Google Git
Sign in
vanadium / release.go.x.ref / 9ce79857c3750c5a5434451c03c6ef503cf0b3fa / . / cmd / principal / bless.go
blob: 2c243668f4723b0e37a574846675848f68053a63 [file] [log] [blame]
Jiri Simsad7616c92015-03-24 23:44:30 -0700[diff] [blame]1// Copyright 2015 The Vanadium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
Ankur1d46f552014-10-09 12:13:31 -0700[diff] [blame]5package main
6
7import (
8 "crypto/rand"
9 "encoding/base64"
10 "fmt"
11 "html/template"
12 "net"
13 "net/http"
14 "net/url"
15 "os"
16 "os/exec"
17 "strings"
Suharsh Sivakumar67ef84a2015-02-13 13:04:44 -0800[diff] [blame]18 "time"
Ankur1d46f552014-10-09 12:13:31 -0700[diff] [blame]19
Jiri Simsa6ac95222015-02-23 16:11:49 -0800[diff] [blame]20 "v.io/v23/context"
21 "v.io/v23/options"
22 "v.io/v23/security"
Jiri Simsa337af232015-02-27 14:36:46 -0800[diff] [blame]23 "v.io/x/lib/vlog"
Jiri Simsaffceefa2015-02-28 11:03:34 -0800[diff] [blame]24 "v.io/x/ref/services/identity"
Ankur1d46f552014-10-09 12:13:31 -0700[diff] [blame]25)
26
Suharsh Sivakumar67ef84a2015-02-13 13:04:44 -0800[diff] [blame]27func exchangeMacaroonForBlessing(ctx *context.T, macaroonChan <-chan string) (security.Blessings, error) {
Asim Shankar263c73b2015-03-19 18:31:26 -0700[diff] [blame]28 service, macaroon, serviceKey, err := prepareBlessArgs(ctx, macaroonChan)
Suharsh Sivakumar67ef84a2015-02-13 13:04:44 -0800[diff] [blame]29 if err != nil {
Asim Shankar2bf7b1e2015-02-27 00:45:12 -0800[diff] [blame]30 return security.Blessings{}, err
Suharsh Sivakumar67ef84a2015-02-13 13:04:44 -0800[diff] [blame]31 }
32
33 ctx, cancel := context.WithTimeout(ctx, time.Minute)
34 defer cancel()
35
Asim Shankar0d0d5882015-02-18 14:23:53 -0800[diff] [blame]36 // Authorize the server by its public key (obtained from macaroonChan).
37 // Must skip authorization during name resolution because the identity
38 // service is not a trusted root yet.
Jiri Simsad9a7b3c2015-08-12 16:38:27 -0700[diff] [blame]39 blessings, err := identity.MacaroonBlesserClient(service).Bless(ctx, macaroon, options.SkipServerEndpointAuthorization{}, options.ServerPublicKey{
40 PublicKey: serviceKey,
41 })
Suharsh Sivakumar67ef84a2015-02-13 13:04:44 -0800[diff] [blame]42 if err != nil {
Asim Shankar2bf7b1e2015-02-27 00:45:12 -0800[diff] [blame]43 return security.Blessings{}, fmt.Errorf("failed to get blessing from %q: %v", service, err)
Suharsh Sivakumar67ef84a2015-02-13 13:04:44 -0800[diff] [blame]44 }
Suharsh Sivakumar67ef84a2015-02-13 13:04:44 -0800[diff] [blame]45 return blessings, nil
46}
47
48func prepareBlessArgs(ctx *context.T, macaroonChan <-chan string) (service, macaroon string, root security.PublicKey, err error) {
49 macaroon = <-macaroonChan
50 service = <-macaroonChan
51
52 marshalKey, err := base64.URLEncoding.DecodeString(<-macaroonChan)
53 if err != nil {
54 return "", "", nil, fmt.Errorf("failed to decode root key: %v", err)
55 }
56 root, err = security.UnmarshalPublicKey(marshalKey)
57 if err != nil {
58 return "", "", nil, fmt.Errorf("failed to unmarshal root key: %v", err)
59 }
60
61 return service, macaroon, root, nil
62}
63
Ankuraf98e572015-05-05 14:18:50 -0700[diff] [blame]64func getMacaroonForBlessRPC(key security.PublicKey, blessServerURL string, blessedChan <-chan string, browser bool) (<-chan string, error) {
Ankur1d46f552014-10-09 12:13:31 -0700[diff] [blame]65 // Setup a HTTP server to recieve a blessing macaroon from the identity server.
66 // Steps:
67 // 1. Generate a state token to be included in the HTTP request
68 // (though, arguably, the random port assigment for the HTTP server is enough
69 // for XSRF protection)
70 // 2. Setup a HTTP server which will receive the final blessing macaroon from the id server.
71 // 3. Print out the link (to start the auth flow) for the user to click.
72 // 4. Return the macaroon and the rpc object name(where to make the MacaroonBlesser.Bless RPC call)
73 // in the "result" channel.
74 var stateBuf [32]byte
75 if _, err := rand.Read(stateBuf[:]); err != nil {
76 return nil, fmt.Errorf("failed to generate state token for OAuth: %v", err)
77 }
78 state := base64.URLEncoding.EncodeToString(stateBuf[:])
79
80 ln, err := net.Listen("tcp", "127.0.0.1:0")
81 if err != nil {
82 return nil, fmt.Errorf("failed to setup authorization code interception server: %v", err)
83 }
84 result := make(chan string)
85
86 redirectURL := fmt.Sprintf("http://%s/macaroon", ln.Addr())
87 http.HandleFunc("/macaroon", func(w http.ResponseWriter, r *http.Request) {
88 w.Header().Set("Content-Type", "text/html")
89 tmplArgs := struct {
Alex Fandrianto48a92c42015-05-26 18:04:58 -0700[diff] [blame]90 Blessings string
91 ErrShort string
92 ErrLong string
93 Browser bool
94 }{
95 Browser: browser,
96 }
Ankur1d46f552014-10-09 12:13:31 -0700[diff] [blame]97 defer func() {
98 if len(tmplArgs.ErrShort) > 0 {
99 w.WriteHeader(http.StatusBadRequest)
100 }
101 if err := tmpl.Execute(w, tmplArgs); err != nil {
102 vlog.Info("Failed to render template:", err)
103 }
104 }()
105
Suharsh Sivakumar8efb2f62015-05-18 10:57:34 -0700[diff] [blame]106 defer close(result)
107 if r.FormValue("state") != state {
Ankur1d46f552014-10-09 12:13:31 -0700[diff] [blame]108 tmplArgs.ErrShort = "Unexpected request"
109 tmplArgs.ErrLong = "Mismatched state parameter. Possible cross-site-request-forgery?"
110 return
111 }
Suharsh Sivakumar8efb2f62015-05-18 10:57:34 -0700[diff] [blame]112 if errEnc := r.FormValue("error"); errEnc != "" {
113 tmplArgs.ErrShort = "Failed to get blessings"
114 errBytes, err := base64.URLEncoding.DecodeString(errEnc)
115 if err != nil {
116 tmplArgs.ErrLong = err.Error()
117 } else {
118 tmplArgs.ErrLong = string(errBytes)
119 }
120 return
121 }
Ankur1d46f552014-10-09 12:13:31 -0700[diff] [blame]122 result <- r.FormValue("macaroon")
123 result <- r.FormValue("object_name")
Suharsh Sivakumar67ef84a2015-02-13 13:04:44 -0800[diff] [blame]124 result <- r.FormValue("root_key")
Ankur1d46f552014-10-09 12:13:31 -0700[diff] [blame]125 blessed, ok := <-blessedChan
126 if !ok {
127 tmplArgs.ErrShort = "No blessings received"
Suharsh Sivakumard1cc6e02015-03-16 13:58:49 -0700[diff] [blame]128 tmplArgs.ErrLong = "Unable to obtain blessings from the Vanadium service"
Ankur1d46f552014-10-09 12:13:31 -0700[diff] [blame]129 return
130 }
131 tmplArgs.Blessings = blessed
132 ln.Close()
133 })
134 go http.Serve(ln, nil)
135
136 // Print the link to start the flow.
Ankuraf98e572015-05-05 14:18:50 -0700[diff] [blame]137 url, err := seekBlessingsURL(key, blessServerURL, redirectURL, state)
Ankur1d46f552014-10-09 12:13:31 -0700[diff] [blame]138 if err != nil {
139 return nil, fmt.Errorf("failed to create seekBlessingsURL: %s", err)
140 }
Jiri Simsa37b0a092015-02-13 09:32:39 -0800[diff] [blame]141 fmt.Fprintln(os.Stdout, "Please visit the following URL to seek blessings:")
142 fmt.Fprintln(os.Stdout, url)
Ankur1d46f552014-10-09 12:13:31 -0700[diff] [blame]143 // Make an attempt to start the browser as a convenience.
144 // If it fails, doesn't matter - the client can see the URL printed above.
145 // Use exec.Command().Start instead of exec.Command().Run since there is no
146 // need to wait for the command to return (and indeed on some window managers,
147 // the command will not exit until the browser is closed).
Suharsh Sivakumara76dba62014-12-22 16:00:34 -0800[diff] [blame]148 if len(openCommand) != 0 && browser {
Ankur1d46f552014-10-09 12:13:31 -0700[diff] [blame]149 exec.Command(openCommand, url).Start()
150 }
151 return result, nil
152}
153
Ankuraf98e572015-05-05 14:18:50 -0700[diff] [blame]154func seekBlessingsURL(key security.PublicKey, blessServerURL, redirectURL, state string) (string, error) {
Suharsh Sivakumarc0048112015-03-19 11:48:28 -0700[diff] [blame]155 baseURL, err := url.Parse(joinURL(blessServerURL, identity.SeekBlessingsRoute))
Ankur1d46f552014-10-09 12:13:31 -0700[diff] [blame]156 if err != nil {
157 return "", fmt.Errorf("failed to parse url: %v", err)
158 }
Ankuraf98e572015-05-05 14:18:50 -0700[diff] [blame]159 keyBytes, err := key.MarshalBinary()
160 if err != nil {
161 return "", fmt.Errorf("failed to marshal public key: %v", err)
162 }
Ankur1d46f552014-10-09 12:13:31 -0700[diff] [blame]163 params := url.Values{}
164 params.Add("redirect_url", redirectURL)
165 params.Add("state", state)
Ankuraf98e572015-05-05 14:18:50 -0700[diff] [blame]166 params.Add("public_key", base64.URLEncoding.EncodeToString(keyBytes))
Ankur1d46f552014-10-09 12:13:31 -0700[diff] [blame]167 baseURL.RawQuery = params.Encode()
168 return baseURL.String(), nil
169}
170
171func joinURL(baseURL, suffix string) string {
172 if !strings.HasSuffix(baseURL, "/") {
173 baseURL += "/"
174 }
175 return baseURL + suffix
176}
177
178var tmpl = template.Must(template.New("name").Parse(`<!doctype html>
179<html>
180<head>
181<meta charset="UTF-8">
Ankurbc3d8452015-05-01 13:31:46 -0700[diff] [blame]182<!--Excluding any third-party hosted resources like scripts and stylesheets because otherwise we run the risk of leaking the macaroon out of this page (e.g., via the referrer header) -->
Suharsh Sivakumard1cc6e02015-03-16 13:58:49 -0700[diff] [blame]183<title>Vanadium Identity: Google</title>
Alex Fandrianto48a92c42015-05-26 18:04:58 -0700[diff] [blame]184{{if and .Browser .Blessings}}
Ankur1d46f552014-10-09 12:13:31 -0700[diff] [blame]185<!--Attempt to close the window. Though this script does not work on many browser configurations-->
186<script type="text/javascript">window.close();</script>
187{{end}}
188</head>
189<body>
Ankurbc3d8452015-05-01 13:31:46 -0700[diff] [blame]190<div>
Ankur1d46f552014-10-09 12:13:31 -0700[diff] [blame]191{{if .ErrShort}}
Ankurbc3d8452015-05-01 13:31:46 -0700[diff] [blame]192<center><h1><span style="color:#FF6E40;">Error: </span>{{.ErrShort}}</h1></center>
193<center><h2>{{.ErrLong}}</h2></center>
Ankur1d46f552014-10-09 12:13:31 -0700[diff] [blame]194{{else}}
Ankurbc3d8452015-05-01 13:31:46 -0700[diff] [blame]195<center><h1>Received blessings: <tt>{{.Blessings}}</tt></h1></center>
196<center><h2>You may close this tab now.</h2></center>
Ankur1d46f552014-10-09 12:13:31 -0700[diff] [blame]197{{end}}
198</div>
199</body>
200</html>`))