go-hep.org/x/hep@v0.38.1/xrootd/xrdproto/signing/signing.go (about) 1 // Copyright ©2018 The go-hep Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // Package signing contains implementation of a way to check if request should be signed 6 // according to XRootD protocol specification v. 3.1.0, p.75-76. 7 package signing // import "go-hep.org/x/hep/xrootd/xrdproto/signing" 8 9 import ( 10 "go-hep.org/x/hep/xrootd/xrdproto" 11 "go-hep.org/x/hep/xrootd/xrdproto/auth" 12 "go-hep.org/x/hep/xrootd/xrdproto/chmod" 13 "go-hep.org/x/hep/xrootd/xrdproto/dirlist" 14 "go-hep.org/x/hep/xrootd/xrdproto/mkdir" 15 "go-hep.org/x/hep/xrootd/xrdproto/mv" 16 "go-hep.org/x/hep/xrootd/xrdproto/open" 17 "go-hep.org/x/hep/xrootd/xrdproto/read" 18 "go-hep.org/x/hep/xrootd/xrdproto/rm" 19 "go-hep.org/x/hep/xrootd/xrdproto/rmdir" 20 "go-hep.org/x/hep/xrootd/xrdproto/stat" 21 "go-hep.org/x/hep/xrootd/xrdproto/statx" 22 "go-hep.org/x/hep/xrootd/xrdproto/sync" 23 "go-hep.org/x/hep/xrootd/xrdproto/truncate" 24 "go-hep.org/x/hep/xrootd/xrdproto/verifyw" 25 "go-hep.org/x/hep/xrootd/xrdproto/write" 26 "go-hep.org/x/hep/xrootd/xrdproto/xrdclose" 27 ) 28 29 // Requirements implements a way to check if request should be signed 30 // according to XRootD protocol specification v. 3.1.0, p.75-76. 31 type Requirements struct { 32 requirements map[uint16]xrdproto.RequestLevel 33 } 34 35 // Needed returns whether the request should be signed. 36 // For the list of actual examples see XRootD protocol specification v. 3.1.0, p.76. 37 func (sr *Requirements) Needed(request xrdproto.Request) bool { 38 v, exist := sr.requirements[request.ReqID()] 39 if !exist || v == xrdproto.SignNone { 40 return false 41 } 42 if v == xrdproto.SignLikely && !request.ShouldSign() { 43 return false 44 } 45 return true 46 } 47 48 // Default creates a default Requirements with "None" security level. 49 func Default() Requirements { 50 return New(xrdproto.NoneLevel, nil) 51 } 52 53 // New creates a Requirements according to provided security level and security overrides. 54 func New(level xrdproto.SecurityLevel, overrides []xrdproto.SecurityOverride) Requirements { 55 var sr = Requirements{make(map[uint16]xrdproto.RequestLevel)} 56 57 if level >= xrdproto.Compatible { 58 // TODO: set requirements 59 sr.requirements[chmod.RequestID] = xrdproto.SignNeeded 60 sr.requirements[mv.RequestID] = xrdproto.SignNeeded 61 sr.requirements[open.RequestID] = xrdproto.SignLikely 62 sr.requirements[rm.RequestID] = xrdproto.SignNeeded 63 sr.requirements[rmdir.RequestID] = xrdproto.SignNeeded 64 sr.requirements[truncate.RequestID] = xrdproto.SignNeeded 65 } 66 if level >= xrdproto.Standard { 67 // TODO: set requirements 68 sr.requirements[mkdir.RequestID] = xrdproto.SignNeeded 69 sr.requirements[open.RequestID] = xrdproto.SignNeeded 70 } 71 if level >= xrdproto.Intense { 72 // TODO: set requirements 73 sr.requirements[xrdclose.RequestID] = xrdproto.SignNeeded 74 sr.requirements[verifyw.RequestID] = xrdproto.SignNeeded 75 sr.requirements[write.RequestID] = xrdproto.SignNeeded 76 } 77 if level >= xrdproto.Pedantic { 78 // TODO: set requirements 79 sr.requirements[dirlist.RequestID] = xrdproto.SignNeeded 80 sr.requirements[read.RequestID] = xrdproto.SignNeeded 81 sr.requirements[stat.RequestID] = xrdproto.SignNeeded 82 sr.requirements[statx.RequestID] = xrdproto.SignNeeded 83 sr.requirements[sync.RequestID] = xrdproto.SignNeeded 84 } 85 86 for _, override := range overrides { 87 requestID := auth.RequestID + uint16(override.RequestIndex) 88 sr.requirements[requestID] = override.RequestLevel 89 } 90 91 return sr 92 }