diff options
author | Tor Brede Vekterli <vekterli@yahooinc.com> | 2022-04-28 12:33:49 +0000 |
---|---|---|
committer | Tor Brede Vekterli <vekterli@yahooinc.com> | 2022-04-28 12:33:49 +0000 |
commit | 6ab50e267f997fdb94d1c349352a5c5a9d53aea9 (patch) | |
tree | 59e38083b2cf65102972ca89957c30636c8d4259 /vespalib | |
parent | a2a2a0a48d11979db706a0a3a638ec77fdffe71e (diff) |
Rename AuthorizationResult to VerificationResult
Diffstat (limited to 'vespalib')
-rw-r--r-- | vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp | 14 | ||||
-rw-r--r-- | vespalib/src/tests/net/tls/policy_checking_certificate_verifier/policy_checking_certificate_verifier_test.cpp | 16 | ||||
-rw-r--r-- | vespalib/src/vespa/vespalib/net/tls/CMakeLists.txt | 2 | ||||
-rw-r--r-- | vespalib/src/vespa/vespalib/net/tls/authorization_result.cpp | 62 | ||||
-rw-r--r-- | vespalib/src/vespa/vespalib/net/tls/certificate_verification_callback.h | 8 | ||||
-rw-r--r-- | vespalib/src/vespa/vespalib/net/tls/policy_checking_certificate_verifier.cpp | 10 | ||||
-rw-r--r-- | vespalib/src/vespa/vespalib/net/tls/verification_result.cpp | 62 | ||||
-rw-r--r-- | vespalib/src/vespa/vespalib/net/tls/verification_result.h (renamed from vespalib/src/vespa/vespalib/net/tls/authorization_result.h) | 28 |
8 files changed, 101 insertions, 101 deletions
diff --git a/vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp b/vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp index e20cd30c597..1de10939bea 100644 --- a/vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp +++ b/vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp @@ -535,35 +535,35 @@ struct CertFixture : Fixture { CertFixture::~CertFixture() = default; struct PrintingCertificateCallback : CertificateVerificationCallback { - AuthorizationResult verify(const PeerCredentials& peer_creds) const override { + VerificationResult verify(const PeerCredentials& peer_creds) const override { if (!peer_creds.common_name.empty()) { fprintf(stderr, "Got a CN: %s\n", peer_creds.common_name.c_str()); } for (auto& dns : peer_creds.dns_sans) { fprintf(stderr, "Got a DNS SAN entry: %s\n", dns.c_str()); } - return AuthorizationResult::make_authorized_for_all_roles(); + return VerificationResult::make_authorized_for_all_roles(); } }; // Single-use mock verifier struct MockCertificateCallback : CertificateVerificationCallback { mutable PeerCredentials creds; // only used in single thread testing context - AuthorizationResult verify(const PeerCredentials& peer_creds) const override { + VerificationResult verify(const PeerCredentials& peer_creds) const override { creds = peer_creds; - return AuthorizationResult::make_authorized_for_all_roles(); + return VerificationResult::make_authorized_for_all_roles(); } }; struct AlwaysFailVerifyCallback : CertificateVerificationCallback { - AuthorizationResult verify([[maybe_unused]] const PeerCredentials& peer_creds) const override { + VerificationResult verify([[maybe_unused]] const PeerCredentials& peer_creds) const override { fprintf(stderr, "Rejecting certificate, none shall pass!\n"); - return AuthorizationResult::make_not_authorized(); + return VerificationResult::make_not_authorized(); } }; struct ExceptionThrowingCallback : CertificateVerificationCallback { - AuthorizationResult verify([[maybe_unused]] const PeerCredentials& peer_creds) const override { + VerificationResult verify([[maybe_unused]] const PeerCredentials& peer_creds) const override { throw std::runtime_error("oh no what is going on"); } }; diff --git a/vespalib/src/tests/net/tls/policy_checking_certificate_verifier/policy_checking_certificate_verifier_test.cpp b/vespalib/src/tests/net/tls/policy_checking_certificate_verifier/policy_checking_certificate_verifier_test.cpp index 8c9e50f17b4..fa2bc1a2eaf 100644 --- a/vespalib/src/tests/net/tls/policy_checking_certificate_verifier/policy_checking_certificate_verifier_test.cpp +++ b/vespalib/src/tests/net/tls/policy_checking_certificate_verifier/policy_checking_certificate_verifier_test.cpp @@ -338,27 +338,27 @@ TEST("AssumedRolesBuilder builds union set of added roles") { EXPECT_EQUAL(roles, AssumedRoles::make_for_roles({"hello", "goodbye", "moon", "world"})); } -TEST("AuthorizationResult is not authorized by default") { - AuthorizationResult result; +TEST("VerificationResult is not authorized by default") { + VerificationResult result; EXPECT_FALSE(result.success()); EXPECT_TRUE(result.assumed_roles().empty()); } -TEST("AuthorizationResult can be explicitly created as not authorzed") { - auto result = AuthorizationResult::make_not_authorized(); +TEST("VerificationResult can be explicitly created as not authorized") { + auto result = VerificationResult::make_not_authorized(); EXPECT_FALSE(result.success()); EXPECT_TRUE(result.assumed_roles().empty()); } -TEST("AuthorizationResult can be pre-authorized for all roles") { - auto result = AuthorizationResult::make_authorized_for_all_roles(); +TEST("VerificationResult can be pre-authorized for all roles") { + auto result = VerificationResult::make_authorized_for_all_roles(); EXPECT_TRUE(result.success()); EXPECT_FALSE(result.assumed_roles().empty()); EXPECT_TRUE(result.assumed_roles().can_assume_role("foo")); } -TEST("AuthorizationResult can be pre-authorized for an explicit set of roles") { - auto result = AuthorizationResult::make_authorized_for_roles(AssumedRoles::make_for_roles({"elden", "ring"})); +TEST("VerificationResult can be pre-authorized for an explicit set of roles") { + auto result = VerificationResult::make_authorized_for_roles(AssumedRoles::make_for_roles({"elden", "ring"})); EXPECT_TRUE(result.success()); EXPECT_FALSE(result.assumed_roles().empty()); EXPECT_TRUE(result.assumed_roles().can_assume_role("elden")); diff --git a/vespalib/src/vespa/vespalib/net/tls/CMakeLists.txt b/vespalib/src/vespa/vespalib/net/tls/CMakeLists.txt index 424c2bd672f..a94d088b6a8 100644 --- a/vespalib/src/vespa/vespalib/net/tls/CMakeLists.txt +++ b/vespalib/src/vespa/vespalib/net/tls/CMakeLists.txt @@ -3,7 +3,6 @@ vespa_add_library(vespalib_vespalib_net_tls OBJECT SOURCES assumed_roles.cpp authorization_mode.cpp - authorization_result.cpp auto_reloading_tls_crypto_engine.cpp crypto_codec.cpp crypto_codec_adapter.cpp @@ -19,6 +18,7 @@ vespa_add_library(vespalib_vespalib_net_tls OBJECT tls_crypto_socket.cpp transport_security_options.cpp transport_security_options_reading.cpp + verification_result.cpp DEPENDS ) find_package(OpenSSL) diff --git a/vespalib/src/vespa/vespalib/net/tls/authorization_result.cpp b/vespalib/src/vespa/vespalib/net/tls/authorization_result.cpp deleted file mode 100644 index 069e971833c..00000000000 --- a/vespalib/src/vespa/vespalib/net/tls/authorization_result.cpp +++ /dev/null @@ -1,62 +0,0 @@ -// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. - -#include "authorization_result.h" -#include <vespa/vespalib/stllike/asciistream.h> -#include <ostream> - -namespace vespalib::net::tls { - -AuthorizationResult::AuthorizationResult() = default; - -AuthorizationResult::AuthorizationResult(AssumedRoles assumed_roles) - : _assumed_roles(std::move(assumed_roles)) -{} - -AuthorizationResult::AuthorizationResult(const AuthorizationResult&) = default; -AuthorizationResult& AuthorizationResult::operator=(const AuthorizationResult&) = default; -AuthorizationResult::AuthorizationResult(AuthorizationResult&&) noexcept = default; -AuthorizationResult& AuthorizationResult::operator=(AuthorizationResult&&) noexcept = default; -AuthorizationResult::~AuthorizationResult() = default; - -void AuthorizationResult::print(asciistream& os) const { - os << "AuthorizationResult("; - if (!success()) { - os << "NOT AUTHORIZED"; - } else { - os << _assumed_roles; - } - os << ')'; -} - -AuthorizationResult -AuthorizationResult::make_authorized_for_roles(AssumedRoles assumed_roles) { - return AuthorizationResult(std::move(assumed_roles)); -} - -AuthorizationResult -AuthorizationResult::make_authorized_for_all_roles() { - return AuthorizationResult(AssumedRoles::make_wildcard_role()); -} - -AuthorizationResult -AuthorizationResult::make_not_authorized() { - return {}; -} - -asciistream& operator<<(asciistream& os, const AuthorizationResult& res) { - res.print(os); - return os; -} - -std::ostream& operator<<(std::ostream& os, const AuthorizationResult& res) { - os << to_string(res); - return os; -} - -string to_string(const AuthorizationResult& res) { - asciistream os; - os << res; - return os.str(); -} - -} diff --git a/vespalib/src/vespa/vespalib/net/tls/certificate_verification_callback.h b/vespalib/src/vespa/vespalib/net/tls/certificate_verification_callback.h index 0c18ba1a789..f4d8d39206b 100644 --- a/vespalib/src/vespa/vespalib/net/tls/certificate_verification_callback.h +++ b/vespalib/src/vespa/vespalib/net/tls/certificate_verification_callback.h @@ -1,7 +1,7 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. #pragma once -#include "authorization_result.h" +#include "verification_result.h" #include "peer_credentials.h" namespace vespalib::net::tls { @@ -14,15 +14,15 @@ struct CertificateVerificationCallback { virtual ~CertificateVerificationCallback() = default; // Return true iff the peer credentials pass verification, false otherwise. // Must be thread safe. - [[nodiscard]] virtual AuthorizationResult verify(const PeerCredentials& peer_creds) const = 0; + [[nodiscard]] virtual VerificationResult verify(const PeerCredentials& peer_creds) const = 0; }; // Simplest possible certificate verification callback which accepts the certificate // iff all its pre-verification by OpenSSL has passed. This means its chain is valid // and it is signed by a trusted CA. struct AcceptAllPreVerifiedCertificates : CertificateVerificationCallback { - AuthorizationResult verify([[maybe_unused]] const PeerCredentials& peer_creds) const override { - return AuthorizationResult::make_authorized_for_all_roles(); // yolo + VerificationResult verify([[maybe_unused]] const PeerCredentials& peer_creds) const override { + return VerificationResult::make_authorized_for_all_roles(); // yolo } }; diff --git a/vespalib/src/vespa/vespalib/net/tls/policy_checking_certificate_verifier.cpp b/vespalib/src/vespa/vespalib/net/tls/policy_checking_certificate_verifier.cpp index 65e14434ff1..4018e20225e 100644 --- a/vespalib/src/vespa/vespalib/net/tls/policy_checking_certificate_verifier.cpp +++ b/vespalib/src/vespa/vespalib/net/tls/policy_checking_certificate_verifier.cpp @@ -61,7 +61,7 @@ public: ~PolicyConfiguredCertificateVerifier() override; - AuthorizationResult verify(const PeerCredentials& peer_creds) const override; + VerificationResult verify(const PeerCredentials& peer_creds) const override; }; PolicyConfiguredCertificateVerifier::PolicyConfiguredCertificateVerifier(AuthorizedPeers authorized_peers) noexcept @@ -69,9 +69,9 @@ PolicyConfiguredCertificateVerifier::PolicyConfiguredCertificateVerifier(Authori PolicyConfiguredCertificateVerifier::~PolicyConfiguredCertificateVerifier() = default; -AuthorizationResult PolicyConfiguredCertificateVerifier::verify(const PeerCredentials& peer_creds) const { +VerificationResult PolicyConfiguredCertificateVerifier::verify(const PeerCredentials& peer_creds) const { if (_authorized_peers.allows_all_authenticated()) { - return AuthorizationResult::make_authorized_for_all_roles(); + return VerificationResult::make_authorized_for_all_roles(); } AssumedRolesBuilder roles_builder; for (const auto& policy : _authorized_peers.peer_policies()) { @@ -80,9 +80,9 @@ AuthorizationResult PolicyConfiguredCertificateVerifier::verify(const PeerCreden } } if (!roles_builder.empty()) { - return AuthorizationResult::make_authorized_for_roles(roles_builder.build_with_move()); + return VerificationResult::make_authorized_for_roles(roles_builder.build_with_move()); } else { - return AuthorizationResult::make_not_authorized(); + return VerificationResult::make_not_authorized(); } } diff --git a/vespalib/src/vespa/vespalib/net/tls/verification_result.cpp b/vespalib/src/vespa/vespalib/net/tls/verification_result.cpp new file mode 100644 index 00000000000..e4833f59f47 --- /dev/null +++ b/vespalib/src/vespa/vespalib/net/tls/verification_result.cpp @@ -0,0 +1,62 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + +#include "verification_result.h" +#include <vespa/vespalib/stllike/asciistream.h> +#include <ostream> + +namespace vespalib::net::tls { + +VerificationResult::VerificationResult() = default; + +VerificationResult::VerificationResult(AssumedRoles assumed_roles) + : _assumed_roles(std::move(assumed_roles)) +{} + +VerificationResult::VerificationResult(const VerificationResult&) = default; +VerificationResult& VerificationResult::operator=(const VerificationResult&) = default; +VerificationResult::VerificationResult(VerificationResult&&) noexcept = default; +VerificationResult& VerificationResult::operator=(VerificationResult&&) noexcept = default; +VerificationResult::~VerificationResult() = default; + +void VerificationResult::print(asciistream& os) const { + os << "VerificationResult("; + if (!success()) { + os << "NOT AUTHORIZED"; + } else { + os << _assumed_roles; + } + os << ')'; +} + +VerificationResult +VerificationResult::make_authorized_for_roles(AssumedRoles assumed_roles) { + return VerificationResult(std::move(assumed_roles)); +} + +VerificationResult +VerificationResult::make_authorized_for_all_roles() { + return VerificationResult(AssumedRoles::make_wildcard_role()); +} + +VerificationResult +VerificationResult::make_not_authorized() { + return {}; +} + +asciistream& operator<<(asciistream& os, const VerificationResult& res) { + res.print(os); + return os; +} + +std::ostream& operator<<(std::ostream& os, const VerificationResult& res) { + os << to_string(res); + return os; +} + +string to_string(const VerificationResult& res) { + asciistream os; + os << res; + return os.str(); +} + +} diff --git a/vespalib/src/vespa/vespalib/net/tls/authorization_result.h b/vespalib/src/vespa/vespalib/net/tls/verification_result.h index b92bbbca9dd..2de89269ba4 100644 --- a/vespalib/src/vespa/vespalib/net/tls/authorization_result.h +++ b/vespalib/src/vespa/vespalib/net/tls/verification_result.h @@ -17,17 +17,17 @@ namespace vespalib::net::tls { * authorization rules. If no rules matched, the set will be empty. The role * set will also be empty for a default-constructed instance. */ -class AuthorizationResult { +class VerificationResult { AssumedRoles _assumed_roles; - explicit AuthorizationResult(AssumedRoles assumed_roles); + explicit VerificationResult(AssumedRoles assumed_roles); public: - AuthorizationResult(); - AuthorizationResult(const AuthorizationResult&); - AuthorizationResult& operator=(const AuthorizationResult&); - AuthorizationResult(AuthorizationResult&&) noexcept; - AuthorizationResult& operator=(AuthorizationResult&&) noexcept; - ~AuthorizationResult(); + VerificationResult(); + VerificationResult(const VerificationResult&); + VerificationResult& operator=(const VerificationResult&); + VerificationResult(VerificationResult&&) noexcept; + VerificationResult& operator=(VerificationResult&&) noexcept; + ~VerificationResult(); // Returns true iff at least one assumed role has been granted. [[nodiscard]] bool success() const noexcept { @@ -43,13 +43,13 @@ public: void print(asciistream& os) const; - static AuthorizationResult make_authorized_for_roles(AssumedRoles assumed_roles); - static AuthorizationResult make_authorized_for_all_roles(); - static AuthorizationResult make_not_authorized(); + static VerificationResult make_authorized_for_roles(AssumedRoles assumed_roles); + static VerificationResult make_authorized_for_all_roles(); + static VerificationResult make_not_authorized(); }; -asciistream& operator<<(asciistream&, const AuthorizationResult&); -std::ostream& operator<<(std::ostream&, const AuthorizationResult&); -string to_string(const AuthorizationResult&); +asciistream& operator<<(asciistream&, const VerificationResult&); +std::ostream& operator<<(std::ostream&, const VerificationResult&); +string to_string(const VerificationResult&); } |