veyron/runtimes/google/security: Export a single PrivateID factory method.
This change unexports NewChainPrivateID and NewTreePrivateID and provides a single
NewPrivateID. This prevents clients of this library from worrying about which
implementation to choose and if we ever decide that we want to default to the
Tree implementation, then we have a single place to change (and fix up
any breaking tests).
Change-Id: I500d2ccd69ea8cc4e8571bf02face4814caf2d9d
diff --git a/lib/testutil/util.go b/lib/testutil/util.go
index b6a8bf9..5f75d4b 100644
--- a/lib/testutil/util.go
+++ b/lib/testutil/util.go
@@ -69,7 +69,7 @@
// under the provided name. This function is meant to be used for testing purposes only,
// it panics if there is an error.
func NewBlessedIdentity(blesser security.PrivateID, name string) security.PrivateID {
- id, err := isecurity.NewChainPrivateID("test")
+ id, err := isecurity.NewPrivateID("test")
if err != nil {
panic(err)
}
diff --git a/runtimes/google/ipc/full_test.go b/runtimes/google/ipc/full_test.go
index 7b6ac46..6f2fc69 100644
--- a/runtimes/google/ipc/full_test.go
+++ b/runtimes/google/ipc/full_test.go
@@ -269,7 +269,7 @@
}
func derive(blessor security.PrivateID, name string, caveats []security.ServiceCaveat) security.PrivateID {
- id, err := isecurity.NewChainPrivateID("irrelevant")
+ id, err := isecurity.NewPrivateID("irrelevant")
if err != nil {
panic(err)
}
@@ -678,11 +678,11 @@
func init() {
var err error
- if clientID, err = isecurity.NewChainPrivateID("client"); err != nil {
- log.Fatalf("failed isecurity.NewChainPrivateID: %s", err)
+ if clientID, err = isecurity.NewPrivateID("client"); err != nil {
+ log.Fatalf("failed isecurity.NewPrivateID: %s", err)
}
- if serverID, err = isecurity.NewChainPrivateID("server"); err != nil {
- log.Fatalf("failed isecurity.NewChainPrivateID: %s", err)
+ if serverID, err = isecurity.NewPrivateID("server"); err != nil {
+ log.Fatalf("failed isecurity.NewPrivateID: %s", err)
}
isecurity.TrustIdentityProviders(clientID)
isecurity.TrustIdentityProviders(serverID)
diff --git a/runtimes/google/rt/security.go b/runtimes/google/rt/security.go
index a246a67..87f9055 100644
--- a/runtimes/google/rt/security.go
+++ b/runtimes/google/rt/security.go
@@ -12,7 +12,7 @@
)
func (rt *vrt) NewIdentity(name string) (security.PrivateID, error) {
- return isecurity.NewChainPrivateID(name)
+ return isecurity.NewPrivateID(name)
}
func (rt *vrt) Identity() security.PrivateID {
diff --git a/runtimes/google/security/identity.go b/runtimes/google/security/identity.go
new file mode 100644
index 0000000..857408c
--- /dev/null
+++ b/runtimes/google/security/identity.go
@@ -0,0 +1,10 @@
+package security
+
+import "veyron2/security"
+
+// NewPrivateID returns a new PrivateID containing a freshly generated
+// private key, and a single self-signed certificate specifying the provided
+// name and the public key corresponding to the generated private key.
+func NewPrivateID(name string) (security.PrivateID, error) {
+ return newChainPrivateID(name)
+}
diff --git a/runtimes/google/security/identity_chain.go b/runtimes/google/security/identity_chain.go
index 7c47001..2f62091 100644
--- a/runtimes/google/security/identity_chain.go
+++ b/runtimes/google/security/identity_chain.go
@@ -202,10 +202,10 @@
return nil, fmt.Errorf("discharge cannot be constructed for ThirdPartyCaveat of type %T from PrivateID of type %T", cav, id)
}
-// NewChainPrivateID returns a new PrivateID containing a freshly generated
+// newChainPrivateID returns a new PrivateID containing a freshly generated
// private key, and a single self-signed certificate specifying the provided
// name and the public key corresponding to the generated private key.
-func NewChainPrivateID(name string) (security.PrivateID, error) {
+func newChainPrivateID(name string) (security.PrivateID, error) {
key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
return nil, err
diff --git a/runtimes/google/security/identity_tree.go b/runtimes/google/security/identity_tree.go
index d5e8eff..80b6930 100644
--- a/runtimes/google/security/identity_tree.go
+++ b/runtimes/google/security/identity_tree.go
@@ -238,10 +238,10 @@
return nil, fmt.Errorf("discharge cannot be constructed for ThirdPartyCaveat of type %T from PrivateID of type %T", cav, id)
}
-// NewTreePrivateID returns a new PrivateID containing a freshly generated private
+// newTreePrivateID returns a new PrivateID containing a freshly generated private
// key, and a single self-signed blessing for the provided name and the public key
// corresponding to the generated private key.
-func NewTreePrivateID(name string) (security.PrivateID, error) {
+func newTreePrivateID(name string) (security.PrivateID, error) {
key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
return nil, err
diff --git a/runtimes/google/security/performance_test.go b/runtimes/google/security/performance_test.go
index e4cfdc4..ded5af8 100644
--- a/runtimes/google/security/performance_test.go
+++ b/runtimes/google/security/performance_test.go
@@ -72,8 +72,8 @@
func BenchmarkNewChain(b *testing.B) {
for i := 0; i < b.N; i++ {
- if _, err := NewChainPrivateID("X"); err != nil {
- b.Fatalf("Failed NewChainPrivateID #%d: %v", i, err)
+ if _, err := newChainPrivateID("X"); err != nil {
+ b.Fatalf("Failed newChainPrivateID #%d: %v", i, err)
}
}
@@ -123,8 +123,8 @@
func BenchmarkNewTree(b *testing.B) {
for i := 0; i < b.N; i++ {
- if _, err := NewTreePrivateID("X"); err != nil {
- b.Fatalf("NewTreePrivateID #%d: %v", i, err)
+ if _, err := newTreePrivateID("X"); err != nil {
+ b.Fatalf("newTreePrivateID #%d: %v", i, err)
}
}
diff --git a/runtimes/google/security/util_test.go b/runtimes/google/security/util_test.go
index dc603b4..15955bc 100644
--- a/runtimes/google/security/util_test.go
+++ b/runtimes/google/security/util_test.go
@@ -52,7 +52,7 @@
}
func newChain(name string) security.PrivateID {
- id, err := NewChainPrivateID(name)
+ id, err := newChainPrivateID(name)
if err != nil {
panic(err)
}
@@ -60,7 +60,7 @@
}
func newTree(name string) security.PrivateID {
- id, err := NewTreePrivateID(name)
+ id, err := newTreePrivateID(name)
if err != nil {
panic(err)
}
