Merge ""veyron/runtimes/google/rt": Make VeyronCredentials take precendence over an agent"
diff --git a/security/util.go b/security/util.go
index 75e5757..f7cff3f 100644
--- a/security/util.go
+++ b/security/util.go
@@ -12,7 +12,6 @@
"io/ioutil"
"v.io/core/veyron2/security"
- "v.io/core/veyron2/vom"
)
const ecPrivateKeyPEMType = "EC PRIVATE KEY"
@@ -92,17 +91,3 @@
return pem.Encode(w, pemKey)
}
-
-// ThirdPartyCaveats returns the set of security.ThirdPartyCaveats
-// that could be successfully decoded from the provided caveat bytes.
-func ThirdPartyCaveats(caveats ...security.Caveat) []security.ThirdPartyCaveat {
- var tpCaveats []security.ThirdPartyCaveat
- for _, c := range caveats {
- var t security.ThirdPartyCaveat
- if err := vom.Decode(c.ValidatorVOM, &t); err != nil {
- continue
- }
- tpCaveats = append(tpCaveats, t)
- }
- return tpCaveats
-}
diff --git a/security/util_test.go b/security/util_test.go
index e39e356..c04e384 100644
--- a/security/util_test.go
+++ b/security/util_test.go
@@ -7,9 +7,6 @@
"crypto/rand"
"reflect"
"testing"
-
- "v.io/core/veyron2/security"
- "v.io/core/veyron2/vdl"
)
func TestLoadSavePEMKey(t *testing.T) {
@@ -64,63 +61,3 @@
t.Fatalf("expected(nil, PassphraseError), instead got (%v, %v)", loadedKey, err)
}
}
-
-// fpCaveat implements security.CaveatValidator.
-type fpCaveat struct{}
-
-func (fpCaveat) Validate(security.Context) error { return nil }
-
-// tpCaveat implements security.ThirdPartyCaveat.
-type tpCaveat struct{}
-
-func (tpCaveat) Validate(security.Context) (err error) { return }
-func (tpCaveat) ID() (id string) { return }
-func (tpCaveat) Location() (loc string) { return }
-func (tpCaveat) Requirements() (r security.ThirdPartyRequirements) { return }
-func (tpCaveat) Dischargeable(security.Context) (err error) { return }
-
-func TestCaveatUtil(t *testing.T) {
- type C []security.Caveat
- type V []security.CaveatValidator
- type TP []security.ThirdPartyCaveat
-
- newCaveat := func(v security.CaveatValidator) security.Caveat {
- c, err := security.NewCaveat(v)
- if err != nil {
- t.Fatalf("failed to create Caveat from validator %T: %v", v, c)
- }
- return c
- }
-
- var (
- fp fpCaveat
- tp tpCaveat
- invalid = security.Caveat{ValidatorVOM: []byte("invalid")}
- )
- testdata := []struct {
- caveats []security.Caveat
- validators []security.CaveatValidator
- tpCaveats []security.ThirdPartyCaveat
- }{
- {nil, nil, nil},
- {C{newCaveat(fp)}, V{fp}, nil},
- {C{newCaveat(tp)}, V{tp}, TP{tp}},
- {C{newCaveat(fp), newCaveat(tp)}, V{fp, tp}, TP{tp}},
- }
- for _, d := range testdata {
- // Test ThirdPartyCaveats.
- if got := ThirdPartyCaveats(d.caveats...); !reflect.DeepEqual(got, d.tpCaveats) {
- t.Errorf("ThirdPartyCaveats(%v): got: %#v, want: %#v", d.caveats, got, d.tpCaveats)
- continue
- }
- if got := ThirdPartyCaveats(append(d.caveats, invalid)...); !reflect.DeepEqual(got, d.tpCaveats) {
- t.Errorf("ThirdPartyCaveats(%v, invalid): got: %#v, want: %#v", d.caveats, got, d.tpCaveats)
- continue
- }
- }
-}
-
-func init() {
- vdl.Register(&fpCaveat{})
- vdl.Register(&tpCaveat{})
-}
diff --git a/services/identity/auditor/blessing_auditor.go b/services/identity/auditor/blessing_auditor.go
index 071ca25..cd540e9 100644
--- a/services/identity/auditor/blessing_auditor.go
+++ b/services/identity/auditor/blessing_auditor.go
@@ -6,7 +6,6 @@
"strings"
"time"
- vsecurity "v.io/core/veyron/security"
"v.io/core/veyron/security/audit"
"v.io/core/veyron2/security"
"v.io/core/veyron2/vom"
@@ -126,8 +125,10 @@
}
func revocationCaveatID(caveats []security.Caveat) string {
- for _, tpcav := range vsecurity.ThirdPartyCaveats(caveats...) {
- return tpcav.ID()
+ for _, cav := range caveats {
+ if tp := cav.ThirdPartyDetails(); tp != nil {
+ return tp.ID()
+ }
}
return ""
}
diff --git a/services/identity/revocation/revocation_test.go b/services/identity/revocation/revocation_test.go
index 3f6e357..4dd214d 100644
--- a/services/identity/revocation/revocation_test.go
+++ b/services/identity/revocation/revocation_test.go
@@ -11,7 +11,6 @@
"v.io/core/veyron2"
"v.io/core/veyron2/context"
"v.io/core/veyron2/security"
- "v.io/core/veyron2/vom"
)
func revokerSetup(t *testing.T, ctx *context.T) (dischargerKey security.PublicKey, dischargerEndpoint string, revoker RevocationManager, closeFunc func()) {
@@ -48,26 +47,25 @@
if err != nil {
t.Fatalf("failed to create revocation caveat: %s", err)
}
- var cav security.ThirdPartyCaveat
- if err := vom.Decode(caveat.ValidatorVOM, &cav); err != nil {
- t.Fatalf("failed to create decode tp caveat: %s", err)
+ tp := caveat.ThirdPartyDetails()
+ if tp == nil {
+ t.Fatalf("failed to extract third party details from caveat %v", caveat)
}
var impetus security.DischargeImpetus
-
- if _, err = discharger.Discharge(ctx, cav, impetus); err != nil {
+ if _, err = discharger.Discharge(ctx, tp, impetus); err != nil {
t.Fatalf("failed to get discharge: %s", err)
}
- if err = revoker.Revoke(cav.ID()); err != nil {
+ if err = revoker.Revoke(tp.ID()); err != nil {
t.Fatalf("failed to revoke: %s", err)
}
- if discharge, err := discharger.Discharge(ctx, cav, impetus); err == nil || discharge != nil {
+ if discharge, err := discharger.Discharge(ctx, tp, impetus); err == nil || discharge != nil {
t.Fatalf("got a discharge for a revoked caveat: %s", err)
}
- if err = revoker.Revoke(cav.ID()); err != nil {
+ if err = revoker.Revoke(tp.ID()); err != nil {
t.Fatalf("failed to revoke again: %s", err)
}
- if discharge, err := discharger.Discharge(ctx, cav, impetus); err == nil || discharge != nil {
+ if discharge, err := discharger.Discharge(ctx, tp, impetus); err == nil || discharge != nil {
t.Fatalf("got a discharge for a doubly revoked caveat: %s", err)
}
}
