// targetService implements a "target service", representing
// an arbitrary web service that wants to delegate authorization
// to third parties.
//
func targetService(endpoint, authEndpoint string, authPK *bakery.PublicKey) (http.Handler, error) {
key, err := bakery.GenerateKey()
if err != nil {
return nil, err
}
pkLocator := bakery.NewPublicKeyRing()
svc, err := httpbakery.NewService(bakery.NewServiceParams{
Key: key,
Location: endpoint,
Locator: pkLocator,
})
if err != nil {
return nil, err
}
log.Printf("adding public key for location %s: %x", authEndpoint, authPK[:])
pkLocator.AddPublicKeyForLocation(authEndpoint, true, authPK)
mux := http.NewServeMux()
srv := &targetServiceHandler{
svc: svc,
authEndpoint: authEndpoint,
}
mux.HandleFunc("/gold/", srv.serveGold)
mux.HandleFunc("/silver/", srv.serveSilver)
return mux, nil
}
func (s *suite) SetUpSuite(c *gc.C) {
key, err := bakery.GenerateKey()
c.Assert(err, gc.IsNil)
s.authPublicKey = &key.Public
s.authEndpoint = serve(c, func(endpoint string) (http.Handler, error) {
return idservice.New(idservice.Params{
Users: map[string]*idservice.UserInfo{
"rog": {
Password: "******",
},
"root": {
Password: "******",
Groups: map[string]bool{
"target-service-users": true,
},
},
},
Service: bakery.NewServiceParams{
Location: endpoint,
Store: bakery.NewMemStorage(),
Key: key,
Locator: bakery.NewPublicKeyRing(),
},
})
})
c.Logf("auth endpoint at %s", s.authEndpoint)
}