示例#1
0
文件: handler.go 项目: quixoten/vault
// A lookup on a token that is about to expire returns nil, which means by the
// time we can validate a wrapping token lookup will return nil since it will
// be revoked after the call. So we have to do the validation here.
func wrappingVerificationFunc(core *vault.Core, req *logical.Request) error {
	if req == nil {
		return fmt.Errorf("invalid request")
	}

	var token string
	if req.Data != nil && req.Data["token"] != nil {
		if tokenStr, ok := req.Data["token"].(string); !ok {
			return fmt.Errorf("could not decode token in request body")
		} else if tokenStr == "" {
			return fmt.Errorf("empty token in request body")
		} else {
			token = tokenStr
		}
	} else {
		token = req.ClientToken
	}

	valid, err := core.ValidateWrappingToken(token)
	if err != nil {
		return fmt.Errorf("error validating wrapping token: %v", err)
	}
	if !valid {
		return fmt.Errorf("wrapping token is not valid or does not exist")
	}

	return nil
}