Google Git
Sign in
vanadium / release.go.x.ref / 44fc19d3a94e248f100ac891607924df812a9db3^1..44fc19d3a94e248f100ac891607924df812a9db3 / .
commit44fc19d3a94e248f100ac891607924df812a9db3[log] [tgz]
authorSuharsh Sivakumar <suharshs@google.com>Mon May 11 23:32:47 2015 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Mon May 11 23:32:47 2015 +0000
tree78d48f8fb9a39564cf42af91a97a62a1a5a7d47f
parentea47d62ba6fa7430e4d96f612582447f27526a43 [diff]
parent7e80c861108aad1f3f5d8f35aff718ebc61b1257 [diff]
Merge "ref: Make principal tool print "EXPIRED" in dumpblessings."
diff --git a/cmd/principal/main.go b/cmd/principal/main.go
index b14da0e..f2a3de6 100644
--- a/cmd/principal/main.go
+++ b/cmd/principal/main.go

@@ -127,7 +127,12 @@
 			if err != nil {
 				return fmt.Errorf("failed to decode certificate chains: %v", err)
 			}
-			fmt.Printf("Blessings          : %v\n", blessings)
+			// If the Blessings are expired, print a message saying so.
+			expiredMessage := ""
+			if exp := blessings.Expiry(); !exp.IsZero() && exp.Before(time.Now()) {
+				expiredMessage = " [EXPIRED]"
+			}
+			fmt.Printf("Blessings          : %v%s\n", blessings, expiredMessage)
 			fmt.Printf("PublicKey          : %v\n", blessings.PublicKey())
 			fmt.Printf("Certificate chains : %d\n", len(wire.CertificateChains))
 			for idx, chain := range wire.CertificateChains {
@@ -1206,7 +1211,7 @@
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse caveats: %v", err)
 	}
-	if expiry > 0 {
+	if expiry != 0 {
 		ecav, err := security.NewExpiryCaveat(time.Now().Add(expiry))
 		if err != nil {
 			return nil, fmt.Errorf("failed to create expiration caveat: %v", err)

diff --git a/cmd/principal/principal_v23_test.go b/cmd/principal/principal_v23_test.go
index 4a4f686..734b4d1 100644
--- a/cmd/principal/principal_v23_test.go
+++ b/cmd/principal/principal_v23_test.go

@@ -536,6 +536,22 @@
 		}
 	}
 	{
+		// If the Blessings are expired, dumpBlessings should print so.
+		redirect(t, bin.Start("bless", "--for=-1s", bobDir, "friend"), tmpfile)
+		got := removeCaveats(removePublicKeys(bin.Start("dumpblessings", tmpfile).Output()))
+		want := `Blessings          : alice/friend [EXPIRED]
+PublicKey          : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
+Certificate chains : 1
+Chain #0 (2 certificates). Root certificate public key: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
+  Certificate #0: alice with 0 caveats
+  Certificate #1: friend with 1 caveat
+    (0) ExpiryCaveat
+`
+		if got != want {
+			t.Errorf("Got\n%vWant\n%v", got, want)
+		}
+	}
+	{
 		// But not if --for=0
 		var buf bytes.Buffer
 		if err := bin.Start("bless", "--for=0", bobDir, "friend").Wait(os.Stdout, &buf); err == nil {