js: Use cache for blessings between go and js
Part 2 will be to convert from JsBlessing object to more complete
blessings
MultiPart: 2/2
Change-Id: I02d5d117e03c6540b83616745b274424a0ca2a2b
diff --git a/.gitignore b/.gitignore
index cd0b069..5854afc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,6 +14,7 @@
go/bin
xunit.xml
tmp
+.idea
# Vanadium
/.v23
diff --git a/src/gen-vdl/v.io/x/ref/services/wspr/internal/app/index.js b/src/gen-vdl/v.io/x/ref/services/wspr/internal/app/index.js
index 5850954..8ff3aad 100644
--- a/src/gen-vdl/v.io/x/ref/services/wspr/internal/app/index.js
+++ b/src/gen-vdl/v.io/x/ref/services/wspr/internal/app/index.js
@@ -22,7 +22,6 @@
// Types:
var _type1 = new vdl.Type();
-var _type10 = new vdl.Type();
var _type2 = new vdl.Type();
var _type3 = new vdl.Type();
var _type4 = new vdl.Type();
@@ -41,9 +40,6 @@
_type1.kind = vdl.kind.LIST;
_type1.name = "";
_type1.elem = _typeRpcCallOption;
-_type10.kind = vdl.kind.LIST;
-_type10.name = "";
-_type10.elem = new principal.BlessingsHandle()._type;
_type2.kind = vdl.kind.LIST;
_type2.name = "";
_type2.elem = new security.BlessingPattern()._type;
@@ -56,19 +52,19 @@
_type5.kind = vdl.kind.LIST;
_type5.name = "";
_type5.elem = new security.Caveat()._type;
-_type6.kind = vdl.kind.OPTIONAL;
+_type6.kind = vdl.kind.LIST;
_type6.name = "";
-_type6.elem = new principal.JsBlessings()._type;
-_type7.kind = vdl.kind.LIST;
+_type6.elem = vdl.types.STRING;
+_type7.kind = vdl.kind.MAP;
_type7.name = "";
-_type7.elem = vdl.types.STRING;
-_type8.kind = vdl.kind.MAP;
+_type7.elem = new principal.BlessingsId()._type;
+_type7.key = new security.BlessingPattern()._type;
+_type8.kind = vdl.kind.LIST;
_type8.name = "";
-_type8.elem = _type6;
-_type8.key = new security.BlessingPattern()._type;
+_type8.elem = new signature.Interface()._type;
_type9.kind = vdl.kind.LIST;
_type9.name = "";
-_type9.elem = new signature.Interface()._type;
+_type9.elem = new principal.BlessingsHandle()._type;
_typeGranterHandle.kind = vdl.kind.INT32;
_typeGranterHandle.name = "v.io/x/ref/services/wspr/internal/app.GranterHandle";
_typeGranterRequest.kind = vdl.kind.STRUCT;
@@ -90,7 +86,6 @@
_typeRpcServerOption.name = "v.io/x/ref/services/wspr/internal/app.RpcServerOption";
_typeRpcServerOption.fields = [{name: "IsLeaf", type: vdl.types.BOOL}, {name: "ServesMountTable", type: vdl.types.BOOL}];
_type1.freeze();
-_type10.freeze();
_type2.freeze();
_type3.freeze();
_type4.freeze();
@@ -386,14 +381,9 @@
},
],
outArgs: [{
- name: 'publicKeyOut',
+ name: '',
doc: "",
- type: vdl.types.STRING
- },
- {
- name: 'handleOut',
- doc: "",
- type: new principal.BlessingsHandle()._type
+ type: new principal.BlessingsId()._type
},
],
inStream: null,
@@ -417,14 +407,9 @@
},
],
outArgs: [{
- name: 'publicKeyOut',
+ name: '',
doc: "",
- type: vdl.types.STRING
- },
- {
- name: 'handleOut',
- doc: "",
- type: new principal.BlessingsHandle()._type
+ type: new principal.BlessingsId()._type
},
],
inStream: null,
@@ -466,7 +451,7 @@
outArgs: [{
name: '',
doc: "",
- type: _type6
+ type: new principal.BlessingsId()._type
},
],
inStream: null,
@@ -481,13 +466,13 @@
inArgs: [{
name: 'peerBlessings',
doc: "",
- type: _type7
+ type: _type6
},
],
outArgs: [{
name: '',
doc: "",
- type: _type6
+ type: new principal.BlessingsId()._type
},
],
inStream: null,
@@ -519,7 +504,7 @@
outArgs: [{
name: '',
doc: "",
- type: _type6
+ type: new principal.BlessingsId()._type
},
],
inStream: null,
@@ -551,7 +536,7 @@
outArgs: [{
name: '',
doc: "",
- type: _type8
+ type: _type7
},
],
inStream: null,
@@ -593,7 +578,7 @@
outArgs: [{
name: '',
doc: "",
- type: _type7
+ type: _type6
},
],
inStream: null,
@@ -614,7 +599,7 @@
outArgs: [{
name: '',
doc: "",
- type: _type9
+ type: _type8
},
],
inStream: null,
@@ -629,13 +614,13 @@
inArgs: [{
name: 'toJoin',
doc: "",
- type: _type10
+ type: _type9
},
],
outArgs: [{
name: '',
doc: "",
- type: _type6
+ type: new principal.BlessingsId()._type
},
],
inStream: null,
diff --git a/src/gen-vdl/v.io/x/ref/services/wspr/internal/principal/index.js b/src/gen-vdl/v.io/x/ref/services/wspr/internal/principal/index.js
index a799f10..f11c056 100644
--- a/src/gen-vdl/v.io/x/ref/services/wspr/internal/principal/index.js
+++ b/src/gen-vdl/v.io/x/ref/services/wspr/internal/principal/index.js
@@ -16,16 +16,39 @@
// Types:
+var _typeBlessingsCacheAddMessage = new vdl.Type();
+var _typeBlessingsCacheDeleteMessage = new vdl.Type();
+var _typeBlessingsCacheMessage = new vdl.Type();
var _typeBlessingsHandle = new vdl.Type();
+var _typeBlessingsId = new vdl.Type();
var _typeJsBlessings = new vdl.Type();
+_typeBlessingsCacheAddMessage.kind = vdl.kind.STRUCT;
+_typeBlessingsCacheAddMessage.name = "v.io/x/ref/services/wspr/internal/principal.BlessingsCacheAddMessage";
+_typeBlessingsCacheAddMessage.fields = [{name: "CacheId", type: _typeBlessingsId}, {name: "Blessings", type: _typeJsBlessings}];
+_typeBlessingsCacheDeleteMessage.kind = vdl.kind.STRUCT;
+_typeBlessingsCacheDeleteMessage.name = "v.io/x/ref/services/wspr/internal/principal.BlessingsCacheDeleteMessage";
+_typeBlessingsCacheDeleteMessage.fields = [{name: "CacheId", type: _typeBlessingsId}, {name: "DeleteAfter", type: vdl.types.UINT32}];
+_typeBlessingsCacheMessage.kind = vdl.kind.UNION;
+_typeBlessingsCacheMessage.name = "v.io/x/ref/services/wspr/internal/principal.BlessingsCacheMessage";
+_typeBlessingsCacheMessage.fields = [{name: "Add", type: _typeBlessingsCacheAddMessage}, {name: "Delete", type: _typeBlessingsCacheDeleteMessage}];
_typeBlessingsHandle.kind = vdl.kind.INT32;
_typeBlessingsHandle.name = "v.io/x/ref/services/wspr/internal/principal.BlessingsHandle";
+_typeBlessingsId.kind = vdl.kind.UINT32;
+_typeBlessingsId.name = "v.io/x/ref/services/wspr/internal/principal.BlessingsId";
_typeJsBlessings.kind = vdl.kind.STRUCT;
_typeJsBlessings.name = "v.io/x/ref/services/wspr/internal/principal.JsBlessings";
_typeJsBlessings.fields = [{name: "Handle", type: _typeBlessingsHandle}, {name: "PublicKey", type: vdl.types.STRING}];
+_typeBlessingsCacheAddMessage.freeze();
+_typeBlessingsCacheDeleteMessage.freeze();
+_typeBlessingsCacheMessage.freeze();
_typeBlessingsHandle.freeze();
+_typeBlessingsId.freeze();
_typeJsBlessings.freeze();
+module.exports.BlessingsCacheAddMessage = (vdl.registry.lookupOrCreateConstructor(_typeBlessingsCacheAddMessage));
+module.exports.BlessingsCacheDeleteMessage = (vdl.registry.lookupOrCreateConstructor(_typeBlessingsCacheDeleteMessage));
+module.exports.BlessingsCacheMessage = (vdl.registry.lookupOrCreateConstructor(_typeBlessingsCacheMessage));
module.exports.BlessingsHandle = (vdl.registry.lookupOrCreateConstructor(_typeBlessingsHandle));
+module.exports.BlessingsId = (vdl.registry.lookupOrCreateConstructor(_typeBlessingsId));
module.exports.JsBlessings = (vdl.registry.lookupOrCreateConstructor(_typeJsBlessings));
@@ -44,6 +67,8 @@
// Services:
+
+
diff --git a/src/gen-vdl/v.io/x/ref/services/wspr/internal/rpc/server/index.js b/src/gen-vdl/v.io/x/ref/services/wspr/internal/rpc/server/index.js
index b27766f..4d2cfe6 100644
--- a/src/gen-vdl/v.io/x/ref/services/wspr/internal/rpc/server/index.js
+++ b/src/gen-vdl/v.io/x/ref/services/wspr/internal/rpc/server/index.js
@@ -28,7 +28,6 @@
var _type4 = new vdl.Type();
var _type5 = new vdl.Type();
var _type6 = new vdl.Type();
-var _type7 = new vdl.Type();
var _typeAuthReply = new vdl.Type();
var _typeCaveatValidationRequest = new vdl.Type();
var _typeCaveatValidationResponse = new vdl.Type();
@@ -52,12 +51,9 @@
_type5.kind = vdl.kind.LIST;
_type5.name = "";
_type5.elem = vdl.types.ERROR;
-_type6.kind = vdl.kind.OPTIONAL;
+_type6.kind = vdl.kind.LIST;
_type6.name = "";
-_type6.elem = new principal.JsBlessings()._type;
-_type7.kind = vdl.kind.LIST;
-_type7.name = "";
-_type7.elem = new signature.Interface()._type;
+_type6.elem = new signature.Interface()._type;
_typeAuthReply.kind = vdl.kind.STRUCT;
_typeAuthReply.name = "v.io/x/ref/services/wspr/internal/rpc/server.AuthReply";
_typeAuthReply.fields = [{name: "Err", type: vdl.types.ERROR}];
@@ -72,23 +68,22 @@
_typeContext.fields = [{name: "Language", type: vdl.types.STRING}];
_typeLookupReply.kind = vdl.kind.STRUCT;
_typeLookupReply.name = "v.io/x/ref/services/wspr/internal/rpc/server.LookupReply";
-_typeLookupReply.fields = [{name: "Handle", type: vdl.types.INT32}, {name: "HasAuthorizer", type: vdl.types.BOOL}, {name: "HasGlobber", type: vdl.types.BOOL}, {name: "Signature", type: _type7}, {name: "Err", type: vdl.types.ERROR}];
+_typeLookupReply.fields = [{name: "Handle", type: vdl.types.INT32}, {name: "HasAuthorizer", type: vdl.types.BOOL}, {name: "HasGlobber", type: vdl.types.BOOL}, {name: "Signature", type: _type6}, {name: "Err", type: vdl.types.ERROR}];
_typeSecurityCall.kind = vdl.kind.STRUCT;
_typeSecurityCall.name = "v.io/x/ref/services/wspr/internal/rpc/server.SecurityCall";
-_typeSecurityCall.fields = [{name: "Method", type: vdl.types.STRING}, {name: "Suffix", type: vdl.types.STRING}, {name: "MethodTags", type: _type1}, {name: "LocalBlessings", type: new principal.JsBlessings()._type}, {name: "LocalBlessingStrings", type: _type2}, {name: "RemoteBlessings", type: new principal.JsBlessings()._type}, {name: "RemoteBlessingStrings", type: _type2}, {name: "LocalEndpoint", type: vdl.types.STRING}, {name: "RemoteEndpoint", type: vdl.types.STRING}];
+_typeSecurityCall.fields = [{name: "Method", type: vdl.types.STRING}, {name: "Suffix", type: vdl.types.STRING}, {name: "MethodTags", type: _type1}, {name: "LocalBlessings", type: new principal.BlessingsId()._type}, {name: "LocalBlessingStrings", type: _type2}, {name: "RemoteBlessings", type: new principal.BlessingsId()._type}, {name: "RemoteBlessingStrings", type: _type2}, {name: "LocalEndpoint", type: vdl.types.STRING}, {name: "RemoteEndpoint", type: vdl.types.STRING}];
_typeServerRpcRequest.kind = vdl.kind.STRUCT;
_typeServerRpcRequest.name = "v.io/x/ref/services/wspr/internal/rpc/server.ServerRpcRequest";
_typeServerRpcRequest.fields = [{name: "ServerId", type: vdl.types.UINT32}, {name: "Handle", type: vdl.types.INT32}, {name: "Method", type: vdl.types.STRING}, {name: "Args", type: _type1}, {name: "Call", type: _typeServerRpcRequestCall}];
_typeServerRpcRequestCall.kind = vdl.kind.STRUCT;
_typeServerRpcRequestCall.name = "v.io/x/ref/services/wspr/internal/rpc/server.ServerRpcRequestCall";
-_typeServerRpcRequestCall.fields = [{name: "SecurityCall", type: _typeSecurityCall}, {name: "Deadline", type: new time.WireDeadline()._type}, {name: "Context", type: _typeContext}, {name: "TraceRequest", type: new vtrace.Request()._type}, {name: "GrantedBlessings", type: _type6}];
+_typeServerRpcRequestCall.fields = [{name: "SecurityCall", type: _typeSecurityCall}, {name: "Deadline", type: new time.WireDeadline()._type}, {name: "Context", type: _typeContext}, {name: "TraceRequest", type: new vtrace.Request()._type}, {name: "GrantedBlessings", type: new principal.BlessingsId()._type}];
_type1.freeze();
_type2.freeze();
_type3.freeze();
_type4.freeze();
_type5.freeze();
_type6.freeze();
-_type7.freeze();
_typeAuthReply.freeze();
_typeCaveatValidationRequest.freeze();
_typeCaveatValidationResponse.freeze();
diff --git a/src/proxy/message-type.js b/src/proxy/message-type.js
index 04600e1..769ae7d 100644
--- a/src/proxy/message-type.js
+++ b/src/proxy/message-type.js
@@ -30,6 +30,7 @@
CANCEL: 7, // A request to cancel a previously invoked JS method.
CAVEAT_VALIDATION_REQUEST: 8, // A request to validate a set of caveats
LOG_MESSAGE: 9, // A request to log a message.
- GRANTER_REQUEST: 10 // A request to call a granter
+ GRANTER_REQUEST: 10, // A request to call a granter
+ BLESSINGS_CACHE_MESSAGE: 11, // A request to update the blessings cache
}
};
diff --git a/src/proxy/stream-handler.js b/src/proxy/stream-handler.js
index 79b2332..b0df421 100644
--- a/src/proxy/stream-handler.js
+++ b/src/proxy/stream-handler.js
@@ -6,9 +6,9 @@
var emitStreamError = require('../lib/emit-stream-error');
var vError = require('../gen-vdl/v.io/v23/verror');
var SharedContextKeys = require('../runtime/shared-context-keys');
-var Blessings = require('../security/blessings');
-var JsBlessings =
- require('../gen-vdl/v.io/x/ref/services/wspr/internal/principal').JsBlessings;
+var BlessingsId =
+ require('../gen-vdl/v.io/x/ref/services/wspr/internal/principal').BlessingsId;
+var runtimeFromContext = require('../runtime/runtime-from-context');
var TaskSequence = require('../lib/task-sequence');
var Promise = require('../lib/promise');
var vom = require('../vom');
@@ -58,12 +58,16 @@
}
var handler = this;
return vom.decode(data).then(function(data) {
- if (data instanceof JsBlessings) {
- data = new Blessings(data.handle, data.publicKey,
- handler._controller);
- data.retain();
+ if (data instanceof BlessingsId) {
+ var runtime = runtimeFromContext(handler._ctx);
+ runtime.blessingsManager.blessingsFromId(data)
+ .then(function(blessings) {
+ blessings.retain();
+ handler._stream._queueRead(blessings);
+ });
+ } else {
+ handler._stream._queueRead(data);
}
- handler._stream._queueRead(data);
}, function(e) {
emitStreamError(handler._stream,
new vError.InternalError(
diff --git a/src/rpc/client.js b/src/rpc/client.js
index 00975e0..6246266 100644
--- a/src/rpc/client.js
+++ b/src/rpc/client.js
@@ -39,13 +39,14 @@
var SharedContextKeys = require('../runtime/shared-context-keys');
var vtrace = require('../vtrace');
var Blessings = require('../security/blessings');
-var JsBlessings =
- require('../gen-vdl/v.io/x/ref/services/wspr/internal/principal').JsBlessings;
-var ByteStreamMessageWriter = require('../vom/byte-stream-message-writer');
+var BlessingsId =
+ require('../gen-vdl/v.io/x/ref/services/wspr/internal/principal').BlessingsId;
var ByteStreamMessageReader = require('../vom/byte-stream-message-reader');
+var ByteStreamMessageWriter = require('../vom/byte-stream-message-writer');
var Encoder = require('../vom/encoder');
var Decoder = require('../vom/decoder');
var TaskSequence = require('../lib/task-sequence');
+var runtimeFromContext = require('../runtime/runtime-from-context');
var vom = require('../vom');
var OutstandingRPC = function(ctx, options, cb) {
@@ -70,37 +71,34 @@
};
// Helper function to convert an out argument to the given type.
-function convertOutArg(arg, type, controller) {
- var canonOutArg = arg;
- var unwrappedArg = unwrap(arg);
- if (unwrappedArg instanceof JsBlessings) {
- var res =
- new Blessings(unwrappedArg.handle, unwrappedArg.publicKey, controller);
- res.retain();
- return res;
+function convertOutArg(ctx, arg, type, controller) {
+ if (arg instanceof BlessingsId) {
+ var runtime = runtimeFromContext(ctx);
+ return runtime.blessingsManager.blessingsFromId(arg)
+ .then(function(blessings) {
+ if (blessings) {
+ blessings.retain();
+ }
+ return blessings;
+ });
}
// There's no protection against bad out args if it's a JSValue.
// Otherwise, convert to the out arg type to ensure type correctness.
if (!type.equals(vdl.types.JSVALUE)) {
- canonOutArg = vdl.canonicalize.reduce(arg, type);
+ try {
+ return Promise.resolve(unwrap(vdl.canonicalize.reduce(arg, type)));
+ } catch(err) {
+ return Promise.reject(err);
+ }
}
- return unwrap(canonOutArg);
-}
-
-// Helper function to safely convert an out argument.
-// The returned error, if any is useful for a callback.
-function convertOutArgSafe(arg, type, controller) {
- try {
- return [undefined, convertOutArg(arg, type, controller)];
- } catch(err) {
- return [err, undefined];
- }
+ return Promise.resolve(unwrap(arg));
}
OutstandingRPC.prototype.start = function() {
this._id = this._proxy.nextId();
+ var ctx = this._ctx;
var self = this;
var cb;
@@ -113,25 +111,25 @@
cb = function convertToMultiArgs(err, results) { // jshint ignore:line
// If called from a deferred, the results are undefined.
- // Each out argument should also be unwrapped. (results was []any)
- results = results ? results.map(function(res, i) {
- var errOrArg = convertOutArgSafe(res, outArgTypes[i], self._controller);
- if (errOrArg[0] && !err) {
- err = errOrArg[0];
- }
- return errOrArg[1];
- }) : [];
+ if (err) {
+ origCb(err);
+ return;
+ }
- // TODO(alexfandrianto): Callbacks seem to be able to get both error and
- // results, but I think we want to limit it to one or the other.
- var resultsCopy = results.slice();
- resultsCopy.unshift(err);
- origCb.apply(null, resultsCopy);
+ // Each out argument should also be unwrapped. (results was []any)
+ results = results || [];
+ var resultPromises = results.map(function(res, i) {
+ return convertOutArg(ctx, res, outArgTypes[i], self._controller);
+ });
+ Promise.all(resultPromises)
+ .then(function(results) {
+ results.unshift(null);
+ origCb.apply(null, results);
+ }).catch(origCb);
};
}
var def = new Deferred(cb);
- var ctx = this._ctx;
if (!this._cb) {
// If we are using a promise, strip single args out of the arg array.
@@ -142,26 +140,29 @@
'Internal error: incorrectly formatted out args in client');
}
+
// Each out argument should also be unwrapped. (args was []any)
- var unwrappedArgs = args.map(function(outArg, i) {
- return convertOutArg(outArg, outArgTypes[i], self._controller);
+ var unwrappedArgPromises = args.map(function(outArg, i) {
+ return convertOutArg(ctx, outArg, outArgTypes[i], self._controller);
});
- // We expect:
- // 0 args - return; // NOT return [];
- // 1 args - return a; // NOT return [a];
- // 2 args - return [a, b] ;
- //
- // Convert the results from array style to the expected return style.
- // undefined, a, [a, b], [a, b, c] etc
- switch(unwrappedArgs.length) {
- case 0:
- return undefined;
- case 1:
- return unwrappedArgs[0];
- default:
- return unwrappedArgs;
- }
+ return Promise.all(unwrappedArgPromises).then(function(unwrappedArgs) {
+ // We expect:
+ // 0 args - return; // NOT return [];
+ // 1 args - return a; // NOT return [a];
+ // 2 args - return [a, b] ;
+ //
+ // Convert the results from array style to the expected return style.
+ // undefined, a, [a, b], [a, b, c] etc
+ switch(unwrappedArgs.length) {
+ case 0:
+ return undefined;
+ case 1:
+ return unwrappedArgs[0];
+ default:
+ return unwrappedArgs;
+ }
+ });
});
}
diff --git a/src/rpc/create-server-call.js b/src/rpc/create-server-call.js
new file mode 100644
index 0000000..616f787
--- /dev/null
+++ b/src/rpc/create-server-call.js
@@ -0,0 +1,63 @@
+// Copyright 2015 The Vanadium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+var createSecurityCall = require('../security/create-security-call');
+
+module.exports = createServerCall;
+
+/**
+ * Create a server call object. This exists so that we can resolve blessings
+ * before the user is given the object.
+ * @private
+ */
+function createServerCall(request, blessingsManager) {
+ var serverCall = new ServerCall();
+ if (request instanceof ServerCall) {
+ serverCall.securityCall = request.securityCall.clone();
+ serverCall.grantedBlessings = request.grantedBlessings;
+ return Promise.resolve(serverCall);
+ } else {
+ var promises = [];
+ promises.push(createSecurityCall(request.call.securityCall,
+ blessingsManager).then(function(securityCall) {
+ serverCall.securityCall = securityCall;
+ }));
+ if (request.call.grantedBlessings) {
+ promises.push(
+ blessingsManager.blessingsFromId(request.call.grantedBlessings)
+ .then(function(grantedBlessings) {
+ serverCall.grantedBlessings = grantedBlessings;
+ })
+ );
+ }
+ return Promise.all(promises).then(function() {
+ return serverCall;
+ });
+ }
+}
+
+/**
+ * @summary
+ * A ServerCall is a context.Context subclass that includes additional
+ * information about an ongoing server call.
+ * @description
+ * <p>Private Constructor, an instance of ServerCall is passed to every service
+ * method as the first argument.</p>
+ * @inner
+ * @constructor
+ *
+ * @property {module:vanadium.security~SecurityCall} securityCall The
+ * Security Call for the request.
+ *
+ * @property {module:vanadium.security~Blessings} grantedBlessings The
+ * blessings optionally granted to the server from the client through a
+ * granter.
+ *
+ * @property {*} methodTags The tags attached to the method,
+ * interface specification in VDL.
+ *
+ * @memberof module:vanadium.rpc
+ */
+function ServerCall() {
+}
diff --git a/src/rpc/granter-router.js b/src/rpc/granter-router.js
index dee6e7a..075d46c 100644
--- a/src/rpc/granter-router.js
+++ b/src/rpc/granter-router.js
@@ -12,7 +12,7 @@
var MessageType = require('../proxy/message-type');
var Incoming = MessageType.Incoming;
var Outgoing = MessageType.Outgoing;
-var SecurityCall = require('../security/call');
+var createSecurityCall = require('../security/create-security-call');
var InspectableFunction = require('../lib/inspectable-function');
var GranterResponse =
require('../gen-vdl/v.io/x/ref/services/wspr/internal/app').GranterResponse;
@@ -25,13 +25,14 @@
* grant requests.
* @private
*/
-function GranterRouter(proxy, rootCtx) {
+function GranterRouter(proxy, rootCtx, blessingsManager) {
proxy.addIncomingHandler(Incoming.GRANTER_REQUEST, this);
this._proxy = proxy;
this._rootCtx = rootCtx;
this.nextGranterId = 0;
this.activeGranters = {};
+ this._blessingsManager = blessingsManager;
}
/**
@@ -54,9 +55,10 @@
}
var router = this;
+ var granter;
return vom.decode(request).then(function(request) {
request = request.val;
- var granter = router.activeGranters[request.granterHandle];
+ granter = router.activeGranters[request.granterHandle];
if (!granter) {
// TODO(bjornick): Pass in context here so we can generate useful error
// messages
@@ -64,7 +66,11 @@
new verror.NoExistError(router._rootCtx, 'unknown granter'));
}
delete router.activeGranters[request.granterHandle];
- var securityCall = new SecurityCall(request.call, router._controller);
+ return createSecurityCall(request.call, router._blessingsManager);
+ }, function(e) {
+ return Promise.reject(
+ new verror.NoExistError(router._rootCtx, 'failed to decode message'));
+ }).then(function(securityCall) {
var ctx = router._rootCtx;
var inspectFn = new InspectableFunction(granter);
var resolve;
@@ -81,9 +87,6 @@
return resolve(res);
});
return promise;
- }, function(e) {
- return Promise.reject(
- new verror.NoExistError(router._rootCtx, 'failed to decode message'));
}).then(function(outBlessings) {
var result = new GranterResponse({blessings: outBlessings[0]._id});
var data = hexVom.encode(result);
diff --git a/src/rpc/server-call.js b/src/rpc/server-call.js
deleted file mode 100644
index ae9401e..0000000
--- a/src/rpc/server-call.js
+++ /dev/null
@@ -1,46 +0,0 @@
-// Copyright 2015 The Vanadium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-var SecurityCall = require('../security/call');
-var Blessings = require('../security/blessings');
-
-module.exports = ServerCall;
-
-/**
- * @summary
- * A ServerCall is a context.Context subclass that includes additional
- * information about an ongoing server call.
- * @description
- * <p>Private Constructor, an instance of ServerCall is passed to every service
- * method as the first argument.</p>
- * @inner
- * @constructor
- *
- * @property {module:vanadium.security~SecurityCall} securityCall The
- * Security Call for the request.
- *
- * @property {*} methodTags The tags attached to the method,
- * interface specification in VDL.
- *
- * @memberof module:vanadium.rpc
- */
-function ServerCall(request, controller) {
- if (!(this instanceof ServerCall)) {
- return new ServerCall(request, controller);
- }
-
- if (request instanceof ServerCall) {
- this.securityCall = request.securityCall.clone();
- this.grantedBlessings = request.grantedBlessings;
- } else {
- this.securityCall = new SecurityCall(request.call.securityCall,
- controller);
- if (request.call.grantedBlessings) {
- this.grantedBlessings = new Blessings(
- request.call.grantedBlessings.handle,
- request.call.grantedBlessings.publicKey,
- controller);
- }
- }
-}
diff --git a/src/rpc/server-router.js b/src/rpc/server-router.js
index 82ac8c4..6c4155c 100644
--- a/src/rpc/server-router.js
+++ b/src/rpc/server-router.js
@@ -16,8 +16,8 @@
var vlog = require('./../lib/vlog');
var StreamHandler = require('../proxy/stream-handler');
var verror = require('../gen-vdl/v.io/v23/verror');
-var SecurityCall = require('../security/call');
-var ServerCall = require('./server-call');
+var createSecurityCall = require('../security/create-security-call');
+var createServerCall = require('./create-server-call');
var vdl = require('../vdl');
var typeUtil = require('../vdl/type-util');
var Deferred = require('../lib/deferred');
@@ -37,8 +37,8 @@
var lib =
require('../gen-vdl/v.io/x/ref/services/wspr/internal/lib');
var Blessings = require('../security/blessings');
-var JsBlessings =
- require('../gen-vdl/v.io/x/ref/services/wspr/internal/principal').JsBlessings;
+var BlessingsId =
+ require('../gen-vdl/v.io/x/ref/services/wspr/internal/principal').BlessingsId;
var WireBlessings =
require('../gen-vdl/v.io/v23/security').WireBlessings;
var SharedContextKeys = require('../runtime/shared-context-keys');
@@ -52,7 +52,8 @@
* @constructor
* @private
*/
-var Router = function(proxy, appName, rootCtx, controller, caveatRegistry) {
+var Router = function(
+ proxy, appName, rootCtx, controller, caveatRegistry, blessingsManager) {
this._servers = {};
this._proxy = proxy;
this._streamMap = {};
@@ -62,6 +63,7 @@
this._caveatRegistry = caveatRegistry;
this._outstandingRequestForId = {};
this._controller = controller;
+ this._blessingsManager = blessingsManager;
proxy.addIncomingHandler(Incoming.INVOKE_REQUEST, this);
proxy.addIncomingHandler(Incoming.LOOKUP_REQUEST, this);
@@ -117,11 +119,15 @@
}
var router = this;
- var call;
- vom.decode(request).then(function(request) {
+ var decodedRequest;
+ vom.decode(request).catch(function(e) {
+ return Promise.reject(new verror.InternalError(router._rootCtx,
+ 'Failed to decode ', e));
+ }).then(function(req) {
+ decodedRequest = req;
var ctx = router._rootCtx.withValue(SharedContextKeys.LANG_KEY,
- request.context.language);
- var server = router._servers[request.serverId];
+ decodedRequest.context.language);
+ var server = router._servers[decodedRequest.serverId];
if (!server) {
var authReply = new AuthReply({
// TODO(bjornick): Use the real context
@@ -132,22 +138,20 @@
null, messageId);
return;
}
- call = new SecurityCall(request.call, router._controller);
-
- return server.handleAuthorization(request.handle, ctx, call);
- }, function(e) {
- return Promise.reject(new verror.InternalError(router._rootCtx,
- 'Failed to decode ', e));
+ return createSecurityCall(decodedRequest.call, router._blessingsManager)
+ .then(function(call) {
+ return server.handleAuthorization(decodedRequest.handle, ctx, call);
+ });
}).then(function() {
var authReply = new AuthReply({});
router._proxy.sendRequest(hexVom.encode(authReply),
Outgoing.AUTHORIZATION_RESPONSE, null, messageId);
}).catch(function(e) {
- var authReply = new AuthReply({
- err: ErrorConversion.fromNativeValue(e, router._appName,
- call.method)
- });
- router._proxy.sendRequest(hexVom.encode(authReply),
+ var errMsg = {
+ err: ErrorConversion.fromNativeValue(e, this._appName,
+ decodedRequest.call.method)
+ };
+ router._proxy.sendRequest(hexVom.encode(errMsg),
Outgoing.AUTHORIZATION_RESPONSE, null,
messageId);
});
@@ -179,24 +183,24 @@
};
Router.prototype.handleCaveatValidationRequest = function(messageId, request) {
- var resultPromises = new Array(request.cavs.length);
- var call = new SecurityCall(request.call);
- var ctx = this._rootCtx.withValue(SharedContextKeys.LANG_KEY,
- request.context.language);
- for (var i = 0; i < request.cavs.length; i++) {
- resultPromises[i] = this._validateChain(ctx, call, request.cavs[i]);
- }
- var self = this;
- Promise.all(resultPromises).then(function(results) {
- var response = new CaveatValidationResponse({
- results: results
+ var router = this;
+ createSecurityCall(request.call, this._blessingsManager)
+ .then(function(call) {
+ var ctx = router._rootCtx.withValue(SharedContextKeys.LANG_KEY,
+ request.context.language);
+ var resultPromises = request.cavs.map(function(cav) {
+ return router._validateChain(ctx, call, cav);
});
- self._proxy.sendRequest(hexVom.encode(response),
- Outgoing.CAVEAT_VALIDATION_RESPONSE, null,
- messageId);
+ return Promise.all(resultPromises).then(function(results) {
+ var response = new CaveatValidationResponse({
+ results: results
+ });
+ var data = hexVom.encode(response);
+ router._proxy.sendRequest(data, Outgoing.CAVEAT_VALIDATION_RESPONSE, null,
+ messageId);
+ });
}).catch(function(err) {
- vlog.logger.error(
- new Error('Unexpected error (all promises should resolve): ' + err));
+ throw new Error('Unexpected error (all promises should resolve): ' + err);
});
};
@@ -215,24 +219,24 @@
var self = this;
return server._handleLookup(request.suffix).then(function(value) {
- var signatureList = value.invoker.signature();
- var hasAuthorizer = (typeof value.authorizer === 'function');
- var hasGlobber = value.invoker.hasGlobber();
- var reply = new LookupReply({
- handle: value._handle,
- signature: signatureList,
- hasAuthorizer: hasAuthorizer,
- hasGlobber: hasGlobber
- });
- self._proxy.sendRequest(hexVom.encode(reply), Outgoing.LOOKUP_RESPONSE,
- null, messageId);
- }).catch(function(err) {
- var reply = new LookupReply({
- err: ErrorConversion.fromNativeValue(err, self._appName, '__Signature')
- });
- self._proxy.sendRequest(hexVom.encode(reply), Outgoing.LOOKUP_RESPONSE,
- null, messageId);
- });
+ var signatureList = value.invoker.signature();
+ var hasAuthorizer = (typeof value.authorizer === 'function');
+ var hasGlobber = value.invoker.hasGlobber();
+ var reply = new LookupReply({
+ handle: value._handle,
+ signature: signatureList,
+ hasAuthorizer: hasAuthorizer,
+ hasGlobber: hasGlobber
+ });
+ self._proxy.sendRequest(hexVom.encode(reply), Outgoing.LOOKUP_RESPONSE,
+ null, messageId);
+ }).catch(function(err) {
+ var reply = new LookupReply({
+ err: ErrorConversion.fromNativeValue(err, self._appName, '__Signature')
+ });
+ self._proxy.sendRequest(hexVom.encode(reply), Outgoing.LOOKUP_RESPONSE,
+ null, messageId);
+ });
};
/**
@@ -306,111 +310,118 @@
var ctx = this.createRPCContext(request);
var self = this;
var stream;
- var call = new ServerCall(request, this._controller);
- if (request.method === 'Glob__') {
- if (!invoker.hasGlobber()) {
- err = new Error('Glob is not implemented');
- self.sendResult(messageId, 'Glob__', null, err);
- return;
- }
- // Glob takes no streaming input and has GlobReply as output.
- stream = new Stream(messageId, this._proxy.senderPromise, false,
- null, naming.GlobReply.prototype._type);
- this._streamMap[messageId] = stream;
- this._contextMap[messageId] = ctx;
- this._outstandingRequestForId[messageId] = 0;
- this.incrementOutstandingRequestForId(messageId);
- var globPattern = typeUtil.unwrap(request.args[0]);
- this.handleGlobRequest(messageId, call.securityCall.suffix,
- server, new Glob(globPattern), ctx, call, invoker,
- completion);
- return;
- }
-
- function completion() {
- // There is no results to a glob method. Everything is sent back
- // through the stream.
- self.sendResult(messageId, methodName, null, undefined, 1);
- }
-
- // Find the method signature.
- var signature = invoker.signature();
- var methodSig;
- signature.forEach(function(ifaceSig) {
- ifaceSig.methods.forEach(function(method) {
- if (method.name === methodName) {
- methodSig = method;
+ createServerCall(request, this._blessingsManager).then(function(call) {
+ if (request.method === 'Glob__') {
+ if (!invoker.hasGlobber()) {
+ err = new Error('Glob is not implemented');
+ self.sendResult(messageId, 'Glob__', null, err);
+ return;
}
- });
- });
- if (methodSig === undefined) {
- err = new verror.NoExistError(
- call, 'Requested method', methodName, 'not found on');
- this.sendResult(messageId, methodName, null, err);
- return;
- }
-
- // Unwrap the RPC arguments sent to the JS server.
- var unwrappedArgs = request.args.map(function(arg, i) {
- // If an any type was expected, unwrapping is not needed.
- if (methodSig.inArgs[i].type.kind === vdl.kind.ANY) {
- return arg;
- }
- var unwrapped = typeUtil.unwrap(arg);
- if (unwrapped instanceof JsBlessings) {
- return new Blessings(unwrapped.handle, unwrapped.publicKey,
- self._controller);
- }
- return unwrapped;
- });
- var options = {
- methodName: methodName,
- args: unwrappedArgs,
- methodSig: methodSig,
- ctx: ctx,
- call: call,
- };
-
- this._contextMap[messageId] = options.ctx;
- if (methodIsStreaming(methodSig)) {
- var readType = (methodSig.inStream ? methodSig.inStream.type : null);
- var writeType = (methodSig.outStream ? methodSig.outStream.type : null);
- stream = new Stream(messageId, this._proxy.senderPromise, false, readType,
- writeType);
- this._streamMap[messageId] = stream;
- var rpc = new StreamHandler(options.ctx, stream);
- this._proxy.addIncomingStreamHandler(messageId, rpc);
- options.stream = stream;
- }
-
- // Invoke the method;
- this.invokeMethod(invoker, options, function(err, results) {
- if (err) {
- var stackTrace;
- if (err instanceof Error && err.stack !== undefined) {
- stackTrace = err.stack;
- }
- vlog.logger.debug('Requested method ' + methodName +
- ' threw an exception on invoke: ', err, stackTrace);
-
- // The error case has no results; only send the error.
- self.sendResult(messageId, methodName, undefined, err,
- methodSig.outArgs.length);
+ // Glob takes no streaming input and has GlobReply as output.
+ stream = new Stream(messageId, self._proxy.senderPromise, false,
+ null, naming.GlobReply.prototype._type);
+ self._streamMap[messageId] = stream;
+ self._contextMap[messageId] = ctx;
+ self._outstandingRequestForId[messageId] = 0;
+ self.incrementOutstandingRequestForId(messageId);
+ var globPattern = typeUtil.unwrap(request.args[0]);
+ self.handleGlobRequest(messageId, call.securityCall.suffix,
+ server, new Glob(globPattern), ctx, call, invoker,
+ completion);
return;
}
- // Has results; associate the types of the outArgs.
- var canonResults = results.map(function(result, i) {
- var t = methodSig.outArgs[i].type;
- if (t.equals(WireBlessings.prototype._type)) {
- return result;
- }
- return vdl.canonicalize.fill(result, t);
- });
- self.sendResult(messageId, methodName, canonResults, undefined,
- methodSig.outArgs.length);
- });
+ function completion() {
+ // There is no results to a glob method. Everything is sent back
+ // through the stream.
+ self.sendResult(messageId, methodName, null, undefined, 1);
+ }
+ // Find the method signature.
+ var signature = invoker.signature();
+ var methodSig;
+ signature.forEach(function(ifaceSig) {
+ ifaceSig.methods.forEach(function(method) {
+ if (method.name === methodName) {
+ methodSig = method;
+ }
+ });
+ });
+ if (methodSig === undefined) {
+ err = new verror.NoExistError(
+ call, 'Requested method', methodName, 'not found on');
+ self.sendResult(messageId, methodName, null, err);
+ return;
+ }
+
+ // Unwrap the RPC arguments sent to the JS server.
+ var unwrappedArgPromises = request.args.map(function(arg, i) {
+ // If an any type was expected, unwrapping is not needed.
+ if (methodSig.inArgs[i].type.kind === vdl.kind.ANY) {
+ return Promise.resolve(arg);
+ }
+ var unwrapped = typeUtil.unwrap(arg);
+ if (unwrapped instanceof BlessingsId) {
+ return self._blessingsManager.blessingsFromId(unwrapped);
+ }
+ return Promise.resolve(unwrapped);
+ });
+
+ return Promise.all(unwrappedArgPromises).then(function(unwrappedArgs) {
+ var options = {
+ methodName: methodName,
+ args: unwrappedArgs,
+ methodSig: methodSig,
+ ctx: ctx,
+ call: call,
+ };
+
+ self._contextMap[messageId] = options.ctx;
+ if (methodIsStreaming(methodSig)) {
+ var readType = (methodSig.inStream ? methodSig.inStream.type : null);
+ var writeType = (methodSig.outStream ? methodSig.outStream.type : null);
+ stream = new Stream(messageId, self._proxy.senderPromise, false,
+ readType, writeType);
+ self._streamMap[messageId] = stream;
+ var rpc = new StreamHandler(options.ctx, stream);
+ self._proxy.addIncomingStreamHandler(messageId, rpc);
+ options.stream = stream;
+ }
+
+ // Invoke the method;
+ self.invokeMethod(invoker, options, function(err, results) {
+ if (err) {
+ var stackTrace;
+ if (err instanceof Error && err.stack !== undefined) {
+ stackTrace = err.stack;
+ }
+ vlog.logger.debug('Requested method ' + methodName +
+ ' threw an exception on invoke: ', err, stackTrace);
+
+ // The error case has no results; only send the error.
+ self.sendResult(messageId, methodName, undefined, err,
+ methodSig.outArgs.length);
+ return;
+ }
+
+ // Has results; associate the types of the outArgs.
+ var canonResults = results.map(function(result, i) {
+ var t = methodSig.outArgs[i].type;
+ if (t.equals(WireBlessings.prototype._type)) {
+ if (!(result instanceof Blessings)) {
+ vlog.logger.error(
+ 'Encoding non-blessings value as wire blessings');
+ return null;
+ }
+ return result;
+ }
+ return vdl.canonicalize.fill(result, t);
+ });
+ self.sendResult(messageId, methodName, canonResults, undefined,
+ methodSig.outArgs.length);
+ });
+ });
+ });
};
/**
* Handles incoming requests from the server to invoke methods on registered
@@ -550,10 +561,13 @@
var suffix = namespaceUtil.join(name, child);
self.incrementOutstandingRequestForId(messageId);
- var subCall = new ServerCall(call);
- subCall.securityCall.suffix = suffix;
var nextInvoker;
- server._handleLookup(suffix).then(function(value) {
+ var subCall;
+ createServerCall(call, this._blessingsManager).then(function(servCall) {
+ subCall = servCall;
+ subCall.securityCall.suffix = suffix;
+ return server._handleLookup(suffix);
+ }).then(function(value) {
nextInvoker = value.invoker;
return server.handleAuthorization(value._handle, context,
subCall.securityCall);
diff --git a/src/runtime/index.js b/src/runtime/index.js
index 8f4a379..7c51044 100644
--- a/src/runtime/index.js
+++ b/src/runtime/index.js
@@ -23,6 +23,8 @@
var vtrace = require('../vtrace');
var Controller =
require('../gen-vdl/v.io/x/ref/services/wspr/internal/app').Controller;
+var BlessingsManager = require('../security/blessings-manager');
+var BlessingsRouter = require('../security/blessings-router');
module.exports = {
init: init
@@ -117,6 +119,9 @@
this._name = options.appName;
this._language = options.language;
this.caveatRegistry = new CaveatValidatorRegistry();
+ this.blessingsManager = new BlessingsManager(this._controller);
+ this._blessingsRouter = new BlessingsRouter(this._getProxyConnection(),
+ this.blessingsManager);
}
inherits(Runtime, EE);
@@ -249,7 +254,8 @@
this._name,
this.getContext(),
this._controller,
- this.caveatRegistry);
+ this.caveatRegistry,
+ this.blessingsManager);
}
return this._router;
};
@@ -263,7 +269,8 @@
if (!this._granterRouter) {
this._granterRouter = new GranterRouter(
this._getProxyConnection(),
- this.getContext());
+ this.getContext(),
+ this.blessingsManager);
}
return this._granterRouter;
};
diff --git a/src/security/access/permissions-authorizer.js b/src/security/access/permissions-authorizer.js
index c2a03ad..117b5db 100644
--- a/src/security/access/permissions-authorizer.js
+++ b/src/security/access/permissions-authorizer.js
@@ -12,7 +12,7 @@
var NoPermissionsError = vdlAccess.NoPermissionsError;
var Permissions = vdlAccess.Permissions;
-module.exports = authorizer;
+module.exports = permissionsAuthorizer;
var pkgPath = 'v.io/v23/security/access';
var MultipleTagsError = makeError(
pkgPath + '.errMultipleMethodTags',
@@ -38,7 +38,7 @@
* @return {module:vanadium.security.Authorize} An authorizer that applies
* the perms.
*/
-function authorizer(perms, type) {
+function permissionsAuthorizer(perms, type) {
// Force the Permissions to have the correct Permissions format.
var permissions = unwrap(new Permissions(perms));
@@ -70,4 +70,4 @@
}
return;
};
-}
\ No newline at end of file
+}
diff --git a/src/security/blessings-cache.js b/src/security/blessings-cache.js
new file mode 100644
index 0000000..e3b0444
--- /dev/null
+++ b/src/security/blessings-cache.js
@@ -0,0 +1,130 @@
+// Copyright 2015 The Vanadium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+var unwrap = require('../vdl/type-util').unwrap;
+var vlog = require('../lib/vlog');
+var Deferred = require('../lib/deferred');
+
+/**
+ * @fileoverview A cache of blessings, used in conjunction with the cache
+ * in WSPR (principal/cache.go) to reduce the number of times blessings must
+ * be sent across the wire.
+ * This is kept in sync with the WSPR cache.
+ * @private
+ */
+
+module.exports = BlessingsCache;
+
+/**
+ * @summary Cache of blessings received from WSPR.
+ * @description This cache is kept in sync with WSPR to reduce the
+ * number of times that blessings must be sent across the wire.
+ * @constructor
+ * @private
+ */
+function BlessingsCache() {
+ // Each entry has the following fields (which may or may not exist):
+ // - deferredBlessings: a deferred object whose promise resolves to the
+ // blessings
+ // - refCount: number of references to the blessings
+ // - deleteAfter: delete the entry after this number of blessings
+ this._entries = {};
+}
+
+/**
+ * @summary addBlessings adds blessings to the blessings cache.
+ * @param {wspr.internal.principal.BlessingsCacheAddMessage} addMessage
+ */
+BlessingsCache.prototype.addBlessings = function(addMessage) {
+ var id = this._unwrappedId(addMessage.cacheId);
+ var entry = this._getOrCreateEntry(id);
+ entry.deferredBlessings.resolve(addMessage.blessings);
+};
+
+/**
+ * @summary deleteBlessings removes blessings from the blessings cache.
+ * @param {wspr.internal.principal.BlessingsCacheAddMessage} addMessage
+ */
+BlessingsCache.prototype.deleteBlessings = function(deleteMessage) {
+ var id = this._unwrappedId(deleteMessage.cacheId);
+ var entry = this._getOrCreateEntry(id);
+ entry.deleteAfter = deleteMessage.deleteAfter;
+
+ this._deleteIfNoLongerNeeded(id);
+};
+
+/**
+ * @summary blessingsFromId looks up a blessing by id or waits for it if it
+ * has not been put in the cache yet
+ * @param {wspr.internal.principal.BlessingsId} blessingsId
+ */
+BlessingsCache.prototype.blessingsFromId = function(blessingsId) {
+ var id = unwrap(blessingsId);
+
+ if (typeof id !== 'number') {
+ throw new Error('Expected numeric blessings id');
+ }
+ if (id === 0) {
+ // Zero is not a valid id.
+ // TODO(bprosnitz) Replace this with null once we switch to full blessings
+ // objects. It is currently a number because there are no optional numbers
+ // now in VDL.
+ return Promise.resolve(null);
+ }
+
+ var entry = this._getOrCreateEntry(id);
+ var cache = this;
+ return entry.deferredBlessings.promise.then(function(blessings) {
+ cache._increaseRefCount(id);
+ cache._deleteIfNoLongerNeeded(id);
+ return blessings;
+ });
+};
+
+BlessingsCache.prototype._increaseRefCount = function(cacheId) {
+ var entry = this._entries[cacheId];
+ if (!entry) {
+ throw new Error('Unexpectedly got id of missing entry');
+ }
+ entry.refCount++;
+};
+
+BlessingsCache.prototype._deleteIfNoLongerNeeded = function(cacheId) {
+ var entry = this._entries[cacheId];
+ if (!entry) {
+ throw new Error('Entry unexpectedly not present');
+ }
+
+ if (entry.refCount >= entry.deleteAfter) {
+ if (entry.refCount > entry.deleteAfter) {
+ vlog.logger.warn('Got more references than expected');
+ }
+ if (entry.waiting) {
+ vlog.logger.warn(
+ 'There should not be anything waiting on entry to be deleted');
+ }
+ delete this._entries[cacheId];
+ }
+};
+
+BlessingsCache.prototype._getOrCreateEntry = function(cacheId) {
+ if (!this._entries[cacheId]) {
+ this._entries[cacheId] = {
+ refCount: 0,
+ deferredBlessings: new Deferred()
+ };
+ }
+ return this._entries[cacheId];
+};
+
+BlessingsCache.prototype._unwrappedId = function(cacheId) {
+ var id = unwrap(cacheId);
+ if (typeof id !== 'number') {
+ throw new Error('Got non-numeric id');
+ }
+ if (id <= 0) {
+ throw new Error('Unexpected non-positive id ' + id);
+ }
+ return id;
+};
diff --git a/src/security/blessings-manager.js b/src/security/blessings-manager.js
new file mode 100644
index 0000000..723b1d7
--- /dev/null
+++ b/src/security/blessings-manager.js
@@ -0,0 +1,49 @@
+// Copyright 2015 The Vanadium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+/**
+ * @fileoverview Manager of cache blessings. This differs from BlessingsCache
+ * because it converts JsBlessings to Blessings objects.
+ * TODO(bprosnitz) Remove this after switching to performing WireBlessings to
+ * Blessings conversion with native types.
+ * @private
+ */
+
+var BlessingsCache = require('../security/blessings-cache');
+var Blessings = require('../security/blessings');
+
+
+module.exports = BlessingsManager;
+
+/*
+ * TODO(bprosnitz) Replace this with just BlessingsCache after switching
+ * to using native type conversion with blessings.
+ */
+/*
+ * @summary Manager of blessings received from WSPR.
+ * @constructor
+ * @inner
+ */
+function BlessingsManager(controller) {
+ this._blessingsCache = new BlessingsCache();
+ this._controller = controller;
+}
+
+BlessingsManager.prototype.blessingsFromId = function(id) {
+ var controller = this._controller;
+ return this._blessingsCache.blessingsFromId(id).then(function(jsBless) {
+ if (!jsBless) {
+ return null;
+ }
+ return new Blessings(jsBless.handle, jsBless.publicKey, controller);
+ });
+};
+
+BlessingsManager.prototype.addBlessings = function(addMessage) {
+ return this._blessingsCache.addBlessings(addMessage);
+};
+
+BlessingsManager.prototype.deleteBlessings = function(deleteMessage) {
+ return this._blessingsCache.deleteBlessings(deleteMessage);
+};
diff --git a/src/security/blessings-router.js b/src/security/blessings-router.js
new file mode 100644
index 0000000..4254bf9
--- /dev/null
+++ b/src/security/blessings-router.js
@@ -0,0 +1,49 @@
+// Copyright 2015 The Vanadium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+/**
+ * @fileoveriew A router that handles incoming requests to update the state
+ * of the blessings cache.
+ * @private
+ */
+
+var vlog = require('./../lib/vlog');
+var Incoming = require('../proxy/message-type').Incoming;
+
+module.exports = BlessingsRouter;
+
+/**
+ * A router that handles incoming requests to update the state of the blessings
+ * cache.
+ * @constructor
+ * @private
+ */
+function BlessingsRouter(proxy, blessingsManager) {
+ this._blessingsManager = blessingsManager;
+
+ proxy.addIncomingHandler(Incoming.BLESSINGS_CACHE_MESSAGE, this);
+}
+
+BlessingsRouter.prototype.handleRequest = function(messageId, type, request) {
+ switch (type) {
+ case Incoming.BLESSINGS_CACHE_MESSAGE:
+ this.handleBlessingsCacheMessages(request);
+ return;
+ default:
+ vlog.logger.error('Unknown request type given to blessings router ' + type);
+ }
+};
+
+BlessingsRouter.prototype.handleBlessingsCacheMessages = function(messages) {
+ for (var i = 0; i < messages.length; i++) {
+ var message = messages[i];
+ if (message.hasOwnProperty('add')) {
+ this._blessingsManager.addBlessings(message.add);
+ } else if (message.hasOwnProperty('delete')) {
+ this._blessingsManager.deleteBlessings(message.delete);
+ } else {
+ vlog.logger.error('Unknown blessings cache message: ', message);
+ }
+ }
+};
diff --git a/src/security/blessingstore.js b/src/security/blessingstore.js
index 4ce7a31..ec74dd6 100644
--- a/src/security/blessingstore.js
+++ b/src/security/blessingstore.js
@@ -8,7 +8,7 @@
*/
var Deferred = require('../lib/deferred');
- var Blessings = require('./blessings');
+ var runtimeFromContext = require('../../src/runtime/runtime-from-context');
var verror = require('../gen-vdl/v.io/v23/verror');
module.exports = BlessingStore;
@@ -185,14 +185,17 @@
controller.blessingStorePeerBlessings(ctx)
.then(function(peerBlessings) {
var outPeerBlessings = new Map();
- peerBlessings.forEach(function(jsBlessings, pattern) {
- var blessingObj = new Blessings(
- jsBlessings.handle,
- jsBlessings.publicKey,
- controller);
- outPeerBlessings.set(pattern, blessingObj);
+ var promises = [];
+ peerBlessings.forEach(function(blessId, pattern) {
+ var runtime = runtimeFromContext(ctx);
+ promises.push(runtime.blessingsManager.blessingsFromId(blessId)
+ .then(function(blessingsObj) {
+ outPeerBlessings.set(pattern, blessingsObj);
+ }));
});
- def.resolve(outPeerBlessings);
+ return Promise.all(promises).then(function() {
+ def.resolve(outPeerBlessings);
+ });
}).catch(function(err) {
def.reject(err);
});
diff --git a/src/security/call.js b/src/security/call.js
deleted file mode 100644
index daf095f..0000000
--- a/src/security/call.js
+++ /dev/null
@@ -1,63 +0,0 @@
-// Copyright 2015 The Vanadium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-/**
- * @fileoverview A context passed to the authorizer
- * @private
- */
-var Blessings = require('./blessings.js');
-module.exports = Call;
-
-/**
- * @summary Call defines the state available for authorizing a principal.
- * @name SecurityCall
- * @property {string} method The method being invoked.
- * @property {string} suffix The object name suffix of the request.
- * @property {module:vanadium.security~Blessings} localBlessings The blessings
- * bound to the local end.
- * @property {string} localBlessingStrings The validated names for the local
- * end.
- * @property {module:vanadium.security~Blessings} remoteBlessings The blessings
- * bound to the remote end.
- * @property {string} remoteBlessingStrings The validated names for the remote
- * end.
- * @property {string} localEndpoint The endpoint string for the local end.
- * @property {string} remoteEndpoint The endpoint string for the remote end.
- * @inner
- * @memberof module:vanadium.security
- */
-function Call(call, controller) {
- this.method = call.method;
- this.suffix = call.suffix;
- // TODO(bjornick): Use the enums.
- this.methodTags = call.methodTags;
- this.localBlessings = new Blessings(call.localBlessings.handle,
- call.localBlessings.publicKey,
- controller);
- this.remoteBlessings = new Blessings(call.remoteBlessings.handle,
- call.remoteBlessings.publicKey,
- controller);
- if (call.grantedBlessings) {
- this.grantedBlessings = new Blessings(call.grantedBlessings.handle,
- call.grantedBlessings.publicKey,
- controller);
- }
- this.localBlessingStrings = call.localBlessingStrings;
- this.remoteBlessingStrings = call.remoteBlessingStrings;
- // TODO(bjornick): Create endpoints.
- this.localEndpoint = call.localEndpoint;
- this.remoteEndpoint = call.remoteEndpoint;
-}
-
-Call.prototype.clone = function() {
- var res = Object.create(this.constructor.prototype);
- Object.defineProperty(res, 'constructor', { value: this.constructor });
- for (var key in this) {
- if (!this.hasOwnProperty(key)) {
- continue;
- }
- res[key] = this[key];
- }
- return res;
-};
diff --git a/src/security/create-security-call.js b/src/security/create-security-call.js
new file mode 100644
index 0000000..8cdd467
--- /dev/null
+++ b/src/security/create-security-call.js
@@ -0,0 +1,74 @@
+// Copyright 2015 The Vanadium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+/**
+ * @fileoverview A security information passes to authorizer and validator.
+ * @private
+ */
+module.exports = createSecurityCall;
+
+/**
+ * Create a security call object. This exists so that we can resolve blessings
+ * before the user is given the object.
+ * @private
+ */
+function createSecurityCall(input, blessingsManager) {
+ var call = new Call();
+ call.method = input.method;
+ call.suffix = input.suffix;
+ call.methodTags = input.methodTags;
+ call.localBlessingStrings = input.localBlessingStrings;
+ call.remoteBlessingStrings = input.remoteBlessingStrings;
+ // TODO(bjornick): Create endpoints.
+ call.localEndpoint = input.localEndpoint;
+ call.remoteEndpoint = input.remoteEndpoint;
+
+ var promises = [];
+ promises.push(blessingsManager.blessingsFromId(input.localBlessings)
+ .then(function(localBlessings) {
+ call.localBlessings = localBlessings;
+ }));
+ promises.push(blessingsManager.blessingsFromId(input.remoteBlessings)
+ .then(function(remoteBlessings) {
+ call.remoteBlessings = remoteBlessings;
+ return call;
+ }));
+
+ return Promise.all(promises).then(function() {
+ return call;
+ });
+}
+
+/**
+ * @summary Call defines the state available for authorizing a principal.
+ * @name SecurityCall
+ * @property {string} method The method being invoked.
+ * @property {string} suffix The object name suffix of the request.
+ * @property {module:vanadium.security~Blessings} localBlessings The blessings
+ * bound to the local end.
+ * @property {string} localBlessingStrings The validated names for the local
+ * end.
+ * @property {module:vanadium.security~Blessings} remoteBlessings The blessings
+ * bound to the remote end.
+ * @property {string} remoteBlessingStrings The validated names for the remote
+ * end.
+ * @property {string} localEndpoint The endpoint string for the local end.
+ * @property {string} remoteEndpoint The endpoint string for the remote end.
+ * @inner
+ * @memberof module:vanadium.security
+ */
+function Call() {
+}
+
+Call.prototype.clone = function() {
+ var res = Object.create(this.constructor.prototype);
+ Object.defineProperty(res, 'constructor', { value: this.constructor });
+ for (var key in this) {
+ if (!this.hasOwnProperty(key)) {
+ continue;
+ }
+ res[key] = this[key];
+ }
+ return res;
+};
diff --git a/src/security/default-authorizer.js b/src/security/default-authorizer.js
index a16958f..6a952b4 100644
--- a/src/security/default-authorizer.js
+++ b/src/security/default-authorizer.js
@@ -5,9 +5,9 @@
var blessingMatches = require('./access/blessing-matching');
var vError = require('./../gen-vdl/v.io/v23/verror');
-module.exports = authorizer;
+module.exports = defaultAuthorizer;
-function authorizer(ctx, call, cb) {
+function defaultAuthorizer(ctx, call, cb) {
// If the remoteBlessings has a public key, and it refers to ourselves
// (i.e a self rpc), then we always authorize.
if (call.remoteBlessings.publicKey &&
diff --git a/src/security/principal.js b/src/security/principal.js
index bd69964..afc40cc 100644
--- a/src/security/principal.js
+++ b/src/security/principal.js
@@ -8,7 +8,6 @@
*/
var Deferred = require('../lib/deferred');
-var Blessings = require('./blessings');
var BlessingStore = require('./blessingstore');
var verror = require('../gen-vdl/v.io/v23/verror');
@@ -81,12 +80,9 @@
var caveats = args.slice(4);
- var controller = this._controller;
this._controller.bless(ctx, publicKey, blessings._id, extension, caveats)
- .then(function(res) {
- var publicKey = res[0];
- var handle = res[1];
- def.resolve(new Blessings(handle, publicKey, controller));
+ .then(function(blessings) {
+ def.resolve(blessings);
}).catch(function(err) {
def.reject(err);
});
@@ -121,14 +117,11 @@
var controller = this._controller;
controller.blessSelf(ctx, name, caveats)
- .then(function(res) {
- var publicKey = res[0];
- var handle = res[1];
- def.resolve(new Blessings(handle, publicKey, controller));
+ .then(function(blessings) {
+ def.resolve(blessings);
}).catch(function(err) {
def.reject(err);
});
-
return def.promise;
};
diff --git a/test/integration/test-authorizer.js b/test/integration/test-authorizer.js
index 895ead4..b8ff575 100644
--- a/test/integration/test-authorizer.js
+++ b/test/integration/test-authorizer.js
@@ -56,10 +56,9 @@
var ctx = res.runtime.getContext();
client.bindTo(ctx, 'authorizerTestService/auth').then(function(service) {
service.call(ctx, 'foo').then(function(value) {
- assert.error(new Error('call should not have succeeded' + value));
+ assert.error(new Error('call should not have succeeded. res:' + value));
res.end(assert);
}).catch(function(err) {
- // We expect to get to the error case.
assert.ok(err);
res.end(assert);
});
diff --git a/test/unit/test-blessings-cache.js b/test/unit/test-blessings-cache.js
new file mode 100644
index 0000000..1999e3c
--- /dev/null
+++ b/test/unit/test-blessings-cache.js
@@ -0,0 +1,337 @@
+// Copyright 2015 The Vanadium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+var test = require('prova');
+var BlessingsCache = require('../../src/security/blessings-cache');
+var principal =
+ require('../../src/gen-vdl/v.io/x/ref/services/wspr/internal/principal');
+
+test('Blessing cache - add before use', function(t) {
+ var blessingsA = {
+ publicKey: 'A'
+ };
+ var messages = [
+ {
+ type: 'add',
+ value: {
+ cacheId: 1,
+ blessings: blessingsA
+ }
+ },
+ {
+ type: 'blessingsFromId',
+ cacheId: 1,
+ expected: blessingsA
+ }
+ ];
+
+ testCache(t, messages);
+});
+
+test('Blessing cache - add after use', function(t) {
+ var blessingsA = {
+ publicKey: 'A'
+ };
+ var messages = [
+ {
+ type: 'blessingsFromId',
+ cacheId: 1,
+ expected: blessingsA
+ },
+ {
+ type: 'add',
+ value: {
+ cacheId: 1,
+ blessings: blessingsA
+ },
+ dontWaitPrevious: true
+ }
+ ];
+
+ testCache(t, messages);
+});
+
+test('Blessing cache - delete after add', function(t) {
+ var blessingsA = {
+ publicKey: 'A'
+ };
+ var messages = [
+ {
+ type: 'add',
+ value: {
+ cacheId: 1,
+ blessings: blessingsA
+ }
+ },
+ {
+ type: 'delete',
+ value: {
+ cacheId: 1,
+ deleteAfter: 0
+ },
+ },
+ {
+ type: 'confirmDelete',
+ cacheId: 1
+ }
+ ];
+
+ testCache(t, messages);
+});
+
+test('Blessing cache - reference counting delete', function(t) {
+ var blessingsA = {
+ publicKey: 'A'
+ };
+ var messages = [
+ {
+ type: 'add',
+ value: {
+ cacheId: 1,
+ blessings: blessingsA
+ }
+ },
+ {
+ type: 'delete',
+ value: {
+ cacheId: 1,
+ deleteAfter: 2
+ },
+ },
+ {
+ type: 'blessingsFromId',
+ cacheId: 1,
+ expected: blessingsA
+ },
+ {
+ type: 'blessingsFromId',
+ cacheId: 1,
+ expected: blessingsA
+ },
+ {
+ type: 'confirmDelete',
+ cacheId: 1
+ }
+ ];
+
+ testCache(t, messages);
+});
+
+test('Blessing cache - add after delete', function(t) {
+ var blessingsA = {
+ publicKey: 'A'
+ };
+ var messages = [
+ {
+ type: 'delete',
+ value: {
+ cacheId: 1,
+ deleteAfter: 1
+ },
+ },
+ {
+ type: 'add',
+ value: {
+ cacheId: 1,
+ blessings: blessingsA
+ }
+ },
+ {
+ type: 'blessingsFromId',
+ cacheId: 1,
+ expected: blessingsA
+ },
+ {
+ type: 'confirmDelete',
+ cacheId: 1
+ }
+ ];
+
+ testCache(t, messages);
+});
+
+test('Blessing cache - multiple entries', function(t) {
+ var blessingsA = {
+ publicKey: 'A'
+ };
+ var blessingsB = {
+ publicKey: 'B'
+ };
+ var blessingsC = {
+ publicKey: 'C'
+ };
+ var messages = [
+ {
+ type: 'add',
+ value: {
+ cacheId: 1,
+ blessings: blessingsA
+ }
+ },
+ {
+ type: 'add',
+ value: {
+ cacheId: 2,
+ blessings: blessingsB
+ }
+ },
+ {
+ type: 'blessingsFromId',
+ cacheId: 2,
+ expected: blessingsB
+ },
+ {
+ type: 'blessingsFromId',
+ cacheId: 1,
+ expected: blessingsA
+ },
+ {
+ type: 'delete',
+ value: {
+ cacheId: 1,
+ deleteAfter: 1
+ },
+ },
+ {
+ type: 'confirmDelete',
+ cacheId: 1
+ },
+ {
+ type: 'add',
+ value: {
+ cacheId: 3,
+ blessings: blessingsC
+ }
+ },
+ {
+ type: 'delete',
+ value: {
+ cacheId: 2,
+ deleteAfter: 3
+ },
+ },
+ {
+ type: 'blessingsFromId',
+ cacheId: 2,
+ expected: blessingsB
+ },
+ {
+ type: 'blessingsFromId',
+ cacheId: 3,
+ expected: blessingsC
+ },
+ {
+ type: 'delete',
+ value: {
+ cacheId: 3,
+ deleteAfter: 1
+ },
+ },
+ {
+ type: 'confirmDelete',
+ cacheId: 3
+ },
+ {
+ type: 'blessingsFromId',
+ cacheId: 2,
+ expected: blessingsB
+ },
+ {
+ type: 'confirmDelete',
+ cacheId: 2
+ }
+ ];
+
+ testCache(t, messages);
+});
+
+test('Blessing cache handles typed BlessingsId objects', function(t) {
+ var blessingsA = {
+ publicKey: 'A'
+ };
+ var messages = [
+ {
+ type: 'add',
+ value: {
+ cacheId: 1,
+ blessings: blessingsA
+ }
+ },
+ {
+ type: 'blessingsFromId',
+ cacheId: new principal.BlessingsId(1),
+ expected: blessingsA
+ }
+ ];
+
+ testCache(t, messages);
+});
+
+test('Blessing cache handles zero blessing id', function(t) {
+ var messages = [
+ {
+ type: 'blessingsFromId',
+ cacheId: new principal.BlessingsId(0),
+ expected: null
+ }
+ ];
+
+ testCache(t, messages);
+});
+
+/**
+ * Tests the cache by handling a sequence of messages.
+ * @private
+ */
+function testCache(t, messages) {
+ var cache = new BlessingsCache();
+ var promises = [];
+ messages.forEach(function(message, index) {
+ // Wait for the previous messages to finish unless dontWaitPrevious is
+ // specified.
+ var preCondPromise = Promise.all(promises);
+ if (message.dontWaitPrevious) {
+ preCondPromise = Promise.resolve();
+ }
+
+ var result = preCondPromise.then(function() {
+ return handleCacheTestMessage(t, cache, message, index);
+ }).catch(function(err) {
+ t.fail('Error in message ' + index + ': ' + err);
+ });
+ promises.push(result);
+ });
+
+ // Wait for all promises to complete.
+ Promise.all(promises).then(function() {
+ t.end();
+ }).catch(function(err) {
+ t.end(err);
+ });
+}
+
+function handleCacheTestMessage(t, cache, message, index) {
+ if (message.type === 'add') {
+ var addMsg = new principal.BlessingsCacheAddMessage(message.value);
+ return cache.addBlessings(addMsg);
+ } else if (message.type === 'delete') {
+ var delMsg = new principal.BlessingsCacheDeleteMessage(message.value);
+ return cache.deleteBlessings(delMsg);
+ } else if (message.type === 'confirmDelete') {
+ t.ok(cache._entries, 'Entries table should exist');
+ t.notOk(message.cacheId in cache._entries,
+ 'Cache entry not deleted correctly on message ' + index);
+ } else if (message.type === 'blessingsFromId') {
+ return cache.blessingsFromId(message.cacheId).then(function(blessings) {
+ var expected = null;
+ if (message.expected !== null) {
+ expected = new principal.JsBlessings(message.expected);
+ }
+ t.deepEqual(blessings, expected,
+ 'Should get expected blessings on message ' + index);
+ });
+ } else {
+ throw new Error('unknown message type');
+ }
+}
diff --git a/test/unit/test-caveat-validator-registry.js b/test/unit/test-caveat-validator-registry.js
index 67fbf9d..f43a275 100644
--- a/test/unit/test-caveat-validator-registry.js
+++ b/test/unit/test-caveat-validator-registry.js
@@ -6,13 +6,12 @@
var CaveatValidatorRegistry =
require('../../src/security/caveat-validator-registry');
var context = require('../../src/context');
-var SecurityCall = require('../../src/security/call');
var caveats = require('../../src/security/caveats');
var testCaveats = require('../vdl-out/javascript-test/security/caveat');
function getMockSecurityCall() {
- return new SecurityCall({
+ return {
method: '',
suffix: '',
methodTags: [],
@@ -28,9 +27,7 @@
remoteBlessingStrings: [],
localEndpoint: '',
remoteEndpoint: ''
- },
- null, // controller
- context.Context());
+ };
}
diff --git a/test/unit/test-standard-caveat-validators.js b/test/unit/test-standard-caveat-validators.js
index 0285090..41e545e 100644
--- a/test/unit/test-standard-caveat-validators.js
+++ b/test/unit/test-standard-caveat-validators.js
@@ -8,12 +8,11 @@
var caveats = require('../../src/security/caveats');
var vdlSecurity = require('../../src/gen-vdl/v.io/v23/security');
var context = require('../../src/context');
-var SecurityCall = require('../../src/security/call');
var Time = require('../../src/gen-vdl/v.io/v23/vdlroot/time').Time;
var vdl = require('../../src/vdl');
function getMockSecurityCall() {
- return new SecurityCall({
+ return {
method: 'aMethod', // only field currently used
suffix: '',
methodTags: [],
@@ -29,9 +28,7 @@
remoteBlessingStrings: [],
localEndpoint: '',
remoteEndpoint: ''
- },
- null, // controller
- context.Context());
+ };
}
function assertValidation(t, cavType, val, cb) {
