/
registration.go
64 lines (53 loc) · 2.25 KB
/
registration.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
// Copyright 2016 Canonical Ltd.
// Licensed under the AGPLv3, see LICENCE file for details.
package params
import (
"gopkg.in/macaroon.v1"
)
// SecretKeyLoginRequest contains the parameters for completing
// the registration of a user. The request contains the tag of
// the user, and an encrypted and authenticated payload that
// proves that the requester has a secret key recorded on the
// controller.
type SecretKeyLoginRequest struct {
// User is the tag-representation of the user that the
// requester wishes to authenticate as.
User string `json:"user"`
// Nonce is the nonce used by the client to encrypt
// and authenticate PayloadCiphertext.
Nonce []byte `json:"nonce"`
// PayloadCiphertext is the encrypted and authenticated
// payload. The payload is encrypted/authenticated using
// NaCl Secretbox.
PayloadCiphertext []byte `json:"ciphertext"`
}
// SecretKeyLoginRequestPayload is JSON-encoded and then encrypted
// and authenticated with the NaCl Secretbox algorithm.
type SecretKeyLoginRequestPayload struct {
// Password is the new password to set for the user.
Password string `json:"password"`
}
// SecretKeyLoginResponse contains the result of completing a user
// registration. This contains an encrypted and authenticated payload,
// containing the information necessary to securely log into the
// controller via the standard password authentication method.
type SecretKeyLoginResponse struct {
// Nonce is the nonce used by the server to encrypt and
// authenticate PayloadCiphertext.
Nonce []byte `json:"nonce"`
// PayloadCiphertext is the encrypted and authenticated
// payload, which is a JSON-encoded SecretKeyLoginResponsePayload.
PayloadCiphertext []byte `json:"ciphertext"`
}
// SecretKeyLoginResponsePayload is JSON-encoded and then encrypted
// and authenticated with the NaCl Secretbox algorithm.
type SecretKeyLoginResponsePayload struct {
// CACert is the CA certificate, required to establish a secure
// TLS connection to the Juju controller
CACert string `json:"ca-cert"`
// ControllerUUID is the UUID of the Juju controller.
ControllerUUID string `json:"controller-uuid"`
// Macaroon is a time-limited macaroon that can be used for
// authenticating as the registered user.
Macaroon *macaroon.Macaroon `json:"macaroon"`
}