Principal Service: Add support for multiple user accounts

services/vanadium/security/principal.go

Index: services/vanadium/security/principal.go
diff --git a/services/vanadium/security/principal.go b/services/vanadium/security/principal.go
new file mode 100644
index 0000000000000000000000000000000000000000..c0e9bf265aa7e73f68aec04bd5f5a3460e7d8fb1
--- /dev/null
+++ b/services/vanadium/security/principal.go
@@ -0,0 +1,71 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+package main
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"fmt"
+	"reflect"
+	"sync"
+
+	vpkg "mojo/services/vanadium/security/interfaces/principal"
+)
+
+type principal struct {
+	private *ecdsa.PrivateKey
+	mu      sync.Mutex
+	users   []vpkg.User // GUARDED_BY(mu)
+	curr    *vpkg.User  // GUARDED_BY(mu)
+}
+
+func (p *principal) publicKey() publicKey {
+	return newECDSAPublicKey(&p.private.PublicKey)
+}
+
+func (p *principal) getUsers() ([]vpkg.User, *vpkg.User) {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+	var users []vpkg.User
+	for _, user := range p.users {
+		users = append(users, user)
+	}
+	return users, p.curr
+}
+
+func (p *principal) addUser(user vpkg.User) {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+	p.users = append(p.users, user)
+	p.curr = &user
+}
+
+func (p *principal) setCurrentUser(user vpkg.User) (err *string) {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+	for _, u := range p.users {
+		if !reflect.DeepEqual(u, user) {
+			str := fmt.Sprintf("User %v does not exist", user)
+			return &str
+		}
+	}
+	p.curr = &user
+	return
+}
+
+func (p *principal) unsetCurrentUser() {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+	p.curr = nil
+}
+
+func newPrincipal() (*principal, error) {
+	priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		return nil, err
+	}
+	return &principal{private: priv}, nil
+}