| // Copyright 2015 The Vanadium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| // This file was auto-generated by the vanadium vdl tool. |
| // Package: security |
| |
| package security |
| |
| import ( |
| "fmt" |
| "reflect" |
| "time" |
| "v.io/v23/context" |
| "v.io/v23/i18n" |
| "v.io/v23/uniqueid" |
| "v.io/v23/vdl" |
| time_2 "v.io/v23/vdlroot/time" |
| "v.io/v23/verror" |
| "v.io/v23/vom" |
| ) |
| |
| var _ = __VDLInit() // Must be first; see __VDLInit comments for details. |
| |
| ////////////////////////////////////////////////// |
| // Type definitions |
| |
| type nonce [16]byte |
| |
| func (nonce) __VDLReflect(struct { |
| Name string `vdl:"v.io/v23/security.nonce"` |
| }) { |
| } |
| |
| func (m *nonce) FillVDLTarget(t vdl.Target, tt *vdl.Type) error { |
| if err := t.FromBytes([]byte((*m)[:]), tt); err != nil { |
| return err |
| } |
| return nil |
| } |
| |
| func (m *nonce) MakeVDLTarget() vdl.Target { |
| return &nonceTarget{Value: m} |
| } |
| |
| type nonceTarget struct { |
| Value *nonce |
| vdl.TargetBase |
| } |
| |
| func (t *nonceTarget) FromBytes(src []byte, tt *vdl.Type) error { |
| |
| if ttWant := vdl.TypeOf((*nonce)(nil)); !vdl.Compatible(tt, ttWant) { |
| return fmt.Errorf("type %v incompatible with %v", tt, ttWant) |
| } |
| copy((*t.Value)[:], src) |
| |
| return nil |
| } |
| |
| func (x *nonce) VDLRead(dec vdl.Decoder) error { |
| var err error |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| bytes := x[:] |
| if err = dec.DecodeBytes(16, &bytes); err != nil { |
| return err |
| } |
| return dec.FinishValue() |
| } |
| |
| func (x nonce) VDLWrite(enc vdl.Encoder) error { |
| if err := enc.StartValue(vdl.TypeOf((*nonce)(nil))); err != nil { |
| return err |
| } |
| if err := enc.EncodeBytes([]byte(x[:])); err != nil { |
| return err |
| } |
| return enc.FinishValue() |
| } |
| |
| // Caveat is a condition on the validity of a blessing/discharge. |
| // |
| // These conditions are provided when asking a principal to create |
| // a blessing/discharge and are verified when extracting blessings |
| // (Blessings.ForName in the Go API). |
| // |
| // Given a Hash, the message digest of a caveat is: |
| // Hash(Hash(Id), Hash(ParamVom)) |
| type Caveat struct { |
| Id uniqueid.Id // The identifier of the caveat validation function. |
| ParamVom []byte // VOM-encoded bytes of the parameters to be provided to the validation function. |
| } |
| |
| func (Caveat) __VDLReflect(struct { |
| Name string `vdl:"v.io/v23/security.Caveat"` |
| }) { |
| } |
| |
| func (m *Caveat) FillVDLTarget(t vdl.Target, tt *vdl.Type) error { |
| fieldsTarget1, err := t.StartFields(tt) |
| if err != nil { |
| return err |
| } |
| var4 := (m.Id == uniqueid.Id{}) |
| if var4 { |
| if err := fieldsTarget1.ZeroField("Id"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("Id") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| |
| if err := m.Id.FillVDLTarget(fieldTarget3, tt.NonOptional().Field(0).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil { |
| return err |
| } |
| } |
| } |
| var var7 bool |
| if len(m.ParamVom) == 0 { |
| var7 = true |
| } |
| if var7 { |
| if err := fieldsTarget1.ZeroField("ParamVom"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget5, fieldTarget6, err := fieldsTarget1.StartField("ParamVom") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| |
| if err := fieldTarget6.FromBytes([]byte(m.ParamVom), tt.NonOptional().Field(1).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget5, fieldTarget6); err != nil { |
| return err |
| } |
| } |
| } |
| if err := t.FinishFields(fieldsTarget1); err != nil { |
| return err |
| } |
| return nil |
| } |
| |
| func (m *Caveat) MakeVDLTarget() vdl.Target { |
| return &CaveatTarget{Value: m} |
| } |
| |
| type CaveatTarget struct { |
| Value *Caveat |
| idTarget uniqueid.IdTarget |
| paramVomTarget vdl.BytesTarget |
| vdl.TargetBase |
| vdl.FieldsTargetBase |
| } |
| |
| func (t *CaveatTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) { |
| |
| if ttWant := vdl.TypeOf((*Caveat)(nil)).Elem(); !vdl.Compatible(tt, ttWant) { |
| return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant) |
| } |
| return t, nil |
| } |
| func (t *CaveatTarget) StartField(name string) (key, field vdl.Target, _ error) { |
| switch name { |
| case "Id": |
| t.idTarget.Value = &t.Value.Id |
| target, err := &t.idTarget, error(nil) |
| return nil, target, err |
| case "ParamVom": |
| t.paramVomTarget.Value = &t.Value.ParamVom |
| target, err := &t.paramVomTarget, error(nil) |
| return nil, target, err |
| default: |
| return nil, nil, fmt.Errorf("field %s not in struct v.io/v23/security.Caveat", name) |
| } |
| } |
| func (t *CaveatTarget) FinishField(_, _ vdl.Target) error { |
| return nil |
| } |
| func (t *CaveatTarget) ZeroField(name string) error { |
| switch name { |
| case "Id": |
| t.Value.Id = uniqueid.Id{} |
| return nil |
| case "ParamVom": |
| t.Value.ParamVom = []byte(nil) |
| return nil |
| default: |
| return fmt.Errorf("field %s not in struct v.io/v23/security.Caveat", name) |
| } |
| } |
| func (t *CaveatTarget) FinishFields(_ vdl.FieldsTarget) error { |
| |
| return nil |
| } |
| |
| func (x *Caveat) VDLRead(dec vdl.Decoder) error { |
| *x = Caveat{} |
| var err error |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) { |
| return fmt.Errorf("incompatible struct %T, from %v", *x, dec.Type()) |
| } |
| for { |
| f, err := dec.NextField() |
| if err != nil { |
| return err |
| } |
| switch f { |
| case "": |
| return dec.FinishValue() |
| case "Id": |
| if err = x.Id.VDLRead(dec); err != nil { |
| return err |
| } |
| case "ParamVom": |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if err = dec.DecodeBytes(-1, &x.ParamVom); err != nil { |
| return err |
| } |
| if err = dec.FinishValue(); err != nil { |
| return err |
| } |
| default: |
| if err = dec.SkipValue(); err != nil { |
| return err |
| } |
| } |
| } |
| } |
| |
| func (x Caveat) VDLWrite(enc vdl.Encoder) error { |
| if err := enc.StartValue(vdl.TypeOf((*Caveat)(nil)).Elem()); err != nil { |
| return err |
| } |
| var1 := (x.Id == uniqueid.Id{}) |
| if !(var1) { |
| if err := enc.NextField("Id"); err != nil { |
| return err |
| } |
| if err := x.Id.VDLWrite(enc); err != nil { |
| return err |
| } |
| } |
| var var2 bool |
| if len(x.ParamVom) == 0 { |
| var2 = true |
| } |
| if !(var2) { |
| if err := enc.NextField("ParamVom"); err != nil { |
| return err |
| } |
| if err := enc.StartValue(vdl.TypeOf((*[]byte)(nil))); err != nil { |
| return err |
| } |
| if err := enc.EncodeBytes(x.ParamVom); err != nil { |
| return err |
| } |
| if err := enc.FinishValue(); err != nil { |
| return err |
| } |
| } |
| if err := enc.NextField(""); err != nil { |
| return err |
| } |
| return enc.FinishValue() |
| } |
| |
| // ThirdPartyRequirements specifies the information required by the third-party |
| // that will issue discharges for third-party caveats. |
| // |
| // These requirements are typically used to construct a DischargeImpetus, which |
| // will be sent to the third-party. |
| type ThirdPartyRequirements struct { |
| ReportServer bool // The blessings presented by the server of an IPC call. |
| ReportMethod bool // The name of the method being invoked. |
| ReportArguments bool // Arguments to the method being invoked. |
| } |
| |
| func (ThirdPartyRequirements) __VDLReflect(struct { |
| Name string `vdl:"v.io/v23/security.ThirdPartyRequirements"` |
| }) { |
| } |
| |
| func (m *ThirdPartyRequirements) FillVDLTarget(t vdl.Target, tt *vdl.Type) error { |
| fieldsTarget1, err := t.StartFields(tt) |
| if err != nil { |
| return err |
| } |
| var4 := (m.ReportServer == false) |
| if var4 { |
| if err := fieldsTarget1.ZeroField("ReportServer"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("ReportServer") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| if err := fieldTarget3.FromBool(bool(m.ReportServer), tt.NonOptional().Field(0).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil { |
| return err |
| } |
| } |
| } |
| var7 := (m.ReportMethod == false) |
| if var7 { |
| if err := fieldsTarget1.ZeroField("ReportMethod"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget5, fieldTarget6, err := fieldsTarget1.StartField("ReportMethod") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| if err := fieldTarget6.FromBool(bool(m.ReportMethod), tt.NonOptional().Field(1).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget5, fieldTarget6); err != nil { |
| return err |
| } |
| } |
| } |
| var10 := (m.ReportArguments == false) |
| if var10 { |
| if err := fieldsTarget1.ZeroField("ReportArguments"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget8, fieldTarget9, err := fieldsTarget1.StartField("ReportArguments") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| if err := fieldTarget9.FromBool(bool(m.ReportArguments), tt.NonOptional().Field(2).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget8, fieldTarget9); err != nil { |
| return err |
| } |
| } |
| } |
| if err := t.FinishFields(fieldsTarget1); err != nil { |
| return err |
| } |
| return nil |
| } |
| |
| func (m *ThirdPartyRequirements) MakeVDLTarget() vdl.Target { |
| return &ThirdPartyRequirementsTarget{Value: m} |
| } |
| |
| type ThirdPartyRequirementsTarget struct { |
| Value *ThirdPartyRequirements |
| reportServerTarget vdl.BoolTarget |
| reportMethodTarget vdl.BoolTarget |
| reportArgumentsTarget vdl.BoolTarget |
| vdl.TargetBase |
| vdl.FieldsTargetBase |
| } |
| |
| func (t *ThirdPartyRequirementsTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) { |
| |
| if ttWant := vdl.TypeOf((*ThirdPartyRequirements)(nil)).Elem(); !vdl.Compatible(tt, ttWant) { |
| return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant) |
| } |
| return t, nil |
| } |
| func (t *ThirdPartyRequirementsTarget) StartField(name string) (key, field vdl.Target, _ error) { |
| switch name { |
| case "ReportServer": |
| t.reportServerTarget.Value = &t.Value.ReportServer |
| target, err := &t.reportServerTarget, error(nil) |
| return nil, target, err |
| case "ReportMethod": |
| t.reportMethodTarget.Value = &t.Value.ReportMethod |
| target, err := &t.reportMethodTarget, error(nil) |
| return nil, target, err |
| case "ReportArguments": |
| t.reportArgumentsTarget.Value = &t.Value.ReportArguments |
| target, err := &t.reportArgumentsTarget, error(nil) |
| return nil, target, err |
| default: |
| return nil, nil, fmt.Errorf("field %s not in struct v.io/v23/security.ThirdPartyRequirements", name) |
| } |
| } |
| func (t *ThirdPartyRequirementsTarget) FinishField(_, _ vdl.Target) error { |
| return nil |
| } |
| func (t *ThirdPartyRequirementsTarget) ZeroField(name string) error { |
| switch name { |
| case "ReportServer": |
| t.Value.ReportServer = false |
| return nil |
| case "ReportMethod": |
| t.Value.ReportMethod = false |
| return nil |
| case "ReportArguments": |
| t.Value.ReportArguments = false |
| return nil |
| default: |
| return fmt.Errorf("field %s not in struct v.io/v23/security.ThirdPartyRequirements", name) |
| } |
| } |
| func (t *ThirdPartyRequirementsTarget) FinishFields(_ vdl.FieldsTarget) error { |
| |
| return nil |
| } |
| |
| func (x *ThirdPartyRequirements) VDLRead(dec vdl.Decoder) error { |
| *x = ThirdPartyRequirements{} |
| var err error |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) { |
| return fmt.Errorf("incompatible struct %T, from %v", *x, dec.Type()) |
| } |
| for { |
| f, err := dec.NextField() |
| if err != nil { |
| return err |
| } |
| switch f { |
| case "": |
| return dec.FinishValue() |
| case "ReportServer": |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if x.ReportServer, err = dec.DecodeBool(); err != nil { |
| return err |
| } |
| if err = dec.FinishValue(); err != nil { |
| return err |
| } |
| case "ReportMethod": |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if x.ReportMethod, err = dec.DecodeBool(); err != nil { |
| return err |
| } |
| if err = dec.FinishValue(); err != nil { |
| return err |
| } |
| case "ReportArguments": |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if x.ReportArguments, err = dec.DecodeBool(); err != nil { |
| return err |
| } |
| if err = dec.FinishValue(); err != nil { |
| return err |
| } |
| default: |
| if err = dec.SkipValue(); err != nil { |
| return err |
| } |
| } |
| } |
| } |
| |
| func (x ThirdPartyRequirements) VDLWrite(enc vdl.Encoder) error { |
| if err := enc.StartValue(vdl.TypeOf((*ThirdPartyRequirements)(nil)).Elem()); err != nil { |
| return err |
| } |
| var1 := (x.ReportServer == false) |
| if !(var1) { |
| if err := enc.NextField("ReportServer"); err != nil { |
| return err |
| } |
| if err := enc.StartValue(vdl.TypeOf((*bool)(nil))); err != nil { |
| return err |
| } |
| if err := enc.EncodeBool(x.ReportServer); err != nil { |
| return err |
| } |
| if err := enc.FinishValue(); err != nil { |
| return err |
| } |
| } |
| var2 := (x.ReportMethod == false) |
| if !(var2) { |
| if err := enc.NextField("ReportMethod"); err != nil { |
| return err |
| } |
| if err := enc.StartValue(vdl.TypeOf((*bool)(nil))); err != nil { |
| return err |
| } |
| if err := enc.EncodeBool(x.ReportMethod); err != nil { |
| return err |
| } |
| if err := enc.FinishValue(); err != nil { |
| return err |
| } |
| } |
| var3 := (x.ReportArguments == false) |
| if !(var3) { |
| if err := enc.NextField("ReportArguments"); err != nil { |
| return err |
| } |
| if err := enc.StartValue(vdl.TypeOf((*bool)(nil))); err != nil { |
| return err |
| } |
| if err := enc.EncodeBool(x.ReportArguments); err != nil { |
| return err |
| } |
| if err := enc.FinishValue(); err != nil { |
| return err |
| } |
| } |
| if err := enc.NextField(""); err != nil { |
| return err |
| } |
| return enc.FinishValue() |
| } |
| |
| // publicKeyThirdPartyCaveatParam represents a third-party caveat that requires |
| // PublicKeyDischarge(s) to be issued by a principal identified by a public key. |
| // |
| // The Id of the caveat is base64-encoded: |
| // hash(hash(Nonce), hash(DischargerKey), hash(Caveats[0]), hash(Caveats[1]), ...) |
| // where hash is a cryptographic hash function with a security strength |
| // equivalent to that of the DischargerKey. For example, if DischargerKey |
| // represents an ECDSA public key with the P384 curve, then hash should be |
| // SHA384. |
| type publicKeyThirdPartyCaveatParam struct { |
| // Nonce specifies a cryptographically random nonce associated with an |
| // instance of the caveat. This prevents discharge replays, where |
| // discharges for ThirdPartyCaveats embedded in the certificates for |
| // one blessing can be used for another blessing. |
| // |
| // Whether discharge re-use is a desired or un-desired property is |
| // still under debate. Till the debate is settled, we err on the side |
| // of discouraging re-use. |
| Nonce nonce |
| // Caveats specifies the caveats that have to be validated |
| // before minting a discharge for a publicKeyCaveat. |
| Caveats []Caveat |
| // DER-encoded PKIX public key of the principal that can issue discharges. |
| DischargerKey []byte |
| // Object name where the third-party that can issue discharges can be found. |
| DischargerLocation string |
| // Information required by the third-party in order to issue a discharge. |
| DischargerRequirements ThirdPartyRequirements |
| } |
| |
| func (publicKeyThirdPartyCaveatParam) __VDLReflect(struct { |
| Name string `vdl:"v.io/v23/security.publicKeyThirdPartyCaveatParam"` |
| }) { |
| } |
| |
| func (m *publicKeyThirdPartyCaveatParam) FillVDLTarget(t vdl.Target, tt *vdl.Type) error { |
| fieldsTarget1, err := t.StartFields(tt) |
| if err != nil { |
| return err |
| } |
| var4 := (m.Nonce == nonce{}) |
| if var4 { |
| if err := fieldsTarget1.ZeroField("Nonce"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("Nonce") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| |
| if err := m.Nonce.FillVDLTarget(fieldTarget3, tt.NonOptional().Field(0).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil { |
| return err |
| } |
| } |
| } |
| var var7 bool |
| if len(m.Caveats) == 0 { |
| var7 = true |
| } |
| if var7 { |
| if err := fieldsTarget1.ZeroField("Caveats"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget5, fieldTarget6, err := fieldsTarget1.StartField("Caveats") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| |
| listTarget8, err := fieldTarget6.StartList(tt.NonOptional().Field(1).Type, len(m.Caveats)) |
| if err != nil { |
| return err |
| } |
| for i, elem10 := range m.Caveats { |
| elemTarget9, err := listTarget8.StartElem(i) |
| if err != nil { |
| return err |
| } |
| |
| if err := elem10.FillVDLTarget(elemTarget9, tt.NonOptional().Field(1).Type.Elem()); err != nil { |
| return err |
| } |
| if err := listTarget8.FinishElem(elemTarget9); err != nil { |
| return err |
| } |
| } |
| if err := fieldTarget6.FinishList(listTarget8); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget5, fieldTarget6); err != nil { |
| return err |
| } |
| } |
| } |
| var var13 bool |
| if len(m.DischargerKey) == 0 { |
| var13 = true |
| } |
| if var13 { |
| if err := fieldsTarget1.ZeroField("DischargerKey"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget11, fieldTarget12, err := fieldsTarget1.StartField("DischargerKey") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| |
| if err := fieldTarget12.FromBytes([]byte(m.DischargerKey), tt.NonOptional().Field(2).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget11, fieldTarget12); err != nil { |
| return err |
| } |
| } |
| } |
| var16 := (m.DischargerLocation == "") |
| if var16 { |
| if err := fieldsTarget1.ZeroField("DischargerLocation"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget14, fieldTarget15, err := fieldsTarget1.StartField("DischargerLocation") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| if err := fieldTarget15.FromString(string(m.DischargerLocation), tt.NonOptional().Field(3).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget14, fieldTarget15); err != nil { |
| return err |
| } |
| } |
| } |
| var19 := (m.DischargerRequirements == ThirdPartyRequirements{}) |
| if var19 { |
| if err := fieldsTarget1.ZeroField("DischargerRequirements"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget17, fieldTarget18, err := fieldsTarget1.StartField("DischargerRequirements") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| |
| if err := m.DischargerRequirements.FillVDLTarget(fieldTarget18, tt.NonOptional().Field(4).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget17, fieldTarget18); err != nil { |
| return err |
| } |
| } |
| } |
| if err := t.FinishFields(fieldsTarget1); err != nil { |
| return err |
| } |
| return nil |
| } |
| |
| func (m *publicKeyThirdPartyCaveatParam) MakeVDLTarget() vdl.Target { |
| return &publicKeyThirdPartyCaveatParamTarget{Value: m} |
| } |
| |
| type publicKeyThirdPartyCaveatParamTarget struct { |
| Value *publicKeyThirdPartyCaveatParam |
| nonceTarget nonceTarget |
| caveatsTarget __VDLTarget1_list |
| dischargerKeyTarget vdl.BytesTarget |
| dischargerLocationTarget vdl.StringTarget |
| dischargerRequirementsTarget ThirdPartyRequirementsTarget |
| vdl.TargetBase |
| vdl.FieldsTargetBase |
| } |
| |
| func (t *publicKeyThirdPartyCaveatParamTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) { |
| |
| if ttWant := vdl.TypeOf((*publicKeyThirdPartyCaveatParam)(nil)).Elem(); !vdl.Compatible(tt, ttWant) { |
| return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant) |
| } |
| return t, nil |
| } |
| func (t *publicKeyThirdPartyCaveatParamTarget) StartField(name string) (key, field vdl.Target, _ error) { |
| switch name { |
| case "Nonce": |
| t.nonceTarget.Value = &t.Value.Nonce |
| target, err := &t.nonceTarget, error(nil) |
| return nil, target, err |
| case "Caveats": |
| t.caveatsTarget.Value = &t.Value.Caveats |
| target, err := &t.caveatsTarget, error(nil) |
| return nil, target, err |
| case "DischargerKey": |
| t.dischargerKeyTarget.Value = &t.Value.DischargerKey |
| target, err := &t.dischargerKeyTarget, error(nil) |
| return nil, target, err |
| case "DischargerLocation": |
| t.dischargerLocationTarget.Value = &t.Value.DischargerLocation |
| target, err := &t.dischargerLocationTarget, error(nil) |
| return nil, target, err |
| case "DischargerRequirements": |
| t.dischargerRequirementsTarget.Value = &t.Value.DischargerRequirements |
| target, err := &t.dischargerRequirementsTarget, error(nil) |
| return nil, target, err |
| default: |
| return nil, nil, fmt.Errorf("field %s not in struct v.io/v23/security.publicKeyThirdPartyCaveatParam", name) |
| } |
| } |
| func (t *publicKeyThirdPartyCaveatParamTarget) FinishField(_, _ vdl.Target) error { |
| return nil |
| } |
| func (t *publicKeyThirdPartyCaveatParamTarget) ZeroField(name string) error { |
| switch name { |
| case "Nonce": |
| t.Value.Nonce = nonce{} |
| return nil |
| case "Caveats": |
| t.Value.Caveats = []Caveat(nil) |
| return nil |
| case "DischargerKey": |
| t.Value.DischargerKey = []byte(nil) |
| return nil |
| case "DischargerLocation": |
| t.Value.DischargerLocation = "" |
| return nil |
| case "DischargerRequirements": |
| t.Value.DischargerRequirements = ThirdPartyRequirements{} |
| return nil |
| default: |
| return fmt.Errorf("field %s not in struct v.io/v23/security.publicKeyThirdPartyCaveatParam", name) |
| } |
| } |
| func (t *publicKeyThirdPartyCaveatParamTarget) FinishFields(_ vdl.FieldsTarget) error { |
| |
| return nil |
| } |
| |
| // []Caveat |
| type __VDLTarget1_list struct { |
| Value *[]Caveat |
| elemTarget CaveatTarget |
| vdl.TargetBase |
| vdl.ListTargetBase |
| } |
| |
| func (t *__VDLTarget1_list) StartList(tt *vdl.Type, len int) (vdl.ListTarget, error) { |
| |
| if ttWant := vdl.TypeOf((*[]Caveat)(nil)); !vdl.Compatible(tt, ttWant) { |
| return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant) |
| } |
| if cap(*t.Value) < len { |
| *t.Value = make([]Caveat, len) |
| } else { |
| *t.Value = (*t.Value)[:len] |
| } |
| return t, nil |
| } |
| func (t *__VDLTarget1_list) StartElem(index int) (elem vdl.Target, _ error) { |
| t.elemTarget.Value = &(*t.Value)[index] |
| target, err := &t.elemTarget, error(nil) |
| return target, err |
| } |
| func (t *__VDLTarget1_list) FinishElem(elem vdl.Target) error { |
| return nil |
| } |
| func (t *__VDLTarget1_list) FinishList(elem vdl.ListTarget) error { |
| |
| return nil |
| } |
| |
| func (x *publicKeyThirdPartyCaveatParam) VDLRead(dec vdl.Decoder) error { |
| *x = publicKeyThirdPartyCaveatParam{} |
| var err error |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) { |
| return fmt.Errorf("incompatible struct %T, from %v", *x, dec.Type()) |
| } |
| for { |
| f, err := dec.NextField() |
| if err != nil { |
| return err |
| } |
| switch f { |
| case "": |
| return dec.FinishValue() |
| case "Nonce": |
| if err = x.Nonce.VDLRead(dec); err != nil { |
| return err |
| } |
| case "Caveats": |
| if err = __VDLRead1_list(dec, &x.Caveats); err != nil { |
| return err |
| } |
| case "DischargerKey": |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if err = dec.DecodeBytes(-1, &x.DischargerKey); err != nil { |
| return err |
| } |
| if err = dec.FinishValue(); err != nil { |
| return err |
| } |
| case "DischargerLocation": |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if x.DischargerLocation, err = dec.DecodeString(); err != nil { |
| return err |
| } |
| if err = dec.FinishValue(); err != nil { |
| return err |
| } |
| case "DischargerRequirements": |
| if err = x.DischargerRequirements.VDLRead(dec); err != nil { |
| return err |
| } |
| default: |
| if err = dec.SkipValue(); err != nil { |
| return err |
| } |
| } |
| } |
| } |
| |
| func __VDLRead1_list(dec vdl.Decoder, x *[]Caveat) error { |
| var err error |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) { |
| return fmt.Errorf("incompatible list %T, from %v", *x, dec.Type()) |
| } |
| switch len := dec.LenHint(); { |
| case len > 0: |
| *x = make([]Caveat, 0, len) |
| default: |
| *x = nil |
| } |
| for { |
| switch done, err := dec.NextEntry(); { |
| case err != nil: |
| return err |
| case done: |
| return dec.FinishValue() |
| } |
| var elem Caveat |
| if err = elem.VDLRead(dec); err != nil { |
| return err |
| } |
| *x = append(*x, elem) |
| } |
| } |
| |
| func (x publicKeyThirdPartyCaveatParam) VDLWrite(enc vdl.Encoder) error { |
| if err := enc.StartValue(vdl.TypeOf((*publicKeyThirdPartyCaveatParam)(nil)).Elem()); err != nil { |
| return err |
| } |
| var1 := (x.Nonce == nonce{}) |
| if !(var1) { |
| if err := enc.NextField("Nonce"); err != nil { |
| return err |
| } |
| if err := x.Nonce.VDLWrite(enc); err != nil { |
| return err |
| } |
| } |
| var var2 bool |
| if len(x.Caveats) == 0 { |
| var2 = true |
| } |
| if !(var2) { |
| if err := enc.NextField("Caveats"); err != nil { |
| return err |
| } |
| if err := __VDLWrite1_list(enc, &x.Caveats); err != nil { |
| return err |
| } |
| } |
| var var3 bool |
| if len(x.DischargerKey) == 0 { |
| var3 = true |
| } |
| if !(var3) { |
| if err := enc.NextField("DischargerKey"); err != nil { |
| return err |
| } |
| if err := enc.StartValue(vdl.TypeOf((*[]byte)(nil))); err != nil { |
| return err |
| } |
| if err := enc.EncodeBytes(x.DischargerKey); err != nil { |
| return err |
| } |
| if err := enc.FinishValue(); err != nil { |
| return err |
| } |
| } |
| var4 := (x.DischargerLocation == "") |
| if !(var4) { |
| if err := enc.NextField("DischargerLocation"); err != nil { |
| return err |
| } |
| if err := enc.StartValue(vdl.TypeOf((*string)(nil))); err != nil { |
| return err |
| } |
| if err := enc.EncodeString(x.DischargerLocation); err != nil { |
| return err |
| } |
| if err := enc.FinishValue(); err != nil { |
| return err |
| } |
| } |
| var5 := (x.DischargerRequirements == ThirdPartyRequirements{}) |
| if !(var5) { |
| if err := enc.NextField("DischargerRequirements"); err != nil { |
| return err |
| } |
| if err := x.DischargerRequirements.VDLWrite(enc); err != nil { |
| return err |
| } |
| } |
| if err := enc.NextField(""); err != nil { |
| return err |
| } |
| return enc.FinishValue() |
| } |
| |
| func __VDLWrite1_list(enc vdl.Encoder, x *[]Caveat) error { |
| if err := enc.StartValue(vdl.TypeOf((*[]Caveat)(nil))); err != nil { |
| return err |
| } |
| if err := enc.SetLenHint(len(*x)); err != nil { |
| return err |
| } |
| for i := 0; i < len(*x); i++ { |
| if err := enc.NextEntry(false); err != nil { |
| return err |
| } |
| if err := (*x)[i].VDLWrite(enc); err != nil { |
| return err |
| } |
| } |
| if err := enc.NextEntry(true); err != nil { |
| return err |
| } |
| return enc.FinishValue() |
| } |
| |
| // Hash identifies a cryptographic hash function approved for use in signature algorithms. |
| type Hash string |
| |
| func (Hash) __VDLReflect(struct { |
| Name string `vdl:"v.io/v23/security.Hash"` |
| }) { |
| } |
| |
| func (m *Hash) FillVDLTarget(t vdl.Target, tt *vdl.Type) error { |
| if err := t.FromString(string((*m)), tt); err != nil { |
| return err |
| } |
| return nil |
| } |
| |
| func (m *Hash) MakeVDLTarget() vdl.Target { |
| return &HashTarget{Value: m} |
| } |
| |
| type HashTarget struct { |
| Value *Hash |
| vdl.TargetBase |
| } |
| |
| func (t *HashTarget) FromString(src string, tt *vdl.Type) error { |
| |
| if ttWant := vdl.TypeOf((*Hash)(nil)); !vdl.Compatible(tt, ttWant) { |
| return fmt.Errorf("type %v incompatible with %v", tt, ttWant) |
| } |
| *t.Value = Hash(src) |
| |
| return nil |
| } |
| |
| func (x *Hash) VDLRead(dec vdl.Decoder) error { |
| var err error |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| tmp, err := dec.DecodeString() |
| if err != nil { |
| return err |
| } |
| *x = Hash(tmp) |
| return dec.FinishValue() |
| } |
| |
| func (x Hash) VDLWrite(enc vdl.Encoder) error { |
| if err := enc.StartValue(vdl.TypeOf((*Hash)(nil))); err != nil { |
| return err |
| } |
| if err := enc.EncodeString(string(x)); err != nil { |
| return err |
| } |
| return enc.FinishValue() |
| } |
| |
| // Signature represents a digital signature. |
| type Signature struct { |
| // Purpose of the signature. Can be used to prevent type attacks. |
| // (See Section 4.2 of http://www-users.cs.york.ac.uk/~jac/PublishedPapers/reviewV1_1997.pdf for example). |
| // The actual signature (R, S values for ECDSA keys) is produced by signing: Hash(Hash(message), Hash(Purpose)). |
| Purpose []byte |
| // Cryptographic hash function applied to the message before computing the signature. |
| Hash Hash |
| // Pair of integers that make up an ECDSA signature. |
| R []byte |
| S []byte |
| } |
| |
| func (Signature) __VDLReflect(struct { |
| Name string `vdl:"v.io/v23/security.Signature"` |
| }) { |
| } |
| |
| func (m *Signature) FillVDLTarget(t vdl.Target, tt *vdl.Type) error { |
| fieldsTarget1, err := t.StartFields(tt) |
| if err != nil { |
| return err |
| } |
| var var4 bool |
| if len(m.Purpose) == 0 { |
| var4 = true |
| } |
| if var4 { |
| if err := fieldsTarget1.ZeroField("Purpose"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("Purpose") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| |
| if err := fieldTarget3.FromBytes([]byte(m.Purpose), tt.NonOptional().Field(0).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil { |
| return err |
| } |
| } |
| } |
| var7 := (m.Hash == Hash("")) |
| if var7 { |
| if err := fieldsTarget1.ZeroField("Hash"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget5, fieldTarget6, err := fieldsTarget1.StartField("Hash") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| |
| if err := m.Hash.FillVDLTarget(fieldTarget6, tt.NonOptional().Field(1).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget5, fieldTarget6); err != nil { |
| return err |
| } |
| } |
| } |
| var var10 bool |
| if len(m.R) == 0 { |
| var10 = true |
| } |
| if var10 { |
| if err := fieldsTarget1.ZeroField("R"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget8, fieldTarget9, err := fieldsTarget1.StartField("R") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| |
| if err := fieldTarget9.FromBytes([]byte(m.R), tt.NonOptional().Field(2).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget8, fieldTarget9); err != nil { |
| return err |
| } |
| } |
| } |
| var var13 bool |
| if len(m.S) == 0 { |
| var13 = true |
| } |
| if var13 { |
| if err := fieldsTarget1.ZeroField("S"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget11, fieldTarget12, err := fieldsTarget1.StartField("S") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| |
| if err := fieldTarget12.FromBytes([]byte(m.S), tt.NonOptional().Field(3).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget11, fieldTarget12); err != nil { |
| return err |
| } |
| } |
| } |
| if err := t.FinishFields(fieldsTarget1); err != nil { |
| return err |
| } |
| return nil |
| } |
| |
| func (m *Signature) MakeVDLTarget() vdl.Target { |
| return &SignatureTarget{Value: m} |
| } |
| |
| type SignatureTarget struct { |
| Value *Signature |
| purposeTarget vdl.BytesTarget |
| hashTarget HashTarget |
| rTarget vdl.BytesTarget |
| sTarget vdl.BytesTarget |
| vdl.TargetBase |
| vdl.FieldsTargetBase |
| } |
| |
| func (t *SignatureTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) { |
| |
| if ttWant := vdl.TypeOf((*Signature)(nil)).Elem(); !vdl.Compatible(tt, ttWant) { |
| return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant) |
| } |
| return t, nil |
| } |
| func (t *SignatureTarget) StartField(name string) (key, field vdl.Target, _ error) { |
| switch name { |
| case "Purpose": |
| t.purposeTarget.Value = &t.Value.Purpose |
| target, err := &t.purposeTarget, error(nil) |
| return nil, target, err |
| case "Hash": |
| t.hashTarget.Value = &t.Value.Hash |
| target, err := &t.hashTarget, error(nil) |
| return nil, target, err |
| case "R": |
| t.rTarget.Value = &t.Value.R |
| target, err := &t.rTarget, error(nil) |
| return nil, target, err |
| case "S": |
| t.sTarget.Value = &t.Value.S |
| target, err := &t.sTarget, error(nil) |
| return nil, target, err |
| default: |
| return nil, nil, fmt.Errorf("field %s not in struct v.io/v23/security.Signature", name) |
| } |
| } |
| func (t *SignatureTarget) FinishField(_, _ vdl.Target) error { |
| return nil |
| } |
| func (t *SignatureTarget) ZeroField(name string) error { |
| switch name { |
| case "Purpose": |
| t.Value.Purpose = []byte(nil) |
| return nil |
| case "Hash": |
| t.Value.Hash = Hash("") |
| return nil |
| case "R": |
| t.Value.R = []byte(nil) |
| return nil |
| case "S": |
| t.Value.S = []byte(nil) |
| return nil |
| default: |
| return fmt.Errorf("field %s not in struct v.io/v23/security.Signature", name) |
| } |
| } |
| func (t *SignatureTarget) FinishFields(_ vdl.FieldsTarget) error { |
| |
| return nil |
| } |
| |
| func (x *Signature) VDLRead(dec vdl.Decoder) error { |
| *x = Signature{} |
| var err error |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) { |
| return fmt.Errorf("incompatible struct %T, from %v", *x, dec.Type()) |
| } |
| for { |
| f, err := dec.NextField() |
| if err != nil { |
| return err |
| } |
| switch f { |
| case "": |
| return dec.FinishValue() |
| case "Purpose": |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if err = dec.DecodeBytes(-1, &x.Purpose); err != nil { |
| return err |
| } |
| if err = dec.FinishValue(); err != nil { |
| return err |
| } |
| case "Hash": |
| if err = x.Hash.VDLRead(dec); err != nil { |
| return err |
| } |
| case "R": |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if err = dec.DecodeBytes(-1, &x.R); err != nil { |
| return err |
| } |
| if err = dec.FinishValue(); err != nil { |
| return err |
| } |
| case "S": |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if err = dec.DecodeBytes(-1, &x.S); err != nil { |
| return err |
| } |
| if err = dec.FinishValue(); err != nil { |
| return err |
| } |
| default: |
| if err = dec.SkipValue(); err != nil { |
| return err |
| } |
| } |
| } |
| } |
| |
| func (x Signature) VDLWrite(enc vdl.Encoder) error { |
| if err := enc.StartValue(vdl.TypeOf((*Signature)(nil)).Elem()); err != nil { |
| return err |
| } |
| var var1 bool |
| if len(x.Purpose) == 0 { |
| var1 = true |
| } |
| if !(var1) { |
| if err := enc.NextField("Purpose"); err != nil { |
| return err |
| } |
| if err := enc.StartValue(vdl.TypeOf((*[]byte)(nil))); err != nil { |
| return err |
| } |
| if err := enc.EncodeBytes(x.Purpose); err != nil { |
| return err |
| } |
| if err := enc.FinishValue(); err != nil { |
| return err |
| } |
| } |
| var2 := (x.Hash == Hash("")) |
| if !(var2) { |
| if err := enc.NextField("Hash"); err != nil { |
| return err |
| } |
| if err := x.Hash.VDLWrite(enc); err != nil { |
| return err |
| } |
| } |
| var var3 bool |
| if len(x.R) == 0 { |
| var3 = true |
| } |
| if !(var3) { |
| if err := enc.NextField("R"); err != nil { |
| return err |
| } |
| if err := enc.StartValue(vdl.TypeOf((*[]byte)(nil))); err != nil { |
| return err |
| } |
| if err := enc.EncodeBytes(x.R); err != nil { |
| return err |
| } |
| if err := enc.FinishValue(); err != nil { |
| return err |
| } |
| } |
| var var4 bool |
| if len(x.S) == 0 { |
| var4 = true |
| } |
| if !(var4) { |
| if err := enc.NextField("S"); err != nil { |
| return err |
| } |
| if err := enc.StartValue(vdl.TypeOf((*[]byte)(nil))); err != nil { |
| return err |
| } |
| if err := enc.EncodeBytes(x.S); err != nil { |
| return err |
| } |
| if err := enc.FinishValue(); err != nil { |
| return err |
| } |
| } |
| if err := enc.NextField(""); err != nil { |
| return err |
| } |
| return enc.FinishValue() |
| } |
| |
| // PublicKeyDischarge represents a discharge for third party caveats that |
| // require a signature from a third-party's public key. |
| // |
| // The message digest of this structure is computed as follows: |
| // hash(hash(ThirdPartyCaveatId), hash(Caveats[0]), hash(Caveats[1]), ...), |
| // where hash is a cryptographic hash function with a security strength |
| // equivalent to the strength of the public key of the principal issuing the |
| // discharge. |
| type PublicKeyDischarge struct { |
| ThirdPartyCaveatId string // Id of the third party caveat for which this discharge was issued. |
| Caveats []Caveat // Caveats on the use of this discharge. |
| Signature Signature // Signature of the content hash of this discharge by the discharger. |
| } |
| |
| func (PublicKeyDischarge) __VDLReflect(struct { |
| Name string `vdl:"v.io/v23/security.PublicKeyDischarge"` |
| }) { |
| } |
| |
| func (m *PublicKeyDischarge) FillVDLTarget(t vdl.Target, tt *vdl.Type) error { |
| fieldsTarget1, err := t.StartFields(tt) |
| if err != nil { |
| return err |
| } |
| var4 := (m.ThirdPartyCaveatId == "") |
| if var4 { |
| if err := fieldsTarget1.ZeroField("ThirdPartyCaveatId"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("ThirdPartyCaveatId") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| if err := fieldTarget3.FromString(string(m.ThirdPartyCaveatId), tt.NonOptional().Field(0).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil { |
| return err |
| } |
| } |
| } |
| var var7 bool |
| if len(m.Caveats) == 0 { |
| var7 = true |
| } |
| if var7 { |
| if err := fieldsTarget1.ZeroField("Caveats"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget5, fieldTarget6, err := fieldsTarget1.StartField("Caveats") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| |
| listTarget8, err := fieldTarget6.StartList(tt.NonOptional().Field(1).Type, len(m.Caveats)) |
| if err != nil { |
| return err |
| } |
| for i, elem10 := range m.Caveats { |
| elemTarget9, err := listTarget8.StartElem(i) |
| if err != nil { |
| return err |
| } |
| |
| if err := elem10.FillVDLTarget(elemTarget9, tt.NonOptional().Field(1).Type.Elem()); err != nil { |
| return err |
| } |
| if err := listTarget8.FinishElem(elemTarget9); err != nil { |
| return err |
| } |
| } |
| if err := fieldTarget6.FinishList(listTarget8); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget5, fieldTarget6); err != nil { |
| return err |
| } |
| } |
| } |
| var13 := true |
| var var14 bool |
| if len(m.Signature.Purpose) == 0 { |
| var14 = true |
| } |
| var13 = var13 && var14 |
| var15 := (m.Signature.Hash == Hash("")) |
| var13 = var13 && var15 |
| var var16 bool |
| if len(m.Signature.R) == 0 { |
| var16 = true |
| } |
| var13 = var13 && var16 |
| var var17 bool |
| if len(m.Signature.S) == 0 { |
| var17 = true |
| } |
| var13 = var13 && var17 |
| if var13 { |
| if err := fieldsTarget1.ZeroField("Signature"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget11, fieldTarget12, err := fieldsTarget1.StartField("Signature") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| |
| if err := m.Signature.FillVDLTarget(fieldTarget12, tt.NonOptional().Field(2).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget11, fieldTarget12); err != nil { |
| return err |
| } |
| } |
| } |
| if err := t.FinishFields(fieldsTarget1); err != nil { |
| return err |
| } |
| return nil |
| } |
| |
| func (m *PublicKeyDischarge) MakeVDLTarget() vdl.Target { |
| return &PublicKeyDischargeTarget{Value: m} |
| } |
| |
| type PublicKeyDischargeTarget struct { |
| Value *PublicKeyDischarge |
| thirdPartyCaveatIdTarget vdl.StringTarget |
| caveatsTarget __VDLTarget1_list |
| signatureTarget SignatureTarget |
| vdl.TargetBase |
| vdl.FieldsTargetBase |
| } |
| |
| func (t *PublicKeyDischargeTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) { |
| |
| if ttWant := vdl.TypeOf((*PublicKeyDischarge)(nil)).Elem(); !vdl.Compatible(tt, ttWant) { |
| return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant) |
| } |
| return t, nil |
| } |
| func (t *PublicKeyDischargeTarget) StartField(name string) (key, field vdl.Target, _ error) { |
| switch name { |
| case "ThirdPartyCaveatId": |
| t.thirdPartyCaveatIdTarget.Value = &t.Value.ThirdPartyCaveatId |
| target, err := &t.thirdPartyCaveatIdTarget, error(nil) |
| return nil, target, err |
| case "Caveats": |
| t.caveatsTarget.Value = &t.Value.Caveats |
| target, err := &t.caveatsTarget, error(nil) |
| return nil, target, err |
| case "Signature": |
| t.signatureTarget.Value = &t.Value.Signature |
| target, err := &t.signatureTarget, error(nil) |
| return nil, target, err |
| default: |
| return nil, nil, fmt.Errorf("field %s not in struct v.io/v23/security.PublicKeyDischarge", name) |
| } |
| } |
| func (t *PublicKeyDischargeTarget) FinishField(_, _ vdl.Target) error { |
| return nil |
| } |
| func (t *PublicKeyDischargeTarget) ZeroField(name string) error { |
| switch name { |
| case "ThirdPartyCaveatId": |
| t.Value.ThirdPartyCaveatId = "" |
| return nil |
| case "Caveats": |
| t.Value.Caveats = []Caveat(nil) |
| return nil |
| case "Signature": |
| t.Value.Signature = Signature{} |
| return nil |
| default: |
| return fmt.Errorf("field %s not in struct v.io/v23/security.PublicKeyDischarge", name) |
| } |
| } |
| func (t *PublicKeyDischargeTarget) FinishFields(_ vdl.FieldsTarget) error { |
| |
| return nil |
| } |
| |
| func (x *PublicKeyDischarge) VDLRead(dec vdl.Decoder) error { |
| *x = PublicKeyDischarge{} |
| var err error |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) { |
| return fmt.Errorf("incompatible struct %T, from %v", *x, dec.Type()) |
| } |
| for { |
| f, err := dec.NextField() |
| if err != nil { |
| return err |
| } |
| switch f { |
| case "": |
| return dec.FinishValue() |
| case "ThirdPartyCaveatId": |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if x.ThirdPartyCaveatId, err = dec.DecodeString(); err != nil { |
| return err |
| } |
| if err = dec.FinishValue(); err != nil { |
| return err |
| } |
| case "Caveats": |
| if err = __VDLRead1_list(dec, &x.Caveats); err != nil { |
| return err |
| } |
| case "Signature": |
| if err = x.Signature.VDLRead(dec); err != nil { |
| return err |
| } |
| default: |
| if err = dec.SkipValue(); err != nil { |
| return err |
| } |
| } |
| } |
| } |
| |
| func (x PublicKeyDischarge) VDLWrite(enc vdl.Encoder) error { |
| if err := enc.StartValue(vdl.TypeOf((*PublicKeyDischarge)(nil)).Elem()); err != nil { |
| return err |
| } |
| var1 := (x.ThirdPartyCaveatId == "") |
| if !(var1) { |
| if err := enc.NextField("ThirdPartyCaveatId"); err != nil { |
| return err |
| } |
| if err := enc.StartValue(vdl.TypeOf((*string)(nil))); err != nil { |
| return err |
| } |
| if err := enc.EncodeString(x.ThirdPartyCaveatId); err != nil { |
| return err |
| } |
| if err := enc.FinishValue(); err != nil { |
| return err |
| } |
| } |
| var var2 bool |
| if len(x.Caveats) == 0 { |
| var2 = true |
| } |
| if !(var2) { |
| if err := enc.NextField("Caveats"); err != nil { |
| return err |
| } |
| if err := __VDLWrite1_list(enc, &x.Caveats); err != nil { |
| return err |
| } |
| } |
| var3 := true |
| var var4 bool |
| if len(x.Signature.Purpose) == 0 { |
| var4 = true |
| } |
| var3 = var3 && var4 |
| var5 := (x.Signature.Hash == Hash("")) |
| var3 = var3 && var5 |
| var var6 bool |
| if len(x.Signature.R) == 0 { |
| var6 = true |
| } |
| var3 = var3 && var6 |
| var var7 bool |
| if len(x.Signature.S) == 0 { |
| var7 = true |
| } |
| var3 = var3 && var7 |
| if !(var3) { |
| if err := enc.NextField("Signature"); err != nil { |
| return err |
| } |
| if err := x.Signature.VDLWrite(enc); err != nil { |
| return err |
| } |
| } |
| if err := enc.NextField(""); err != nil { |
| return err |
| } |
| return enc.FinishValue() |
| } |
| |
| // BlessingPattern is a pattern that is matched by specific blessings. |
| // |
| // A pattern can either be a blessing (slash-separated human-readable string) |
| // or a blessing ending in "/$". A pattern ending in "/$" is matched exactly |
| // by the blessing specified by the pattern string with the "/$" suffix stripped |
| // out. For example, the pattern "a/b/c/$" is matched by exactly by the blessing |
| // "a/b/c". |
| // |
| // A pattern not ending in "/$" is more permissive, and is also matched by blessings |
| // that are extensions of the pattern (including the pattern itself). For example, the |
| // pattern "a/b/c" is matched by the blessings "a/b/c", "a/b/c/x", "a/b/c/x/y", etc. |
| // |
| // TODO(ataly, ashankar): Define a formal BNF grammar for blessings and blessing patterns. |
| type BlessingPattern string |
| |
| func (BlessingPattern) __VDLReflect(struct { |
| Name string `vdl:"v.io/v23/security.BlessingPattern"` |
| }) { |
| } |
| |
| func (m *BlessingPattern) FillVDLTarget(t vdl.Target, tt *vdl.Type) error { |
| if err := t.FromString(string((*m)), tt); err != nil { |
| return err |
| } |
| return nil |
| } |
| |
| func (m *BlessingPattern) MakeVDLTarget() vdl.Target { |
| return &BlessingPatternTarget{Value: m} |
| } |
| |
| type BlessingPatternTarget struct { |
| Value *BlessingPattern |
| vdl.TargetBase |
| } |
| |
| func (t *BlessingPatternTarget) FromString(src string, tt *vdl.Type) error { |
| |
| if ttWant := vdl.TypeOf((*BlessingPattern)(nil)); !vdl.Compatible(tt, ttWant) { |
| return fmt.Errorf("type %v incompatible with %v", tt, ttWant) |
| } |
| *t.Value = BlessingPattern(src) |
| |
| return nil |
| } |
| |
| func (x *BlessingPattern) VDLRead(dec vdl.Decoder) error { |
| var err error |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| tmp, err := dec.DecodeString() |
| if err != nil { |
| return err |
| } |
| *x = BlessingPattern(tmp) |
| return dec.FinishValue() |
| } |
| |
| func (x BlessingPattern) VDLWrite(enc vdl.Encoder) error { |
| if err := enc.StartValue(vdl.TypeOf((*BlessingPattern)(nil))); err != nil { |
| return err |
| } |
| if err := enc.EncodeString(string(x)); err != nil { |
| return err |
| } |
| return enc.FinishValue() |
| } |
| |
| // DischargeImpetus encapsulates the motivation for a discharge being sought. |
| // |
| // These values are reported by a principal that is requesting a Discharge for |
| // a third-party caveat on one of its blessings. The third-party issues |
| // discharges cannot safely assume that all these values are provided, or that |
| // they are provided honestly. |
| // |
| // Implementations of services that issue discharges are encouraged to add |
| // caveats to the discharge that bind the discharge to the impetus, thereby |
| // rendering the discharge unsuable for any other purpose. |
| type DischargeImpetus struct { |
| Server []BlessingPattern // The client intends to use the discharge to communicate with a server that has a blessing matching one of the patterns in this set. |
| Method string // Name of the method being invoked by the client. |
| Arguments []*vom.RawBytes // Arguments to the method invocation. |
| } |
| |
| func (DischargeImpetus) __VDLReflect(struct { |
| Name string `vdl:"v.io/v23/security.DischargeImpetus"` |
| }) { |
| } |
| |
| func (m *DischargeImpetus) FillVDLTarget(t vdl.Target, tt *vdl.Type) error { |
| fieldsTarget1, err := t.StartFields(tt) |
| if err != nil { |
| return err |
| } |
| var var4 bool |
| if len(m.Server) == 0 { |
| var4 = true |
| } |
| if var4 { |
| if err := fieldsTarget1.ZeroField("Server"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("Server") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| |
| listTarget5, err := fieldTarget3.StartList(tt.NonOptional().Field(0).Type, len(m.Server)) |
| if err != nil { |
| return err |
| } |
| for i, elem7 := range m.Server { |
| elemTarget6, err := listTarget5.StartElem(i) |
| if err != nil { |
| return err |
| } |
| |
| if err := elem7.FillVDLTarget(elemTarget6, tt.NonOptional().Field(0).Type.Elem()); err != nil { |
| return err |
| } |
| if err := listTarget5.FinishElem(elemTarget6); err != nil { |
| return err |
| } |
| } |
| if err := fieldTarget3.FinishList(listTarget5); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil { |
| return err |
| } |
| } |
| } |
| var10 := (m.Method == "") |
| if var10 { |
| if err := fieldsTarget1.ZeroField("Method"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget8, fieldTarget9, err := fieldsTarget1.StartField("Method") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| if err := fieldTarget9.FromString(string(m.Method), tt.NonOptional().Field(1).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget8, fieldTarget9); err != nil { |
| return err |
| } |
| } |
| } |
| var var13 bool |
| if len(m.Arguments) == 0 { |
| var13 = true |
| } |
| if var13 { |
| if err := fieldsTarget1.ZeroField("Arguments"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget11, fieldTarget12, err := fieldsTarget1.StartField("Arguments") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| |
| listTarget14, err := fieldTarget12.StartList(tt.NonOptional().Field(2).Type, len(m.Arguments)) |
| if err != nil { |
| return err |
| } |
| for i, elem16 := range m.Arguments { |
| elemTarget15, err := listTarget14.StartElem(i) |
| if err != nil { |
| return err |
| } |
| |
| if err := elem16.FillVDLTarget(elemTarget15, tt.NonOptional().Field(2).Type.Elem()); err != nil { |
| return err |
| } |
| if err := listTarget14.FinishElem(elemTarget15); err != nil { |
| return err |
| } |
| } |
| if err := fieldTarget12.FinishList(listTarget14); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget11, fieldTarget12); err != nil { |
| return err |
| } |
| } |
| } |
| if err := t.FinishFields(fieldsTarget1); err != nil { |
| return err |
| } |
| return nil |
| } |
| |
| func (m *DischargeImpetus) MakeVDLTarget() vdl.Target { |
| return &DischargeImpetusTarget{Value: m} |
| } |
| |
| type DischargeImpetusTarget struct { |
| Value *DischargeImpetus |
| serverTarget __VDLTarget2_list |
| methodTarget vdl.StringTarget |
| argumentsTarget __VDLTarget3_list |
| vdl.TargetBase |
| vdl.FieldsTargetBase |
| } |
| |
| func (t *DischargeImpetusTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) { |
| |
| if ttWant := vdl.TypeOf((*DischargeImpetus)(nil)).Elem(); !vdl.Compatible(tt, ttWant) { |
| return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant) |
| } |
| return t, nil |
| } |
| func (t *DischargeImpetusTarget) StartField(name string) (key, field vdl.Target, _ error) { |
| switch name { |
| case "Server": |
| t.serverTarget.Value = &t.Value.Server |
| target, err := &t.serverTarget, error(nil) |
| return nil, target, err |
| case "Method": |
| t.methodTarget.Value = &t.Value.Method |
| target, err := &t.methodTarget, error(nil) |
| return nil, target, err |
| case "Arguments": |
| t.argumentsTarget.Value = &t.Value.Arguments |
| target, err := &t.argumentsTarget, error(nil) |
| return nil, target, err |
| default: |
| return nil, nil, fmt.Errorf("field %s not in struct v.io/v23/security.DischargeImpetus", name) |
| } |
| } |
| func (t *DischargeImpetusTarget) FinishField(_, _ vdl.Target) error { |
| return nil |
| } |
| func (t *DischargeImpetusTarget) ZeroField(name string) error { |
| switch name { |
| case "Server": |
| t.Value.Server = []BlessingPattern(nil) |
| return nil |
| case "Method": |
| t.Value.Method = "" |
| return nil |
| case "Arguments": |
| t.Value.Arguments = []*vom.RawBytes(nil) |
| return nil |
| default: |
| return fmt.Errorf("field %s not in struct v.io/v23/security.DischargeImpetus", name) |
| } |
| } |
| func (t *DischargeImpetusTarget) FinishFields(_ vdl.FieldsTarget) error { |
| |
| return nil |
| } |
| |
| // []BlessingPattern |
| type __VDLTarget2_list struct { |
| Value *[]BlessingPattern |
| elemTarget BlessingPatternTarget |
| vdl.TargetBase |
| vdl.ListTargetBase |
| } |
| |
| func (t *__VDLTarget2_list) StartList(tt *vdl.Type, len int) (vdl.ListTarget, error) { |
| |
| if ttWant := vdl.TypeOf((*[]BlessingPattern)(nil)); !vdl.Compatible(tt, ttWant) { |
| return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant) |
| } |
| if cap(*t.Value) < len { |
| *t.Value = make([]BlessingPattern, len) |
| } else { |
| *t.Value = (*t.Value)[:len] |
| } |
| return t, nil |
| } |
| func (t *__VDLTarget2_list) StartElem(index int) (elem vdl.Target, _ error) { |
| t.elemTarget.Value = &(*t.Value)[index] |
| target, err := &t.elemTarget, error(nil) |
| return target, err |
| } |
| func (t *__VDLTarget2_list) FinishElem(elem vdl.Target) error { |
| return nil |
| } |
| func (t *__VDLTarget2_list) FinishList(elem vdl.ListTarget) error { |
| |
| return nil |
| } |
| |
| // []*vom.RawBytes |
| type __VDLTarget3_list struct { |
| Value *[]*vom.RawBytes |
| |
| vdl.TargetBase |
| vdl.ListTargetBase |
| } |
| |
| func (t *__VDLTarget3_list) StartList(tt *vdl.Type, len int) (vdl.ListTarget, error) { |
| |
| if ttWant := vdl.TypeOf((*[]*vom.RawBytes)(nil)); !vdl.Compatible(tt, ttWant) { |
| return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant) |
| } |
| if cap(*t.Value) < len { |
| *t.Value = make([]*vom.RawBytes, len) |
| } else { |
| *t.Value = (*t.Value)[:len] |
| } |
| return t, nil |
| } |
| func (t *__VDLTarget3_list) StartElem(index int) (elem vdl.Target, _ error) { |
| target, err := vdl.ReflectTarget(reflect.ValueOf(&(*t.Value)[index])) |
| return target, err |
| } |
| func (t *__VDLTarget3_list) FinishElem(elem vdl.Target) error { |
| return nil |
| } |
| func (t *__VDLTarget3_list) FinishList(elem vdl.ListTarget) error { |
| |
| return nil |
| } |
| |
| func (x *DischargeImpetus) VDLRead(dec vdl.Decoder) error { |
| *x = DischargeImpetus{} |
| var err error |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) { |
| return fmt.Errorf("incompatible struct %T, from %v", *x, dec.Type()) |
| } |
| for { |
| f, err := dec.NextField() |
| if err != nil { |
| return err |
| } |
| switch f { |
| case "": |
| return dec.FinishValue() |
| case "Server": |
| if err = __VDLRead2_list(dec, &x.Server); err != nil { |
| return err |
| } |
| case "Method": |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if x.Method, err = dec.DecodeString(); err != nil { |
| return err |
| } |
| if err = dec.FinishValue(); err != nil { |
| return err |
| } |
| case "Arguments": |
| if err = __VDLRead3_list(dec, &x.Arguments); err != nil { |
| return err |
| } |
| default: |
| if err = dec.SkipValue(); err != nil { |
| return err |
| } |
| } |
| } |
| } |
| |
| func __VDLRead2_list(dec vdl.Decoder, x *[]BlessingPattern) error { |
| var err error |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) { |
| return fmt.Errorf("incompatible list %T, from %v", *x, dec.Type()) |
| } |
| switch len := dec.LenHint(); { |
| case len > 0: |
| *x = make([]BlessingPattern, 0, len) |
| default: |
| *x = nil |
| } |
| for { |
| switch done, err := dec.NextEntry(); { |
| case err != nil: |
| return err |
| case done: |
| return dec.FinishValue() |
| } |
| var elem BlessingPattern |
| if err = elem.VDLRead(dec); err != nil { |
| return err |
| } |
| *x = append(*x, elem) |
| } |
| } |
| |
| func __VDLRead3_list(dec vdl.Decoder, x *[]*vom.RawBytes) error { |
| var err error |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) { |
| return fmt.Errorf("incompatible list %T, from %v", *x, dec.Type()) |
| } |
| switch len := dec.LenHint(); { |
| case len > 0: |
| *x = make([]*vom.RawBytes, 0, len) |
| default: |
| *x = nil |
| } |
| for { |
| switch done, err := dec.NextEntry(); { |
| case err != nil: |
| return err |
| case done: |
| return dec.FinishValue() |
| } |
| var elem *vom.RawBytes |
| if err = elem.VDLRead(dec); err != nil { |
| return err |
| } |
| *x = append(*x, elem) |
| } |
| } |
| |
| func (x DischargeImpetus) VDLWrite(enc vdl.Encoder) error { |
| if err := enc.StartValue(vdl.TypeOf((*DischargeImpetus)(nil)).Elem()); err != nil { |
| return err |
| } |
| var var1 bool |
| if len(x.Server) == 0 { |
| var1 = true |
| } |
| if !(var1) { |
| if err := enc.NextField("Server"); err != nil { |
| return err |
| } |
| if err := __VDLWrite2_list(enc, &x.Server); err != nil { |
| return err |
| } |
| } |
| var2 := (x.Method == "") |
| if !(var2) { |
| if err := enc.NextField("Method"); err != nil { |
| return err |
| } |
| if err := enc.StartValue(vdl.TypeOf((*string)(nil))); err != nil { |
| return err |
| } |
| if err := enc.EncodeString(x.Method); err != nil { |
| return err |
| } |
| if err := enc.FinishValue(); err != nil { |
| return err |
| } |
| } |
| var var3 bool |
| if len(x.Arguments) == 0 { |
| var3 = true |
| } |
| if !(var3) { |
| if err := enc.NextField("Arguments"); err != nil { |
| return err |
| } |
| if err := __VDLWrite3_list(enc, &x.Arguments); err != nil { |
| return err |
| } |
| } |
| if err := enc.NextField(""); err != nil { |
| return err |
| } |
| return enc.FinishValue() |
| } |
| |
| func __VDLWrite2_list(enc vdl.Encoder, x *[]BlessingPattern) error { |
| if err := enc.StartValue(vdl.TypeOf((*[]BlessingPattern)(nil))); err != nil { |
| return err |
| } |
| if err := enc.SetLenHint(len(*x)); err != nil { |
| return err |
| } |
| for i := 0; i < len(*x); i++ { |
| if err := enc.NextEntry(false); err != nil { |
| return err |
| } |
| if err := (*x)[i].VDLWrite(enc); err != nil { |
| return err |
| } |
| } |
| if err := enc.NextEntry(true); err != nil { |
| return err |
| } |
| return enc.FinishValue() |
| } |
| |
| func __VDLWrite3_list(enc vdl.Encoder, x *[]*vom.RawBytes) error { |
| if err := enc.StartValue(vdl.TypeOf((*[]*vom.RawBytes)(nil))); err != nil { |
| return err |
| } |
| if err := enc.SetLenHint(len(*x)); err != nil { |
| return err |
| } |
| for i := 0; i < len(*x); i++ { |
| if err := enc.NextEntry(false); err != nil { |
| return err |
| } |
| if err := enc.StartValue(vdl.AnyType); err != nil { |
| return err |
| } |
| if (*x)[i].IsNil() { |
| if err := enc.NilValue((*x)[i].Type); err != nil { |
| return err |
| } |
| } else { |
| if err := (*x)[i].VDLWrite(enc); err != nil { |
| return err |
| } |
| } |
| if err := enc.FinishValue(); err != nil { |
| return err |
| } |
| } |
| if err := enc.NextEntry(true); err != nil { |
| return err |
| } |
| return enc.FinishValue() |
| } |
| |
| // Certificate represents the cryptographic proof of the binding of |
| // extensions of a blessing held by one principal to another (represented by |
| // a public key) under specific caveats. |
| // |
| // For example, if a principal P1 has a blessing "alice", then it can |
| // extend it with a Certificate to generate the blessing "alice/friend" for |
| // another principal P2. |
| type Certificate struct { |
| Extension string // Human-readable string extension bound to PublicKey. |
| PublicKey []byte // DER-encoded PKIX public key. |
| Caveats []Caveat // Caveats on the binding of Name to PublicKey. |
| Signature Signature // Signature by the blessing principal that binds the extension to the public key. |
| } |
| |
| func (Certificate) __VDLReflect(struct { |
| Name string `vdl:"v.io/v23/security.Certificate"` |
| }) { |
| } |
| |
| func (m *Certificate) FillVDLTarget(t vdl.Target, tt *vdl.Type) error { |
| fieldsTarget1, err := t.StartFields(tt) |
| if err != nil { |
| return err |
| } |
| var4 := (m.Extension == "") |
| if var4 { |
| if err := fieldsTarget1.ZeroField("Extension"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("Extension") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| if err := fieldTarget3.FromString(string(m.Extension), tt.NonOptional().Field(0).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil { |
| return err |
| } |
| } |
| } |
| var var7 bool |
| if len(m.PublicKey) == 0 { |
| var7 = true |
| } |
| if var7 { |
| if err := fieldsTarget1.ZeroField("PublicKey"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget5, fieldTarget6, err := fieldsTarget1.StartField("PublicKey") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| |
| if err := fieldTarget6.FromBytes([]byte(m.PublicKey), tt.NonOptional().Field(1).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget5, fieldTarget6); err != nil { |
| return err |
| } |
| } |
| } |
| var var10 bool |
| if len(m.Caveats) == 0 { |
| var10 = true |
| } |
| if var10 { |
| if err := fieldsTarget1.ZeroField("Caveats"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget8, fieldTarget9, err := fieldsTarget1.StartField("Caveats") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| |
| listTarget11, err := fieldTarget9.StartList(tt.NonOptional().Field(2).Type, len(m.Caveats)) |
| if err != nil { |
| return err |
| } |
| for i, elem13 := range m.Caveats { |
| elemTarget12, err := listTarget11.StartElem(i) |
| if err != nil { |
| return err |
| } |
| |
| if err := elem13.FillVDLTarget(elemTarget12, tt.NonOptional().Field(2).Type.Elem()); err != nil { |
| return err |
| } |
| if err := listTarget11.FinishElem(elemTarget12); err != nil { |
| return err |
| } |
| } |
| if err := fieldTarget9.FinishList(listTarget11); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget8, fieldTarget9); err != nil { |
| return err |
| } |
| } |
| } |
| var16 := true |
| var var17 bool |
| if len(m.Signature.Purpose) == 0 { |
| var17 = true |
| } |
| var16 = var16 && var17 |
| var18 := (m.Signature.Hash == Hash("")) |
| var16 = var16 && var18 |
| var var19 bool |
| if len(m.Signature.R) == 0 { |
| var19 = true |
| } |
| var16 = var16 && var19 |
| var var20 bool |
| if len(m.Signature.S) == 0 { |
| var20 = true |
| } |
| var16 = var16 && var20 |
| if var16 { |
| if err := fieldsTarget1.ZeroField("Signature"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget14, fieldTarget15, err := fieldsTarget1.StartField("Signature") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| |
| if err := m.Signature.FillVDLTarget(fieldTarget15, tt.NonOptional().Field(3).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget14, fieldTarget15); err != nil { |
| return err |
| } |
| } |
| } |
| if err := t.FinishFields(fieldsTarget1); err != nil { |
| return err |
| } |
| return nil |
| } |
| |
| func (m *Certificate) MakeVDLTarget() vdl.Target { |
| return &CertificateTarget{Value: m} |
| } |
| |
| type CertificateTarget struct { |
| Value *Certificate |
| extensionTarget vdl.StringTarget |
| publicKeyTarget vdl.BytesTarget |
| caveatsTarget __VDLTarget1_list |
| signatureTarget SignatureTarget |
| vdl.TargetBase |
| vdl.FieldsTargetBase |
| } |
| |
| func (t *CertificateTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) { |
| |
| if ttWant := vdl.TypeOf((*Certificate)(nil)).Elem(); !vdl.Compatible(tt, ttWant) { |
| return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant) |
| } |
| return t, nil |
| } |
| func (t *CertificateTarget) StartField(name string) (key, field vdl.Target, _ error) { |
| switch name { |
| case "Extension": |
| t.extensionTarget.Value = &t.Value.Extension |
| target, err := &t.extensionTarget, error(nil) |
| return nil, target, err |
| case "PublicKey": |
| t.publicKeyTarget.Value = &t.Value.PublicKey |
| target, err := &t.publicKeyTarget, error(nil) |
| return nil, target, err |
| case "Caveats": |
| t.caveatsTarget.Value = &t.Value.Caveats |
| target, err := &t.caveatsTarget, error(nil) |
| return nil, target, err |
| case "Signature": |
| t.signatureTarget.Value = &t.Value.Signature |
| target, err := &t.signatureTarget, error(nil) |
| return nil, target, err |
| default: |
| return nil, nil, fmt.Errorf("field %s not in struct v.io/v23/security.Certificate", name) |
| } |
| } |
| func (t *CertificateTarget) FinishField(_, _ vdl.Target) error { |
| return nil |
| } |
| func (t *CertificateTarget) ZeroField(name string) error { |
| switch name { |
| case "Extension": |
| t.Value.Extension = "" |
| return nil |
| case "PublicKey": |
| t.Value.PublicKey = []byte(nil) |
| return nil |
| case "Caveats": |
| t.Value.Caveats = []Caveat(nil) |
| return nil |
| case "Signature": |
| t.Value.Signature = Signature{} |
| return nil |
| default: |
| return fmt.Errorf("field %s not in struct v.io/v23/security.Certificate", name) |
| } |
| } |
| func (t *CertificateTarget) FinishFields(_ vdl.FieldsTarget) error { |
| |
| return nil |
| } |
| |
| func (x *Certificate) VDLRead(dec vdl.Decoder) error { |
| *x = Certificate{} |
| var err error |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) { |
| return fmt.Errorf("incompatible struct %T, from %v", *x, dec.Type()) |
| } |
| for { |
| f, err := dec.NextField() |
| if err != nil { |
| return err |
| } |
| switch f { |
| case "": |
| return dec.FinishValue() |
| case "Extension": |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if x.Extension, err = dec.DecodeString(); err != nil { |
| return err |
| } |
| if err = dec.FinishValue(); err != nil { |
| return err |
| } |
| case "PublicKey": |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if err = dec.DecodeBytes(-1, &x.PublicKey); err != nil { |
| return err |
| } |
| if err = dec.FinishValue(); err != nil { |
| return err |
| } |
| case "Caveats": |
| if err = __VDLRead1_list(dec, &x.Caveats); err != nil { |
| return err |
| } |
| case "Signature": |
| if err = x.Signature.VDLRead(dec); err != nil { |
| return err |
| } |
| default: |
| if err = dec.SkipValue(); err != nil { |
| return err |
| } |
| } |
| } |
| } |
| |
| func (x Certificate) VDLWrite(enc vdl.Encoder) error { |
| if err := enc.StartValue(vdl.TypeOf((*Certificate)(nil)).Elem()); err != nil { |
| return err |
| } |
| var1 := (x.Extension == "") |
| if !(var1) { |
| if err := enc.NextField("Extension"); err != nil { |
| return err |
| } |
| if err := enc.StartValue(vdl.TypeOf((*string)(nil))); err != nil { |
| return err |
| } |
| if err := enc.EncodeString(x.Extension); err != nil { |
| return err |
| } |
| if err := enc.FinishValue(); err != nil { |
| return err |
| } |
| } |
| var var2 bool |
| if len(x.PublicKey) == 0 { |
| var2 = true |
| } |
| if !(var2) { |
| if err := enc.NextField("PublicKey"); err != nil { |
| return err |
| } |
| if err := enc.StartValue(vdl.TypeOf((*[]byte)(nil))); err != nil { |
| return err |
| } |
| if err := enc.EncodeBytes(x.PublicKey); err != nil { |
| return err |
| } |
| if err := enc.FinishValue(); err != nil { |
| return err |
| } |
| } |
| var var3 bool |
| if len(x.Caveats) == 0 { |
| var3 = true |
| } |
| if !(var3) { |
| if err := enc.NextField("Caveats"); err != nil { |
| return err |
| } |
| if err := __VDLWrite1_list(enc, &x.Caveats); err != nil { |
| return err |
| } |
| } |
| var4 := true |
| var var5 bool |
| if len(x.Signature.Purpose) == 0 { |
| var5 = true |
| } |
| var4 = var4 && var5 |
| var6 := (x.Signature.Hash == Hash("")) |
| var4 = var4 && var6 |
| var var7 bool |
| if len(x.Signature.R) == 0 { |
| var7 = true |
| } |
| var4 = var4 && var7 |
| var var8 bool |
| if len(x.Signature.S) == 0 { |
| var8 = true |
| } |
| var4 = var4 && var8 |
| if !(var4) { |
| if err := enc.NextField("Signature"); err != nil { |
| return err |
| } |
| if err := x.Signature.VDLWrite(enc); err != nil { |
| return err |
| } |
| } |
| if err := enc.NextField(""); err != nil { |
| return err |
| } |
| return enc.FinishValue() |
| } |
| |
| // CaveatDescriptor defines an association between a caveat validation function |
| // (addressed by globally unique identifier) and the data needed by the |
| // validation function. |
| // |
| // For a validator to be invoked, a validation function must be registered with |
| // the validator description in the language that the function is defined in. |
| type CaveatDescriptor struct { |
| Id uniqueid.Id // The identifier of the caveat validation function. |
| ParamType *vdl.Type // The type of the parameter expected by the validation function. |
| } |
| |
| func (CaveatDescriptor) __VDLReflect(struct { |
| Name string `vdl:"v.io/v23/security.CaveatDescriptor"` |
| }) { |
| } |
| |
| func (m *CaveatDescriptor) FillVDLTarget(t vdl.Target, tt *vdl.Type) error { |
| fieldsTarget1, err := t.StartFields(tt) |
| if err != nil { |
| return err |
| } |
| var4 := (m.Id == uniqueid.Id{}) |
| if var4 { |
| if err := fieldsTarget1.ZeroField("Id"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("Id") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| |
| if err := m.Id.FillVDLTarget(fieldTarget3, tt.NonOptional().Field(0).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil { |
| return err |
| } |
| } |
| } |
| var7 := (m.ParamType == nil || m.ParamType == vdl.AnyType) |
| if var7 { |
| if err := fieldsTarget1.ZeroField("ParamType"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget5, fieldTarget6, err := fieldsTarget1.StartField("ParamType") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| typeObjectVal8 := m.ParamType |
| if typeObjectVal8 == nil { |
| typeObjectVal8 = vdl.AnyType |
| } |
| if err := fieldTarget6.FromTypeObject(typeObjectVal8); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget5, fieldTarget6); err != nil { |
| return err |
| } |
| } |
| } |
| if err := t.FinishFields(fieldsTarget1); err != nil { |
| return err |
| } |
| return nil |
| } |
| |
| func (m *CaveatDescriptor) MakeVDLTarget() vdl.Target { |
| return &CaveatDescriptorTarget{Value: m} |
| } |
| |
| type CaveatDescriptorTarget struct { |
| Value *CaveatDescriptor |
| idTarget uniqueid.IdTarget |
| paramTypeTarget vdl.TypeObjectTarget |
| vdl.TargetBase |
| vdl.FieldsTargetBase |
| } |
| |
| func (t *CaveatDescriptorTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) { |
| |
| if ttWant := vdl.TypeOf((*CaveatDescriptor)(nil)).Elem(); !vdl.Compatible(tt, ttWant) { |
| return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant) |
| } |
| return t, nil |
| } |
| func (t *CaveatDescriptorTarget) StartField(name string) (key, field vdl.Target, _ error) { |
| switch name { |
| case "Id": |
| t.idTarget.Value = &t.Value.Id |
| target, err := &t.idTarget, error(nil) |
| return nil, target, err |
| case "ParamType": |
| t.paramTypeTarget.Value = &t.Value.ParamType |
| target, err := &t.paramTypeTarget, error(nil) |
| return nil, target, err |
| default: |
| return nil, nil, fmt.Errorf("field %s not in struct v.io/v23/security.CaveatDescriptor", name) |
| } |
| } |
| func (t *CaveatDescriptorTarget) FinishField(_, _ vdl.Target) error { |
| return nil |
| } |
| func (t *CaveatDescriptorTarget) ZeroField(name string) error { |
| switch name { |
| case "Id": |
| t.Value.Id = uniqueid.Id{} |
| return nil |
| case "ParamType": |
| t.Value.ParamType = vdl.AnyType |
| return nil |
| default: |
| return fmt.Errorf("field %s not in struct v.io/v23/security.CaveatDescriptor", name) |
| } |
| } |
| func (t *CaveatDescriptorTarget) FinishFields(_ vdl.FieldsTarget) error { |
| |
| return nil |
| } |
| |
| func (x *CaveatDescriptor) VDLRead(dec vdl.Decoder) error { |
| *x = CaveatDescriptor{ |
| ParamType: vdl.AnyType, |
| } |
| var err error |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) { |
| return fmt.Errorf("incompatible struct %T, from %v", *x, dec.Type()) |
| } |
| for { |
| f, err := dec.NextField() |
| if err != nil { |
| return err |
| } |
| switch f { |
| case "": |
| return dec.FinishValue() |
| case "Id": |
| if err = x.Id.VDLRead(dec); err != nil { |
| return err |
| } |
| case "ParamType": |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if x.ParamType, err = dec.DecodeTypeObject(); err != nil { |
| return err |
| } |
| if err = dec.FinishValue(); err != nil { |
| return err |
| } |
| default: |
| if err = dec.SkipValue(); err != nil { |
| return err |
| } |
| } |
| } |
| } |
| |
| func (x CaveatDescriptor) VDLWrite(enc vdl.Encoder) error { |
| if err := enc.StartValue(vdl.TypeOf((*CaveatDescriptor)(nil)).Elem()); err != nil { |
| return err |
| } |
| var1 := (x.Id == uniqueid.Id{}) |
| if !(var1) { |
| if err := enc.NextField("Id"); err != nil { |
| return err |
| } |
| if err := x.Id.VDLWrite(enc); err != nil { |
| return err |
| } |
| } |
| var2 := (x.ParamType == nil || x.ParamType == vdl.AnyType) |
| if !(var2) { |
| if err := enc.NextField("ParamType"); err != nil { |
| return err |
| } |
| if err := x.ParamType.VDLWrite(enc); err != nil { |
| return err |
| } |
| } |
| if err := enc.NextField(""); err != nil { |
| return err |
| } |
| return enc.FinishValue() |
| } |
| |
| // WireBlessings encapsulates wire format of a set of blessings and the |
| // corresponding cryptographic proof that binds them to a principal |
| // (identified by a public key). |
| // |
| // This structure is the "wire" format for sending and receiving blessings |
| // in RPCs or marshaling to persistent storage. Typically, languages will |
| // provide a factory function that converts this wire representation to |
| // a more usable object to inspect and manipulate these blessings. |
| type WireBlessings struct { |
| // CertificateChains is an array of chains of certificates that bind |
| // a blessing to the public key in the last certificate of the chain. |
| CertificateChains [][]Certificate |
| } |
| |
| func (WireBlessings) __VDLReflect(struct { |
| Name string `vdl:"v.io/v23/security.WireBlessings"` |
| }) { |
| } |
| |
| func (m *WireBlessings) FillVDLTarget(t vdl.Target, tt *vdl.Type) error { |
| fieldsTarget1, err := t.StartFields(tt) |
| if err != nil { |
| return err |
| } |
| var var4 bool |
| if len(m.CertificateChains) == 0 { |
| var4 = true |
| } |
| if var4 { |
| if err := fieldsTarget1.ZeroField("CertificateChains"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("CertificateChains") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| |
| listTarget5, err := fieldTarget3.StartList(tt.NonOptional().Field(0).Type, len(m.CertificateChains)) |
| if err != nil { |
| return err |
| } |
| for i, elem7 := range m.CertificateChains { |
| elemTarget6, err := listTarget5.StartElem(i) |
| if err != nil { |
| return err |
| } |
| |
| listTarget8, err := elemTarget6.StartList(tt.NonOptional().Field(0).Type.Elem(), len(elem7)) |
| if err != nil { |
| return err |
| } |
| for i, elem10 := range elem7 { |
| elemTarget9, err := listTarget8.StartElem(i) |
| if err != nil { |
| return err |
| } |
| |
| if err := elem10.FillVDLTarget(elemTarget9, tt.NonOptional().Field(0).Type.Elem().Elem()); err != nil { |
| return err |
| } |
| if err := listTarget8.FinishElem(elemTarget9); err != nil { |
| return err |
| } |
| } |
| if err := elemTarget6.FinishList(listTarget8); err != nil { |
| return err |
| } |
| if err := listTarget5.FinishElem(elemTarget6); err != nil { |
| return err |
| } |
| } |
| if err := fieldTarget3.FinishList(listTarget5); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil { |
| return err |
| } |
| } |
| } |
| if err := t.FinishFields(fieldsTarget1); err != nil { |
| return err |
| } |
| return nil |
| } |
| |
| func (m *WireBlessings) MakeVDLTarget() vdl.Target { |
| return nil |
| } |
| |
| type WireBlessingsTarget struct { |
| Value *Blessings |
| wireValue WireBlessings |
| certificateChainsTarget __VDLTarget4_list |
| vdl.TargetBase |
| vdl.FieldsTargetBase |
| } |
| |
| func (t *WireBlessingsTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) { |
| t.wireValue = WireBlessings{} |
| if ttWant := vdl.TypeOf((*WireBlessings)(nil)).Elem(); !vdl.Compatible(tt, ttWant) { |
| return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant) |
| } |
| return t, nil |
| } |
| func (t *WireBlessingsTarget) StartField(name string) (key, field vdl.Target, _ error) { |
| switch name { |
| case "CertificateChains": |
| t.certificateChainsTarget.Value = &t.wireValue.CertificateChains |
| target, err := &t.certificateChainsTarget, error(nil) |
| return nil, target, err |
| default: |
| return nil, nil, fmt.Errorf("field %s not in struct v.io/v23/security.WireBlessings", name) |
| } |
| } |
| func (t *WireBlessingsTarget) FinishField(_, _ vdl.Target) error { |
| return nil |
| } |
| func (t *WireBlessingsTarget) ZeroField(name string) error { |
| switch name { |
| case "CertificateChains": |
| t.wireValue.CertificateChains = [][]Certificate(nil) |
| return nil |
| default: |
| return fmt.Errorf("field %s not in struct v.io/v23/security.WireBlessings", name) |
| } |
| } |
| func (t *WireBlessingsTarget) FinishFields(_ vdl.FieldsTarget) error { |
| |
| if err := WireBlessingsToNative(t.wireValue, t.Value); err != nil { |
| return err |
| } |
| return nil |
| } |
| |
| // [][]Certificate |
| type __VDLTarget4_list struct { |
| Value *[][]Certificate |
| elemTarget __VDLTarget5_list |
| vdl.TargetBase |
| vdl.ListTargetBase |
| } |
| |
| func (t *__VDLTarget4_list) StartList(tt *vdl.Type, len int) (vdl.ListTarget, error) { |
| |
| if ttWant := vdl.TypeOf((*[][]Certificate)(nil)); !vdl.Compatible(tt, ttWant) { |
| return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant) |
| } |
| if cap(*t.Value) < len { |
| *t.Value = make([][]Certificate, len) |
| } else { |
| *t.Value = (*t.Value)[:len] |
| } |
| return t, nil |
| } |
| func (t *__VDLTarget4_list) StartElem(index int) (elem vdl.Target, _ error) { |
| t.elemTarget.Value = &(*t.Value)[index] |
| target, err := &t.elemTarget, error(nil) |
| return target, err |
| } |
| func (t *__VDLTarget4_list) FinishElem(elem vdl.Target) error { |
| return nil |
| } |
| func (t *__VDLTarget4_list) FinishList(elem vdl.ListTarget) error { |
| |
| return nil |
| } |
| |
| // []Certificate |
| type __VDLTarget5_list struct { |
| Value *[]Certificate |
| elemTarget CertificateTarget |
| vdl.TargetBase |
| vdl.ListTargetBase |
| } |
| |
| func (t *__VDLTarget5_list) StartList(tt *vdl.Type, len int) (vdl.ListTarget, error) { |
| |
| if ttWant := vdl.TypeOf((*[]Certificate)(nil)); !vdl.Compatible(tt, ttWant) { |
| return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant) |
| } |
| if cap(*t.Value) < len { |
| *t.Value = make([]Certificate, len) |
| } else { |
| *t.Value = (*t.Value)[:len] |
| } |
| return t, nil |
| } |
| func (t *__VDLTarget5_list) StartElem(index int) (elem vdl.Target, _ error) { |
| t.elemTarget.Value = &(*t.Value)[index] |
| target, err := &t.elemTarget, error(nil) |
| return target, err |
| } |
| func (t *__VDLTarget5_list) FinishElem(elem vdl.Target) error { |
| return nil |
| } |
| func (t *__VDLTarget5_list) FinishList(elem vdl.ListTarget) error { |
| |
| return nil |
| } |
| |
| func (x *WireBlessings) VDLRead(dec vdl.Decoder) error { |
| *x = WireBlessings{} |
| var err error |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) { |
| return fmt.Errorf("incompatible struct %T, from %v", *x, dec.Type()) |
| } |
| for { |
| f, err := dec.NextField() |
| if err != nil { |
| return err |
| } |
| switch f { |
| case "": |
| return dec.FinishValue() |
| case "CertificateChains": |
| if err = __VDLRead4_list(dec, &x.CertificateChains); err != nil { |
| return err |
| } |
| default: |
| if err = dec.SkipValue(); err != nil { |
| return err |
| } |
| } |
| } |
| } |
| |
| func __VDLRead4_list(dec vdl.Decoder, x *[][]Certificate) error { |
| var err error |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) { |
| return fmt.Errorf("incompatible list %T, from %v", *x, dec.Type()) |
| } |
| switch len := dec.LenHint(); { |
| case len > 0: |
| *x = make([][]Certificate, 0, len) |
| default: |
| *x = nil |
| } |
| for { |
| switch done, err := dec.NextEntry(); { |
| case err != nil: |
| return err |
| case done: |
| return dec.FinishValue() |
| } |
| var elem []Certificate |
| if err = __VDLRead5_list(dec, &elem); err != nil { |
| return err |
| } |
| *x = append(*x, elem) |
| } |
| } |
| |
| func __VDLRead5_list(dec vdl.Decoder, x *[]Certificate) error { |
| var err error |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) { |
| return fmt.Errorf("incompatible list %T, from %v", *x, dec.Type()) |
| } |
| switch len := dec.LenHint(); { |
| case len > 0: |
| *x = make([]Certificate, 0, len) |
| default: |
| *x = nil |
| } |
| for { |
| switch done, err := dec.NextEntry(); { |
| case err != nil: |
| return err |
| case done: |
| return dec.FinishValue() |
| } |
| var elem Certificate |
| if err = elem.VDLRead(dec); err != nil { |
| return err |
| } |
| *x = append(*x, elem) |
| } |
| } |
| |
| func (x WireBlessings) VDLWrite(enc vdl.Encoder) error { |
| if err := enc.StartValue(vdl.TypeOf((*WireBlessings)(nil)).Elem()); err != nil { |
| return err |
| } |
| var var1 bool |
| if len(x.CertificateChains) == 0 { |
| var1 = true |
| } |
| if !(var1) { |
| if err := enc.NextField("CertificateChains"); err != nil { |
| return err |
| } |
| if err := __VDLWrite4_list(enc, &x.CertificateChains); err != nil { |
| return err |
| } |
| } |
| if err := enc.NextField(""); err != nil { |
| return err |
| } |
| return enc.FinishValue() |
| } |
| |
| func __VDLWrite4_list(enc vdl.Encoder, x *[][]Certificate) error { |
| if err := enc.StartValue(vdl.TypeOf((*[][]Certificate)(nil))); err != nil { |
| return err |
| } |
| if err := enc.SetLenHint(len(*x)); err != nil { |
| return err |
| } |
| for i := 0; i < len(*x); i++ { |
| if err := enc.NextEntry(false); err != nil { |
| return err |
| } |
| if err := __VDLWrite5_list(enc, &(*x)[i]); err != nil { |
| return err |
| } |
| } |
| if err := enc.NextEntry(true); err != nil { |
| return err |
| } |
| return enc.FinishValue() |
| } |
| |
| func __VDLWrite5_list(enc vdl.Encoder, x *[]Certificate) error { |
| if err := enc.StartValue(vdl.TypeOf((*[]Certificate)(nil))); err != nil { |
| return err |
| } |
| if err := enc.SetLenHint(len(*x)); err != nil { |
| return err |
| } |
| for i := 0; i < len(*x); i++ { |
| if err := enc.NextEntry(false); err != nil { |
| return err |
| } |
| if err := (*x)[i].VDLWrite(enc); err != nil { |
| return err |
| } |
| } |
| if err := enc.NextEntry(true); err != nil { |
| return err |
| } |
| return enc.FinishValue() |
| } |
| |
| type ( |
| // WireDischarge represents any single field of the WireDischarge union type. |
| // |
| // WireDischarge encapsulates the wire format of a third-party caveat |
| // Discharge. |
| WireDischarge interface { |
| // Index returns the field index. |
| Index() int |
| // Interface returns the field value as an interface. |
| Interface() interface{} |
| // Name returns the field name. |
| Name() string |
| // __VDLReflect describes the WireDischarge union type. |
| __VDLReflect(__WireDischargeReflect) |
| FillVDLTarget(vdl.Target, *vdl.Type) error |
| VDLWrite(vdl.Encoder) error |
| } |
| // WireDischargePublicKey represents field PublicKey of the WireDischarge union type. |
| WireDischargePublicKey struct{ Value PublicKeyDischarge } // Discharge for PublicKeyThirdPartyCaveat |
| // __WireDischargeReflect describes the WireDischarge union type. |
| __WireDischargeReflect struct { |
| Name string `vdl:"v.io/v23/security.WireDischarge"` |
| Type WireDischarge |
| UnionTargetFactory wireDischargeTargetFactory |
| Union struct { |
| PublicKey WireDischargePublicKey |
| } |
| } |
| ) |
| |
| func (x WireDischargePublicKey) Index() int { return 0 } |
| func (x WireDischargePublicKey) Interface() interface{} { return x.Value } |
| func (x WireDischargePublicKey) Name() string { return "PublicKey" } |
| func (x WireDischargePublicKey) __VDLReflect(__WireDischargeReflect) {} |
| |
| func (m WireDischargePublicKey) FillVDLTarget(t vdl.Target, tt *vdl.Type) error { |
| fieldsTarget1, err := t.StartFields(tt) |
| if err != nil { |
| return err |
| } |
| keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("PublicKey") |
| if err != nil { |
| return err |
| } |
| |
| if err := m.Value.FillVDLTarget(fieldTarget3, tt.NonOptional().Field(0).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil { |
| return err |
| } |
| if err := t.FinishFields(fieldsTarget1); err != nil { |
| return err |
| } |
| |
| return nil |
| } |
| |
| func (m WireDischargePublicKey) MakeVDLTarget() vdl.Target { |
| return nil |
| } |
| |
| type WireDischargeTarget struct { |
| Value *Discharge |
| wireValue WireDischarge |
| fieldName string |
| |
| vdl.TargetBase |
| vdl.FieldsTargetBase |
| } |
| |
| func (t *WireDischargeTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) { |
| if ttWant := vdl.TypeOf((*WireDischarge)(nil)); !vdl.Compatible(tt, ttWant) { |
| return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant) |
| } |
| t.wireValue = WireDischarge(WireDischargePublicKey{}) |
| return t, nil |
| } |
| func (t *WireDischargeTarget) StartField(name string) (key, field vdl.Target, _ error) { |
| t.fieldName = name |
| switch name { |
| case "PublicKey": |
| val := PublicKeyDischarge{} |
| return nil, &PublicKeyDischargeTarget{Value: &val}, nil |
| default: |
| return nil, nil, fmt.Errorf("field %s not in union v.io/v23/security.WireDischarge", name) |
| } |
| } |
| func (t *WireDischargeTarget) FinishField(_, fieldTarget vdl.Target) error { |
| switch t.fieldName { |
| case "PublicKey": |
| t.wireValue = WireDischargePublicKey{*(fieldTarget.(*PublicKeyDischargeTarget)).Value} |
| } |
| return nil |
| } |
| func (t *WireDischargeTarget) FinishFields(_ vdl.FieldsTarget) error { |
| |
| if err := WireDischargeToNative(t.wireValue, t.Value); err != nil { |
| return err |
| } |
| return nil |
| } |
| |
| type wireDischargeTargetFactory struct{} |
| |
| func (t wireDischargeTargetFactory) VDLMakeUnionTarget(union interface{}) (vdl.Target, error) { |
| if typedUnion, ok := union.(*Discharge); ok { |
| return &WireDischargeTarget{Value: typedUnion}, nil |
| } |
| return nil, fmt.Errorf("got %T, want *Discharge", union) |
| } |
| |
| func VDLReadWireDischarge(dec vdl.Decoder, x *WireDischarge) error { |
| var err error |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(x), dec.Type()) { |
| return fmt.Errorf("incompatible union %T, from %v", x, dec.Type()) |
| } |
| f, err := dec.NextField() |
| if err != nil { |
| return err |
| } |
| switch f { |
| case "PublicKey": |
| var field WireDischargePublicKey |
| if err = field.Value.VDLRead(dec); err != nil { |
| return err |
| } |
| *x = field |
| case "": |
| return fmt.Errorf("missing field in union %T, from %v", x, dec.Type()) |
| default: |
| return fmt.Errorf("field %q not in union %T, from %v", f, x, dec.Type()) |
| } |
| switch f, err := dec.NextField(); { |
| case err != nil: |
| return err |
| case f != "": |
| return fmt.Errorf("extra field %q in union %T, from %v", f, x, dec.Type()) |
| } |
| return dec.FinishValue() |
| } |
| |
| func (x WireDischargePublicKey) VDLWrite(enc vdl.Encoder) error { |
| if err := enc.StartValue(vdl.TypeOf((*WireDischarge)(nil))); err != nil { |
| return err |
| } |
| if err := enc.NextField("PublicKey"); err != nil { |
| return err |
| } |
| if err := x.Value.VDLWrite(enc); err != nil { |
| return err |
| } |
| if err := enc.NextField(""); err != nil { |
| return err |
| } |
| return enc.FinishValue() |
| } |
| |
| // RejectedBlessing describes why a blessing failed validation. |
| type RejectedBlessing struct { |
| Blessing string |
| Err error |
| } |
| |
| func (RejectedBlessing) __VDLReflect(struct { |
| Name string `vdl:"v.io/v23/security.RejectedBlessing"` |
| }) { |
| } |
| |
| func (m *RejectedBlessing) FillVDLTarget(t vdl.Target, tt *vdl.Type) error { |
| fieldsTarget1, err := t.StartFields(tt) |
| if err != nil { |
| return err |
| } |
| var4 := (m.Blessing == "") |
| if var4 { |
| if err := fieldsTarget1.ZeroField("Blessing"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("Blessing") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| if err := fieldTarget3.FromString(string(m.Blessing), tt.NonOptional().Field(0).Type); err != nil { |
| return err |
| } |
| if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil { |
| return err |
| } |
| } |
| } |
| var7 := (m.Err == (error)(nil)) |
| if var7 { |
| if err := fieldsTarget1.ZeroField("Err"); err != nil && err != vdl.ErrFieldNoExist { |
| return err |
| } |
| } else { |
| keyTarget5, fieldTarget6, err := fieldsTarget1.StartField("Err") |
| if err != vdl.ErrFieldNoExist { |
| if err != nil { |
| return err |
| } |
| |
| var wireError8 vdl.WireError |
| if err := verror.WireFromNative(&wireError8, m.Err); err != nil { |
| return err |
| } |
| if err := wireError8.FillVDLTarget(fieldTarget6, vdl.ErrorType); err != nil { |
| return err |
| } |
| |
| if err := fieldsTarget1.FinishField(keyTarget5, fieldTarget6); err != nil { |
| return err |
| } |
| } |
| } |
| if err := t.FinishFields(fieldsTarget1); err != nil { |
| return err |
| } |
| return nil |
| } |
| |
| func (m *RejectedBlessing) MakeVDLTarget() vdl.Target { |
| return &RejectedBlessingTarget{Value: m} |
| } |
| |
| type RejectedBlessingTarget struct { |
| Value *RejectedBlessing |
| blessingTarget vdl.StringTarget |
| errTarget verror.ErrorTarget |
| vdl.TargetBase |
| vdl.FieldsTargetBase |
| } |
| |
| func (t *RejectedBlessingTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) { |
| |
| if ttWant := vdl.TypeOf((*RejectedBlessing)(nil)).Elem(); !vdl.Compatible(tt, ttWant) { |
| return nil, fmt.Errorf("type %v incompatible with %v", tt, ttWant) |
| } |
| return t, nil |
| } |
| func (t *RejectedBlessingTarget) StartField(name string) (key, field vdl.Target, _ error) { |
| switch name { |
| case "Blessing": |
| t.blessingTarget.Value = &t.Value.Blessing |
| target, err := &t.blessingTarget, error(nil) |
| return nil, target, err |
| case "Err": |
| t.errTarget.Value = &t.Value.Err |
| target, err := &t.errTarget, error(nil) |
| return nil, target, err |
| default: |
| return nil, nil, fmt.Errorf("field %s not in struct v.io/v23/security.RejectedBlessing", name) |
| } |
| } |
| func (t *RejectedBlessingTarget) FinishField(_, _ vdl.Target) error { |
| return nil |
| } |
| func (t *RejectedBlessingTarget) ZeroField(name string) error { |
| switch name { |
| case "Blessing": |
| t.Value.Blessing = "" |
| return nil |
| case "Err": |
| t.Value.Err = (error)(nil) |
| return nil |
| default: |
| return fmt.Errorf("field %s not in struct v.io/v23/security.RejectedBlessing", name) |
| } |
| } |
| func (t *RejectedBlessingTarget) FinishFields(_ vdl.FieldsTarget) error { |
| |
| return nil |
| } |
| |
| func (x *RejectedBlessing) VDLRead(dec vdl.Decoder) error { |
| *x = RejectedBlessing{} |
| var err error |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if (dec.StackDepth() == 1 || dec.IsAny()) && !vdl.Compatible(vdl.TypeOf(*x), dec.Type()) { |
| return fmt.Errorf("incompatible struct %T, from %v", *x, dec.Type()) |
| } |
| for { |
| f, err := dec.NextField() |
| if err != nil { |
| return err |
| } |
| switch f { |
| case "": |
| return dec.FinishValue() |
| case "Blessing": |
| if err = dec.StartValue(); err != nil { |
| return err |
| } |
| if x.Blessing, err = dec.DecodeString(); err != nil { |
| return err |
| } |
| if err = dec.FinishValue(); err != nil { |
| return err |
| } |
| case "Err": |
| if err = verror.VDLRead(dec, &x.Err); err != nil { |
| return err |
| } |
| default: |
| if err = dec.SkipValue(); err != nil { |
| return err |
| } |
| } |
| } |
| } |
| |
| func (x RejectedBlessing) VDLWrite(enc vdl.Encoder) error { |
| if err := enc.StartValue(vdl.TypeOf((*RejectedBlessing)(nil)).Elem()); err != nil { |
| return err |
| } |
| var1 := (x.Blessing == "") |
| if !(var1) { |
| if err := enc.NextField("Blessing"); err != nil { |
| return err |
| } |
| if err := enc.StartValue(vdl.TypeOf((*string)(nil))); err != nil { |
| return err |
| } |
| if err := enc.EncodeString(x.Blessing); err != nil { |
| return err |
| } |
| if err := enc.FinishValue(); err != nil { |
| return err |
| } |
| } |
| var2 := (x.Err == (error)(nil)) |
| if !(var2) { |
| if err := enc.NextField("Err"); err != nil { |
| return err |
| } |
| if err := verror.VDLWrite(enc, x.Err); err != nil { |
| return err |
| } |
| } |
| if err := enc.NextField(""); err != nil { |
| return err |
| } |
| return enc.FinishValue() |
| } |
| |
| // Type-check native conversion functions. |
| var ( |
| _ func(WireBlessings, *Blessings) error = WireBlessingsToNative |
| _ func(*WireBlessings, Blessings) error = WireBlessingsFromNative |
| _ func(WireDischarge, *Discharge) error = WireDischargeToNative |
| _ func(*WireDischarge, Discharge) error = WireDischargeFromNative |
| ) |
| |
| ////////////////////////////////////////////////// |
| // Const definitions |
| |
| // ConstCaveat represents a caveat that either always validates or never validates. |
| var ConstCaveat = CaveatDescriptor{ |
| ParamType: vdl.TypeOf((*bool)(nil)), |
| } |
| |
| // ExpiryCaveat represents a caveat that validates iff the current time is no later |
| // the specified time.Time. |
| var ExpiryCaveat = CaveatDescriptor{ |
| Id: uniqueid.Id{ |
| 166, |
| 76, |
| 45, |
| 1, |
| 25, |
| 251, |
| 163, |
| 52, |
| 128, |
| 113, |
| 254, |
| 235, |
| 47, |
| 48, |
| 128, |
| 0, |
| }, |
| ParamType: vdl.TypeOf((*time_2.Time)(nil)).Elem(), |
| } |
| |
| // MethodCaveat represents a caveat that validates iff the method being |
| // invoked is included in this list. An empty list implies that the caveat is invalid. |
| var MethodCaveat = CaveatDescriptor{ |
| Id: uniqueid.Id{ |
| 84, |
| 166, |
| 118, |
| 57, |
| 129, |
| 55, |
| 24, |
| 126, |
| 205, |
| 178, |
| 109, |
| 45, |
| 105, |
| 186, |
| 0, |
| 3, |
| }, |
| ParamType: vdl.TypeOf((*[]string)(nil)), |
| } |
| var PublicKeyThirdPartyCaveat = CaveatDescriptor{ |
| Id: uniqueid.Id{ |
| 121, |
| 114, |
| 206, |
| 23, |
| 74, |
| 123, |
| 169, |
| 63, |
| 121, |
| 84, |
| 125, |
| 118, |
| 156, |
| 145, |
| 128, |
| 0, |
| }, |
| ParamType: vdl.TypeOf((*publicKeyThirdPartyCaveatParam)(nil)).Elem(), |
| } |
| |
| // PeerBlessingsCaveat represents a caveat that validates iff the peer being communicated |
| // with (local end of the call) has a blessing name matching at least one of the patterns |
| // in the list. An empty list implies that the caveat is invalid. |
| var PeerBlessingsCaveat = CaveatDescriptor{ |
| Id: uniqueid.Id{ |
| 5, |
| 119, |
| 248, |
| 86, |
| 76, |
| 142, |
| 95, |
| 254, |
| 255, |
| 142, |
| 43, |
| 31, |
| 77, |
| 109, |
| 128, |
| 0, |
| }, |
| ParamType: vdl.TypeOf((*[]BlessingPattern)(nil)), |
| } |
| |
| // NoExtension is an optional terminator for a blessing pattern indicating that the pattern |
| // cannot match any extensions of the blessing from that point onwards. |
| const NoExtension = BlessingPattern("$") |
| |
| // TODO(ataly, ashankar): The semantics of AllPrincipals breaks monotonicity in |
| // AccessLists with NotIn clauses. For instance, the AccessList "In: {AllPrincipals}, NotIn: {"foo"} |
| // matches the principal that presents no recognizable blessings ([]) however does not |
| // match the principal that presents "foo" as the only recognizable blessings (["foo"]) |
| // We need to sort this out. |
| const AllPrincipals = BlessingPattern("...") // Glob pattern that matches all blessings. |
| const ChainSeparator = ":" // ChainSeparator joins blessing names to form a blessing chain name. |
| const SHA1Hash = Hash("SHA1") // SHA1 cryptographic hash function defined in RFC3174. |
| const SHA256Hash = Hash("SHA256") // SHA256 cryptographic hash function defined in FIPS 180-4. |
| const SHA384Hash = Hash("SHA384") // SHA384 cryptographic hash function defined in FIPS 180-2. |
| const SHA512Hash = Hash("SHA512") // SHA512 cryptographic hash function defined in FIPS 180-2. |
| const SignatureForMessageSigning = "S1" // Signature.Purpose used by a Principal to sign arbitrary messages. |
| const SignatureForBlessingCertificates = "B1" // Signature.Purpose used by a Principal when signing Certificates for creating blessings. |
| const SignatureForDischarge = "D1" // Signature.Purpose used by a Principal when signing discharges for public-key based third-party caveats. |
| |
| ////////////////////////////////////////////////// |
| // Error definitions |
| |
| var ( |
| ErrCaveatNotRegistered = verror.Register("v.io/v23/security.CaveatNotRegistered", verror.NoRetry, "{1:}{2:} no validation function registered for caveat id {3}") |
| ErrCaveatParamAny = verror.Register("v.io/v23/security.CaveatParamAny", verror.NoRetry, "{1:}{2:} caveat {3} uses illegal param type any") |
| ErrCaveatParamTypeMismatch = verror.Register("v.io/v23/security.CaveatParamTypeMismatch", verror.NoRetry, "{1:}{2:} bad param type: caveat {3} got {4}, want {5}") |
| ErrCaveatParamCoding = verror.Register("v.io/v23/security.CaveatParamCoding", verror.NoRetry, "{1:}{2:} unable to encode/decode caveat param(type={4}) for caveat {3}: {5}") |
| ErrCaveatValidation = verror.Register("v.io/v23/security.CaveatValidation", verror.NoRetry, "{1:}{2:} caveat validation failed: {3}") |
| ErrConstCaveatValidation = verror.Register("v.io/v23/security.ConstCaveatValidation", verror.NoRetry, "{1:}{2:} false const caveat always fails validation") |
| ErrExpiryCaveatValidation = verror.Register("v.io/v23/security.ExpiryCaveatValidation", verror.NoRetry, "{1:}{2:} now({3}) is after expiry({4})") |
| ErrMethodCaveatValidation = verror.Register("v.io/v23/security.MethodCaveatValidation", verror.NoRetry, "{1:}{2:} method {3} not in list {4}") |
| ErrPeerBlessingsCaveatValidation = verror.Register("v.io/v23/security.PeerBlessingsCaveatValidation", verror.NoRetry, "{1:}{2:} patterns in peer blessings caveat {4} not matched by the peer {3}") |
| ErrUnrecognizedRoot = verror.Register("v.io/v23/security.UnrecognizedRoot", verror.NoRetry, "{1:}{2:} unrecognized public key {3} in root certificate{:4}") |
| ErrAuthorizationFailed = verror.Register("v.io/v23/security.AuthorizationFailed", verror.NoRetry, "{1:}{2:} principal with blessings {3} (rejected {4}) is not authorized by principal with blessings {5}") |
| ErrInvalidSigningBlessingCaveat = verror.Register("v.io/v23/security.InvalidSigningBlessingCaveat", verror.NoRetry, "{1:}{2:} blessing has caveat with UUID {3} which makes it unsuitable for signing -- please use blessings with just Expiry caveats") |
| ErrPublicKeyNotAllowed = verror.Register("v.io/v23/security.PublicKeyNotAllowed", verror.NoRetry, "{1:}{2:} peer has public key {3}, not the authorized public key {4}") |
| ErrEndpointAuthorizationFailed = verror.Register("v.io/v23/security.EndpointAuthorizationFailed", verror.NoRetry, "{1:}{2:} blessings in endpoint {3} not matched by blessings presented: {4} (rejected {5})") |
| ) |
| |
| // NewErrCaveatNotRegistered returns an error with the ErrCaveatNotRegistered ID. |
| func NewErrCaveatNotRegistered(ctx *context.T, id uniqueid.Id) error { |
| return verror.New(ErrCaveatNotRegistered, ctx, id) |
| } |
| |
| // NewErrCaveatParamAny returns an error with the ErrCaveatParamAny ID. |
| func NewErrCaveatParamAny(ctx *context.T, id uniqueid.Id) error { |
| return verror.New(ErrCaveatParamAny, ctx, id) |
| } |
| |
| // NewErrCaveatParamTypeMismatch returns an error with the ErrCaveatParamTypeMismatch ID. |
| func NewErrCaveatParamTypeMismatch(ctx *context.T, id uniqueid.Id, got *vdl.Type, want *vdl.Type) error { |
| return verror.New(ErrCaveatParamTypeMismatch, ctx, id, got, want) |
| } |
| |
| // NewErrCaveatParamCoding returns an error with the ErrCaveatParamCoding ID. |
| func NewErrCaveatParamCoding(ctx *context.T, id uniqueid.Id, typ *vdl.Type, err error) error { |
| return verror.New(ErrCaveatParamCoding, ctx, id, typ, err) |
| } |
| |
| // NewErrCaveatValidation returns an error with the ErrCaveatValidation ID. |
| func NewErrCaveatValidation(ctx *context.T, err error) error { |
| return verror.New(ErrCaveatValidation, ctx, err) |
| } |
| |
| // NewErrConstCaveatValidation returns an error with the ErrConstCaveatValidation ID. |
| func NewErrConstCaveatValidation(ctx *context.T) error { |
| return verror.New(ErrConstCaveatValidation, ctx) |
| } |
| |
| // NewErrExpiryCaveatValidation returns an error with the ErrExpiryCaveatValidation ID. |
| func NewErrExpiryCaveatValidation(ctx *context.T, currentTime time.Time, expiryTime time.Time) error { |
| return verror.New(ErrExpiryCaveatValidation, ctx, currentTime, expiryTime) |
| } |
| |
| // NewErrMethodCaveatValidation returns an error with the ErrMethodCaveatValidation ID. |
| func NewErrMethodCaveatValidation(ctx *context.T, invokedMethod string, permittedMethods []string) error { |
| return verror.New(ErrMethodCaveatValidation, ctx, invokedMethod, permittedMethods) |
| } |
| |
| // NewErrPeerBlessingsCaveatValidation returns an error with the ErrPeerBlessingsCaveatValidation ID. |
| func NewErrPeerBlessingsCaveatValidation(ctx *context.T, peerBlessings []string, permittedPatterns []BlessingPattern) error { |
| return verror.New(ErrPeerBlessingsCaveatValidation, ctx, peerBlessings, permittedPatterns) |
| } |
| |
| // NewErrUnrecognizedRoot returns an error with the ErrUnrecognizedRoot ID. |
| func NewErrUnrecognizedRoot(ctx *context.T, rootKey string, details error) error { |
| return verror.New(ErrUnrecognizedRoot, ctx, rootKey, details) |
| } |
| |
| // NewErrAuthorizationFailed returns an error with the ErrAuthorizationFailed ID. |
| func NewErrAuthorizationFailed(ctx *context.T, remote []string, remoteErr []RejectedBlessing, local []string) error { |
| return verror.New(ErrAuthorizationFailed, ctx, remote, remoteErr, local) |
| } |
| |
| // NewErrInvalidSigningBlessingCaveat returns an error with the ErrInvalidSigningBlessingCaveat ID. |
| func NewErrInvalidSigningBlessingCaveat(ctx *context.T, id uniqueid.Id) error { |
| return verror.New(ErrInvalidSigningBlessingCaveat, ctx, id) |
| } |
| |
| // NewErrPublicKeyNotAllowed returns an error with the ErrPublicKeyNotAllowed ID. |
| func NewErrPublicKeyNotAllowed(ctx *context.T, got string, want string) error { |
| return verror.New(ErrPublicKeyNotAllowed, ctx, got, want) |
| } |
| |
| // NewErrEndpointAuthorizationFailed returns an error with the ErrEndpointAuthorizationFailed ID. |
| func NewErrEndpointAuthorizationFailed(ctx *context.T, endpoint string, remote []string, rejected []RejectedBlessing) error { |
| return verror.New(ErrEndpointAuthorizationFailed, ctx, endpoint, remote, rejected) |
| } |
| |
| var __VDLInitCalled bool |
| |
| // __VDLInit performs vdl initialization. It is safe to call multiple times. |
| // If you have an init ordering issue, just insert the following line verbatim |
| // into your source files in this package, right after the "package foo" clause: |
| // |
| // var _ = __VDLInit() |
| // |
| // The purpose of this function is to ensure that vdl initialization occurs in |
| // the right order, and very early in the init sequence. In particular, vdl |
| // registration and package variable initialization needs to occur before |
| // functions like vdl.TypeOf will work properly. |
| // |
| // This function returns a dummy value, so that it can be used to initialize the |
| // first var in the file, to take advantage of Go's defined init order. |
| func __VDLInit() struct{} { |
| if __VDLInitCalled { |
| return struct{}{} |
| } |
| __VDLInitCalled = true |
| |
| // Register native type conversions first, so that vdl.TypeOf works. |
| vdl.RegisterNative(WireBlessingsToNative, WireBlessingsFromNative) |
| vdl.RegisterNative(WireDischargeToNative, WireDischargeFromNative) |
| |
| // Register types. |
| vdl.Register((*nonce)(nil)) |
| vdl.Register((*Caveat)(nil)) |
| vdl.Register((*ThirdPartyRequirements)(nil)) |
| vdl.Register((*publicKeyThirdPartyCaveatParam)(nil)) |
| vdl.Register((*Hash)(nil)) |
| vdl.Register((*Signature)(nil)) |
| vdl.Register((*PublicKeyDischarge)(nil)) |
| vdl.Register((*BlessingPattern)(nil)) |
| vdl.Register((*DischargeImpetus)(nil)) |
| vdl.Register((*Certificate)(nil)) |
| vdl.Register((*CaveatDescriptor)(nil)) |
| vdl.Register((*WireBlessings)(nil)) |
| vdl.Register((*WireDischarge)(nil)) |
| vdl.Register((*RejectedBlessing)(nil)) |
| |
| // Set error format strings. |
| i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatNotRegistered.ID), "{1:}{2:} no validation function registered for caveat id {3}") |
| i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatParamAny.ID), "{1:}{2:} caveat {3} uses illegal param type any") |
| i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatParamTypeMismatch.ID), "{1:}{2:} bad param type: caveat {3} got {4}, want {5}") |
| i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatParamCoding.ID), "{1:}{2:} unable to encode/decode caveat param(type={4}) for caveat {3}: {5}") |
| i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatValidation.ID), "{1:}{2:} caveat validation failed: {3}") |
| i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrConstCaveatValidation.ID), "{1:}{2:} false const caveat always fails validation") |
| i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrExpiryCaveatValidation.ID), "{1:}{2:} now({3}) is after expiry({4})") |
| i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrMethodCaveatValidation.ID), "{1:}{2:} method {3} not in list {4}") |
| i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrPeerBlessingsCaveatValidation.ID), "{1:}{2:} patterns in peer blessings caveat {4} not matched by the peer {3}") |
| i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrUnrecognizedRoot.ID), "{1:}{2:} unrecognized public key {3} in root certificate{:4}") |
| i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrAuthorizationFailed.ID), "{1:}{2:} principal with blessings {3} (rejected {4}) is not authorized by principal with blessings {5}") |
| i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrInvalidSigningBlessingCaveat.ID), "{1:}{2:} blessing has caveat with UUID {3} which makes it unsuitable for signing -- please use blessings with just Expiry caveats") |
| i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrPublicKeyNotAllowed.ID), "{1:}{2:} peer has public key {3}, not the authorized public key {4}") |
| i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrEndpointAuthorizationFailed.ID), "{1:}{2:} blessings in endpoint {3} not matched by blessings presented: {4} (rejected {5})") |
| |
| return struct{}{} |
| } |