Principal Service: Add support for multiple user accounts

services/vanadium/security/principal_service.go

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 package main
 
 import (
-        "crypto/ecdsa"
         "encoding/base64"
         "encoding/json"
         "fmt"
         "log"
         "net/url"
         "sync"
 
         "mojo/public/go/application"
         "mojo/public/go/bindings"
         "mojo/public/go/system"
         "mojo/public/interfaces/network/url_request"
         auth "mojo/services/authentication/interfaces/authentication"
         network "mojo/services/network/interfaces/network_service"
         "mojo/services/network/interfaces/url_loader"
         vpkg "mojo/services/vanadium/security/interfaces/principal"
 )
 
 //#include "mojo/public/c/system/types.h"
 import "C"
 
-const blesserURL = "https://dev.v.io/auth/google/bless"
+const (
+        blesserURL   = "https://dev.v.io/auth/google/bless"
+        tokenInfoURL = "https://www.googleapis.com/oauth2/v1/tokeninfo"

[ukode, 2015/10/22 20:19:01]

Is this URL right. I thought they moved to v2 or v3
(https://www.googleapis.com/oauth2/v3/tokeninfo) for the latest iteration.

[ataly, 2015/10/23 21:14:53]

Oh yes, thanks for pointing this out. At the moment, I am not invoking tokenInfo
so I got rid of this const. I obtain the email address from the blessing
obtained from the Vanadium IDP.

[ukode, 2015/10/23 22:45:43]

Thanks for the clean up.

+)
 
 type principalServiceImpl struct {
         app vpkg.AppInstanceName
         psd *principalServiceDelegate
 }
 
-func (pImpl *principalServiceImpl) Login() (*vpkg.Blessing, error) {
-        if b := pImpl.psd.getBlessing(pImpl.app); b != nil {
-                // The app has already logged in.
-                return b, nil
+func (pImpl *principalServiceImpl) Login() (*vpkg.UserId, error) {
+        p, err := pImpl.psd.initPrincipal(pImpl.app)
+        if err != nil {
+                return nil, err
         }
 
         token, err := pImpl.psd.getOAuth2Token()
         if err != nil {
                 return nil, err
         }
 
-        pub, priv, err := newPrincipalKey()
+        blessings, err := pImpl.psd.getBlessings(token, p.publicKey())
         if err != nil {
                 return nil, err
         }
 
-        wb, err := pImpl.psd.fetchWireBlessings(token, pub)
+        id, err := userIdFromBlessings(blessings)
         if err != nil {
                 return nil, err
         }
 
-        pImpl.psd.addPrincipal(pImpl.app, &principal{wb, priv})
+        p.addUser(id, blessings)
+        return &id, nil
+}
+
+func (pImpl *principalServiceImpl) GetUsers() ([]vpkg.UserId, *vpkg.UserId, error) {
+        if p := pImpl.psd.principal(pImpl.app); p != nil {
+                users, curr := p.users()
+                return users, curr, nil
+        }
+        return nil, nil, fmt.Errorf("no principal available for app %v", pImpl.app)
+}
+
+func (pImpl *principalServiceImpl) SetCurrentUser(id vpkg.UserId) (*string, error) {
+        if p := pImpl.psd.principal(pImpl.app); p != nil {
+                return p.setCurrentUser(id), nil
+        }
+        str := fmt.Sprintf("no principal available for app %v; please invoke Login()", pImpl.app)
+        return &str, nil
+}
+
+func (pImpl *principalServiceImpl) Logout() (err error) {
+        if p := pImpl.psd.principal(pImpl.app); p != nil {
+                p.unsetCurrentUser()
+        }
+        return nil
+}
+
+func (pImpl *principalServiceImpl) GetUserBlessing(app *vpkg.AppInstanceName) (*vpkg.Blessing, error) {
+        if app == nil {
+                app = &pImpl.app
+        }
+        p := pImpl.psd.principal(*app)
+        if p == nil {
+                return nil, fmt.Errorf("no principal available for app %v", pImpl.app)
+        }
+        wb := p.currentBlessing()
+        if wb == nil {
+                return nil, fmt.Errorf("no blessing available for app %v", pImpl.app)
+        }
         return newBlessing(wb), nil
 }
 
-func (pImpl *principalServiceImpl) Logout() (err error) {
-        pImpl.psd.deletePrincipal(pImpl.app)
-        return
-}
-
-func (pImpl *principalServiceImpl) GetUserBlessing(app vpkg.AppInstanceName) (*vpkg.Blessing, error) {
-        return pImpl.psd.getBlessing(app), nil
-}
-
 func (pImpl *principalServiceImpl) Create(req vpkg.PrincipalService_Request) {
         stub := vpkg.NewPrincipalServiceStub(req, pImpl, bindings.GetAsyncWaiter())
         pImpl.psd.addStubForCleanup(stub)
         go func() {
                 for {
                         if err := stub.ServeRequest(); err != nil {
                                 connectionError, ok := err.(*bindings.ConnectionError)
                                 if !ok || !connectionError.Closed() {
                                         log.Println(err)
                                 }
                                 break
                         }
                 }
         }()
 }
 
-type principal struct {
-        blessing *wireBlessings
-        private  *ecdsa.PrivateKey
-}
-
 type principalServiceDelegate struct {
-        table map[vpkg.AppInstanceName]*principal
-        Ctx   application.Context
-        mu    sync.Mutex
-        stubs []*bindings.Stub
+        Ctx        application.Context
+        mu         sync.Mutex
+        stubs      []*bindings.Stub                    // GUARDED_BY(mu)
+        principals map[vpkg.AppInstanceName]*principal // GUARDED_BY(mu)
 }
 
 func (psd *principalServiceDelegate) Initialize(context application.Context) {
-        psd.table = make(map[vpkg.AppInstanceName]*principal)
+        psd.principals = make(map[vpkg.AppInstanceName]*principal)
         psd.Ctx = context
 }
 
 func (psd *principalServiceDelegate) AcceptConnection(connection *application.Connection) {
         app := vpkg.AppInstanceName{
                 Url:       connection.RequestorURL(),
                 Qualifier: nil,
         }
         connection.ProvideServices(&vpkg.PrincipalService_ServiceFactory{&principalServiceImpl{app, psd}})
 }
 
 func (psd *principalServiceDelegate) addStubForCleanup(stub *bindings.Stub) {
         psd.mu.Lock()
         defer psd.mu.Unlock()
         psd.stubs = append(psd.stubs, stub)
 }
 
+func (psd *principalServiceDelegate) principal(app vpkg.AppInstanceName) *principal {
+        psd.mu.Lock()
+        defer psd.mu.Unlock()
+        return psd.principals[app]
+}
+
+func (psd *principalServiceDelegate) initPrincipal(app vpkg.AppInstanceName) (*principal, error) {
+        psd.mu.Lock()
+        defer psd.mu.Unlock()
+        if p, ok := psd.principals[app]; ok {
+                return p, nil
+        }
+        p, err := newPrincipal()
+        if err != nil {
+                return nil, err
+        }
+        psd.principals[app] = p
+        return p, nil
+}
+
 func (psd *principalServiceDelegate) getOAuth2Token() (string, error) {
         authReq, authPtr := auth.CreateMessagePipeForAuthenticationService()
         psd.Ctx.ConnectToApplication("mojo:authentication").ConnectToService(&authReq)
         authProxy := auth.NewAuthenticationServiceProxy(authPtr, bindings.GetAsyncWaiter())
 
         name, errString, _ := authProxy.SelectAccount(false /*return_last_selected*/)
         if name == nil {
-                return "", fmt.Errorf("Failed to select an account for user:%s", errString)
+                return "", fmt.Errorf("failed to select an account for user:%s", errString)
         }
-
         token, errString, _ := authProxy.GetOAuth2Token(*name, []string{"email"})
         if token == nil {
-                return "", fmt.Errorf("Failed to obtain OAuth2 token for selected account:%s", errString)
+                return "", fmt.Errorf("failed to obtain OAuth2 token for selected account:%s", errString)
         }
         return *token, nil
 }
 
-func (psd *principalServiceDelegate) fetchWireBlessings(token string, pub publicKey) (*wireBlessings, error) {
+func (psd *principalServiceDelegate) getBlessings(token string, pub publicKey) (*wireBlessings, error) {
         networkReq, networkPtr := network.CreateMessagePipeForNetworkService()
         psd.Ctx.ConnectToApplication("mojo:network_service").ConnectToService(&networkReq)
         networkProxy := network.NewNetworkServiceProxy(networkPtr, bindings.GetAsyncWaiter())
 
         urlLoaderReq, urlLoaderPtr := url_loader.CreateMessagePipeForUrlLoader()
         if err := networkProxy.CreateUrlLoader(urlLoaderReq); err != nil {
-                return nil, fmt.Errorf("Failed to create url loader: %v", err)
+                return nil, fmt.Errorf("failed to create url loader: %v", err)
         }
-        urlLoaderProxy := url_loader.NewUrlLoaderProxy(urlLoaderPtr, bindings.GetAsyncWaiter())
+        urlLoader := url_loader.NewUrlLoaderProxy(urlLoaderPtr, bindings.GetAsyncWaiter())
 
         req, err := blessingRequestURL(token, pub)
         if err != nil {
                 return nil, err
         }
 
-        resp, err := urlLoaderProxy.Start(*req)
+        resp, err := urlLoader.Start(*req)
         if err != nil || resp.Error != nil {
-                return nil, fmt.Errorf("Blessings request to Vanadium Identity Provider failed: %v(%v)", err, resp.Error)
+                return nil, fmt.Errorf("blessings request to Vanadium Identity Provider failed: %v(%v)", err, resp.Error)
         }
 
         res, b := (*resp.Body).ReadData(system.MOJO_READ_DATA_FLAG_ALL_OR_NONE)
         if res != system.MOJO_RESULT_OK {
-                return nil, fmt.Errorf("Failed to read response (blessings) from Vanadium Identity Provider. Result: %v", res)
+                return nil, fmt.Errorf("failed to read response (blessings) from Vanadium Identity Provider. Result: %v", res)
         }
 
         var wb wireBlessings
         if err := json.Unmarshal(b, &wb); err != nil {
-                return nil, fmt.Errorf("Failed to unmarshal response (blessings) from Vanadium Identity Provider: %v", err)
+                return nil, fmt.Errorf("failed to unmarshal response (blessings) from Vanadium Identity Provider: %v", err)
         }
-        // TODO(ataly, gauthamt): We should verify all signatures on the certificate chains in the
-        // wire blessings to ensure that it was not tampered with.
+
+        // TODO(ataly, gauthamt): We should verify all signatures on the certificate
+        // chains in the wire blessings to ensure that it was not tampered with.
         return &wb, nil
 }
 
-func (psd *principalServiceDelegate) addPrincipal(app vpkg.AppInstanceName, p *principal) {
-        psd.mu.Lock()
-        defer psd.mu.Unlock()
-        psd.table[app] = p
-}
-
-func (psd *principalServiceDelegate) getBlessing(app vpkg.AppInstanceName) *vpkg.Blessing {
-        psd.mu.Lock()
-        defer psd.mu.Unlock()
-        if p, ok := psd.table[app]; ok {
-                return newBlessing(p.blessing)
-        }
-        return nil
-}
-
-func (psd *principalServiceDelegate) deletePrincipal(app vpkg.AppInstanceName) {
-        psd.mu.Lock()
-        defer psd.mu.Unlock()
-        delete(psd.table, app)
-}
-
 func (psd *principalServiceDelegate) Quit() {
         psd.mu.Lock()
         defer psd.mu.Unlock()
         for _, stub := range psd.stubs {
                 stub.Close()
         }
 }
 
 func blessingRequestURL(token string, pub publicKey) (*url_request.UrlRequest, error) {
         baseURL, err := url.Parse(blesserURL)
@@ skipping 16 matching lines @@
 }
 
 //export MojoMain
 func MojoMain(handle C.MojoHandle) C.MojoResult {
         application.Run(&principalServiceDelegate{}, system.MojoHandle(handle))
         return C.MOJO_RESULT_OK
 }
 
 func main() {
 }