Google Git
Sign in
vanadium / release.go.x.ref / 38a1a7b472b1ec296be1b1d3a1ea33b3c7874505 / . / security / agent / client.go
blob: 6a3925f408803f72e80a8420bd6c0efe437ab7ac [file] [log] [blame]
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]1// Package agent provides a client for communicating with an "Agent"
2// process holding the private key for an identity.
3package agent
4
5import (
6 "fmt"
Ryan Brown50b473a2014-09-23 14:23:00 -0700[diff] [blame]7 "net"
8 "os"
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]9
Jiri Simsa519c5072014-09-17 21:37:57 -0700[diff] [blame]10 "veyron.io/veyron/veyron/lib/unixfd"
11 "veyron.io/veyron/veyron2/context"
12 "veyron.io/veyron/veyron2/ipc"
13 "veyron.io/veyron/veyron2/naming"
14 "veyron.io/veyron/veyron2/security"
Suharsh Sivakumar8a7fba42014-10-27 12:40:48 -0700[diff] [blame]15 "veyron.io/veyron/veyron2/vdl/vdlutil"
16 "veyron.io/veyron/veyron2/vlog"
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]17)
18
Ryan Brown50b473a2014-09-23 14:23:00 -0700[diff] [blame]19// FdVarName is the name of the environment variable containing
20// the file descriptor for talking to the agent.
21const FdVarName = "VEYRON_AGENT_FD"
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]22
23type client struct {
Suharsh Sivakumar8a7fba42014-10-27 12:40:48 -0700[diff] [blame]24 caller caller
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]25 key security.PublicKey
26}
27
Suharsh Sivakumar8a7fba42014-10-27 12:40:48 -0700[diff] [blame]28type caller struct {
29 client ipc.Client
30 name string
31 ctx context.T
32}
33
34func (c *caller) call(name string, results []interface{}, args ...interface{}) (err error) {
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]35 var call ipc.Call
Suharsh Sivakumar8a7fba42014-10-27 12:40:48 -0700[diff] [blame]36 results = append(results, &err)
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]37 if call, err = c.client.StartCall(c.ctx, c.name, name, args); err == nil {
Suharsh Sivakumar8a7fba42014-10-27 12:40:48 -0700[diff] [blame]38 if ierr := call.Finish(results...); ierr != nil {
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]39 err = ierr
40 }
41 }
42 return
43}
44
Suharsh Sivakumar8a7fba42014-10-27 12:40:48 -0700[diff] [blame]45func results(inputs ...interface{}) []interface{} {
46 if len(inputs) > 0 {
47 return inputs
48 }
49 return make([]interface{}, 0)
50}
51
52// NewAgentPrincipal returns a security.Pricipal using the PrivateKey held in a remote agent process.
Ryan Brown50b473a2014-09-23 14:23:00 -0700[diff] [blame]53// 'fd' is the socket for connecting to the agent, typically obtained from
54// os.GetEnv(agent.FdVarName).
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]55// 'ctx' should not have a deadline, and should never be cancelled.
Suharsh Sivakumar8a7fba42014-10-27 12:40:48 -0700[diff] [blame]56func NewAgentPrincipal(c ipc.Client, fd int, ctx context.T) (security.Principal, error) {
Ryan Brown81789442014-10-30 13:23:53 -0700[diff] [blame]57 f := os.NewFile(uintptr(fd), "agent_client")
58 defer f.Close()
59 conn, err := net.FileConn(f)
Ryan Brown50b473a2014-09-23 14:23:00 -0700[diff] [blame]60 if err != nil {
61 return nil, err
62 }
63 // This is just an arbitrary 1 byte string. The value is ignored.
64 data := make([]byte, 1)
Ryan Brown81789442014-10-30 13:23:53 -0700[diff] [blame]65 addr, err := unixfd.SendConnection(conn.(*net.UnixConn), data, true)
Ryan Brown50b473a2014-09-23 14:23:00 -0700[diff] [blame]66 if err != nil {
67 return nil, err
68 }
Suharsh Sivakumar8a7fba42014-10-27 12:40:48 -0700[diff] [blame]69 caller := caller{
70 client: c,
71 name: naming.JoinAddressName(naming.FormatEndpoint(addr.Network(), addr.String()), ""),
72 ctx: ctx,
73 }
74
75 agent := &client{caller: caller}
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]76 if err := agent.fetchPublicKey(); err != nil {
77 return nil, err
78 }
79 return agent, nil
80}
81
82func (c *client) fetchPublicKey() (err error) {
Suharsh Sivakumar8a7fba42014-10-27 12:40:48 -0700[diff] [blame]83 var b []byte
84 if err = c.caller.call("PublicKey", results(&b)); err != nil {
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]85 return
86 }
Suharsh Sivakumar8a7fba42014-10-27 12:40:48 -0700[diff] [blame]87 c.key, err = security.UnmarshalPublicKey(b)
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]88 return
89}
90
Suharsh Sivakumar8a7fba42014-10-27 12:40:48 -0700[diff] [blame]91func (c *client) Bless(key security.PublicKey, with security.Blessings, extension string, caveat security.Caveat, additionalCaveats ...security.Caveat) (security.Blessings, error) {
92 var blessings security.WireBlessings
93 marshalledKey, err := key.MarshalBinary()
94 if err != nil {
95 return nil, err
96 }
97 err = c.caller.call("Bless", results(&blessings), marshalledKey, security.MarshalBlessings(with), extension, caveat, additionalCaveats)
98 if err != nil {
99 return nil, err
100 }
101 return security.NewBlessings(blessings)
102}
103
104func (c *client) BlessSelf(name string, caveats ...security.Caveat) (security.Blessings, error) {
105 var blessings security.WireBlessings
106 err := c.caller.call("BlessSelf", results(&blessings), name, caveats)
107 if err != nil {
108 return nil, err
109 }
110 return security.NewBlessings(blessings)
111}
112
113func (c *client) Sign(message []byte) (sig security.Signature, err error) {
114 err = c.caller.call("Sign", results(&sig), message)
115 return
116}
117
118func (c *client) MintDischarge(tp security.ThirdPartyCaveat, caveat security.Caveat, additionalCaveats ...security.Caveat) (security.Discharge, error) {
119 var discharge security.Discharge
120 err := c.caller.call("MintDischarge", results(&discharge), vdlutil.Any(tp), caveat, additionalCaveats)
121 if err != nil {
122 return nil, err
123 }
124 return discharge, nil
125}
126
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]127func (c *client) PublicKey() security.PublicKey {
128 return c.key
129}
130
Suharsh Sivakumar8a7fba42014-10-27 12:40:48 -0700[diff] [blame]131func (c *client) BlessingStore() security.BlessingStore {
132 return &blessingStore{c.caller, c.key}
133}
134
135func (c *client) Roots() security.BlessingRoots {
136 return &blessingRoots{c.caller}
137}
138
139func (c *client) AddToRoots(blessings security.Blessings) error {
140 return c.caller.call("AddToRoots", results(), security.MarshalBlessings(blessings))
141}
142
143type blessingStore struct {
144 caller caller
145 key security.PublicKey
146}
147
148func (b *blessingStore) Set(blessings security.Blessings, forPeers security.BlessingPattern) (security.Blessings, error) {
149 var resultBlessings security.WireBlessings
150 err := b.caller.call("BlessingStoreSet", results(&resultBlessings), security.MarshalBlessings(blessings), forPeers)
151 if err != nil {
152 return nil, err
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]153 }
Suharsh Sivakumar8a7fba42014-10-27 12:40:48 -0700[diff] [blame]154 return security.NewBlessings(resultBlessings)
155}
156
157func (b *blessingStore) ForPeer(peerBlessings ...string) security.Blessings {
158 var resultBlessings security.WireBlessings
159 err := b.caller.call("BlessingStoreForPeer", results(&resultBlessings), peerBlessings)
160 if err != nil {
161 vlog.Errorf("error calling BlessingStoreForPeer: %v", err)
162 return nil
163 }
164 blessings, err := security.NewBlessings(resultBlessings)
165 if err != nil {
166 vlog.Errorf("error creating Blessings from WireBlessings: %v", err)
167 return nil
168 }
169 return blessings
170}
171
172func (b *blessingStore) SetDefault(blessings security.Blessings) error {
173 return b.caller.call("BlessingStoreSetDefault", results(), security.MarshalBlessings(blessings))
174}
175
176func (b *blessingStore) Default() security.Blessings {
177 var resultBlessings security.WireBlessings
178 err := b.caller.call("BlessingStoreDefault", results(&resultBlessings))
179 if err != nil {
180 vlog.Errorf("error calling BlessingStoreDefault: %v", err)
181 return nil
182 }
183 blessings, err := security.NewBlessings(resultBlessings)
184 if err != nil {
185 vlog.Errorf("error creating Blessing from WireBlessings: %v", err)
186 return nil
187 }
188 return blessings
189}
190
191func (b *blessingStore) PublicKey() security.PublicKey {
192 return b.key
193}
194
195func (b *blessingStore) DebugString() (s string) {
196 err := b.caller.call("BlessingStoreDebugString", results(&s))
197 if err != nil {
198 s = fmt.Sprintf("error calling BlessingStoreDebugString: %v", err)
199 vlog.Errorf(s)
200 }
201 return
202}
203
204type blessingRoots struct {
205 caller caller
206}
207
208func (b *blessingRoots) Add(root security.PublicKey, pattern security.BlessingPattern) error {
209 marshalledKey, err := root.MarshalBinary()
210 if err != nil {
211 return err
212 }
213 return b.caller.call("BlessingRootsAdd", results(), marshalledKey, pattern)
214}
215
216func (b *blessingRoots) Recognized(root security.PublicKey, blessing string) error {
217 marshalledKey, err := root.MarshalBinary()
218 if err != nil {
219 return err
220 }
221 return b.caller.call("BlessingRootsAdd", results(), marshalledKey, blessing)
222}
223
224func (b *blessingRoots) DebugString() (s string) {
225 err := b.caller.call("BlessingRootsDebugString", results(&s))
226 if err != nil {
227 s = fmt.Sprintf("error calling BlessingRootsDebugString: %v", err)
228 vlog.Errorf(s)
229 }
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]230 return
231}