Documentation ¶
Overview ¶
Package persona implements a Mozilla Persona Identity Provider.
Index ¶
- Constants
- Variables
- func Authentication(w http.ResponseWriter, r *http.Request)
- func BrowserID(w http.ResponseWriter, r *http.Request)
- func CheckSession(w http.ResponseWriter, r *http.Request)
- func CloseSessionBacking()
- func CompressResponse(f http.HandlerFunc) http.HandlerFunc
- func GenerateCertificate(w http.ResponseWriter, r *http.Request)
- func GenerateSupportDocument(config *Configuration) (doc []byte, err error)
- func Provisioning(w http.ResponseWriter, r *http.Request)
- func SetPrivateKey(key interface{}) error
- func SetSessionBacking(backing SessionBacking)
- func ValidateConfig(config *Configuration) (err error)
- type CompressedResponseWriter
- type Configuration
- type DelegatedSupportDocument
- type IdentityCertificate
- type IdentityCertificateHeader
- type IdentityCertificatePrincipal
- type PrivateKey
- type PublicKeyDSA
- type PublicKeyECDSA
- type PublicKeyRSA
- type RequestCheckSession
- type RequestGenerateCertificate
- type SQLiteBacking
- type SessionBacking
- type SupportDocument
Constants ¶
const ( ContentTypeHtml = "text/html; charset=utf-8" ContentTypeJson = "application/json; charset=utf-8" ContentTypePlain = "text/plain; charset=utf-8" )
const ( MinKeySizeDSA = 2048 MinKeySizeRSA = 2048 )
Minimum supported key sizes.
const SessionMaxDuration = 86400
SessionMaxDuration is the maximum duration, in seconds, that a session can be valid for.
const SupportDocumentURL = "/.well-known/browserid"
SupportDocumentURL is the URL to the BrowserID support document.
Variables ¶
var ( AuthenticationTemplate *template.Template ProvisioningTemplate *template.Template )
Templates used to render the authentication and provisioning pages.
var ( AuthenticationTemplateParams = make(map[string]interface{}) ProvisioningTemplateParams = make(map[string]interface{}) )
Parameters passed to the authentication and provisioning templates.
var PrivateKeyTypeToAlgorithm = map[string]string{
"DSA": "DS",
"ECDSA": "EC",
"RSA": "RS",
}
PrivateKeyTypeToAlgorithm is a human-to-Persona mapping of supported private key type algorithms.
FIXME: ECDSA is not well documented in the Persona specs, so I'm not sure that "EC" is proper for ECDSA keys.
var SupportedEllipticCurves = map[elliptic.Curve]string{ elliptic.P224(): "P-224", elliptic.P256(): "P-256", elliptic.P384(): "P-384", elliptic.P521(): "P-521", }
SupportedEllipticCurves is a curve-to-label mapping of the supported elliptic curves.
var SupportedPrivateKeyTypes = map[string]bool{ "ECDSA": true, "RSA": true, }
SupportedPrivateKeyTypes is a list of the supported private key types.
FIXME: DSA is only unsupported due to Go not having a builtin Parse<x>PrivateKey function that handles DSA keys.
FIXME: ECDSA is not well documented in the Persona specs, so support is questionable.
Functions ¶
func Authentication ¶
func Authentication(w http.ResponseWriter, r *http.Request)
Authentication responds with the authentication page template.
func BrowserID ¶
func BrowserID(w http.ResponseWriter, r *http.Request)
BrowserID responds with the BrowserID support document.
func CheckSession ¶
func CheckSession(w http.ResponseWriter, r *http.Request)
CheckSession responds with StatusOK (200) if the given user has a valid session, or StatusUnauthorized (401) if not. On error, it responds with StatusInternalServerError (500).
func CloseSessionBacking ¶
func CloseSessionBacking()
CloseSessionBacking closes the session backing.
func CompressResponse ¶
func CompressResponse(f http.HandlerFunc) http.HandlerFunc
func GenerateCertificate ¶
func GenerateCertificate(w http.ResponseWriter, r *http.Request)
GenerateCertificate responds with a signed identity certificate on success. On error, it responds with StatusInternalServerError (500).
func GenerateSupportDocument ¶
func GenerateSupportDocument(config *Configuration) (doc []byte, err error)
GenerateSupportDocument reads the given configuration and returns a support document based on that configuration.
func Provisioning ¶
func Provisioning(w http.ResponseWriter, r *http.Request)
Provisioning responds with the provisioning page template.
func SetPrivateKey ¶
func SetPrivateKey(key interface{}) error
SetPrivateKey uses the supplied private key.
func SetSessionBacking ¶
func SetSessionBacking(backing SessionBacking)
SetSessionBacking uses the supplied session backing.
func ValidateConfig ¶
func ValidateConfig(config *Configuration) (err error)
ValidateConfig validates that provided Configuration.
Types ¶
type CompressedResponseWriter ¶
type CompressedResponseWriter struct { http.ResponseWriter Compressor io.WriteCloser Encoding string }
func (CompressedResponseWriter) Write ¶
func (crw CompressedResponseWriter) Write(b []byte) (int, error)
func (CompressedResponseWriter) WriteHeader ¶
func (crw CompressedResponseWriter) WriteHeader(code int)
type Configuration ¶
type Configuration struct { PrivateKey struct { Type string `json:"type"` File string `json:"file"` } `json:"private-key"` Authentication struct { Url string `json:"url"` Template string `json:"template"` Disabled bool `json:"disabled"` } `json:"authentication"` Provisioning struct { Url string `json:"url"` Template string `json:"template"` Disabled bool `json:"disabled"` } `json:"provisioning"` Delegation struct { Delegate bool `json:"delegate"` Host string `json:"host"` } `json:"delegation"` Session struct { Url string `json:"url"` Store string `json:"store"` Backing string `json:"backing"` } `json:"session"` CertificateUrl string `json:"certificate-url"` }
Configuration represents the Persona IdP configuration file.
func DecodeConfig ¶
func DecodeConfig(rawJson []byte) (config *Configuration, err error)
DecodeConfig loads a Configuration from the provided JSON structure.
func LoadConfig ¶
func LoadConfig(filePath string) (config *Configuration, err error)
LoadConfig loads a Configuration from the provided file.
type DelegatedSupportDocument ¶
type DelegatedSupportDocument struct {
Authority string `json:"authority"`
}
DelegatedSupportDocument is a BrowserID support document that delegates its duties to a different host.
type IdentityCertificate ¶
type IdentityCertificate struct { Iat int64 `json:"iat,string"` Exp int64 `json:"exp,string"` Iss string `json:"iss"` PublicKey map[string]string `json:"public-key"` Principal IdentityCertificatePrincipal `json:"principal"` }
IdentityCertificate represents an identity certificate.
type IdentityCertificateHeader ¶
type IdentityCertificateHeader struct {
Alg string `json:"alg"`
}
IdentityCertificateHeader is the header for an identity certificate.
type IdentityCertificatePrincipal ¶
type IdentityCertificatePrincipal struct {
Email string `json:"email"`
}
IdentityCertificatePrincipal is the principal element of an identity certificate.
type PrivateKey ¶
type PrivateKey struct {
// contains filtered or unexported fields
}
PrivateKey represents the private key that is used for all of Persona's cryptographic operations.
func (*PrivateKey) IdCertHeader ¶
func (pk *PrivateKey) IdCertHeader() (header IdentityCertificateHeader, err error)
IdCertHeader returns the header for an ID certificate.
func (*PrivateKey) Sign ¶
func (pk *PrivateKey) Sign(data []byte) (signature []byte, err error)
Sign signs the provided data.
func (*PrivateKey) SupportDoc ¶
func (pk *PrivateKey) SupportDoc() (interface{}, error)
SupportDoc returns the public-key component of the support document.
type PublicKeyDSA ¶
type PublicKeyDSA struct { Algorithm string `json:"algorithm"` G string `json:"g"` P string `json:"p"` Q string `json:"q"` Y string `json:"y"` }
PublicKeyDSA represents a DSA public key.
type PublicKeyECDSA ¶
type PublicKeyECDSA struct { Algorithm string `json:"algorithm"` Curve string `json:"crv"` X string `json:"x"` Y string `json:"y"` }
PublicKeyECDSA represents an ECDSA public key. FIXME: I'm not 100% certain that the parameters here are correct.
type PublicKeyRSA ¶
type PublicKeyRSA struct { Algorithm string `json:"algorithm"` N string `json:"n"` E string `json:"e"` }
PublicKeyRSA represents an RSA public key.
type RequestCheckSession ¶
type RequestCheckSession struct {
Email string `json:"email"`
}
RequestCheckSession represents the body of a CheckSession request.
type RequestGenerateCertificate ¶
type RequestGenerateCertificate struct { Email string `json:"email"` PublicKey map[string]string `json:"public-key"` Duration int `json:"duration,string"` }
RequestGenerateCertificate represents the body of a GenerateCertificate request.
type SQLiteBacking ¶
SQLiteBacking implements that SessionBacking interface, and allows for manipulating sessions stored in an SQLite3 database.
func (*SQLiteBacking) Close ¶
func (b *SQLiteBacking) Close() (err error)
Close implements the Close method of the SessionBacking interface.
func (*SQLiteBacking) HasSession ¶
func (b *SQLiteBacking) HasSession(email string) (hasSession bool, err error)
HasSession implements the HasSession method of the SessionBacking interface.
func (*SQLiteBacking) NewSession ¶
func (b *SQLiteBacking) NewSession(email, id string) (err error)
NewSession implements the NewSession method of the SessionBacking interface.
func (*SQLiteBacking) Open ¶
func (b *SQLiteBacking) Open(location string) (err error)
Open implements the Open method of the SessionBacking interface.
type SessionBacking ¶
type SessionBacking interface { Open(string) error Close() error NewSession(string, string) error HasSession(string) (bool, error) }
SessionBacking is the interface used by all session backings.
type SupportDocument ¶
type SupportDocument struct { PublicKey interface{} `json:"public-key"` Authentication string `json:"authentication"` Provisioning string `json:"provisioning"` }
SupportDocument is a BrowserID support document.