cubefs

1
// Copyright 2018 The CubeFS Authors.
2
//
3
// Licensed under the Apache License, Version 2.0 (the "License");
4
// you may not use this file except in compliance with the License.
5
// You may obtain a copy of the License at
6
//
7
//     http://www.apache.org/licenses/LICENSE-2.0
8
//
9
// Unless required by applicable law or agreed to in writing, software
10
// distributed under the License is distributed on an "AS IS" BASIS,
11
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
12
// implied. See the License for the specific language governing
13
// permissions and limitations under the License.
14

15
package cryptoutil
16

17
const (
18
	TicketVersion = 1
19
	TicketAge     = 24 * 60 * 60
20
)
21

22
// CryptoKey store the session key
23
type CryptoKey struct {
24
	Ctime int64  `json:"c_time"`
25
	Key   []byte `json:"key"`
26
}
27

28
/*
29
* MITM thread:
30
*      (1) talking to the right party (nonce, key encryption)
31
*      (2) replay attack (IP, timestamp constrains)
32
*
33
* Other thread: Client capability changes (ticket timestamp)
34
 */
35

36
// Ticket is a temperary struct to store permissions/caps for clients to
37
// access principle
38
type Ticket struct {
39
	Version    uint8     `json:"version"`
40
	ServiceID  string    `json:"service_id"`
41
	SessionKey CryptoKey `json:"session_key"`
42
	Exp        int64     `json:"exp"`
43
	IP         string    `json:"ip"`
44
	Caps       []byte    `json:"caps"`
45
}
46