Google Git
Sign in
vanadium / release.go.v23 / 403ad9314b8376d8a71c2b18538c71a631691dd9 / . / security / security.vdl.go
blob: b4f6cccd84f0ff98b94c01aee8dc6d61db028ce4 [file] [log] [blame]
// Copyright 2015 The Vanadium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// This file was auto-generated by the vanadium vdl tool.
// Package: security
package security
import (
"fmt"
"reflect"
"time"
"v.io/v23/context"
"v.io/v23/i18n"
"v.io/v23/uniqueid"
"v.io/v23/vdl"
vdltime "v.io/v23/vdlroot/time"
"v.io/v23/verror"
"v.io/v23/vom"
)
var _ = __VDLInit() // Must be first; see __VDLInit comments for details.
//////////////////////////////////////////////////
// Type definitions
type nonce [16]byte
func (nonce) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.nonce"`
}) {
}
func (m *nonce) FillVDLTarget(t vdl.Target, tt *vdl.Type) error {
if err := t.FromBytes([]byte((*m)[:]), tt); err != nil {
return err
}
return nil
}
func (m *nonce) MakeVDLTarget() vdl.Target {
return &nonceTarget{Value: m}
}
type nonceTarget struct {
Value *nonce
vdl.TargetBase
}
func (t *nonceTarget) FromBytes(src []byte, tt *vdl.Type) error {
if ttWant := vdl.TypeOf((*nonce)(nil)); !vdl.Compatible(tt, ttWant) {
return fmt.Errorf("type %v incompatible with %v", tt, ttWant)
}
copy((*t.Value)[:], src)
return nil
}
func (x nonce) VDLIsZero() bool {
return x == nonce{}
}
func (x nonce) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(vdl.TypeOf((*nonce)(nil))); err != nil {
return err
}
if err := enc.EncodeBytes([]byte(x[:])); err != nil {
return err
}
return enc.FinishValue()
}
func (x *nonce) VDLRead(dec vdl.Decoder) error {
if err := dec.StartValue(); err != nil {
return err
}
bytes := x[:]
if err := dec.DecodeBytes(16, &bytes); err != nil {
return err
}
return dec.FinishValue()
}
// Caveat is a condition on the validity of a blessing/discharge.
//
// These conditions are provided when asking a principal to create
// a blessing/discharge and are verified when extracting blessings
// (Blessings.ForName in the Go API).
//
// Given a Hash, the message digest of a caveat is:
// Hash(Hash(Id), Hash(ParamVom))
type Caveat struct {
Id uniqueid.Id // The identifier of the caveat validation function.
ParamVom []byte // VOM-encoded bytes of the parameters to be provided to the validation function.
}
func (Caveat) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.Caveat"`
}) {
}
func (m *Caveat) FillVDLTarget(t vdl.Target, tt *vdl.Type) error {
fieldsTarget1, err := t.StartFields(tt)
if err != nil {
return err
}
var4 := (m.Id == uniqueid.Id{})
if var4 {
if err := fieldsTarget1.ZeroField("Id"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("Id")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
if err := m.Id.FillVDLTarget(fieldTarget3, tt.NonOptional().Field(0).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil {
return err
}
}
}
var var7 bool
if len(m.ParamVom) == 0 {
var7 = true
}
if var7 {
if err := fieldsTarget1.ZeroField("ParamVom"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget5, fieldTarget6, err := fieldsTarget1.StartField("ParamVom")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
if err := fieldTarget6.FromBytes([]byte(m.ParamVom), tt.NonOptional().Field(1).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget5, fieldTarget6); err != nil {
return err
}
}
}
if err := t.FinishFields(fieldsTarget1); err != nil {
return err
}
return nil
}
func (m *Caveat) MakeVDLTarget() vdl.Target {
return &CaveatTarget{Value: m}
}
type CaveatTarget struct {
Value *Caveat
idTarget uniqueid.IdTarget
paramVomTarget vdl.BytesTarget
vdl.TargetBase
vdl.FieldsTargetBase
}
func (t *CaveatTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) {
if ttWant := vdl.TypeOf((*Caveat)(nil)).Elem(); !vdl.Compatible(tt, ttWant) {
return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant)
}
return t, nil
}
func (t *CaveatTarget) StartField(name string) (key, field vdl.Target, _ error) {
switch name {
case "Id":
t.idTarget.Value = &t.Value.Id
target, err := &t.idTarget, error(nil)
return nil, target, err
case "ParamVom":
t.paramVomTarget.Value = &t.Value.ParamVom
target, err := &t.paramVomTarget, error(nil)
return nil, target, err
default:
return nil, nil, vdl.ErrFieldNoExist
}
}
func (t *CaveatTarget) FinishField(_, _ vdl.Target) error {
return nil
}
func (t *CaveatTarget) ZeroField(name string) error {
switch name {
case "Id":
t.Value.Id = uniqueid.Id{}
return nil
case "ParamVom":
t.Value.ParamVom = []byte(nil)
return nil
default:
return vdl.ErrFieldNoExist
}
}
func (t *CaveatTarget) FinishFields(_ vdl.FieldsTarget) error {
return nil
}
func (x Caveat) VDLIsZero() bool {
if x.Id != (uniqueid.Id{}) {
return false
}
if len(x.ParamVom) != 0 {
return false
}
return true
}
func (x Caveat) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(vdl.TypeOf((*Caveat)(nil)).Elem()); err != nil {
return err
}
if x.Id != (uniqueid.Id{}) {
if err := enc.NextField("Id"); err != nil {
return err
}
if err := x.Id.VDLWrite(enc); err != nil {
return err
}
}
if len(x.ParamVom) != 0 {
if err := enc.NextField("ParamVom"); err != nil {
return err
}
if err := enc.StartValue(vdl.TypeOf((*[]byte)(nil))); err != nil {
return err
}
if err := enc.EncodeBytes(x.ParamVom); err != nil {
return err
}
if err := enc.FinishValue(); err != nil {
return err
}
}
if err := enc.NextField(""); err != nil {
return err
}
return enc.FinishValue()
}
func (x *Caveat) VDLRead(dec vdl.Decoder) error {
*x = Caveat{}
if err := dec.StartValue(); err != nil {
return err
}
if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) {
return fmt.Errorf("incompatible struct %T, from %v", *x, dec.Type())
}
for {
f, err := dec.NextField()
if err != nil {
return err
}
switch f {
case "":
return dec.FinishValue()
case "Id":
if err := x.Id.VDLRead(dec); err != nil {
return err
}
case "ParamVom":
if err := dec.StartValue(); err != nil {
return err
}
if err := dec.DecodeBytes(-1, &x.ParamVom); err != nil {
return err
}
if err := dec.FinishValue(); err != nil {
return err
}
default:
if err := dec.SkipValue(); err != nil {
return err
}
}
}
}
// ThirdPartyRequirements specifies the information required by the third-party
// that will issue discharges for third-party caveats.
//
// These requirements are typically used to construct a DischargeImpetus, which
// will be sent to the third-party.
type ThirdPartyRequirements struct {
ReportServer bool // The blessings presented by the server of an IPC call.
ReportMethod bool // The name of the method being invoked.
ReportArguments bool // Arguments to the method being invoked.
}
func (ThirdPartyRequirements) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.ThirdPartyRequirements"`
}) {
}
func (m *ThirdPartyRequirements) FillVDLTarget(t vdl.Target, tt *vdl.Type) error {
fieldsTarget1, err := t.StartFields(tt)
if err != nil {
return err
}
var4 := (m.ReportServer == false)
if var4 {
if err := fieldsTarget1.ZeroField("ReportServer"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("ReportServer")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
if err := fieldTarget3.FromBool(bool(m.ReportServer), tt.NonOptional().Field(0).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil {
return err
}
}
}
var7 := (m.ReportMethod == false)
if var7 {
if err := fieldsTarget1.ZeroField("ReportMethod"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget5, fieldTarget6, err := fieldsTarget1.StartField("ReportMethod")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
if err := fieldTarget6.FromBool(bool(m.ReportMethod), tt.NonOptional().Field(1).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget5, fieldTarget6); err != nil {
return err
}
}
}
var10 := (m.ReportArguments == false)
if var10 {
if err := fieldsTarget1.ZeroField("ReportArguments"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget8, fieldTarget9, err := fieldsTarget1.StartField("ReportArguments")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
if err := fieldTarget9.FromBool(bool(m.ReportArguments), tt.NonOptional().Field(2).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget8, fieldTarget9); err != nil {
return err
}
}
}
if err := t.FinishFields(fieldsTarget1); err != nil {
return err
}
return nil
}
func (m *ThirdPartyRequirements) MakeVDLTarget() vdl.Target {
return &ThirdPartyRequirementsTarget{Value: m}
}
type ThirdPartyRequirementsTarget struct {
Value *ThirdPartyRequirements
reportServerTarget vdl.BoolTarget
reportMethodTarget vdl.BoolTarget
reportArgumentsTarget vdl.BoolTarget
vdl.TargetBase
vdl.FieldsTargetBase
}
func (t *ThirdPartyRequirementsTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) {
if ttWant := vdl.TypeOf((*ThirdPartyRequirements)(nil)).Elem(); !vdl.Compatible(tt, ttWant) {
return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant)
}
return t, nil
}
func (t *ThirdPartyRequirementsTarget) StartField(name string) (key, field vdl.Target, _ error) {
switch name {
case "ReportServer":
t.reportServerTarget.Value = &t.Value.ReportServer
target, err := &t.reportServerTarget, error(nil)
return nil, target, err
case "ReportMethod":
t.reportMethodTarget.Value = &t.Value.ReportMethod
target, err := &t.reportMethodTarget, error(nil)
return nil, target, err
case "ReportArguments":
t.reportArgumentsTarget.Value = &t.Value.ReportArguments
target, err := &t.reportArgumentsTarget, error(nil)
return nil, target, err
default:
return nil, nil, vdl.ErrFieldNoExist
}
}
func (t *ThirdPartyRequirementsTarget) FinishField(_, _ vdl.Target) error {
return nil
}
func (t *ThirdPartyRequirementsTarget) ZeroField(name string) error {
switch name {
case "ReportServer":
t.Value.ReportServer = false
return nil
case "ReportMethod":
t.Value.ReportMethod = false
return nil
case "ReportArguments":
t.Value.ReportArguments = false
return nil
default:
return vdl.ErrFieldNoExist
}
}
func (t *ThirdPartyRequirementsTarget) FinishFields(_ vdl.FieldsTarget) error {
return nil
}
func (x ThirdPartyRequirements) VDLIsZero() bool {
return x == ThirdPartyRequirements{}
}
func (x ThirdPartyRequirements) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(vdl.TypeOf((*ThirdPartyRequirements)(nil)).Elem()); err != nil {
return err
}
if x.ReportServer {
if err := enc.NextField("ReportServer"); err != nil {
return err
}
if err := enc.StartValue(vdl.BoolType); err != nil {
return err
}
if err := enc.EncodeBool(x.ReportServer); err != nil {
return err
}
if err := enc.FinishValue(); err != nil {
return err
}
}
if x.ReportMethod {
if err := enc.NextField("ReportMethod"); err != nil {
return err
}
if err := enc.StartValue(vdl.BoolType); err != nil {
return err
}
if err := enc.EncodeBool(x.ReportMethod); err != nil {
return err
}
if err := enc.FinishValue(); err != nil {
return err
}
}
if x.ReportArguments {
if err := enc.NextField("ReportArguments"); err != nil {
return err
}
if err := enc.StartValue(vdl.BoolType); err != nil {
return err
}
if err := enc.EncodeBool(x.ReportArguments); err != nil {
return err
}
if err := enc.FinishValue(); err != nil {
return err
}
}
if err := enc.NextField(""); err != nil {
return err
}
return enc.FinishValue()
}
func (x *ThirdPartyRequirements) VDLRead(dec vdl.Decoder) error {
*x = ThirdPartyRequirements{}
if err := dec.StartValue(); err != nil {
return err
}
if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) {
return fmt.Errorf("incompatible struct %T, from %v", *x, dec.Type())
}
for {
f, err := dec.NextField()
if err != nil {
return err
}
switch f {
case "":
return dec.FinishValue()
case "ReportServer":
if err := dec.StartValue(); err != nil {
return err
}
var err error
if x.ReportServer, err = dec.DecodeBool(); err != nil {
return err
}
if err := dec.FinishValue(); err != nil {
return err
}
case "ReportMethod":
if err := dec.StartValue(); err != nil {
return err
}
var err error
if x.ReportMethod, err = dec.DecodeBool(); err != nil {
return err
}
if err := dec.FinishValue(); err != nil {
return err
}
case "ReportArguments":
if err := dec.StartValue(); err != nil {
return err
}
var err error
if x.ReportArguments, err = dec.DecodeBool(); err != nil {
return err
}
if err := dec.FinishValue(); err != nil {
return err
}
default:
if err := dec.SkipValue(); err != nil {
return err
}
}
}
}
// publicKeyThirdPartyCaveatParam represents a third-party caveat that requires
// PublicKeyDischarge(s) to be issued by a principal identified by a public key.
//
// The Id of the caveat is base64-encoded:
// hash(hash(Nonce), hash(DischargerKey), hash(Caveats[0]), hash(Caveats[1]), ...)
// where hash is a cryptographic hash function with a security strength
// equivalent to that of the DischargerKey. For example, if DischargerKey
// represents an ECDSA public key with the P384 curve, then hash should be
// SHA384.
type publicKeyThirdPartyCaveatParam struct {
// Nonce specifies a cryptographically random nonce associated with an
// instance of the caveat. This prevents discharge replays, where
// discharges for ThirdPartyCaveats embedded in the certificates for
// one blessing can be used for another blessing.
//
// Whether discharge re-use is a desired or un-desired property is
// still under debate. Till the debate is settled, we err on the side
// of discouraging re-use.
Nonce nonce
// Caveats specifies the caveats that have to be validated
// before minting a discharge for a publicKeyCaveat.
Caveats []Caveat
// DER-encoded PKIX public key of the principal that can issue discharges.
DischargerKey []byte
// Object name where the third-party that can issue discharges can be found.
DischargerLocation string
// Information required by the third-party in order to issue a discharge.
DischargerRequirements ThirdPartyRequirements
}
func (publicKeyThirdPartyCaveatParam) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.publicKeyThirdPartyCaveatParam"`
}) {
}
func (m *publicKeyThirdPartyCaveatParam) FillVDLTarget(t vdl.Target, tt *vdl.Type) error {
fieldsTarget1, err := t.StartFields(tt)
if err != nil {
return err
}
var4 := (m.Nonce == nonce{})
if var4 {
if err := fieldsTarget1.ZeroField("Nonce"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("Nonce")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
if err := m.Nonce.FillVDLTarget(fieldTarget3, tt.NonOptional().Field(0).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil {
return err
}
}
}
var var7 bool
if len(m.Caveats) == 0 {
var7 = true
}
if var7 {
if err := fieldsTarget1.ZeroField("Caveats"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget5, fieldTarget6, err := fieldsTarget1.StartField("Caveats")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
listTarget8, err := fieldTarget6.StartList(tt.NonOptional().Field(1).Type, len(m.Caveats))
if err != nil {
return err
}
for i, elem10 := range m.Caveats {
elemTarget9, err := listTarget8.StartElem(i)
if err != nil {
return err
}
if err := elem10.FillVDLTarget(elemTarget9, tt.NonOptional().Field(1).Type.Elem()); err != nil {
return err
}
if err := listTarget8.FinishElem(elemTarget9); err != nil {
return err
}
}
if err := fieldTarget6.FinishList(listTarget8); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget5, fieldTarget6); err != nil {
return err
}
}
}
var var13 bool
if len(m.DischargerKey) == 0 {
var13 = true
}
if var13 {
if err := fieldsTarget1.ZeroField("DischargerKey"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget11, fieldTarget12, err := fieldsTarget1.StartField("DischargerKey")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
if err := fieldTarget12.FromBytes([]byte(m.DischargerKey), tt.NonOptional().Field(2).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget11, fieldTarget12); err != nil {
return err
}
}
}
var16 := (m.DischargerLocation == "")
if var16 {
if err := fieldsTarget1.ZeroField("DischargerLocation"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget14, fieldTarget15, err := fieldsTarget1.StartField("DischargerLocation")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
if err := fieldTarget15.FromString(string(m.DischargerLocation), tt.NonOptional().Field(3).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget14, fieldTarget15); err != nil {
return err
}
}
}
var19 := (m.DischargerRequirements == ThirdPartyRequirements{})
if var19 {
if err := fieldsTarget1.ZeroField("DischargerRequirements"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget17, fieldTarget18, err := fieldsTarget1.StartField("DischargerRequirements")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
if err := m.DischargerRequirements.FillVDLTarget(fieldTarget18, tt.NonOptional().Field(4).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget17, fieldTarget18); err != nil {
return err
}
}
}
if err := t.FinishFields(fieldsTarget1); err != nil {
return err
}
return nil
}
func (m *publicKeyThirdPartyCaveatParam) MakeVDLTarget() vdl.Target {
return &publicKeyThirdPartyCaveatParamTarget{Value: m}
}
type publicKeyThirdPartyCaveatParamTarget struct {
Value *publicKeyThirdPartyCaveatParam
nonceTarget nonceTarget
caveatsTarget __VDLTarget1_list
dischargerKeyTarget vdl.BytesTarget
dischargerLocationTarget vdl.StringTarget
dischargerRequirementsTarget ThirdPartyRequirementsTarget
vdl.TargetBase
vdl.FieldsTargetBase
}
func (t *publicKeyThirdPartyCaveatParamTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) {
if ttWant := vdl.TypeOf((*publicKeyThirdPartyCaveatParam)(nil)).Elem(); !vdl.Compatible(tt, ttWant) {
return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant)
}
return t, nil
}
func (t *publicKeyThirdPartyCaveatParamTarget) StartField(name string) (key, field vdl.Target, _ error) {
switch name {
case "Nonce":
t.nonceTarget.Value = &t.Value.Nonce
target, err := &t.nonceTarget, error(nil)
return nil, target, err
case "Caveats":
t.caveatsTarget.Value = &t.Value.Caveats
target, err := &t.caveatsTarget, error(nil)
return nil, target, err
case "DischargerKey":
t.dischargerKeyTarget.Value = &t.Value.DischargerKey
target, err := &t.dischargerKeyTarget, error(nil)
return nil, target, err
case "DischargerLocation":
t.dischargerLocationTarget.Value = &t.Value.DischargerLocation
target, err := &t.dischargerLocationTarget, error(nil)
return nil, target, err
case "DischargerRequirements":
t.dischargerRequirementsTarget.Value = &t.Value.DischargerRequirements
target, err := &t.dischargerRequirementsTarget, error(nil)
return nil, target, err
default:
return nil, nil, vdl.ErrFieldNoExist
}
}
func (t *publicKeyThirdPartyCaveatParamTarget) FinishField(_, _ vdl.Target) error {
return nil
}
func (t *publicKeyThirdPartyCaveatParamTarget) ZeroField(name string) error {
switch name {
case "Nonce":
t.Value.Nonce = nonce{}
return nil
case "Caveats":
t.Value.Caveats = []Caveat(nil)
return nil
case "DischargerKey":
t.Value.DischargerKey = []byte(nil)
return nil
case "DischargerLocation":
t.Value.DischargerLocation = ""
return nil
case "DischargerRequirements":
t.Value.DischargerRequirements = ThirdPartyRequirements{}
return nil
default:
return vdl.ErrFieldNoExist
}
}
func (t *publicKeyThirdPartyCaveatParamTarget) FinishFields(_ vdl.FieldsTarget) error {
return nil
}
// []Caveat
type __VDLTarget1_list struct {
Value *[]Caveat
elemTarget CaveatTarget
vdl.TargetBase
vdl.ListTargetBase
}
func (t *__VDLTarget1_list) StartList(tt *vdl.Type, len int) (vdl.ListTarget, error) {
if ttWant := vdl.TypeOf((*[]Caveat)(nil)); !vdl.Compatible(tt, ttWant) {
return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant)
}
if cap(*t.Value) < len {
*t.Value = make([]Caveat, len)
} else {
*t.Value = (*t.Value)[:len]
}
return t, nil
}
func (t *__VDLTarget1_list) StartElem(index int) (elem vdl.Target, _ error) {
t.elemTarget.Value = &(*t.Value)[index]
target, err := &t.elemTarget, error(nil)
return target, err
}
func (t *__VDLTarget1_list) FinishElem(elem vdl.Target) error {
return nil
}
func (t *__VDLTarget1_list) FinishList(elem vdl.ListTarget) error {
return nil
}
func (x publicKeyThirdPartyCaveatParam) VDLIsZero() bool {
if x.Nonce != (nonce{}) {
return false
}
if len(x.Caveats) != 0 {
return false
}
if len(x.DischargerKey) != 0 {
return false
}
if x.DischargerLocation != "" {
return false
}
if x.DischargerRequirements != (ThirdPartyRequirements{}) {
return false
}
return true
}
func (x publicKeyThirdPartyCaveatParam) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(vdl.TypeOf((*publicKeyThirdPartyCaveatParam)(nil)).Elem()); err != nil {
return err
}
if x.Nonce != (nonce{}) {
if err := enc.NextField("Nonce"); err != nil {
return err
}
if err := x.Nonce.VDLWrite(enc); err != nil {
return err
}
}
if len(x.Caveats) != 0 {
if err := enc.NextField("Caveats"); err != nil {
return err
}
if err := __VDLWriteAnon_list_1(enc, x.Caveats); err != nil {
return err
}
}
if len(x.DischargerKey) != 0 {
if err := enc.NextField("DischargerKey"); err != nil {
return err
}
if err := enc.StartValue(vdl.TypeOf((*[]byte)(nil))); err != nil {
return err
}
if err := enc.EncodeBytes(x.DischargerKey); err != nil {
return err
}
if err := enc.FinishValue(); err != nil {
return err
}
}
if x.DischargerLocation != "" {
if err := enc.NextField("DischargerLocation"); err != nil {
return err
}
if err := enc.StartValue(vdl.StringType); err != nil {
return err
}
if err := enc.EncodeString(x.DischargerLocation); err != nil {
return err
}
if err := enc.FinishValue(); err != nil {
return err
}
}
if x.DischargerRequirements != (ThirdPartyRequirements{}) {
if err := enc.NextField("DischargerRequirements"); err != nil {
return err
}
if err := x.DischargerRequirements.VDLWrite(enc); err != nil {
return err
}
}
if err := enc.NextField(""); err != nil {
return err
}
return enc.FinishValue()
}
func __VDLWriteAnon_list_1(enc vdl.Encoder, x []Caveat) error {
if err := enc.StartValue(vdl.TypeOf((*[]Caveat)(nil))); err != nil {
return err
}
if err := enc.SetLenHint(len(x)); err != nil {
return err
}
for i := 0; i < len(x); i++ {
if err := enc.NextEntry(false); err != nil {
return err
}
if err := x[i].VDLWrite(enc); err != nil {
return err
}
}
if err := enc.NextEntry(true); err != nil {
return err
}
return enc.FinishValue()
}
func (x *publicKeyThirdPartyCaveatParam) VDLRead(dec vdl.Decoder) error {
*x = publicKeyThirdPartyCaveatParam{}
if err := dec.StartValue(); err != nil {
return err
}
if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) {
return fmt.Errorf("incompatible struct %T, from %v", *x, dec.Type())
}
for {
f, err := dec.NextField()
if err != nil {
return err
}
switch f {
case "":
return dec.FinishValue()
case "Nonce":
if err := x.Nonce.VDLRead(dec); err != nil {
return err
}
case "Caveats":
if err := __VDLReadAnon_list_1(dec, &x.Caveats); err != nil {
return err
}
case "DischargerKey":
if err := dec.StartValue(); err != nil {
return err
}
if err := dec.DecodeBytes(-1, &x.DischargerKey); err != nil {
return err
}
if err := dec.FinishValue(); err != nil {
return err
}
case "DischargerLocation":
if err := dec.StartValue(); err != nil {
return err
}
var err error
if x.DischargerLocation, err = dec.DecodeString(); err != nil {
return err
}
if err := dec.FinishValue(); err != nil {
return err
}
case "DischargerRequirements":
if err := x.DischargerRequirements.VDLRead(dec); err != nil {
return err
}
default:
if err := dec.SkipValue(); err != nil {
return err
}
}
}
}
func __VDLReadAnon_list_1(dec vdl.Decoder, x *[]Caveat) error {
if err := dec.StartValue(); err != nil {
return err
}
if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) {
return fmt.Errorf("incompatible list %T, from %v", *x, dec.Type())
}
switch len := dec.LenHint(); {
case len > 0:
*x = make([]Caveat, 0, len)
default:
*x = nil
}
for {
switch done, err := dec.NextEntry(); {
case err != nil:
return err
case done:
return dec.FinishValue()
}
var elem Caveat
if err := elem.VDLRead(dec); err != nil {
return err
}
*x = append(*x, elem)
}
}
// Hash identifies a cryptographic hash function approved for use in signature algorithms.
type Hash string
func (Hash) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.Hash"`
}) {
}
func (m *Hash) FillVDLTarget(t vdl.Target, tt *vdl.Type) error {
if err := t.FromString(string((*m)), tt); err != nil {
return err
}
return nil
}
func (m *Hash) MakeVDLTarget() vdl.Target {
return &HashTarget{Value: m}
}
type HashTarget struct {
Value *Hash
vdl.TargetBase
}
func (t *HashTarget) FromString(src string, tt *vdl.Type) error {
if ttWant := vdl.TypeOf((*Hash)(nil)); !vdl.Compatible(tt, ttWant) {
return fmt.Errorf("type %v incompatible with %v", tt, ttWant)
}
*t.Value = Hash(src)
return nil
}
func (x Hash) VDLIsZero() bool {
return x == ""
}
func (x Hash) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(vdl.TypeOf((*Hash)(nil))); err != nil {
return err
}
if err := enc.EncodeString(string(x)); err != nil {
return err
}
return enc.FinishValue()
}
func (x *Hash) VDLRead(dec vdl.Decoder) error {
if err := dec.StartValue(); err != nil {
return err
}
tmp, err := dec.DecodeString()
if err != nil {
return err
}
*x = Hash(tmp)
return dec.FinishValue()
}
// Signature represents a digital signature.
type Signature struct {
// Purpose of the signature. Can be used to prevent type attacks.
// (See Section 4.2 of http://www-users.cs.york.ac.uk/~jac/PublishedPapers/reviewV1_1997.pdf for example).
// The actual signature (R, S values for ECDSA keys) is produced by signing: Hash(Hash(message), Hash(Purpose)).
Purpose []byte
// Cryptographic hash function applied to the message before computing the signature.
Hash Hash
// Pair of integers that make up an ECDSA signature.
R []byte
S []byte
}
func (Signature) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.Signature"`
}) {
}
func (m *Signature) FillVDLTarget(t vdl.Target, tt *vdl.Type) error {
fieldsTarget1, err := t.StartFields(tt)
if err != nil {
return err
}
var var4 bool
if len(m.Purpose) == 0 {
var4 = true
}
if var4 {
if err := fieldsTarget1.ZeroField("Purpose"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("Purpose")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
if err := fieldTarget3.FromBytes([]byte(m.Purpose), tt.NonOptional().Field(0).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil {
return err
}
}
}
var7 := (m.Hash == Hash(""))
if var7 {
if err := fieldsTarget1.ZeroField("Hash"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget5, fieldTarget6, err := fieldsTarget1.StartField("Hash")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
if err := m.Hash.FillVDLTarget(fieldTarget6, tt.NonOptional().Field(1).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget5, fieldTarget6); err != nil {
return err
}
}
}
var var10 bool
if len(m.R) == 0 {
var10 = true
}
if var10 {
if err := fieldsTarget1.ZeroField("R"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget8, fieldTarget9, err := fieldsTarget1.StartField("R")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
if err := fieldTarget9.FromBytes([]byte(m.R), tt.NonOptional().Field(2).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget8, fieldTarget9); err != nil {
return err
}
}
}
var var13 bool
if len(m.S) == 0 {
var13 = true
}
if var13 {
if err := fieldsTarget1.ZeroField("S"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget11, fieldTarget12, err := fieldsTarget1.StartField("S")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
if err := fieldTarget12.FromBytes([]byte(m.S), tt.NonOptional().Field(3).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget11, fieldTarget12); err != nil {
return err
}
}
}
if err := t.FinishFields(fieldsTarget1); err != nil {
return err
}
return nil
}
func (m *Signature) MakeVDLTarget() vdl.Target {
return &SignatureTarget{Value: m}
}
type SignatureTarget struct {
Value *Signature
purposeTarget vdl.BytesTarget
hashTarget HashTarget
rTarget vdl.BytesTarget
sTarget vdl.BytesTarget
vdl.TargetBase
vdl.FieldsTargetBase
}
func (t *SignatureTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) {
if ttWant := vdl.TypeOf((*Signature)(nil)).Elem(); !vdl.Compatible(tt, ttWant) {
return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant)
}
return t, nil
}
func (t *SignatureTarget) StartField(name string) (key, field vdl.Target, _ error) {
switch name {
case "Purpose":
t.purposeTarget.Value = &t.Value.Purpose
target, err := &t.purposeTarget, error(nil)
return nil, target, err
case "Hash":
t.hashTarget.Value = &t.Value.Hash
target, err := &t.hashTarget, error(nil)
return nil, target, err
case "R":
t.rTarget.Value = &t.Value.R
target, err := &t.rTarget, error(nil)
return nil, target, err
case "S":
t.sTarget.Value = &t.Value.S
target, err := &t.sTarget, error(nil)
return nil, target, err
default:
return nil, nil, vdl.ErrFieldNoExist
}
}
func (t *SignatureTarget) FinishField(_, _ vdl.Target) error {
return nil
}
func (t *SignatureTarget) ZeroField(name string) error {
switch name {
case "Purpose":
t.Value.Purpose = []byte(nil)
return nil
case "Hash":
t.Value.Hash = Hash("")
return nil
case "R":
t.Value.R = []byte(nil)
return nil
case "S":
t.Value.S = []byte(nil)
return nil
default:
return vdl.ErrFieldNoExist
}
}
func (t *SignatureTarget) FinishFields(_ vdl.FieldsTarget) error {
return nil
}
func (x Signature) VDLIsZero() bool {
if len(x.Purpose) != 0 {
return false
}
if x.Hash != "" {
return false
}
if len(x.R) != 0 {
return false
}
if len(x.S) != 0 {
return false
}
return true
}
func (x Signature) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(vdl.TypeOf((*Signature)(nil)).Elem()); err != nil {
return err
}
if len(x.Purpose) != 0 {
if err := enc.NextField("Purpose"); err != nil {
return err
}
if err := enc.StartValue(vdl.TypeOf((*[]byte)(nil))); err != nil {
return err
}
if err := enc.EncodeBytes(x.Purpose); err != nil {
return err
}
if err := enc.FinishValue(); err != nil {
return err
}
}
if x.Hash != "" {
if err := enc.NextField("Hash"); err != nil {
return err
}
if err := x.Hash.VDLWrite(enc); err != nil {
return err
}
}
if len(x.R) != 0 {
if err := enc.NextField("R"); err != nil {
return err
}
if err := enc.StartValue(vdl.TypeOf((*[]byte)(nil))); err != nil {
return err
}
if err := enc.EncodeBytes(x.R); err != nil {
return err
}
if err := enc.FinishValue(); err != nil {
return err
}
}
if len(x.S) != 0 {
if err := enc.NextField("S"); err != nil {
return err
}
if err := enc.StartValue(vdl.TypeOf((*[]byte)(nil))); err != nil {
return err
}
if err := enc.EncodeBytes(x.S); err != nil {
return err
}
if err := enc.FinishValue(); err != nil {
return err
}
}
if err := enc.NextField(""); err != nil {
return err
}
return enc.FinishValue()
}
func (x *Signature) VDLRead(dec vdl.Decoder) error {
*x = Signature{}
if err := dec.StartValue(); err != nil {
return err
}
if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) {
return fmt.Errorf("incompatible struct %T, from %v", *x, dec.Type())
}
for {
f, err := dec.NextField()
if err != nil {
return err
}
switch f {
case "":
return dec.FinishValue()
case "Purpose":
if err := dec.StartValue(); err != nil {
return err
}
if err := dec.DecodeBytes(-1, &x.Purpose); err != nil {
return err
}
if err := dec.FinishValue(); err != nil {
return err
}
case "Hash":
if err := x.Hash.VDLRead(dec); err != nil {
return err
}
case "R":
if err := dec.StartValue(); err != nil {
return err
}
if err := dec.DecodeBytes(-1, &x.R); err != nil {
return err
}
if err := dec.FinishValue(); err != nil {
return err
}
case "S":
if err := dec.StartValue(); err != nil {
return err
}
if err := dec.DecodeBytes(-1, &x.S); err != nil {
return err
}
if err := dec.FinishValue(); err != nil {
return err
}
default:
if err := dec.SkipValue(); err != nil {
return err
}
}
}
}
// PublicKeyDischarge represents a discharge for third party caveats that
// require a signature from a third-party's public key.
//
// The message digest of this structure is computed as follows:
// hash(hash(ThirdPartyCaveatId), hash(Caveats[0]), hash(Caveats[1]), ...),
// where hash is a cryptographic hash function with a security strength
// equivalent to the strength of the public key of the principal issuing the
// discharge.
type PublicKeyDischarge struct {
ThirdPartyCaveatId string // Id of the third party caveat for which this discharge was issued.
Caveats []Caveat // Caveats on the use of this discharge.
Signature Signature // Signature of the content hash of this discharge by the discharger.
}
func (PublicKeyDischarge) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.PublicKeyDischarge"`
}) {
}
func (m *PublicKeyDischarge) FillVDLTarget(t vdl.Target, tt *vdl.Type) error {
fieldsTarget1, err := t.StartFields(tt)
if err != nil {
return err
}
var4 := (m.ThirdPartyCaveatId == "")
if var4 {
if err := fieldsTarget1.ZeroField("ThirdPartyCaveatId"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("ThirdPartyCaveatId")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
if err := fieldTarget3.FromString(string(m.ThirdPartyCaveatId), tt.NonOptional().Field(0).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil {
return err
}
}
}
var var7 bool
if len(m.Caveats) == 0 {
var7 = true
}
if var7 {
if err := fieldsTarget1.ZeroField("Caveats"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget5, fieldTarget6, err := fieldsTarget1.StartField("Caveats")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
listTarget8, err := fieldTarget6.StartList(tt.NonOptional().Field(1).Type, len(m.Caveats))
if err != nil {
return err
}
for i, elem10 := range m.Caveats {
elemTarget9, err := listTarget8.StartElem(i)
if err != nil {
return err
}
if err := elem10.FillVDLTarget(elemTarget9, tt.NonOptional().Field(1).Type.Elem()); err != nil {
return err
}
if err := listTarget8.FinishElem(elemTarget9); err != nil {
return err
}
}
if err := fieldTarget6.FinishList(listTarget8); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget5, fieldTarget6); err != nil {
return err
}
}
}
var13 := true
var var14 bool
if len(m.Signature.Purpose) == 0 {
var14 = true
}
var13 = var13 && var14
var15 := (m.Signature.Hash == Hash(""))
var13 = var13 && var15
var var16 bool
if len(m.Signature.R) == 0 {
var16 = true
}
var13 = var13 && var16
var var17 bool
if len(m.Signature.S) == 0 {
var17 = true
}
var13 = var13 && var17
if var13 {
if err := fieldsTarget1.ZeroField("Signature"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget11, fieldTarget12, err := fieldsTarget1.StartField("Signature")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
if err := m.Signature.FillVDLTarget(fieldTarget12, tt.NonOptional().Field(2).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget11, fieldTarget12); err != nil {
return err
}
}
}
if err := t.FinishFields(fieldsTarget1); err != nil {
return err
}
return nil
}
func (m *PublicKeyDischarge) MakeVDLTarget() vdl.Target {
return &PublicKeyDischargeTarget{Value: m}
}
type PublicKeyDischargeTarget struct {
Value *PublicKeyDischarge
thirdPartyCaveatIdTarget vdl.StringTarget
caveatsTarget __VDLTarget1_list
signatureTarget SignatureTarget
vdl.TargetBase
vdl.FieldsTargetBase
}
func (t *PublicKeyDischargeTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) {
if ttWant := vdl.TypeOf((*PublicKeyDischarge)(nil)).Elem(); !vdl.Compatible(tt, ttWant) {
return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant)
}
return t, nil
}
func (t *PublicKeyDischargeTarget) StartField(name string) (key, field vdl.Target, _ error) {
switch name {
case "ThirdPartyCaveatId":
t.thirdPartyCaveatIdTarget.Value = &t.Value.ThirdPartyCaveatId
target, err := &t.thirdPartyCaveatIdTarget, error(nil)
return nil, target, err
case "Caveats":
t.caveatsTarget.Value = &t.Value.Caveats
target, err := &t.caveatsTarget, error(nil)
return nil, target, err
case "Signature":
t.signatureTarget.Value = &t.Value.Signature
target, err := &t.signatureTarget, error(nil)
return nil, target, err
default:
return nil, nil, vdl.ErrFieldNoExist
}
}
func (t *PublicKeyDischargeTarget) FinishField(_, _ vdl.Target) error {
return nil
}
func (t *PublicKeyDischargeTarget) ZeroField(name string) error {
switch name {
case "ThirdPartyCaveatId":
t.Value.ThirdPartyCaveatId = ""
return nil
case "Caveats":
t.Value.Caveats = []Caveat(nil)
return nil
case "Signature":
t.Value.Signature = Signature{}
return nil
default:
return vdl.ErrFieldNoExist
}
}
func (t *PublicKeyDischargeTarget) FinishFields(_ vdl.FieldsTarget) error {
return nil
}
func (x PublicKeyDischarge) VDLIsZero() bool {
if x.ThirdPartyCaveatId != "" {
return false
}
if len(x.Caveats) != 0 {
return false
}
if !x.Signature.VDLIsZero() {
return false
}
return true
}
func (x PublicKeyDischarge) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(vdl.TypeOf((*PublicKeyDischarge)(nil)).Elem()); err != nil {
return err
}
if x.ThirdPartyCaveatId != "" {
if err := enc.NextField("ThirdPartyCaveatId"); err != nil {
return err
}
if err := enc.StartValue(vdl.StringType); err != nil {
return err
}
if err := enc.EncodeString(x.ThirdPartyCaveatId); err != nil {
return err
}
if err := enc.FinishValue(); err != nil {
return err
}
}
if len(x.Caveats) != 0 {
if err := enc.NextField("Caveats"); err != nil {
return err
}
if err := __VDLWriteAnon_list_1(enc, x.Caveats); err != nil {
return err
}
}
if !x.Signature.VDLIsZero() {
if err := enc.NextField("Signature"); err != nil {
return err
}
if err := x.Signature.VDLWrite(enc); err != nil {
return err
}
}
if err := enc.NextField(""); err != nil {
return err
}
return enc.FinishValue()
}
func (x *PublicKeyDischarge) VDLRead(dec vdl.Decoder) error {
*x = PublicKeyDischarge{}
if err := dec.StartValue(); err != nil {
return err
}
if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) {
return fmt.Errorf("incompatible struct %T, from %v", *x, dec.Type())
}
for {
f, err := dec.NextField()
if err != nil {
return err
}
switch f {
case "":
return dec.FinishValue()
case "ThirdPartyCaveatId":
if err := dec.StartValue(); err != nil {
return err
}
var err error
if x.ThirdPartyCaveatId, err = dec.DecodeString(); err != nil {
return err
}
if err := dec.FinishValue(); err != nil {
return err
}
case "Caveats":
if err := __VDLReadAnon_list_1(dec, &x.Caveats); err != nil {
return err
}
case "Signature":
if err := x.Signature.VDLRead(dec); err != nil {
return err
}
default:
if err := dec.SkipValue(); err != nil {
return err
}
}
}
}
// BlessingPattern is a pattern that is matched by specific blessings.
//
// A pattern can either be a blessing (slash-separated human-readable string)
// or a blessing ending in "/$". A pattern ending in "/$" is matched exactly
// by the blessing specified by the pattern string with the "/$" suffix stripped
// out. For example, the pattern "a/b/c/$" is matched by exactly by the blessing
// "a/b/c".
//
// A pattern not ending in "/$" is more permissive, and is also matched by blessings
// that are extensions of the pattern (including the pattern itself). For example, the
// pattern "a/b/c" is matched by the blessings "a/b/c", "a/b/c/x", "a/b/c/x/y", etc.
//
// TODO(ataly, ashankar): Define a formal BNF grammar for blessings and blessing patterns.
type BlessingPattern string
func (BlessingPattern) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.BlessingPattern"`
}) {
}
func (m *BlessingPattern) FillVDLTarget(t vdl.Target, tt *vdl.Type) error {
if err := t.FromString(string((*m)), tt); err != nil {
return err
}
return nil
}
func (m *BlessingPattern) MakeVDLTarget() vdl.Target {
return &BlessingPatternTarget{Value: m}
}
type BlessingPatternTarget struct {
Value *BlessingPattern
vdl.TargetBase
}
func (t *BlessingPatternTarget) FromString(src string, tt *vdl.Type) error {
if ttWant := vdl.TypeOf((*BlessingPattern)(nil)); !vdl.Compatible(tt, ttWant) {
return fmt.Errorf("type %v incompatible with %v", tt, ttWant)
}
*t.Value = BlessingPattern(src)
return nil
}
func (x BlessingPattern) VDLIsZero() bool {
return x == ""
}
func (x BlessingPattern) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(vdl.TypeOf((*BlessingPattern)(nil))); err != nil {
return err
}
if err := enc.EncodeString(string(x)); err != nil {
return err
}
return enc.FinishValue()
}
func (x *BlessingPattern) VDLRead(dec vdl.Decoder) error {
if err := dec.StartValue(); err != nil {
return err
}
tmp, err := dec.DecodeString()
if err != nil {
return err
}
*x = BlessingPattern(tmp)
return dec.FinishValue()
}
// DischargeImpetus encapsulates the motivation for a discharge being sought.
//
// These values are reported by a principal that is requesting a Discharge for
// a third-party caveat on one of its blessings. The third-party issues
// discharges cannot safely assume that all these values are provided, or that
// they are provided honestly.
//
// Implementations of services that issue discharges are encouraged to add
// caveats to the discharge that bind the discharge to the impetus, thereby
// rendering the discharge unsuable for any other purpose.
type DischargeImpetus struct {
Server []BlessingPattern // The client intends to use the discharge to communicate with a server that has a blessing matching one of the patterns in this set.
Method string // Name of the method being invoked by the client.
Arguments []*vom.RawBytes // Arguments to the method invocation.
}
func (DischargeImpetus) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.DischargeImpetus"`
}) {
}
func (m *DischargeImpetus) FillVDLTarget(t vdl.Target, tt *vdl.Type) error {
fieldsTarget1, err := t.StartFields(tt)
if err != nil {
return err
}
var var4 bool
if len(m.Server) == 0 {
var4 = true
}
if var4 {
if err := fieldsTarget1.ZeroField("Server"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("Server")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
listTarget5, err := fieldTarget3.StartList(tt.NonOptional().Field(0).Type, len(m.Server))
if err != nil {
return err
}
for i, elem7 := range m.Server {
elemTarget6, err := listTarget5.StartElem(i)
if err != nil {
return err
}
if err := elem7.FillVDLTarget(elemTarget6, tt.NonOptional().Field(0).Type.Elem()); err != nil {
return err
}
if err := listTarget5.FinishElem(elemTarget6); err != nil {
return err
}
}
if err := fieldTarget3.FinishList(listTarget5); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil {
return err
}
}
}
var10 := (m.Method == "")
if var10 {
if err := fieldsTarget1.ZeroField("Method"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget8, fieldTarget9, err := fieldsTarget1.StartField("Method")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
if err := fieldTarget9.FromString(string(m.Method), tt.NonOptional().Field(1).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget8, fieldTarget9); err != nil {
return err
}
}
}
var var13 bool
if len(m.Arguments) == 0 {
var13 = true
}
if var13 {
if err := fieldsTarget1.ZeroField("Arguments"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget11, fieldTarget12, err := fieldsTarget1.StartField("Arguments")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
listTarget14, err := fieldTarget12.StartList(tt.NonOptional().Field(2).Type, len(m.Arguments))
if err != nil {
return err
}
for i, elem16 := range m.Arguments {
elemTarget15, err := listTarget14.StartElem(i)
if err != nil {
return err
}
if err := elem16.FillVDLTarget(elemTarget15, tt.NonOptional().Field(2).Type.Elem()); err != nil {
return err
}
if err := listTarget14.FinishElem(elemTarget15); err != nil {
return err
}
}
if err := fieldTarget12.FinishList(listTarget14); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget11, fieldTarget12); err != nil {
return err
}
}
}
if err := t.FinishFields(fieldsTarget1); err != nil {
return err
}
return nil
}
func (m *DischargeImpetus) MakeVDLTarget() vdl.Target {
return &DischargeImpetusTarget{Value: m}
}
type DischargeImpetusTarget struct {
Value *DischargeImpetus
serverTarget __VDLTarget2_list
methodTarget vdl.StringTarget
argumentsTarget __VDLTarget3_list
vdl.TargetBase
vdl.FieldsTargetBase
}
func (t *DischargeImpetusTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) {
if ttWant := vdl.TypeOf((*DischargeImpetus)(nil)).Elem(); !vdl.Compatible(tt, ttWant) {
return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant)
}
return t, nil
}
func (t *DischargeImpetusTarget) StartField(name string) (key, field vdl.Target, _ error) {
switch name {
case "Server":
t.serverTarget.Value = &t.Value.Server
target, err := &t.serverTarget, error(nil)
return nil, target, err
case "Method":
t.methodTarget.Value = &t.Value.Method
target, err := &t.methodTarget, error(nil)
return nil, target, err
case "Arguments":
t.argumentsTarget.Value = &t.Value.Arguments
target, err := &t.argumentsTarget, error(nil)
return nil, target, err
default:
return nil, nil, vdl.ErrFieldNoExist
}
}
func (t *DischargeImpetusTarget) FinishField(_, _ vdl.Target) error {
return nil
}
func (t *DischargeImpetusTarget) ZeroField(name string) error {
switch name {
case "Server":
t.Value.Server = []BlessingPattern(nil)
return nil
case "Method":
t.Value.Method = ""
return nil
case "Arguments":
t.Value.Arguments = []*vom.RawBytes(nil)
return nil
default:
return vdl.ErrFieldNoExist
}
}
func (t *DischargeImpetusTarget) FinishFields(_ vdl.FieldsTarget) error {
return nil
}
// []BlessingPattern
type __VDLTarget2_list struct {
Value *[]BlessingPattern
elemTarget BlessingPatternTarget
vdl.TargetBase
vdl.ListTargetBase
}
func (t *__VDLTarget2_list) StartList(tt *vdl.Type, len int) (vdl.ListTarget, error) {
if ttWant := vdl.TypeOf((*[]BlessingPattern)(nil)); !vdl.Compatible(tt, ttWant) {
return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant)
}
if cap(*t.Value) < len {
*t.Value = make([]BlessingPattern, len)
} else {
*t.Value = (*t.Value)[:len]
}
return t, nil
}
func (t *__VDLTarget2_list) StartElem(index int) (elem vdl.Target, _ error) {
t.elemTarget.Value = &(*t.Value)[index]
target, err := &t.elemTarget, error(nil)
return target, err
}
func (t *__VDLTarget2_list) FinishElem(elem vdl.Target) error {
return nil
}
func (t *__VDLTarget2_list) FinishList(elem vdl.ListTarget) error {
return nil
}
// []*vom.RawBytes
type __VDLTarget3_list struct {
Value *[]*vom.RawBytes
vdl.TargetBase
vdl.ListTargetBase
}
func (t *__VDLTarget3_list) StartList(tt *vdl.Type, len int) (vdl.ListTarget, error) {
if ttWant := vdl.TypeOf((*[]*vom.RawBytes)(nil)); !vdl.Compatible(tt, ttWant) {
return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant)
}
if cap(*t.Value) < len {
*t.Value = make([]*vom.RawBytes, len)
} else {
*t.Value = (*t.Value)[:len]
}
return t, nil
}
func (t *__VDLTarget3_list) StartElem(index int) (elem vdl.Target, _ error) {
target, err := vdl.ReflectTarget(reflect.ValueOf(&(*t.Value)[index]))
return target, err
}
func (t *__VDLTarget3_list) FinishElem(elem vdl.Target) error {
return nil
}
func (t *__VDLTarget3_list) FinishList(elem vdl.ListTarget) error {
return nil
}
func (x DischargeImpetus) VDLIsZero() bool {
if len(x.Server) != 0 {
return false
}
if x.Method != "" {
return false
}
if len(x.Arguments) != 0 {
return false
}
return true
}
func (x DischargeImpetus) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(vdl.TypeOf((*DischargeImpetus)(nil)).Elem()); err != nil {
return err
}
if len(x.Server) != 0 {
if err := enc.NextField("Server"); err != nil {
return err
}
if err := __VDLWriteAnon_list_2(enc, x.Server); err != nil {
return err
}
}
if x.Method != "" {
if err := enc.NextField("Method"); err != nil {
return err
}
if err := enc.StartValue(vdl.StringType); err != nil {
return err
}
if err := enc.EncodeString(x.Method); err != nil {
return err
}
if err := enc.FinishValue(); err != nil {
return err
}
}
if len(x.Arguments) != 0 {
if err := enc.NextField("Arguments"); err != nil {
return err
}
if err := __VDLWriteAnon_list_3(enc, x.Arguments); err != nil {
return err
}
}
if err := enc.NextField(""); err != nil {
return err
}
return enc.FinishValue()
}
func __VDLWriteAnon_list_2(enc vdl.Encoder, x []BlessingPattern) error {
if err := enc.StartValue(vdl.TypeOf((*[]BlessingPattern)(nil))); err != nil {
return err
}
if err := enc.SetLenHint(len(x)); err != nil {
return err
}
for i := 0; i < len(x); i++ {
if err := enc.NextEntry(false); err != nil {
return err
}
if err := x[i].VDLWrite(enc); err != nil {
return err
}
}
if err := enc.NextEntry(true); err != nil {
return err
}
return enc.FinishValue()
}
func __VDLWriteAnon_list_3(enc vdl.Encoder, x []*vom.RawBytes) error {
if err := enc.StartValue(vdl.TypeOf((*[]*vom.RawBytes)(nil))); err != nil {
return err
}
if err := enc.SetLenHint(len(x)); err != nil {
return err
}
for i := 0; i < len(x); i++ {
if err := enc.NextEntry(false); err != nil {
return err
}
if x[i] == nil {
if err := enc.NilValue(vdl.AnyType); err != nil {
return err
}
} else {
if err := x[i].VDLWrite(enc); err != nil {
return err
}
}
}
if err := enc.NextEntry(true); err != nil {
return err
}
return enc.FinishValue()
}
func (x *DischargeImpetus) VDLRead(dec vdl.Decoder) error {
*x = DischargeImpetus{}
if err := dec.StartValue(); err != nil {
return err
}
if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) {
return fmt.Errorf("incompatible struct %T, from %v", *x, dec.Type())
}
for {
f, err := dec.NextField()
if err != nil {
return err
}
switch f {
case "":
return dec.FinishValue()
case "Server":
if err := __VDLReadAnon_list_2(dec, &x.Server); err != nil {
return err
}
case "Method":
if err := dec.StartValue(); err != nil {
return err
}
var err error
if x.Method, err = dec.DecodeString(); err != nil {
return err
}
if err := dec.FinishValue(); err != nil {
return err
}
case "Arguments":
if err := __VDLReadAnon_list_3(dec, &x.Arguments); err != nil {
return err
}
default:
if err := dec.SkipValue(); err != nil {
return err
}
}
}
}
func __VDLReadAnon_list_2(dec vdl.Decoder, x *[]BlessingPattern) error {
if err := dec.StartValue(); err != nil {
return err
}
if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) {
return fmt.Errorf("incompatible list %T, from %v", *x, dec.Type())
}
switch len := dec.LenHint(); {
case len > 0:
*x = make([]BlessingPattern, 0, len)
default:
*x = nil
}
for {
switch done, err := dec.NextEntry(); {
case err != nil:
return err
case done:
return dec.FinishValue()
}
var elem BlessingPattern
if err := elem.VDLRead(dec); err != nil {
return err
}
*x = append(*x, elem)
}
}
func __VDLReadAnon_list_3(dec vdl.Decoder, x *[]*vom.RawBytes) error {
if err := dec.StartValue(); err != nil {
return err
}
if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) {
return fmt.Errorf("incompatible list %T, from %v", *x, dec.Type())
}
switch len := dec.LenHint(); {
case len > 0:
*x = make([]*vom.RawBytes, 0, len)
default:
*x = nil
}
for {
switch done, err := dec.NextEntry(); {
case err != nil:
return err
case done:
return dec.FinishValue()
}
var elem *vom.RawBytes
if err := elem.VDLRead(dec); err != nil {
return err
}
*x = append(*x, elem)
}
}
// Certificate represents the cryptographic proof of the binding of
// extensions of a blessing held by one principal to another (represented by
// a public key) under specific caveats.
//
// For example, if a principal P1 has a blessing "alice", then it can
// extend it with a Certificate to generate the blessing "alice/friend" for
// another principal P2.
type Certificate struct {
Extension string // Human-readable string extension bound to PublicKey.
PublicKey []byte // DER-encoded PKIX public key.
Caveats []Caveat // Caveats on the binding of Name to PublicKey.
Signature Signature // Signature by the blessing principal that binds the extension to the public key.
}
func (Certificate) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.Certificate"`
}) {
}
func (m *Certificate) FillVDLTarget(t vdl.Target, tt *vdl.Type) error {
fieldsTarget1, err := t.StartFields(tt)
if err != nil {
return err
}
var4 := (m.Extension == "")
if var4 {
if err := fieldsTarget1.ZeroField("Extension"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("Extension")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
if err := fieldTarget3.FromString(string(m.Extension), tt.NonOptional().Field(0).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil {
return err
}
}
}
var var7 bool
if len(m.PublicKey) == 0 {
var7 = true
}
if var7 {
if err := fieldsTarget1.ZeroField("PublicKey"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget5, fieldTarget6, err := fieldsTarget1.StartField("PublicKey")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
if err := fieldTarget6.FromBytes([]byte(m.PublicKey), tt.NonOptional().Field(1).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget5, fieldTarget6); err != nil {
return err
}
}
}
var var10 bool
if len(m.Caveats) == 0 {
var10 = true
}
if var10 {
if err := fieldsTarget1.ZeroField("Caveats"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget8, fieldTarget9, err := fieldsTarget1.StartField("Caveats")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
listTarget11, err := fieldTarget9.StartList(tt.NonOptional().Field(2).Type, len(m.Caveats))
if err != nil {
return err
}
for i, elem13 := range m.Caveats {
elemTarget12, err := listTarget11.StartElem(i)
if err != nil {
return err
}
if err := elem13.FillVDLTarget(elemTarget12, tt.NonOptional().Field(2).Type.Elem()); err != nil {
return err
}
if err := listTarget11.FinishElem(elemTarget12); err != nil {
return err
}
}
if err := fieldTarget9.FinishList(listTarget11); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget8, fieldTarget9); err != nil {
return err
}
}
}
var16 := true
var var17 bool
if len(m.Signature.Purpose) == 0 {
var17 = true
}
var16 = var16 && var17
var18 := (m.Signature.Hash == Hash(""))
var16 = var16 && var18
var var19 bool
if len(m.Signature.R) == 0 {
var19 = true
}
var16 = var16 && var19
var var20 bool
if len(m.Signature.S) == 0 {
var20 = true
}
var16 = var16 && var20
if var16 {
if err := fieldsTarget1.ZeroField("Signature"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget14, fieldTarget15, err := fieldsTarget1.StartField("Signature")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
if err := m.Signature.FillVDLTarget(fieldTarget15, tt.NonOptional().Field(3).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget14, fieldTarget15); err != nil {
return err
}
}
}
if err := t.FinishFields(fieldsTarget1); err != nil {
return err
}
return nil
}
func (m *Certificate) MakeVDLTarget() vdl.Target {
return &CertificateTarget{Value: m}
}
type CertificateTarget struct {
Value *Certificate
extensionTarget vdl.StringTarget
publicKeyTarget vdl.BytesTarget
caveatsTarget __VDLTarget1_list
signatureTarget SignatureTarget
vdl.TargetBase
vdl.FieldsTargetBase
}
func (t *CertificateTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) {
if ttWant := vdl.TypeOf((*Certificate)(nil)).Elem(); !vdl.Compatible(tt, ttWant) {
return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant)
}
return t, nil
}
func (t *CertificateTarget) StartField(name string) (key, field vdl.Target, _ error) {
switch name {
case "Extension":
t.extensionTarget.Value = &t.Value.Extension
target, err := &t.extensionTarget, error(nil)
return nil, target, err
case "PublicKey":
t.publicKeyTarget.Value = &t.Value.PublicKey
target, err := &t.publicKeyTarget, error(nil)
return nil, target, err
case "Caveats":
t.caveatsTarget.Value = &t.Value.Caveats
target, err := &t.caveatsTarget, error(nil)
return nil, target, err
case "Signature":
t.signatureTarget.Value = &t.Value.Signature
target, err := &t.signatureTarget, error(nil)
return nil, target, err
default:
return nil, nil, vdl.ErrFieldNoExist
}
}
func (t *CertificateTarget) FinishField(_, _ vdl.Target) error {
return nil
}
func (t *CertificateTarget) ZeroField(name string) error {
switch name {
case "Extension":
t.Value.Extension = ""
return nil
case "PublicKey":
t.Value.PublicKey = []byte(nil)
return nil
case "Caveats":
t.Value.Caveats = []Caveat(nil)
return nil
case "Signature":
t.Value.Signature = Signature{}
return nil
default:
return vdl.ErrFieldNoExist
}
}
func (t *CertificateTarget) FinishFields(_ vdl.FieldsTarget) error {
return nil
}
func (x Certificate) VDLIsZero() bool {
if x.Extension != "" {
return false
}
if len(x.PublicKey) != 0 {
return false
}
if len(x.Caveats) != 0 {
return false
}
if !x.Signature.VDLIsZero() {
return false
}
return true
}
func (x Certificate) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(vdl.TypeOf((*Certificate)(nil)).Elem()); err != nil {
return err
}
if x.Extension != "" {
if err := enc.NextField("Extension"); err != nil {
return err
}
if err := enc.StartValue(vdl.StringType); err != nil {
return err
}
if err := enc.EncodeString(x.Extension); err != nil {
return err
}
if err := enc.FinishValue(); err != nil {
return err
}
}
if len(x.PublicKey) != 0 {
if err := enc.NextField("PublicKey"); err != nil {
return err
}
if err := enc.StartValue(vdl.TypeOf((*[]byte)(nil))); err != nil {
return err
}
if err := enc.EncodeBytes(x.PublicKey); err != nil {
return err
}
if err := enc.FinishValue(); err != nil {
return err
}
}
if len(x.Caveats) != 0 {
if err := enc.NextField("Caveats"); err != nil {
return err
}
if err := __VDLWriteAnon_list_1(enc, x.Caveats); err != nil {
return err
}
}
if !x.Signature.VDLIsZero() {
if err := enc.NextField("Signature"); err != nil {
return err
}
if err := x.Signature.VDLWrite(enc); err != nil {
return err
}
}
if err := enc.NextField(""); err != nil {
return err
}
return enc.FinishValue()
}
func (x *Certificate) VDLRead(dec vdl.Decoder) error {
*x = Certificate{}
if err := dec.StartValue(); err != nil {
return err
}
if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) {
return fmt.Errorf("incompatible struct %T, from %v", *x, dec.Type())
}
for {
f, err := dec.NextField()
if err != nil {
return err
}
switch f {
case "":
return dec.FinishValue()
case "Extension":
if err := dec.StartValue(); err != nil {
return err
}
var err error
if x.Extension, err = dec.DecodeString(); err != nil {
return err
}
if err := dec.FinishValue(); err != nil {
return err
}
case "PublicKey":
if err := dec.StartValue(); err != nil {
return err
}
if err := dec.DecodeBytes(-1, &x.PublicKey); err != nil {
return err
}
if err := dec.FinishValue(); err != nil {
return err
}
case "Caveats":
if err := __VDLReadAnon_list_1(dec, &x.Caveats); err != nil {
return err
}
case "Signature":
if err := x.Signature.VDLRead(dec); err != nil {
return err
}
default:
if err := dec.SkipValue(); err != nil {
return err
}
}
}
}
// CaveatDescriptor defines an association between a caveat validation function
// (addressed by globally unique identifier) and the data needed by the
// validation function.
//
// For a validator to be invoked, a validation function must be registered with
// the validator description in the language that the function is defined in.
type CaveatDescriptor struct {
Id uniqueid.Id // The identifier of the caveat validation function.
ParamType *vdl.Type // The type of the parameter expected by the validation function.
}
func (CaveatDescriptor) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.CaveatDescriptor"`
}) {
}
func (m *CaveatDescriptor) FillVDLTarget(t vdl.Target, tt *vdl.Type) error {
fieldsTarget1, err := t.StartFields(tt)
if err != nil {
return err
}
var4 := (m.Id == uniqueid.Id{})
if var4 {
if err := fieldsTarget1.ZeroField("Id"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("Id")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
if err := m.Id.FillVDLTarget(fieldTarget3, tt.NonOptional().Field(0).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil {
return err
}
}
}
var7 := (m.ParamType == nil || m.ParamType == vdl.AnyType)
if var7 {
if err := fieldsTarget1.ZeroField("ParamType"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget5, fieldTarget6, err := fieldsTarget1.StartField("ParamType")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
typeObjectVal8 := m.ParamType
if typeObjectVal8 == nil {
typeObjectVal8 = vdl.AnyType
}
if err := fieldTarget6.FromTypeObject(typeObjectVal8); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget5, fieldTarget6); err != nil {
return err
}
}
}
if err := t.FinishFields(fieldsTarget1); err != nil {
return err
}
return nil
}
func (m *CaveatDescriptor) MakeVDLTarget() vdl.Target {
return &CaveatDescriptorTarget{Value: m}
}
type CaveatDescriptorTarget struct {
Value *CaveatDescriptor
idTarget uniqueid.IdTarget
paramTypeTarget vdl.TypeObjectTarget
vdl.TargetBase
vdl.FieldsTargetBase
}
func (t *CaveatDescriptorTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) {
if ttWant := vdl.TypeOf((*CaveatDescriptor)(nil)).Elem(); !vdl.Compatible(tt, ttWant) {
return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant)
}
return t, nil
}
func (t *CaveatDescriptorTarget) StartField(name string) (key, field vdl.Target, _ error) {
switch name {
case "Id":
t.idTarget.Value = &t.Value.Id
target, err := &t.idTarget, error(nil)
return nil, target, err
case "ParamType":
t.paramTypeTarget.Value = &t.Value.ParamType
target, err := &t.paramTypeTarget, error(nil)
return nil, target, err
default:
return nil, nil, vdl.ErrFieldNoExist
}
}
func (t *CaveatDescriptorTarget) FinishField(_, _ vdl.Target) error {
return nil
}
func (t *CaveatDescriptorTarget) ZeroField(name string) error {
switch name {
case "Id":
t.Value.Id = uniqueid.Id{}
return nil
case "ParamType":
t.Value.ParamType = vdl.AnyType
return nil
default:
return vdl.ErrFieldNoExist
}
}
func (t *CaveatDescriptorTarget) FinishFields(_ vdl.FieldsTarget) error {
return nil
}
func (x CaveatDescriptor) VDLIsZero() bool {
if x.Id != (uniqueid.Id{}) {
return false
}
if x.ParamType != nil && x.ParamType != vdl.AnyType {
return false
}
return true
}
func (x CaveatDescriptor) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(vdl.TypeOf((*CaveatDescriptor)(nil)).Elem()); err != nil {
return err
}
if x.Id != (uniqueid.Id{}) {
if err := enc.NextField("Id"); err != nil {
return err
}
if err := x.Id.VDLWrite(enc); err != nil {
return err
}
}
if x.ParamType != nil && x.ParamType != vdl.AnyType {
if err := enc.NextField("ParamType"); err != nil {
return err
}
if err := x.ParamType.VDLWrite(enc); err != nil {
return err
}
}
if err := enc.NextField(""); err != nil {
return err
}
return enc.FinishValue()
}
func (x *CaveatDescriptor) VDLRead(dec vdl.Decoder) error {
*x = CaveatDescriptor{
ParamType: vdl.AnyType,
}
if err := dec.StartValue(); err != nil {
return err
}
if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) {
return fmt.Errorf("incompatible struct %T, from %v", *x, dec.Type())
}
for {
f, err := dec.NextField()
if err != nil {
return err
}
switch f {
case "":
return dec.FinishValue()
case "Id":
if err := x.Id.VDLRead(dec); err != nil {
return err
}
case "ParamType":
if err := dec.StartValue(); err != nil {
return err
}
var err error
if x.ParamType, err = dec.DecodeTypeObject(); err != nil {
return err
}
if err := dec.FinishValue(); err != nil {
return err
}
default:
if err := dec.SkipValue(); err != nil {
return err
}
}
}
}
// WireBlessings encapsulates wire format of a set of blessings and the
// corresponding cryptographic proof that binds them to a principal
// (identified by a public key).
//
// This structure is the "wire" format for sending and receiving blessings
// in RPCs or marshaling to persistent storage. Typically, languages will
// provide a factory function that converts this wire representation to
// a more usable object to inspect and manipulate these blessings.
type WireBlessings struct {
// CertificateChains is an array of chains of certificates that bind
// a blessing to the public key in the last certificate of the chain.
CertificateChains [][]Certificate
}
func (WireBlessings) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.WireBlessings"`
}) {
}
func (m *WireBlessings) FillVDLTarget(t vdl.Target, tt *vdl.Type) error {
fieldsTarget1, err := t.StartFields(tt)
if err != nil {
return err
}
var var4 bool
if len(m.CertificateChains) == 0 {
var4 = true
}
if var4 {
if err := fieldsTarget1.ZeroField("CertificateChains"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("CertificateChains")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
listTarget5, err := fieldTarget3.StartList(tt.NonOptional().Field(0).Type, len(m.CertificateChains))
if err != nil {
return err
}
for i, elem7 := range m.CertificateChains {
elemTarget6, err := listTarget5.StartElem(i)
if err != nil {
return err
}
listTarget8, err := elemTarget6.StartList(tt.NonOptional().Field(0).Type.Elem(), len(elem7))
if err != nil {
return err
}
for i, elem10 := range elem7 {
elemTarget9, err := listTarget8.StartElem(i)
if err != nil {
return err
}
if err := elem10.FillVDLTarget(elemTarget9, tt.NonOptional().Field(0).Type.Elem().Elem()); err != nil {
return err
}
if err := listTarget8.FinishElem(elemTarget9); err != nil {
return err
}
}
if err := elemTarget6.FinishList(listTarget8); err != nil {
return err
}
if err := listTarget5.FinishElem(elemTarget6); err != nil {
return err
}
}
if err := fieldTarget3.FinishList(listTarget5); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil {
return err
}
}
}
if err := t.FinishFields(fieldsTarget1); err != nil {
return err
}
return nil
}
func (m *WireBlessings) MakeVDLTarget() vdl.Target {
return nil
}
type WireBlessingsTarget struct {
Value *Blessings
wireValue WireBlessings
certificateChainsTarget __VDLTarget4_list
vdl.TargetBase
vdl.FieldsTargetBase
}
func (t *WireBlessingsTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) {
t.wireValue = WireBlessings{}
if ttWant := vdl.TypeOf((*WireBlessings)(nil)).Elem(); !vdl.Compatible(tt, ttWant) {
return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant)
}
return t, nil
}
func (t *WireBlessingsTarget) StartField(name string) (key, field vdl.Target, _ error) {
switch name {
case "CertificateChains":
t.certificateChainsTarget.Value = &t.wireValue.CertificateChains
target, err := &t.certificateChainsTarget, error(nil)
return nil, target, err
default:
return nil, nil, vdl.ErrFieldNoExist
}
}
func (t *WireBlessingsTarget) FinishField(_, _ vdl.Target) error {
return nil
}
func (t *WireBlessingsTarget) ZeroField(name string) error {
switch name {
case "CertificateChains":
t.wireValue.CertificateChains = [][]Certificate(nil)
return nil
default:
return vdl.ErrFieldNoExist
}
}
func (t *WireBlessingsTarget) FinishFields(_ vdl.FieldsTarget) error {
if err := WireBlessingsToNative(t.wireValue, t.Value); err != nil {
return err
}
return nil
}
// [][]Certificate
type __VDLTarget4_list struct {
Value *[][]Certificate
elemTarget __VDLTarget5_list
vdl.TargetBase
vdl.ListTargetBase
}
func (t *__VDLTarget4_list) StartList(tt *vdl.Type, len int) (vdl.ListTarget, error) {
if ttWant := vdl.TypeOf((*[][]Certificate)(nil)); !vdl.Compatible(tt, ttWant) {
return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant)
}
if cap(*t.Value) < len {
*t.Value = make([][]Certificate, len)
} else {
*t.Value = (*t.Value)[:len]
}
return t, nil
}
func (t *__VDLTarget4_list) StartElem(index int) (elem vdl.Target, _ error) {
t.elemTarget.Value = &(*t.Value)[index]
target, err := &t.elemTarget, error(nil)
return target, err
}
func (t *__VDLTarget4_list) FinishElem(elem vdl.Target) error {
return nil
}
func (t *__VDLTarget4_list) FinishList(elem vdl.ListTarget) error {
return nil
}
// []Certificate
type __VDLTarget5_list struct {
Value *[]Certificate
elemTarget CertificateTarget
vdl.TargetBase
vdl.ListTargetBase
}
func (t *__VDLTarget5_list) StartList(tt *vdl.Type, len int) (vdl.ListTarget, error) {
if ttWant := vdl.TypeOf((*[]Certificate)(nil)); !vdl.Compatible(tt, ttWant) {
return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant)
}
if cap(*t.Value) < len {
*t.Value = make([]Certificate, len)
} else {
*t.Value = (*t.Value)[:len]
}
return t, nil
}
func (t *__VDLTarget5_list) StartElem(index int) (elem vdl.Target, _ error) {
t.elemTarget.Value = &(*t.Value)[index]
target, err := &t.elemTarget, error(nil)
return target, err
}
func (t *__VDLTarget5_list) FinishElem(elem vdl.Target) error {
return nil
}
func (t *__VDLTarget5_list) FinishList(elem vdl.ListTarget) error {
return nil
}
func (x WireBlessings) VDLIsZero() bool {
if len(x.CertificateChains) != 0 {
return false
}
return true
}
func (x WireBlessings) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(vdl.TypeOf((*WireBlessings)(nil)).Elem()); err != nil {
return err
}
if len(x.CertificateChains) != 0 {
if err := enc.NextField("CertificateChains"); err != nil {
return err
}
if err := __VDLWriteAnon_list_4(enc, x.CertificateChains); err != nil {
return err
}
}
if err := enc.NextField(""); err != nil {
return err
}
return enc.FinishValue()
}
func __VDLWriteAnon_list_4(enc vdl.Encoder, x [][]Certificate) error {
if err := enc.StartValue(vdl.TypeOf((*[][]Certificate)(nil))); err != nil {
return err
}
if err := enc.SetLenHint(len(x)); err != nil {
return err
}
for i := 0; i < len(x); i++ {
if err := enc.NextEntry(false); err != nil {
return err
}
if err := __VDLWriteAnon_list_5(enc, x[i]); err != nil {
return err
}
}
if err := enc.NextEntry(true); err != nil {
return err
}
return enc.FinishValue()
}
func __VDLWriteAnon_list_5(enc vdl.Encoder, x []Certificate) error {
if err := enc.StartValue(vdl.TypeOf((*[]Certificate)(nil))); err != nil {
return err
}
if err := enc.SetLenHint(len(x)); err != nil {
return err
}
for i := 0; i < len(x); i++ {
if err := enc.NextEntry(false); err != nil {
return err
}
if err := x[i].VDLWrite(enc); err != nil {
return err
}
}
if err := enc.NextEntry(true); err != nil {
return err
}
return enc.FinishValue()
}
func (x *WireBlessings) VDLRead(dec vdl.Decoder) error {
*x = WireBlessings{}
if err := dec.StartValue(); err != nil {
return err
}
if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) {
return fmt.Errorf("incompatible struct %T, from %v", *x, dec.Type())
}
for {
f, err := dec.NextField()
if err != nil {
return err
}
switch f {
case "":
return dec.FinishValue()
case "CertificateChains":
if err := __VDLReadAnon_list_4(dec, &x.CertificateChains); err != nil {
return err
}
default:
if err := dec.SkipValue(); err != nil {
return err
}
}
}
}
func __VDLReadAnon_list_4(dec vdl.Decoder, x *[][]Certificate) error {
if err := dec.StartValue(); err != nil {
return err
}
if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) {
return fmt.Errorf("incompatible list %T, from %v", *x, dec.Type())
}
switch len := dec.LenHint(); {
case len > 0:
*x = make([][]Certificate, 0, len)
default:
*x = nil
}
for {
switch done, err := dec.NextEntry(); {
case err != nil:
return err
case done:
return dec.FinishValue()
}
var elem []Certificate
if err := __VDLReadAnon_list_5(dec, &elem); err != nil {
return err
}
*x = append(*x, elem)
}
}
func __VDLReadAnon_list_5(dec vdl.Decoder, x *[]Certificate) error {
if err := dec.StartValue(); err != nil {
return err
}
if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) {
return fmt.Errorf("incompatible list %T, from %v", *x, dec.Type())
}
switch len := dec.LenHint(); {
case len > 0:
*x = make([]Certificate, 0, len)
default:
*x = nil
}
for {
switch done, err := dec.NextEntry(); {
case err != nil:
return err
case done:
return dec.FinishValue()
}
var elem Certificate
if err := elem.VDLRead(dec); err != nil {
return err
}
*x = append(*x, elem)
}
}
type (
// WireDischarge represents any single field of the WireDischarge union type.
//
// WireDischarge encapsulates the wire format of a third-party caveat
// Discharge.
WireDischarge interface {
// Index returns the field index.
Index() int
// Interface returns the field value as an interface.
Interface() interface{}
// Name returns the field name.
Name() string
// __VDLReflect describes the WireDischarge union type.
__VDLReflect(__WireDischargeReflect)
FillVDLTarget(vdl.Target, *vdl.Type) error
VDLIsZero() bool
VDLWrite(vdl.Encoder) error
}
// WireDischargePublicKey represents field PublicKey of the WireDischarge union type.
WireDischargePublicKey struct{ Value PublicKeyDischarge } // Discharge for PublicKeyThirdPartyCaveat
// __WireDischargeReflect describes the WireDischarge union type.
__WireDischargeReflect struct {
Name string `vdl:"v.io/v23/security.WireDischarge"`
Type WireDischarge
UnionTargetFactory wireDischargeTargetFactory
Union struct {
PublicKey WireDischargePublicKey
}
}
)
func (x WireDischargePublicKey) Index() int { return 0 }
func (x WireDischargePublicKey) Interface() interface{} { return x.Value }
func (x WireDischargePublicKey) Name() string { return "PublicKey" }
func (x WireDischargePublicKey) __VDLReflect(__WireDischargeReflect) {}
func (m WireDischargePublicKey) FillVDLTarget(t vdl.Target, tt *vdl.Type) error {
fieldsTarget1, err := t.StartFields(tt)
if err != nil {
return err
}
keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("PublicKey")
if err != nil {
return err
}
if err := m.Value.FillVDLTarget(fieldTarget3, tt.NonOptional().Field(0).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil {
return err
}
if err := t.FinishFields(fieldsTarget1); err != nil {
return err
}
return nil
}
func (m WireDischargePublicKey) MakeVDLTarget() vdl.Target {
return nil
}
type WireDischargeTarget struct {
Value *Discharge
wireValue WireDischarge
fieldName string
vdl.TargetBase
vdl.FieldsTargetBase
}
func (t *WireDischargeTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) {
if ttWant := vdl.TypeOf((*WireDischarge)(nil)); !vdl.Compatible(tt, ttWant) {
return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant)
}
t.wireValue = WireDischarge(WireDischargePublicKey{})
return t, nil
}
func (t *WireDischargeTarget) StartField(name string) (key, field vdl.Target, _ error) {
t.fieldName = name
switch name {
case "PublicKey":
val := PublicKeyDischarge{}
return nil, &PublicKeyDischargeTarget{Value: &val}, nil
default:
return nil, nil, fmt.Errorf("field %s not in union v.io/v23/security.WireDischarge", name)
}
}
func (t *WireDischargeTarget) FinishField(_, fieldTarget vdl.Target) error {
switch t.fieldName {
case "PublicKey":
t.wireValue = WireDischargePublicKey{*(fieldTarget.(*PublicKeyDischargeTarget)).Value}
}
return nil
}
func (t *WireDischargeTarget) FinishFields(_ vdl.FieldsTarget) error {
if err := WireDischargeToNative(t.wireValue, t.Value); err != nil {
return err
}
return nil
}
type wireDischargeTargetFactory struct{}
func (t wireDischargeTargetFactory) VDLMakeUnionTarget(union interface{}) (vdl.Target, error) {
if typedUnion, ok := union.(*Discharge); ok {
return &WireDischargeTarget{Value: typedUnion}, nil
}
return nil, fmt.Errorf("got %T, want *Discharge", union)
}
func (x WireDischargePublicKey) VDLIsZero() bool {
return x.Value.VDLIsZero()
}
func (x WireDischargePublicKey) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(vdl.TypeOf((*WireDischarge)(nil))); err != nil {
return err
}
if err := enc.NextField("PublicKey"); err != nil {
return err
}
if err := x.Value.VDLWrite(enc); err != nil {
return err
}
if err := enc.NextField(""); err != nil {
return err
}
return enc.FinishValue()
}
func VDLReadWireDischarge(dec vdl.Decoder, x *WireDischarge) error {
if err := dec.StartValue(); err != nil {
return err
}
if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(x), dec.Type()) {
return fmt.Errorf("incompatible union %T, from %v", x, dec.Type())
}
f, err := dec.NextField()
if err != nil {
return err
}
switch f {
case "PublicKey":
var field WireDischargePublicKey
if err := field.Value.VDLRead(dec); err != nil {
return err
}
*x = field
case "":
return fmt.Errorf("missing field in union %T, from %v", x, dec.Type())
default:
return fmt.Errorf("field %q not in union %T, from %v", f, x, dec.Type())
}
switch f, err := dec.NextField(); {
case err != nil:
return err
case f != "":
return fmt.Errorf("extra field %q in union %T, from %v", f, x, dec.Type())
}
return dec.FinishValue()
}
// RejectedBlessing describes why a blessing failed validation.
type RejectedBlessing struct {
Blessing string
Err error
}
func (RejectedBlessing) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.RejectedBlessing"`
}) {
}
func (m *RejectedBlessing) FillVDLTarget(t vdl.Target, tt *vdl.Type) error {
fieldsTarget1, err := t.StartFields(tt)
if err != nil {
return err
}
var4 := (m.Blessing == "")
if var4 {
if err := fieldsTarget1.ZeroField("Blessing"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("Blessing")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
if err := fieldTarget3.FromString(string(m.Blessing), tt.NonOptional().Field(0).Type); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil {
return err
}
}
}
var7 := (m.Err == (error)(nil))
if var7 {
if err := fieldsTarget1.ZeroField("Err"); err != nil && err != vdl.ErrFieldNoExist {
return err
}
} else {
keyTarget5, fieldTarget6, err := fieldsTarget1.StartField("Err")
if err != vdl.ErrFieldNoExist {
if err != nil {
return err
}
var wireError8 vdl.WireError
if err := verror.WireFromNative(&wireError8, m.Err); err != nil {
return err
}
if err := wireError8.FillVDLTarget(fieldTarget6, vdl.ErrorType); err != nil {
return err
}
if err := fieldsTarget1.FinishField(keyTarget5, fieldTarget6); err != nil {
return err
}
}
}
if err := t.FinishFields(fieldsTarget1); err != nil {
return err
}
return nil
}
func (m *RejectedBlessing) MakeVDLTarget() vdl.Target {
return &RejectedBlessingTarget{Value: m}
}
type RejectedBlessingTarget struct {
Value *RejectedBlessing
blessingTarget vdl.StringTarget
errTarget verror.ErrorTarget
vdl.TargetBase
vdl.FieldsTargetBase
}
func (t *RejectedBlessingTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) {
if ttWant := vdl.TypeOf((*RejectedBlessing)(nil)).Elem(); !vdl.Compatible(tt, ttWant) {
return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant)
}
return t, nil
}
func (t *RejectedBlessingTarget) StartField(name string) (key, field vdl.Target, _ error) {
switch name {
case "Blessing":
t.blessingTarget.Value = &t.Value.Blessing
target, err := &t.blessingTarget, error(nil)
return nil, target, err
case "Err":
t.errTarget.Value = &t.Value.Err
target, err := &t.errTarget, error(nil)
return nil, target, err
default:
return nil, nil, vdl.ErrFieldNoExist
}
}
func (t *RejectedBlessingTarget) FinishField(_, _ vdl.Target) error {
return nil
}
func (t *RejectedBlessingTarget) ZeroField(name string) error {
switch name {
case "Blessing":
t.Value.Blessing = ""
return nil
case "Err":
t.Value.Err = (error)(nil)
return nil
default:
return vdl.ErrFieldNoExist
}
}
func (t *RejectedBlessingTarget) FinishFields(_ vdl.FieldsTarget) error {
return nil
}
func (x RejectedBlessing) VDLIsZero() bool {
return x == RejectedBlessing{}
}
func (x RejectedBlessing) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(vdl.TypeOf((*RejectedBlessing)(nil)).Elem()); err != nil {
return err
}
if x.Blessing != "" {
if err := enc.NextField("Blessing"); err != nil {
return err
}
if err := enc.StartValue(vdl.StringType); err != nil {
return err
}
if err := enc.EncodeString(x.Blessing); err != nil {
return err
}
if err := enc.FinishValue(); err != nil {
return err
}
}
if x.Err != nil {
if err := enc.NextField("Err"); err != nil {
return err
}
if err := verror.VDLWrite(enc, x.Err); err != nil {
return err
}
}
if err := enc.NextField(""); err != nil {
return err
}
return enc.FinishValue()
}
func (x *RejectedBlessing) VDLRead(dec vdl.Decoder) error {
*x = RejectedBlessing{}
if err := dec.StartValue(); err != nil {
return err
}
if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) {
return fmt.Errorf("incompatible struct %T, from %v", *x, dec.Type())
}
for {
f, err := dec.NextField()
if err != nil {
return err
}
switch f {
case "":
return dec.FinishValue()
case "Blessing":
if err := dec.StartValue(); err != nil {
return err
}
var err error
if x.Blessing, err = dec.DecodeString(); err != nil {
return err
}
if err := dec.FinishValue(); err != nil {
return err
}
case "Err":
if err := verror.VDLRead(dec, &x.Err); err != nil {
return err
}
default:
if err := dec.SkipValue(); err != nil {
return err
}
}
}
}
// Type-check native conversion functions.
var (
_ func(WireBlessings, *Blessings) error = WireBlessingsToNative
_ func(*WireBlessings, Blessings) error = WireBlessingsFromNative
_ func(WireDischarge, *Discharge) error = WireDischargeToNative
_ func(*WireDischarge, Discharge) error = WireDischargeFromNative
)
//////////////////////////////////////////////////
// Const definitions
// ConstCaveat represents a caveat that either always validates or never validates.
var ConstCaveat = CaveatDescriptor{
ParamType: vdl.BoolType,
}
// ExpiryCaveat represents a caveat that validates iff the current time is no later
// the specified time.Time.
var ExpiryCaveat = CaveatDescriptor{
Id: uniqueid.Id{
166,
76,
45,
1,
25,
251,
163,
52,
128,
113,
254,
235,
47,
48,
128,
0,
},
ParamType: vdl.TypeOf((*vdltime.Time)(nil)).Elem(),
}
// MethodCaveat represents a caveat that validates iff the method being
// invoked is included in this list. An empty list implies that the caveat is invalid.
var MethodCaveat = CaveatDescriptor{
Id: uniqueid.Id{
84,
166,
118,
57,
129,
55,
24,
126,
205,
178,
109,
45,
105,
186,
0,
3,
},
ParamType: vdl.TypeOf((*[]string)(nil)),
}
var PublicKeyThirdPartyCaveat = CaveatDescriptor{
Id: uniqueid.Id{
121,
114,
206,
23,
74,
123,
169,
63,
121,
84,
125,
118,
156,
145,
128,
0,
},
ParamType: vdl.TypeOf((*publicKeyThirdPartyCaveatParam)(nil)).Elem(),
}
// PeerBlessingsCaveat represents a caveat that validates iff the peer being communicated
// with (local end of the call) has a blessing name matching at least one of the patterns
// in the list. An empty list implies that the caveat is invalid.
var PeerBlessingsCaveat = CaveatDescriptor{
Id: uniqueid.Id{
5,
119,
248,
86,
76,
142,
95,
254,
255,
142,
43,
31,
77,
109,
128,
0,
},
ParamType: vdl.TypeOf((*[]BlessingPattern)(nil)),
}
// NoExtension is an optional terminator for a blessing pattern indicating that the pattern
// cannot match any extensions of the blessing from that point onwards.
const NoExtension = BlessingPattern("$")
// TODO(ataly, ashankar): The semantics of AllPrincipals breaks monotonicity in
// AccessLists with NotIn clauses. For instance, the AccessList "In: {AllPrincipals}, NotIn: {"foo"}
// matches the principal that presents no recognizable blessings ([]) however does not
// match the principal that presents "foo" as the only recognizable blessings (["foo"])
// We need to sort this out.
const AllPrincipals = BlessingPattern("...") // Glob pattern that matches all blessings.
const ChainSeparator = ":" // ChainSeparator joins blessing names to form a blessing chain name.
const SHA1Hash = Hash("SHA1") // SHA1 cryptographic hash function defined in RFC3174.
const SHA256Hash = Hash("SHA256") // SHA256 cryptographic hash function defined in FIPS 180-4.
const SHA384Hash = Hash("SHA384") // SHA384 cryptographic hash function defined in FIPS 180-2.
const SHA512Hash = Hash("SHA512") // SHA512 cryptographic hash function defined in FIPS 180-2.
const SignatureForMessageSigning = "S1" // Signature.Purpose used by a Principal to sign arbitrary messages.
const SignatureForBlessingCertificates = "B1" // Signature.Purpose used by a Principal when signing Certificates for creating blessings.
const SignatureForDischarge = "D1" // Signature.Purpose used by a Principal when signing discharges for public-key based third-party caveats.
//////////////////////////////////////////////////
// Error definitions
var (
ErrCaveatNotRegistered = verror.Register("v.io/v23/security.CaveatNotRegistered", verror.NoRetry, "{1:}{2:} no validation function registered for caveat id {3}")
ErrCaveatParamAny = verror.Register("v.io/v23/security.CaveatParamAny", verror.NoRetry, "{1:}{2:} caveat {3} uses illegal param type any")
ErrCaveatParamTypeMismatch = verror.Register("v.io/v23/security.CaveatParamTypeMismatch", verror.NoRetry, "{1:}{2:} bad param type: caveat {3} got {4}, want {5}")
ErrCaveatParamCoding = verror.Register("v.io/v23/security.CaveatParamCoding", verror.NoRetry, "{1:}{2:} unable to encode/decode caveat param(type={4}) for caveat {3}: {5}")
ErrCaveatValidation = verror.Register("v.io/v23/security.CaveatValidation", verror.NoRetry, "{1:}{2:} caveat validation failed: {3}")
ErrConstCaveatValidation = verror.Register("v.io/v23/security.ConstCaveatValidation", verror.NoRetry, "{1:}{2:} false const caveat always fails validation")
ErrExpiryCaveatValidation = verror.Register("v.io/v23/security.ExpiryCaveatValidation", verror.NoRetry, "{1:}{2:} now({3}) is after expiry({4})")
ErrMethodCaveatValidation = verror.Register("v.io/v23/security.MethodCaveatValidation", verror.NoRetry, "{1:}{2:} method {3} not in list {4}")
ErrPeerBlessingsCaveatValidation = verror.Register("v.io/v23/security.PeerBlessingsCaveatValidation", verror.NoRetry, "{1:}{2:} patterns in peer blessings caveat {4} not matched by the peer {3}")
ErrUnrecognizedRoot = verror.Register("v.io/v23/security.UnrecognizedRoot", verror.NoRetry, "{1:}{2:} unrecognized public key {3} in root certificate{:4}")
ErrAuthorizationFailed = verror.Register("v.io/v23/security.AuthorizationFailed", verror.NoRetry, "{1:}{2:} principal with blessings {3} (rejected {4}) is not authorized by principal with blessings {5}")
ErrInvalidSigningBlessingCaveat = verror.Register("v.io/v23/security.InvalidSigningBlessingCaveat", verror.NoRetry, "{1:}{2:} blessing has caveat with UUID {3} which makes it unsuitable for signing -- please use blessings with just Expiry caveats")
ErrPublicKeyNotAllowed = verror.Register("v.io/v23/security.PublicKeyNotAllowed", verror.NoRetry, "{1:}{2:} peer has public key {3}, not the authorized public key {4}")
ErrEndpointAuthorizationFailed = verror.Register("v.io/v23/security.EndpointAuthorizationFailed", verror.NoRetry, "{1:}{2:} blessings in endpoint {3} not matched by blessings presented: {4} (rejected {5})")
)
// NewErrCaveatNotRegistered returns an error with the ErrCaveatNotRegistered ID.
func NewErrCaveatNotRegistered(ctx *context.T, id uniqueid.Id) error {
return verror.New(ErrCaveatNotRegistered, ctx, id)
}
// NewErrCaveatParamAny returns an error with the ErrCaveatParamAny ID.
func NewErrCaveatParamAny(ctx *context.T, id uniqueid.Id) error {
return verror.New(ErrCaveatParamAny, ctx, id)
}
// NewErrCaveatParamTypeMismatch returns an error with the ErrCaveatParamTypeMismatch ID.
func NewErrCaveatParamTypeMismatch(ctx *context.T, id uniqueid.Id, got *vdl.Type, want *vdl.Type) error {
return verror.New(ErrCaveatParamTypeMismatch, ctx, id, got, want)
}
// NewErrCaveatParamCoding returns an error with the ErrCaveatParamCoding ID.
func NewErrCaveatParamCoding(ctx *context.T, id uniqueid.Id, typ *vdl.Type, err error) error {
return verror.New(ErrCaveatParamCoding, ctx, id, typ, err)
}
// NewErrCaveatValidation returns an error with the ErrCaveatValidation ID.
func NewErrCaveatValidation(ctx *context.T, err error) error {
return verror.New(ErrCaveatValidation, ctx, err)
}
// NewErrConstCaveatValidation returns an error with the ErrConstCaveatValidation ID.
func NewErrConstCaveatValidation(ctx *context.T) error {
return verror.New(ErrConstCaveatValidation, ctx)
}
// NewErrExpiryCaveatValidation returns an error with the ErrExpiryCaveatValidation ID.
func NewErrExpiryCaveatValidation(ctx *context.T, currentTime time.Time, expiryTime time.Time) error {
return verror.New(ErrExpiryCaveatValidation, ctx, currentTime, expiryTime)
}
// NewErrMethodCaveatValidation returns an error with the ErrMethodCaveatValidation ID.
func NewErrMethodCaveatValidation(ctx *context.T, invokedMethod string, permittedMethods []string) error {
return verror.New(ErrMethodCaveatValidation, ctx, invokedMethod, permittedMethods)
}
// NewErrPeerBlessingsCaveatValidation returns an error with the ErrPeerBlessingsCaveatValidation ID.
func NewErrPeerBlessingsCaveatValidation(ctx *context.T, peerBlessings []string, permittedPatterns []BlessingPattern) error {
return verror.New(ErrPeerBlessingsCaveatValidation, ctx, peerBlessings, permittedPatterns)
}
// NewErrUnrecognizedRoot returns an error with the ErrUnrecognizedRoot ID.
func NewErrUnrecognizedRoot(ctx *context.T, rootKey string, details error) error {
return verror.New(ErrUnrecognizedRoot, ctx, rootKey, details)
}
// NewErrAuthorizationFailed returns an error with the ErrAuthorizationFailed ID.
func NewErrAuthorizationFailed(ctx *context.T, remote []string, remoteErr []RejectedBlessing, local []string) error {
return verror.New(ErrAuthorizationFailed, ctx, remote, remoteErr, local)
}
// NewErrInvalidSigningBlessingCaveat returns an error with the ErrInvalidSigningBlessingCaveat ID.
func NewErrInvalidSigningBlessingCaveat(ctx *context.T, id uniqueid.Id) error {
return verror.New(ErrInvalidSigningBlessingCaveat, ctx, id)
}
// NewErrPublicKeyNotAllowed returns an error with the ErrPublicKeyNotAllowed ID.
func NewErrPublicKeyNotAllowed(ctx *context.T, got string, want string) error {
return verror.New(ErrPublicKeyNotAllowed, ctx, got, want)
}
// NewErrEndpointAuthorizationFailed returns an error with the ErrEndpointAuthorizationFailed ID.
func NewErrEndpointAuthorizationFailed(ctx *context.T, endpoint string, remote []string, rejected []RejectedBlessing) error {
return verror.New(ErrEndpointAuthorizationFailed, ctx, endpoint, remote, rejected)
}
var __VDLInitCalled bool
// __VDLInit performs vdl initialization. It is safe to call multiple times.
// If you have an init ordering issue, just insert the following line verbatim
// into your source files in this package, right after the "package foo" clause:
//
// var _ = __VDLInit()
//
// The purpose of this function is to ensure that vdl initialization occurs in
// the right order, and very early in the init sequence. In particular, vdl
// registration and package variable initialization needs to occur before
// functions like vdl.TypeOf will work properly.
//
// This function returns a dummy value, so that it can be used to initialize the
// first var in the file, to take advantage of Go's defined init order.
func __VDLInit() struct{} {
if __VDLInitCalled {
return struct{}{}
}
__VDLInitCalled = true
// Register native type conversions first, so that vdl.TypeOf works.
vdl.RegisterNative(WireBlessingsToNative, WireBlessingsFromNative)
vdl.RegisterNative(WireDischargeToNative, WireDischargeFromNative)
// Register types.
vdl.Register((*nonce)(nil))
vdl.Register((*Caveat)(nil))
vdl.Register((*ThirdPartyRequirements)(nil))
vdl.Register((*publicKeyThirdPartyCaveatParam)(nil))
vdl.Register((*Hash)(nil))
vdl.Register((*Signature)(nil))
vdl.Register((*PublicKeyDischarge)(nil))
vdl.Register((*BlessingPattern)(nil))
vdl.Register((*DischargeImpetus)(nil))
vdl.Register((*Certificate)(nil))
vdl.Register((*CaveatDescriptor)(nil))
vdl.Register((*WireBlessings)(nil))
vdl.Register((*WireDischarge)(nil))
vdl.Register((*RejectedBlessing)(nil))
// Set error format strings.
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatNotRegistered.ID), "{1:}{2:} no validation function registered for caveat id {3}")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatParamAny.ID), "{1:}{2:} caveat {3} uses illegal param type any")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatParamTypeMismatch.ID), "{1:}{2:} bad param type: caveat {3} got {4}, want {5}")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatParamCoding.ID), "{1:}{2:} unable to encode/decode caveat param(type={4}) for caveat {3}: {5}")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatValidation.ID), "{1:}{2:} caveat validation failed: {3}")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrConstCaveatValidation.ID), "{1:}{2:} false const caveat always fails validation")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrExpiryCaveatValidation.ID), "{1:}{2:} now({3}) is after expiry({4})")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrMethodCaveatValidation.ID), "{1:}{2:} method {3} not in list {4}")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrPeerBlessingsCaveatValidation.ID), "{1:}{2:} patterns in peer blessings caveat {4} not matched by the peer {3}")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrUnrecognizedRoot.ID), "{1:}{2:} unrecognized public key {3} in root certificate{:4}")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrAuthorizationFailed.ID), "{1:}{2:} principal with blessings {3} (rejected {4}) is not authorized by principal with blessings {5}")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrInvalidSigningBlessingCaveat.ID), "{1:}{2:} blessing has caveat with UUID {3} which makes it unsuitable for signing -- please use blessings with just Expiry caveats")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrPublicKeyNotAllowed.ID), "{1:}{2:} peer has public key {3}, not the authorized public key {4}")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrEndpointAuthorizationFailed.ID), "{1:}{2:} blessings in endpoint {3} not matched by blessings presented: {4} (rejected {5})")
return struct{}{}
}