Google Git
Sign in
vanadium / release.go.x.ref / 2bf7b1e5e40a1148b256f263e0ee2563b9422e50^! / . / runtimes / google / ipc / blessings_cache.go
commit2bf7b1e5e40a1148b256f263e0ee2563b9422e50[log] [tgz]
authorAsim Shankar <ashankar@google.com>Fri Feb 27 00:45:12 2015 -0800
committerAsim Shankar <ashankar@google.com>Fri Feb 27 00:45:17 2015 -0800
treebf92f7b9efd19cd6404d357c077f1bcd51cd64cd
parent60a42a933dd88688d2df5fb30c663adeaa2668be [diff] [blame]
security: Make Blessings a struct instead of an interface.

Accompanies: https://vanadium-review.googlesource.com/6040

Motivations:
- In any case, we disallowed implementations of this interface outside
  the security package because we wanted to discourage other
  implementations that may skip over critical security considerations.
- There was only one implementation
- This will allow us to use the VOM native<->wire conversions, thereby
  preventing users from having to worry about conversion to and from
  the wire format.

MultiPart: 2/2
Change-Id: I2a6a44c7d13a131bf98b9b6fa6db7235063b21e9

diff --git a/runtimes/google/ipc/blessings_cache.go b/runtimes/google/ipc/blessings_cache.go
index ac71eee..204715a 100644
--- a/runtimes/google/ipc/blessings_cache.go
+++ b/runtimes/google/ipc/blessings_cache.go

@@ -133,10 +133,10 @@
 }
 
 func (c *serverBlessingsCache) getOrInsert(req ipc.BlessingsRequest, stats *ipcStats) (security.Blessings, error) {
-	// In the case that the key sent is 0, we are running in VCSecurityNone and should
-	// return nil for the client Blessings.
+	// In the case that the key sent is 0, we are running in VCSecurityNone
+	// and should return the zero value.
 	if req.Key == 0 {
-		return nil, nil
+		return security.Blessings{}, nil
 	}
 	if req.Blessings == nil {
 		// Fastpath, lookup based on the key.
@@ -144,7 +144,7 @@
 		cached, exists := c.m[req.Key]
 		c.RUnlock()
 		if !exists {
-			return nil, fmt.Errorf("ipc: key was not in the cache")
+			return security.Blessings{}, fmt.Errorf("ipc: key was not in the cache")
 		}
 		stats.recordBlessingCache(true)
 		return cached, nil
@@ -155,14 +155,14 @@
 	// the same as what's in the cache.
 	recv, err := security.NewBlessings(*req.Blessings)
 	if err != nil {
-		return nil, fmt.Errorf("ipc: create new client blessings failed: %v", err)
+		return security.Blessings{}, fmt.Errorf("ipc: create new client blessings failed: %v", err)
 	}
 	c.Lock()
 	defer c.Unlock()
 	if cached, exists := c.m[req.Key]; exists {
 		// TODO(suharshs): Replace this reflect.DeepEqual() with a less expensive check.
 		if !reflect.DeepEqual(cached, recv) {
-			return nil, fmt.Errorf("client sent invalid Blessings")
+			return security.Blessings{}, fmt.Errorf("client sent invalid Blessings")
 		}
 		return cached, nil
 	}