// targetService implements a "target service", representing
// an arbitrary web service that wants to delegate authorization
// to third parties.
//
func targetService(endpoint, authEndpoint string, authPK *bakery.PublicKey) (http.Handler, error) {
	key, err := bakery.GenerateKey()
	if err != nil {
		return nil, err
	}
	pkLocator := bakery.NewPublicKeyRing()
	svc, err := httpbakery.NewService(bakery.NewServiceParams{
		Key:      key,
		Location: endpoint,
		Locator:  pkLocator,
	})
	if err != nil {
		return nil, err
	}
	log.Printf("adding public key for location %s: %x", authEndpoint, authPK[:])
	pkLocator.AddPublicKeyForLocation(authEndpoint, true, authPK)
	mux := http.NewServeMux()
	srv := &targetServiceHandler{
		svc:          svc,
		authEndpoint: authEndpoint,
	}
	mux.HandleFunc("/gold/", srv.serveGold)
	mux.HandleFunc("/silver/", srv.serveSilver)
	return mux, nil
}
func (s *suite) SetUpSuite(c *gc.C) {
	key, err := bakery.GenerateKey()
	c.Assert(err, gc.IsNil)
	s.authPublicKey = &key.Public
	s.authEndpoint = serve(c, func(endpoint string) (http.Handler, error) {
		return idservice.New(idservice.Params{
			Users: map[string]*idservice.UserInfo{
				"rog": {
					Password: "******",
				},
				"root": {
					Password: "******",
					Groups: map[string]bool{
						"target-service-users": true,
					},
				},
			},
			Service: bakery.NewServiceParams{
				Location: endpoint,
				Store:    bakery.NewMemStorage(),
				Key:      key,
				Locator:  bakery.NewPublicKeyRing(),
			},
		})
	})
	c.Logf("auth endpoint at %s", s.authEndpoint)
}