Function caprock_token_validate

• Defined in File basics.h

Function Documentation

caprock_error_t caprock_token_validate(void const *token, size_t token_size, char const *now, caprock_key const *verifier)

Validating a token takes the token buffer and a public key as its inputs. This function also validates revocations.

Parameters

• token – [in] The serialized capability of either grant or revocation type.

• token_size – [in] The size in octets of the token.

• now – [in] NULL-terminated time stamp in ISO-8601 format that specifies the current time. Validity is determined at this time point; you can pass any (valid) time here to determine validity at that time point.

• verifier – [in] A public key to verify the capability signature with.

Return values

• CAPROCK_ERR_SUCCESS – The capability is valid at the given point in time.

• CAPROCK_ERR_INVALID_VALUE – Some parameter had an invalid value. Most often, this means NULL values have been passed to pointers. But it could als mean that the parameters do not make sense in combination with each other. Refer to the log output for details.

• CAPROCK_ERR_CODEC – The capability could not be decoded.

• CAPROCK_ERR_VALIDATION – Either the signature was not valid, or the capability’s validity period does not include the passed timestamp. In either case, the capability needs to be treated as invalid.