Principal Service: Add support for multiple user accounts

services/vanadium/security/conventions.go

Index: services/vanadium/security/conventions.go
diff --git a/services/vanadium/security/conventions.go b/services/vanadium/security/conventions.go
new file mode 100644
index 0000000000000000000000000000000000000000..481495cf100017e0897dbecc12baa459480709f6
--- /dev/null
+++ b/services/vanadium/security/conventions.go
@@ -0,0 +1,54 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+package main
+
+import (
+	"fmt"
+	"strings"
+
+	vpkg "mojo/services/vanadium/security/interfaces/principal"
+)
+
+const chainSeparator = "/"
+
+// TODO(ataly): This is a hack! We should implement the security.BlessingNames
+// function from the Vanadium API.
+func name(chain []certificate) string {
+	if len(chain) == 0 {
+		return ""
+	}
+	name := chain[0].Extension
+	for i := 1; i < len(chain); i++ {
+		name = name + chainSeparator + chain[i].Extension
+	}
+	return name
+}
+
+// userIdFromBlessing return a user identifier corresponding to a user
+// blessing chain in 'b', or nil if no such blessing chain exists.
+func userIdFromBlessings(b *wireBlessings) (vpkg.UserId, error) {
+	var (
+		rejected []string
+		empty    vpkg.UserId
+	)
+	for _, chain := range b.CertificateChains {
+		n := name(chain)
+		// n is valid OAuth2 token based blessing name iff
+		// n is of the form "dev.v.io/u/<clientID>/<email>"
+		parts := strings.Split(n, chainSeparator)
+		if len(parts) != 4 {
+			rejected = append(rejected, n)
+			continue
+		}
+		if (parts[0] != "dev.v.io") || (parts[1] != "u") {
+			rejected = append(rejected, n)
+			continue
+		}
+		// We assume that parts[2] must be the client id, and parts[3]
+		// must be the email.
+		return vpkg.UserId{Email: parts[3]}, nil
+	}
+	return empty, fmt.Errorf("the set of blessings (%v) obtained from the Vanadium identity provider does not contain any user blessing chain", rejected)
+}