veyron/security/agent: Make the agent a pricipal.
* The private key for the principal will have to be in a file named
privatekey.pem located in the directory VEYRON_CREDENTIALS.
* Agent server will have a underlying pricipal.
* Agent client makes rpcs to server to act as a principal.
Change-Id: I29d69c0bfbae4ef3c7530f6a4636b304d56c9cf3
diff --git a/runtimes/google/rt/sectransition/test.sh b/runtimes/google/rt/sectransition/test.sh
index b1ddf61..242da08 100755
--- a/runtimes/google/rt/sectransition/test.sh
+++ b/runtimes/google/rt/sectransition/test.sh
@@ -102,4 +102,4 @@
shell_test::pass
}
-main "$@"
+main "$@"
\ No newline at end of file
diff --git a/runtimes/google/rt/security.go b/runtimes/google/rt/security.go
index fb9935b..9295625 100644
--- a/runtimes/google/rt/security.go
+++ b/runtimes/google/rt/security.go
@@ -52,46 +52,29 @@
if rt.principal != nil {
return nil
}
- // TODO(ataly, ashankar): Check if agent environment variables are
- // specified and if so initialize principal from agent.
var err error
- if dir := os.Getenv(VeyronCredentialsEnvVar); len(dir) > 0 {
+ if len(os.Getenv(agent.FdVarName)) > 0 {
+ rt.principal, err = rt.connectToAgent()
+ return err
+ } else if dir := os.Getenv(VeyronCredentialsEnvVar); len(dir) > 0 {
// TODO(ataly, ashankar): If multiple runtimes are getting
// initialized at the same time from the same VEYRON_CREDENTIALS
// we will need some kind of locking for the credential files.
- existed := true
if rt.principal, err = vsecurity.LoadPersistentPrincipal(dir, nil); err != nil {
- existed = false
- if rt.principal, err = vsecurity.CreatePersistentPrincipal(dir, nil); err != nil {
- return err
+ if os.IsNotExist(err) {
+ if rt.principal, err = vsecurity.CreatePersistentPrincipal(dir, nil); err != nil {
+ return err
+ }
+ return vsecurity.InitDefaultBlessings(rt.principal, defaultBlessingName())
}
- }
- if !existed {
- return initDefaultBlessings(rt.principal)
+ return err
}
return nil
}
if rt.principal, err = vsecurity.NewPrincipal(); err != nil {
return err
}
- return initDefaultBlessings(rt.principal)
-}
-
-func initDefaultBlessings(p security.Principal) error {
- blessing, err := p.BlessSelf(defaultBlessingName())
- if err != nil {
- return err
- }
- if err := p.BlessingStore().SetDefault(blessing); err != nil {
- return err
- }
- if _, err := p.BlessingStore().Set(blessing, security.AllPrincipals); err != nil {
- return err
- }
- if err := p.AddToRoots(blessing); err != nil {
- return err
- }
- return nil
+ return vsecurity.InitDefaultBlessings(rt.principal, defaultBlessingName())
}
// TODO(ataly, ashankar): Get rid of this method once we get rid of
@@ -122,10 +105,7 @@
return nil
}
var err error
- if len(os.Getenv(agent.FdVarName)) > 0 {
- rt.id, err = rt.connectToAgent()
- return err
- } else if file := os.Getenv("VEYRON_IDENTITY"); len(file) > 0 {
+ if file := os.Getenv("VEYRON_IDENTITY"); len(file) > 0 {
if rt.id, err = loadIdentityFromFile(file); err != nil || rt.id == nil {
return fmt.Errorf("Could not load identity from the VEYRON_IDENTITY environment variable (%q): %v", file, err)
}
@@ -186,7 +166,7 @@
return vsecurity.LoadIdentity(f, hack)
}
-func (rt *vrt) connectToAgent() (security.PrivateID, error) {
+func (rt *vrt) connectToAgent() (security.Principal, error) {
client, err := rt.NewClient(options.VCSecurityNone)
if err != nil {
return nil, err
@@ -195,9 +175,5 @@
if err != nil {
return nil, err
}
- signer, err := agent.NewAgentSigner(client, fd, rt.NewContext())
- if err != nil {
- return nil, err
- }
- return isecurity.NewPrivateID("selfSigned", signer)
+ return agent.NewAgentPrincipal(client, fd, rt.NewContext())
}
diff --git a/security/agent/agent_test.go b/security/agent/agent_test.go
index 524a964..d3a0b39 100644
--- a/security/agent/agent_test.go
+++ b/security/agent/agent_test.go
@@ -4,85 +4,297 @@
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
- "os"
+ "errors"
"reflect"
"testing"
- "veyron.io/veyron/veyron2/options"
- "veyron.io/veyron/veyron2/rt"
- "veyron.io/veyron/veyron2/security"
-
_ "veyron.io/veyron/veyron/profiles"
"veyron.io/veyron/veyron/security/agent"
"veyron.io/veyron/veyron/security/agent/server"
+
+ "veyron.io/veyron/veyron2/options"
+ "veyron.io/veyron/veyron2/rt"
+ "veyron.io/veyron/veyron2/security"
)
-type fakesigner struct {
- key security.PublicKey
-}
-
-type testdata struct {
- server_conn os.File
- agent security.Signer
- signer fakesigner
-}
-
-func setup() *testdata {
+func setupAgent(t *testing.T, p security.Principal) security.Principal {
runtime := rt.Init()
- result := &testdata{signer: newFakeSigner()}
- sock, err := server.RunAnonymousAgent(runtime, result.signer)
+ sock, err := server.RunAnonymousAgent(runtime, p)
if err != nil {
- panic(err)
+ t.Fatal(err)
}
defer sock.Close()
client, err := runtime.NewClient(options.VCSecurityNone)
if err != nil {
- panic(err)
+ t.Fatal(err)
}
- if agent, err := agent.NewAgentSigner(client, int(sock.Fd()), runtime.NewContext()); err == nil {
- result.agent = agent
- return result
- } else {
- panic(err)
+ var agentP security.Principal
+ if agentP, err = agent.NewAgentPrincipal(client, int(sock.Fd()), runtime.NewContext()); err != nil {
+ t.Fatal(err)
+ }
+ return agentP
+}
+
+type testInfo struct {
+ Method string
+ Args V
+ Result interface{} // Result returned by the Method call.
+ Error error // If Error is not nil will be compared to the last result.
+}
+
+var addToRootsErr = errors.New("AddToRoots")
+var storeSetDefaultErr = errors.New("StoreSetDefault")
+var rootsAddErr = errors.New("RootsAdd")
+var rootsRecognizedErr = errors.New("RootsRecognized")
+
+func TestAgent(t *testing.T) {
+ var (
+ thirdPartyCaveat, discharge = newThirdPartyCaveatAndDischarge(t)
+ mockP = newMockPrincipal()
+ agent = setupAgent(t, mockP)
+ )
+ tests := []testInfo{
+ {"BlessSelf", V{"self"}, newBlessing(t, "blessing"), nil},
+ {"Bless", V{newPrincipal(t).PublicKey(), newBlessing(t, "root"), "extension", security.UnconstrainedUse()}, newBlessing(t, "root/extension"), nil},
+ {"Sign", V{make([]byte, 10)}, security.Signature{R: []byte{1}, S: []byte{1}}, nil},
+ {"MintDischarge", V{thirdPartyCaveat, security.UnconstrainedUse()}, discharge, nil},
+ {"PublicKey", V{}, mockP.PublicKey(), nil},
+ {"AddToRoots", V{newBlessing(t, "blessing")}, nil, addToRootsErr},
+ }
+ for _, test := range tests {
+ mockP.NextResult = test.Result
+ mockP.NextError = test.Error
+ runTest(t, agent, test)
+ }
+
+ store := agent.BlessingStore()
+ storeTests := []testInfo{
+ {"Set", V{newBlessing(t, "blessing"), security.BlessingPattern("test")}, newBlessing(t, "root/extension"), nil},
+ {"ForPeer", V{"test", "oink"}, newBlessing(t, "for/peer"), nil},
+ {"SetDefault", V{newBlessing(t, "blessing")}, nil, storeSetDefaultErr},
+ {"Default", V{}, newBlessing(t, "root/extension"), nil},
+ {"PublicKey", V{}, mockP.PublicKey(), nil},
+ {"DebugString", V{}, "StoreString", nil},
+ }
+ for _, test := range storeTests {
+ mockP.MockStore.NextResult = test.Result
+ mockP.MockStore.NextError = test.Error
+ runTest(t, store, test)
+ }
+
+ roots := agent.Roots()
+ rootTests := []testInfo{
+ {"Add", V{newPrincipal(t).PublicKey(), security.BlessingPattern("test")}, nil, rootsAddErr},
+ {"Recognized", V{newPrincipal(t).PublicKey(), "blessing"}, nil, rootsRecognizedErr},
+ {"DebugString", V{}, "RootsString", nil},
+ }
+ for _, test := range rootTests {
+ mockP.MockRoots.NextResult = test.Result
+ mockP.MockRoots.NextError = test.Error
+ runTest(t, roots, test)
}
}
-func TestSignature(t *testing.T) {
- td := setup()
- sig, err := td.agent.Sign(nil, []byte("abc"))
-
+func runTest(t *testing.T, receiver interface{}, test testInfo) {
+ results, err := call(receiver, test.Method, test.Args)
if err != nil {
- t.Error(err)
+ t.Errorf("failed to invoke p.%v(%#v): %v", test.Method, test.Args, err)
+ return
}
- expected := security.Signature{R: []byte{6}, S: []byte{7}}
- if !reflect.DeepEqual(sig, expected) {
- t.Errorf("Bad signature. Got\n%#v\nExpected:\n%#v", sig, expected)
+ // We only set the error value when error is the only output to ensure the real function gets called.
+ if test.Error != nil {
+ if got := results[len(results)-1]; got == nil || got.(error).Error() != test.Error.Error() {
+ t.Errorf("p.%v(%#v) returned an incorrect error: %v, expected %v", test.Method, test.Args, got, test.Error)
+ }
+ if len(results) == 1 {
+ return
+ }
+ }
+ if got := results[0]; !reflect.DeepEqual(got, test.Result) {
+ t.Errorf("p.%v(%#v) returned %v(%T) want %v(%T)", test.Method, test.Args, got, got, test.Result, test.Result)
}
}
-func TestPublicKey(t *testing.T) {
- td := setup()
- expected_key := td.signer.PublicKey()
- agent_key := td.agent.PublicKey()
- if !reflect.DeepEqual(expected_key, agent_key) {
- t.Errorf("Different keys: %v, %v", expected_key, agent_key)
- }
-}
-
-func newFakeSigner() fakesigner {
+func newMockPrincipal() *mockPrincipal {
key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
panic(err)
}
- return fakesigner{security.NewECDSAPublicKey(&key.PublicKey)}
+ pkey := security.NewECDSAPublicKey(&key.PublicKey)
+ return &mockPrincipal{
+ Key: pkey,
+ MockStore: &mockBlessingStore{Key: pkey},
+ MockRoots: &mockBlessingRoots{},
+ }
}
-func (fakesigner) Sign(message []byte) (security.Signature, error) {
- var sig security.Signature
- sig.R, sig.S = []byte{6}, []byte{7}
- return sig, nil
+type mockPrincipal struct {
+ NextError error
+ NextResult interface{}
+ Key security.PublicKey
+ MockStore *mockBlessingStore
+ MockRoots *mockBlessingRoots
}
-func (s fakesigner) PublicKey() security.PublicKey {
- return s.key
+func (p *mockPrincipal) reset() {
+ p.NextError = nil
+ p.NextResult = nil
+}
+
+func (p *mockPrincipal) Bless(security.PublicKey, security.Blessings, string, security.Caveat, ...security.Caveat) (security.Blessings, error) {
+ defer p.reset()
+ b, _ := p.NextResult.(security.Blessings)
+ return b, p.NextError
+}
+
+func (p *mockPrincipal) BlessSelf(string, ...security.Caveat) (security.Blessings, error) {
+ defer p.reset()
+ b, _ := p.NextResult.(security.Blessings)
+ return b, p.NextError
+}
+
+func (p *mockPrincipal) Sign([]byte) (sig security.Signature, err error) {
+ defer p.reset()
+ sig, _ = p.NextResult.(security.Signature)
+ err = p.NextError
+ return
+}
+
+func (p *mockPrincipal) MintDischarge(security.ThirdPartyCaveat, security.Caveat, ...security.Caveat) (security.Discharge, error) {
+ defer p.reset()
+ d, _ := p.NextResult.(security.Discharge)
+ return d, p.NextError
+}
+
+func (p *mockPrincipal) PublicKey() security.PublicKey { return p.Key }
+func (p *mockPrincipal) Roots() security.BlessingRoots { return p.MockRoots }
+func (p *mockPrincipal) BlessingStore() security.BlessingStore { return p.MockStore }
+func (p *mockPrincipal) AddToRoots(b security.Blessings) error {
+ defer p.reset()
+ return p.NextError
+}
+
+type mockBlessingStore struct {
+ NextError error
+ NextResult interface{}
+ Key security.PublicKey
+}
+
+func (s *mockBlessingStore) reset() {
+ s.NextError = nil
+ s.NextResult = nil
+}
+
+func (s *mockBlessingStore) Set(security.Blessings, security.BlessingPattern) (security.Blessings, error) {
+ defer s.reset()
+ b, _ := s.NextResult.(security.Blessings)
+ return b, s.NextError
+}
+
+func (s *mockBlessingStore) ForPeer(...string) security.Blessings {
+ defer s.reset()
+ b, _ := s.NextResult.(security.Blessings)
+ return b
+}
+
+func (s *mockBlessingStore) SetDefault(security.Blessings) error {
+ defer s.reset()
+ return s.NextError
+}
+
+func (s *mockBlessingStore) Default() security.Blessings {
+ defer s.reset()
+ b, _ := s.NextResult.(security.Blessings)
+ return b
+}
+
+func (s *mockBlessingStore) PublicKey() security.PublicKey { return s.Key }
+
+func (s *mockBlessingStore) DebugString() string {
+ defer s.reset()
+ return s.NextResult.(string)
+}
+
+type mockBlessingRoots struct {
+ NextError error
+ NextResult interface{}
+}
+
+func (r *mockBlessingRoots) reset() {
+ r.NextError = nil
+ r.NextResult = nil
+}
+
+func (r *mockBlessingRoots) Add(security.PublicKey, security.BlessingPattern) error {
+ defer r.reset()
+ return r.NextError
+}
+
+func (r *mockBlessingRoots) Recognized(security.PublicKey, string) error {
+ defer r.reset()
+ return r.NextError
+}
+
+func (r *mockBlessingRoots) DebugString() string {
+ defer r.reset()
+ return r.NextResult.(string)
+}
+
+type V []interface{}
+
+func call(receiver interface{}, method string, args V) (results []interface{}, err interface{}) {
+ defer func() {
+ err = recover()
+ }()
+ callargs := make([]reflect.Value, len(args))
+ for idx, arg := range args {
+ callargs[idx] = reflect.ValueOf(arg)
+ }
+ callresults := reflect.ValueOf(receiver).MethodByName(method).Call(callargs)
+ results = make([]interface{}, len(callresults))
+ for idx, res := range callresults {
+ results[idx] = res.Interface()
+ }
+ return
+}
+
+func newPrincipal(t *testing.T) security.Principal {
+ key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+ if err != nil {
+ t.Fatal(err)
+ }
+ signer := security.NewInMemoryECDSASigner(key)
+ p, err := security.CreatePrincipal(signer, nil, nil)
+ if err != nil {
+ t.Fatal(err)
+ }
+ return p
+}
+
+func newCaveat(c security.Caveat, err error) security.Caveat {
+ if err != nil {
+ panic(err)
+ }
+ return c
+}
+
+func newBlessing(t *testing.T, name string) security.Blessings {
+ b, err := newPrincipal(t).BlessSelf(name)
+ if err != nil {
+ t.Fatal(err)
+ }
+ return b
+}
+
+func newThirdPartyCaveatAndDischarge(t *testing.T) (security.ThirdPartyCaveat, security.Discharge) {
+ p := newPrincipal(t)
+ c, err := security.NewPublicKeyCaveat(p.PublicKey(), "location", security.ThirdPartyRequirements{}, newCaveat(security.MethodCaveat("method")))
+ if err != nil {
+ t.Fatal(err)
+ }
+ d, err := p.MintDischarge(c, security.UnconstrainedUse())
+ if err != nil {
+ t.Fatal(err)
+ }
+ return c, d
}
diff --git a/security/agent/agentd/main.go b/security/agent/agentd/main.go
index bcabd77..569032d 100644
--- a/security/agent/agentd/main.go
+++ b/security/agent/agentd/main.go
@@ -21,18 +21,16 @@
flag.Usage = func() {
fmt.Fprintf(os.Stderr, `Usage: %s [agent options] command command_args...
-Loads the private key specified in under privatekey.pem in VEYRON_AGENT into memory, then
+Loads the private key specified in under privatekey.pem in VEYRON_CREDENTIALS into memory, then
starts the specified command with access to the private key via the
agent protocol instead of directly reading from disk.
`, os.Args[0])
flag.PrintDefaults()
}
- // TODO(suharshs): Switch to "VEYRON_CREDENTIALS" after agent is a principal.
- // This will be the end of the old sec model here. Also change the comment above.
- dir := os.Getenv("VEYRON_AGENT")
+ dir := os.Getenv("VEYRON_CREDENTIALS")
if len(dir) == 0 {
- vlog.Fatal("VEYRON_AGENT must be set to directory")
+ vlog.Fatal("VEYRON_CREDENTIALS must be set to directory")
}
p, err := newPrincipalFromDir(dir)
@@ -96,7 +94,11 @@
return nil, fmt.Errorf("failed to read passphrase: %v", err)
}
p, err := vsecurity.CreatePersistentPrincipal(dir, []byte(pass))
- return p, err
+ if err != nil {
+ return nil, err
+ }
+ vsecurity.InitDefaultBlessings(p, "agent_principal")
+ return p, nil
}
func handlePassphrase(dir string) (security.Principal, error) {
diff --git a/security/agent/client.go b/security/agent/client.go
index e3bbfbd..f162452 100644
--- a/security/agent/client.go
+++ b/security/agent/client.go
@@ -12,7 +12,8 @@
"veyron.io/veyron/veyron2/ipc"
"veyron.io/veyron/veyron2/naming"
"veyron.io/veyron/veyron2/security"
- "veyron.io/veyron/veyron2/security/wire"
+ "veyron.io/veyron/veyron2/vdl/vdlutil"
+ "veyron.io/veyron/veyron2/vlog"
)
// FdVarName is the name of the environment variable containing
@@ -20,27 +21,39 @@
const FdVarName = "VEYRON_AGENT_FD"
type client struct {
- client ipc.Client
- name string
- ctx context.T
+ caller caller
key security.PublicKey
}
-func (c *client) call(name string, result interface{}, args ...interface{}) (err error) {
+type caller struct {
+ client ipc.Client
+ name string
+ ctx context.T
+}
+
+func (c *caller) call(name string, results []interface{}, args ...interface{}) (err error) {
var call ipc.Call
+ results = append(results, &err)
if call, err = c.client.StartCall(c.ctx, c.name, name, args); err == nil {
- if ierr := call.Finish(result, &err); ierr != nil {
+ if ierr := call.Finish(results...); ierr != nil {
err = ierr
}
}
return
}
-// NewAgentSigner returns a Signer using the PrivateKey held in a remote agent process.
+func results(inputs ...interface{}) []interface{} {
+ if len(inputs) > 0 {
+ return inputs
+ }
+ return make([]interface{}, 0)
+}
+
+// NewAgentPrincipal returns a security.Pricipal using the PrivateKey held in a remote agent process.
// 'fd' is the socket for connecting to the agent, typically obtained from
// os.GetEnv(agent.FdVarName).
// 'ctx' should not have a deadline, and should never be cancelled.
-func NewAgentSigner(c ipc.Client, fd int, ctx context.T) (security.Signer, error) {
+func NewAgentPrincipal(c ipc.Client, fd int, ctx context.T) (security.Principal, error) {
conn, err := net.FileConn(os.NewFile(uintptr(fd), "agent_client"))
if err != nil {
return nil, err
@@ -51,7 +64,13 @@
if err != nil {
return nil, err
}
- agent := &client{c, naming.JoinAddressName(naming.FormatEndpoint(addr.Network(), addr.String()), ""), ctx, nil}
+ caller := caller{
+ client: c,
+ name: naming.JoinAddressName(naming.FormatEndpoint(addr.Network(), addr.String()), ""),
+ ctx: ctx,
+ }
+
+ agent := &client{caller: caller}
if err := agent.fetchPublicKey(); err != nil {
return nil, err
}
@@ -59,23 +78,152 @@
}
func (c *client) fetchPublicKey() (err error) {
- var key wire.PublicKey
- if err = c.call("PublicKey", &key); err != nil {
+ var b []byte
+ if err = c.caller.call("PublicKey", results(&b)); err != nil {
return
}
- c.key, err = key.Decode()
+ c.key, err = security.UnmarshalPublicKey(b)
return
}
+func (c *client) Bless(key security.PublicKey, with security.Blessings, extension string, caveat security.Caveat, additionalCaveats ...security.Caveat) (security.Blessings, error) {
+ var blessings security.WireBlessings
+ marshalledKey, err := key.MarshalBinary()
+ if err != nil {
+ return nil, err
+ }
+ err = c.caller.call("Bless", results(&blessings), marshalledKey, security.MarshalBlessings(with), extension, caveat, additionalCaveats)
+ if err != nil {
+ return nil, err
+ }
+ return security.NewBlessings(blessings)
+}
+
+func (c *client) BlessSelf(name string, caveats ...security.Caveat) (security.Blessings, error) {
+ var blessings security.WireBlessings
+ err := c.caller.call("BlessSelf", results(&blessings), name, caveats)
+ if err != nil {
+ return nil, err
+ }
+ return security.NewBlessings(blessings)
+}
+
+func (c *client) Sign(message []byte) (sig security.Signature, err error) {
+ err = c.caller.call("Sign", results(&sig), message)
+ return
+}
+
+func (c *client) MintDischarge(tp security.ThirdPartyCaveat, caveat security.Caveat, additionalCaveats ...security.Caveat) (security.Discharge, error) {
+ var discharge security.Discharge
+ err := c.caller.call("MintDischarge", results(&discharge), vdlutil.Any(tp), caveat, additionalCaveats)
+ if err != nil {
+ return nil, err
+ }
+ return discharge, nil
+}
+
func (c *client) PublicKey() security.PublicKey {
return c.key
}
-func (c *client) Sign(purpose, message []byte) (sig security.Signature, err error) {
- if purpose != nil {
- err = fmt.Errorf("purpose not supported")
- return
+func (c *client) BlessingStore() security.BlessingStore {
+ return &blessingStore{c.caller, c.key}
+}
+
+func (c *client) Roots() security.BlessingRoots {
+ return &blessingRoots{c.caller}
+}
+
+func (c *client) AddToRoots(blessings security.Blessings) error {
+ return c.caller.call("AddToRoots", results(), security.MarshalBlessings(blessings))
+}
+
+type blessingStore struct {
+ caller caller
+ key security.PublicKey
+}
+
+func (b *blessingStore) Set(blessings security.Blessings, forPeers security.BlessingPattern) (security.Blessings, error) {
+ var resultBlessings security.WireBlessings
+ err := b.caller.call("BlessingStoreSet", results(&resultBlessings), security.MarshalBlessings(blessings), forPeers)
+ if err != nil {
+ return nil, err
}
- err = c.call("Sign", &sig, message)
+ return security.NewBlessings(resultBlessings)
+}
+
+func (b *blessingStore) ForPeer(peerBlessings ...string) security.Blessings {
+ var resultBlessings security.WireBlessings
+ err := b.caller.call("BlessingStoreForPeer", results(&resultBlessings), peerBlessings)
+ if err != nil {
+ vlog.Errorf("error calling BlessingStoreForPeer: %v", err)
+ return nil
+ }
+ blessings, err := security.NewBlessings(resultBlessings)
+ if err != nil {
+ vlog.Errorf("error creating Blessings from WireBlessings: %v", err)
+ return nil
+ }
+ return blessings
+}
+
+func (b *blessingStore) SetDefault(blessings security.Blessings) error {
+ return b.caller.call("BlessingStoreSetDefault", results(), security.MarshalBlessings(blessings))
+}
+
+func (b *blessingStore) Default() security.Blessings {
+ var resultBlessings security.WireBlessings
+ err := b.caller.call("BlessingStoreDefault", results(&resultBlessings))
+ if err != nil {
+ vlog.Errorf("error calling BlessingStoreDefault: %v", err)
+ return nil
+ }
+ blessings, err := security.NewBlessings(resultBlessings)
+ if err != nil {
+ vlog.Errorf("error creating Blessing from WireBlessings: %v", err)
+ return nil
+ }
+ return blessings
+}
+
+func (b *blessingStore) PublicKey() security.PublicKey {
+ return b.key
+}
+
+func (b *blessingStore) DebugString() (s string) {
+ err := b.caller.call("BlessingStoreDebugString", results(&s))
+ if err != nil {
+ s = fmt.Sprintf("error calling BlessingStoreDebugString: %v", err)
+ vlog.Errorf(s)
+ }
+ return
+}
+
+type blessingRoots struct {
+ caller caller
+}
+
+func (b *blessingRoots) Add(root security.PublicKey, pattern security.BlessingPattern) error {
+ marshalledKey, err := root.MarshalBinary()
+ if err != nil {
+ return err
+ }
+ return b.caller.call("BlessingRootsAdd", results(), marshalledKey, pattern)
+}
+
+func (b *blessingRoots) Recognized(root security.PublicKey, blessing string) error {
+ marshalledKey, err := root.MarshalBinary()
+ if err != nil {
+ return err
+ }
+ return b.caller.call("BlessingRootsAdd", results(), marshalledKey, blessing)
+}
+
+func (b *blessingRoots) DebugString() (s string) {
+ err := b.caller.call("BlessingRootsDebugString", results(&s))
+ if err != nil {
+ s = fmt.Sprintf("error calling BlessingRootsDebugString: %v", err)
+ vlog.Errorf(s)
+ }
return
}
diff --git a/security/agent/server/server.go b/security/agent/server/server.go
index 8bfa762..63aeeb3 100644
--- a/security/agent/server/server.go
+++ b/security/agent/server/server.go
@@ -11,6 +11,7 @@
package server
import (
+ "fmt"
"io"
"os"
@@ -19,26 +20,19 @@
"veyron.io/veyron/veyron2/ipc"
"veyron.io/veyron/veyron2/options"
"veyron.io/veyron/veyron2/security"
- "veyron.io/veyron/veyron2/security/wire"
+ "veyron.io/veyron/veyron2/vdl/vdlutil"
"veyron.io/veyron/veyron2/vlog"
)
-// TODO(suharshs): Remove this when replaced with principal. This is just temporary to
-// avoid having to implement a bunch of principal methods that aren't being used yet.
-type Signer interface {
- Sign(message []byte) (security.Signature, error)
- PublicKey() security.PublicKey
-}
-
type agentd struct {
- signer Signer
+ principal security.Principal
}
// RunAnonymousAgent starts the agent server listening on an
// anonymous unix domain socket. It will respond to SignatureRequests
-// using 'signer'.
+// using 'principal'.
// The returned 'client' is typically passed via cmd.ExtraFiles to a child process.
-func RunAnonymousAgent(runtime veyron2.Runtime, signer Signer) (client *os.File, err error) {
+func RunAnonymousAgent(runtime veyron2.Runtime, principal security.Principal) (client *os.File, err error) {
// VCSecurityNone is safe since we're using anonymous unix sockets.
// Only our child process can possibly communicate on the socket.
s, err := runtime.NewServer(options.VCSecurityNone)
@@ -51,7 +45,7 @@
return nil, err
}
- serverAgent := NewServerAgent(agentd{signer})
+ serverAgent := NewServerAgent(agentd{principal})
go func() {
buf := make([]byte, 1)
for {
@@ -74,11 +68,102 @@
return remote, nil
}
-func (a agentd) Sign(_ ipc.ServerContext, message []byte) (security.Signature, error) {
- return a.signer.Sign(message)
+func (a agentd) Bless(_ ipc.ServerContext, key []byte, with security.WireBlessings, extension string, caveat security.Caveat, additionalCaveats []security.Caveat) (security.WireBlessings, error) {
+ pkey, err := security.UnmarshalPublicKey(key)
+ if err != nil {
+ return security.WireBlessings{}, err
+ }
+ withBlessings, err := security.NewBlessings(with)
+ if err != nil {
+ return security.WireBlessings{}, err
+ }
+ blessings, err := a.principal.Bless(pkey, withBlessings, extension, caveat, additionalCaveats...)
+ if err != nil {
+ return security.WireBlessings{}, err
+ }
+ return security.MarshalBlessings(blessings), nil
}
-func (a agentd) PublicKey(ipc.ServerContext) (key wire.PublicKey, err error) {
- err = key.Encode(a.signer.PublicKey())
- return
+func (a agentd) BlessSelf(_ ipc.ServerContext, name string, caveats []security.Caveat) (security.WireBlessings, error) {
+ blessings, err := a.principal.BlessSelf(name, caveats...)
+ if err != nil {
+ return security.WireBlessings{}, err
+ }
+ return security.MarshalBlessings(blessings), nil
+}
+
+func (a agentd) Sign(_ ipc.ServerContext, message []byte) (security.Signature, error) {
+ return a.principal.Sign(message)
+}
+
+func (a agentd) MintDischarge(_ ipc.ServerContext, tp vdlutil.Any, caveat security.Caveat, additionalCaveats []security.Caveat) (vdlutil.Any, error) {
+ tpCaveat, ok := tp.(security.ThirdPartyCaveat)
+ if !ok {
+ return nil, fmt.Errorf("provided caveat of type %T does not implement security.ThirdPartyCaveat", tp)
+ }
+ return a.principal.MintDischarge(tpCaveat, caveat, additionalCaveats...)
+}
+
+func (a agentd) PublicKey(_ ipc.ServerContext) ([]byte, error) {
+ return a.principal.PublicKey().MarshalBinary()
+}
+
+func (a agentd) AddToRoots(_ ipc.ServerContext, wireBlessings security.WireBlessings) error {
+ blessings, err := security.NewBlessings(wireBlessings)
+ if err != nil {
+ return err
+ }
+ return a.principal.AddToRoots(blessings)
+}
+
+func (a agentd) BlessingStoreSet(_ ipc.ServerContext, wireBlessings security.WireBlessings, forPeers security.BlessingPattern) (security.WireBlessings, error) {
+ blessings, err := security.NewBlessings(wireBlessings)
+ if err != nil {
+ return security.WireBlessings{}, err
+ }
+ resultBlessings, err := a.principal.BlessingStore().Set(blessings, forPeers)
+ if err != nil {
+ return security.WireBlessings{}, err
+ }
+ return security.MarshalBlessings(resultBlessings), nil
+}
+
+func (a agentd) BlessingStoreForPeer(_ ipc.ServerContext, peerBlessings []string) (security.WireBlessings, error) {
+ return security.MarshalBlessings(a.principal.BlessingStore().ForPeer(peerBlessings...)), nil
+}
+
+func (a agentd) BlessingStoreSetDefault(_ ipc.ServerContext, wireBlessings security.WireBlessings) error {
+ blessings, err := security.NewBlessings(wireBlessings)
+ if err != nil {
+ return err
+ }
+ return a.principal.BlessingStore().SetDefault(blessings)
+}
+
+func (a agentd) BlessingStoreDebugString(_ ipc.ServerContext) (string, error) {
+ return a.principal.BlessingStore().DebugString(), nil
+}
+
+func (a agentd) BlessingStoreDefault(_ ipc.ServerContext) (security.WireBlessings, error) {
+ return security.MarshalBlessings(a.principal.BlessingStore().Default()), nil
+}
+
+func (a agentd) BlessingRootsAdd(_ ipc.ServerContext, root []byte, pattern security.BlessingPattern) error {
+ pkey, err := security.UnmarshalPublicKey(root)
+ if err != nil {
+ return err
+ }
+ return a.principal.Roots().Add(pkey, pattern)
+}
+
+func (a agentd) BlessingRootsRecognized(_ ipc.ServerContext, root []byte, blessing string) error {
+ pkey, err := security.UnmarshalPublicKey(root)
+ if err != nil {
+ return err
+ }
+ return a.principal.Roots().Recognized(pkey, blessing)
+}
+
+func (a agentd) BlessingRootsDebugString(_ ipc.ServerContext) (string, error) {
+ return a.principal.Roots().DebugString(), nil
}
diff --git a/security/agent/server/wire.vdl b/security/agent/server/wire.vdl
index 9d06e4b..6ef6f8e 100644
--- a/security/agent/server/wire.vdl
+++ b/security/agent/server/wire.vdl
@@ -1,11 +1,24 @@
package server
import (
- "veyron.io/veyron/veyron2/security"
- "veyron.io/veyron/veyron2/security/wire"
+ "veyron.io/veyron/veyron2/security"
)
type Agent interface {
- Sign(message []byte) (security.Signature, error)
- PublicKey() (wire.PublicKey, error)
+ Bless(key []byte, wit security.WireBlessings, extension string, caveat security.Caveat, additionalCaveats []security.Caveat) (security.WireBlessings, error)
+ BlessSelf(name string, caveats []security.Caveat) (security.WireBlessings, error)
+ Sign(message []byte) (security.Signature, error)
+ MintDischarge(tp any, caveat security.Caveat, additionalCaveats []security.Caveat) (any, error)
+ PublicKey() ([]byte, error)
+ AddToRoots(blessing security.WireBlessings) error
+
+ BlessingStoreSet(blessings security.WireBlessings, forPeers security.BlessingPattern) (security.WireBlessings, error)
+ BlessingStoreForPeer(peerBlessings []string) (security.WireBlessings, error)
+ BlessingStoreSetDefault(blessings security.WireBlessings) error
+ BlessingStoreDefault() (security.WireBlessings, error)
+ BlessingStoreDebugString() (string, error)
+
+ BlessingRootsAdd(root []byte, pattern security.BlessingPattern) error
+ BlessingRootsRecognized(root []byte, blessing string) error
+ BlessingRootsDebugString() (string, error)
}
diff --git a/security/agent/server/wire.vdl.go b/security/agent/server/wire.vdl.go
index 15ed863..445984a 100644
--- a/security/agent/server/wire.vdl.go
+++ b/security/agent/server/wire.vdl.go
@@ -6,8 +6,6 @@
import (
"veyron.io/veyron/veyron2/security"
- "veyron.io/veyron/veyron2/security/wire"
-
// The non-user imports are prefixed with "_gen_" to prevent collisions.
_gen_veyron2 "veyron.io/veyron/veyron2"
_gen_context "veyron.io/veyron/veyron2/context"
@@ -25,8 +23,20 @@
// Agent_ExcludingUniversal is the interface without internal framework-added methods
// to enable embedding without method collisions. Not to be used directly by clients.
type Agent_ExcludingUniversal interface {
+ Bless(ctx _gen_context.T, key []byte, wit security.WireBlessings, extension string, caveat security.Caveat, additionalCaveats []security.Caveat, opts ..._gen_ipc.CallOpt) (reply security.WireBlessings, err error)
+ BlessSelf(ctx _gen_context.T, name string, caveats []security.Caveat, opts ..._gen_ipc.CallOpt) (reply security.WireBlessings, err error)
Sign(ctx _gen_context.T, message []byte, opts ..._gen_ipc.CallOpt) (reply security.Signature, err error)
- PublicKey(ctx _gen_context.T, opts ..._gen_ipc.CallOpt) (reply wire.PublicKey, err error)
+ MintDischarge(ctx _gen_context.T, tp _gen_vdlutil.Any, caveat security.Caveat, additionalCaveats []security.Caveat, opts ..._gen_ipc.CallOpt) (reply _gen_vdlutil.Any, err error)
+ PublicKey(ctx _gen_context.T, opts ..._gen_ipc.CallOpt) (reply []byte, err error)
+ AddToRoots(ctx _gen_context.T, blessing security.WireBlessings, opts ..._gen_ipc.CallOpt) (err error)
+ BlessingStoreSet(ctx _gen_context.T, blessings security.WireBlessings, forPeers security.BlessingPattern, opts ..._gen_ipc.CallOpt) (reply security.WireBlessings, err error)
+ BlessingStoreForPeer(ctx _gen_context.T, peerBlessings []string, opts ..._gen_ipc.CallOpt) (reply security.WireBlessings, err error)
+ BlessingStoreSetDefault(ctx _gen_context.T, blessings security.WireBlessings, opts ..._gen_ipc.CallOpt) (err error)
+ BlessingStoreDefault(ctx _gen_context.T, opts ..._gen_ipc.CallOpt) (reply security.WireBlessings, err error)
+ BlessingStoreDebugString(ctx _gen_context.T, opts ..._gen_ipc.CallOpt) (reply string, err error)
+ BlessingRootsAdd(ctx _gen_context.T, root []byte, pattern security.BlessingPattern, opts ..._gen_ipc.CallOpt) (err error)
+ BlessingRootsRecognized(ctx _gen_context.T, root []byte, blessing string, opts ..._gen_ipc.CallOpt) (err error)
+ BlessingRootsDebugString(ctx _gen_context.T, opts ..._gen_ipc.CallOpt) (reply string, err error)
}
type Agent interface {
_gen_ipc.UniversalServiceMethods
@@ -35,8 +45,20 @@
// AgentService is the interface the server implements.
type AgentService interface {
+ Bless(context _gen_ipc.ServerContext, key []byte, wit security.WireBlessings, extension string, caveat security.Caveat, additionalCaveats []security.Caveat) (reply security.WireBlessings, err error)
+ BlessSelf(context _gen_ipc.ServerContext, name string, caveats []security.Caveat) (reply security.WireBlessings, err error)
Sign(context _gen_ipc.ServerContext, message []byte) (reply security.Signature, err error)
- PublicKey(context _gen_ipc.ServerContext) (reply wire.PublicKey, err error)
+ MintDischarge(context _gen_ipc.ServerContext, tp _gen_vdlutil.Any, caveat security.Caveat, additionalCaveats []security.Caveat) (reply _gen_vdlutil.Any, err error)
+ PublicKey(context _gen_ipc.ServerContext) (reply []byte, err error)
+ AddToRoots(context _gen_ipc.ServerContext, blessing security.WireBlessings) (err error)
+ BlessingStoreSet(context _gen_ipc.ServerContext, blessings security.WireBlessings, forPeers security.BlessingPattern) (reply security.WireBlessings, err error)
+ BlessingStoreForPeer(context _gen_ipc.ServerContext, peerBlessings []string) (reply security.WireBlessings, err error)
+ BlessingStoreSetDefault(context _gen_ipc.ServerContext, blessings security.WireBlessings) (err error)
+ BlessingStoreDefault(context _gen_ipc.ServerContext) (reply security.WireBlessings, err error)
+ BlessingStoreDebugString(context _gen_ipc.ServerContext) (reply string, err error)
+ BlessingRootsAdd(context _gen_ipc.ServerContext, root []byte, pattern security.BlessingPattern) (err error)
+ BlessingRootsRecognized(context _gen_ipc.ServerContext, root []byte, blessing string) (err error)
+ BlessingRootsDebugString(context _gen_ipc.ServerContext) (reply string, err error)
}
// BindAgent returns the client stub implementing the Agent
@@ -86,6 +108,28 @@
return _gen_veyron2.RuntimeFromContext(ctx).Client()
}
+func (__gen_c *clientStubAgent) Bless(ctx _gen_context.T, key []byte, wit security.WireBlessings, extension string, caveat security.Caveat, additionalCaveats []security.Caveat, opts ..._gen_ipc.CallOpt) (reply security.WireBlessings, err error) {
+ var call _gen_ipc.Call
+ if call, err = __gen_c.client(ctx).StartCall(ctx, __gen_c.name, "Bless", []interface{}{key, wit, extension, caveat, additionalCaveats}, opts...); err != nil {
+ return
+ }
+ if ierr := call.Finish(&reply, &err); ierr != nil {
+ err = ierr
+ }
+ return
+}
+
+func (__gen_c *clientStubAgent) BlessSelf(ctx _gen_context.T, name string, caveats []security.Caveat, opts ..._gen_ipc.CallOpt) (reply security.WireBlessings, err error) {
+ var call _gen_ipc.Call
+ if call, err = __gen_c.client(ctx).StartCall(ctx, __gen_c.name, "BlessSelf", []interface{}{name, caveats}, opts...); err != nil {
+ return
+ }
+ if ierr := call.Finish(&reply, &err); ierr != nil {
+ err = ierr
+ }
+ return
+}
+
func (__gen_c *clientStubAgent) Sign(ctx _gen_context.T, message []byte, opts ..._gen_ipc.CallOpt) (reply security.Signature, err error) {
var call _gen_ipc.Call
if call, err = __gen_c.client(ctx).StartCall(ctx, __gen_c.name, "Sign", []interface{}{message}, opts...); err != nil {
@@ -97,7 +141,18 @@
return
}
-func (__gen_c *clientStubAgent) PublicKey(ctx _gen_context.T, opts ..._gen_ipc.CallOpt) (reply wire.PublicKey, err error) {
+func (__gen_c *clientStubAgent) MintDischarge(ctx _gen_context.T, tp _gen_vdlutil.Any, caveat security.Caveat, additionalCaveats []security.Caveat, opts ..._gen_ipc.CallOpt) (reply _gen_vdlutil.Any, err error) {
+ var call _gen_ipc.Call
+ if call, err = __gen_c.client(ctx).StartCall(ctx, __gen_c.name, "MintDischarge", []interface{}{tp, caveat, additionalCaveats}, opts...); err != nil {
+ return
+ }
+ if ierr := call.Finish(&reply, &err); ierr != nil {
+ err = ierr
+ }
+ return
+}
+
+func (__gen_c *clientStubAgent) PublicKey(ctx _gen_context.T, opts ..._gen_ipc.CallOpt) (reply []byte, err error) {
var call _gen_ipc.Call
if call, err = __gen_c.client(ctx).StartCall(ctx, __gen_c.name, "PublicKey", nil, opts...); err != nil {
return
@@ -108,6 +163,105 @@
return
}
+func (__gen_c *clientStubAgent) AddToRoots(ctx _gen_context.T, blessing security.WireBlessings, opts ..._gen_ipc.CallOpt) (err error) {
+ var call _gen_ipc.Call
+ if call, err = __gen_c.client(ctx).StartCall(ctx, __gen_c.name, "AddToRoots", []interface{}{blessing}, opts...); err != nil {
+ return
+ }
+ if ierr := call.Finish(&err); ierr != nil {
+ err = ierr
+ }
+ return
+}
+
+func (__gen_c *clientStubAgent) BlessingStoreSet(ctx _gen_context.T, blessings security.WireBlessings, forPeers security.BlessingPattern, opts ..._gen_ipc.CallOpt) (reply security.WireBlessings, err error) {
+ var call _gen_ipc.Call
+ if call, err = __gen_c.client(ctx).StartCall(ctx, __gen_c.name, "BlessingStoreSet", []interface{}{blessings, forPeers}, opts...); err != nil {
+ return
+ }
+ if ierr := call.Finish(&reply, &err); ierr != nil {
+ err = ierr
+ }
+ return
+}
+
+func (__gen_c *clientStubAgent) BlessingStoreForPeer(ctx _gen_context.T, peerBlessings []string, opts ..._gen_ipc.CallOpt) (reply security.WireBlessings, err error) {
+ var call _gen_ipc.Call
+ if call, err = __gen_c.client(ctx).StartCall(ctx, __gen_c.name, "BlessingStoreForPeer", []interface{}{peerBlessings}, opts...); err != nil {
+ return
+ }
+ if ierr := call.Finish(&reply, &err); ierr != nil {
+ err = ierr
+ }
+ return
+}
+
+func (__gen_c *clientStubAgent) BlessingStoreSetDefault(ctx _gen_context.T, blessings security.WireBlessings, opts ..._gen_ipc.CallOpt) (err error) {
+ var call _gen_ipc.Call
+ if call, err = __gen_c.client(ctx).StartCall(ctx, __gen_c.name, "BlessingStoreSetDefault", []interface{}{blessings}, opts...); err != nil {
+ return
+ }
+ if ierr := call.Finish(&err); ierr != nil {
+ err = ierr
+ }
+ return
+}
+
+func (__gen_c *clientStubAgent) BlessingStoreDefault(ctx _gen_context.T, opts ..._gen_ipc.CallOpt) (reply security.WireBlessings, err error) {
+ var call _gen_ipc.Call
+ if call, err = __gen_c.client(ctx).StartCall(ctx, __gen_c.name, "BlessingStoreDefault", nil, opts...); err != nil {
+ return
+ }
+ if ierr := call.Finish(&reply, &err); ierr != nil {
+ err = ierr
+ }
+ return
+}
+
+func (__gen_c *clientStubAgent) BlessingStoreDebugString(ctx _gen_context.T, opts ..._gen_ipc.CallOpt) (reply string, err error) {
+ var call _gen_ipc.Call
+ if call, err = __gen_c.client(ctx).StartCall(ctx, __gen_c.name, "BlessingStoreDebugString", nil, opts...); err != nil {
+ return
+ }
+ if ierr := call.Finish(&reply, &err); ierr != nil {
+ err = ierr
+ }
+ return
+}
+
+func (__gen_c *clientStubAgent) BlessingRootsAdd(ctx _gen_context.T, root []byte, pattern security.BlessingPattern, opts ..._gen_ipc.CallOpt) (err error) {
+ var call _gen_ipc.Call
+ if call, err = __gen_c.client(ctx).StartCall(ctx, __gen_c.name, "BlessingRootsAdd", []interface{}{root, pattern}, opts...); err != nil {
+ return
+ }
+ if ierr := call.Finish(&err); ierr != nil {
+ err = ierr
+ }
+ return
+}
+
+func (__gen_c *clientStubAgent) BlessingRootsRecognized(ctx _gen_context.T, root []byte, blessing string, opts ..._gen_ipc.CallOpt) (err error) {
+ var call _gen_ipc.Call
+ if call, err = __gen_c.client(ctx).StartCall(ctx, __gen_c.name, "BlessingRootsRecognized", []interface{}{root, blessing}, opts...); err != nil {
+ return
+ }
+ if ierr := call.Finish(&err); ierr != nil {
+ err = ierr
+ }
+ return
+}
+
+func (__gen_c *clientStubAgent) BlessingRootsDebugString(ctx _gen_context.T, opts ..._gen_ipc.CallOpt) (reply string, err error) {
+ var call _gen_ipc.Call
+ if call, err = __gen_c.client(ctx).StartCall(ctx, __gen_c.name, "BlessingRootsDebugString", nil, opts...); err != nil {
+ return
+ }
+ if ierr := call.Finish(&reply, &err); ierr != nil {
+ err = ierr
+ }
+ return
+}
+
func (__gen_c *clientStubAgent) UnresolveStep(ctx _gen_context.T, opts ..._gen_ipc.CallOpt) (reply []string, err error) {
var call _gen_ipc.Call
if call, err = __gen_c.client(ctx).StartCall(ctx, __gen_c.name, "UnresolveStep", nil, opts...); err != nil {
@@ -153,10 +307,34 @@
// Note: This exhibits some weird behavior like returning a nil error if the method isn't found.
// This will change when it is replaced with Signature().
switch method {
+ case "Bless":
+ return []interface{}{}, nil
+ case "BlessSelf":
+ return []interface{}{}, nil
case "Sign":
return []interface{}{}, nil
+ case "MintDischarge":
+ return []interface{}{}, nil
case "PublicKey":
return []interface{}{}, nil
+ case "AddToRoots":
+ return []interface{}{}, nil
+ case "BlessingStoreSet":
+ return []interface{}{}, nil
+ case "BlessingStoreForPeer":
+ return []interface{}{}, nil
+ case "BlessingStoreSetDefault":
+ return []interface{}{}, nil
+ case "BlessingStoreDefault":
+ return []interface{}{}, nil
+ case "BlessingStoreDebugString":
+ return []interface{}{}, nil
+ case "BlessingRootsAdd":
+ return []interface{}{}, nil
+ case "BlessingRootsRecognized":
+ return []interface{}{}, nil
+ case "BlessingRootsDebugString":
+ return []interface{}{}, nil
default:
return nil, nil
}
@@ -164,11 +342,119 @@
func (__gen_s *ServerStubAgent) Signature(call _gen_ipc.ServerCall) (_gen_ipc.ServiceSignature, error) {
result := _gen_ipc.ServiceSignature{Methods: make(map[string]_gen_ipc.MethodSignature)}
+ result.Methods["AddToRoots"] = _gen_ipc.MethodSignature{
+ InArgs: []_gen_ipc.MethodArgument{
+ {Name: "blessing", Type: 74},
+ },
+ OutArgs: []_gen_ipc.MethodArgument{
+ {Name: "", Type: 75},
+ },
+ }
+ result.Methods["Bless"] = _gen_ipc.MethodSignature{
+ InArgs: []_gen_ipc.MethodArgument{
+ {Name: "key", Type: 66},
+ {Name: "wit", Type: 74},
+ {Name: "extension", Type: 3},
+ {Name: "caveat", Type: 67},
+ {Name: "additionalCaveats", Type: 68},
+ },
+ OutArgs: []_gen_ipc.MethodArgument{
+ {Name: "", Type: 74},
+ {Name: "", Type: 75},
+ },
+ }
+ result.Methods["BlessSelf"] = _gen_ipc.MethodSignature{
+ InArgs: []_gen_ipc.MethodArgument{
+ {Name: "name", Type: 3},
+ {Name: "caveats", Type: 68},
+ },
+ OutArgs: []_gen_ipc.MethodArgument{
+ {Name: "", Type: 74},
+ {Name: "", Type: 75},
+ },
+ }
+ result.Methods["BlessingRootsAdd"] = _gen_ipc.MethodSignature{
+ InArgs: []_gen_ipc.MethodArgument{
+ {Name: "root", Type: 66},
+ {Name: "pattern", Type: 77},
+ },
+ OutArgs: []_gen_ipc.MethodArgument{
+ {Name: "", Type: 75},
+ },
+ }
+ result.Methods["BlessingRootsDebugString"] = _gen_ipc.MethodSignature{
+ InArgs: []_gen_ipc.MethodArgument{},
+ OutArgs: []_gen_ipc.MethodArgument{
+ {Name: "", Type: 3},
+ {Name: "", Type: 75},
+ },
+ }
+ result.Methods["BlessingRootsRecognized"] = _gen_ipc.MethodSignature{
+ InArgs: []_gen_ipc.MethodArgument{
+ {Name: "root", Type: 66},
+ {Name: "blessing", Type: 3},
+ },
+ OutArgs: []_gen_ipc.MethodArgument{
+ {Name: "", Type: 75},
+ },
+ }
+ result.Methods["BlessingStoreDebugString"] = _gen_ipc.MethodSignature{
+ InArgs: []_gen_ipc.MethodArgument{},
+ OutArgs: []_gen_ipc.MethodArgument{
+ {Name: "", Type: 3},
+ {Name: "", Type: 75},
+ },
+ }
+ result.Methods["BlessingStoreDefault"] = _gen_ipc.MethodSignature{
+ InArgs: []_gen_ipc.MethodArgument{},
+ OutArgs: []_gen_ipc.MethodArgument{
+ {Name: "", Type: 74},
+ {Name: "", Type: 75},
+ },
+ }
+ result.Methods["BlessingStoreForPeer"] = _gen_ipc.MethodSignature{
+ InArgs: []_gen_ipc.MethodArgument{
+ {Name: "peerBlessings", Type: 61},
+ },
+ OutArgs: []_gen_ipc.MethodArgument{
+ {Name: "", Type: 74},
+ {Name: "", Type: 75},
+ },
+ }
+ result.Methods["BlessingStoreSet"] = _gen_ipc.MethodSignature{
+ InArgs: []_gen_ipc.MethodArgument{
+ {Name: "blessings", Type: 74},
+ {Name: "forPeers", Type: 77},
+ },
+ OutArgs: []_gen_ipc.MethodArgument{
+ {Name: "", Type: 74},
+ {Name: "", Type: 75},
+ },
+ }
+ result.Methods["BlessingStoreSetDefault"] = _gen_ipc.MethodSignature{
+ InArgs: []_gen_ipc.MethodArgument{
+ {Name: "blessings", Type: 74},
+ },
+ OutArgs: []_gen_ipc.MethodArgument{
+ {Name: "", Type: 75},
+ },
+ }
+ result.Methods["MintDischarge"] = _gen_ipc.MethodSignature{
+ InArgs: []_gen_ipc.MethodArgument{
+ {Name: "tp", Type: 76},
+ {Name: "caveat", Type: 67},
+ {Name: "additionalCaveats", Type: 68},
+ },
+ OutArgs: []_gen_ipc.MethodArgument{
+ {Name: "", Type: 76},
+ {Name: "", Type: 75},
+ },
+ }
result.Methods["PublicKey"] = _gen_ipc.MethodSignature{
InArgs: []_gen_ipc.MethodArgument{},
OutArgs: []_gen_ipc.MethodArgument{
- {Name: "", Type: 71},
- {Name: "", Type: 69},
+ {Name: "", Type: 66},
+ {Name: "", Type: 75},
},
}
result.Methods["Sign"] = _gen_ipc.MethodSignature{
@@ -176,27 +462,39 @@
{Name: "message", Type: 66},
},
OutArgs: []_gen_ipc.MethodArgument{
- {Name: "", Type: 68},
- {Name: "", Type: 69},
+ {Name: "", Type: 70},
+ {Name: "", Type: 75},
},
}
result.TypeDefs = []_gen_vdlutil.Any{
- _gen_wiretype.NamedPrimitiveType{Type: 0x32, Name: "byte", Tags: []string(nil)}, _gen_wiretype.SliceType{Elem: 0x41, Name: "", Tags: []string(nil)}, _gen_wiretype.NamedPrimitiveType{Type: 0x3, Name: "veyron.io/veyron/veyron2/security.Hash", Tags: []string(nil)}, _gen_wiretype.StructType{
+ _gen_wiretype.NamedPrimitiveType{Type: 0x32, Name: "byte", Tags: []string(nil)}, _gen_wiretype.SliceType{Elem: 0x41, Name: "", Tags: []string(nil)}, _gen_wiretype.StructType{
+ []_gen_wiretype.FieldType{
+ _gen_wiretype.FieldType{Type: 0x42, Name: "ValidatorVOM"},
+ },
+ "veyron.io/veyron/veyron2/security.Caveat", []string(nil)},
+ _gen_wiretype.SliceType{Elem: 0x43, Name: "", Tags: []string(nil)}, _gen_wiretype.NamedPrimitiveType{Type: 0x3, Name: "veyron.io/veyron/veyron2/security.Hash", Tags: []string(nil)}, _gen_wiretype.StructType{
[]_gen_wiretype.FieldType{
_gen_wiretype.FieldType{Type: 0x42, Name: "Purpose"},
- _gen_wiretype.FieldType{Type: 0x43, Name: "Hash"},
+ _gen_wiretype.FieldType{Type: 0x45, Name: "Hash"},
_gen_wiretype.FieldType{Type: 0x42, Name: "R"},
_gen_wiretype.FieldType{Type: 0x42, Name: "S"},
},
"veyron.io/veyron/veyron2/security.Signature", []string(nil)},
- _gen_wiretype.NamedPrimitiveType{Type: 0x1, Name: "error", Tags: []string(nil)}, _gen_wiretype.NamedPrimitiveType{Type: 0x32, Name: "veyron.io/veyron/veyron2/security/wire.KeyCurve", Tags: []string(nil)}, _gen_wiretype.StructType{
+ _gen_wiretype.StructType{
[]_gen_wiretype.FieldType{
- _gen_wiretype.FieldType{Type: 0x46, Name: "Curve"},
- _gen_wiretype.FieldType{Type: 0x42, Name: "XY"},
+ _gen_wiretype.FieldType{Type: 0x3, Name: "Extension"},
+ _gen_wiretype.FieldType{Type: 0x42, Name: "PublicKey"},
+ _gen_wiretype.FieldType{Type: 0x44, Name: "Caveats"},
+ _gen_wiretype.FieldType{Type: 0x46, Name: "Signature"},
},
- "veyron.io/veyron/veyron2/security/wire.PublicKey", []string(nil)},
- }
+ "veyron.io/veyron/veyron2/security.Certificate", []string(nil)},
+ _gen_wiretype.SliceType{Elem: 0x47, Name: "", Tags: []string(nil)}, _gen_wiretype.SliceType{Elem: 0x48, Name: "", Tags: []string(nil)}, _gen_wiretype.StructType{
+ []_gen_wiretype.FieldType{
+ _gen_wiretype.FieldType{Type: 0x49, Name: "CertificateChains"},
+ },
+ "veyron.io/veyron/veyron2/security.WireBlessings", []string(nil)},
+ _gen_wiretype.NamedPrimitiveType{Type: 0x1, Name: "error", Tags: []string(nil)}, _gen_wiretype.NamedPrimitiveType{Type: 0x1, Name: "anydata", Tags: []string(nil)}, _gen_wiretype.NamedPrimitiveType{Type: 0x3, Name: "veyron.io/veyron/veyron2/security.BlessingPattern", Tags: []string(nil)}}
return result, nil
}
@@ -219,12 +517,72 @@
return
}
+func (__gen_s *ServerStubAgent) Bless(call _gen_ipc.ServerCall, key []byte, wit security.WireBlessings, extension string, caveat security.Caveat, additionalCaveats []security.Caveat) (reply security.WireBlessings, err error) {
+ reply, err = __gen_s.service.Bless(call, key, wit, extension, caveat, additionalCaveats)
+ return
+}
+
+func (__gen_s *ServerStubAgent) BlessSelf(call _gen_ipc.ServerCall, name string, caveats []security.Caveat) (reply security.WireBlessings, err error) {
+ reply, err = __gen_s.service.BlessSelf(call, name, caveats)
+ return
+}
+
func (__gen_s *ServerStubAgent) Sign(call _gen_ipc.ServerCall, message []byte) (reply security.Signature, err error) {
reply, err = __gen_s.service.Sign(call, message)
return
}
-func (__gen_s *ServerStubAgent) PublicKey(call _gen_ipc.ServerCall) (reply wire.PublicKey, err error) {
+func (__gen_s *ServerStubAgent) MintDischarge(call _gen_ipc.ServerCall, tp _gen_vdlutil.Any, caveat security.Caveat, additionalCaveats []security.Caveat) (reply _gen_vdlutil.Any, err error) {
+ reply, err = __gen_s.service.MintDischarge(call, tp, caveat, additionalCaveats)
+ return
+}
+
+func (__gen_s *ServerStubAgent) PublicKey(call _gen_ipc.ServerCall) (reply []byte, err error) {
reply, err = __gen_s.service.PublicKey(call)
return
}
+
+func (__gen_s *ServerStubAgent) AddToRoots(call _gen_ipc.ServerCall, blessing security.WireBlessings) (err error) {
+ err = __gen_s.service.AddToRoots(call, blessing)
+ return
+}
+
+func (__gen_s *ServerStubAgent) BlessingStoreSet(call _gen_ipc.ServerCall, blessings security.WireBlessings, forPeers security.BlessingPattern) (reply security.WireBlessings, err error) {
+ reply, err = __gen_s.service.BlessingStoreSet(call, blessings, forPeers)
+ return
+}
+
+func (__gen_s *ServerStubAgent) BlessingStoreForPeer(call _gen_ipc.ServerCall, peerBlessings []string) (reply security.WireBlessings, err error) {
+ reply, err = __gen_s.service.BlessingStoreForPeer(call, peerBlessings)
+ return
+}
+
+func (__gen_s *ServerStubAgent) BlessingStoreSetDefault(call _gen_ipc.ServerCall, blessings security.WireBlessings) (err error) {
+ err = __gen_s.service.BlessingStoreSetDefault(call, blessings)
+ return
+}
+
+func (__gen_s *ServerStubAgent) BlessingStoreDefault(call _gen_ipc.ServerCall) (reply security.WireBlessings, err error) {
+ reply, err = __gen_s.service.BlessingStoreDefault(call)
+ return
+}
+
+func (__gen_s *ServerStubAgent) BlessingStoreDebugString(call _gen_ipc.ServerCall) (reply string, err error) {
+ reply, err = __gen_s.service.BlessingStoreDebugString(call)
+ return
+}
+
+func (__gen_s *ServerStubAgent) BlessingRootsAdd(call _gen_ipc.ServerCall, root []byte, pattern security.BlessingPattern) (err error) {
+ err = __gen_s.service.BlessingRootsAdd(call, root, pattern)
+ return
+}
+
+func (__gen_s *ServerStubAgent) BlessingRootsRecognized(call _gen_ipc.ServerCall, root []byte, blessing string) (err error) {
+ err = __gen_s.service.BlessingRootsRecognized(call, root, blessing)
+ return
+}
+
+func (__gen_s *ServerStubAgent) BlessingRootsDebugString(call _gen_ipc.ServerCall) (reply string, err error) {
+ reply, err = __gen_s.service.BlessingRootsDebugString(call)
+ return
+}
diff --git a/security/agent/test.sh b/security/agent/test.sh
index 037e5fe..b9d9ba8 100755
--- a/security/agent/test.sh
+++ b/security/agent/test.sh
@@ -23,22 +23,9 @@
cd "${WORKDIR}"
build
- # TODO(suharshs): After switching to new security model this shoudl be VEYRON_CREDENTIALS.
- export VEYRON_AGENT="$(shell::tmp_dir)"
- echo "-----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIGxO3M/KmUac35mffZAVZf0PcXj2qLj4AtTIxdSrAH1AoAoGCCqGSM49
-AwEHoUQDQgAEoZ4cgHtkSzP/PeUBLIOoSJWjx7t2cAWKxj+dd3AgDct2nJujM2+c
-dwwYdDyKjhBc2nacEDlvA3AqtCMU0c97hA==
------END EC PRIVATE KEY-----" > "${VEYRON_AGENT}/privatekey.pem"
- # TODO(ashankar): Remove this block (and remove the compilation of the identity tool)
- # once the agent has been updated to comply with the new security model.
- local -r ID=$(shell::tmp_file)
- "${IDENTITY_BIN}" generate agenttest >"${ID}" || shell_test::fail "line ${LINENO}: failed to run identity"
- export VEYRON_IDENTITY="${ID}"
-
- shell_test::setup_server_test || shell_test::fail "line ${LINENO} failed to start server"
- unset VEYRON_CREDENTIALS
+ shell_test::setup_server_test || shell_test::fail "line ${LINENO} failed to setup server test"
+ export VEYRON_CREDENTIALS="$(shell::tmp_dir)"
# Test running a single app.
shell_test::start_server "${PINGPONG_BIN}" --server
@@ -47,7 +34,7 @@
RESULT=$(shell::check_result echo_identity "${OUTPUT}")
shell_test::assert_eq "${RESULT}" "0" "${LINENO}"
if [[ ! -s "${OUTPUT}" ]]; then
- shell_test::fail "line ${LINENO}: identity preserved"
+ shell_test::fail "line ${LINENO}: credentials preserved"
fi
# Test running multiple apps connecting to the same agent.
diff --git a/security/principal.go b/security/principal.go
index 8be1a27..4959486 100644
--- a/security/principal.go
+++ b/security/principal.go
@@ -89,6 +89,25 @@
return CreatePersistentPrincipal(dir, passphrase)
}
+// InitDefaultBlessings uses the provided principal to create a self blessing for name 'name',
+// sets it as default on the principal's BlessingStore and adds it as root to the principal's BlessingRoots.
+func InitDefaultBlessings(p security.Principal, name string) error {
+ blessing, err := p.BlessSelf(name)
+ if err != nil {
+ return err
+ }
+ if err := p.BlessingStore().SetDefault(blessing); err != nil {
+ return err
+ }
+ if _, err := p.BlessingStore().Set(blessing, security.AllPrincipals); err != nil {
+ return err
+ }
+ if err := p.AddToRoots(blessing); err != nil {
+ return err
+ }
+ return nil
+}
+
func removePersistentPrincipal(dir string) error {
files := []string{privateKeyFile, blessingRootsDataFile, blessingRootsSigFile, blessingStoreDataFile, blessingStoreSigFile}
for _, f := range files {
diff --git a/security/principal_test.go b/security/principal_test.go
index 8be6f25..b717f92 100644
--- a/security/principal_test.go
+++ b/security/principal_test.go
@@ -82,7 +82,7 @@
p2, err := LoadPersistentPrincipal(dir, passphrase)
if err != nil {
- t.Fatal(err)
+ t.Fatalf("%s failed: %v", message, err)
}
if !sig.Verify(p2.PublicKey(), message) {
t.Errorf("%s failed: p.PublicKey=%v, p2.PublicKey=%v", message, p.PublicKey(), p2.PublicKey())
