Initial skeletal implementation of the PrincipalService. Also, use the Login()/GetUserBlessing()

mojo/services/vanadium/security/public/interfaces/principal.mojom

+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+module mojo;

[jamesr, 2015/08/17 21:38:22]

i think this should go in a 'vanadium' module or some other clarifying name.
it's premature (imo) to grab the namespace mojo.Signature / mojo.AppInstanceName
/ mojo.Certificate, etc

[gautham, 2015/08/18 01:54:21]

Done.

+
+// Represents the name of an application. |url| is the url of the
+// application. |qualifier| is a string that allows to tie a specific
+// instance of an application to another. 
+struct AppInstanceName {
+  string url;
+  string? qualifier;
+};
+
+// Signature represents a digital signature of a message.

[jamesr, 2015/08/17 21:38:22]

could you leave out the Signature and other concepts that aren't being used yet
from this patch? it'll be a lot easier to review the APIs with an example caller
and callee to look at and (from what I can see) nothing in this patch uses
Signature in any way

[gautham, 2015/08/18 01:54:22]

Done.

+struct Signature {
+   // Purpose of the signature. Can be used to prevent type attacks.
+   // The actual signature (R, S values for ECDSA keys) is produced by signing
+   // Hash(Hash(message), Hash(Purpose)).
+   array<uint8> purpose;
+   // Cryptographic hash function applied to the message before computing
+   // the signature.
+   enum Hash {
+    SHA1Hash = 1,
+    SHA256Hash,
+    SHA384Hash,
+    SHA512Hash,
+   };
+   Hash hash;
+   // Pair of integers that make up an ECDSA signature
+   array<uint8> r;
+   array<uint8> s;
+};
+
+// Certificate represents a human-readable name and public-key pair. The private-key
+// for a certificate is only available for signing operations within the principal
+// service application.
+struct Certificate {
+   string extension;
+   array<uint8>? publickey;
+};
+
+// Blessing is a credential binding a user identity to a public key. The corresponding
+// private key is only available for signing within the PrincipalService application.
+struct Blessing {
+   array<Certificate> chain;
+};
+
+// A service that binds user identities to an application instance running in Mojo
+interface PrincipalService {
+  // Login is called by an application instance (requestor_url/qualifier) that
+  // wants to get a user blessing. The service may obtain the user blessing
+  // through a third-party authentication flow (eg:oauth2). The user blessing
+  // is bound to a public/private key-pair that this service generates and
+  // persists for this application instance. Returns null if login fails.
+  Login() => (Blessing? user_blessing);
+
+  // Removes the user blessing for the application instance that invokes the
+  // Logout method.
+  Logout();
+
+  // Sign returns a signature on the message using the private key that is
+  // persisted for this application instance.
+  Sign(array<uint8> message) => (Signature? signature);
+
+  // GetUserBlessing returns the user blessing for a given application instance.
+  // It returns an error if the application instance has not invoked Login().
+  GetUserBlessing(AppInstanceName app) => (Blessing? user_blessing);
+};
+