Documentation
¶
Overview ¶
Copyright 2020 CYBERCRYPT
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2020 CYBERCRYPT ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- type Authorizer
- func (a *Authorizer) AddPermission(ctx context.Context, accessObject *AccessObject, ...) error
- func (a *Authorizer) Authorize(ctx context.Context, objectID, userID uuid.UUID) (*AccessObject, bool, error)
- func (a *Authorizer) CreateObject(ctx context.Context, objectID, userID uuid.UUID, kek []byte) ([]byte, error)
- func (a *Authorizer) ParseAccessObject(objectID uuid.UUID, data, tag []byte) (*AccessObject, error)
- func (a *Authorizer) RemovePermission(ctx context.Context, accessObject *AccessObject, ...) error
- func (a *Authorizer) SerializeAccessObject(objectID uuid.UUID, accessObject *AccessObject) ([]byte, []byte, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authorizer ¶
type Authorizer struct {
MessageAuthenticator *crypt.MessageAuthenticator
Store authstorage.AuthStoreInterface
}
Authorizer encapsulates a MessageAuthenticator and a backing Auth Storage for reading and writing Access Objects
func (*Authorizer) AddPermission ¶
func (a *Authorizer) AddPermission(ctx context.Context, accessObject *AccessObject, objectID, targetUserID uuid.UUID) error
AddPermission adds a userID to the allowed users of the objectID and updates the Auth Storage
func (*Authorizer) Authorize ¶
func (a *Authorizer) Authorize(ctx context.Context, objectID, userID uuid.UUID) (*AccessObject, bool, error)
Authorize checks if a userID is allowed to access the objectID
func (*Authorizer) CreateObject ¶
func (a *Authorizer) CreateObject(ctx context.Context, objectID, userID uuid.UUID, kek []byte) ([]byte, error)
CreateObject creates a new object with given parameters and inserts it into the Auth Store, returning the associated OEK.
func (*Authorizer) ParseAccessObject ¶
func (a *Authorizer) ParseAccessObject(objectID uuid.UUID, data, tag []byte) (*AccessObject, error)
parseAccessObject verifies and parses an Object ID + data + tag into an Access Object
func (*Authorizer) RemovePermission ¶
func (a *Authorizer) RemovePermission(ctx context.Context, accessObject *AccessObject, objectID, targetUserID uuid.UUID) error
RemovePermission removes an userID to the allowed users of the objectID and updates the Auth Storage
func (*Authorizer) SerializeAccessObject ¶
func (a *Authorizer) SerializeAccessObject(objectID uuid.UUID, accessObject *AccessObject) ([]byte, []byte, error)
serializeAccessObject serializes and signs an Object ID + Access Object into data + tag
Source Files