package macaroon

import "gopkg.in/macaroon.v1"

The macaroon package implements macaroons as described in the paper "Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud" (http://theory.stanford.edu/~ataly/Papers/macaroons.pdf)

See the macaroon bakery packages at http://godoc.org/gopkg.in/macaroon-bakery.v0 for higher level services and operations that use macaroons.

Index ¶

• type Caveat
• type Macaroon
• func New(rootKey []byte, id, loc string) (*Macaroon, error)
• func (m *Macaroon) AddFirstPartyCaveat(caveatId string) error
• func (m *Macaroon) AddThirdPartyCaveat(rootKey []byte, caveatId string, loc string) error
• func (m *Macaroon) Bind(sig []byte)
• func (m *Macaroon) Caveats() []Caveat
• func (m *Macaroon) Clone() *Macaroon
• func (m *Macaroon) Id() string
• func (m *Macaroon) Location() string
• func (m *Macaroon) MarshalBinary() ([]byte, error)
• func (m *Macaroon) MarshalJSON() ([]byte, error)
• func (m *Macaroon) Signature() []byte
• func (m *Macaroon) UnmarshalBinary(data []byte) error
• func (m *Macaroon) UnmarshalJSON(jsonData []byte) error
• func (m *Macaroon) Verify(rootKey []byte, check func(caveat string) error, discharges []*Macaroon) error
• type Slice
• func (s Slice) MarshalBinary() ([]byte, error)
• func (s *Slice) UnmarshalBinary(data []byte) error
• type Verifier

Package Files ¶

crypto.go macaroon.go marshal.go packet.go

type Caveat ¶ Uses

type Caveat struct {
    Id       string
    Location string
}

type Macaroon ¶ Uses

type Macaroon struct {
    // contains filtered or unexported fields
}

Macaroon holds a macaroon. See Fig. 7 of http://theory.stanford.edu/~ataly/Papers/macaroons.pdf for a description of the data contained within. Macaroons are mutable objects - use Clone as appropriate to avoid unwanted mutation.

func New ¶ Uses

func New(rootKey []byte, id, loc string) (*Macaroon, error)

New returns a new macaroon with the given root key, identifier and location.

func (*Macaroon) AddFirstPartyCaveat ¶ Uses

func (m *Macaroon) AddFirstPartyCaveat(caveatId string) error

AddFirstPartyCaveat adds a caveat that will be verified by the target service.

func (*Macaroon) AddThirdPartyCaveat ¶ Uses

func (m *Macaroon) AddThirdPartyCaveat(rootKey []byte, caveatId string, loc string) error

AddThirdPartyCaveat adds a third-party caveat to the macaroon, using the given shared root key, caveat id and location hint. The caveat id should encode the root key in some way, either by encrypting it with a key known to the third party or by holding a reference to it stored in the third party's storage.

func (*Macaroon) Bind ¶ Uses

func (m *Macaroon) Bind(sig []byte)

Bind prepares the macaroon for being used to discharge the macaroon with the given signature sig. This must be used before it is used in the discharges argument to Verify.

func (*Macaroon) Caveats ¶ Uses

func (m *Macaroon) Caveats() []Caveat

Caveats returns the macaroon's caveats. This method will probably change, and it's important not to change the returned caveat.

func (*Macaroon) Clone ¶ Uses

func (m *Macaroon) Clone() *Macaroon

Clone returns a copy of the receiving macaroon.

func (*Macaroon) Id ¶ Uses

func (m *Macaroon) Id() string

Id returns the id of the macaroon. This can hold arbitrary information.

func (*Macaroon) Location ¶ Uses

func (m *Macaroon) Location() string

Location returns the macaroon's location hint. This is not verified as part of the macaroon.

func (*Macaroon) MarshalBinary ¶ Uses

func (m *Macaroon) MarshalBinary() ([]byte, error)

MarshalBinary implements encoding.BinaryMarshaler.

func (*Macaroon) MarshalJSON ¶ Uses

func (m *Macaroon) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler.

func (*Macaroon) Signature ¶ Uses

func (m *Macaroon) Signature() []byte

Signature returns the macaroon's signature.

func (*Macaroon) UnmarshalBinary ¶ Uses

func (m *Macaroon) UnmarshalBinary(data []byte) error

UnmarshalBinary implements encoding.BinaryUnmarshaler.

func (*Macaroon) UnmarshalJSON ¶ Uses

func (m *Macaroon) UnmarshalJSON(jsonData []byte) error

UnmarshalJSON implements json.Unmarshaler.

func (*Macaroon) Verify ¶ Uses

func (m *Macaroon) Verify(rootKey []byte, check func(caveat string) error, discharges []*Macaroon) error

Verify verifies that the receiving macaroon is valid. The root key must be the same that the macaroon was originally minted with. The check function is called to verify each first-party caveat - it should return an error if the condition is not met.

The discharge macaroons should be provided in discharges.

Verify returns nil if the verification succeeds.

type Slice ¶ Uses

type Slice []*Macaroon

Slice defines a collection of macaroons. By convention, the first macaroon in the slice is a primary macaroon and the rest are discharges for its third party caveats.

func (Slice) MarshalBinary ¶ Uses

func (s Slice) MarshalBinary() ([]byte, error)

MarshalBinary implements encoding.BinaryMarshaler.

func (*Slice) UnmarshalBinary ¶ Uses

func (s *Slice) UnmarshalBinary(data []byte) error

UnmarshalBinary implements encoding.BinaryUnmarshaler.

type Verifier ¶ Uses

type Verifier interface {
    Verify(m *Macaroon, rootKey []byte) (bool, error)
}