Function caprock_claim_validate

Function Documentation

caprock_error_t caprock_claim_validate(caprock_claim const *claims, size_t claims_size, char const *now, void *buffer, size_t bufsize, caprock_token_iterator iterator, void *iterator_baton, caprock_key const *verifier, int flags)

Given a token iterator for known tokens, verify that a requested action is permitted. The requested action is in the the form of a caprock_claim, as this structure includes a subject, predicate and object. We are therefore essentially validating a claim, hence the function name.

Since it’s possible to validate multiple claims at the same time, we’ll permit this. Note, however, that on failures it is then not possible to determine which claim failed to validate.

Flags can influence the interpretation of iterator values, but also the claim validation itself.

Parameters

  • claims[in] A pointer to one or more claims to validate.

  • claims_size[in] The number of claims to validate (size of claims).

  • now – NULL-terminated time stamp in ISO-8601 format that specifies the current time point.

  • buffer[out] A buffer for temporarily holding tokens; scratch space.

  • bufsize[in] The size in octets of buffer.

  • iterator[in] An iterator function. This iterator produces tokens, ideally in order, based on which it is determined whether the claims are valid at the time point specified by now.

  • iterator_baton[in] An opaque pointer handed to the iterator.

  • verifier[in] A public key with which to validate tokens. Note that a single public key is sufficient by definition, as objects present in claims are “owned” (or managed) by an authority; verifier keys which are not representing this authority have no say over those objecs.

  • flags[in] Flags influencing how tokens should be processed; see caprock_validation_flags for possible values.

Return values

  • CAPROCK_ERR_SUCCESS – If all claims are valid.

  • CAPROCK_ERR_INVALID_VALUE – When parameters are invalid, such as passing NULL pointers for required values. Refer to the debug log for specifics.

  • CAPROCK_ERR_VALIDATION – If tokens are not presented in order and gap-free (but see flags for influencing this). Also returned if claims are not valid at the given time point.

  • other – Any other values that the iterator function may return.