commit f826393770014736906cc656245f34eeafb76326
author gauthamt <gauthamt@google.com> Tue Dec 16 10:59:09 2014 -0800
committer gauthamt <gauthamt@google.com> Tue Dec 16 10:59:25 2014 -0800
tree 18b575ac1893fcb5935485fc1594a70c320d8ecf
parent 28dabfc5bb116704b46f81002166381fa916da0a

Security API additions.

-Principal can now get a slice of blessings that match a name.
-Principal can now get a name for a blessing that belongs to it.
-BlessingStore exports a map of all the pattern/blessings that have been added.

Change-Id: Idaa8d9ddf8acd03a7d2b72d5bf408566d1a8cdc1

security/agent/agent_test.go

diff --git a/security/agent/agent_test.go b/security/agent/agent_test.go
index d0acb43..18b61ea 100644
--- a/security/agent/agent_test.go
+++ b/security/agent/agent_test.go
@@ -69,6 +69,8 @@
 		{"Sign", V{make([]byte, 10)}, security.Signature{Purpose: []byte{}, R: []byte{1}, S: []byte{1}}, nil},
 		{"MintDischarge", V{thirdPartyCaveat, security.UnconstrainedUse()}, discharge, nil},
 		{"PublicKey", V{}, mockP.PublicKey(), nil},
+		{"BlessingsByName", V{security.BlessingPattern("self")}, []security.Blessings{newBlessing(t, "blessing")}, nil},
+		{"BlessingsInfo", V{newBlessing(t, "blessing")}, []string{"blessing"}, nil},
 		{"AddToRoots", V{newBlessing(t, "blessing")}, nil, verror2.Make(addToRootsErr, nil)},
 	}
 	for _, test := range tests {
@@ -84,6 +86,7 @@
 		{"SetDefault", V{newBlessing(t, "blessing")}, nil, verror2.Make(storeSetDefaultErr, nil)},
 		{"Default", V{}, newBlessing(t, "root/extension"), nil},
 		{"PublicKey", V{}, mockP.PublicKey(), nil},
+		{"PeerBlessings", V{}, map[security.BlessingPattern]security.Blessings{"test": newBlessing(t, "root/extension")}, nil},
 		{"DebugString", V{}, "StoreString", nil},
 	}
 	for _, test := range storeTests {
@@ -176,6 +179,18 @@
 	return d, p.NextError
 }
 
+func (p *mockPrincipal) BlessingsByName(name security.BlessingPattern) []security.Blessings {
+	defer p.reset()
+	b, _ := p.NextResult.([]security.Blessings)
+	return b
+}
+
+func (p *mockPrincipal) BlessingsInfo(blessings security.Blessings) []string {
+	defer p.reset()
+	s, _ := p.NextResult.([]string)
+	return s
+}
+
 func (p *mockPrincipal) PublicKey() security.PublicKey         { return p.Key }
 func (p *mockPrincipal) Roots() security.BlessingRoots         { return p.MockRoots }
 func (p *mockPrincipal) BlessingStore() security.BlessingStore { return p.MockStore }
@@ -220,6 +235,12 @@
 
 func (s *mockBlessingStore) PublicKey() security.PublicKey { return s.Key }
 
+func (s *mockBlessingStore) PeerBlessings() map[security.BlessingPattern]security.Blessings {
+	defer s.reset()
+	m, _ := s.NextResult.(map[security.BlessingPattern]security.Blessings)
+	return m
+}
+
 func (s *mockBlessingStore) DebugString() string {
 	defer s.reset()
 	return s.NextResult.(string)

security/agent/client.go

diff --git a/security/agent/client.go b/security/agent/client.go
index 6a3925f..cd26573 100644
--- a/security/agent/client.go
+++ b/security/agent/client.go
@@ -128,6 +128,33 @@
 	return c.key
 }
 
+func (c *client) BlessingsByName(pattern security.BlessingPattern) []security.Blessings {
+	var wbResults []security.WireBlessings
+	err := c.caller.call("BlessingsByName", results(&wbResults), pattern)
+	if err != nil {
+		vlog.Errorf("error calling BlessingsByName: %v", err)
+		return nil
+	}
+	blessings := make([]security.Blessings, len(wbResults))
+	for i, wb := range wbResults {
+		var err error
+		blessings[i], err = security.NewBlessings(wb)
+		if err != nil {
+			vlog.Errorf("error creating Blessing from WireBlessings: %v", err)
+		}
+	}
+	return blessings
+}
+
+func (c *client) BlessingsInfo(blessings security.Blessings) []string {
+	var names []string
+	err := c.caller.call("BlessingsInfo", results(&names), security.MarshalBlessings(blessings))
+	if err != nil {
+		vlog.Errorf("error calling BlessingsInfo: %v", err)
+		return nil
+	}
+	return names
+}
 func (c *client) BlessingStore() security.BlessingStore {
 	return &blessingStore{c.caller, c.key}
 }
@@ -192,6 +219,25 @@
 	return b.key
 }
 
+func (b *blessingStore) PeerBlessings() map[security.BlessingPattern]security.Blessings {
+	var wbMap map[security.BlessingPattern]security.WireBlessings
+	err := b.caller.call("BlessingStorePeerBlessings", results(&wbMap))
+	if err != nil {
+		vlog.Errorf("error calling BlessingStorePeerBlessings: %v", err)
+		return nil
+	}
+	bMap := make(map[security.BlessingPattern]security.Blessings)
+	for pattern, wb := range wbMap {
+		blessings, err := security.NewBlessings(wb)
+		if err != nil {
+			vlog.Errorf("error creating Blessing from WireBlessings: %v", err)
+			return nil
+		}
+		bMap[pattern] = blessings
+	}
+	return bMap
+}
+
 func (b *blessingStore) DebugString() (s string) {
 	err := b.caller.call("BlessingStoreDebugString", results(&s))
 	if err != nil {

security/agent/server/server.go

diff --git a/security/agent/server/server.go b/security/agent/server/server.go
index c6ff7ea..fcf25a3 100644
--- a/security/agent/server/server.go
+++ b/security/agent/server/server.go
@@ -307,6 +307,23 @@
 	return a.principal.PublicKey().MarshalBinary()
 }
 
+func (a agentd) BlessingsByName(_ ipc.ServerContext, name security.BlessingPattern) ([]security.WireBlessings, error) {
+	blessings := a.principal.BlessingsByName(name)
+	ret := make([]security.WireBlessings, len(blessings))
+	for i, b := range blessings {
+		ret[i] = security.MarshalBlessings(b)
+	}
+	return ret, nil
+}
+
+func (a agentd) BlessingsInfo(_ ipc.ServerContext, blessings security.WireBlessings) ([]string, error) {
+	b, err := security.NewBlessings(blessings)
+	if err != nil {
+		return nil, err
+	}
+	return a.principal.BlessingsInfo(b), nil
+}
+
 func (a agentd) AddToRoots(_ ipc.ServerContext, wireBlessings security.WireBlessings) error {
 	blessings, err := security.NewBlessings(wireBlessings)
 	if err != nil {
@@ -339,6 +356,15 @@
 	return a.principal.BlessingStore().SetDefault(blessings)
 }
 
+func (a agentd) BlessingStorePeerBlessings(_ ipc.ServerContext) (map[security.BlessingPattern]security.WireBlessings, error) {
+	bMap := a.principal.BlessingStore().PeerBlessings()
+	wbMap := make(map[security.BlessingPattern]security.WireBlessings, len(bMap))
+	for p, b := range bMap {
+		wbMap[p] = security.MarshalBlessings(b)
+	}
+	return wbMap, nil
+}
+
 func (a agentd) BlessingStoreDebugString(_ ipc.ServerContext) (string, error) {
 	return a.principal.BlessingStore().DebugString(), nil
 }

security/agent/server/wire.vdl

diff --git a/security/agent/server/wire.vdl b/security/agent/server/wire.vdl
index dc52a7c..ee55e0b 100644
--- a/security/agent/server/wire.vdl
+++ b/security/agent/server/wire.vdl
@@ -35,12 +35,15 @@
 	Sign(message []byte) (security.Signature, error)
 	MintDischarge(tp any, caveat security.Caveat, additionalCaveats []security.Caveat) (any, error)
 	PublicKey() ([]byte, error)
+	BlessingsByName(name security.BlessingPattern) ([]security.WireBlessings, error)
+	BlessingsInfo(blessings security.WireBlessings) ([]string, error)
 	AddToRoots(blessing security.WireBlessings) error
 
 	BlessingStoreSet(blessings security.WireBlessings, forPeers security.BlessingPattern) (security.WireBlessings, error)
 	BlessingStoreForPeer(peerBlessings []string) (security.WireBlessings, error)
 	BlessingStoreSetDefault(blessings security.WireBlessings) error
 	BlessingStoreDefault() (security.WireBlessings, error)
+	BlessingStorePeerBlessings() (map[security.BlessingPattern]security.WireBlessings, error)
 	BlessingStoreDebugString() (string, error)
 
 	BlessingRootsAdd(root []byte, pattern security.BlessingPattern) error

security/agent/server/wire.vdl.go

diff --git a/security/agent/server/wire.vdl.go b/security/agent/server/wire.vdl.go
index fa5832b..3fc6f85 100644
--- a/security/agent/server/wire.vdl.go
+++ b/security/agent/server/wire.vdl.go
@@ -27,11 +27,14 @@
 	Sign(ctx __context.T, message []byte, opts ...__ipc.CallOpt) (security.Signature, error)
 	MintDischarge(ctx __context.T, tp __vdlutil.Any, caveat security.Caveat, additionalCaveats []security.Caveat, opts ...__ipc.CallOpt) (__vdlutil.Any, error)
 	PublicKey(__context.T, ...__ipc.CallOpt) ([]byte, error)
+	BlessingsByName(ctx __context.T, name security.BlessingPattern, opts ...__ipc.CallOpt) ([]security.WireBlessings, error)
+	BlessingsInfo(ctx __context.T, blessings security.WireBlessings, opts ...__ipc.CallOpt) ([]string, error)
 	AddToRoots(ctx __context.T, blessing security.WireBlessings, opts ...__ipc.CallOpt) error
 	BlessingStoreSet(ctx __context.T, blessings security.WireBlessings, forPeers security.BlessingPattern, opts ...__ipc.CallOpt) (security.WireBlessings, error)
 	BlessingStoreForPeer(ctx __context.T, peerBlessings []string, opts ...__ipc.CallOpt) (security.WireBlessings, error)
 	BlessingStoreSetDefault(ctx __context.T, blessings security.WireBlessings, opts ...__ipc.CallOpt) error
 	BlessingStoreDefault(__context.T, ...__ipc.CallOpt) (security.WireBlessings, error)
+	BlessingStorePeerBlessings(__context.T, ...__ipc.CallOpt) (map[security.BlessingPattern]security.WireBlessings, error)
 	BlessingStoreDebugString(__context.T, ...__ipc.CallOpt) (string, error)
 	BlessingRootsAdd(ctx __context.T, root []byte, pattern security.BlessingPattern, opts ...__ipc.CallOpt) error
 	BlessingRootsRecognized(ctx __context.T, root []byte, blessing string, opts ...__ipc.CallOpt) error
@@ -122,6 +125,28 @@
 	return
 }
 
+func (c implAgentClientStub) BlessingsByName(ctx __context.T, i0 security.BlessingPattern, opts ...__ipc.CallOpt) (o0 []security.WireBlessings, err error) {
+	var call __ipc.Call
+	if call, err = c.c(ctx).StartCall(ctx, c.name, "BlessingsByName", []interface{}{i0}, opts...); err != nil {
+		return
+	}
+	if ierr := call.Finish(&o0, &err); ierr != nil {
+		err = ierr
+	}
+	return
+}
+
+func (c implAgentClientStub) BlessingsInfo(ctx __context.T, i0 security.WireBlessings, opts ...__ipc.CallOpt) (o0 []string, err error) {
+	var call __ipc.Call
+	if call, err = c.c(ctx).StartCall(ctx, c.name, "BlessingsInfo", []interface{}{i0}, opts...); err != nil {
+		return
+	}
+	if ierr := call.Finish(&o0, &err); ierr != nil {
+		err = ierr
+	}
+	return
+}
+
 func (c implAgentClientStub) AddToRoots(ctx __context.T, i0 security.WireBlessings, opts ...__ipc.CallOpt) (err error) {
 	var call __ipc.Call
 	if call, err = c.c(ctx).StartCall(ctx, c.name, "AddToRoots", []interface{}{i0}, opts...); err != nil {
@@ -177,6 +202,17 @@
 	return
 }
 
+func (c implAgentClientStub) BlessingStorePeerBlessings(ctx __context.T, opts ...__ipc.CallOpt) (o0 map[security.BlessingPattern]security.WireBlessings, err error) {
+	var call __ipc.Call
+	if call, err = c.c(ctx).StartCall(ctx, c.name, "BlessingStorePeerBlessings", nil, opts...); err != nil {
+		return
+	}
+	if ierr := call.Finish(&o0, &err); ierr != nil {
+		err = ierr
+	}
+	return
+}
+
 func (c implAgentClientStub) BlessingStoreDebugString(ctx __context.T, opts ...__ipc.CallOpt) (o0 string, err error) {
 	var call __ipc.Call
 	if call, err = c.c(ctx).StartCall(ctx, c.name, "BlessingStoreDebugString", nil, opts...); err != nil {
@@ -240,11 +276,14 @@
 	Sign(ctx __ipc.ServerContext, message []byte) (security.Signature, error)
 	MintDischarge(ctx __ipc.ServerContext, tp __vdlutil.Any, caveat security.Caveat, additionalCaveats []security.Caveat) (__vdlutil.Any, error)
 	PublicKey(__ipc.ServerContext) ([]byte, error)
+	BlessingsByName(ctx __ipc.ServerContext, name security.BlessingPattern) ([]security.WireBlessings, error)
+	BlessingsInfo(ctx __ipc.ServerContext, blessings security.WireBlessings) ([]string, error)
 	AddToRoots(ctx __ipc.ServerContext, blessing security.WireBlessings) error
 	BlessingStoreSet(ctx __ipc.ServerContext, blessings security.WireBlessings, forPeers security.BlessingPattern) (security.WireBlessings, error)
 	BlessingStoreForPeer(ctx __ipc.ServerContext, peerBlessings []string) (security.WireBlessings, error)
 	BlessingStoreSetDefault(ctx __ipc.ServerContext, blessings security.WireBlessings) error
 	BlessingStoreDefault(__ipc.ServerContext) (security.WireBlessings, error)
+	BlessingStorePeerBlessings(__ipc.ServerContext) (map[security.BlessingPattern]security.WireBlessings, error)
 	BlessingStoreDebugString(__ipc.ServerContext) (string, error)
 	BlessingRootsAdd(ctx __ipc.ServerContext, root []byte, pattern security.BlessingPattern) error
 	BlessingRootsRecognized(ctx __ipc.ServerContext, root []byte, blessing string) error
@@ -308,6 +347,14 @@
 	return s.impl.PublicKey(ctx)
 }
 
+func (s implAgentServerStub) BlessingsByName(ctx __ipc.ServerContext, i0 security.BlessingPattern) ([]security.WireBlessings, error) {
+	return s.impl.BlessingsByName(ctx, i0)
+}
+
+func (s implAgentServerStub) BlessingsInfo(ctx __ipc.ServerContext, i0 security.WireBlessings) ([]string, error) {
+	return s.impl.BlessingsInfo(ctx, i0)
+}
+
 func (s implAgentServerStub) AddToRoots(ctx __ipc.ServerContext, i0 security.WireBlessings) error {
 	return s.impl.AddToRoots(ctx, i0)
 }
@@ -328,6 +375,10 @@
 	return s.impl.BlessingStoreDefault(ctx)
 }
 
+func (s implAgentServerStub) BlessingStorePeerBlessings(ctx __ipc.ServerContext) (map[security.BlessingPattern]security.WireBlessings, error) {
+	return s.impl.BlessingStorePeerBlessings(ctx)
+}
+
 func (s implAgentServerStub) BlessingStoreDebugString(ctx __ipc.ServerContext) (string, error) {
 	return s.impl.BlessingStoreDebugString(ctx)
 }
@@ -415,6 +466,26 @@
 			},
 		},
 		{
+			Name: "BlessingsByName",
+			InArgs: []__ipc.ArgDesc{
+				{"name", ``}, // security.BlessingPattern
+			},
+			OutArgs: []__ipc.ArgDesc{
+				{"", ``}, // []security.WireBlessings
+				{"", ``}, // error
+			},
+		},
+		{
+			Name: "BlessingsInfo",
+			InArgs: []__ipc.ArgDesc{
+				{"blessings", ``}, // security.WireBlessings
+			},
+			OutArgs: []__ipc.ArgDesc{
+				{"", ``}, // []string
+				{"", ``}, // error
+			},
+		},
+		{
 			Name: "AddToRoots",
 			InArgs: []__ipc.ArgDesc{
 				{"blessing", ``}, // security.WireBlessings
@@ -461,6 +532,13 @@
 			},
 		},
 		{
+			Name: "BlessingStorePeerBlessings",
+			OutArgs: []__ipc.ArgDesc{
+				{"", ``}, // map[security.BlessingPattern]security.WireBlessings
+				{"", ``}, // error
+			},
+		},
+		{
 			Name: "BlessingStoreDebugString",
 			OutArgs: []__ipc.ArgDesc{
 				{"", ``}, // string
@@ -579,6 +657,13 @@
 			{Name: "", Type: 75},
 		},
 	}
+	result.Methods["BlessingStorePeerBlessings"] = __ipc.MethodSignature{
+		InArgs: []__ipc.MethodArgument{},
+		OutArgs: []__ipc.MethodArgument{
+			{Name: "", Type: 79},
+			{Name: "", Type: 75},
+		},
+	}
 	result.Methods["BlessingStoreSet"] = __ipc.MethodSignature{
 		InArgs: []__ipc.MethodArgument{
 			{Name: "blessings", Type: 74},
@@ -597,6 +682,24 @@
 			{Name: "", Type: 75},
 		},
 	}
+	result.Methods["BlessingsByName"] = __ipc.MethodSignature{
+		InArgs: []__ipc.MethodArgument{
+			{Name: "name", Type: 77},
+		},
+		OutArgs: []__ipc.MethodArgument{
+			{Name: "", Type: 78},
+			{Name: "", Type: 75},
+		},
+	}
+	result.Methods["BlessingsInfo"] = __ipc.MethodSignature{
+		InArgs: []__ipc.MethodArgument{
+			{Name: "blessings", Type: 74},
+		},
+		OutArgs: []__ipc.MethodArgument{
+			{Name: "", Type: 61},
+			{Name: "", Type: 75},
+		},
+	}
 	result.Methods["MintDischarge"] = __ipc.MethodSignature{
 		InArgs: []__ipc.MethodArgument{
 			{Name: "tp", Type: 76},
@@ -652,7 +755,7 @@
 				__wiretype.FieldType{Type: 0x49, Name: "CertificateChains"},
 			},
 			"veyron.io/veyron/veyron2/security.WireBlessings", []string(nil)},
-		__wiretype.NamedPrimitiveType{Type: 0x1, Name: "error", Tags: []string(nil)}, __wiretype.NamedPrimitiveType{Type: 0x1, Name: "anydata", Tags: []string(nil)}, __wiretype.NamedPrimitiveType{Type: 0x3, Name: "veyron.io/veyron/veyron2/security.BlessingPattern", Tags: []string(nil)}}
+		__wiretype.NamedPrimitiveType{Type: 0x1, Name: "error", Tags: []string(nil)}, __wiretype.NamedPrimitiveType{Type: 0x1, Name: "anydata", Tags: []string(nil)}, __wiretype.NamedPrimitiveType{Type: 0x3, Name: "veyron.io/veyron/veyron2/security.BlessingPattern", Tags: []string(nil)}, __wiretype.SliceType{Elem: 0x4a, Name: "", Tags: []string(nil)}, __wiretype.MapType{Key: 0x4d, Elem: 0x4a, Name: "", Tags: []string(nil)}}
 
 	return result, nil
 }