示例#1
0
func CreateObject(l *list.List, newId, protectorId *protected_objects.ObjectIdMessage,
	encKey *tao.Keys, program *auth.Prin, domain *tao.Domain, newType string,
	newVal []byte) error {

	if !domain.Guard.IsAuthorized(*program, "CREATE", []string{protectorId.String()}) {
		return errors.New("program not authorized to create requested secret")
	}

	_, _, err := readObjRec(l, encKey, newId)
	if err == nil {
		return errors.New("creating object with existing id")
	}

	protectorType, protectorKey, err := readObjRec(l, encKey, protectorId)
	if err != nil {
		return err
	}
	if *protectorType != "key" {
		return errors.New("creating object protected by object type not key")
	}

	new := protected_objects.ObjectMessage{
		ObjId:   newId,
		ObjVal:  newVal,
		ObjType: &newType}
	pNew, err := protected_objects.MakeProtectedObject(new, *protectorId.ObjName,
		*protectorId.ObjEpoch, protectorKey)

	l.PushFront(*pNew)
	return nil
}
示例#2
0
func ReadObject(l *list.List, encKey *tao.Keys, id *protected_objects.ObjectIdMessage,
	program *auth.Prin, domain *tao.Domain) (*string, []byte, error) {

	if !domain.Guard.IsAuthorized(*program, "READ", []string{id.String()}) {
		return nil, nil, errors.New("program not authorized to read requested secret")
	}
	return readObjRec(l, encKey, id)
}
示例#3
0
func DeleteObject(l *list.List, id *protected_objects.ObjectIdMessage, program *auth.Prin,
	domain *tao.Domain) error {

	if !domain.Guard.IsAuthorized(*program, "DELETE", []string{id.String()}) {
		return errors.New("program not authorized to delete requested secret")
	}

	element := protected_objects.FindElementById(l, *id.ObjName, *id.ObjEpoch)
	if element == nil {
		return errors.New("object to be deleted not found")
	}
	l.Remove(element)
	return nil
}
示例#4
0
func WriteObject(l *list.List, encKey *tao.Keys, id *protected_objects.ObjectIdMessage,
	program *auth.Prin, domain *tao.Domain, newType string,
	newVal []byte) error {

	if !domain.Guard.IsAuthorized(*program, "WRITE", []string{id.String()}) {
		return errors.New("program not authorized to write requested secret")
	}

	element := protected_objects.FindElementById(l, *id.ObjName, *id.ObjEpoch)
	if element == nil {
		return errors.New("attemtping to write non-existant object")
	}
	pOld := element.Value.(protected_objects.ProtectedObjectMessage)
	parentId := pOld.ProtectorObjId
	if parentId == nil {
		return errors.New("attempting to write root key")
	}
	parentType, parentKey, err := readObjRec(l, encKey, parentId)
	if err != nil {
		return err
	}
	if *parentType != "key" {
		return errors.New("parent of object to be written is not a key")
	}
	new := protected_objects.ObjectMessage{
		ObjId:   id,
		ObjVal:  newVal,
		ObjType: &newType}
	pNew, err := protected_objects.MakeProtectedObject(new, *parentId.ObjName,
		*parentId.ObjEpoch, parentKey)
	if err != nil {
		return errors.New("can not make protected object")
	}
	element.Value = *pNew
	return nil
}