security/audit/id.go - release.go.x.ref - Git at Google

 package audit

 import (
 	"fmt"
 	"time"

 	"veyron.io/veyron/veyron2/security"
 )

 type auditingID struct {
 	id      security.PrivateID
 	auditor Auditor
 }

 // NewPrivateID returns a security.PrivateID implementation that wraps over 'wrapped' but
 // logs all operations that use the private key of wrapped to the auditor.
 func NewPrivateID(wrapped security.PrivateID, auditor Auditor) security.PrivateID {
 	return &auditingID{wrapped, auditor}
 }

 func (id *auditingID) Sign(message []byte) (security.Signature, error) {
 	sig, err := id.id.Sign(message)
 	// Do not save the signature itself.
 	if err = id.audit(err, "Sign", args{message}, nil); err != nil {
 		return security.Signature{}, err
 	}
 	return sig, nil
 }

 func (id *auditingID) PublicKey() security.PublicKey {
 	return id.id.PublicKey()
 }

 func (id *auditingID) PublicID() security.PublicID {
 	return id.id.PublicID()
 }

 func (id *auditingID) Bless(blessee security.PublicID, blessingName string, duration time.Duration, caveats []security.Caveat) (security.PublicID, error) {
 	blessed, err := id.id.Bless(blessee, blessingName, duration, caveats)
 	if err = id.audit(err, "Bless", args{blessee, blessingName, duration, caveats}, blessed); err != nil {
 		return nil, err
 	}
 	return blessed, nil
 }

 func (id *auditingID) Derive(publicID security.PublicID) (security.PrivateID, error) {
 	// No auditing for Derive. Two reasons:
 	// (1) This method is expected to go away (ataly@)
 	// (2) There is no operation on the private key here.
 	// However, operations on the Derived id do need to be audited.
 	derived, err := id.id.Derive(publicID)
 	if err != nil {
 		return nil, err
 	}
 	return NewPrivateID(derived, id.auditor), nil
 }

 func (id *auditingID) MintDischarge(caveat security.ThirdPartyCaveat, context security.Context, duration time.Duration, caveats []security.Caveat) (security.Discharge, error) {
 	d, err := id.id.MintDischarge(caveat, context, duration, caveats)
 	if err = id.audit(err, "MintDischarge", args{caveat, context, duration, caveats}, nil); err != nil {
 		return nil, err
 	}
 	return d, nil
 }

 func (id *auditingID) audit(err error, method string, args args, result interface{}) error {
 	if err != nil {
 		return err
 	}
 	entry := Entry{Method: method, Timestamp: time.Now()}
 	if len(args) > 0 {
 		entry.Arguments = []interface{}(args)
 	}
 	if result != nil {
 		entry.Results = []interface{}{result}
 	}
 	if err := id.auditor.Audit(entry); err != nil {
 		return fmt.Errorf("failed to audit call to %q: %v", method, err)
 	}
 	return nil
 }
	package audit

	import (
	"fmt"
	"time"

	"veyron.io/veyron/veyron2/security"
	)

	type auditingID struct {
	id security.PrivateID
	auditor Auditor
	}

	// NewPrivateID returns a security.PrivateID implementation that wraps over 'wrapped' but
	// logs all operations that use the private key of wrapped to the auditor.
	func NewPrivateID(wrapped security.PrivateID, auditor Auditor) security.PrivateID {
	return &auditingID{wrapped, auditor}
	}

	func (id *auditingID) Sign(message []byte) (security.Signature, error) {
	sig, err := id.id.Sign(message)
	// Do not save the signature itself.
	if err = id.audit(err, "Sign", args{message}, nil); err != nil {
	return security.Signature{}, err
	}
	return sig, nil
	}

	func (id *auditingID) PublicKey() security.PublicKey {
	return id.id.PublicKey()
	}

	func (id *auditingID) PublicID() security.PublicID {
	return id.id.PublicID()
	}

	func (id *auditingID) Bless(blessee security.PublicID, blessingName string, duration time.Duration, caveats []security.Caveat) (security.PublicID, error) {
	blessed, err := id.id.Bless(blessee, blessingName, duration, caveats)
	if err = id.audit(err, "Bless", args{blessee, blessingName, duration, caveats}, blessed); err != nil {
	return nil, err
	}
	return blessed, nil
	}

	func (id *auditingID) Derive(publicID security.PublicID) (security.PrivateID, error) {
	// No auditing for Derive. Two reasons:
	// (1) This method is expected to go away (ataly@)
	// (2) There is no operation on the private key here.
	// However, operations on the Derived id do need to be audited.
	derived, err := id.id.Derive(publicID)
	if err != nil {
	return nil, err
	}
	return NewPrivateID(derived, id.auditor), nil
	}

	func (id *auditingID) MintDischarge(caveat security.ThirdPartyCaveat, context security.Context, duration time.Duration, caveats []security.Caveat) (security.Discharge, error) {
	d, err := id.id.MintDischarge(caveat, context, duration, caveats)
	if err = id.audit(err, "MintDischarge", args{caveat, context, duration, caveats}, nil); err != nil {
	return nil, err
	}
	return d, nil
	}

	func (id *auditingID) audit(err error, method string, args args, result interface{}) error {
	if err != nil {
	return err
	}
	entry := Entry{Method: method, Timestamp: time.Now()}
	if len(args) > 0 {
	entry.Arguments = []interface{}(args)
	}
	if result != nil {
	entry.Results = []interface{}{result}
	}
	if err := id.auditor.Audit(entry); err != nil {
	return fmt.Errorf("failed to audit call to %q: %v", method, err)
	}
	return nil
	}