veyron/services/identity: Remove support for the old security model.
And with it, also remove the "identity" tool.
Change-Id: I85a390c1af0f3874be68dfb7e46fb6fdc8ceb567
diff --git a/services/identity/blesser/macaroon.go b/services/identity/blesser/macaroon.go
index a8b538e..6517ab2 100644
--- a/services/identity/blesser/macaroon.go
+++ b/services/identity/blesser/macaroon.go
@@ -8,15 +8,12 @@
"veyron.io/veyron/veyron/services/identity"
"veyron.io/veyron/veyron/services/identity/util"
- "veyron.io/veyron/veyron2"
"veyron.io/veyron/veyron2/ipc"
"veyron.io/veyron/veyron2/security"
- "veyron.io/veyron/veyron2/vdl/vdlutil"
"veyron.io/veyron/veyron2/vom"
)
type macaroonBlesser struct {
- rt veyron2.Runtime // TODO(ashankar): Remove when the old security model is ripped out
key []byte
}
@@ -29,43 +26,35 @@
// NewMacaroonBlesserServer provides an identity.MacaroonBlesser Service that generates blessings
// after unpacking a BlessingMacaroon.
-//
-// TODO(ashankar): Remove the "r" argument once the switch to the new security model is complete.
-func NewMacaroonBlesserServer(r veyron2.Runtime, key []byte) interface{} {
- return identity.NewServerMacaroonBlesser(&macaroonBlesser{r, key})
+func NewMacaroonBlesserServer(key []byte) interface{} {
+ return identity.NewServerMacaroonBlesser(&macaroonBlesser{key})
}
-func (b *macaroonBlesser) Bless(ctx ipc.ServerContext, macaroon string) (vdlutil.Any, error) {
+func (b *macaroonBlesser) Bless(ctx ipc.ServerContext, macaroon string) (security.WireBlessings, error) {
+ var empty security.WireBlessings
inputs, err := util.Macaroon(macaroon).Decode(b.key)
if err != nil {
- return nil, err
+ return empty, err
}
var m BlessingMacaroon
if err := vom.NewDecoder(bytes.NewBuffer(inputs)).Decode(&m); err != nil {
- return nil, err
+ return empty, err
}
if time.Now().After(m.Creation.Add(time.Minute * 5)) {
- return nil, fmt.Errorf("macaroon has expired")
+ return empty, fmt.Errorf("macaroon has expired")
}
- if ctx.LocalPrincipal() == nil || ctx.RemoteBlessings() == nil {
- // TODO(ashankar): Old security model, remove this block.
- self := b.rt.Identity()
- var err error
- // Use the blessing that was used to authenticate with the client to bless it.
- if self, err = self.Derive(ctx.LocalID()); err != nil {
- return nil, err
- }
- return self.Bless(ctx.RemoteID(), m.Name, time.Hour*24*365, m.Caveats)
+ if ctx.LocalPrincipal() == nil {
+ return empty, fmt.Errorf("server misconfiguration: no authentication happened")
}
if len(m.Caveats) == 0 {
m.Caveats = []security.Caveat{security.UnconstrainedUse()}
}
- // TODO(ashankar,toddw): After the old security model is ripped out and the VDL configuration
- // files have the scheme to translate between "wire" types and "in-memory" types, this should just
- // become return ctx.LocalPrincipal().....
+ // TODO(ashankar,toddw): After the VDL configuration files have the
+ // scheme to translate between "wire" types and "in-memory" types, this
+ // should just become return ctx.LocalPrincipal().....
blessings, err := ctx.LocalPrincipal().Bless(ctx.RemoteBlessings().PublicKey(), ctx.LocalBlessings(), m.Name, m.Caveats[0], m.Caveats[1:]...)
if err != nil {
- return nil, err
+ return empty, err
}
return security.MarshalBlessings(blessings), nil
}
diff --git a/services/identity/blesser/macaroon_test.go b/services/identity/blesser/macaroon_test.go
index 0a907c8..2792efa 100644
--- a/services/identity/blesser/macaroon_test.go
+++ b/services/identity/blesser/macaroon_test.go
@@ -30,19 +30,17 @@
if _, err := rand.Read(key); err != nil {
t.Fatal(err)
}
- blesser := NewMacaroonBlesserServer(nil, key).(*identity.ServerStubMacaroonBlesser)
+ blesser := NewMacaroonBlesserServer(key).(*identity.ServerStubMacaroonBlesser)
m := BlessingMacaroon{Creation: time.Now().Add(-1 * time.Hour), Name: "foo"}
- if got, err := blesser.Bless(context, newMacaroon(t, key, m)); got != nil || err == nil || err.Error() != "macaroon has expired" {
+ if got, err := blesser.Bless(context, newMacaroon(t, key, m)); err == nil || err.Error() != "macaroon has expired" {
t.Errorf("Got (%v, %v)", got, err)
}
m = BlessingMacaroon{Creation: time.Now(), Name: "user", Caveats: []security.Caveat{cOnlyMethodFoo}}
- if result, err := blesser.Bless(context, newMacaroon(t, key, m)); err != nil || result == nil {
+ if result, err := blesser.Bless(context, newMacaroon(t, key, m)); err != nil {
t.Errorf("Got (%v, %v)", result, err)
- } else if _, ok := result.(security.WireBlessings); !ok {
- t.Errorf("Got %T, want security.Blessings", result)
} else {
- b, err := security.NewBlessings(result.(security.WireBlessings))
+ b, err := security.NewBlessings(result)
if err != nil {
t.Fatalf("Unable to decode response into a security.Blessings object: %v", err)
}
diff --git a/services/identity/blesser/oauth.go b/services/identity/blesser/oauth.go
index df19987..c2e1698 100644
--- a/services/identity/blesser/oauth.go
+++ b/services/identity/blesser/oauth.go
@@ -4,21 +4,17 @@
"encoding/json"
"fmt"
"net/http"
- "strings"
"time"
"veyron.io/veyron/veyron/services/identity"
"veyron.io/veyron/veyron/services/identity/revocation"
- "veyron.io/veyron/veyron2"
"veyron.io/veyron/veyron2/ipc"
"veyron.io/veyron/veyron2/security"
- "veyron.io/veyron/veyron2/vdl/vdlutil"
"veyron.io/veyron/veyron2/vlog"
)
type googleOAuth struct {
- rt veyron2.Runtime
authcodeClient struct{ ID, Secret string }
accessTokenClients []string
duration time.Duration
@@ -29,8 +25,6 @@
// GoogleParams represents all the parameters provided to NewGoogleOAuthBlesserServer
type GoogleParams struct {
- // The Veyron runtime to use. // TODO(ashankar): Remove once the old security model is ripped out.
- R veyron2.Runtime
// The OAuth client IDs for the clients of the BlessUsingAccessToken RPCs.
AccessTokenClients []string
// If non-empty, only email addresses from this domain will be blessed.
@@ -53,7 +47,6 @@
// are generated only for email addresses from that domain.
func NewGoogleOAuthBlesserServer(p GoogleParams) interface{} {
return identity.NewServerOAuthBlesser(&googleOAuth{
- rt: p.R,
duration: p.BlessingDuration,
domain: p.DomainRestriction,
dischargerLocation: p.DischargerLocation,
@@ -62,17 +55,18 @@
})
}
-func (b *googleOAuth) BlessUsingAccessToken(ctx ipc.ServerContext, accesstoken string) (vdlutil.Any, string, error) {
+func (b *googleOAuth) BlessUsingAccessToken(ctx ipc.ServerContext, accesstoken string) (security.WireBlessings, string, error) {
+ var noblessings security.WireBlessings
if len(b.accessTokenClients) == 0 {
- return nil, "", fmt.Errorf("server not configured for blessing based on access tokens")
+ return noblessings, "", fmt.Errorf("server not configured for blessing based on access tokens")
}
// URL from: https://developers.google.com/accounts/docs/OAuth2UserAgent#validatetoken
tokeninfo, err := http.Get("https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=" + accesstoken)
if err != nil {
- return nil, "", fmt.Errorf("unable to use token: %v", err)
+ return noblessings, "", fmt.Errorf("unable to use token: %v", err)
}
if tokeninfo.StatusCode != http.StatusOK {
- return nil, "", fmt.Errorf("unable to verify access token: %v", tokeninfo.StatusCode)
+ return noblessings, "", fmt.Errorf("unable to verify access token: %v", tokeninfo.StatusCode)
}
// tokeninfo contains a JSON-encoded struct
var token struct {
@@ -86,7 +80,7 @@
AccessType string `json:"access_type"`
}
if err := json.NewDecoder(tokeninfo.Body).Decode(&token); err != nil {
- return nil, "", fmt.Errorf("invalid JSON response from Google's tokeninfo API: %v", err)
+ return noblessings, "", fmt.Errorf("invalid JSON response from Google's tokeninfo API: %v", err)
}
audienceMatch := false
for _, c := range b.accessTokenClients {
@@ -97,15 +91,10 @@
}
if !audienceMatch {
vlog.Infof("Got access token [%+v], wanted one of client ids %v", token, b.accessTokenClients)
- return nil, "", fmt.Errorf("token not meant for this purpose, confused deputy? https://developers.google.com/accounts/docs/OAuth2UserAgent#validatetoken")
+ return noblessings, "", fmt.Errorf("token not meant for this purpose, confused deputy? https://developers.google.com/accounts/docs/OAuth2UserAgent#validatetoken")
}
if !token.VerifiedEmail {
- return nil, "", fmt.Errorf("email not verified")
- }
-
- if ctx.LocalPrincipal() == nil || ctx.RemoteBlessings() == nil {
- // TODO(ataly, ashankar): Old security model, remove this block.
- return b.blessOldModel(ctx, token.Email)
+ return noblessings, "", fmt.Errorf("email not verified")
}
// Append "/webapp" to the blessing. Since blessings issued by this process do not have
// many caveats on them and typically have a large expiry duration, use the "/webapp" suffix
@@ -117,6 +106,9 @@
func (b *googleOAuth) bless(ctx ipc.ServerContext, extension string) (security.WireBlessings, string, error) {
var noblessings security.WireBlessings
self := ctx.LocalPrincipal()
+ if self == nil {
+ return noblessings, "", fmt.Errorf("server error: no authentication happened")
+ }
var caveat security.Caveat
var err error
if b.revocationManager != nil {
@@ -137,22 +129,3 @@
}
return security.MarshalBlessings(blessing), extension, nil
}
-
-// DEPRECATED
-// TODO(ataly, ashankar): Remove this method once we get rid of the old security model.
-func (b *googleOAuth) blessOldModel(ctx ipc.ServerContext, name string) (vdlutil.Any, string, error) {
- if len(b.domain) > 0 && !strings.HasSuffix(name, "@"+b.domain) {
- return nil, "", fmt.Errorf("blessings for name %q are not allowed due to domain restriction", name)
- }
- self := b.rt.Identity()
- var err error
- // Use the blessing that was used to authenticate with the client to bless it.
- if self, err = self.Derive(ctx.LocalID()); err != nil {
- return nil, "", err
- }
- blessing, err := self.Bless(ctx.RemoteID(), name, b.duration, nil)
- if err != nil {
- return nil, "", err
- }
- return blessing, name, nil
-}
diff --git a/services/identity/identity.vdl b/services/identity/identity.vdl
index faad788..ada48b2 100644
--- a/services/identity/identity.vdl
+++ b/services/identity/identity.vdl
@@ -1,6 +1,8 @@
// Package identity defines services for identity providers in the veyron ecosystem.
package identity
+import "veyron.io/veyron/veyron2/security"
+
// OAuthBlesser exchanges OAuth access tokens for
// an email address from an OAuth-based identity provider and uses the email
// address obtained to bless the client.
@@ -17,12 +19,12 @@
type OAuthBlesser interface {
// BlessUsingAccessToken uses the provided access token to obtain the email
// address and returns a blessing along with the email address.
- BlessUsingAccessToken(token string) (blessing any, email string, err error)
+ BlessUsingAccessToken(token string) (blessing security.WireBlessings, email string, err error)
}
// MacaroonBlesser returns a blessing given the provided macaroon string.
type MacaroonBlesser interface {
// Bless uses the provided macaroon (which contains email and caveats)
// to return a blessing for the client.
- Bless(macaroon string) (blessing any, err error)
+ Bless(macaroon string) (blessing security.WireBlessings, err error)
}
diff --git a/services/identity/identity.vdl.go b/services/identity/identity.vdl.go
index 2525ee7..068b53a 100644
--- a/services/identity/identity.vdl.go
+++ b/services/identity/identity.vdl.go
@@ -5,6 +5,8 @@
package identity
import (
+ "veyron.io/veyron/veyron2/security"
+
// The non-user imports are prefixed with "_gen_" to prevent collisions.
_gen_veyron2 "veyron.io/veyron/veyron2"
_gen_context "veyron.io/veyron/veyron2/context"
@@ -37,7 +39,7 @@
type OAuthBlesser_ExcludingUniversal interface {
// BlessUsingAccessToken uses the provided access token to obtain the email
// address and returns a blessing along with the email address.
- BlessUsingAccessToken(ctx _gen_context.T, token string, opts ..._gen_ipc.CallOpt) (blessing _gen_vdlutil.Any, email string, err error)
+ BlessUsingAccessToken(ctx _gen_context.T, token string, opts ..._gen_ipc.CallOpt) (blessing security.WireBlessings, email string, err error)
}
type OAuthBlesser interface {
_gen_ipc.UniversalServiceMethods
@@ -49,7 +51,7 @@
// BlessUsingAccessToken uses the provided access token to obtain the email
// address and returns a blessing along with the email address.
- BlessUsingAccessToken(context _gen_ipc.ServerContext, token string) (blessing _gen_vdlutil.Any, email string, err error)
+ BlessUsingAccessToken(context _gen_ipc.ServerContext, token string) (blessing security.WireBlessings, email string, err error)
}
// BindOAuthBlesser returns the client stub implementing the OAuthBlesser
@@ -99,7 +101,7 @@
return _gen_veyron2.RuntimeFromContext(ctx).Client()
}
-func (__gen_c *clientStubOAuthBlesser) BlessUsingAccessToken(ctx _gen_context.T, token string, opts ..._gen_ipc.CallOpt) (blessing _gen_vdlutil.Any, email string, err error) {
+func (__gen_c *clientStubOAuthBlesser) BlessUsingAccessToken(ctx _gen_context.T, token string, opts ..._gen_ipc.CallOpt) (blessing security.WireBlessings, email string, err error) {
var call _gen_ipc.Call
if call, err = __gen_c.client(ctx).StartCall(ctx, __gen_c.name, "BlessUsingAccessToken", []interface{}{token}, opts...); err != nil {
return
@@ -169,14 +171,40 @@
{Name: "token", Type: 3},
},
OutArgs: []_gen_ipc.MethodArgument{
- {Name: "blessing", Type: 65},
+ {Name: "blessing", Type: 74},
{Name: "email", Type: 3},
- {Name: "err", Type: 66},
+ {Name: "err", Type: 75},
},
}
result.TypeDefs = []_gen_vdlutil.Any{
- _gen_wiretype.NamedPrimitiveType{Type: 0x1, Name: "anydata", Tags: []string(nil)}, _gen_wiretype.NamedPrimitiveType{Type: 0x1, Name: "error", Tags: []string(nil)}}
+ _gen_wiretype.NamedPrimitiveType{Type: 0x32, Name: "byte", Tags: []string(nil)}, _gen_wiretype.SliceType{Elem: 0x41, Name: "", Tags: []string(nil)}, _gen_wiretype.StructType{
+ []_gen_wiretype.FieldType{
+ _gen_wiretype.FieldType{Type: 0x42, Name: "ValidatorVOM"},
+ },
+ "veyron.io/veyron/veyron2/security.Caveat", []string(nil)},
+ _gen_wiretype.SliceType{Elem: 0x43, Name: "", Tags: []string(nil)}, _gen_wiretype.NamedPrimitiveType{Type: 0x3, Name: "veyron.io/veyron/veyron2/security.Hash", Tags: []string(nil)}, _gen_wiretype.StructType{
+ []_gen_wiretype.FieldType{
+ _gen_wiretype.FieldType{Type: 0x42, Name: "Purpose"},
+ _gen_wiretype.FieldType{Type: 0x45, Name: "Hash"},
+ _gen_wiretype.FieldType{Type: 0x42, Name: "R"},
+ _gen_wiretype.FieldType{Type: 0x42, Name: "S"},
+ },
+ "veyron.io/veyron/veyron2/security.Signature", []string(nil)},
+ _gen_wiretype.StructType{
+ []_gen_wiretype.FieldType{
+ _gen_wiretype.FieldType{Type: 0x3, Name: "Extension"},
+ _gen_wiretype.FieldType{Type: 0x42, Name: "PublicKey"},
+ _gen_wiretype.FieldType{Type: 0x44, Name: "Caveats"},
+ _gen_wiretype.FieldType{Type: 0x46, Name: "Signature"},
+ },
+ "veyron.io/veyron/veyron2/security.Certificate", []string(nil)},
+ _gen_wiretype.SliceType{Elem: 0x47, Name: "", Tags: []string(nil)}, _gen_wiretype.SliceType{Elem: 0x48, Name: "", Tags: []string(nil)}, _gen_wiretype.StructType{
+ []_gen_wiretype.FieldType{
+ _gen_wiretype.FieldType{Type: 0x49, Name: "CertificateChains"},
+ },
+ "veyron.io/veyron/veyron2/security.WireBlessings", []string(nil)},
+ _gen_wiretype.NamedPrimitiveType{Type: 0x1, Name: "error", Tags: []string(nil)}}
return result, nil
}
@@ -199,7 +227,7 @@
return
}
-func (__gen_s *ServerStubOAuthBlesser) BlessUsingAccessToken(call _gen_ipc.ServerCall, token string) (blessing _gen_vdlutil.Any, email string, err error) {
+func (__gen_s *ServerStubOAuthBlesser) BlessUsingAccessToken(call _gen_ipc.ServerCall, token string) (blessing security.WireBlessings, email string, err error) {
blessing, email, err = __gen_s.service.BlessUsingAccessToken(call, token)
return
}
@@ -211,7 +239,7 @@
type MacaroonBlesser_ExcludingUniversal interface {
// Bless uses the provided macaroon (which contains email and caveats)
// to return a blessing for the client.
- Bless(ctx _gen_context.T, macaroon string, opts ..._gen_ipc.CallOpt) (reply _gen_vdlutil.Any, err error)
+ Bless(ctx _gen_context.T, macaroon string, opts ..._gen_ipc.CallOpt) (reply security.WireBlessings, err error)
}
type MacaroonBlesser interface {
_gen_ipc.UniversalServiceMethods
@@ -223,7 +251,7 @@
// Bless uses the provided macaroon (which contains email and caveats)
// to return a blessing for the client.
- Bless(context _gen_ipc.ServerContext, macaroon string) (reply _gen_vdlutil.Any, err error)
+ Bless(context _gen_ipc.ServerContext, macaroon string) (reply security.WireBlessings, err error)
}
// BindMacaroonBlesser returns the client stub implementing the MacaroonBlesser
@@ -273,7 +301,7 @@
return _gen_veyron2.RuntimeFromContext(ctx).Client()
}
-func (__gen_c *clientStubMacaroonBlesser) Bless(ctx _gen_context.T, macaroon string, opts ..._gen_ipc.CallOpt) (reply _gen_vdlutil.Any, err error) {
+func (__gen_c *clientStubMacaroonBlesser) Bless(ctx _gen_context.T, macaroon string, opts ..._gen_ipc.CallOpt) (reply security.WireBlessings, err error) {
var call _gen_ipc.Call
if call, err = __gen_c.client(ctx).StartCall(ctx, __gen_c.name, "Bless", []interface{}{macaroon}, opts...); err != nil {
return
@@ -343,13 +371,39 @@
{Name: "macaroon", Type: 3},
},
OutArgs: []_gen_ipc.MethodArgument{
- {Name: "blessing", Type: 65},
- {Name: "err", Type: 66},
+ {Name: "blessing", Type: 74},
+ {Name: "err", Type: 75},
},
}
result.TypeDefs = []_gen_vdlutil.Any{
- _gen_wiretype.NamedPrimitiveType{Type: 0x1, Name: "anydata", Tags: []string(nil)}, _gen_wiretype.NamedPrimitiveType{Type: 0x1, Name: "error", Tags: []string(nil)}}
+ _gen_wiretype.NamedPrimitiveType{Type: 0x32, Name: "byte", Tags: []string(nil)}, _gen_wiretype.SliceType{Elem: 0x41, Name: "", Tags: []string(nil)}, _gen_wiretype.StructType{
+ []_gen_wiretype.FieldType{
+ _gen_wiretype.FieldType{Type: 0x42, Name: "ValidatorVOM"},
+ },
+ "veyron.io/veyron/veyron2/security.Caveat", []string(nil)},
+ _gen_wiretype.SliceType{Elem: 0x43, Name: "", Tags: []string(nil)}, _gen_wiretype.NamedPrimitiveType{Type: 0x3, Name: "veyron.io/veyron/veyron2/security.Hash", Tags: []string(nil)}, _gen_wiretype.StructType{
+ []_gen_wiretype.FieldType{
+ _gen_wiretype.FieldType{Type: 0x42, Name: "Purpose"},
+ _gen_wiretype.FieldType{Type: 0x45, Name: "Hash"},
+ _gen_wiretype.FieldType{Type: 0x42, Name: "R"},
+ _gen_wiretype.FieldType{Type: 0x42, Name: "S"},
+ },
+ "veyron.io/veyron/veyron2/security.Signature", []string(nil)},
+ _gen_wiretype.StructType{
+ []_gen_wiretype.FieldType{
+ _gen_wiretype.FieldType{Type: 0x3, Name: "Extension"},
+ _gen_wiretype.FieldType{Type: 0x42, Name: "PublicKey"},
+ _gen_wiretype.FieldType{Type: 0x44, Name: "Caveats"},
+ _gen_wiretype.FieldType{Type: 0x46, Name: "Signature"},
+ },
+ "veyron.io/veyron/veyron2/security.Certificate", []string(nil)},
+ _gen_wiretype.SliceType{Elem: 0x47, Name: "", Tags: []string(nil)}, _gen_wiretype.SliceType{Elem: 0x48, Name: "", Tags: []string(nil)}, _gen_wiretype.StructType{
+ []_gen_wiretype.FieldType{
+ _gen_wiretype.FieldType{Type: 0x49, Name: "CertificateChains"},
+ },
+ "veyron.io/veyron/veyron2/security.WireBlessings", []string(nil)},
+ _gen_wiretype.NamedPrimitiveType{Type: 0x1, Name: "error", Tags: []string(nil)}}
return result, nil
}
@@ -372,7 +426,7 @@
return
}
-func (__gen_s *ServerStubMacaroonBlesser) Bless(call _gen_ipc.ServerCall, macaroon string) (reply _gen_vdlutil.Any, err error) {
+func (__gen_s *ServerStubMacaroonBlesser) Bless(call _gen_ipc.ServerCall, macaroon string) (reply security.WireBlessings, err error) {
reply, err = __gen_s.service.Bless(call, macaroon)
return
}
diff --git a/services/identity/identityd/main.go b/services/identity/identityd/main.go
index 252362f..12d21bd 100644
--- a/services/identity/identityd/main.go
+++ b/services/identity/identityd/main.go
@@ -61,7 +61,7 @@
func main() {
flag.Usage = usage
- r := rt.Init(providerIdentityOld(), providerPrincipal())
+ r := rt.Init(providerPrincipal())
defer r.Cleanup()
if len(*auditfilter) > 0 {
@@ -144,7 +144,7 @@
// their suffix. ReflectInvoker is used to invoke methods.
func newDispatcher(googleParams blesser.GoogleParams, macaroonKey []byte) ipc.Dispatcher {
d := dispatcher(map[string]ipc.Invoker{
- macaroonService: ipc.ReflectInvoker(blesser.NewMacaroonBlesserServer(googleParams.R, macaroonKey)),
+ macaroonService: ipc.ReflectInvoker(blesser.NewMacaroonBlesserServer(macaroonKey)),
dischargerService: ipc.ReflectInvoker(services.NewServerDischarger(discharger.NewDischarger())),
})
if len(*googleConfigChrome) > 0 || len(*googleConfigAndroid) > 0 {
@@ -169,7 +169,6 @@
// Starts the blessing services and the discharging service on the same port.
func setupServices(r veyron2.Runtime, revocationManager *revocation.RevocationManager, macaroonKey []byte) (ipc.Server, []string, error) {
googleParams := blesser.GoogleParams{
- R: r,
// TODO(ashankar,nlacasse): Figure out how to have web-appications use the "caveats" form and
// always select an expiry instead of forcing a ridiculously large value here.
BlessingDuration: 365 * 24 * time.Hour,
@@ -302,22 +301,6 @@
return nil
}
-// TOOD(ashankar): Remove
-// providerIdentityOld returns the PrivateID of the identity provider (i.e., this program) itself.
-func providerIdentityOld() veyron2.ROpt {
- r, err := rt.New()
- if err != nil {
- vlog.Fatal(err)
- }
- defer r.Cleanup()
- id := r.Identity()
- if len(*auditprefix) > 0 {
- vlog.Errorf("Auditing is temporarily disabled. Ask suharshs@ for details")
- *auditprefix = ""
- }
- return options.RuntimeID{id}
-}
-
func httpaddress() string {
_, port, err := net.SplitHostPort(*httpaddr)
if err != nil {
diff --git a/services/identity/util/b64vom.go b/services/identity/util/b64vom.go
deleted file mode 100644
index add1cb4..0000000
--- a/services/identity/util/b64vom.go
+++ /dev/null
@@ -1,38 +0,0 @@
-package util
-
-import (
- "bytes"
- "encoding/base64"
-
- "veyron.io/veyron/veyron2/vom"
-)
-
-// TODO(ashankar): Once the old security model is ripped out, the only use of
-// these functions will be in the "principal" command-line tool. So, move these
-// helper functions there instead of having them here.
-
-// Bas64VomEncode returns the base64 encoding of the serialization of i with
-// vom.
-func Base64VomEncode(i interface{}) (string, error) {
- buf := &bytes.Buffer{}
- closer := base64.NewEncoder(base64.URLEncoding, buf)
- if err := vom.NewEncoder(closer).Encode(i); err != nil {
- return "", err
- }
- // Must close the base64 encoder to flush out any partially written
- // blocks.
- if err := closer.Close(); err != nil {
- return "", err
- }
- return buf.String(), nil
-}
-
-// Base64VomDecode is the reverse of encode - filling in i after vom-decoding
-// the base64-encoded string s.
-func Base64VomDecode(s string, i interface{}) error {
- b, err := base64.URLEncoding.DecodeString(s)
- if err != nil {
- return err
- }
- return vom.NewDecoder(bytes.NewBuffer(b)).Decode(i)
-}
diff --git a/services/identity/util/b64vom_test.go b/services/identity/util/b64vom_test.go
deleted file mode 100644
index 08bed10..0000000
--- a/services/identity/util/b64vom_test.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package util
-
-import (
- "reflect"
- "testing"
-)
-
-func TestCoder(t *testing.T) {
- var iface iface
- impl := &impl{}
- iface = impl
- tests := []interface{}{
- 1,
- "string",
- impl,
- iface,
- }
- for _, item := range tests {
- b64, err := Base64VomEncode(item)
- if err != nil {
- t.Errorf("Failed to encode %T=%#v: %v", item, item, err)
- continue
- }
- var decoded interface{}
- if err = Base64VomDecode(b64, &decoded); err != nil {
- t.Errorf("Failed to decode %T=%#v: %v", item, item, err)
- continue
- }
- if !reflect.DeepEqual(decoded, item) {
- t.Errorf("Got (%T, %#v) want (%T, %#v)", decoded, decoded, item, item)
- }
- }
-}
