Beispiel #1
0
func (g *granter) Grant(ctx *context.T, call security.Call) (security.Blessings, error) {
	// Verify that the remote end's blessings encapsulates the
	// same user identity as g.user.
	remoteBlessingNames, _ := security.RemoteBlessingNames(ctx, call)
	authorized := false
	for _, b := range remoteBlessingNames {
		if vUser(b) == g.user {
			authorized = true
		}
	}
	if !authorized {
		return security.Blessings{}, fmt.Errorf("remote end presented blessings %v, want a blessing for user %v", remoteBlessingNames, g.user)
	}

	peerPattern := security.BlessingPattern(g.lockName)
	onlyThisLockCav, err := security.NewCaveat(security.PeerBlessingsCaveat, []security.BlessingPattern{peerPattern})
	if err != nil {
		return security.Blessings{}, fmt.Errorf("failed to create peer blessings caveat for key: %v", err)
	}

	caveats := []security.Caveat{onlyThisLockCav}
	if g.expiry != 0 {
		expiryCav, err := security.NewExpiryCaveat(time.Now().Add(g.expiry))
		if err != nil {
			return security.Blessings{}, fmt.Errorf("failed to create expiration caveat for key: %v", err)
		}
		caveats = append(caveats, expiryCav)
	}
	return call.LocalPrincipal().Bless(call.RemoteBlessings().PublicKey(), g.key, g.category, caveats[0], caveats[1:]...)
}
Beispiel #2
0
func (r *recvKeyService) Grant(ctx *context.T, call rpc.ServerCall, lockName string) error {
	key := call.GrantedBlessings()
	remoteBlessingNames, _ := security.RemoteBlessingNames(ctx, call.Security())

	fmt.Printf("Received key %v for lock %v from user %v\n", key, lockName, vUser(remoteBlessingNames...))
	if !r.confirmRecvKey() {
		return NewErrKeyRejected(ctx, fmt.Sprintf("%v", key), lockName)
	}

	if err := saveKeyForLock(ctx, key, lockName); err != nil {
		return verror.Convert(verror.ErrInternal, ctx, err)
	}
	fmt.Println("Key successfully saved")
	r.notify <- nil
	return nil
}
Beispiel #3
0
func (nm *networkManager) Invite(ctx *context.T, call rpc.ServerCall) error {
	inviter := call.RemoteEndpoint().Name()
	response := make(chan error)
	nm.inviteRPCs <- Invitation{
		Name:      inviter,
		Color:     selectColor(call.Security().RemoteBlessings().PublicKey()),
		Response:  response,
		Withdrawn: ctx.Done(),
	}
	if err := <-response; err != nil {
		return err
	}
	blessings, rejected := security.RemoteBlessingNames(ctx, call.Security())
	ctx.Infof("Accepted invitation from %v@%v (rejected blessings: %v)", blessings, inviter, rejected)
	return nil
}
Beispiel #4
0
func (nm *networkManager) Give(ctx *context.T, call rpc.ServerCall, t spec.Triangle) error {
	if ctx.V(3) {
		blessings, rejected := security.RemoteBlessingNames(ctx, call.Security())
		ctx.Infof("Took a triangle from %v@%v (rejected blessings: %v)", blessings, call.RemoteEndpoint().Name(), rejected)
	}
	// Transform from sender's coordinates to our coordinates.
	// The assumption is that if the triangle was to the left of the
	// sender's coordinate system, then it will appear on our right and
	// vice-versa.
	switch {
	case t.X < -1:
		t.X += 2
	case t.X > 1:
		t.X -= 2
	}
	nm.myScreen <- &t
	return nil
}
Beispiel #5
0
//export Java_io_v_v23_security_VSecurity_nativeGetRemoteBlessingNames
func Java_io_v_v23_security_VSecurity_nativeGetRemoteBlessingNames(jenv *C.JNIEnv, jVSecurityClass C.jclass, jCtx C.jobject, jCall C.jobject) C.jobjectArray {
	env := jutil.Env(uintptr(unsafe.Pointer(jenv)))
	ctx, _, err := jcontext.GoContext(env, jutil.Object(uintptr(unsafe.Pointer(jCtx))))
	if err != nil {
		jutil.JThrowV(env, err)
		return nil
	}
	call, err := GoCall(env, jutil.Object(uintptr(unsafe.Pointer(jCall))))
	if err != nil {
		jutil.JThrowV(env, err)
		return nil
	}
	blessingStrs, _ := security.RemoteBlessingNames(ctx, call)
	jArr, err := jutil.JStringArray(env, blessingStrs)
	if err != nil {
		jutil.JThrowV(env, err)
		return nil
	}
	return C.jobjectArray(unsafe.Pointer(jArr))
}
Beispiel #6
0
func (l *lockImpl) Status(ctx *context.T, call rpc.ServerCall) (lock.LockStatus, error) {
	remoteBlessingNames, _ := security.RemoteBlessingNames(ctx, call.Security())
	vlog.Infof("Status called by %q", remoteBlessingNames)
	return l.hw.Status(), nil
}
Beispiel #7
0
func (l *lockImpl) Unlock(ctx *context.T, call rpc.ServerCall) error {
	remoteBlessingNames, _ := security.RemoteBlessingNames(ctx, call.Security())
	vlog.Infof("Unlock called by %q", remoteBlessingNames)
	return l.hw.SetStatus(lock.Unlocked)
}