Initial skeletal implementation of the PrincipalService. Also, use the Login()/GetUserBlessing()

mojo/services/vanadium/security/public/interfaces/principal.mojom

Index: mojo/services/vanadium/security/public/interfaces/principal.mojom
diff --git a/mojo/services/vanadium/security/public/interfaces/principal.mojom b/mojo/services/vanadium/security/public/interfaces/principal.mojom
new file mode 100644
index 0000000000000000000000000000000000000000..1ee2ef1d791dd280ad1ec2a5a9bca869158b9328
--- /dev/null
+++ b/mojo/services/vanadium/security/public/interfaces/principal.mojom
@@ -0,0 +1,70 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+module mojo;
+
+// Represents the name of an application. |url| is the url of the
+// application. |qualifier| is a string that allows to tie a specific
+// instance of an application to another. 
+struct AppInstanceName {

[jamesr, 2015/08/11 21:55:08]

this doesn't appear to be used anywhere.  Where is the information about which
app is running supposed to come from?  The shell has an idea of the identity of
each piece of code in the system and provides it in the Connect..() call, but
I'm not sure if that is exactly what this wants to get.

[gauthamt, 2015/08/11 22:21:20]

This is used to in the bank example. A service would use this to identify the
app that is requesting a connection and can ask the PrincipalService to return
the user identity associated with the AppInstance (if that app had called
Login).

+  string url;
+  string? qualifier;
+};
+
+// Signature represents a digital signature of a message.
+struct Signature {
+   // Purpose of the signature. Can be used to prevent type attacks.
+   // The actual signature (R, S values for ECDSA keys) is produced by signing
+   // Hash(Hash(message), Hash(Purpose)).
+   array<uint8> purpose;
+   // Cryptographic hash function applied to the message before computing
+   // the signature.
+   enum Hash {
+    SHA1Hash = 1,
+    SHA256Hash,
+    SHA384Hash,
+    SHA512Hash,
+   };
+   Hash hash;
+   // Pair of integers that make up an ECDSA signature
+   array<uint8> r;
+   array<uint8> s;
+};
+
+// Certificate represents a human-readable name and public-key pair. The private-key
+// for a certificate is only available for signing operations within the principal
+// service application.
+struct Certificate {
+   string extension;
+   array<uint8>? publickey;
+};
+
+// Blessing is a credential binding a user identity to a public key. The corresponding
+// private key is only available for signing within the PrincipalService application.
+struct Blessing {
+   array<Certificate> chain;
+};
+
+// A service that binds user identities to an application instance running in Mojo
+interface PrincipalService {
+  // Login is called by an application instance (requestor_url/qualifier) that
+  // wants to get a user blessing. The service may obtain the user blessing
+  // through a third-party authentication flow (eg:oauth2). The user blessing
+  // is bound to a public/private key-pair that this service generates and
+  // persists for this application instance. Returns null if login fails.
+  Login() => (Blessing? user_blessing);
+
+  // Removes the user blessing for the application instance that invokes the
+  // Logout method.
+  Logout();
+
+  // Sign returns a signature on the message using the private key that is
+  // persisted for this application instance.
+  Sign(array<uint8> message) => (Signature? signature);
+
+  // GetUserBlessing returns the user blessing for a given application instance.
+  // It returns an error if the application instance has not invoked Login().
+  GetUserBlessing(AppInstanceName app) => (Blessing? user_blessing);
+};
+