luci: go.chromium.org/luci/server/auth/delegation/messages Index | Files

package messages

import "go.chromium.org/luci/server/auth/delegation/messages"

Index

Package Files

delegation.pb.go generate.go

Variables

var Subtoken_Kind_name = map[int32]string{
    0:  "UNKNOWN_KIND",
    1:  "BEARER_DELEGATION_TOKEN",
}
var Subtoken_Kind_value = map[string]int32{
    "UNKNOWN_KIND":            0,
    "BEARER_DELEGATION_TOKEN": 1,
}

type DelegationToken Uses

type DelegationToken struct {
    // Identity of a service that signed this token.
    //
    // It can be a 'service:<app-id>' string or 'user:<service-account-email>'
    // string.
    //
    // In both cases the appropriate certificate store will be queried (via SSL)
    // for the public key to use for signature verification.
    SignerId string `protobuf:"bytes,2,opt,name=signer_id,json=signerId,proto3" json:"signer_id,omitempty"`
    // ID of a key used for making the signature.
    //
    // There can be multiple active keys at any moment in time: one used for new
    // signatures, and one being rotated out (but still valid for verification).
    //
    // The lifetime of the token indirectly depends on the lifetime of the signing
    // key, which is 24h. So delegation tokens can't live longer than 24h.
    SigningKeyId string `protobuf:"bytes,3,opt,name=signing_key_id,json=signingKeyId,proto3" json:"signing_key_id,omitempty"`
    // The signature: PKCS1_v1_5+SHA256(serialized_subtoken, signing_key_id).
    Pkcs1Sha256Sig []byte `protobuf:"bytes,4,opt,name=pkcs1_sha256_sig,json=pkcs1Sha256Sig,proto3" json:"pkcs1_sha256_sig,omitempty"`
    // Serialized Subtoken message. It's signature is stored in pkcs1_sha256_sig.
    SerializedSubtoken   []byte   `protobuf:"bytes,5,opt,name=serialized_subtoken,json=serializedSubtoken,proto3" json:"serialized_subtoken,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

Signed serialized Subtoken.

This message is just an envelope that carries the serialized Subtoken message and its signature.

Next ID: 6.

func (*DelegationToken) Descriptor Uses

func (*DelegationToken) Descriptor() ([]byte, []int)

func (*DelegationToken) GetPkcs1Sha256Sig Uses

func (m *DelegationToken) GetPkcs1Sha256Sig() []byte

func (*DelegationToken) GetSerializedSubtoken Uses

func (m *DelegationToken) GetSerializedSubtoken() []byte

func (*DelegationToken) GetSignerId Uses

func (m *DelegationToken) GetSignerId() string

func (*DelegationToken) GetSigningKeyId Uses

func (m *DelegationToken) GetSigningKeyId() string

func (*DelegationToken) ProtoMessage Uses

func (*DelegationToken) ProtoMessage()

func (*DelegationToken) Reset Uses

func (m *DelegationToken) Reset()

func (*DelegationToken) String Uses

func (m *DelegationToken) String() string

func (*DelegationToken) XXX_DiscardUnknown Uses

func (m *DelegationToken) XXX_DiscardUnknown()

func (*DelegationToken) XXX_Marshal Uses

func (m *DelegationToken) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DelegationToken) XXX_Merge Uses

func (m *DelegationToken) XXX_Merge(src proto.Message)

func (*DelegationToken) XXX_Size Uses

func (m *DelegationToken) XXX_Size() int

func (*DelegationToken) XXX_Unmarshal Uses

func (m *DelegationToken) XXX_Unmarshal(b []byte) error

type Subtoken Uses

type Subtoken struct {
    // What kind of token is this.
    //
    // Defines how it can be used. See comments for Kind enum.
    Kind Subtoken_Kind `protobuf:"varint,8,opt,name=kind,proto3,enum=messages.Subtoken_Kind" json:"kind,omitempty"`
    // Identifier of this subtoken as generated by the token server.
    //
    // Used for logging and tracking purposes.
    SubtokenId int64 `protobuf:"varint,4,opt,name=subtoken_id,json=subtokenId,proto3" json:"subtoken_id,omitempty"`
    // Identity whose authority is delegated.
    //
    // A string of the form "user:<email>".
    DelegatedIdentity string `protobuf:"bytes,1,opt,name=delegated_identity,json=delegatedIdentity,proto3" json:"delegated_identity,omitempty"`
    // Who requested this token.
    //
    // This can match delegated_identity if the user is delegating their own
    // identity or it can be a different id if the token is actually
    // an impersonation token.
    RequestorIdentity string `protobuf:"bytes,7,opt,name=requestor_identity,json=requestorIdentity,proto3" json:"requestor_identity,omitempty"`
    // When the token was generated (and when it becomes valid).
    //
    // Number of seconds since epoch (Unix timestamp).
    CreationTime int64 `protobuf:"varint,2,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
    // How long the token is considered valid (in seconds).
    ValidityDuration int32 `protobuf:"varint,3,opt,name=validity_duration,json=validityDuration,proto3" json:"validity_duration,omitempty"`
    // Who can present this token.
    //
    // Each item can be an identity string (e.g. "user:<email>"), a "group:<name>"
    // string, or special "*" string which means "Any bearer can use the token".
    Audience []string `protobuf:"bytes,5,rep,name=audience,proto3" json:"audience,omitempty"`
    // What services should accept this token.
    //
    // List of services (specified as service identities, e.g. "service:app-id")
    // that should accept this token. May also contain special "*" string, which
    // means "All services".
    Services []string `protobuf:"bytes,6,rep,name=services,proto3" json:"services,omitempty"`
    // Arbitrary key:value pairs embedded into the token by whoever requested it.
    // Convey circumstance of why the token is created.
    //
    // Services that accept the token may use them for additional authorization
    // decisions. Please use extremely carefully, only when you control both sides
    // of the delegation link and can guarantee that services involved understand
    // the tags.
    Tags                 []string `protobuf:"bytes,9,rep,name=tags,proto3" json:"tags,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

Identifies who delegates what authority to whom where.

Next ID: 10.

func (*Subtoken) Descriptor Uses

func (*Subtoken) Descriptor() ([]byte, []int)

func (*Subtoken) GetAudience Uses

func (m *Subtoken) GetAudience() []string

func (*Subtoken) GetCreationTime Uses

func (m *Subtoken) GetCreationTime() int64

func (*Subtoken) GetDelegatedIdentity Uses

func (m *Subtoken) GetDelegatedIdentity() string

func (*Subtoken) GetKind Uses

func (m *Subtoken) GetKind() Subtoken_Kind

func (*Subtoken) GetRequestorIdentity Uses

func (m *Subtoken) GetRequestorIdentity() string

func (*Subtoken) GetServices Uses

func (m *Subtoken) GetServices() []string

func (*Subtoken) GetSubtokenId Uses

func (m *Subtoken) GetSubtokenId() int64

func (*Subtoken) GetTags Uses

func (m *Subtoken) GetTags() []string

func (*Subtoken) GetValidityDuration Uses

func (m *Subtoken) GetValidityDuration() int32

func (*Subtoken) ProtoMessage Uses

func (*Subtoken) ProtoMessage()

func (*Subtoken) Reset Uses

func (m *Subtoken) Reset()

func (*Subtoken) String Uses

func (m *Subtoken) String() string

func (*Subtoken) XXX_DiscardUnknown Uses

func (m *Subtoken) XXX_DiscardUnknown()

func (*Subtoken) XXX_Marshal Uses

func (m *Subtoken) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Subtoken) XXX_Merge Uses

func (m *Subtoken) XXX_Merge(src proto.Message)

func (*Subtoken) XXX_Size Uses

func (m *Subtoken) XXX_Size() int

func (*Subtoken) XXX_Unmarshal Uses

func (m *Subtoken) XXX_Unmarshal(b []byte) error

type Subtoken_Kind Uses

type Subtoken_Kind int32
const (
    // This is to catch old tokens that don't have 'kind' field yet.
    //
    // Tokens of this kind are interpreted as 'BEARER_DELEGATION_TOKEN' for now,
    // for compatibility. But eventually (when all backends are updated), they
    // will become invalid (and there will be no way to generate them). This is
    // needed to avoid old servers accidentally interpret tokens of kind != 0 as
    // BEARER_DELEGATION_TOKEN tokens.
    Subtoken_UNKNOWN_KIND Subtoken_Kind = 0
    // The token of this kind can be sent in X-Delegation-Token-V1 HTTP header.
    // The services will check all restrictions of the token, and will
    // authenticate requests as coming from 'delegated_identity'.
    Subtoken_BEARER_DELEGATION_TOKEN Subtoken_Kind = 1
)

func (Subtoken_Kind) EnumDescriptor Uses

func (Subtoken_Kind) EnumDescriptor() ([]byte, []int)

func (Subtoken_Kind) String Uses

func (x Subtoken_Kind) String() string

Package messages imports 3 packages (graph) and is imported by 10 packages. Updated 2018-10-19. Refresh now. Tools for package owners.