security/caveat.vdl.go - release.go.v23 - Git at Google

 // Copyright 2015 The Vanadium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 // This file was auto-generated by the vanadium vdl tool.
 // Source: caveat.vdl

 package security

 import (
 	"fmt"
 	"time"
 	"v.io/v23/context"
 	"v.io/v23/i18n"
 	"v.io/v23/uniqueid"
 	"v.io/v23/vdl"
 	_ "v.io/v23/vdlroot/time"
 	"v.io/v23/verror"
 )

 type nonce [16]byte

 func (nonce) __VDLReflect(struct {
 	Name string `vdl:"v.io/v23/security.nonce"`
 }) {
 }

 func (m *nonce) FillVDLTarget(t vdl.Target, tt *vdl.Type) error {
 	if err := t.FromBytes([]byte((*m)[:]), __VDLType_caveat_v_io_v23_security_nonce); err != nil {
 		return err
 	}
 	return nil
 }

 func (m *nonce) MakeVDLTarget() vdl.Target {
 	return &nonceTarget{Value: m}
 }

 type nonceTarget struct {
 	Value *nonce
 	vdl.TargetBase
 }

 func (t *nonceTarget) FromBytes(src []byte, tt *vdl.Type) error {
 	if !vdl.Compatible(tt, __VDLType_caveat_v_io_v23_security_nonce) {
 		return fmt.Errorf("type %v incompatible with %v", tt, __VDLType_caveat_v_io_v23_security_nonce)
 	}
 	copy((*t.Value)[:], src)
 	return nil
 }

 // publicKeyThirdPartyCaveatParam represents a third-party caveat that requires
 // discharges to be issued by a principal identified by a public key.
 //
 // The Id of the caveat is base64-encoded:
 // hash(hash(Nonce), hash(DischargerKey), hash(Caveats[0]), hash(Caveats[1]), ...)
 // where hash is a cryptographic hash function with a security strength
 // equivalent to that of the DischargerKey. For example, if DischargerKey
 // represents an ECDSA public key with the P384 curve, then hash should be
 // SHA384.
 type publicKeyThirdPartyCaveatParam struct {
 	// Nonce specifies a cryptographically random nonce associated with an
 	// instance of the caveat. This prevents discharge replays, where
 	// discharges for ThirdPartyCaveats embedded in the certificates for
 	// one blessing can be used for another blessing.
 	//
 	// Whether discharge re-use is a desired or un-desired property is
 	// still under debate. Till the debate is settled, we err on the side
 	// of discouraging re-use.
 	Nonce nonce
 	// Caveats specifies the caveats that have to be validated
 	// before minting a discharge for a publicKeyCaveat.
 	Caveats []Caveat
 	// DER-encoded PKIX public key of the principal that can issue discharges.
 	DischargerKey []byte
 	// Object name where the third-party that can issue discharges can be found.
 	DischargerLocation string
 	// Information required by the third-party in order to issue a discharge.
 	DischargerRequirements ThirdPartyRequirements
 }

 func (publicKeyThirdPartyCaveatParam) __VDLReflect(struct {
 	Name string `vdl:"v.io/v23/security.publicKeyThirdPartyCaveatParam"`
 }) {
 }

 func (m *publicKeyThirdPartyCaveatParam) FillVDLTarget(t vdl.Target, tt *vdl.Type) error {
 	if __VDLType_caveat_v_io_v23_security_publicKeyThirdPartyCaveatParam == nil || __VDLTypecaveat0 == nil {
 		panic("Initialization order error: types generated for FillVDLTarget not initialized. Consider moving caller to an init() block.")
 	}
 	fieldsTarget1, err := t.StartFields(tt)
 	if err != nil {
 		return err
 	}

 	keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("Nonce")
 	if err != vdl.ErrFieldNoExist && err != nil {
 		return err
 	}
 	if err != vdl.ErrFieldNoExist {

 		if err := m.Nonce.FillVDLTarget(fieldTarget3, __VDLType_caveat_v_io_v23_security_nonce); err != nil {
 			return err
 		}
 		if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil {
 			return err
 		}
 	}
 	keyTarget4, fieldTarget5, err := fieldsTarget1.StartField("Caveats")
 	if err != vdl.ErrFieldNoExist && err != nil {
 		return err
 	}
 	if err != vdl.ErrFieldNoExist {

 		listTarget6, err := fieldTarget5.StartList(__VDLTypecaveat1, len(m.Caveats))
 		if err != nil {
 			return err
 		}
 		for i, elem8 := range m.Caveats {
 			elemTarget7, err := listTarget6.StartElem(i)
 			if err != nil {
 				return err
 			}

 			if err := elem8.FillVDLTarget(elemTarget7, __VDLType_caveat_v_io_v23_security_Caveat); err != nil {
 				return err
 			}
 			if err := listTarget6.FinishElem(elemTarget7); err != nil {
 				return err
 			}
 		}
 		if err := fieldTarget5.FinishList(listTarget6); err != nil {
 			return err
 		}
 		if err := fieldsTarget1.FinishField(keyTarget4, fieldTarget5); err != nil {
 			return err
 		}
 	}
 	keyTarget9, fieldTarget10, err := fieldsTarget1.StartField("DischargerKey")
 	if err != vdl.ErrFieldNoExist && err != nil {
 		return err
 	}
 	if err != vdl.ErrFieldNoExist {

 		if err := fieldTarget10.FromBytes([]byte(m.DischargerKey), __VDLTypecaveat2); err != nil {
 			return err
 		}
 		if err := fieldsTarget1.FinishField(keyTarget9, fieldTarget10); err != nil {
 			return err
 		}
 	}
 	keyTarget11, fieldTarget12, err := fieldsTarget1.StartField("DischargerLocation")
 	if err != vdl.ErrFieldNoExist && err != nil {
 		return err
 	}
 	if err != vdl.ErrFieldNoExist {
 		if err := fieldTarget12.FromString(string(m.DischargerLocation), vdl.StringType); err != nil {
 			return err
 		}
 		if err := fieldsTarget1.FinishField(keyTarget11, fieldTarget12); err != nil {
 			return err
 		}
 	}
 	keyTarget13, fieldTarget14, err := fieldsTarget1.StartField("DischargerRequirements")
 	if err != vdl.ErrFieldNoExist && err != nil {
 		return err
 	}
 	if err != vdl.ErrFieldNoExist {

 		if err := m.DischargerRequirements.FillVDLTarget(fieldTarget14, __VDLType_caveat_v_io_v23_security_ThirdPartyRequirements); err != nil {
 			return err
 		}
 		if err := fieldsTarget1.FinishField(keyTarget13, fieldTarget14); err != nil {
 			return err
 		}
 	}
 	if err := t.FinishFields(fieldsTarget1); err != nil {
 		return err
 	}
 	return nil
 }

 func (m *publicKeyThirdPartyCaveatParam) MakeVDLTarget() vdl.Target {
 	return &publicKeyThirdPartyCaveatParamTarget{Value: m}
 }

 type publicKeyThirdPartyCaveatParamTarget struct {
 	Value *publicKeyThirdPartyCaveatParam
 	vdl.TargetBase
 	vdl.FieldsTargetBase
 }

 func (t *publicKeyThirdPartyCaveatParamTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) {
 	if !vdl.Compatible(tt, __VDLType_caveat_v_io_v23_security_publicKeyThirdPartyCaveatParam) {
 		return nil, fmt.Errorf("type %v incompatible with %v", tt, __VDLType_caveat_v_io_v23_security_publicKeyThirdPartyCaveatParam)
 	}
 	return t, nil
 }
 func (t *publicKeyThirdPartyCaveatParamTarget) StartField(name string) (key, field vdl.Target, _ error) {
 	switch name {
 	case "Nonce":
 		val, err := &nonceTarget{Value: &t.Value.Nonce}, error(nil)
 		return nil, val, err
 	case "Caveats":
 		val, err := &caveat5b5d762e696f2f7632332f73656375726974792e436176656174207374727563747b496420762e696f2f7632332f756e6971756569642e4964205b31365d627974653b506172616d566f6d205b5d627974657dTarget{Value: &t.Value.Caveats}, error(nil)
 		return nil, val, err
 	case "DischargerKey":
 		val, err := &vdl.BytesTarget{Value: &t.Value.DischargerKey}, error(nil)
 		return nil, val, err
 	case "DischargerLocation":
 		val, err := &vdl.StringTarget{Value: &t.Value.DischargerLocation}, error(nil)
 		return nil, val, err
 	case "DischargerRequirements":
 		val, err := &ThirdPartyRequirementsTarget{Value: &t.Value.DischargerRequirements}, error(nil)
 		return nil, val, err
 	default:
 		return nil, nil, fmt.Errorf("field %s not in struct %v", name, __VDLType_caveat_v_io_v23_security_publicKeyThirdPartyCaveatParam)
 	}
 }
 func (t *publicKeyThirdPartyCaveatParamTarget) FinishField(_, _ vdl.Target) error {
 	return nil
 }
 func (t *publicKeyThirdPartyCaveatParamTarget) FinishFields(_ vdl.FieldsTarget) error {
 	return nil
 }

 type caveat5b5d762e696f2f7632332f73656375726974792e436176656174207374727563747b496420762e696f2f7632332f756e6971756569642e4964205b31365d627974653b506172616d566f6d205b5d627974657dTarget struct {
 	Value *[]Caveat
 	vdl.TargetBase
 	vdl.ListTargetBase
 }

 func (t *caveat5b5d762e696f2f7632332f73656375726974792e436176656174207374727563747b496420762e696f2f7632332f756e6971756569642e4964205b31365d627974653b506172616d566f6d205b5d627974657dTarget) StartList(tt *vdl.Type, len int) (vdl.ListTarget, error) {
 	if !vdl.Compatible(tt, __VDLTypecaveat1) {
 		return nil, fmt.Errorf("type %v incompatible with %v", tt, __VDLTypecaveat1)
 	}
 	if cap(*t.Value) < len {
 		*t.Value = make([]Caveat, len)
 	} else {
 		*t.Value = (*t.Value)[:len]
 	}
 	return t, nil
 }
 func (t *caveat5b5d762e696f2f7632332f73656375726974792e436176656174207374727563747b496420762e696f2f7632332f756e6971756569642e4964205b31365d627974653b506172616d566f6d205b5d627974657dTarget) StartElem(index int) (elem vdl.Target, _ error) {
 	return &CaveatTarget{Value: &(*t.Value)[index]}, error(nil)
 }
 func (t *caveat5b5d762e696f2f7632332f73656375726974792e436176656174207374727563747b496420762e696f2f7632332f756e6971756569642e4964205b31365d627974653b506172616d566f6d205b5d627974657dTarget) FinishElem(elem vdl.Target) error {
 	return nil
 }
 func (t *caveat5b5d762e696f2f7632332f73656375726974792e436176656174207374727563747b496420762e696f2f7632332f756e6971756569642e4964205b31365d627974653b506172616d566f6d205b5d627974657dTarget) FinishList(elem vdl.ListTarget) error {
 	return nil
 }

 // publicKeyDischarge represents the discharge issued for publicKeyThirdPartyCaveatParams.
 //
 // The message digest of this structure is computed as follows:
 // hash(hash(ThirdPartyCaveatId), hash(Caveats[0]), hash(Caveats[1]), ...),
 // where hash is a cryptographic hash function with a security strength equivalent to the
 // strength of the public key of the principal issuing the discharge.
 type publicKeyDischarge struct {
 	ThirdPartyCaveatId string    // Id of the third party caveat for which this discharge was issued.
 	Caveats            []Caveat  // Caveats on the use of this discharge.
 	Signature          Signature // Signature of the content hash of this discharge by the discharger.
 }

 func (publicKeyDischarge) __VDLReflect(struct {
 	Name string `vdl:"v.io/v23/security.publicKeyDischarge"`
 }) {
 }

 func (m *publicKeyDischarge) FillVDLTarget(t vdl.Target, tt *vdl.Type) error {
 	if __VDLType_caveat_v_io_v23_security_publicKeyDischarge == nil || __VDLTypecaveat3 == nil {
 		panic("Initialization order error: types generated for FillVDLTarget not initialized. Consider moving caller to an init() block.")
 	}
 	fieldsTarget1, err := t.StartFields(tt)
 	if err != nil {
 		return err
 	}

 	keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("ThirdPartyCaveatId")
 	if err != vdl.ErrFieldNoExist && err != nil {
 		return err
 	}
 	if err != vdl.ErrFieldNoExist {
 		if err := fieldTarget3.FromString(string(m.ThirdPartyCaveatId), vdl.StringType); err != nil {
 			return err
 		}
 		if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil {
 			return err
 		}
 	}
 	keyTarget4, fieldTarget5, err := fieldsTarget1.StartField("Caveats")
 	if err != vdl.ErrFieldNoExist && err != nil {
 		return err
 	}
 	if err != vdl.ErrFieldNoExist {

 		listTarget6, err := fieldTarget5.StartList(__VDLTypecaveat1, len(m.Caveats))
 		if err != nil {
 			return err
 		}
 		for i, elem8 := range m.Caveats {
 			elemTarget7, err := listTarget6.StartElem(i)
 			if err != nil {
 				return err
 			}

 			if err := elem8.FillVDLTarget(elemTarget7, __VDLType_caveat_v_io_v23_security_Caveat); err != nil {
 				return err
 			}
 			if err := listTarget6.FinishElem(elemTarget7); err != nil {
 				return err
 			}
 		}
 		if err := fieldTarget5.FinishList(listTarget6); err != nil {
 			return err
 		}
 		if err := fieldsTarget1.FinishField(keyTarget4, fieldTarget5); err != nil {
 			return err
 		}
 	}
 	keyTarget9, fieldTarget10, err := fieldsTarget1.StartField("Signature")
 	if err != vdl.ErrFieldNoExist && err != nil {
 		return err
 	}
 	if err != vdl.ErrFieldNoExist {

 		if err := m.Signature.FillVDLTarget(fieldTarget10, __VDLType_caveat_v_io_v23_security_Signature); err != nil {
 			return err
 		}
 		if err := fieldsTarget1.FinishField(keyTarget9, fieldTarget10); err != nil {
 			return err
 		}
 	}
 	if err := t.FinishFields(fieldsTarget1); err != nil {
 		return err
 	}
 	return nil
 }

 func (m *publicKeyDischarge) MakeVDLTarget() vdl.Target {
 	return &publicKeyDischargeTarget{Value: m}
 }

 type publicKeyDischargeTarget struct {
 	Value *publicKeyDischarge
 	vdl.TargetBase
 	vdl.FieldsTargetBase
 }

 func (t *publicKeyDischargeTarget) StartFields(tt *vdl.Type) (vdl.FieldsTarget, error) {
 	if !vdl.Compatible(tt, __VDLType_caveat_v_io_v23_security_publicKeyDischarge) {
 		return nil, fmt.Errorf("type %v incompatible with %v", tt, __VDLType_caveat_v_io_v23_security_publicKeyDischarge)
 	}
 	return t, nil
 }
 func (t *publicKeyDischargeTarget) StartField(name string) (key, field vdl.Target, _ error) {
 	switch name {
 	case "ThirdPartyCaveatId":
 		val, err := &vdl.StringTarget{Value: &t.Value.ThirdPartyCaveatId}, error(nil)
 		return nil, val, err
 	case "Caveats":
 		val, err := &caveat5b5d762e696f2f7632332f73656375726974792e436176656174207374727563747b496420762e696f2f7632332f756e6971756569642e4964205b31365d627974653b506172616d566f6d205b5d627974657dTarget{Value: &t.Value.Caveats}, error(nil)
 		return nil, val, err
 	case "Signature":
 		val, err := &SignatureTarget{Value: &t.Value.Signature}, error(nil)
 		return nil, val, err
 	default:
 		return nil, nil, fmt.Errorf("field %s not in struct %v", name, __VDLType_caveat_v_io_v23_security_publicKeyDischarge)
 	}
 }
 func (t *publicKeyDischargeTarget) FinishField(_, _ vdl.Target) error {
 	return nil
 }
 func (t *publicKeyDischargeTarget) FinishFields(_ vdl.FieldsTarget) error {
 	return nil
 }

 func init() {
 	vdl.Register((*nonce)(nil))
 	vdl.Register((*publicKeyThirdPartyCaveatParam)(nil))
 	vdl.Register((*publicKeyDischarge)(nil))
 }

 var __VDLTypecaveat3 *vdl.Type = vdl.TypeOf((*publicKeyDischarge)(nil))
 var __VDLTypecaveat0 *vdl.Type = vdl.TypeOf((*publicKeyThirdPartyCaveatParam)(nil))
 var __VDLTypecaveat2 *vdl.Type = vdl.TypeOf([]byte(nil))
 var __VDLTypecaveat1 *vdl.Type = vdl.TypeOf([]Caveat(nil))
 var __VDLType_caveat_v_io_v23_security_Caveat *vdl.Type = vdl.TypeOf(Caveat{})
 var __VDLType_caveat_v_io_v23_security_Signature *vdl.Type = vdl.TypeOf(Signature{})
 var __VDLType_caveat_v_io_v23_security_ThirdPartyRequirements *vdl.Type = vdl.TypeOf(ThirdPartyRequirements{})
 var __VDLType_caveat_v_io_v23_security_nonce *vdl.Type = vdl.TypeOf(nonce{})
 var __VDLType_caveat_v_io_v23_security_publicKeyDischarge *vdl.Type = vdl.TypeOf(publicKeyDischarge{})
 var __VDLType_caveat_v_io_v23_security_publicKeyThirdPartyCaveatParam *vdl.Type = vdl.TypeOf(publicKeyThirdPartyCaveatParam{})

 func __VDLEnsureNativeBuilt_caveat() {
 }

 // ConstCaveat represents a caveat that either always validates or never validates.
 var ConstCaveat = CaveatDescriptor{
 	ParamType: vdl.TypeOf(false),
 }

 // ExpiryCaveat represents a caveat that validates iff the current time is no later
 // the specified time.Time.
 var ExpiryCaveat = CaveatDescriptor{
 	Id: uniqueid.Id{
 		166,
 		76,
 		45,
 		1,
 		25,
 		251,
 		163,
 		52,
 		128,
 		113,
 		254,
 		235,
 		47,
 		48,
 		128,
 		0,
 	},
 	ParamType: vdl.TypeOf(time.Time{}),
 }

 // MethodCaveat represents a caveat that validates iff the method being
 // invoked is included in this list. An empty list implies that the caveat is invalid.
 var MethodCaveat = CaveatDescriptor{
 	Id: uniqueid.Id{
 		84,
 		166,
 		118,
 		57,
 		129,
 		55,
 		24,
 		126,
 		205,
 		178,
 		109,
 		45,
 		105,
 		186,
 		0,
 		3,
 	},
 	ParamType: vdl.TypeOf([]string(nil)),
 }

 var PublicKeyThirdPartyCaveat = CaveatDescriptor{
 	Id: uniqueid.Id{
 		121,
 		114,
 		206,
 		23,
 		74,
 		123,
 		169,
 		63,
 		121,
 		84,
 		125,
 		118,
 		156,
 		145,
 		128,
 		0,
 	},
 	ParamType: vdl.TypeOf(publicKeyThirdPartyCaveatParam{}),
 }

 // PeerBlessingsCaveat represents a caveat that validates iff the peer being communicated
 // with (local end of the call) has a blessing name matching at least one of the patterns
 // in the list. An empty list implies that the caveat is invalid.
 var PeerBlessingsCaveat = CaveatDescriptor{
 	Id: uniqueid.Id{
 		5,
 		119,
 		248,
 		86,
 		76,
 		142,
 		95,
 		254,
 		255,
 		142,
 		43,
 		31,
 		77,
 		109,
 		128,
 		0,
 	},
 	ParamType: vdl.TypeOf([]BlessingPattern(nil)),
 }

 var (
 	ErrCaveatNotRegistered           = verror.Register("v.io/v23/security.CaveatNotRegistered", verror.NoRetry, "{1:}{2:} no validation function registered for caveat id {3}")
 	ErrCaveatParamAny                = verror.Register("v.io/v23/security.CaveatParamAny", verror.NoRetry, "{1:}{2:} caveat {3} uses illegal param type any")
 	ErrCaveatParamTypeMismatch       = verror.Register("v.io/v23/security.CaveatParamTypeMismatch", verror.NoRetry, "{1:}{2:} bad param type: caveat {3} got {4}, want {5}")
 	ErrCaveatParamCoding             = verror.Register("v.io/v23/security.CaveatParamCoding", verror.NoRetry, "{1:}{2:} unable to encode/decode caveat param(type={4}) for caveat {3}: {5}")
 	ErrCaveatValidation              = verror.Register("v.io/v23/security.CaveatValidation", verror.NoRetry, "{1:}{2:} caveat validation failed: {3}")
 	ErrConstCaveatValidation         = verror.Register("v.io/v23/security.ConstCaveatValidation", verror.NoRetry, "{1:}{2:} false const caveat always fails validation")
 	ErrExpiryCaveatValidation        = verror.Register("v.io/v23/security.ExpiryCaveatValidation", verror.NoRetry, "{1:}{2:} now({3}) is after expiry({4})")
 	ErrMethodCaveatValidation        = verror.Register("v.io/v23/security.MethodCaveatValidation", verror.NoRetry, "{1:}{2:} method {3} not in list {4}")
 	ErrPeerBlessingsCaveatValidation = verror.Register("v.io/v23/security.PeerBlessingsCaveatValidation", verror.NoRetry, "{1:}{2:} patterns in peer blessings caveat {4} not matched by the peer {3}")
 )

 func init() {
 	i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatNotRegistered.ID), "{1:}{2:} no validation function registered for caveat id {3}")
 	i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatParamAny.ID), "{1:}{2:} caveat {3} uses illegal param type any")
 	i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatParamTypeMismatch.ID), "{1:}{2:} bad param type: caveat {3} got {4}, want {5}")
 	i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatParamCoding.ID), "{1:}{2:} unable to encode/decode caveat param(type={4}) for caveat {3}: {5}")
 	i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatValidation.ID), "{1:}{2:} caveat validation failed: {3}")
 	i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrConstCaveatValidation.ID), "{1:}{2:} false const caveat always fails validation")
 	i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrExpiryCaveatValidation.ID), "{1:}{2:} now({3}) is after expiry({4})")
 	i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrMethodCaveatValidation.ID), "{1:}{2:} method {3} not in list {4}")
 	i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrPeerBlessingsCaveatValidation.ID), "{1:}{2:} patterns in peer blessings caveat {4} not matched by the peer {3}")
 }

 // NewErrCaveatNotRegistered returns an error with the ErrCaveatNotRegistered ID.
 func NewErrCaveatNotRegistered(ctx *context.T, id uniqueid.Id) error {
 	return verror.New(ErrCaveatNotRegistered, ctx, id)
 }

 // NewErrCaveatParamAny returns an error with the ErrCaveatParamAny ID.
 func NewErrCaveatParamAny(ctx *context.T, id uniqueid.Id) error {
 	return verror.New(ErrCaveatParamAny, ctx, id)
 }

 // NewErrCaveatParamTypeMismatch returns an error with the ErrCaveatParamTypeMismatch ID.
 func NewErrCaveatParamTypeMismatch(ctx *context.T, id uniqueid.Id, got *vdl.Type, want *vdl.Type) error {
 	return verror.New(ErrCaveatParamTypeMismatch, ctx, id, got, want)
 }

 // NewErrCaveatParamCoding returns an error with the ErrCaveatParamCoding ID.
 func NewErrCaveatParamCoding(ctx *context.T, id uniqueid.Id, typ *vdl.Type, err error) error {
 	return verror.New(ErrCaveatParamCoding, ctx, id, typ, err)
 }

 // NewErrCaveatValidation returns an error with the ErrCaveatValidation ID.
 func NewErrCaveatValidation(ctx *context.T, err error) error {
 	return verror.New(ErrCaveatValidation, ctx, err)
 }

 // NewErrConstCaveatValidation returns an error with the ErrConstCaveatValidation ID.
 func NewErrConstCaveatValidation(ctx *context.T) error {
 	return verror.New(ErrConstCaveatValidation, ctx)
 }

 // NewErrExpiryCaveatValidation returns an error with the ErrExpiryCaveatValidation ID.
 func NewErrExpiryCaveatValidation(ctx *context.T, currentTime time.Time, expiryTime time.Time) error {
 	return verror.New(ErrExpiryCaveatValidation, ctx, currentTime, expiryTime)
 }

 // NewErrMethodCaveatValidation returns an error with the ErrMethodCaveatValidation ID.
 func NewErrMethodCaveatValidation(ctx *context.T, invokedMethod string, permittedMethods []string) error {
 	return verror.New(ErrMethodCaveatValidation, ctx, invokedMethod, permittedMethods)
 }

 // NewErrPeerBlessingsCaveatValidation returns an error with the ErrPeerBlessingsCaveatValidation ID.
 func NewErrPeerBlessingsCaveatValidation(ctx *context.T, peerBlessings []string, permittedPatterns []BlessingPattern) error {
 	return verror.New(ErrPeerBlessingsCaveatValidation, ctx, peerBlessings, permittedPatterns)
 }
	// Copyright 2015 The Vanadium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	// This file was auto-generated by the vanadium vdl tool.
	// Source: caveat.vdl

	package security

	import (
	"fmt"
	"time"
	"v.io/v23/context"
	"v.io/v23/i18n"
	"v.io/v23/uniqueid"
	"v.io/v23/vdl"
	_ "v.io/v23/vdlroot/time"
	"v.io/v23/verror"
	)

	type nonce [16]byte

	func (nonce) __VDLReflect(struct {
	Name string `vdl:"v.io/v23/security.nonce"`
	}) {
	}

	func (m nonce) FillVDLTarget(t vdl.Target, tt vdl.Type) error {
	if err := t.FromBytes([]byte((*m)[:]), __VDLType_caveat_v_io_v23_security_nonce); err != nil {
	return err
	}
	return nil
	}

	func (m *nonce) MakeVDLTarget() vdl.Target {
	return &nonceTarget{Value: m}
	}

	type nonceTarget struct {
	Value *nonce
	vdl.TargetBase
	}

	func (t nonceTarget) FromBytes(src []byte, tt vdl.Type) error {
	if !vdl.Compatible(tt, __VDLType_caveat_v_io_v23_security_nonce) {
	return fmt.Errorf("type %v incompatible with %v", tt, __VDLType_caveat_v_io_v23_security_nonce)
	}
	copy((*t.Value)[:], src)
	return nil
	}

	// publicKeyThirdPartyCaveatParam represents a third-party caveat that requires
	// discharges to be issued by a principal identified by a public key.
	//
	// The Id of the caveat is base64-encoded:
	// hash(hash(Nonce), hash(DischargerKey), hash(Caveats[0]), hash(Caveats[1]), ...)
	// where hash is a cryptographic hash function with a security strength
	// equivalent to that of the DischargerKey. For example, if DischargerKey
	// represents an ECDSA public key with the P384 curve, then hash should be
	// SHA384.
	type publicKeyThirdPartyCaveatParam struct {
	// Nonce specifies a cryptographically random nonce associated with an
	// instance of the caveat. This prevents discharge replays, where
	// discharges for ThirdPartyCaveats embedded in the certificates for
	// one blessing can be used for another blessing.
	//
	// Whether discharge re-use is a desired or un-desired property is
	// still under debate. Till the debate is settled, we err on the side
	// of discouraging re-use.
	Nonce nonce
	// Caveats specifies the caveats that have to be validated
	// before minting a discharge for a publicKeyCaveat.
	Caveats []Caveat
	// DER-encoded PKIX public key of the principal that can issue discharges.
	DischargerKey []byte
	// Object name where the third-party that can issue discharges can be found.
	DischargerLocation string
	// Information required by the third-party in order to issue a discharge.
	DischargerRequirements ThirdPartyRequirements
	}

	func (publicKeyThirdPartyCaveatParam) __VDLReflect(struct {
	Name string `vdl:"v.io/v23/security.publicKeyThirdPartyCaveatParam"`
	}) {
	}

	func (m publicKeyThirdPartyCaveatParam) FillVDLTarget(t vdl.Target, tt vdl.Type) error {
	if __VDLType_caveat_v_io_v23_security_publicKeyThirdPartyCaveatParam == nil \|\| __VDLTypecaveat0 == nil {
	panic("Initialization order error: types generated for FillVDLTarget not initialized. Consider moving caller to an init() block.")
	}
	fieldsTarget1, err := t.StartFields(tt)
	if err != nil {
	return err
	}

	keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("Nonce")
	if err != vdl.ErrFieldNoExist && err != nil {
	return err
	}
	if err != vdl.ErrFieldNoExist {

	if err := m.Nonce.FillVDLTarget(fieldTarget3, __VDLType_caveat_v_io_v23_security_nonce); err != nil {
	return err
	}
	if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil {
	return err
	}
	}
	keyTarget4, fieldTarget5, err := fieldsTarget1.StartField("Caveats")
	if err != vdl.ErrFieldNoExist && err != nil {
	return err
	}
	if err != vdl.ErrFieldNoExist {

	listTarget6, err := fieldTarget5.StartList(__VDLTypecaveat1, len(m.Caveats))
	if err != nil {
	return err
	}
	for i, elem8 := range m.Caveats {
	elemTarget7, err := listTarget6.StartElem(i)
	if err != nil {
	return err
	}

	if err := elem8.FillVDLTarget(elemTarget7, __VDLType_caveat_v_io_v23_security_Caveat); err != nil {
	return err
	}
	if err := listTarget6.FinishElem(elemTarget7); err != nil {
	return err
	}
	}
	if err := fieldTarget5.FinishList(listTarget6); err != nil {
	return err
	}
	if err := fieldsTarget1.FinishField(keyTarget4, fieldTarget5); err != nil {
	return err
	}
	}
	keyTarget9, fieldTarget10, err := fieldsTarget1.StartField("DischargerKey")
	if err != vdl.ErrFieldNoExist && err != nil {
	return err
	}
	if err != vdl.ErrFieldNoExist {

	if err := fieldTarget10.FromBytes([]byte(m.DischargerKey), __VDLTypecaveat2); err != nil {
	return err
	}
	if err := fieldsTarget1.FinishField(keyTarget9, fieldTarget10); err != nil {
	return err
	}
	}
	keyTarget11, fieldTarget12, err := fieldsTarget1.StartField("DischargerLocation")
	if err != vdl.ErrFieldNoExist && err != nil {
	return err
	}
	if err != vdl.ErrFieldNoExist {
	if err := fieldTarget12.FromString(string(m.DischargerLocation), vdl.StringType); err != nil {
	return err
	}
	if err := fieldsTarget1.FinishField(keyTarget11, fieldTarget12); err != nil {
	return err
	}
	}
	keyTarget13, fieldTarget14, err := fieldsTarget1.StartField("DischargerRequirements")
	if err != vdl.ErrFieldNoExist && err != nil {
	return err
	}
	if err != vdl.ErrFieldNoExist {

	if err := m.DischargerRequirements.FillVDLTarget(fieldTarget14, __VDLType_caveat_v_io_v23_security_ThirdPartyRequirements); err != nil {
	return err
	}
	if err := fieldsTarget1.FinishField(keyTarget13, fieldTarget14); err != nil {
	return err
	}
	}
	if err := t.FinishFields(fieldsTarget1); err != nil {
	return err
	}
	return nil
	}

	func (m *publicKeyThirdPartyCaveatParam) MakeVDLTarget() vdl.Target {
	return &publicKeyThirdPartyCaveatParamTarget{Value: m}
	}

	type publicKeyThirdPartyCaveatParamTarget struct {
	Value *publicKeyThirdPartyCaveatParam
	vdl.TargetBase
	vdl.FieldsTargetBase
	}

	func (t publicKeyThirdPartyCaveatParamTarget) StartFields(tt vdl.Type) (vdl.FieldsTarget, error) {
	if !vdl.Compatible(tt, __VDLType_caveat_v_io_v23_security_publicKeyThirdPartyCaveatParam) {
	return nil, fmt.Errorf("type %v incompatible with %v", tt, __VDLType_caveat_v_io_v23_security_publicKeyThirdPartyCaveatParam)
	}
	return t, nil
	}
	func (t *publicKeyThirdPartyCaveatParamTarget) StartField(name string) (key, field vdl.Target, _ error) {
	switch name {
	case "Nonce":
	val, err := &nonceTarget{Value: &t.Value.Nonce}, error(nil)
	return nil, val, err
	case "Caveats":
	val, err := &caveat5b5d762e696f2f7632332f73656375726974792e436176656174207374727563747b496420762e696f2f7632332f756e6971756569642e4964205b31365d627974653b506172616d566f6d205b5d627974657dTarget{Value: &t.Value.Caveats}, error(nil)
	return nil, val, err
	case "DischargerKey":
	val, err := &vdl.BytesTarget{Value: &t.Value.DischargerKey}, error(nil)
	return nil, val, err
	case "DischargerLocation":
	val, err := &vdl.StringTarget{Value: &t.Value.DischargerLocation}, error(nil)
	return nil, val, err
	case "DischargerRequirements":
	val, err := &ThirdPartyRequirementsTarget{Value: &t.Value.DischargerRequirements}, error(nil)
	return nil, val, err
	default:
	return nil, nil, fmt.Errorf("field %s not in struct %v", name, __VDLType_caveat_v_io_v23_security_publicKeyThirdPartyCaveatParam)
	}
	}
	func (t *publicKeyThirdPartyCaveatParamTarget) FinishField(_, _ vdl.Target) error {
	return nil
	}
	func (t *publicKeyThirdPartyCaveatParamTarget) FinishFields(_ vdl.FieldsTarget) error {
	return nil
	}

	type caveat5b5d762e696f2f7632332f73656375726974792e436176656174207374727563747b496420762e696f2f7632332f756e6971756569642e4964205b31365d627974653b506172616d566f6d205b5d627974657dTarget struct {
	Value *[]Caveat
	vdl.TargetBase
	vdl.ListTargetBase
	}

	func (t caveat5b5d762e696f2f7632332f73656375726974792e436176656174207374727563747b496420762e696f2f7632332f756e6971756569642e4964205b31365d627974653b506172616d566f6d205b5d627974657dTarget) StartList(tt vdl.Type, len int) (vdl.ListTarget, error) {
	if !vdl.Compatible(tt, __VDLTypecaveat1) {
	return nil, fmt.Errorf("type %v incompatible with %v", tt, __VDLTypecaveat1)
	}
	if cap(*t.Value) < len {
	*t.Value = make([]Caveat, len)
	} else {
	t.Value = (t.Value)[:len]
	}
	return t, nil
	}
	func (t *caveat5b5d762e696f2f7632332f73656375726974792e436176656174207374727563747b496420762e696f2f7632332f756e6971756569642e4964205b31365d627974653b506172616d566f6d205b5d627974657dTarget) StartElem(index int) (elem vdl.Target, _ error) {
	return &CaveatTarget{Value: &(*t.Value)[index]}, error(nil)
	}
	func (t *caveat5b5d762e696f2f7632332f73656375726974792e436176656174207374727563747b496420762e696f2f7632332f756e6971756569642e4964205b31365d627974653b506172616d566f6d205b5d627974657dTarget) FinishElem(elem vdl.Target) error {
	return nil
	}
	func (t *caveat5b5d762e696f2f7632332f73656375726974792e436176656174207374727563747b496420762e696f2f7632332f756e6971756569642e4964205b31365d627974653b506172616d566f6d205b5d627974657dTarget) FinishList(elem vdl.ListTarget) error {
	return nil
	}

	// publicKeyDischarge represents the discharge issued for publicKeyThirdPartyCaveatParams.
	//
	// The message digest of this structure is computed as follows:
	// hash(hash(ThirdPartyCaveatId), hash(Caveats[0]), hash(Caveats[1]), ...),
	// where hash is a cryptographic hash function with a security strength equivalent to the
	// strength of the public key of the principal issuing the discharge.
	type publicKeyDischarge struct {
	ThirdPartyCaveatId string // Id of the third party caveat for which this discharge was issued.
	Caveats []Caveat // Caveats on the use of this discharge.
	Signature Signature // Signature of the content hash of this discharge by the discharger.
	}

	func (publicKeyDischarge) __VDLReflect(struct {
	Name string `vdl:"v.io/v23/security.publicKeyDischarge"`
	}) {
	}

	func (m publicKeyDischarge) FillVDLTarget(t vdl.Target, tt vdl.Type) error {
	if __VDLType_caveat_v_io_v23_security_publicKeyDischarge == nil \|\| __VDLTypecaveat3 == nil {
	panic("Initialization order error: types generated for FillVDLTarget not initialized. Consider moving caller to an init() block.")
	}
	fieldsTarget1, err := t.StartFields(tt)
	if err != nil {
	return err
	}

	keyTarget2, fieldTarget3, err := fieldsTarget1.StartField("ThirdPartyCaveatId")
	if err != vdl.ErrFieldNoExist && err != nil {
	return err
	}
	if err != vdl.ErrFieldNoExist {
	if err := fieldTarget3.FromString(string(m.ThirdPartyCaveatId), vdl.StringType); err != nil {
	return err
	}
	if err := fieldsTarget1.FinishField(keyTarget2, fieldTarget3); err != nil {
	return err
	}
	}
	keyTarget4, fieldTarget5, err := fieldsTarget1.StartField("Caveats")
	if err != vdl.ErrFieldNoExist && err != nil {
	return err
	}
	if err != vdl.ErrFieldNoExist {

	listTarget6, err := fieldTarget5.StartList(__VDLTypecaveat1, len(m.Caveats))
	if err != nil {
	return err
	}
	for i, elem8 := range m.Caveats {
	elemTarget7, err := listTarget6.StartElem(i)
	if err != nil {
	return err
	}

	if err := elem8.FillVDLTarget(elemTarget7, __VDLType_caveat_v_io_v23_security_Caveat); err != nil {
	return err
	}
	if err := listTarget6.FinishElem(elemTarget7); err != nil {
	return err
	}
	}
	if err := fieldTarget5.FinishList(listTarget6); err != nil {
	return err
	}
	if err := fieldsTarget1.FinishField(keyTarget4, fieldTarget5); err != nil {
	return err
	}
	}
	keyTarget9, fieldTarget10, err := fieldsTarget1.StartField("Signature")
	if err != vdl.ErrFieldNoExist && err != nil {
	return err
	}
	if err != vdl.ErrFieldNoExist {

	if err := m.Signature.FillVDLTarget(fieldTarget10, __VDLType_caveat_v_io_v23_security_Signature); err != nil {
	return err
	}
	if err := fieldsTarget1.FinishField(keyTarget9, fieldTarget10); err != nil {
	return err
	}
	}
	if err := t.FinishFields(fieldsTarget1); err != nil {
	return err
	}
	return nil
	}

	func (m *publicKeyDischarge) MakeVDLTarget() vdl.Target {
	return &publicKeyDischargeTarget{Value: m}
	}

	type publicKeyDischargeTarget struct {
	Value *publicKeyDischarge
	vdl.TargetBase
	vdl.FieldsTargetBase
	}

	func (t publicKeyDischargeTarget) StartFields(tt vdl.Type) (vdl.FieldsTarget, error) {
	if !vdl.Compatible(tt, __VDLType_caveat_v_io_v23_security_publicKeyDischarge) {
	return nil, fmt.Errorf("type %v incompatible with %v", tt, __VDLType_caveat_v_io_v23_security_publicKeyDischarge)
	}
	return t, nil
	}
	func (t *publicKeyDischargeTarget) StartField(name string) (key, field vdl.Target, _ error) {
	switch name {
	case "ThirdPartyCaveatId":
	val, err := &vdl.StringTarget{Value: &t.Value.ThirdPartyCaveatId}, error(nil)
	return nil, val, err
	case "Caveats":
	val, err := &caveat5b5d762e696f2f7632332f73656375726974792e436176656174207374727563747b496420762e696f2f7632332f756e6971756569642e4964205b31365d627974653b506172616d566f6d205b5d627974657dTarget{Value: &t.Value.Caveats}, error(nil)
	return nil, val, err
	case "Signature":
	val, err := &SignatureTarget{Value: &t.Value.Signature}, error(nil)
	return nil, val, err
	default:
	return nil, nil, fmt.Errorf("field %s not in struct %v", name, __VDLType_caveat_v_io_v23_security_publicKeyDischarge)
	}
	}
	func (t *publicKeyDischargeTarget) FinishField(_, _ vdl.Target) error {
	return nil
	}
	func (t *publicKeyDischargeTarget) FinishFields(_ vdl.FieldsTarget) error {
	return nil
	}

	func init() {
	vdl.Register((*nonce)(nil))
	vdl.Register((*publicKeyThirdPartyCaveatParam)(nil))
	vdl.Register((*publicKeyDischarge)(nil))
	}

	var __VDLTypecaveat3 vdl.Type = vdl.TypeOf((publicKeyDischarge)(nil))
	var __VDLTypecaveat0 vdl.Type = vdl.TypeOf((publicKeyThirdPartyCaveatParam)(nil))
	var __VDLTypecaveat2 *vdl.Type = vdl.TypeOf([]byte(nil))
	var __VDLTypecaveat1 *vdl.Type = vdl.TypeOf([]Caveat(nil))
	var __VDLType_caveat_v_io_v23_security_Caveat *vdl.Type = vdl.TypeOf(Caveat{})
	var __VDLType_caveat_v_io_v23_security_Signature *vdl.Type = vdl.TypeOf(Signature{})
	var __VDLType_caveat_v_io_v23_security_ThirdPartyRequirements *vdl.Type = vdl.TypeOf(ThirdPartyRequirements{})
	var __VDLType_caveat_v_io_v23_security_nonce *vdl.Type = vdl.TypeOf(nonce{})
	var __VDLType_caveat_v_io_v23_security_publicKeyDischarge *vdl.Type = vdl.TypeOf(publicKeyDischarge{})
	var __VDLType_caveat_v_io_v23_security_publicKeyThirdPartyCaveatParam *vdl.Type = vdl.TypeOf(publicKeyThirdPartyCaveatParam{})

	func __VDLEnsureNativeBuilt_caveat() {
	}

	// ConstCaveat represents a caveat that either always validates or never validates.
	var ConstCaveat = CaveatDescriptor{
	ParamType: vdl.TypeOf(false),
	}

	// ExpiryCaveat represents a caveat that validates iff the current time is no later
	// the specified time.Time.
	var ExpiryCaveat = CaveatDescriptor{
	Id: uniqueid.Id{
	166,
	76,
	45,
	1,
	25,
	251,
	163,
	52,
	128,
	113,
	254,
	235,
	47,
	48,
	128,
	0,
	},
	ParamType: vdl.TypeOf(time.Time{}),
	}

	// MethodCaveat represents a caveat that validates iff the method being
	// invoked is included in this list. An empty list implies that the caveat is invalid.
	var MethodCaveat = CaveatDescriptor{
	Id: uniqueid.Id{
	84,
	166,
	118,
	57,
	129,
	55,
	24,
	126,
	205,
	178,
	109,
	45,
	105,
	186,
	0,
	3,
	},
	ParamType: vdl.TypeOf([]string(nil)),
	}

	var PublicKeyThirdPartyCaveat = CaveatDescriptor{
	Id: uniqueid.Id{
	121,
	114,
	206,
	23,
	74,
	123,
	169,
	63,
	121,
	84,
	125,
	118,
	156,
	145,
	128,
	0,
	},
	ParamType: vdl.TypeOf(publicKeyThirdPartyCaveatParam{}),
	}

	// PeerBlessingsCaveat represents a caveat that validates iff the peer being communicated
	// with (local end of the call) has a blessing name matching at least one of the patterns
	// in the list. An empty list implies that the caveat is invalid.
	var PeerBlessingsCaveat = CaveatDescriptor{
	Id: uniqueid.Id{
	5,
	119,
	248,
	86,
	76,
	142,
	95,
	254,
	255,
	142,
	43,
	31,
	77,
	109,
	128,
	0,
	},
	ParamType: vdl.TypeOf([]BlessingPattern(nil)),
	}

	var (
	ErrCaveatNotRegistered = verror.Register("v.io/v23/security.CaveatNotRegistered", verror.NoRetry, "{1:}{2:} no validation function registered for caveat id {3}")
	ErrCaveatParamAny = verror.Register("v.io/v23/security.CaveatParamAny", verror.NoRetry, "{1:}{2:} caveat {3} uses illegal param type any")
	ErrCaveatParamTypeMismatch = verror.Register("v.io/v23/security.CaveatParamTypeMismatch", verror.NoRetry, "{1:}{2:} bad param type: caveat {3} got {4}, want {5}")
	ErrCaveatParamCoding = verror.Register("v.io/v23/security.CaveatParamCoding", verror.NoRetry, "{1:}{2:} unable to encode/decode caveat param(type={4}) for caveat {3}: {5}")
	ErrCaveatValidation = verror.Register("v.io/v23/security.CaveatValidation", verror.NoRetry, "{1:}{2:} caveat validation failed: {3}")
	ErrConstCaveatValidation = verror.Register("v.io/v23/security.ConstCaveatValidation", verror.NoRetry, "{1:}{2:} false const caveat always fails validation")
	ErrExpiryCaveatValidation = verror.Register("v.io/v23/security.ExpiryCaveatValidation", verror.NoRetry, "{1:}{2:} now({3}) is after expiry({4})")
	ErrMethodCaveatValidation = verror.Register("v.io/v23/security.MethodCaveatValidation", verror.NoRetry, "{1:}{2:} method {3} not in list {4}")
	ErrPeerBlessingsCaveatValidation = verror.Register("v.io/v23/security.PeerBlessingsCaveatValidation", verror.NoRetry, "{1:}{2:} patterns in peer blessings caveat {4} not matched by the peer {3}")
	)

	func init() {
	i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatNotRegistered.ID), "{1:}{2:} no validation function registered for caveat id {3}")
	i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatParamAny.ID), "{1:}{2:} caveat {3} uses illegal param type any")
	i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatParamTypeMismatch.ID), "{1:}{2:} bad param type: caveat {3} got {4}, want {5}")
	i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatParamCoding.ID), "{1:}{2:} unable to encode/decode caveat param(type={4}) for caveat {3}: {5}")
	i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatValidation.ID), "{1:}{2:} caveat validation failed: {3}")
	i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrConstCaveatValidation.ID), "{1:}{2:} false const caveat always fails validation")
	i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrExpiryCaveatValidation.ID), "{1:}{2:} now({3}) is after expiry({4})")
	i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrMethodCaveatValidation.ID), "{1:}{2:} method {3} not in list {4}")
	i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrPeerBlessingsCaveatValidation.ID), "{1:}{2:} patterns in peer blessings caveat {4} not matched by the peer {3}")
	}

	// NewErrCaveatNotRegistered returns an error with the ErrCaveatNotRegistered ID.
	func NewErrCaveatNotRegistered(ctx *context.T, id uniqueid.Id) error {
	return verror.New(ErrCaveatNotRegistered, ctx, id)
	}

	// NewErrCaveatParamAny returns an error with the ErrCaveatParamAny ID.
	func NewErrCaveatParamAny(ctx *context.T, id uniqueid.Id) error {
	return verror.New(ErrCaveatParamAny, ctx, id)
	}

	// NewErrCaveatParamTypeMismatch returns an error with the ErrCaveatParamTypeMismatch ID.
	func NewErrCaveatParamTypeMismatch(ctx context.T, id uniqueid.Id, got vdl.Type, want *vdl.Type) error {
	return verror.New(ErrCaveatParamTypeMismatch, ctx, id, got, want)
	}

	// NewErrCaveatParamCoding returns an error with the ErrCaveatParamCoding ID.
	func NewErrCaveatParamCoding(ctx context.T, id uniqueid.Id, typ vdl.Type, err error) error {
	return verror.New(ErrCaveatParamCoding, ctx, id, typ, err)
	}

	// NewErrCaveatValidation returns an error with the ErrCaveatValidation ID.
	func NewErrCaveatValidation(ctx *context.T, err error) error {
	return verror.New(ErrCaveatValidation, ctx, err)
	}

	// NewErrConstCaveatValidation returns an error with the ErrConstCaveatValidation ID.
	func NewErrConstCaveatValidation(ctx *context.T) error {
	return verror.New(ErrConstCaveatValidation, ctx)
	}

	// NewErrExpiryCaveatValidation returns an error with the ErrExpiryCaveatValidation ID.
	func NewErrExpiryCaveatValidation(ctx *context.T, currentTime time.Time, expiryTime time.Time) error {
	return verror.New(ErrExpiryCaveatValidation, ctx, currentTime, expiryTime)
	}

	// NewErrMethodCaveatValidation returns an error with the ErrMethodCaveatValidation ID.
	func NewErrMethodCaveatValidation(ctx *context.T, invokedMethod string, permittedMethods []string) error {
	return verror.New(ErrMethodCaveatValidation, ctx, invokedMethod, permittedMethods)
	}

	// NewErrPeerBlessingsCaveatValidation returns an error with the ErrPeerBlessingsCaveatValidation ID.
	func NewErrPeerBlessingsCaveatValidation(ctx *context.T, peerBlessings []string, permittedPatterns []BlessingPattern) error {
	return verror.New(ErrPeerBlessingsCaveatValidation, ctx, peerBlessings, permittedPatterns)
	}