veyron/services/identity: Update homepage and public key disclosure.
This commit:
- Makes minor tweaks to the appearance of the homepage of the identity server
- Makes the public key of the identity provider available in DER format
Change-Id: I8099db7a622c22ec2b1ce14fcbd3d61028bc9fe9
diff --git a/services/identity/handlers/handlers_test.go b/services/identity/handlers/handlers_test.go
index 3f8d6ad..bf0d49a 100644
--- a/services/identity/handlers/handlers_test.go
+++ b/services/identity/handlers/handlers_test.go
@@ -16,19 +16,28 @@
"veyron.io/veyron/veyron2/security"
)
-func TestObject(t *testing.T) {
- want := struct {
- Int int
- String string
- }{1, "foo"}
- ts := httptest.NewServer(Object{want})
- defer ts.Close()
- got, err := parseResponse(http.Get(ts.URL))
+func TestPublicKey(t *testing.T) {
+ r, err := rt.New()
if err != nil {
t.Fatal(err)
}
- if !reflect.DeepEqual(got, want) {
- t.Errorf("Got %T=%#v want %T=%#v", got, got, want, want)
+ defer r.Cleanup()
+ ts := httptest.NewServer(PublicKey{r.Identity().PublicID()})
+ defer ts.Close()
+ response, err := http.Get(ts.URL)
+ if err != nil {
+ t.Fatal(err)
+ }
+ bytes, err := ioutil.ReadAll(response.Body)
+ if err != nil {
+ t.Fatal(err)
+ }
+ got, err := security.UnmarshalPublicKey(bytes)
+ if err != nil {
+ t.Fatal(err)
+ }
+ if want := r.Identity().PublicKey(); !reflect.DeepEqual(got, want) {
+ t.Errorf("Got %v, want %v", got, want)
}
}
diff --git a/services/identity/handlers/object.go b/services/identity/handlers/object.go
deleted file mode 100644
index 9fd1aa0..0000000
--- a/services/identity/handlers/object.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package handlers
-
-import (
- "net/http"
-
- "veyron.io/veyron/veyron/services/identity/util"
-)
-
-// Object implements an http.Handler that writes out the provided object in the
-// HTTP response after base64 encoding the Vom-encoded object.
-type Object struct{ Object interface{} }
-
-func (h Object) ServeHTTP(w http.ResponseWriter, r *http.Request) { util.HTTPSend(w, h.Object) }
diff --git a/services/identity/handlers/publickey.go b/services/identity/handlers/publickey.go
new file mode 100644
index 0000000..640e826
--- /dev/null
+++ b/services/identity/handlers/publickey.go
@@ -0,0 +1,24 @@
+package handlers
+
+import (
+ "fmt"
+ "net/http"
+
+ "veyron.io/veyron/veyron/services/identity/util"
+ "veyron.io/veyron/veyron2/security"
+)
+
+// PublicKey is an http.Handler implementation that renders a public key in
+// DER format.
+type PublicKey struct{ P security.PublicID }
+
+func (h PublicKey) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+ der, err := h.P.PublicKey().MarshalBinary()
+ if err != nil {
+ util.HTTPServerError(w, err)
+ return
+ }
+ w.Header().Set("Content-Type", "application/octet-stream")
+ w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=%v.der", h.P))
+ w.Write(der)
+}
diff --git a/services/identity/identityd/main.go b/services/identity/identityd/main.go
index ea61737..ebbca90 100644
--- a/services/identity/identityd/main.go
+++ b/services/identity/identityd/main.go
@@ -8,7 +8,6 @@
"net"
"net/http"
"os"
- "path/filepath"
"strings"
"time"
@@ -51,7 +50,8 @@
googleDomain = flag.String("google_domain", "", "An optional domain name. When set, only email addresses from this domain are allowed to authenticate via Google OAuth")
// Revoker/Discharger configuration
- revocationDir = flag.String("revocation_dir", filepath.Join(os.TempDir(), "revocation_dir"), "Path where the revocation manager will store caveat and revocation information.")
+ // TODO(ashankar,ataly,suharshs): Re-enable by default once the move to the new security API is complete?
+ revocationDir = flag.String("revocation_dir", "" /*filepath.Join(os.TempDir(), "revocation_dir")*/, "Path where the revocation manager will store caveat and revocation information.")
)
func main() {
@@ -71,7 +71,7 @@
}
// Setup handlers
- http.Handle("/pubkey/", handlers.Object{r.Identity().PublicID().PublicKey()}) // public key of this identity server
+ http.Handle("/pubkey/", handlers.PublicKey{r.Identity().PublicID()}) // public key of this server
if enableRandomHandler() {
http.Handle("/random/", handlers.Random{r}) // mint identities with a random name
}
@@ -105,11 +105,11 @@
servers = append(servers, ipcServerEP.String())
}
args := struct {
- Self string
+ Self security.PublicID
GoogleWeb, RandomWeb bool
GoogleServers, DischargeServers []string
}{
- Self: rt.R().Identity().PublicID().Names()[0],
+ Self: rt.R().Identity().PublicID(),
GoogleWeb: len(*googleConfigWeb) > 0,
RandomWeb: enableRandomHandler(),
GoogleServers: appendSuffixTo(servers, "google"),
@@ -342,39 +342,31 @@
</head>
<body>
<div class="container">
-<div class="page-header"><h2>{{.Self}}</h2><h4>A Veyron Identity Provider</h4></div>
+<div class="page-header"><h2>{{.Self.Names}}</h2><h4>A Veyron Blessing Provider</h4></div>
<div class="well">
-This is a Veyron identity provider that provides blessings with the name prefix <mark>{{.Self}}</mark>. The public
-key of this provider is available in <a class="btn btn-xs btn-primary" href="/pubkey/base64vom">base64-encoded-vom-encoded</a> format.
+This is a Veyron identity provider that provides blessings with the name prefix <mark>{{.Self}}</mark>.
+<br/>
+The public key of this provider is {{.Self.PublicKey}}, which is available in <a class="btn btn-xs btn-primary" href="/pubkey/">DER</a> encoded
+<a href="http://en.wikipedia.org/wiki/X.690#DER_encoding">format</a>.
</div>
-{{if .GoogleServers}}
<div class="well">
-Blessings are provided via Veyron RPCs to: <tt>{{range .GoogleServers}}{{.}}{{end}}</tt>
-</div>
+<ul>
+{{if .GoogleServers}}
+<li>Blessings (using Google OAuth to fetch an email address) are provided via Veyron RPCs to: <tt>{{range .GoogleServers}}{{.}}{{end}}</tt></li>
{{end}}
{{if .DischargeServers}}
-<div class="well">
-RevocationCaveat Discharges are provided via Veyron RPCs to: <tt>{{range .DischargeServers}}{{.}}{{end}}</tt>
-</div>
+<li>RevocationCaveat Discharges are provided via Veyron RPCs to: <tt>{{range .DischargeServers}}{{.}}{{end}}</tt></li>
{{end}}
-
-
{{if .GoogleWeb}}
-<div class="well">
-This page provides the ability to <a class="btn btn-xs btn-primary" href="/google/auth">enumerate</a> blessings provided with your
-email address as the name.
-</div>
+<li>You can <a class="btn btn-xs btn-primary" href="/google/auth">enumerate</a> blessings provided with your
+email address as the name.</li>
{{end}}
-
{{if .RandomWeb}}
-<div class="well">
-You can obtain a randomly assigned PrivateID <a class="btn btn-sm btn-primary" href="/random/">here</a>
-</div>
+<li>You can obtain a randomly assigned PrivateID <a class="btn btn-sm btn-primary" href="/random/">here</a></li>
{{end}}
-
-<div class="well">
-You can use <a class="btn btn-xs btn-primary" href="/bless/">this form</a> to offload crypto for blessing to this HTTP server
+<li>You can offload cryptographic operations <a class="btn btn-xs btn-primary" href="/bless/">for blessing</a> to this HTTP server</li>
+</ul>
</div>
</div>
