Documentation ¶
Index ¶
- func MockConfig() config.Config
- type Admin
- func (s *Admin) Authenticate(c *gin.Context)
- func (s *Admin) Autocomplete(c *gin.Context)
- func (s *Admin) Available() gin.HandlerFunc
- func (s *Admin) CreateReviewNote(c *gin.Context)
- func (s *Admin) DeleteReviewNote(c *gin.Context)
- func (s *Admin) GetRouter() http.Handler
- func (s *Admin) GetTokenManager() *tokens.TokenManager
- func (s *Admin) ListReviewNotes(c *gin.Context)
- func (s *Admin) ListVASPs(c *gin.Context)
- func (s *Admin) ProtectAuthenticate(c *gin.Context)
- func (s *Admin) Reauthenticate(c *gin.Context)
- func (s *Admin) Resend(c *gin.Context)
- func (s *Admin) RetrieveVASP(c *gin.Context)
- func (s *Admin) Review(c *gin.Context)
- func (s *Admin) ReviewTimeline(c *gin.Context)
- func (s *Admin) Serve() (err error)
- func (s *Admin) SetHealth(health bool)
- func (s *Admin) Shutdown() (err error)
- func (s *Admin) Status(c *gin.Context)
- func (s *Admin) Summary(c *gin.Context)
- func (s *Admin) UpdateReviewNote(c *gin.Context)
- func (s *Admin) UpdateVASP(c *gin.Context)
- type GDS
- func (s *GDS) Lookup(ctx context.Context, in *api.LookupRequest) (out *api.LookupReply, err error)
- func (s *GDS) Register(ctx context.Context, in *api.RegisterRequest) (out *api.RegisterReply, err error)
- func (s *GDS) Run(sock net.Listener)
- func (s *GDS) Search(ctx context.Context, in *api.SearchRequest) (out *api.SearchReply, err error)
- func (s *GDS) Serve() (err error)
- func (s *GDS) Shutdown() (err error)
- func (s *GDS) Status(ctx context.Context, in *api.HealthCheck) (out *api.ServiceState, err error)
- func (s *GDS) Verification(ctx context.Context, in *api.VerificationRequest) (out *api.VerificationReply, err error)
- func (s *GDS) VerifyContact(ctx context.Context, in *api.VerifyContactRequest) (out *api.VerifyContactReply, err error)
- type Members
- type Service
- func (s *Service) BackupManager(stop <-chan bool)
- func (s *Service) CertManager(stop <-chan struct{})
- func (s *Service) GetAdmin() *Admin
- func (s *Service) GetConf() config.Config
- func (s *Service) GetGDS() *GDS
- func (s *Service) GetMembers() *Members
- func (s *Service) GetSecretManager() *secrets.SecretManager
- func (s *Service) GetStore() store.Store
- func (s *Service) Serve() (err error)
- func (s *Service) Shutdown() (err error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func MockConfig ¶
MockConfig returns a configuration that ensures the service will operate in a fully mocked way with all testing parameters set correctly. The config is returned directly for required modifications, such as pointing the database path to a fixtures path.
Types ¶
type Admin ¶
Admin implements the DirectoryAdministrationServer as defined by the v2 JSON API. This service is the primary interaction point with authorized TRISA users that are performing secure commands with authentication.
func (*Admin) Authenticate ¶
Authenticate expects a Google OAuth JWT token that is verified by the server. Once verified, the JWT claims are authenticated against the server. Provided valid claims, the server will issue access and referesh tokens that the client should submit in the Authorization header for all future requests. This method also resets the CSRF double cookies to ensure that max-age matches the duration of the refresh tokens.
func (*Admin) Autocomplete ¶
Autocomplete returns a mapping of name to VASP UUID for the search bar.
func (*Admin) Available ¶
func (s *Admin) Available() gin.HandlerFunc
Available is middleware that uses the healthy boolean to return a service unavailable http status code if the server is shutting down. It does this before all routes to ensure that complex handling doesn't bog down the server.
func (*Admin) CreateReviewNote ¶
CreateReviewNote creates a new review note given the vaspID param and a CreateReviewNoteRequest.
func (*Admin) DeleteReviewNote ¶
DeleteReviewNote deletes a review note given vaspID and noteID params.
func (*Admin) GetTokenManager ¶
func (s *Admin) GetTokenManager() *tokens.TokenManager
GetTokenManager returns the underlying token manager for testing.
func (*Admin) ListReviewNotes ¶
ListReviewNotes returns a list of review notes given a vaspID param.
func (*Admin) ListVASPs ¶
ListVASPs returns a paginated, summary data structure of all VASPs managed by the directory service. This is an authenticated endpoint that is used to support the Admin UI and facilitate the review and registration process.
func (*Admin) ProtectAuthenticate ¶
ProtectAuthenticate prepares the front-end for submitting a login token by setting the double cookie tokens for CSRF protection. The front-end should call this before posting credentials from Google.
func (*Admin) Reauthenticate ¶
Reauthenticate allows the submission of a refresh token to reauthenticate an expired or expiring access token and issues a new token pair. The access token must still be provided in the Authorization header as a Bearer token, even if it is expired since the access token contains the claims that need to be reissued. The refresh token is posted in the request body as the credential. This method also resets the CSRF double cookies to ensure that the max-age matches the duration of the refresh tokens.
func (*Admin) RetrieveVASP ¶
func (*Admin) Review ¶
Review a registration request and either accept or reject it. On accept, the certificate request that was created on verify is used to send a Sectigo request and the certificate manager process watches it until the certificate has been issued. On reject, the VASP and certificate request records are deleted and the reject reason is sent to the technical contact.
func (*Admin) ReviewTimeline ¶
ReviewTimeline returns a list of time series records containing registration state counts by week.
func (*Admin) SetHealth ¶
SetHealth sets the health status on the API server, putting it into unavailable mode if health is false, and removing maintenance mode if health is true.
func (*Admin) UpdateReviewNote ¶
UpdateReivewNote updates the text of a review note given vaspIP and noteID params and an UpdateReviewNoteRequest.
func (*Admin) UpdateVASP ¶
UpdateVASP is a single entry point to a variety of different patches that can be made to the VASP object. In particular, the user may update the business details (website, categories, and established on), update the IVMS 101 Legal Person entity, change their responses to the TRIXO form, update the common name or endpoint, or manage contact details. Although technically, this endpoint would allow all those changes to be made simultaneously, the idea is that the PATCH only happens inside of those collections or groups of fields. Individual update methods define the logic for how each of those groups is updated together.
type GDS ¶
type GDS struct { api.UnimplementedTRISADirectoryServer // contains filtered or unexported fields }
GDS implements the TRISADirectoryService as defined by the v1beta1 or later TRISA protocol buffers. This service is the primary interaction point with TRISA service implementations that lookup information from the directory service, and this service also allows users to register and verify with the directory.
SEE FIRST: Service as defined in service.go (the main entrypoint of the server)
func (*GDS) Lookup ¶
func (s *GDS) Lookup(ctx context.Context, in *api.LookupRequest) (out *api.LookupReply, err error)
Lookup a VASP entity by name or ID to get full details including the TRISA certification if it exists and the entity has been verified.
func (*GDS) Register ¶
func (s *GDS) Register(ctx context.Context, in *api.RegisterRequest) (out *api.RegisterReply, err error)
Register a new VASP entity with the directory service. After registration, the new entity must go through the verification process to get issued a certificate. The status of verification can be obtained by using the lookup RPC call. Register generates a PKCS12 password, provided in the RPC response which can be used to access the certificate private keys when they're emailed.
func (*GDS) Run ¶
Run the gRPC server. This method is extracted from the Serve function so that it can be run in its own go routine and to allow tests to Run a bufconn server without starting a live server with all of the various go routines and channels running.
func (*GDS) Search ¶
func (s *GDS) Search(ctx context.Context, in *api.SearchRequest) (out *api.SearchReply, err error)
Search for VASP entity records by name or by country in order to perform more detailed Lookup requests. The search process is purposefully simplistic at the moment.
func (*GDS) Status ¶
func (s *GDS) Status(ctx context.Context, in *api.HealthCheck) (out *api.ServiceState, err error)
func (*GDS) Verification ¶
func (s *GDS) Verification(ctx context.Context, in *api.VerificationRequest) (out *api.VerificationReply, err error)
Verification returns the status of a VASP including its verification and service status if the directory service is performing health check monitoring.
func (*GDS) VerifyContact ¶
func (s *GDS) VerifyContact(ctx context.Context, in *api.VerifyContactRequest) (out *api.VerifyContactReply, err error)
VerifyEmail checks the contact tokens for the specified VASP and registers the contact email verification. If successful, this method then sends the verification request to the TRISA Admins for review.
type Members ¶
type Members struct { api.UnimplementedTRISAMembersServer // contains filtered or unexported fields }
Members implements the TRISAMembers service as defined by the experimental v1alpha1 protocol buffers in the GDS repository. This service is intended to be an mTLS authenticated service (which is why it is separate from the GDS service) that is used directly by TRISA members to facilitate p2p exchanges and GDS lookups.
NOTE: this is a prototype service, this service may eventually be moved into the GDS specification in trisacrypto/trisa.
func NewMembers ¶
NewMembers creates a new Member server derived from a parent Service.
func (*Members) List ¶
List all verified VASP members in the Directory Service. This RPC returns an abbreviated listing of VASP details intended to facilitate p2p exchanges or more detailed lookups against the Directory Service. The response is paginated. If there are more results than the specified page size, then the reply will include a next page token. That token can be used to fetch the next page so long as the parameters of the original request are not modified (e.g. any filters or pagination parameters). See https://cloud.google.com/apis/design/design_patterns#list_pagination for more.
func (*Members) Run ¶
Run the gRPC server. This method is extracted from the Serve function so that it can be run in its own go routine and to allow tests to Run a bufconn server without starting a live server with all of the various go routines and channels running.
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service defines the entirety of the TRISA Global Directory Service including the GDS server that handles TRISA requests, the Admin server that handles administrative interactions, as well as the smaller routines and managers to handle email, secrets, backups, and certificates. E.g. this is the parent service that coordinates all subservices.
func New ¶
New creates a TRISA Directory Service with the specified configuration and prepares it to listen for and serve GRPC requests.
func NewMock ¶
NewMock creates and returns a mocked Service for testing, using values provided in the config. The config should contain values specific to testing as the mock method only mocks at the top level of the service, lower level mocks such as mocking the secret manager or email service must be implemented with configuration. Use MockConfig to ensure a configuration is generated that fully mocks the service.
func (*Service) BackupManager ¶
BackupManager is a go routine that periodically copies the directory storage to a compressed backup location, either locally on disk or to a cloud location. The manager may also encrypt the storage with provided keys. The manager is started when the server is started; but if it is not able to run, it will exit before continuing.
TODO: allow storage to cloud storage rather than to disk TODO: encrypt the backup storage file
func (*Service) CertManager ¶
func (s *Service) CertManager(stop <-chan struct{})
CertManager is a go routine that periodically checks on the status of certificate requests and moves them through the request pipeline. Once CertManager detects a certificate request that is ready to submit, it submits the request via the Sectigo API. If processing, it checks the batch status, and when it detects that the bact is done processing it downloads the certs and emails them to the technical conacts. If the certificate processing fails for any reason, it sends and error message to the TRISA admins since this will prevent the integrator from joining the network.
TODO: move completed certificate requests to archive so that the CertManger routine isn't continuously handling a growing number of requests over time.
TODO: notify admins if cert-manager errors since this will block integration.
func (*Service) GetMembers ¶
GetMembers returns the Members gRPC server
func (*Service) GetSecretManager ¶
func (s *Service) GetSecretManager() *secrets.SecretManager
GetSecretManager returns the secret manager
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
admin
|
|
members
|
|
models
|
|
Package store provides an interface to multiple types of embedded storage across multiple objects.
|
Package store provides an interface to multiple types of embedded storage across multiple objects. |
Package tokens handles the creation and verification of JWT tokens for authentication.
|
Package tokens handles the creation and verification of JWT tokens for authentication. |