veyron/security: Nuked CaveatValidator and corresponding TODOs.
Change-Id: Ieccdff2df29d84b6e882f7bd4627f81cda868a3a
diff --git a/security/util.go b/security/util.go
index e7ed33f..ea9df1c 100644
--- a/security/util.go
+++ b/security/util.go
@@ -118,28 +118,6 @@
return json.NewEncoder(w).Encode(acl)
}
-// CaveatValidators returns the set of security.CaveatValidators
-// obtained by decoding the provided caveat bytes.
-//
-// It is an error if any of the provided caveat bytes cannot
-// be decoded into a security.CaveatValidator.
-// TODO(suharshs,ashankar,ataly): Rather than quitting on non-decodable caveats, just skip
-// them and return on caveats that we can decode.
-func CaveatValidators(caveats ...security.Caveat) ([]security.CaveatValidator, error) {
- if len(caveats) == 0 {
- return nil, nil
- }
- validators := make([]security.CaveatValidator, len(caveats))
- for i, c := range caveats {
- var v security.CaveatValidator
- if err := vom.NewDecoder(bytes.NewReader(c.ValidatorVOM)).Decode(&v); err != nil {
- return nil, fmt.Errorf("caveat bytes could not be VOM-decoded: %s", err)
- }
- validators[i] = v
- }
- return validators, nil
-}
-
// ThirdPartyCaveats returns the set of security.ThirdPartyCaveats
// that could be successfully decoded from the provided caveat bytes.
func ThirdPartyCaveats(caveats ...security.Caveat) []security.ThirdPartyCaveat {
diff --git a/security/util_test.go b/security/util_test.go
index daf4fc1..2274a70 100644
--- a/security/util_test.go
+++ b/security/util_test.go
@@ -5,7 +5,6 @@
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
- "fmt"
"reflect"
"testing"
@@ -133,29 +132,14 @@
{C{newCaveat(tp)}, V{tp}, TP{tp}},
{C{newCaveat(fp), newCaveat(tp)}, V{fp, tp}, TP{tp}},
}
- for i, d := range testdata {
- // Test CaveatValidators.
- got, err := CaveatValidators(d.caveats...)
- if err != nil {
- t.Errorf("CaveatValidators(%v) failed: %s", d.caveats, err)
- continue
- }
- if !reflect.DeepEqual(got, d.validators) {
- fmt.Println("TEST ", i)
- t.Errorf("CaveatValidators(%v): got: %#v, want: %#v", d.caveats, got, d.validators)
- continue
- }
- if _, err := CaveatValidators(append(d.caveats, invalid)...); err == nil {
- t.Errorf("CaveatValidators(%v) succeeded unexpectedly", d.caveats)
- continue
- }
+ for _, d := range testdata {
// Test ThirdPartyCaveats.
if got := ThirdPartyCaveats(d.caveats...); !reflect.DeepEqual(got, d.tpCaveats) {
t.Errorf("ThirdPartyCaveats(%v): got: %#v, want: %#v", d.caveats, got, d.tpCaveats)
continue
}
if got := ThirdPartyCaveats(append(d.caveats, invalid)...); !reflect.DeepEqual(got, d.tpCaveats) {
- t.Errorf("ThirdPartyCaveats(%v): got: %#v, want: %#v", d.caveats, got, d.tpCaveats)
+ t.Errorf("ThirdPartyCaveats(%v, invalid): got: %#v, want: %#v", d.caveats, got, d.tpCaveats)
continue
}
}
diff --git a/services/identity/auditor/blessing_auditor.go b/services/identity/auditor/blessing_auditor.go
index b00d28d..998797c 100644
--- a/services/identity/auditor/blessing_auditor.go
+++ b/services/identity/auditor/blessing_auditor.go
@@ -129,21 +129,13 @@
if err = vom.NewDecoder(bytes.NewBuffer(dbentry.caveats)).Decode(&b.Caveats); err != nil {
return BlessingEntry{DecodeError: fmt.Errorf("failed to decode caveats: %s", err)}
}
- if b.RevocationCaveatID, err = revocationCaveatID(b.Caveats); err != nil {
- return BlessingEntry{DecodeError: fmt.Errorf("error getting revocationCaveatID: %s", err)}
- }
+ b.RevocationCaveatID = revocationCaveatID(b.Caveats)
return b
}
-func revocationCaveatID(caveats []security.Caveat) (string, error) {
- validators, err := vsecurity.CaveatValidators(caveats...)
- if err != nil {
- return "", err
+func revocationCaveatID(caveats []security.Caveat) string {
+ for _, tpcav := range vsecurity.ThirdPartyCaveats(caveats...) {
+ return tpcav.ID()
}
- for _, cav := range validators {
- if tpcav, ok := cav.(security.ThirdPartyCaveat); ok {
- return tpcav.ID(), nil
- }
- }
- return "", nil
+ return ""
}
