| Index: server/auth/authdb/db.go
|
| diff --git a/server/auth/authdb/db.go b/server/auth/authdb/db.go
|
| index 61184925c14247ad3991b42260d7dbf91d1b79b3..6129296048a7478af0c66a6e3e61ff88930ca182 100644
|
| --- a/server/auth/authdb/db.go
|
| +++ b/server/auth/authdb/db.go
|
| @@ -10,6 +10,7 @@ import (
|
| "golang.org/x/net/context"
|
|
|
| "github.com/luci/luci-go/server/auth/identity"
|
| + "github.com/luci/luci-go/server/auth/signing"
|
| "github.com/luci/luci-go/server/secrets"
|
| )
|
|
|
| @@ -34,6 +35,13 @@ type DB interface {
|
| // to all trusted services (so that they can use them to exchange data).
|
| SharedSecrets(c context.Context) (secrets.Store, error)
|
|
|
| + // GetCertificates returns a bundle with certificates of a trusted signer.
|
| + //
|
| + // Returns (nil, nil) if the given signer is not trusted.
|
| + //
|
| + // Returns errors (usually transient) if the bundle can't be fetched.
|
| + GetCertificates(c context.Context, id identity.Identity) (*signing.PublicCertificates, error)
|
| +
|
| // GetWhitelistForIdentity returns name of the IP whitelist to use to check
|
| // IP of requests from given `ident`.
|
| //
|
|
|
Chromium Code Reviews
Issue 2386643003:
auth: Make luci-go services trust signatures produced by the token server. (Closed)
