Google Git
Sign in
vanadium / release.go.v23 / master / . / security / security.vdl.go
blob: e6e4676624fb222090330649e4cd4e22a75369f3 [file] [log] [blame]
// Copyright 2015 The Vanadium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// This file was auto-generated by the vanadium vdl tool.
// Package: security
package security
import (
"fmt"
"time"
"v.io/v23/context"
"v.io/v23/i18n"
"v.io/v23/uniqueid"
"v.io/v23/vdl"
vdltime "v.io/v23/vdlroot/time"
"v.io/v23/verror"
"v.io/v23/vom"
)
var _ = __VDLInit() // Must be first; see __VDLInit comments for details.
//////////////////////////////////////////////////
// Type definitions
type nonce [16]byte
func (nonce) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.nonce"`
}) {
}
func (x nonce) VDLIsZero() bool {
return x == nonce{}
}
func (x nonce) VDLWrite(enc vdl.Encoder) error {
if err := enc.WriteValueBytes(__VDLType_array_1, x[:]); err != nil {
return err
}
return nil
}
func (x *nonce) VDLRead(dec vdl.Decoder) error {
bytes := x[:]
if err := dec.ReadValueBytes(16, &bytes); err != nil {
return err
}
return nil
}
// Caveat is a condition on the validity of a blessing/discharge.
//
// These conditions are provided when asking a principal to create
// a blessing/discharge and are verified when extracting blessings
// (Blessings.ForName in the Go API).
//
// Given a Hash, the message digest of a caveat is:
// Hash(Hash(Id), Hash(ParamVom))
type Caveat struct {
Id uniqueid.Id // The identifier of the caveat validation function.
ParamVom []byte // VOM-encoded bytes of the parameters to be provided to the validation function.
}
func (Caveat) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.Caveat"`
}) {
}
func (x Caveat) VDLIsZero() bool {
if x.Id != (uniqueid.Id{}) {
return false
}
if len(x.ParamVom) != 0 {
return false
}
return true
}
func (x Caveat) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(__VDLType_struct_2); err != nil {
return err
}
if x.Id != (uniqueid.Id{}) {
if err := enc.NextFieldValueBytes(0, __VDLType_array_3, x.Id[:]); err != nil {
return err
}
}
if len(x.ParamVom) != 0 {
if err := enc.NextFieldValueBytes(1, __VDLType_list_4, x.ParamVom); err != nil {
return err
}
}
if err := enc.NextField(-1); err != nil {
return err
}
return enc.FinishValue()
}
func (x *Caveat) VDLRead(dec vdl.Decoder) error {
*x = Caveat{}
if err := dec.StartValue(__VDLType_struct_2); err != nil {
return err
}
decType := dec.Type()
for {
index, err := dec.NextField()
switch {
case err != nil:
return err
case index == -1:
return dec.FinishValue()
}
if decType != __VDLType_struct_2 {
index = __VDLType_struct_2.FieldIndexByName(decType.Field(index).Name)
if index == -1 {
if err := dec.SkipValue(); err != nil {
return err
}
continue
}
}
switch index {
case 0:
bytes := x.Id[:]
if err := dec.ReadValueBytes(16, &bytes); err != nil {
return err
}
case 1:
if err := dec.ReadValueBytes(-1, &x.ParamVom); err != nil {
return err
}
}
}
}
// ThirdPartyRequirements specifies the information required by the third-party
// that will issue discharges for third-party caveats.
//
// These requirements are typically used to construct a DischargeImpetus, which
// will be sent to the third-party.
type ThirdPartyRequirements struct {
ReportServer bool // The blessings presented by the server of an IPC call.
ReportMethod bool // The name of the method being invoked.
ReportArguments bool // Arguments to the method being invoked.
}
func (ThirdPartyRequirements) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.ThirdPartyRequirements"`
}) {
}
func (x ThirdPartyRequirements) VDLIsZero() bool {
return x == ThirdPartyRequirements{}
}
func (x ThirdPartyRequirements) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(__VDLType_struct_5); err != nil {
return err
}
if x.ReportServer {
if err := enc.NextFieldValueBool(0, vdl.BoolType, x.ReportServer); err != nil {
return err
}
}
if x.ReportMethod {
if err := enc.NextFieldValueBool(1, vdl.BoolType, x.ReportMethod); err != nil {
return err
}
}
if x.ReportArguments {
if err := enc.NextFieldValueBool(2, vdl.BoolType, x.ReportArguments); err != nil {
return err
}
}
if err := enc.NextField(-1); err != nil {
return err
}
return enc.FinishValue()
}
func (x *ThirdPartyRequirements) VDLRead(dec vdl.Decoder) error {
*x = ThirdPartyRequirements{}
if err := dec.StartValue(__VDLType_struct_5); err != nil {
return err
}
decType := dec.Type()
for {
index, err := dec.NextField()
switch {
case err != nil:
return err
case index == -1:
return dec.FinishValue()
}
if decType != __VDLType_struct_5 {
index = __VDLType_struct_5.FieldIndexByName(decType.Field(index).Name)
if index == -1 {
if err := dec.SkipValue(); err != nil {
return err
}
continue
}
}
switch index {
case 0:
switch value, err := dec.ReadValueBool(); {
case err != nil:
return err
default:
x.ReportServer = value
}
case 1:
switch value, err := dec.ReadValueBool(); {
case err != nil:
return err
default:
x.ReportMethod = value
}
case 2:
switch value, err := dec.ReadValueBool(); {
case err != nil:
return err
default:
x.ReportArguments = value
}
}
}
}
// publicKeyThirdPartyCaveatParam represents a third-party caveat that requires
// PublicKeyDischarge(s) to be issued by a principal identified by a public key.
//
// The Id of the caveat is base64-encoded:
// hash(hash(Nonce), hash(DischargerKey), hash(Caveats[0]), hash(Caveats[1]), ...)
// where hash is a cryptographic hash function with a security strength
// equivalent to that of the DischargerKey. For example, if DischargerKey
// represents an ECDSA public key with the P384 curve, then hash should be
// SHA384.
type publicKeyThirdPartyCaveatParam struct {
// Nonce specifies a cryptographically random nonce associated with an
// instance of the caveat. This prevents discharge replays, where
// discharges for ThirdPartyCaveats embedded in the certificates for
// one blessing can be used for another blessing.
//
// Whether discharge re-use is a desired or un-desired property is
// still under debate. Till the debate is settled, we err on the side
// of discouraging re-use.
Nonce nonce
// Caveats specifies the caveats that have to be validated
// before minting a discharge for a publicKeyCaveat.
Caveats []Caveat
// DER-encoded PKIX public key of the principal that can issue discharges.
DischargerKey []byte
// Object name where the third-party that can issue discharges can be found.
DischargerLocation string
// Information required by the third-party in order to issue a discharge.
DischargerRequirements ThirdPartyRequirements
}
func (publicKeyThirdPartyCaveatParam) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.publicKeyThirdPartyCaveatParam"`
}) {
}
func (x publicKeyThirdPartyCaveatParam) VDLIsZero() bool {
if x.Nonce != (nonce{}) {
return false
}
if len(x.Caveats) != 0 {
return false
}
if len(x.DischargerKey) != 0 {
return false
}
if x.DischargerLocation != "" {
return false
}
if x.DischargerRequirements != (ThirdPartyRequirements{}) {
return false
}
return true
}
func (x publicKeyThirdPartyCaveatParam) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(__VDLType_struct_6); err != nil {
return err
}
if x.Nonce != (nonce{}) {
if err := enc.NextFieldValueBytes(0, __VDLType_array_1, x.Nonce[:]); err != nil {
return err
}
}
if len(x.Caveats) != 0 {
if err := enc.NextField(1); err != nil {
return err
}
if err := __VDLWriteAnon_list_1(enc, x.Caveats); err != nil {
return err
}
}
if len(x.DischargerKey) != 0 {
if err := enc.NextFieldValueBytes(2, __VDLType_list_4, x.DischargerKey); err != nil {
return err
}
}
if x.DischargerLocation != "" {
if err := enc.NextFieldValueString(3, vdl.StringType, x.DischargerLocation); err != nil {
return err
}
}
if x.DischargerRequirements != (ThirdPartyRequirements{}) {
if err := enc.NextField(4); err != nil {
return err
}
if err := x.DischargerRequirements.VDLWrite(enc); err != nil {
return err
}
}
if err := enc.NextField(-1); err != nil {
return err
}
return enc.FinishValue()
}
func __VDLWriteAnon_list_1(enc vdl.Encoder, x []Caveat) error {
if err := enc.StartValue(__VDLType_list_7); err != nil {
return err
}
if err := enc.SetLenHint(len(x)); err != nil {
return err
}
for _, elem := range x {
if err := enc.NextEntry(false); err != nil {
return err
}
if err := elem.VDLWrite(enc); err != nil {
return err
}
}
if err := enc.NextEntry(true); err != nil {
return err
}
return enc.FinishValue()
}
func (x *publicKeyThirdPartyCaveatParam) VDLRead(dec vdl.Decoder) error {
*x = publicKeyThirdPartyCaveatParam{}
if err := dec.StartValue(__VDLType_struct_6); err != nil {
return err
}
decType := dec.Type()
for {
index, err := dec.NextField()
switch {
case err != nil:
return err
case index == -1:
return dec.FinishValue()
}
if decType != __VDLType_struct_6 {
index = __VDLType_struct_6.FieldIndexByName(decType.Field(index).Name)
if index == -1 {
if err := dec.SkipValue(); err != nil {
return err
}
continue
}
}
switch index {
case 0:
bytes := x.Nonce[:]
if err := dec.ReadValueBytes(16, &bytes); err != nil {
return err
}
case 1:
if err := __VDLReadAnon_list_1(dec, &x.Caveats); err != nil {
return err
}
case 2:
if err := dec.ReadValueBytes(-1, &x.DischargerKey); err != nil {
return err
}
case 3:
switch value, err := dec.ReadValueString(); {
case err != nil:
return err
default:
x.DischargerLocation = value
}
case 4:
if err := x.DischargerRequirements.VDLRead(dec); err != nil {
return err
}
}
}
}
func __VDLReadAnon_list_1(dec vdl.Decoder, x *[]Caveat) error {
if err := dec.StartValue(__VDLType_list_7); err != nil {
return err
}
if len := dec.LenHint(); len > 0 {
*x = make([]Caveat, 0, len)
} else {
*x = nil
}
for {
switch done, err := dec.NextEntry(); {
case err != nil:
return err
case done:
return dec.FinishValue()
default:
var elem Caveat
if err := elem.VDLRead(dec); err != nil {
return err
}
*x = append(*x, elem)
}
}
}
// Hash identifies a cryptographic hash function approved for use in signature algorithms.
type Hash string
func (Hash) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.Hash"`
}) {
}
func (x Hash) VDLIsZero() bool {
return x == ""
}
func (x Hash) VDLWrite(enc vdl.Encoder) error {
if err := enc.WriteValueString(__VDLType_string_8, string(x)); err != nil {
return err
}
return nil
}
func (x *Hash) VDLRead(dec vdl.Decoder) error {
switch value, err := dec.ReadValueString(); {
case err != nil:
return err
default:
*x = Hash(value)
}
return nil
}
// Signature represents a digital signature.
type Signature struct {
// Purpose of the signature. Can be used to prevent type attacks.
// (See Section 4.2 of http://www-users.cs.york.ac.uk/~jac/PublishedPapers/reviewV1_1997.pdf for example).
// The actual signature (R, S values for ECDSA keys) is produced by signing: Hash(Hash(message), Hash(Purpose)).
Purpose []byte
// Cryptographic hash function applied to the message before computing the signature.
Hash Hash
// Pair of integers that make up an ECDSA signature.
R []byte
S []byte
}
func (Signature) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.Signature"`
}) {
}
func (x Signature) VDLIsZero() bool {
if len(x.Purpose) != 0 {
return false
}
if x.Hash != "" {
return false
}
if len(x.R) != 0 {
return false
}
if len(x.S) != 0 {
return false
}
return true
}
func (x Signature) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(__VDLType_struct_9); err != nil {
return err
}
if len(x.Purpose) != 0 {
if err := enc.NextFieldValueBytes(0, __VDLType_list_4, x.Purpose); err != nil {
return err
}
}
if x.Hash != "" {
if err := enc.NextFieldValueString(1, __VDLType_string_8, string(x.Hash)); err != nil {
return err
}
}
if len(x.R) != 0 {
if err := enc.NextFieldValueBytes(2, __VDLType_list_4, x.R); err != nil {
return err
}
}
if len(x.S) != 0 {
if err := enc.NextFieldValueBytes(3, __VDLType_list_4, x.S); err != nil {
return err
}
}
if err := enc.NextField(-1); err != nil {
return err
}
return enc.FinishValue()
}
func (x *Signature) VDLRead(dec vdl.Decoder) error {
*x = Signature{}
if err := dec.StartValue(__VDLType_struct_9); err != nil {
return err
}
decType := dec.Type()
for {
index, err := dec.NextField()
switch {
case err != nil:
return err
case index == -1:
return dec.FinishValue()
}
if decType != __VDLType_struct_9 {
index = __VDLType_struct_9.FieldIndexByName(decType.Field(index).Name)
if index == -1 {
if err := dec.SkipValue(); err != nil {
return err
}
continue
}
}
switch index {
case 0:
if err := dec.ReadValueBytes(-1, &x.Purpose); err != nil {
return err
}
case 1:
switch value, err := dec.ReadValueString(); {
case err != nil:
return err
default:
x.Hash = Hash(value)
}
case 2:
if err := dec.ReadValueBytes(-1, &x.R); err != nil {
return err
}
case 3:
if err := dec.ReadValueBytes(-1, &x.S); err != nil {
return err
}
}
}
}
// PublicKeyDischarge represents a discharge for third party caveats that
// require a signature from a third-party's public key.
//
// The message digest of this structure is computed as follows:
// hash(hash(ThirdPartyCaveatId), hash(Caveats[0]), hash(Caveats[1]), ...),
// where hash is a cryptographic hash function with a security strength
// equivalent to the strength of the public key of the principal issuing the
// discharge.
type PublicKeyDischarge struct {
ThirdPartyCaveatId string // Id of the third party caveat for which this discharge was issued.
Caveats []Caveat // Caveats on the use of this discharge.
Signature Signature // Signature of the content hash of this discharge by the discharger.
}
func (PublicKeyDischarge) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.PublicKeyDischarge"`
}) {
}
func (x PublicKeyDischarge) VDLIsZero() bool {
if x.ThirdPartyCaveatId != "" {
return false
}
if len(x.Caveats) != 0 {
return false
}
if !x.Signature.VDLIsZero() {
return false
}
return true
}
func (x PublicKeyDischarge) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(__VDLType_struct_10); err != nil {
return err
}
if x.ThirdPartyCaveatId != "" {
if err := enc.NextFieldValueString(0, vdl.StringType, x.ThirdPartyCaveatId); err != nil {
return err
}
}
if len(x.Caveats) != 0 {
if err := enc.NextField(1); err != nil {
return err
}
if err := __VDLWriteAnon_list_1(enc, x.Caveats); err != nil {
return err
}
}
if !x.Signature.VDLIsZero() {
if err := enc.NextField(2); err != nil {
return err
}
if err := x.Signature.VDLWrite(enc); err != nil {
return err
}
}
if err := enc.NextField(-1); err != nil {
return err
}
return enc.FinishValue()
}
func (x *PublicKeyDischarge) VDLRead(dec vdl.Decoder) error {
*x = PublicKeyDischarge{}
if err := dec.StartValue(__VDLType_struct_10); err != nil {
return err
}
decType := dec.Type()
for {
index, err := dec.NextField()
switch {
case err != nil:
return err
case index == -1:
return dec.FinishValue()
}
if decType != __VDLType_struct_10 {
index = __VDLType_struct_10.FieldIndexByName(decType.Field(index).Name)
if index == -1 {
if err := dec.SkipValue(); err != nil {
return err
}
continue
}
}
switch index {
case 0:
switch value, err := dec.ReadValueString(); {
case err != nil:
return err
default:
x.ThirdPartyCaveatId = value
}
case 1:
if err := __VDLReadAnon_list_1(dec, &x.Caveats); err != nil {
return err
}
case 2:
if err := x.Signature.VDLRead(dec); err != nil {
return err
}
}
}
}
// BlessingPattern is a pattern that is matched by specific blessings.
//
// A pattern can either be a blessing (slash-separated human-readable string)
// or a blessing ending in "/$". A pattern ending in "/$" is matched exactly
// by the blessing specified by the pattern string with the "/$" suffix stripped
// out. For example, the pattern "a/b/c/$" is matched by exactly by the blessing
// "a/b/c".
//
// A pattern not ending in "/$" is more permissive, and is also matched by blessings
// that are extensions of the pattern (including the pattern itself). For example, the
// pattern "a/b/c" is matched by the blessings "a/b/c", "a/b/c/x", "a/b/c/x/y", etc.
//
// TODO(ataly, ashankar): Define a formal BNF grammar for blessings and blessing patterns.
type BlessingPattern string
func (BlessingPattern) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.BlessingPattern"`
}) {
}
func (x BlessingPattern) VDLIsZero() bool {
return x == ""
}
func (x BlessingPattern) VDLWrite(enc vdl.Encoder) error {
if err := enc.WriteValueString(__VDLType_string_11, string(x)); err != nil {
return err
}
return nil
}
func (x *BlessingPattern) VDLRead(dec vdl.Decoder) error {
switch value, err := dec.ReadValueString(); {
case err != nil:
return err
default:
*x = BlessingPattern(value)
}
return nil
}
// DischargeImpetus encapsulates the motivation for a discharge being sought.
//
// These values are reported by a principal that is requesting a Discharge for
// a third-party caveat on one of its blessings. The third-party issues
// discharges cannot safely assume that all these values are provided, or that
// they are provided honestly.
//
// Implementations of services that issue discharges are encouraged to add
// caveats to the discharge that bind the discharge to the impetus, thereby
// rendering the discharge unsuable for any other purpose.
type DischargeImpetus struct {
Server []BlessingPattern // The client intends to use the discharge to communicate with a server that has a blessing matching one of the patterns in this set.
Method string // Name of the method being invoked by the client.
Arguments []*vom.RawBytes // Arguments to the method invocation.
}
func (DischargeImpetus) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.DischargeImpetus"`
}) {
}
func (x DischargeImpetus) VDLIsZero() bool {
if len(x.Server) != 0 {
return false
}
if x.Method != "" {
return false
}
if len(x.Arguments) != 0 {
return false
}
return true
}
func (x DischargeImpetus) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(__VDLType_struct_12); err != nil {
return err
}
if len(x.Server) != 0 {
if err := enc.NextField(0); err != nil {
return err
}
if err := __VDLWriteAnon_list_2(enc, x.Server); err != nil {
return err
}
}
if x.Method != "" {
if err := enc.NextFieldValueString(1, vdl.StringType, x.Method); err != nil {
return err
}
}
if len(x.Arguments) != 0 {
if err := enc.NextField(2); err != nil {
return err
}
if err := __VDLWriteAnon_list_3(enc, x.Arguments); err != nil {
return err
}
}
if err := enc.NextField(-1); err != nil {
return err
}
return enc.FinishValue()
}
func __VDLWriteAnon_list_2(enc vdl.Encoder, x []BlessingPattern) error {
if err := enc.StartValue(__VDLType_list_13); err != nil {
return err
}
if err := enc.SetLenHint(len(x)); err != nil {
return err
}
for _, elem := range x {
if err := enc.NextEntryValueString(__VDLType_string_11, string(elem)); err != nil {
return err
}
}
if err := enc.NextEntry(true); err != nil {
return err
}
return enc.FinishValue()
}
func __VDLWriteAnon_list_3(enc vdl.Encoder, x []*vom.RawBytes) error {
if err := enc.StartValue(__VDLType_list_14); err != nil {
return err
}
if err := enc.SetLenHint(len(x)); err != nil {
return err
}
for _, elem := range x {
if err := enc.NextEntry(false); err != nil {
return err
}
if elem == nil {
if err := enc.NilValue(vdl.AnyType); err != nil {
return err
}
} else {
if err := elem.VDLWrite(enc); err != nil {
return err
}
}
}
if err := enc.NextEntry(true); err != nil {
return err
}
return enc.FinishValue()
}
func (x *DischargeImpetus) VDLRead(dec vdl.Decoder) error {
*x = DischargeImpetus{}
if err := dec.StartValue(__VDLType_struct_12); err != nil {
return err
}
decType := dec.Type()
for {
index, err := dec.NextField()
switch {
case err != nil:
return err
case index == -1:
return dec.FinishValue()
}
if decType != __VDLType_struct_12 {
index = __VDLType_struct_12.FieldIndexByName(decType.Field(index).Name)
if index == -1 {
if err := dec.SkipValue(); err != nil {
return err
}
continue
}
}
switch index {
case 0:
if err := __VDLReadAnon_list_2(dec, &x.Server); err != nil {
return err
}
case 1:
switch value, err := dec.ReadValueString(); {
case err != nil:
return err
default:
x.Method = value
}
case 2:
if err := __VDLReadAnon_list_3(dec, &x.Arguments); err != nil {
return err
}
}
}
}
func __VDLReadAnon_list_2(dec vdl.Decoder, x *[]BlessingPattern) error {
if err := dec.StartValue(__VDLType_list_13); err != nil {
return err
}
if len := dec.LenHint(); len > 0 {
*x = make([]BlessingPattern, 0, len)
} else {
*x = nil
}
for {
switch done, elem, err := dec.NextEntryValueString(); {
case err != nil:
return err
case done:
return dec.FinishValue()
default:
*x = append(*x, BlessingPattern(elem))
}
}
}
func __VDLReadAnon_list_3(dec vdl.Decoder, x *[]*vom.RawBytes) error {
if err := dec.StartValue(__VDLType_list_14); err != nil {
return err
}
if len := dec.LenHint(); len > 0 {
*x = make([]*vom.RawBytes, 0, len)
} else {
*x = nil
}
for {
switch done, err := dec.NextEntry(); {
case err != nil:
return err
case done:
return dec.FinishValue()
default:
var elem *vom.RawBytes
elem = new(vom.RawBytes)
if err := elem.VDLRead(dec); err != nil {
return err
}
*x = append(*x, elem)
}
}
}
// Certificate represents the cryptographic proof of the binding of
// extensions of a blessing held by one principal to another (represented by
// a public key) under specific caveats.
//
// For example, if a principal P1 has a blessing "alice", then it can
// extend it with a Certificate to generate the blessing "alice/friend" for
// another principal P2.
type Certificate struct {
Extension string // Human-readable string extension bound to PublicKey.
PublicKey []byte // DER-encoded PKIX public key.
Caveats []Caveat // Caveats on the binding of Name to PublicKey.
Signature Signature // Signature by the blessing principal that binds the extension to the public key.
}
func (Certificate) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.Certificate"`
}) {
}
func (x Certificate) VDLIsZero() bool {
if x.Extension != "" {
return false
}
if len(x.PublicKey) != 0 {
return false
}
if len(x.Caveats) != 0 {
return false
}
if !x.Signature.VDLIsZero() {
return false
}
return true
}
func (x Certificate) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(__VDLType_struct_15); err != nil {
return err
}
if x.Extension != "" {
if err := enc.NextFieldValueString(0, vdl.StringType, x.Extension); err != nil {
return err
}
}
if len(x.PublicKey) != 0 {
if err := enc.NextFieldValueBytes(1, __VDLType_list_4, x.PublicKey); err != nil {
return err
}
}
if len(x.Caveats) != 0 {
if err := enc.NextField(2); err != nil {
return err
}
if err := __VDLWriteAnon_list_1(enc, x.Caveats); err != nil {
return err
}
}
if !x.Signature.VDLIsZero() {
if err := enc.NextField(3); err != nil {
return err
}
if err := x.Signature.VDLWrite(enc); err != nil {
return err
}
}
if err := enc.NextField(-1); err != nil {
return err
}
return enc.FinishValue()
}
func (x *Certificate) VDLRead(dec vdl.Decoder) error {
*x = Certificate{}
if err := dec.StartValue(__VDLType_struct_15); err != nil {
return err
}
decType := dec.Type()
for {
index, err := dec.NextField()
switch {
case err != nil:
return err
case index == -1:
return dec.FinishValue()
}
if decType != __VDLType_struct_15 {
index = __VDLType_struct_15.FieldIndexByName(decType.Field(index).Name)
if index == -1 {
if err := dec.SkipValue(); err != nil {
return err
}
continue
}
}
switch index {
case 0:
switch value, err := dec.ReadValueString(); {
case err != nil:
return err
default:
x.Extension = value
}
case 1:
if err := dec.ReadValueBytes(-1, &x.PublicKey); err != nil {
return err
}
case 2:
if err := __VDLReadAnon_list_1(dec, &x.Caveats); err != nil {
return err
}
case 3:
if err := x.Signature.VDLRead(dec); err != nil {
return err
}
}
}
}
// CaveatDescriptor defines an association between a caveat validation function
// (addressed by globally unique identifier) and the data needed by the
// validation function.
//
// For a validator to be invoked, a validation function must be registered with
// the validator description in the language that the function is defined in.
type CaveatDescriptor struct {
Id uniqueid.Id // The identifier of the caveat validation function.
ParamType *vdl.Type // The type of the parameter expected by the validation function.
}
func (CaveatDescriptor) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.CaveatDescriptor"`
}) {
}
func (x CaveatDescriptor) VDLIsZero() bool {
if x.Id != (uniqueid.Id{}) {
return false
}
if x.ParamType != nil && x.ParamType != vdl.AnyType {
return false
}
return true
}
func (x CaveatDescriptor) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(__VDLType_struct_16); err != nil {
return err
}
if x.Id != (uniqueid.Id{}) {
if err := enc.NextFieldValueBytes(0, __VDLType_array_3, x.Id[:]); err != nil {
return err
}
}
if x.ParamType != nil && x.ParamType != vdl.AnyType {
if err := enc.NextFieldValueTypeObject(1, x.ParamType); err != nil {
return err
}
}
if err := enc.NextField(-1); err != nil {
return err
}
return enc.FinishValue()
}
func (x *CaveatDescriptor) VDLRead(dec vdl.Decoder) error {
*x = CaveatDescriptor{
ParamType: vdl.AnyType,
}
if err := dec.StartValue(__VDLType_struct_16); err != nil {
return err
}
decType := dec.Type()
for {
index, err := dec.NextField()
switch {
case err != nil:
return err
case index == -1:
return dec.FinishValue()
}
if decType != __VDLType_struct_16 {
index = __VDLType_struct_16.FieldIndexByName(decType.Field(index).Name)
if index == -1 {
if err := dec.SkipValue(); err != nil {
return err
}
continue
}
}
switch index {
case 0:
bytes := x.Id[:]
if err := dec.ReadValueBytes(16, &bytes); err != nil {
return err
}
case 1:
switch value, err := dec.ReadValueTypeObject(); {
case err != nil:
return err
default:
x.ParamType = value
}
}
}
}
// WireBlessings encapsulates wire format of a set of blessings and the
// corresponding cryptographic proof that binds them to a principal
// (identified by a public key).
//
// This structure is the "wire" format for sending and receiving blessings
// in RPCs or marshaling to persistent storage. Typically, languages will
// provide a factory function that converts this wire representation to
// a more usable object to inspect and manipulate these blessings.
type WireBlessings struct {
// CertificateChains is an array of chains of certificates that bind
// a blessing to the public key in the last certificate of the chain.
CertificateChains [][]Certificate
}
func (WireBlessings) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.WireBlessings"`
}) {
}
func (x WireBlessings) VDLIsZero() bool {
if len(x.CertificateChains) != 0 {
return false
}
return true
}
func (x WireBlessings) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(__VDLType_struct_17); err != nil {
return err
}
if len(x.CertificateChains) != 0 {
if err := enc.NextField(0); err != nil {
return err
}
if err := __VDLWriteAnon_list_4(enc, x.CertificateChains); err != nil {
return err
}
}
if err := enc.NextField(-1); err != nil {
return err
}
return enc.FinishValue()
}
func __VDLWriteAnon_list_4(enc vdl.Encoder, x [][]Certificate) error {
if err := enc.StartValue(__VDLType_list_18); err != nil {
return err
}
if err := enc.SetLenHint(len(x)); err != nil {
return err
}
for _, elem := range x {
if err := enc.NextEntry(false); err != nil {
return err
}
if err := __VDLWriteAnon_list_5(enc, elem); err != nil {
return err
}
}
if err := enc.NextEntry(true); err != nil {
return err
}
return enc.FinishValue()
}
func __VDLWriteAnon_list_5(enc vdl.Encoder, x []Certificate) error {
if err := enc.StartValue(__VDLType_list_19); err != nil {
return err
}
if err := enc.SetLenHint(len(x)); err != nil {
return err
}
for _, elem := range x {
if err := enc.NextEntry(false); err != nil {
return err
}
if err := elem.VDLWrite(enc); err != nil {
return err
}
}
if err := enc.NextEntry(true); err != nil {
return err
}
return enc.FinishValue()
}
func (x *WireBlessings) VDLRead(dec vdl.Decoder) error {
*x = WireBlessings{}
if err := dec.StartValue(__VDLType_struct_17); err != nil {
return err
}
decType := dec.Type()
for {
index, err := dec.NextField()
switch {
case err != nil:
return err
case index == -1:
return dec.FinishValue()
}
if decType != __VDLType_struct_17 {
index = __VDLType_struct_17.FieldIndexByName(decType.Field(index).Name)
if index == -1 {
if err := dec.SkipValue(); err != nil {
return err
}
continue
}
}
switch index {
case 0:
if err := __VDLReadAnon_list_4(dec, &x.CertificateChains); err != nil {
return err
}
}
}
}
func __VDLReadAnon_list_4(dec vdl.Decoder, x *[][]Certificate) error {
if err := dec.StartValue(__VDLType_list_18); err != nil {
return err
}
if len := dec.LenHint(); len > 0 {
*x = make([][]Certificate, 0, len)
} else {
*x = nil
}
for {
switch done, err := dec.NextEntry(); {
case err != nil:
return err
case done:
return dec.FinishValue()
default:
var elem []Certificate
if err := __VDLReadAnon_list_5(dec, &elem); err != nil {
return err
}
*x = append(*x, elem)
}
}
}
func __VDLReadAnon_list_5(dec vdl.Decoder, x *[]Certificate) error {
if err := dec.StartValue(__VDLType_list_19); err != nil {
return err
}
if len := dec.LenHint(); len > 0 {
*x = make([]Certificate, 0, len)
} else {
*x = nil
}
for {
switch done, err := dec.NextEntry(); {
case err != nil:
return err
case done:
return dec.FinishValue()
default:
var elem Certificate
if err := elem.VDLRead(dec); err != nil {
return err
}
*x = append(*x, elem)
}
}
}
type (
// WireDischarge represents any single field of the WireDischarge union type.
//
// WireDischarge encapsulates the wire format of a third-party caveat
// Discharge.
WireDischarge interface {
// Index returns the field index.
Index() int
// Interface returns the field value as an interface.
Interface() interface{}
// Name returns the field name.
Name() string
// __VDLReflect describes the WireDischarge union type.
__VDLReflect(__WireDischargeReflect)
VDLIsZero() bool
VDLWrite(vdl.Encoder) error
}
// WireDischargePublicKey represents field PublicKey of the WireDischarge union type.
WireDischargePublicKey struct{ Value PublicKeyDischarge } // Discharge for PublicKeyThirdPartyCaveat
// __WireDischargeReflect describes the WireDischarge union type.
__WireDischargeReflect struct {
Name string `vdl:"v.io/v23/security.WireDischarge"`
Type WireDischarge
Union struct {
PublicKey WireDischargePublicKey
}
}
)
func (x WireDischargePublicKey) Index() int { return 0 }
func (x WireDischargePublicKey) Interface() interface{} { return x.Value }
func (x WireDischargePublicKey) Name() string { return "PublicKey" }
func (x WireDischargePublicKey) __VDLReflect(__WireDischargeReflect) {}
func (x WireDischargePublicKey) VDLIsZero() bool {
return x.Value.VDLIsZero()
}
func (x WireDischargePublicKey) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(__VDLType_union_20); err != nil {
return err
}
if err := enc.NextField(0); err != nil {
return err
}
if err := x.Value.VDLWrite(enc); err != nil {
return err
}
if err := enc.NextField(-1); err != nil {
return err
}
return enc.FinishValue()
}
func VDLReadWireDischarge(dec vdl.Decoder, x *WireDischarge) error {
if err := dec.StartValue(__VDLType_union_20); err != nil {
return err
}
decType := dec.Type()
index, err := dec.NextField()
switch {
case err != nil:
return err
case index == -1:
return fmt.Errorf("missing field in union %T, from %v", x, decType)
}
if decType != __VDLType_union_20 {
name := decType.Field(index).Name
index = __VDLType_union_20.FieldIndexByName(name)
if index == -1 {
return fmt.Errorf("field %q not in union %T, from %v", name, x, decType)
}
}
switch index {
case 0:
var field WireDischargePublicKey
if err := field.Value.VDLRead(dec); err != nil {
return err
}
*x = field
}
switch index, err := dec.NextField(); {
case err != nil:
return err
case index != -1:
return fmt.Errorf("extra field %d in union %T, from %v", index, x, dec.Type())
}
return dec.FinishValue()
}
// RejectedBlessing describes why a blessing failed validation.
type RejectedBlessing struct {
Blessing string
Err error
}
func (RejectedBlessing) __VDLReflect(struct {
Name string `vdl:"v.io/v23/security.RejectedBlessing"`
}) {
}
func (x RejectedBlessing) VDLIsZero() bool {
return x == RejectedBlessing{}
}
func (x RejectedBlessing) VDLWrite(enc vdl.Encoder) error {
if err := enc.StartValue(__VDLType_struct_21); err != nil {
return err
}
if x.Blessing != "" {
if err := enc.NextFieldValueString(0, vdl.StringType, x.Blessing); err != nil {
return err
}
}
if x.Err != nil {
if err := enc.NextField(1); err != nil {
return err
}
if err := verror.VDLWrite(enc, x.Err); err != nil {
return err
}
}
if err := enc.NextField(-1); err != nil {
return err
}
return enc.FinishValue()
}
func (x *RejectedBlessing) VDLRead(dec vdl.Decoder) error {
*x = RejectedBlessing{}
if err := dec.StartValue(__VDLType_struct_21); err != nil {
return err
}
decType := dec.Type()
for {
index, err := dec.NextField()
switch {
case err != nil:
return err
case index == -1:
return dec.FinishValue()
}
if decType != __VDLType_struct_21 {
index = __VDLType_struct_21.FieldIndexByName(decType.Field(index).Name)
if index == -1 {
if err := dec.SkipValue(); err != nil {
return err
}
continue
}
}
switch index {
case 0:
switch value, err := dec.ReadValueString(); {
case err != nil:
return err
default:
x.Blessing = value
}
case 1:
if err := verror.VDLRead(dec, &x.Err); err != nil {
return err
}
}
}
}
// Type-check native conversion functions.
var (
_ func(WireBlessings, *Blessings) error = WireBlessingsToNative
_ func(*WireBlessings, Blessings) error = WireBlessingsFromNative
_ func(WireDischarge, *Discharge) error = WireDischargeToNative
_ func(*WireDischarge, Discharge) error = WireDischargeFromNative
)
//////////////////////////////////////////////////
// Const definitions
// ConstCaveat represents a caveat that either always validates or never validates.
var ConstCaveat = CaveatDescriptor{
ParamType: vdl.BoolType,
}
// ExpiryCaveat represents a caveat that validates iff the current time is no later
// the specified time.Time.
var ExpiryCaveat = CaveatDescriptor{
Id: uniqueid.Id{
166,
76,
45,
1,
25,
251,
163,
52,
128,
113,
254,
235,
47,
48,
128,
0,
},
ParamType: __VDLType_struct_22,
}
// MethodCaveat represents a caveat that validates iff the method being
// invoked is included in this list. An empty list implies that the caveat is invalid.
var MethodCaveat = CaveatDescriptor{
Id: uniqueid.Id{
84,
166,
118,
57,
129,
55,
24,
126,
205,
178,
109,
45,
105,
186,
0,
3,
},
ParamType: __VDLType_list_23,
}
var PublicKeyThirdPartyCaveat = CaveatDescriptor{
Id: uniqueid.Id{
121,
114,
206,
23,
74,
123,
169,
63,
121,
84,
125,
118,
156,
145,
128,
0,
},
ParamType: __VDLType_struct_6,
}
// PeerBlessingsCaveat represents a caveat that validates iff the peer being communicated
// with (local end of the call) has a blessing name matching at least one of the patterns
// in the list. An empty list implies that the caveat is invalid.
var PeerBlessingsCaveat = CaveatDescriptor{
Id: uniqueid.Id{
5,
119,
248,
86,
76,
142,
95,
254,
255,
142,
43,
31,
77,
109,
128,
0,
},
ParamType: __VDLType_list_13,
}
// NoExtension is an optional terminator for a blessing pattern indicating that the pattern
// cannot match any extensions of the blessing from that point onwards.
const NoExtension = BlessingPattern("$")
// TODO(ataly, ashankar): The semantics of AllPrincipals breaks monotonicity in
// AccessLists with NotIn clauses. For instance, the AccessList "In: {AllPrincipals}, NotIn: {"foo"}
// matches the principal that presents no recognizable blessings ([]) however does not
// match the principal that presents "foo" as the only recognizable blessings (["foo"])
// We need to sort this out.
const AllPrincipals = BlessingPattern("...") // Glob pattern that matches all blessings.
const ChainSeparator = ":" // ChainSeparator joins blessing names to form a blessing chain name.
const SHA1Hash = Hash("SHA1") // SHA1 cryptographic hash function defined in RFC3174.
const SHA256Hash = Hash("SHA256") // SHA256 cryptographic hash function defined in FIPS 180-4.
const SHA384Hash = Hash("SHA384") // SHA384 cryptographic hash function defined in FIPS 180-2.
const SHA512Hash = Hash("SHA512") // SHA512 cryptographic hash function defined in FIPS 180-2.
const SignatureForMessageSigning = "S1" // Signature.Purpose used by a Principal to sign arbitrary messages.
const SignatureForBlessingCertificates = "B1" // Signature.Purpose used by a Principal when signing Certificates for creating blessings.
const SignatureForDischarge = "D1" // Signature.Purpose used by a Principal when signing discharges for public-key based third-party caveats.
//////////////////////////////////////////////////
// Error definitions
var (
ErrCaveatNotRegistered = verror.Register("v.io/v23/security.CaveatNotRegistered", verror.NoRetry, "{1:}{2:} no validation function registered for caveat id {3}")
ErrCaveatParamAny = verror.Register("v.io/v23/security.CaveatParamAny", verror.NoRetry, "{1:}{2:} caveat {3} uses illegal param type any")
ErrCaveatParamTypeMismatch = verror.Register("v.io/v23/security.CaveatParamTypeMismatch", verror.NoRetry, "{1:}{2:} bad param type: caveat {3} got {4}, want {5}")
ErrCaveatParamCoding = verror.Register("v.io/v23/security.CaveatParamCoding", verror.NoRetry, "{1:}{2:} unable to encode/decode caveat param(type={4}) for caveat {3}: {5}")
ErrCaveatValidation = verror.Register("v.io/v23/security.CaveatValidation", verror.NoRetry, "{1:}{2:} caveat validation failed: {3}")
ErrConstCaveatValidation = verror.Register("v.io/v23/security.ConstCaveatValidation", verror.NoRetry, "{1:}{2:} false const caveat always fails validation")
ErrExpiryCaveatValidation = verror.Register("v.io/v23/security.ExpiryCaveatValidation", verror.NoRetry, "{1:}{2:} now({3}) is after expiry({4})")
ErrMethodCaveatValidation = verror.Register("v.io/v23/security.MethodCaveatValidation", verror.NoRetry, "{1:}{2:} method {3} not in list {4}")
ErrPeerBlessingsCaveatValidation = verror.Register("v.io/v23/security.PeerBlessingsCaveatValidation", verror.NoRetry, "{1:}{2:} patterns in peer blessings caveat {4} not matched by the peer {3}")
ErrUnrecognizedRoot = verror.Register("v.io/v23/security.UnrecognizedRoot", verror.NoRetry, "{1:}{2:} unrecognized public key {3} in root certificate{:4}")
ErrAuthorizationFailed = verror.Register("v.io/v23/security.AuthorizationFailed", verror.NoRetry, "{1:}{2:} principal with blessings {3} (rejected {4}) is not authorized by principal with blessings {5}")
ErrInvalidSigningBlessingCaveat = verror.Register("v.io/v23/security.InvalidSigningBlessingCaveat", verror.NoRetry, "{1:}{2:} blessing has caveat with UUID {3} which makes it unsuitable for signing -- please use blessings with just Expiry caveats")
ErrPublicKeyNotAllowed = verror.Register("v.io/v23/security.PublicKeyNotAllowed", verror.NoRetry, "{1:}{2:} peer has public key {3}, not the authorized public key {4}")
ErrEndpointAuthorizationFailed = verror.Register("v.io/v23/security.EndpointAuthorizationFailed", verror.NoRetry, "{1:}{2:} blessings in endpoint {3} not matched by blessings presented: {4} (rejected {5})")
)
// NewErrCaveatNotRegistered returns an error with the ErrCaveatNotRegistered ID.
func NewErrCaveatNotRegistered(ctx *context.T, id uniqueid.Id) error {
return verror.New(ErrCaveatNotRegistered, ctx, id)
}
// NewErrCaveatParamAny returns an error with the ErrCaveatParamAny ID.
func NewErrCaveatParamAny(ctx *context.T, id uniqueid.Id) error {
return verror.New(ErrCaveatParamAny, ctx, id)
}
// NewErrCaveatParamTypeMismatch returns an error with the ErrCaveatParamTypeMismatch ID.
func NewErrCaveatParamTypeMismatch(ctx *context.T, id uniqueid.Id, got *vdl.Type, want *vdl.Type) error {
return verror.New(ErrCaveatParamTypeMismatch, ctx, id, got, want)
}
// NewErrCaveatParamCoding returns an error with the ErrCaveatParamCoding ID.
func NewErrCaveatParamCoding(ctx *context.T, id uniqueid.Id, typ *vdl.Type, err error) error {
return verror.New(ErrCaveatParamCoding, ctx, id, typ, err)
}
// NewErrCaveatValidation returns an error with the ErrCaveatValidation ID.
func NewErrCaveatValidation(ctx *context.T, err error) error {
return verror.New(ErrCaveatValidation, ctx, err)
}
// NewErrConstCaveatValidation returns an error with the ErrConstCaveatValidation ID.
func NewErrConstCaveatValidation(ctx *context.T) error {
return verror.New(ErrConstCaveatValidation, ctx)
}
// NewErrExpiryCaveatValidation returns an error with the ErrExpiryCaveatValidation ID.
func NewErrExpiryCaveatValidation(ctx *context.T, currentTime time.Time, expiryTime time.Time) error {
return verror.New(ErrExpiryCaveatValidation, ctx, currentTime, expiryTime)
}
// NewErrMethodCaveatValidation returns an error with the ErrMethodCaveatValidation ID.
func NewErrMethodCaveatValidation(ctx *context.T, invokedMethod string, permittedMethods []string) error {
return verror.New(ErrMethodCaveatValidation, ctx, invokedMethod, permittedMethods)
}
// NewErrPeerBlessingsCaveatValidation returns an error with the ErrPeerBlessingsCaveatValidation ID.
func NewErrPeerBlessingsCaveatValidation(ctx *context.T, peerBlessings []string, permittedPatterns []BlessingPattern) error {
return verror.New(ErrPeerBlessingsCaveatValidation, ctx, peerBlessings, permittedPatterns)
}
// NewErrUnrecognizedRoot returns an error with the ErrUnrecognizedRoot ID.
func NewErrUnrecognizedRoot(ctx *context.T, rootKey string, details error) error {
return verror.New(ErrUnrecognizedRoot, ctx, rootKey, details)
}
// NewErrAuthorizationFailed returns an error with the ErrAuthorizationFailed ID.
func NewErrAuthorizationFailed(ctx *context.T, remote []string, remoteErr []RejectedBlessing, local []string) error {
return verror.New(ErrAuthorizationFailed, ctx, remote, remoteErr, local)
}
// NewErrInvalidSigningBlessingCaveat returns an error with the ErrInvalidSigningBlessingCaveat ID.
func NewErrInvalidSigningBlessingCaveat(ctx *context.T, id uniqueid.Id) error {
return verror.New(ErrInvalidSigningBlessingCaveat, ctx, id)
}
// NewErrPublicKeyNotAllowed returns an error with the ErrPublicKeyNotAllowed ID.
func NewErrPublicKeyNotAllowed(ctx *context.T, got string, want string) error {
return verror.New(ErrPublicKeyNotAllowed, ctx, got, want)
}
// NewErrEndpointAuthorizationFailed returns an error with the ErrEndpointAuthorizationFailed ID.
func NewErrEndpointAuthorizationFailed(ctx *context.T, endpoint string, remote []string, rejected []RejectedBlessing) error {
return verror.New(ErrEndpointAuthorizationFailed, ctx, endpoint, remote, rejected)
}
// Hold type definitions in package-level variables, for better performance.
var (
__VDLType_array_1 *vdl.Type
__VDLType_struct_2 *vdl.Type
__VDLType_array_3 *vdl.Type
__VDLType_list_4 *vdl.Type
__VDLType_struct_5 *vdl.Type
__VDLType_struct_6 *vdl.Type
__VDLType_list_7 *vdl.Type
__VDLType_string_8 *vdl.Type
__VDLType_struct_9 *vdl.Type
__VDLType_struct_10 *vdl.Type
__VDLType_string_11 *vdl.Type
__VDLType_struct_12 *vdl.Type
__VDLType_list_13 *vdl.Type
__VDLType_list_14 *vdl.Type
__VDLType_struct_15 *vdl.Type
__VDLType_struct_16 *vdl.Type
__VDLType_struct_17 *vdl.Type
__VDLType_list_18 *vdl.Type
__VDLType_list_19 *vdl.Type
__VDLType_union_20 *vdl.Type
__VDLType_struct_21 *vdl.Type
__VDLType_struct_22 *vdl.Type
__VDLType_list_23 *vdl.Type
)
var __VDLInitCalled bool
// __VDLInit performs vdl initialization. It is safe to call multiple times.
// If you have an init ordering issue, just insert the following line verbatim
// into your source files in this package, right after the "package foo" clause:
//
// var _ = __VDLInit()
//
// The purpose of this function is to ensure that vdl initialization occurs in
// the right order, and very early in the init sequence. In particular, vdl
// registration and package variable initialization needs to occur before
// functions like vdl.TypeOf will work properly.
//
// This function returns a dummy value, so that it can be used to initialize the
// first var in the file, to take advantage of Go's defined init order.
func __VDLInit() struct{} {
if __VDLInitCalled {
return struct{}{}
}
__VDLInitCalled = true
// Register native type conversions first, so that vdl.TypeOf works.
vdl.RegisterNative(WireBlessingsToNative, WireBlessingsFromNative)
vdl.RegisterNative(WireDischargeToNative, WireDischargeFromNative)
// Register types.
vdl.Register((*nonce)(nil))
vdl.Register((*Caveat)(nil))
vdl.Register((*ThirdPartyRequirements)(nil))
vdl.Register((*publicKeyThirdPartyCaveatParam)(nil))
vdl.Register((*Hash)(nil))
vdl.Register((*Signature)(nil))
vdl.Register((*PublicKeyDischarge)(nil))
vdl.Register((*BlessingPattern)(nil))
vdl.Register((*DischargeImpetus)(nil))
vdl.Register((*Certificate)(nil))
vdl.Register((*CaveatDescriptor)(nil))
vdl.Register((*WireBlessings)(nil))
vdl.Register((*WireDischarge)(nil))
vdl.Register((*RejectedBlessing)(nil))
// Initialize type definitions.
__VDLType_array_1 = vdl.TypeOf((*nonce)(nil))
__VDLType_struct_2 = vdl.TypeOf((*Caveat)(nil)).Elem()
__VDLType_array_3 = vdl.TypeOf((*uniqueid.Id)(nil))
__VDLType_list_4 = vdl.TypeOf((*[]byte)(nil))
__VDLType_struct_5 = vdl.TypeOf((*ThirdPartyRequirements)(nil)).Elem()
__VDLType_struct_6 = vdl.TypeOf((*publicKeyThirdPartyCaveatParam)(nil)).Elem()
__VDLType_list_7 = vdl.TypeOf((*[]Caveat)(nil))
__VDLType_string_8 = vdl.TypeOf((*Hash)(nil))
__VDLType_struct_9 = vdl.TypeOf((*Signature)(nil)).Elem()
__VDLType_struct_10 = vdl.TypeOf((*PublicKeyDischarge)(nil)).Elem()
__VDLType_string_11 = vdl.TypeOf((*BlessingPattern)(nil))
__VDLType_struct_12 = vdl.TypeOf((*DischargeImpetus)(nil)).Elem()
__VDLType_list_13 = vdl.TypeOf((*[]BlessingPattern)(nil))
__VDLType_list_14 = vdl.TypeOf((*[]*vom.RawBytes)(nil))
__VDLType_struct_15 = vdl.TypeOf((*Certificate)(nil)).Elem()
__VDLType_struct_16 = vdl.TypeOf((*CaveatDescriptor)(nil)).Elem()
__VDLType_struct_17 = vdl.TypeOf((*WireBlessings)(nil)).Elem()
__VDLType_list_18 = vdl.TypeOf((*[][]Certificate)(nil))
__VDLType_list_19 = vdl.TypeOf((*[]Certificate)(nil))
__VDLType_union_20 = vdl.TypeOf((*WireDischarge)(nil))
__VDLType_struct_21 = vdl.TypeOf((*RejectedBlessing)(nil)).Elem()
__VDLType_struct_22 = vdl.TypeOf((*vdltime.Time)(nil)).Elem()
__VDLType_list_23 = vdl.TypeOf((*[]string)(nil))
// Set error format strings.
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatNotRegistered.ID), "{1:}{2:} no validation function registered for caveat id {3}")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatParamAny.ID), "{1:}{2:} caveat {3} uses illegal param type any")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatParamTypeMismatch.ID), "{1:}{2:} bad param type: caveat {3} got {4}, want {5}")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatParamCoding.ID), "{1:}{2:} unable to encode/decode caveat param(type={4}) for caveat {3}: {5}")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrCaveatValidation.ID), "{1:}{2:} caveat validation failed: {3}")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrConstCaveatValidation.ID), "{1:}{2:} false const caveat always fails validation")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrExpiryCaveatValidation.ID), "{1:}{2:} now({3}) is after expiry({4})")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrMethodCaveatValidation.ID), "{1:}{2:} method {3} not in list {4}")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrPeerBlessingsCaveatValidation.ID), "{1:}{2:} patterns in peer blessings caveat {4} not matched by the peer {3}")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrUnrecognizedRoot.ID), "{1:}{2:} unrecognized public key {3} in root certificate{:4}")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrAuthorizationFailed.ID), "{1:}{2:} principal with blessings {3} (rejected {4}) is not authorized by principal with blessings {5}")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrInvalidSigningBlessingCaveat.ID), "{1:}{2:} blessing has caveat with UUID {3} which makes it unsuitable for signing -- please use blessings with just Expiry caveats")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrPublicKeyNotAllowed.ID), "{1:}{2:} peer has public key {3}, not the authorized public key {4}")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrEndpointAuthorizationFailed.ID), "{1:}{2:} blessings in endpoint {3} not matched by blessings presented: {4} (rejected {5})")
return struct{}{}
}