// targetService implements a "target service", representing
// an arbitrary web service that wants to delegate authorization
// to third parties.
//
func targetService(endpoint, authEndpoint string, authPK *bakery.PublicKey) (http.Handler, error) {
key, err := bakery.GenerateKey()
if err != nil {
return nil, err
}
pkLocator := bakery.NewPublicKeyRing()
svc, err := httpbakery.NewService(bakery.NewServiceParams{
Key: key,
Location: endpoint,
Locator: pkLocator,
})
if err != nil {
return nil, err
}
log.Printf("adding public key for location %s: %x", authEndpoint, authPK[:])
pkLocator.AddPublicKeyForLocation(authEndpoint, true, authPK)
mux := http.NewServeMux()
srv := &targetServiceHandler{
svc: svc,
authEndpoint: authEndpoint,
}
mux.HandleFunc("/gold/", srv.serveGold)
mux.HandleFunc("/silver/", srv.serveSilver)
return mux, nil
}
func (s *suite) SetUpSuite(c *gc.C) {
key, err := bakery.GenerateKey()
c.Assert(err, gc.IsNil)
s.authPublicKey = &key.Public
s.authEndpoint = serve(c, func(endpoint string) (http.Handler, error) {
return idservice.New(idservice.Params{
Users: map[string]*idservice.UserInfo{
"rog": {
Password: "******",
},
"root": {
Password: "******",
Groups: map[string]bool{
"target-service-users": true,
},
},
},
Service: bakery.NewServiceParams{
Location: endpoint,
Store: bakery.NewMemStorage(),
Key: key,
Locator: bakery.NewPublicKeyRing(),
},
})
})
c.Logf("auth endpoint at %s", s.authEndpoint)
}
func (s *exampleSuite) SetUpSuite(c *gc.C) {
key, err := bakery.GenerateKey()
c.Assert(err, gc.IsNil)
s.authPublicKey = &key.Public
s.authEndpoint, err = serve(func(endpoint string) (http.Handler, error) {
return authService(endpoint, key)
})
c.Assert(err, gc.IsNil)
}
func main() {
key, err := bakery.GenerateKey()
if err != nil {
log.Fatalf("cannot generate auth service key pair: %v", err)
}
authPublicKey := &key.Public
authEndpoint := mustServe(func(endpoint string) (http.Handler, error) {
return authService(endpoint, key)
})
serverEndpoint := mustServe(func(endpoint string) (http.Handler, error) {
return targetService(endpoint, authEndpoint, authPublicKey)
})
resp, err := clientRequest(serverEndpoint)
if err != nil {
log.Fatalf("client failed: %v", err)
}
fmt.Printf("client success: %q\n", resp)
}