veyron/runtimes/google/ipc: Check caveats on the server's blessings.
This commit mostly (not completely) undoes the hack in
https://veyron-review.googlesource.com/#/q/I4c693a78ad0444ad5b474d44083ee18d3daf35b1
by changing things so that only third-party-caveat validation is skipped for
servers (rather that skipping validation for all caveats).
Change-Id: I1f1dcc2c1deadfc2af87ceabfb241dc7c5e6b365
diff --git a/runtimes/google/ipc/client.go b/runtimes/google/ipc/client.go
index 51f7706..1a749d0 100644
--- a/runtimes/google/ipc/client.go
+++ b/runtimes/google/ipc/client.go
@@ -11,6 +11,7 @@
"veyron.io/veyron/veyron/runtimes/google/ipc/version"
inaming "veyron.io/veyron/veyron/runtimes/google/naming"
+ isecurity "veyron.io/veyron/veyron/runtimes/google/security"
"veyron.io/veyron/veyron/runtimes/google/vtrace"
"veyron.io/veyron/veyron2"
@@ -271,14 +272,10 @@
// TODO(ataly): What should the label be for the context? Typically the label is the
// security.Label of the method but we don't have that information here at the client.
- // TODO(ataly,andreser): Replace this statement with the commented code just below
- // it once we have a mechanism for servers to send discharges for any third-party caveats
- // on its PublicID.
- authID, err := server, error(nil)
- // authID, err := server.Authorize(isecurity.NewContext(isecurity.ContextArgs{
- // LocalID: client,
- // RemoteID: server,
- // }))
+ authID, err := server.Authorize(isecurity.NewContext(isecurity.ContextArgs{
+ LocalID: client,
+ RemoteID: server,
+ }))
if err != nil {
return nil, err
}
diff --git a/runtimes/google/ipc/full_test.go b/runtimes/google/ipc/full_test.go
index 23ab175..76d940e 100644
--- a/runtimes/google/ipc/full_test.go
+++ b/runtimes/google/ipc/full_test.go
@@ -365,19 +365,14 @@
authorizeErr = "not authorized because"
nameErr = "does not match the provided pattern"
)
+
var (
- // TODO(ataly, ashankar): Uncomment the following once server authorization
- // is enabled.
- // now = time.Now()
- // cavOnlyV1 = caveat.UniversalCaveat(caveat.PeerIdentity{"client/v1"})
- // cavExpired = security.ServiceCaveat{
- // Service: security.AllPrincipals,
- // Caveat: &caveat.Expiry{IssueTime: now, ExpiryTime: now},
- // }
- // clientV1ID = derive(clientID, "v1")
- // clientV2ID = derive(clientID, "v2")
- // serverV1ID = derive(serverID, "v1", cavOnlyV1)
- // serverExpiredID = derive(serverID, "expired", cavExpired)
+ cavOnlyV1, _ = security.PeerBlessingsCaveat("client/v1")
+ cavExpired, _ = security.ExpiryCaveat(time.Now().Add(-1 * time.Second))
+ clientV1ID = derive(clientID, "v1")
+ clientV2ID = derive(clientID, "v2")
+ serverV1ID = derive(serverID, "v1", cavOnlyV1)
+ serverExpiredID = derive(serverID, "expired", cavExpired)
)
tests := []struct {
@@ -392,16 +387,14 @@
{clientID, serverID, "server/v1", ""},
{clientID, serverID, "anotherServer", nameErr},
- // TODO(ataly, ashankar): Uncomment the following once server authorization
- // is enabled.
// All clients reject talking to a server with an expired identity.
- // {clientID, serverExpiredID, security.AllPrincipals, authorizeErr},
- // {clientV1ID, serverExpiredID, security.AllPrincipals, authorizeErr},
- // {clientV2ID, serverExpiredID, security.AllPrincipals, authorizeErr},
+ {clientID, serverExpiredID, security.AllPrincipals, authorizeErr},
+ {clientV1ID, serverExpiredID, security.AllPrincipals, authorizeErr},
+ {clientV2ID, serverExpiredID, security.AllPrincipals, authorizeErr},
// Only clientV1 accepts talking to serverV1.
- // {clientV1ID, serverV1ID, security.AllPrincipals, ""},
- // {clientV2ID, serverV1ID, security.AllPrincipals, authorizeErr},
+ {clientV1ID, serverV1ID, security.AllPrincipals, ""},
+ {clientV2ID, serverV1ID, security.AllPrincipals, authorizeErr},
}
// Servers and clients will be created per-test, use the same stream manager and mounttable.
mgr := imanager.InternalNew(naming.FixedRoutingID(0x1111111))
@@ -419,8 +412,8 @@
t.Errorf(`%s: client.StartCall: got error "%v", want to match "%v"`, name, err, test.err)
} else if call != nil {
serverBlessings, _ := call.RemoteBlessings()
- if !reflect.DeepEqual(serverBlessings, serverID.PublicID().Names()) {
- t.Errorf("%s: Server authenticated as %v, wanted %v", name, serverBlessings, serverID.PublicID().Names())
+ if !reflect.DeepEqual(serverBlessings, test.serverID.PublicID().Names()) {
+ t.Errorf("%s: Server authenticated as %v, wanted %v", name, serverBlessings, test.serverID.PublicID().Names())
}
}
client.Close()
diff --git a/runtimes/google/security/identity_test.go b/runtimes/google/security/identity_test.go
index c10538f..d459e73 100644
--- a/runtimes/google/security/identity_test.go
+++ b/runtimes/google/security/identity_test.go
@@ -535,28 +535,33 @@
dInvalid = mintDischarge(bob, time.Minute) // Invalid because bob cannot mint valid discharges for aliceProximityCaveat
// Contexts
- ctxEmpty = NewContext(ContextArgs{Debug: "ctxEmpty"})
+ ctxEmpty = NewContext(ContextArgs{Method: "Play", Debug: "ctxEmpty"})
ctxAlice = NewContext(ContextArgs{
+ Method: "Play",
Discharges: dischargeMap{dAlice.ID(): dAlice},
Debug: "ctxAlice",
})
// Context containing the discharge dGoogle but the server is not a Google server, so
// the service caveat is not satisfied
ctxGoogleAtOther = NewContext(ContextArgs{
+ Method: "Play",
Discharges: dischargeMap{dGoogle.ID(): dGoogle},
Debug: "ctxGoogleAtOther",
})
// Context containing the discharge dGoogle at a google server.
ctxGoogleAtGoogle = NewContext(ContextArgs{
+ Method: "Play",
Discharges: dischargeMap{dGoogle.ID(): dGoogle},
LocalID: googleChain.PublicID(),
Debug: "ctxGoogleAtGoogle",
})
ctxExpired = NewContext(ContextArgs{
+ Method: "Play",
Discharges: dischargeMap{dExpired.ID(): dExpired},
Debug: "ctxExpired",
})
ctxInvalid = NewContext(ContextArgs{
+ Method: "Play",
Discharges: dischargeMap{dInvalid.ID(): dInvalid},
Debug: "ctxInvalid",
})
