ref: CaveatX->Caveat and rename caveat factories.
Closes vanadium/issues#292
MultiPart: 2/3
Change-Id: Ia38f8e557d2c1228c411c0a585277b8ec1521e14
diff --git a/cmd/principal/main.go b/cmd/principal/main.go
index a894f30..cbed2dd 100644
--- a/cmd/principal/main.go
+++ b/cmd/principal/main.go
@@ -1034,7 +1034,7 @@
}
var s []string
for _, cav := range cavs {
- if cav.Id == security.PublicKeyThirdPartyCaveatX.Id {
+ if cav.Id == security.PublicKeyThirdPartyCaveat.Id {
c := cav.ThirdPartyDetails()
s = append(s, fmt.Sprintf("ThirdPartyCaveat: Requires discharge from %v (ID=%q)", c.Location(), c.ID()))
continue
@@ -1050,9 +1050,9 @@
if !param.(bool) {
s = append(s, fmt.Sprintf("Never validates"))
}
- case security.ExpiryCaveatX.Id:
+ case security.ExpiryCaveat.Id:
s = append(s, fmt.Sprintf("Expires at %v", param))
- case security.MethodCaveatX.Id:
+ case security.MethodCaveat.Id:
s = append(s, fmt.Sprintf("Restricted to methods %v", param))
case security.PeerBlessingsCaveat.Id:
s = append(s, fmt.Sprintf("Restricted to peers with blessings %v", param))
@@ -1252,7 +1252,7 @@
return nil, fmt.Errorf("failed to parse caveats: %v", err)
}
if expiry > 0 {
- ecav, err := security.ExpiryCaveat(time.Now().Add(expiry))
+ ecav, err := security.NewExpiryCaveat(time.Now().Add(expiry))
if err != nil {
return nil, fmt.Errorf("failed to create expiration caveat: %v", err)
}
diff --git a/cmd/principal/principal_v23_test.go b/cmd/principal/principal_v23_test.go
index 07ea2a0..e6c59dd 100644
--- a/cmd/principal/principal_v23_test.go
+++ b/cmd/principal/principal_v23_test.go
@@ -422,7 +422,7 @@
bin = bin.WithEnv(credEnv(aliceDir))
args := []string{
"blessself",
- "--caveat=\"v.io/v23/security\".MethodCaveatX={\"method\"}",
+ "--caveat=\"v.io/v23/security\".MethodCaveat={\"method\"}",
"--caveat={{0x54,0xa6,0x76,0x39,0x81,0x37,0x18,0x7e,0xcd,0xb2,0x6d,0x2d,0x69,0xba,0x0,0x3},typeobject([]string)}={\"method\"}",
"alicereborn",
}
diff --git a/cmd/vrun/vrun.go b/cmd/vrun/vrun.go
index 92f707f..390d0f1 100644
--- a/cmd/vrun/vrun.go
+++ b/cmd/vrun/vrun.go
@@ -92,7 +92,7 @@
}
func bless(ctx *context.T, p security.Principal, name string) error {
- caveat, err := security.ExpiryCaveat(time.Now().Add(durationFlag))
+ caveat, err := security.NewExpiryCaveat(time.Now().Add(durationFlag))
if err != nil {
vlog.Errorf("Couldn't create caveat")
return err
diff --git a/lib/security/audit/principal_test.go b/lib/security/audit/principal_test.go
index cc5a81b..ac0eecd 100644
--- a/lib/security/audit/principal_test.go
+++ b/lib/security/audit/principal_test.go
@@ -283,7 +283,7 @@
func newThirdPartyCaveatAndDischarge(t *testing.T) (security.Caveat, security.Discharge) {
p := newPrincipal(t)
- c, err := security.NewPublicKeyCaveat(p.PublicKey(), "location", security.ThirdPartyRequirements{}, newCaveat(security.MethodCaveat("method")))
+ c, err := security.NewPublicKeyCaveat(p.PublicKey(), "location", security.ThirdPartyRequirements{}, newCaveat(security.NewMethodCaveat("method")))
if err != nil {
t.Fatal(err)
}
diff --git a/profiles/internal/rpc/discharges_test.go b/profiles/internal/rpc/discharges_test.go
index 7072a69..7b67b1b 100644
--- a/profiles/internal/rpc/discharges_test.go
+++ b/profiles/internal/rpc/discharges_test.go
@@ -26,7 +26,7 @@
methodCav = mkCaveat(security.NewPublicKeyCaveat(discharger.PublicKey(), "moline", security.ThirdPartyRequirements{}, security.UnconstrainedUse()))
serverCav = mkCaveat(security.NewPublicKeyCaveat(discharger.PublicKey(), "moline", security.ThirdPartyRequirements{}, security.UnconstrainedUse()))
- dExpired = mkDischarge(discharger.MintDischarge(expiredCav, mkCaveat(security.ExpiryCaveat(time.Now().Add(-1*time.Minute)))))
+ dExpired = mkDischarge(discharger.MintDischarge(expiredCav, mkCaveat(security.NewExpiryCaveat(time.Now().Add(-1*time.Minute)))))
dArgs = mkDischarge(discharger.MintDischarge(argsCav, security.UnconstrainedUse()))
dMethod = mkDischarge(discharger.MintDischarge(methodCav, security.UnconstrainedUse()))
dServer = mkDischarge(discharger.MintDischarge(serverCav, security.UnconstrainedUse()))
diff --git a/profiles/internal/rpc/full_test.go b/profiles/internal/rpc/full_test.go
index e2e3abf..ed52512 100644
--- a/profiles/internal/rpc/full_test.go
+++ b/profiles/internal/rpc/full_test.go
@@ -476,12 +476,12 @@
noErrID verror.IDAction
// Third-party caveats on blessings presented by server.
- cavTPValid = mkThirdPartyCaveat(pdischarger.PublicKey(), "mountpoint/dischargeserver", mkCaveat(security.ExpiryCaveat(now.Add(24*time.Hour))))
- cavTPExpired = mkThirdPartyCaveat(pdischarger.PublicKey(), "mountpoint/dischargeserver", mkCaveat(security.ExpiryCaveat(now.Add(-1*time.Second))))
+ cavTPValid = mkThirdPartyCaveat(pdischarger.PublicKey(), "mountpoint/dischargeserver", mkCaveat(security.NewExpiryCaveat(now.Add(24*time.Hour))))
+ cavTPExpired = mkThirdPartyCaveat(pdischarger.PublicKey(), "mountpoint/dischargeserver", mkCaveat(security.NewExpiryCaveat(now.Add(-1*time.Second))))
// Server blessings.
bServer = bless(pprovider, pserver, "server")
- bServerExpired = bless(pprovider, pserver, "expiredserver", mkCaveat(security.ExpiryCaveat(time.Now().Add(-1*time.Second))))
+ bServerExpired = bless(pprovider, pserver, "expiredserver", mkCaveat(security.NewExpiryCaveat(time.Now().Add(-1*time.Second))))
bServerTPValid = bless(pprovider, pserver, "serverWithTPCaveats", cavTPValid)
bServerTPExpired = bless(pprovider, pserver, "serverWithExpiredTPCaveats", cavTPExpired)
bOther = bless(pprovider, pserver, "other")
@@ -1022,11 +1022,11 @@
dischargeServerName = "mountpoint/dischargeserver"
// Caveats on blessings to the client: First-party caveats
- cavOnlyEcho = mkCaveat(security.MethodCaveat("Echo"))
- cavExpired = mkCaveat(security.ExpiryCaveat(now.Add(-1 * time.Second)))
+ cavOnlyEcho = mkCaveat(security.NewMethodCaveat("Echo"))
+ cavExpired = mkCaveat(security.NewExpiryCaveat(now.Add(-1 * time.Second)))
// Caveats on blessings to the client: Third-party caveats
- cavTPValid = mkThirdPartyCaveat(pdischarger.PublicKey(), dischargeServerName, mkCaveat(security.ExpiryCaveat(now.Add(24*time.Hour))))
- cavTPExpired = mkThirdPartyCaveat(pdischarger.PublicKey(), dischargeServerName, mkCaveat(security.ExpiryCaveat(now.Add(-1*time.Second))))
+ cavTPValid = mkThirdPartyCaveat(pdischarger.PublicKey(), dischargeServerName, mkCaveat(security.NewExpiryCaveat(now.Add(24*time.Hour))))
+ cavTPExpired = mkThirdPartyCaveat(pdischarger.PublicKey(), dischargeServerName, mkCaveat(security.NewExpiryCaveat(now.Add(-1*time.Second))))
// Client blessings that will be tested.
bServerClientOnlyEcho = bless(pserver, pclient, "onlyecho", cavOnlyEcho)
@@ -1239,7 +1239,7 @@
mgr = imanager.InternalNew(naming.FixedRoutingID(0x1111111))
ns = tnaming.NewSimpleNamespace()
- tpCav = mkThirdPartyCaveat(pdischarger.PublicKey(), "mountpoint/dischargeserver", mkCaveat(security.ExpiryCaveat(time.Now().Add(time.Hour))))
+ tpCav = mkThirdPartyCaveat(pdischarger.PublicKey(), "mountpoint/dischargeserver", mkCaveat(security.NewExpiryCaveat(time.Now().Add(time.Hour))))
bserver = bless(pprovider, pserver, "server", tpCav)
bclient = bless(pprovider, pclient, "client")
@@ -1742,7 +1742,7 @@
}
// Bless the client with a ThirdPartyCaveat.
- tpcav := mkThirdPartyCaveat(pdischarger.PublicKey(), "mountpoint/discharger", mkCaveat(security.ExpiryCaveat(time.Now().Add(time.Hour))))
+ tpcav := mkThirdPartyCaveat(pdischarger.PublicKey(), "mountpoint/discharger", mkCaveat(security.NewExpiryCaveat(time.Now().Add(time.Hour))))
blessings, err := pserver.Bless(pclient.PublicKey(), pserver.BlessingStore().Default(), "tpcav", tpcav)
if err != nil {
t.Fatalf("failed to create Blessings: %v", err)
@@ -1801,7 +1801,7 @@
ctx, shutdown := initForTest()
defer shutdown()
// Bless the client with a ThirdPartyCaveat from discharger1.
- tpcav1 := mkThirdPartyCaveat(pdischarger1.PublicKey(), "mountpoint/discharger1", mkCaveat(security.ExpiryCaveat(time.Now().Add(time.Hour))))
+ tpcav1 := mkThirdPartyCaveat(pdischarger1.PublicKey(), "mountpoint/discharger1", mkCaveat(security.NewExpiryCaveat(time.Now().Add(time.Hour))))
blessings, err := pdischarger1.Bless(pdischargeClient.PublicKey(), pdischarger1.BlessingStore().Default(), "tpcav1", tpcav1)
if err != nil {
t.Fatalf("failed to create Blessings: %v", err)
@@ -1832,7 +1832,7 @@
t.Fatalf("failed to create client: %v", err)
}
dc := c.(*client).dc
- tpcav2, err := security.NewPublicKeyCaveat(pdischarger2.PublicKey(), "mountpoint/discharger2", security.ThirdPartyRequirements{}, mkCaveat(security.ExpiryCaveat(time.Now().Add(time.Hour))))
+ tpcav2, err := security.NewPublicKeyCaveat(pdischarger2.PublicKey(), "mountpoint/discharger2", security.ThirdPartyRequirements{}, mkCaveat(security.NewExpiryCaveat(time.Now().Add(time.Hour))))
if err != nil {
t.Error(err)
}
@@ -1919,7 +1919,7 @@
t.Errorf("got cacheAttempts(%v), cacheHits(%v), expected cacheAttempts(3), cacheHits(1)", gotAttempts, gotHits)
}
// clientB changes its blessings, the cache should not be used.
- blessings, err := pserver.Bless(pclient.PublicKey(), pserver.BlessingStore().Default(), "cav", mkCaveat(security.ExpiryCaveat(time.Now().Add(time.Hour))))
+ blessings, err := pserver.Bless(pclient.PublicKey(), pserver.BlessingStore().Default(), "cav", mkCaveat(security.NewExpiryCaveat(time.Now().Add(time.Hour))))
if err != nil {
t.Fatalf("failed to create Blessings: %v", err)
}
@@ -1987,7 +1987,7 @@
if ed.called {
expDur = time.Second
}
- expiry, err := security.ExpiryCaveat(time.Now().Add(expDur))
+ expiry, err := security.NewExpiryCaveat(time.Now().Add(expDur))
if err != nil {
return security.Discharge{}, fmt.Errorf("failed to create an expiration on the discharge: %v", err)
}
@@ -2004,7 +2004,7 @@
defer shutdown()
var (
pclient, pdischarger = newClientServerPrincipals()
- tpcav = mkThirdPartyCaveat(pdischarger.PublicKey(), "mountpoint/discharger", mkCaveat(security.ExpiryCaveat(time.Now().Add(time.Hour))))
+ tpcav = mkThirdPartyCaveat(pdischarger.PublicKey(), "mountpoint/discharger", mkCaveat(security.NewExpiryCaveat(time.Now().Add(time.Hour))))
ns = tnaming.NewSimpleNamespace()
discharger = &expiryDischarger{}
)
diff --git a/profiles/internal/rt/ipc_test.go b/profiles/internal/rt/ipc_test.go
index 10dae1f..138826f 100644
--- a/profiles/internal/rt/ipc_test.go
+++ b/profiles/internal/rt/ipc_test.go
@@ -265,7 +265,7 @@
ds.mu.Unlock()
caveat := security.UnconstrainedUse()
if called == 0 {
- caveat = mkCaveat(security.ExpiryCaveat(time.Now().Add(-1 * time.Second)))
+ caveat = mkCaveat(security.NewExpiryCaveat(time.Now().Add(-1 * time.Second)))
}
return call.Security().LocalPrincipal().MintDischarge(cav, caveat)
@@ -363,7 +363,7 @@
t.Fatal(err)
}
- rootServerInvalidTPCaveat := mkBlessings(root.NewBlessings(pserver, "server", mkThirdPartyCaveat(pdischarger.PublicKey(), dischargeServerName, mkCaveat(security.ExpiryCaveat(time.Now().Add(-1*time.Second))))))
+ rootServerInvalidTPCaveat := mkBlessings(root.NewBlessings(pserver, "server", mkThirdPartyCaveat(pdischarger.PublicKey(), dischargeServerName, mkCaveat(security.NewExpiryCaveat(time.Now().Add(-1*time.Second))))))
if err := pserver.BlessingStore().SetDefault(rootServerInvalidTPCaveat); err != nil {
t.Fatal(err)
}
diff --git a/services/agent/internal/test_principal/main.go b/services/agent/internal/test_principal/main.go
index 5d7a29a..1f27580 100644
--- a/services/agent/internal/test_principal/main.go
+++ b/services/agent/internal/test_principal/main.go
@@ -83,7 +83,7 @@
errorf("signature.Verify: %v", err)
}
// MintDischarge
- cav, err := security.MethodCaveat("method")
+ cav, err := security.NewMethodCaveat("method")
if err != nil {
errorf("security.MethodCaveat: %v", err)
}
diff --git a/services/identity/internal/auditor/blessing_auditor_test.go b/services/identity/internal/auditor/blessing_auditor_test.go
index 5813382..eb7a4a6 100644
--- a/services/identity/internal/auditor/blessing_auditor_test.go
+++ b/services/identity/internal/auditor/blessing_auditor_test.go
@@ -21,7 +21,7 @@
if err != nil {
t.Fatalf("failed to create principal: %v", err)
}
- expiryCaveat := newCaveat(security.ExpiryCaveat(time.Now().Add(time.Hour)))
+ expiryCaveat := newCaveat(security.NewExpiryCaveat(time.Now().Add(time.Hour)))
revocationCaveat := newThirdPartyCaveat(t, p)
tests := []struct {
@@ -91,7 +91,7 @@
}
func newThirdPartyCaveat(t *testing.T, p security.Principal) security.Caveat {
- tp, err := security.NewPublicKeyCaveat(p.PublicKey(), "location", security.ThirdPartyRequirements{}, newCaveat(security.MethodCaveat("method")))
+ tp, err := security.NewPublicKeyCaveat(p.PublicKey(), "location", security.ThirdPartyRequirements{}, newCaveat(security.NewMethodCaveat("method")))
if err != nil {
t.Fatal(err)
}
diff --git a/services/identity/internal/blesser/macaroon_test.go b/services/identity/internal/blesser/macaroon_test.go
index f2dcca0..95ebbd1 100644
--- a/services/identity/internal/blesser/macaroon_test.go
+++ b/services/identity/internal/blesser/macaroon_test.go
@@ -22,7 +22,7 @@
var (
key = make([]byte, 16)
provider, user = testutil.NewPrincipal(), testutil.NewPrincipal()
- cOnlyMethodFoo = newCaveat(security.MethodCaveat("Foo"))
+ cOnlyMethodFoo = newCaveat(security.NewMethodCaveat("Foo"))
ctx, call = fakeContextAndCall(provider, user)
)
if _, err := rand.Read(key); err != nil {
diff --git a/services/identity/internal/blesser/oauth.go b/services/identity/internal/blesser/oauth.go
index 44a13d9..127658d 100644
--- a/services/identity/internal/blesser/oauth.go
+++ b/services/identity/internal/blesser/oauth.go
@@ -83,7 +83,7 @@
if b.revocationManager != nil {
caveat, err = b.revocationManager.NewCaveat(self.PublicKey(), b.dischargerLocation)
} else {
- caveat, err = security.ExpiryCaveat(time.Now().Add(b.duration))
+ caveat, err = security.NewExpiryCaveat(time.Now().Add(b.duration))
}
if err != nil {
return noblessings, "", err
diff --git a/services/identity/internal/caveats/caveat_factory.go b/services/identity/internal/caveats/caveat_factory.go
index d057a86..d11382e 100644
--- a/services/identity/internal/caveats/caveat_factory.go
+++ b/services/identity/internal/caveats/caveat_factory.go
@@ -50,7 +50,7 @@
if !ok {
return empty, fmt.Errorf("expiry caveat: received arg of type %T, expected time.Time", args[0])
}
- return security.ExpiryCaveat(t)
+ return security.NewExpiryCaveat(t)
}
func methodCaveat(args ...interface{}) (security.Caveat, error) {
@@ -61,7 +61,7 @@
if err != nil {
return security.Caveat{}, fmt.Errorf("method caveat: %v", err)
}
- return security.MethodCaveat(methods[0], methods[1:]...)
+ return security.NewMethodCaveat(methods[0], methods[1:]...)
}
func peerBlessingsCaveat(args ...interface{}) (security.Caveat, error) {
diff --git a/services/identity/internal/dischargerlib/discharger.go b/services/identity/internal/dischargerlib/discharger.go
index cf75370..4fb6d48 100644
--- a/services/identity/internal/dischargerlib/discharger.go
+++ b/services/identity/internal/dischargerlib/discharger.go
@@ -26,7 +26,7 @@
if err := tp.Dischargeable(ctx, call.Security()); err != nil {
return security.Discharge{}, fmt.Errorf("third-party caveat %v cannot be discharged for this context: %v", tp, err)
}
- expiry, err := security.ExpiryCaveat(time.Now().Add(15 * time.Minute))
+ expiry, err := security.NewExpiryCaveat(time.Now().Add(15 * time.Minute))
if err != nil {
return security.Discharge{}, fmt.Errorf("unable to create expiration caveat on the discharge: %v", err)
}
diff --git a/services/identity/internal/oauth/handler.go b/services/identity/internal/oauth/handler.go
index bea1fae..815431f 100644
--- a/services/identity/internal/oauth/handler.go
+++ b/services/identity/internal/oauth/handler.go
@@ -227,7 +227,7 @@
func prettyPrintCaveats(cavs []security.Caveat) ([]string, error) {
s := make([]string, len(cavs))
for i, cav := range cavs {
- if cav.Id == security.PublicKeyThirdPartyCaveatX.Id {
+ if cav.Id == security.PublicKeyThirdPartyCaveat.Id {
c := cav.ThirdPartyDetails()
s[i] = fmt.Sprintf("ThirdPartyCaveat: Requires discharge from %v (ID=%q)", c.Location(), c.ID())
continue
@@ -238,9 +238,9 @@
return nil, err
}
switch cav.Id {
- case security.ExpiryCaveatX.Id:
+ case security.ExpiryCaveat.Id:
s[i] = fmt.Sprintf("Expires at %v", param)
- case security.MethodCaveatX.Id:
+ case security.MethodCaveat.Id:
s[i] = fmt.Sprintf("Restricted to methods %v", param)
case security.PeerBlessingsCaveat.Id:
s[i] = fmt.Sprintf("Restricted to peers with blessings %v", param)
diff --git a/services/role/roled/internal/discharger.go b/services/role/roled/internal/discharger.go
index 5e8f4a0..2a624cc 100644
--- a/services/role/roled/internal/discharger.go
+++ b/services/role/roled/internal/discharger.go
@@ -41,12 +41,12 @@
// TODO(rthellend,ashankar): Do proper logging when the API allows it.
vlog.Infof("Discharge() impetus: %#v", impetus)
- expiry, err := security.ExpiryCaveat(time.Now().Add(5 * time.Minute))
+ expiry, err := security.NewExpiryCaveat(time.Now().Add(5 * time.Minute))
if err != nil {
return security.Discharge{}, verror.Convert(verror.ErrInternal, ctx, err)
}
// Bind the discharge to precisely the purpose the requestor claims it will be used.
- method, err := security.MethodCaveat(impetus.Method)
+ method, err := security.NewMethodCaveat(impetus.Method)
if err != nil {
return security.Discharge{}, verror.Convert(verror.ErrInternal, ctx, err)
}
diff --git a/services/role/roled/internal/role.go b/services/role/roled/internal/role.go
index 2e39f7c..9d0e332 100644
--- a/services/role/roled/internal/role.go
+++ b/services/role/roled/internal/role.go
@@ -90,7 +90,7 @@
if err != nil {
return nil, verror.Convert(verror.ErrInternal, ctx, err)
}
- expiry, err := security.ExpiryCaveat(time.Now().Add(d))
+ expiry, err := security.NewExpiryCaveat(time.Now().Add(d))
if err != nil {
return nil, verror.Convert(verror.ErrInternal, ctx, err)
}
diff --git a/services/wspr/internal/account/account.go b/services/wspr/internal/account/account.go
index f577b59..0289534 100644
--- a/services/wspr/internal/account/account.go
+++ b/services/wspr/internal/account/account.go
@@ -146,9 +146,9 @@
return security.Caveat{}, zeroTime, fmt.Errorf("time.parseDuration(%v) failed: %v", arg, err)
}
expirationTime := time.Now().Add(dur)
- cav, err := security.ExpiryCaveat(expirationTime)
+ cav, err := security.NewExpiryCaveat(expirationTime)
if err != nil {
- return security.Caveat{}, zeroTime, fmt.Errorf("security.ExpiryCaveat(%v) failed: %v", expirationTime, err)
+ return security.Caveat{}, zeroTime, fmt.Errorf("security.NewExpiryCaveat(%v) failed: %v", expirationTime, err)
}
return cav, expirationTime, nil
}
@@ -158,5 +158,5 @@
if len(args) == 0 {
return security.Caveat{}, fmt.Errorf("must pass at least one method")
}
- return security.MethodCaveat(args[0], args[1:]...)
+ return security.NewMethodCaveat(args[0], args[1:]...)
}
diff --git a/services/wspr/internal/principal/principal_test.go b/services/wspr/internal/principal/principal_test.go
index 492688b..2f86ef4 100644
--- a/services/wspr/internal/principal/principal_test.go
+++ b/services/wspr/internal/principal/principal_test.go
@@ -42,7 +42,7 @@
}
// Test AddOrigin.
- cav, err := security.MethodCaveat("Foo")
+ cav, err := security.NewMethodCaveat("Foo")
if err != nil {
return fmt.Errorf("security.MethodCaveat failed: %v", err)
}
@@ -197,7 +197,7 @@
// Test with no expiration caveat.
origin1 := "http://origin-1.com"
- methodCav, err := security.MethodCaveat("Foo")
+ methodCav, err := security.NewMethodCaveat("Foo")
if err != nil {
fmt.Errorf("security.MethodCaveat failed: %v", err)
}
@@ -214,9 +214,9 @@
origin2 := "http://origin-2.com"
futureTime := time.Now().Add(5 * time.Minute)
- futureExpCav, err := security.ExpiryCaveat(futureTime)
+ futureExpCav, err := security.NewExpiryCaveat(futureTime)
if err != nil {
- fmt.Errorf("security.ExpiryCaveat(%v) failed: %v", futureTime, err)
+ fmt.Errorf("security.NewExpiryCaveat(%v) failed: %v", futureTime, err)
}
if err := m.AddOrigin(origin2, googleAccount, []security.Caveat{futureExpCav}, []time.Time{futureTime}); err != nil {
@@ -231,9 +231,9 @@
origin3 := "http://origin-3.com"
pastTime := time.Now().Add(-5 * time.Minute)
- pastExpCav, err := security.ExpiryCaveat(pastTime)
+ pastExpCav, err := security.NewExpiryCaveat(pastTime)
if err != nil {
- fmt.Errorf("security.ExpiryCaveat(%v) failed: %v", pastTime, err)
+ fmt.Errorf("security.NewExpiryCaveat(%v) failed: %v", pastTime, err)
}
if err := m.AddOrigin(origin3, googleAccount, []security.Caveat{futureExpCav, pastExpCav}, []time.Time{futureTime, pastTime}); err != nil {
diff --git a/services/wspr/internal/rpc/server/server.go b/services/wspr/internal/rpc/server/server.go
index 9ab5309..2069d8c 100644
--- a/services/wspr/internal/rpc/server/server.go
+++ b/services/wspr/internal/rpc/server/server.go
@@ -410,7 +410,7 @@
// CaveatValidation implements a function suitable for passing to
// security.OverrideCaveatValidation.
//
-// Certain caveats (PublicKeyThirdPartyCaveatX) are intercepted and handled in
+// Certain caveats (PublicKeyThirdPartyCaveat) are intercepted and handled in
// go, while all other caveats are evaluated in javascript.
func CaveatValidation(ctx *context.T, call security.Call, cavs [][]security.Caveat) []error {
// If the server isn't set in the context, we just perform validation in Go.
@@ -446,7 +446,7 @@
default:
}
switch cav.Id {
- case security.PublicKeyThirdPartyCaveatX.Id:
+ case security.PublicKeyThirdPartyCaveat.Id:
res := cav.Validate(ctx, call)
if res != nil {
valStatus[i] = validationStatus{
