/
cluster_claims.go
98 lines (84 loc) · 2.86 KB
/
cluster_claims.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
/*
* Copyright 2018-2020 The NATS Authors
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package jwt
import (
"errors"
"github.com/nats-io/nkeys"
)
// Cluster stores the cluster specific elements of a cluster JWT
// Deprecated: ClusterClaims are not supported
type Cluster struct {
Trust []string `json:"identity,omitempty"`
Accounts []string `json:"accts,omitempty"`
AccountURL string `json:"accturl,omitempty"`
OperatorURL string `json:"opurl,omitempty"`
}
// Validate checks the cluster and permissions for a cluster JWT
func (c *Cluster) Validate(vr *ValidationResults) {
// fixme validate cluster data
}
// ClusterClaims defines the data in a cluster JWT
// Deprecated: ClusterClaims are not supported
type ClusterClaims struct {
ClaimsData
Cluster `json:"nats,omitempty"`
}
// NewClusterClaims creates a new cluster JWT with the specified subject/public key
// Deprecated: ClusterClaims are not supported
func NewClusterClaims(subject string) *ClusterClaims {
if subject == "" {
return nil
}
c := &ClusterClaims{}
c.Subject = subject
return c
}
// Encode tries to turn the cluster claims into a JWT string
func (c *ClusterClaims) Encode(pair nkeys.KeyPair) (string, error) {
if !nkeys.IsValidPublicClusterKey(c.Subject) {
return "", errors.New("expected subject to be a cluster public key")
}
c.ClaimsData.Type = ClusterClaim
return c.ClaimsData.Encode(pair, c)
}
// DecodeClusterClaims tries to parse cluster claims from a JWT string
// Deprecated: ClusterClaims are not supported
func DecodeClusterClaims(token string) (*ClusterClaims, error) {
v := ClusterClaims{}
if err := Decode(token, &v); err != nil {
return nil, err
}
return &v, nil
}
func (c *ClusterClaims) String() string {
return c.ClaimsData.String(c)
}
// Payload returns the cluster specific data
func (c *ClusterClaims) Payload() interface{} {
return &c.Cluster
}
// Validate checks the generic and cluster data in the cluster claims
func (c *ClusterClaims) Validate(vr *ValidationResults) {
c.ClaimsData.Validate(vr)
c.Cluster.Validate(vr)
}
// ExpectedPrefixes defines the types that can encode a cluster JWT, operator or cluster
func (c *ClusterClaims) ExpectedPrefixes() []nkeys.PrefixByte {
return []nkeys.PrefixByte{nkeys.PrefixByteOperator, nkeys.PrefixByteCluster}
}
// Claims returns the generic data
func (c *ClusterClaims) Claims() *ClaimsData {
return &c.ClaimsData
}