Documentation ¶
Index ¶
- func GetVASPMember(vasp *pb.VASP) *api.VASPMember
- func MockConfig() config.Config
- func ValidateCommonName(name string) (err error)
- type Admin
- func (s *Admin) Authenticate(c *gin.Context)
- func (s *Admin) Autocomplete(c *gin.Context)
- func (s *Admin) Available() gin.HandlerFunc
- func (s *Admin) CreateReviewNote(c *gin.Context)
- func (s *Admin) DeleteContact(c *gin.Context)
- func (s *Admin) DeleteReviewNote(c *gin.Context)
- func (s *Admin) DeleteVASP(c *gin.Context)
- func (s *Admin) GetRouter() http.Handler
- func (s *Admin) GetTokenManager() *tokens.TokenManager
- func (s *Admin) ListCertificates(c *gin.Context)
- func (s *Admin) ListReviewNotes(c *gin.Context)
- func (s *Admin) ListVASPs(c *gin.Context)
- func (s *Admin) ProtectAuthenticate(c *gin.Context)
- func (s *Admin) Reauthenticate(c *gin.Context)
- func (s *Admin) ReplaceContact(c *gin.Context)
- func (s *Admin) Resend(c *gin.Context)
- func (s *Admin) RetrieveVASP(c *gin.Context)
- func (s *Admin) Review(c *gin.Context)
- func (s *Admin) ReviewTimeline(c *gin.Context)
- func (s *Admin) ReviewToken(c *gin.Context)
- func (s *Admin) Serve() (err error)
- func (s *Admin) SetHealth(health bool)
- func (s *Admin) Shutdown() (err error)
- func (s *Admin) Status(c *gin.Context)
- func (s *Admin) Summary(c *gin.Context)
- func (s *Admin) UpdateReviewNote(c *gin.Context)
- func (s *Admin) UpdateVASP(c *gin.Context)
- type GDS
- func (s *GDS) Lookup(ctx context.Context, in *api.LookupRequest) (out *api.LookupReply, err error)
- func (s *GDS) Register(ctx context.Context, in *api.RegisterRequest) (out *api.RegisterReply, err error)
- func (s *GDS) Run(sock net.Listener)
- func (s *GDS) Search(ctx context.Context, in *api.SearchRequest) (out *api.SearchReply, err error)
- func (s *GDS) Serve() (err error)
- func (s *GDS) Shutdown() (err error)
- func (s *GDS) Status(ctx context.Context, in *api.HealthCheck) (out *api.ServiceState, err error)
- func (s *GDS) Verification(ctx context.Context, in *api.VerificationRequest) (out *api.VerificationReply, err error)
- func (s *GDS) VerifyContact(ctx context.Context, in *api.VerifyContactRequest) (out *api.VerifyContactReply, err error)
- type Members
- func (s *Members) Details(ctx context.Context, in *api.DetailsRequest) (out *api.MemberDetails, err error)
- func (s *Members) List(ctx context.Context, in *api.ListRequest) (out *api.ListReply, err error)
- func (s *Members) Run(sock net.Listener)
- func (s *Members) Serve() (err error)
- func (s *Members) Shutdown() (err error)
- func (s *Members) Summary(ctx context.Context, in *api.SummaryRequest) (out *api.SummaryReply, err error)
- type Service
- func (s *Service) Backup(path string) (err error)
- func (s *Service) BackupManager(stop <-chan bool)
- func (s *Service) CertManager(stop <-chan struct{})
- func (s *Service) GetAdmin() *Admin
- func (s *Service) GetConf() config.Config
- func (s *Service) GetGDS() *GDS
- func (s *Service) GetMembers() *Members
- func (s *Service) GetSecretManager() *secrets.SecretManager
- func (s *Service) GetStore() store.Store
- func (s *Service) HandleCertificateRequests(certDir string) (err error)
- func (s *Service) Serve() (err error)
- func (s *Service) Shutdown() (err error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetVASPMember ¶ added in v1.5.0
func GetVASPMember(vasp *pb.VASP) *api.VASPMember
GetVASPMember is a helper function to construct a VASPMember from a VASP record.
func MockConfig ¶
MockConfig returns a configuration that ensures the service will operate in a fully mocked way with all testing parameters set correctly. The config is returned directly for required modifications, such as pointing the database path to a fixtures path.
func ValidateCommonName ¶ added in v1.3.1
Validate a common name. The common name should not be empty, nor start with an "*" (e.g. a DNS wildcard). It should not start with a - and each label should be no more than 63 octets long. The common name should not have a scheme e.g. https:// prefix and it shouldn't have a port, e.g. example.com:443. Parsing is primarily based on a regular expression match from the cnre pattern.
Types ¶
type Admin ¶
Admin implements the DirectoryAdministrationServer as defined by the v2 JSON API. This service is the primary interaction point with authorized TRISA users that are performing secure commands with authentication.
func (*Admin) Authenticate ¶
Authenticate expects a Google OAuth JWT token that is verified by the server. Once verified, the JWT claims are authenticated against the server. Provided valid claims, the server will issue access and referesh tokens that the client should submit in the Authorization header for all future requests. This method also resets the CSRF double cookies to ensure that max-age matches the duration of the refresh tokens.
func (*Admin) Autocomplete ¶
Autocomplete returns a mapping of name to VASP UUID for the search bar.
func (*Admin) Available ¶
func (s *Admin) Available() gin.HandlerFunc
Available is middleware that uses the healthy boolean to return a service unavailable http status code if the server is shutting down. It does this before all routes to ensure that complex handling doesn't bog down the server.
func (*Admin) CreateReviewNote ¶
CreateReviewNote creates a new review note given the vaspID param and a CreateReviewNoteRequest.
func (*Admin) DeleteContact ¶ added in v1.3.1
DeleteContact deletes a contact on a VASP.
func (*Admin) DeleteReviewNote ¶
DeleteReviewNote deletes a review note given vaspID and noteID params.
func (*Admin) DeleteVASP ¶ added in v1.3.1
DeleteVASP removes a VASP and its associated certificate requests if and only if the VASP verification status is in PENDING_REVIEW or earlier or ERRORED.
func (*Admin) GetTokenManager ¶
func (s *Admin) GetTokenManager() *tokens.TokenManager
GetTokenManager returns the underlying token manager for testing.
func (*Admin) ListCertificates ¶ added in v1.5.0
ListCertificates returns a list of certificates for the VASP.
func (*Admin) ListReviewNotes ¶
ListReviewNotes returns a list of review notes given a vaspID param.
func (*Admin) ListVASPs ¶
ListVASPs returns a paginated, summary data structure of all VASPs managed by the directory service. This is an authenticated endpoint that is used to support the Admin UI and facilitate the review and registration process.
func (*Admin) ProtectAuthenticate ¶
ProtectAuthenticate prepares the front-end for submitting a login token by setting the double cookie tokens for CSRF protection. The front-end should call this before posting credentials from Google.
func (*Admin) Reauthenticate ¶
Reauthenticate allows the submission of a refresh token to reauthenticate an expired or expiring access token and issues a new token pair. The access token must still be provided in the Authorization header as a Bearer token, even if it is expired since the access token contains the claims that need to be reissued. The refresh token is posted in the request body as the credential. This method also resets the CSRF double cookies to ensure that the max-age matches the duration of the refresh tokens.
func (*Admin) ReplaceContact ¶ added in v1.3.1
ReplaceContact completely replaces a contact on a VASP with a new contact.
func (*Admin) RetrieveVASP ¶
func (*Admin) Review ¶
Review a registration request and either accept or reject it. On accept, the certificate request that was created on verify is used to send a Sectigo request and the certificate manager process watches it until the certificate has been issued. On reject, the VASP and certificate request records are deleted and the reject reason is sent to the technical contact.
func (*Admin) ReviewTimeline ¶
ReviewTimeline returns a list of time series records containing registration state counts by week.
func (*Admin) ReviewToken ¶ added in v1.3.1
ReviewToken returns the admin verification token of the VASP if the VASP is in a state that it can be reviewed in, e.g. PENDING_REVIEW, otherwise a 404 is returned.
func (*Admin) SetHealth ¶
SetHealth sets the health status on the API server, putting it into unavailable mode if health is false, and removing maintenance mode if health is true.
func (*Admin) UpdateReviewNote ¶
UpdateReivewNote updates the text of a review note given vaspIP and noteID params and an UpdateReviewNoteRequest.
func (*Admin) UpdateVASP ¶
UpdateVASP is a single entry point to a variety of different patches that can be made to the VASP object. In particular, the user may update the business details (website, categories, and established on), update the IVMS 101 Legal Person entity, change their responses to the TRIXO form, update the common name or endpoint, or manage contact details. Although technically, this endpoint would allow all those changes to be made simultaneously, the idea is that the PATCH only happens inside of those collections or groups of fields. Individual update methods define the logic for how each of those groups is updated together.
type GDS ¶
type GDS struct { api.UnimplementedTRISADirectoryServer // contains filtered or unexported fields }
GDS implements the TRISADirectoryService as defined by the v1beta1 or later TRISA protocol buffers. This service is the primary interaction point with TRISA service implementations that lookup information from the directory service, and this service also allows users to register and verify with the directory.
SEE FIRST: Service as defined in service.go (the main entrypoint of the server)
func (*GDS) Lookup ¶
func (s *GDS) Lookup(ctx context.Context, in *api.LookupRequest) (out *api.LookupReply, err error)
Lookup a VASP entity by name or ID to get full details including the TRISA certification if it exists and the entity has been verified.
func (*GDS) Register ¶
func (s *GDS) Register(ctx context.Context, in *api.RegisterRequest) (out *api.RegisterReply, err error)
Register a new VASP entity with the directory service. After registration, the new entity must go through the verification process to get issued a certificate. The status of verification can be obtained by using the lookup RPC call. Register generates a PKCS12 password, provided in the RPC response which can be used to access the certificate private keys when they're emailed.
func (*GDS) Run ¶
Run the gRPC server. This method is extracted from the Serve function so that it can be run in its own go routine and to allow tests to Run a bufconn server without starting a live server with all of the various go routines and channels running.
func (*GDS) Search ¶
func (s *GDS) Search(ctx context.Context, in *api.SearchRequest) (out *api.SearchReply, err error)
Search for VASP entity records by name or by country in order to perform more detailed Lookup requests. The search process is purposefully simplistic at the moment.
func (*GDS) Status ¶
func (s *GDS) Status(ctx context.Context, in *api.HealthCheck) (out *api.ServiceState, err error)
func (*GDS) Verification ¶
func (s *GDS) Verification(ctx context.Context, in *api.VerificationRequest) (out *api.VerificationReply, err error)
Verification returns the status of a VASP including its verification and service status if the directory service is performing health check monitoring.
func (*GDS) VerifyContact ¶
func (s *GDS) VerifyContact(ctx context.Context, in *api.VerifyContactRequest) (out *api.VerifyContactReply, err error)
VerifyEmail checks the contact tokens for the specified VASP and registers the contact email verification. If successful, this method then sends the verification request to the TRISA Admins for review.
type Members ¶
type Members struct { api.UnimplementedTRISAMembersServer // contains filtered or unexported fields }
Members implements the TRISAMembers service as defined by the experimental v1alpha1 protocol buffers in the GDS repository. This service is intended to be an mTLS authenticated service (which is why it is separate from the GDS service) that is used directly by TRISA members to facilitate p2p exchanges and GDS lookups.
NOTE: this is a prototype service, this service may eventually be moved into the GDS specification in trisacrypto/trisa.
func NewMembers ¶
NewMembers creates a new Member server derived from a parent Service.
func (*Members) Details ¶ added in v1.5.0
func (s *Members) Details(ctx context.Context, in *api.DetailsRequest) (out *api.MemberDetails, err error)
Details returns the details of the VASP member using the provided ID.
func (*Members) List ¶
List all verified VASP members in the Directory Service. This RPC returns an abbreviated listing of VASP details intended to facilitate p2p exchanges or more detailed lookups against the Directory Service. The response is paginated. If there are more results than the specified page size, then the reply will include a next page token. That token can be used to fetch the next page so long as the parameters of the original request are not modified (e.g. any filters or pagination parameters). See https://cloud.google.com/apis/design/design_patterns#list_pagination for more.
func (*Members) Run ¶
Run the gRPC server. This method is extracted from the Serve function so that it can be run in its own go routine and to allow tests to Run a bufconn server without starting a live server with all of the various go routines and channels running.
func (*Members) Summary ¶ added in v1.5.0
func (s *Members) Summary(ctx context.Context, in *api.SummaryRequest) (out *api.SummaryReply, err error)
Summary returns a summary of the VASP members in the Directory Service. Note: Any VASP can call this endpoint with any VASP ID, therefore we need to avoid returning sensitive VASP details here such as IVMS info.
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service defines the entirety of the TRISA Global Directory Service including the GDS server that handles TRISA requests, the Admin server that handles administrative interactions, as well as the smaller routines and managers to handle email, secrets, backups, and certificates. E.g. this is the parent service that coordinates all subservices.
func New ¶
New creates a TRISA Directory Service with the specified configuration and prepares it to listen for and serve GRPC requests.
func NewMock ¶
NewMock creates and returns a mocked Service for testing, using values provided in the config. The config should contain values specific to testing as the mock method only mocks at the top level of the service, lower level mocks such as mocking the secret manager or email service must be implemented with configuration. Use MockConfig to ensure a configuration is generated that fully mocks the service.
func (*Service) Backup ¶ added in v1.4.0
Backup performs a backup on behalf of the service. BackupManager calls this function at a periodic interval to take a snapshot of the store to disk and to keep only the configured number of archives.
func (*Service) BackupManager ¶
BackupManager is a go routine that periodically copies the directory storage to a compressed backup location, either locally on disk or to a cloud location. The manager may also encrypt the storage with provided keys. The manager is started when the server is started; but if it is not able to run, it will exit before continuing.
func (*Service) CertManager ¶
func (s *Service) CertManager(stop <-chan struct{})
CertManager is a go routine that periodically checks on the status of certificate requests and moves them through the request pipeline. Once CertManager detects a certificate request that is ready to submit, it submits the request via the Sectigo API. If processing, it checks the batch status, and when it detects that the bact is done processing it downloads the certs and emails them to the technical conacts. If the certificate processing fails for any reason, it sends and error message to the TRISA admins since this will prevent the integrator from joining the network.
TODO: move completed certificate requests to archive so that the CertManger routine isn't continuously handling a growing number of requests over time.
func (*Service) GetMembers ¶
GetMembers returns the Members gRPC server
func (*Service) GetSecretManager ¶
func (s *Service) GetSecretManager() *secrets.SecretManager
GetSecretManager returns the secret manager
func (*Service) HandleCertificateRequests ¶ added in v1.5.0
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
admin
|
|
members
|
|
models
|
|
Package store provides an interface to multiple types of embedded storage across multiple objects.
|
Package store provides an interface to multiple types of embedded storage across multiple objects. |
Package tokens handles the creation and verification of JWT tokens for authentication.
|
Package tokens handles the creation and verification of JWT tokens for authentication. |