gitee.com/mysnapcore/mysnapd@v0.1.0/asserts/account.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2016 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package asserts 21 22 import ( 23 "fmt" 24 "regexp" 25 "time" 26 ) 27 28 var ( 29 // account ids look like snap-ids or a nice identifier 30 validAccountID = regexp.MustCompile("^(?:[a-z0-9A-Z]{32}|[-a-z0-9]{2,28})$") 31 ) 32 33 // Account holds an account assertion, which ties a name for an account 34 // to its identifier and provides the authority's confidence in the name's validity. 35 type Account struct { 36 assertionBase 37 validation string 38 timestamp time.Time 39 } 40 41 func IsValidAccountID(accountID string) bool { 42 return validAccountID.MatchString(accountID) 43 } 44 45 // AccountID returns the account-id of the account. 46 func (acc *Account) AccountID() string { 47 return acc.HeaderString("account-id") 48 } 49 50 // Username returns the user name for the account. 51 func (acc *Account) Username() string { 52 return acc.HeaderString("username") 53 } 54 55 // DisplayName returns the human-friendly name for the account. 56 func (acc *Account) DisplayName() string { 57 return acc.HeaderString("display-name") 58 } 59 60 // Validation returns the level of confidence of the authority in the 61 // account's identity, expected to be "unproven", "starred" or "verified". 62 func (acc *Account) Validation() string { 63 return acc.validation 64 } 65 66 // Timestamp returns the time when the account was issued. 67 func (acc *Account) Timestamp() time.Time { 68 return acc.timestamp 69 } 70 71 // Implement further consistency checks. 72 func (acc *Account) checkConsistency(db RODatabase, acck *AccountKey) error { 73 if !db.IsTrustedAccount(acc.AuthorityID()) { 74 return fmt.Errorf("account assertion for %q is not signed by a directly trusted authority: %s", acc.AccountID(), acc.AuthorityID()) 75 } 76 return nil 77 } 78 79 // expected interface is implemented 80 var _ consistencyChecker = (*Account)(nil) 81 82 func assembleAccount(assert assertionBase) (Assertion, error) { 83 _, err := checkNotEmptyString(assert.headers, "display-name") 84 if err != nil { 85 return nil, err 86 } 87 88 validation, err := checkNotEmptyString(assert.headers, "validation") 89 if err != nil { 90 return nil, err 91 } 92 // backward compatibility with the hard-coded trusted account 93 // assertions 94 // TODO: generate revision 1 of them with validation 95 // s/certified/verified/ 96 if validation == "certified" { 97 validation = "verified" 98 } 99 100 timestamp, err := checkRFC3339Date(assert.headers, "timestamp") 101 if err != nil { 102 return nil, err 103 } 104 105 _, err = checkOptionalString(assert.headers, "username") 106 if err != nil { 107 return nil, err 108 } 109 110 return &Account{ 111 assertionBase: assert, 112 validation: validation, 113 timestamp: timestamp, 114 }, nil 115 }