Principal Service: Add support for multiple user accounts

services/vanadium/security/principal.go

+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+package main
+
+import (
+        "crypto/ecdsa"
+        "crypto/elliptic"
+        "crypto/rand"
+        "fmt"
+        "reflect"
+        "sync"
+
+        vpkg "mojo/services/vanadium/security/interfaces/principal"
+)
+
+type principal struct {
+        private *ecdsa.PrivateKey
+        mu      sync.Mutex
+        users   []vpkg.User // GUARDED_BY(mu)
+        curr    *vpkg.User  // GUARDED_BY(mu)
+}
+
+func (p *principal) publicKey() publicKey {
+        return newECDSAPublicKey(&p.private.PublicKey)
+}
+
+func (p *principal) getUsers() ([]vpkg.User, *vpkg.User) {

[ashankar, 2015/10/30 02:24:13]

Just "users()"
(the "get" prefix is not idiomatic in go:
https://golang.org/doc/effective_go.html#Getters)

[ataly, 2015/11/04 00:24:30]

Done.

+        p.mu.Lock()
+        defer p.mu.Unlock()
+        var users []vpkg.User
+        for _, user := range p.users {

[ashankar, 2015/10/30 02:24:13]

How about:
users := make([]vpkg.User, len(p.users))
copy(users, p.users)
return users, p.curr

[ataly, 2015/11/04 00:24:30]

Done.

+                users = append(users, user)
+        }
+        return users, p.curr
+}
+
+func (p *principal) addUser(user vpkg.User) {
+        p.mu.Lock()
+        defer p.mu.Unlock()
+        p.users = append(p.users, user)
+        p.curr = &user
+}
+
+func (p *principal) setCurrentUser(user vpkg.User) (err *string) {

[ashankar, 2015/10/30 02:24:13]

Why (err *string) instead of "err error"?

[ataly, 2015/11/04 00:24:30]

Mojom does not support an error type. My understanding is that whenever a
service wants to return an error, it should stringify it and return it as an
explicit return value. See the "SelectAccount" method in this Mojom interface
for example:
https://github.com/domokit/mojo/blob/15a59a82d9e5e7ee4157f082e53ca92026ee8d1a...

(The error return values that we see in this file are only in the Go generated
code. The errors are simply logged and not returned to the client.) 

In this particular case, I feel that it is important to send a reason for
failure to the client so I added an explicit error return value.

+        p.mu.Lock()
+        defer p.mu.Unlock()
+        for _, u := range p.users {
+                if !reflect.DeepEqual(u, user) {
+                        str := fmt.Sprintf("User %v does not exist", user)
+                        return &str
+                }
+        }
+        p.curr = &user
+        return
+}
+
+func (p *principal) unsetCurrentUser() {

[ashankar, 2015/10/30 02:24:13]

clearCurrentUser?

[ataly, 2015/11/04 00:24:30]

Done.

+        p.mu.Lock()
+        defer p.mu.Unlock()
+        p.curr = nil
+}
+
+func newPrincipal() (*principal, error) {
+        priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+        if err != nil {
+                return nil, err
+        }
+        return &principal{private: priv}, nil
+}