veyron2/security: Replace PrincipalPattern with BlessingPattern.
This change:
(1) Renames PrincipalPattern to BlessingPattern
(2) Changes the MatchedBy method to operate on blessing strings instead of
requiring the PublicID.
(3) Updates ACL matching to use simpler primitives
This is step one of many in morphing the security API/model to
the target state described in:
https://veyron-review.googlesource.com/#/c/4102/
TESTED=go test veyron/... veyron2/... on mac and linux
And ran all the shell tests on Mac.
Change-Id: I810b3c8b2e3b4e93a1e951a594601bc9e1f4c05f
diff --git a/jni/runtimes/google/security/jni.go b/jni/runtimes/google/security/jni.go
index 0dc8a08..0852ec0 100644
--- a/jni/runtimes/google/security/jni.go
+++ b/jni/runtimes/google/security/jni.go
@@ -27,15 +27,15 @@
jCaveatClass C.jclass
// Global reference for com.veyron2.security.ServiceCaveat class.
jServiceCaveatClass C.jclass
- // Global reference for com.veyron2.security.PrincipalPattern class.
- jPrincipalPatternClass C.jclass
+ // Global reference for com.veyron2.security.BlessingPattern class.
+ jBlessingPatternClass C.jclass
// Global reference for org.joda.time.Duration class.
jDurationClass C.jclass
// Signature of the PublicID interface.
publicIDSign = util.ClassSign("com.veyron2.security.PublicID")
- // Signature of the PrincipalPattern class.
- principalPatternSign = util.ClassSign("com.veyron2.security.PrincipalPattern")
+ // Signature of the BlessingPattern class.
+ principalPatternSign = util.ClassSign("com.veyron2.security.BlessingPattern")
)
// Init initializes the JNI code with the given Java evironment. This method
@@ -53,7 +53,7 @@
jContextImplClass = C.jclass(util.JFindClassPtrOrDie(env, "com/veyron/runtimes/google/security/Context"))
jCaveatClass = C.jclass(util.JFindClassPtrOrDie(env, "com/veyron2/security/Caveat"))
jServiceCaveatClass = C.jclass(util.JFindClassPtrOrDie(env, "com/veyron2/security/ServiceCaveat"))
- jPrincipalPatternClass = C.jclass(util.JFindClassPtrOrDie(env, "com/veyron2/security/PrincipalPattern"))
+ jBlessingPatternClass = C.jclass(util.JFindClassPtrOrDie(env, "com/veyron2/security/BlessingPattern"))
jDurationClass = C.jclass(util.JFindClassPtrOrDie(env, "org/joda/time/Duration"))
}
@@ -82,7 +82,7 @@
func Java_com_veyron_runtimes_google_security_PublicIDStore_nativeAdd(env *C.JNIEnv, jPublicIDStore C.jobject, goPublicIDStorePtr C.jlong, jID C.jobject, jPeerPattern C.jstring) {
idPtr := util.CallLongMethodOrCatch(env, jID, "getNativePtr", nil)
id := (*(*security.PublicID)(util.Ptr(idPtr)))
- peerPattern := security.PrincipalPattern(util.GoString(env, jPeerPattern))
+ peerPattern := security.BlessingPattern(util.GoString(env, jPeerPattern))
if err := (*(*security.PublicIDStore)(util.Ptr(goPublicIDStorePtr))).Add(id, peerPattern); err != nil {
util.JThrowV(env, err)
return
@@ -113,10 +113,10 @@
return C.jlong(util.PtrValue(&id))
}
-//export Java_com_veyron_runtimes_google_security_PublicIDStore_nativeSetDefaultPrincipalPattern
-func Java_com_veyron_runtimes_google_security_PublicIDStore_nativeSetDefaultPrincipalPattern(env *C.JNIEnv, jPublicIDStore C.jobject, goPublicIDStorePtr C.jlong, jPattern C.jstring) {
- pattern := security.PrincipalPattern(util.GoString(env, jPattern))
- if err := (*(*security.PublicIDStore)(util.Ptr(goPublicIDStorePtr))).SetDefaultPrincipalPattern(pattern); err != nil {
+//export Java_com_veyron_runtimes_google_security_PublicIDStore_nativeSetDefaultBlessingPattern
+func Java_com_veyron_runtimes_google_security_PublicIDStore_nativeSetDefaultBlessingPattern(env *C.JNIEnv, jPublicIDStore C.jobject, goPublicIDStorePtr C.jlong, jPattern C.jstring) {
+ pattern := security.BlessingPattern(util.GoString(env, jPattern))
+ if err := (*(*security.PublicIDStore)(util.Ptr(goPublicIDStorePtr))).SetDefaultBlessingPattern(pattern); err != nil {
util.JThrowV(env, err)
return
}
diff --git a/jni/runtimes/google/security/publicid.go b/jni/runtimes/google/security/publicid.go
index 541779e..9ef816b 100644
--- a/jni/runtimes/google/security/publicid.go
+++ b/jni/runtimes/google/security/publicid.go
@@ -89,7 +89,7 @@
sCaveats := make([]security.ServiceCaveat, len(jServiceCaveats))
for i, jcaveat := range jServiceCaveats {
sCaveats[i] = security.ServiceCaveat{
- Service: security.PrincipalPattern(util.JStringField(env, C.jobject(jcaveat), "service")),
+ Service: security.BlessingPattern(util.JStringField(env, C.jobject(jcaveat), "service")),
Caveat: newCaveat(env, C.jobject(jcaveat)),
}
}
diff --git a/jni/runtimes/google/security/publicid_store.go b/jni/runtimes/google/security/publicid_store.go
index 2c5237b..04334f5 100644
--- a/jni/runtimes/google/security/publicid_store.go
+++ b/jni/runtimes/google/security/publicid_store.go
@@ -54,14 +54,14 @@
jPublicIDStore C.jobject
}
-func (s *publicIDStore) Add(id security.PublicID, peerPattern security.PrincipalPattern) error {
+func (s *publicIDStore) Add(id security.PublicID, peerPattern security.BlessingPattern) error {
envPtr, freeFunc := util.GetEnv(s.jVM)
env := (*C.JNIEnv)(envPtr)
defer freeFunc()
util.GoRef(&id) // Un-refed when the Java PublicID object created below is finalized.
jPublicID := C.jobject(util.NewObjectOrCatch(env, jPublicIDImplClass, []util.Sign{util.LongSign}, &id))
- jPrincipalPattern := C.jobject(util.NewObjectOrCatch(env, jPrincipalPatternClass, []util.Sign{util.StringSign}, string(peerPattern)))
- return util.CallVoidMethod(env, s.jPublicIDStore, "add", []util.Sign{publicIDSign, principalPatternSign}, jPublicID, jPrincipalPattern)
+ jBlessingPattern := C.jobject(util.NewObjectOrCatch(env, jBlessingPatternClass, []util.Sign{util.StringSign}, string(peerPattern)))
+ return util.CallVoidMethod(env, s.jPublicIDStore, "add", []util.Sign{publicIDSign, principalPatternSign}, jPublicID, jBlessingPattern)
}
func (s *publicIDStore) ForPeer(peer security.PublicID) (security.PublicID, error) {
@@ -90,10 +90,10 @@
return (*(*security.PublicID)(util.Ptr(publicIDPtr))), nil
}
-func (s *publicIDStore) SetDefaultPrincipalPattern(pattern security.PrincipalPattern) error {
+func (s *publicIDStore) SetDefaultBlessingPattern(pattern security.BlessingPattern) error {
envPtr, freeFunc := util.GetEnv(s.jVM)
env := (*C.JNIEnv)(envPtr)
defer freeFunc()
- jPattern := C.jobject(util.NewObjectOrCatch(env, jPrincipalPatternClass, []util.Sign{util.StringSign}, string(pattern)))
- return util.CallVoidMethod(env, s.jPublicIDStore, "setDefaultPrincipalPattern", []util.Sign{principalPatternSign}, jPattern)
+ jPattern := C.jobject(util.NewObjectOrCatch(env, jBlessingPatternClass, []util.Sign{util.StringSign}, string(pattern)))
+ return util.CallVoidMethod(env, s.jPublicIDStore, "setDefaultBlessingPattern", []util.Sign{principalPatternSign}, jPattern)
}
diff --git a/jni/runtimes/google/security/service_caveat.go b/jni/runtimes/google/security/service_caveat.go
index e4d8ff6..a6e599c 100644
--- a/jni/runtimes/google/security/service_caveat.go
+++ b/jni/runtimes/google/security/service_caveat.go
@@ -17,8 +17,8 @@
sCaveats := make([]security.ServiceCaveat, length)
for i := 0; i < length; i++ {
jServiceCaveat := C.GetObjectArrayElement(env, jServiceCaveats, C.jsize(i))
- jPrincipalPattern := C.jobject(util.CallObjectMethodOrCatch(env, jServiceCaveat, "getServices", nil, util.ClassSign("com.veyron2.security.PrincipalPattern")))
- services := util.CallStringMethodOrCatch(env, jPrincipalPattern, "getValue", nil)
+ jBlessingPattern := C.jobject(util.CallObjectMethodOrCatch(env, jServiceCaveat, "getServices", nil, util.ClassSign("com.veyron2.security.BlessingPattern")))
+ services := util.CallStringMethodOrCatch(env, jBlessingPattern, "getValue", nil)
jCaveat := C.jobject(util.CallObjectMethodOrCatch(env, jServiceCaveat, "getCaveat", nil, util.ClassSign("com.veyron2.security.Caveat")))
// TODO(spetrovic): we get native pointer for PublicID and it works because the plan is for
// PublicID to be an interface with only a few implementations in veyron2: folks aren't
@@ -30,7 +30,7 @@
caveatPtr := util.CallLongMethodOrCatch(env, jCaveat, "getNativePtr", nil)
caveat := (*(*security.Caveat)(util.Ptr(caveatPtr)))
sCaveats[i] = security.ServiceCaveat{
- Service: security.PrincipalPattern(services),
+ Service: security.BlessingPattern(services),
Caveat: caveat,
}
}
@@ -45,8 +45,8 @@
util.GoRef(&caveat) // Un-refed when the Java Caveat object is finalized.
jCaveat := C.jobject(util.NewObjectOrCatch(env, jCaveatImplClass, []util.Sign{util.LongSign}, &caveat))
services := string(sCaveat.Service)
- jPattern := C.jobject(util.NewObjectOrCatch(env, jPrincipalPatternClass, []util.Sign{util.StringSign}, services))
- patternSign := util.ClassSign("com.veyron2.security.PrincipalPattern")
+ jPattern := C.jobject(util.NewObjectOrCatch(env, jBlessingPatternClass, []util.Sign{util.StringSign}, services))
+ patternSign := util.ClassSign("com.veyron2.security.BlessingPattern")
caveatSign := util.ClassSign("com.veyron2.security.Caveat")
jServiceCaveat := C.jobject(util.NewObjectOrCatch(env, jServiceCaveatClass, []util.Sign{patternSign, caveatSign}, jPattern, jCaveat))
C.SetObjectArrayElement(env, jServiceCaveats, C.jsize(i), jServiceCaveat)
