements the Close method of the SessionBacking interface.

func (*SQLiteBacking) HasSession 

func (b *SQLiteBacking) HasSession(email string) (hasSession bool, err error)

HasSession implements the HasSession method of the SessionBacking interface.

func (*SQLiteBacking) NewSession 

func (b *SQLiteBacking) NewSession(email, id string) (err error)

NewSession implements the NewSession method of the SessionBacking interface.

func (*SQLiteBacking) Open 

func (b *SQLiteBacking) Open(location string) (err error)

Open implements the Open method of the SessionBacking interface.

type SessionBacking 

type SessionBacking interface {
	Open(string) error
	Close() error
	NewSession(string, string) error
	HasSession(string) (bool, error)
}

SessionBacking is the interface used by all session backings.

type SupportDocument 

type SupportDocument struct {
	PublicKey      interface{} `json:"public-key"`
	Authentication string      `json:"authentication"`
	Provisioning   string      `json:"provisioning"`
}

SupportDocument is a BrowserID support document.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.