pub struct Macaroon { /* private fields */ }
Implementations
sourceimpl Macaroon
impl Macaroon
sourcepub fn create(
location: Option<String>,
key: &MacaroonKey,
identifier: ByteString
) -> Result<Macaroon>
pub fn create(
location: Option<String>,
key: &MacaroonKey,
identifier: ByteString
) -> Result<Macaroon>
sourcepub fn identifier(&self) -> ByteString
pub fn identifier(&self) -> ByteString
Returns a clone of the identifier for the macaroon
sourcepub fn signature(&self) -> MacaroonKey
pub fn signature(&self) -> MacaroonKey
Returns the macaroon’s signature
The MacaroonKey type is used because it is the same size and format a signature, but the signature is not and should be used as a cryptographic key.
pub fn caveats(&self) -> Vec<Caveat>
sourcepub fn first_party_caveats(&self) -> Vec<Caveat>
pub fn first_party_caveats(&self) -> Vec<Caveat>
Retrieve a list of the first-party caveats for the macaroon
sourcepub fn third_party_caveats(&self) -> Vec<Caveat>
pub fn third_party_caveats(&self) -> Vec<Caveat>
Retrieve a list of the third-party caveats for the macaroon
sourcepub fn add_first_party_caveat(&mut self, predicate: ByteString)
pub fn add_first_party_caveat(&mut self, predicate: ByteString)
Add a first-party caveat to the macaroon
A first-party caveat is just a string predicate in some DSL which can be verified either by exact string match, or by using a function to parse the string and validate it (see Verifier for more info).
sourcepub fn add_third_party_caveat(
&mut self,
location: &str,
key: &MacaroonKey,
id: ByteString
)
pub fn add_third_party_caveat(
&mut self,
location: &str,
key: &MacaroonKey,
id: ByteString
)
Add a third-party caveat to the macaroon
A third-party caveat is a caveat which must be verified by a third party using macaroons provided by them (referred to as “discharge macaroons”).
sourcepub fn bind(&self, discharge: &mut Macaroon)
pub fn bind(&self, discharge: &mut Macaroon)
Bind a discharge macaroon to the original macaroon
When a macaroon with third-party caveats must be authorized, you send off to the various locations specified in the caveats, sending the caveat ID and key, and receive a set of one or more “discharge macaroons” which are used to verify the caveat. In order to ensure that the discharge macaroons aren’t re-used in some other context, we bind them to the original macaroon so that they can’t be used in a different context.
sourcepub fn serialize(&self, format: Format) -> Result<String>
pub fn serialize(&self, format: Format) -> Result<String>
Serialize the macaroon using the serialization Format provided
For V1 and V2, the binary format will be encoded as URL-safe base64 with padding
(base64::URL_SAFE
). For V2JSON, the output will be JSON.
sourcepub fn deserialize<T: AsRef<[u8]>>(token: T) -> Result<Macaroon>
pub fn deserialize<T: AsRef<[u8]>>(token: T) -> Result<Macaroon>
Deserialize an encoded macaroon token, inferring the Format.
For V1 and V2 tokens, this assumes base64 encoding, in either “standard” or URL-safe encoding, with or without padding.
For V2JSON tokens, the token must begin with the {
character with no preceeding whitespace.
Usage
use macaroon::Macaroon;
// '&str' gets automatically de-referenced to bytes ('&[u8]').
// 'b"byte-string"' or slice of 'u8' would also work.
let mac = Macaroon::deserialize("MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVzZWQgb3VyIHNlY3JldCBrZXkKMDAxNmNpZCB0ZXN0ID0gY2F2ZWF0CjAwMmZzaWduYXR1cmUgGXusegRK8zMyhluSZuJtSTvdZopmDkTYjOGpmMI9vWcK")?;
let mac_v2json = Macaroon::deserialize(r#"{"v":2,"l":"http://example.org/","i":"keyid", "c":[{"i":"account = 3735928559"},{"i":"user = alice"}],"s64": "S-lnzR6gxrJrr2pKlO6bBbFYhtoLqF6MQqk8jQ4SXvw"}"#)?;
// expect this to fail; leading whitespace is not allowed
Macaroon::deserialize(r#" {"v":2,"l":"http://example.org/","i":"keyid", "c":[{"i":"account = 3735928559"},{"i":"user = alice"}],"s64": "S-lnzR6gxrJrr2pKlO6bBbFYhtoLqF6MQqk8jQ4SXvw"}"#).unwrap_err();