v.io: v.io/x/ref/services/identity/internal/revocation Index | Files

package revocation

import "v.io/x/ref/services/identity/internal/revocation"

nolint:golint

Package revocation provides tools to create and manage revocation caveats.

Index

Package Files

mock_revocation_manager.go revocation.vdl.go revocation_manager.go sql_database.go

Variables

var NotRevokedCaveat = security.CaveatDescriptor{
    Id: uniqueid.Id{
        75,
        70,
        92,
        86,
        55,
        121,
        209,
        59,
        123,
        163,
        167,
        214,
        165,
        52,
        128,
        0,
    },
    ParamType: vdl.TypeOf((*[]byte)(nil)),
}

NotRevokedCaveat is used to implement revocation. It validates iff the parameter is not included in a list of blacklisted values.

The third-party discharging service checks this revocation caveat against a database of blacklisted (revoked) keys before issuing a discharge.

type RevocationManager Uses

type RevocationManager interface {
    NewCaveat(discharger security.PublicKey, dischargerLocation string) (security.Caveat, error)
    Revoke(caveatID string) error
    GetRevocationTime(caveatID string) *time.Time
}

RevocationManager persists information for revocation caveats to provided discharges and allow for future revocations. nolint:golint // API change required.

func NewMockRevocationManager Uses

func NewMockRevocationManager(ctx *context.T) RevocationManager

func NewRevocationManager Uses

func NewRevocationManager(ctx *context.T, sqlDB *sql.DB) (RevocationManager, error)

NewRevocationManager returns a RevocationManager that persists information about revocationCaveats in a SQL database and allows for revocation and caveat creation. This function can only be called once because of the use of global variables.

Package revocation imports 10 packages (graph) and is imported by 29 packages. Updated 2020-10-24. Refresh now. Tools for package owners.