func (g *granter) Grant(ctx *context.T, call security.Call) (security.Blessings, error) { // Verify that the remote end's blessings encapsulates the // same user identity as g.user. remoteBlessingNames, _ := security.RemoteBlessingNames(ctx, call) authorized := false for _, b := range remoteBlessingNames { if vUser(b) == g.user { authorized = true } } if !authorized { return security.Blessings{}, fmt.Errorf("remote end presented blessings %v, want a blessing for user %v", remoteBlessingNames, g.user) } peerPattern := security.BlessingPattern(g.lockName) onlyThisLockCav, err := security.NewCaveat(security.PeerBlessingsCaveat, []security.BlessingPattern{peerPattern}) if err != nil { return security.Blessings{}, fmt.Errorf("failed to create peer blessings caveat for key: %v", err) } caveats := []security.Caveat{onlyThisLockCav} if g.expiry != 0 { expiryCav, err := security.NewExpiryCaveat(time.Now().Add(g.expiry)) if err != nil { return security.Blessings{}, fmt.Errorf("failed to create expiration caveat for key: %v", err) } caveats = append(caveats, expiryCav) } return call.LocalPrincipal().Bless(call.RemoteBlessings().PublicKey(), g.key, g.category, caveats[0], caveats[1:]...) }
func (r *recvKeyService) Grant(ctx *context.T, call rpc.ServerCall, lockName string) error { key := call.GrantedBlessings() remoteBlessingNames, _ := security.RemoteBlessingNames(ctx, call.Security()) fmt.Printf("Received key %v for lock %v from user %v\n", key, lockName, vUser(remoteBlessingNames...)) if !r.confirmRecvKey() { return NewErrKeyRejected(ctx, fmt.Sprintf("%v", key), lockName) } if err := saveKeyForLock(ctx, key, lockName); err != nil { return verror.Convert(verror.ErrInternal, ctx, err) } fmt.Println("Key successfully saved") r.notify <- nil return nil }
func (nm *networkManager) Invite(ctx *context.T, call rpc.ServerCall) error { inviter := call.RemoteEndpoint().Name() response := make(chan error) nm.inviteRPCs <- Invitation{ Name: inviter, Color: selectColor(call.Security().RemoteBlessings().PublicKey()), Response: response, Withdrawn: ctx.Done(), } if err := <-response; err != nil { return err } blessings, rejected := security.RemoteBlessingNames(ctx, call.Security()) ctx.Infof("Accepted invitation from %v@%v (rejected blessings: %v)", blessings, inviter, rejected) return nil }
func (nm *networkManager) Give(ctx *context.T, call rpc.ServerCall, t spec.Triangle) error { if ctx.V(3) { blessings, rejected := security.RemoteBlessingNames(ctx, call.Security()) ctx.Infof("Took a triangle from %v@%v (rejected blessings: %v)", blessings, call.RemoteEndpoint().Name(), rejected) } // Transform from sender's coordinates to our coordinates. // The assumption is that if the triangle was to the left of the // sender's coordinate system, then it will appear on our right and // vice-versa. switch { case t.X < -1: t.X += 2 case t.X > 1: t.X -= 2 } nm.myScreen <- &t return nil }
//export Java_io_v_v23_security_VSecurity_nativeGetRemoteBlessingNames func Java_io_v_v23_security_VSecurity_nativeGetRemoteBlessingNames(jenv *C.JNIEnv, jVSecurityClass C.jclass, jCtx C.jobject, jCall C.jobject) C.jobjectArray { env := jutil.Env(uintptr(unsafe.Pointer(jenv))) ctx, _, err := jcontext.GoContext(env, jutil.Object(uintptr(unsafe.Pointer(jCtx)))) if err != nil { jutil.JThrowV(env, err) return nil } call, err := GoCall(env, jutil.Object(uintptr(unsafe.Pointer(jCall)))) if err != nil { jutil.JThrowV(env, err) return nil } blessingStrs, _ := security.RemoteBlessingNames(ctx, call) jArr, err := jutil.JStringArray(env, blessingStrs) if err != nil { jutil.JThrowV(env, err) return nil } return C.jobjectArray(unsafe.Pointer(jArr)) }
func (l *lockImpl) Status(ctx *context.T, call rpc.ServerCall) (lock.LockStatus, error) { remoteBlessingNames, _ := security.RemoteBlessingNames(ctx, call.Security()) vlog.Infof("Status called by %q", remoteBlessingNames) return l.hw.Status(), nil }
func (l *lockImpl) Unlock(ctx *context.T, call rpc.ServerCall) error { remoteBlessingNames, _ := security.RemoteBlessingNames(ctx, call.Security()) vlog.Infof("Unlock called by %q", remoteBlessingNames) return l.hw.SetStatus(lock.Unlocked) }