Minor fixes

README.md

@@ -119,3 +119,13 @@ Alice can now grant permissions to bob using the names that the company created:
 wrote attestation: att_GyDe_hk7nBWHft3m61dzYa3-iHorXCDxRc0MZxRMX8NFmw==.pem
 published attestation
 ```
+
+And bob can prove that, after he names the company as well:
+
+```
+./wv name --attester bob company.namespace acme
+name "acme" -> "GyBIOr311-I6UE_9T0lYIoIZsLZaSWRWyuz8SJsrUJs3vw==" created successfully
+./wv rtprove --subject bob superapp.acme:read@acme/foo
+Perspective graph sync complete
+wrote proof: proof_2018-07-25T16:33:01-07:00.pem
+```

cli/actions.go

@@ -623,6 +623,32 @@ func getPerspective(file string, passphrase string, msg string) *pb.Perspective
 func actionRTProve(c *cli.Context) error {
 	conn := getConn(c)
 	perspective := getPerspective(c.String("subject"), c.String("passphrase"), "missing subject entity secrets")
+
+	if !c.Bool("skipsync") {
+		resp, err := conn.ResyncPerspectiveGraph(context.Background(), &pb.ResyncPerspectiveGraphParams{
+			Perspective: perspective,
+		})
+		if err != nil {
+			fmt.Printf("error: %v\n", err)
+			os.Exit(1)
+		}
+		if resp.Error != nil {
+			fmt.Printf("error: %v\n", resp.Error.Message)
+			os.Exit(1)
+		}
+		srv, err := conn.WaitForSyncComplete(context.Background(), &pb.SyncParams{
+			Perspective: perspective,
+		})
+		for {
+			rv, err := srv.Recv()
+			if err == io.EOF {
+				break
+			}
+			fmt.Printf("Synchronized %d/%d entities\n", rv.CompletedSyncs, rv.TotalSyncRequests)
+		}
+		fmt.Printf("Perspective graph sync complete\n")
+	}
+
 	statements := []*pb.RTreePolicyStatement{}
 	var namespace []byte
 	if len(c.Args()) == 0 {
@@ -690,30 +716,7 @@ func actionRTProve(c *cli.Context) error {
 		RtreeNamespace: namespace,
 		Statements:     statements,
 	}
-	if !c.Bool("skipsync") {
-		resp, err := conn.ResyncPerspectiveGraph(context.Background(), &pb.ResyncPerspectiveGraphParams{
-			Perspective: perspective,
-		})
-		if err != nil {
-			fmt.Printf("error: %v\n", err)
-			os.Exit(1)
-		}
-		if resp.Error != nil {
-			fmt.Printf("error: %v\n", resp.Error.Message)
-			os.Exit(1)
-		}
-		srv, err := conn.WaitForSyncComplete(context.Background(), &pb.SyncParams{
-			Perspective: perspective,
-		})
-		for {
-			rv, err := srv.Recv()
-			if err == io.EOF {
-				break
-			}
-			fmt.Printf("Synchronized %d/%d entities\n", rv.CompletedSyncs, rv.TotalSyncRequests)
-		}
-		fmt.Printf("Perspective graph sync complete\n")
-	}
+
 	resp, err := conn.BuildRTreeProof(context.Background(), params)
 	if err != nil {
 		fmt.Printf("error: %v\n", err)

eapi/pbconversions.go

@@ -6,7 +6,6 @@ import (
 	"encoding/pem"
 	"time"
 
-	"github.com/davecgh/go-spew/spew"
 	"github.com/immesys/wave/eapi/pb"
 	"github.com/immesys/wave/engine"
 	"github.com/immesys/wave/iapi"
@@ -64,7 +63,6 @@ func ConvertNDWVal(nd *iapi.NameDeclaration, v *engine.Validity) *pb.NameDeclara
 		Validity:         ndv,
 	}
 	if nd.WR1Extra != nil {
-		spew.Dump(nd.WR1Extra)
 		rv.Namespace = nd.WR1Extra.Namespace.Multihash()
 		rv.NamespaceLocation = ToPbLocation(nd.WR1Extra.NamespaceLocation)
 		rv.Partition = nd.WR1Extra.Partition

engine/states.go

@@ -3,7 +3,6 @@ package engine
 import (
 	"bytes"
 	"context"
-	"fmt"
 	"runtime"
 	"strconv"
 
@@ -190,7 +189,7 @@ type attOrND struct {
 }
 
 func (e *Engine) movePendingToLabelledAndActive(dest *iapi.Entity) (err error) {
-	fmt.Printf("MPLA 0\n")
+	//fmt.Printf("MPLA 0\n")
 	var targetIndex int
 	isdirect := bytes.Equal(dest.Keccak256(), e.perspective.Entity.Keccak256())
 	okay, targetIndex, err := e.ws.GetEntityPartitionLabelKeyIndexP(e.ctx, dest.Keccak256HI())
@@ -205,7 +204,7 @@ func (e *Engine) movePendingToLabelledAndActive(dest *iapi.Entity) (err error) {
 	subctx, cancel := context.WithCancel(e.ctx)
 	defer cancel()
 	//fmt.Printf("targetindex: %v\n", targetIndex)
-	fmt.Printf("MPLA 1\n")
+	//fmt.Printf("MPLA 1\n")
 	//fmt.Printf("subj MPLA: %x\n", dest.Keccak256HI())
 	getTargetIndex := targetIndex
 	if isdirect {
@@ -240,9 +239,9 @@ func (e *Engine) movePendingToLabelledAndActive(dest *iapi.Entity) (err error) {
 	}()
 
 	for res := range todo {
-		fmt.Printf("MPLA 2\n")
+		//fmt.Printf("MPLA 2\n")
 		if res.Err != nil {
-			fmt.Printf("MPLA 2.5 %v\n", res.Err)
+			//fmt.Printf("MPLA 2.5 %v\n", res.Err)
 			return res.Err
 		}
 		sidx := *res.LabelKeyIndex
@@ -253,7 +252,7 @@ func (e *Engine) movePendingToLabelledAndActive(dest *iapi.Entity) (err error) {
 				var serr error
 				secret, serr = e.ws.GetPartitionLabelKeyP(subctx, dest.Keccak256HI(), sidx)
 				if serr != nil {
-					fmt.Printf("MPLA 2.8 %v\n", serr)
+					//fmt.Printf("MPLA 2.8 %v\n", serr)
 					return serr
 				}
 				if secret == nil {
@@ -263,12 +262,12 @@ func (e *Engine) movePendingToLabelledAndActive(dest *iapi.Entity) (err error) {
 			}
 			sidx++
 		}
-		fmt.Printf("MPLA 3\n")
+		//fmt.Printf("MPLA 3\n")
 		dctx := NewEngineDecryptionContext(e)
 		dctx.SetPartitionSecrets(secretCache)
-		fmt.Printf("MPLA 3.4\n")
+		//fmt.Printf("MPLA 3.4\n")
 		e.partitionMutex.Lock()
-		fmt.Printf("MPLA 3.5\n")
+		//fmt.Printf("MPLA 3.5\n")
 		if res.A != nil {
 			//When we parse the attestation here, it is for a given set of
 			//partition keys available in the engine. The keys can't change because
@@ -282,7 +281,7 @@ func (e *Engine) movePendingToLabelledAndActive(dest *iapi.Entity) (err error) {
 				panic(err)
 			}
 
-			fmt.Printf("MPLA 4\n")
+			//fmt.Printf("MPLA 4\n")
 			//The dot will either
 			// stay pending
 			// move to labelled
@@ -312,7 +311,7 @@ func (e *Engine) movePendingToLabelledAndActive(dest *iapi.Entity) (err error) {
 				//fmt.Printf("<MPLA 6\n")
 				continue
 			}
-			fmt.Printf("MPLA 7\n")
+			//fmt.Printf("MPLA 7\n")
 			if _, ok := rpa.ExtraInfo.(*iapi.WR1Extra); ok {
 				//This is a WR1 dot that has been labelled, transition to labelled
 				//fmt.Printf("moving the att to labelled\n")
@@ -326,9 +325,6 @@ func (e *Engine) movePendingToLabelledAndActive(dest *iapi.Entity) (err error) {
 				//fails
 				e.partitionMutex.Unlock()
 				continue
-			} else {
-				_, ok := rpa.ExtraInfo.(*iapi.WR1Extra)
-				fmt.Printf("NO WR1EXTRA, BUT %v\n", ok)
 			}
 			e.partitionMutex.Unlock()
 			//This attestation failed to decrypt at all
@@ -342,7 +338,7 @@ func (e *Engine) movePendingToLabelledAndActive(dest *iapi.Entity) (err error) {
 			continue
 		} //this is an attestation
 		if res.N != nil {
-			fmt.Printf("parsing ND again in lab->active\n")
+			//fmt.Printf("parsing ND again in lab->active\n")
 			rpn, err := iapi.ParseNameDeclaration(subctx, &iapi.PParseNameDeclaration{
 				NameDeclaration: res.N,
 				Dctx:            dctx,
@@ -351,7 +347,7 @@ func (e *Engine) movePendingToLabelledAndActive(dest *iapi.Entity) (err error) {
 				panic(err)
 			}
 			if rpn.IsMalformed {
-				fmt.Printf("MPLA 5\n")
+				//fmt.Printf("MPLA 5\n")
 				if err := e.ws.MoveNameDeclarationMalformedP(e.ctx, res.N.Keccak256HI()); err != nil {
 					return err
 				}
@@ -360,16 +356,14 @@ func (e *Engine) movePendingToLabelledAndActive(dest *iapi.Entity) (err error) {
 			}
 			if rpn.Result.Decoded() {
 				e.partitionMutex.Unlock()
-				fmt.Printf("ND decoded\n")
+				//fmt.Printf("ND decoded\n")
 
 				err := e.insertActiveNameDeclaration(e.ctx, res.N)
 				if err != nil {
 					return err
 				}
 
 				continue
-			} else {
-				fmt.Printf("ND not decoded\n")
 			}
 			if rpn.Result.WR1Extra != nil && rpn.Result.WR1Extra.Partition != nil {
 				//It has been labelled
@@ -393,7 +387,7 @@ func (e *Engine) movePendingToLabelledAndActive(dest *iapi.Entity) (err error) {
 		}
 		//ND
 	} //next pending attestation
-	fmt.Printf("MPLA X\n")
+	//fmt.Printf("MPLA X\n")
 	return nil
 }
 

engine/validate.go

@@ -30,9 +30,6 @@ func (e *Engine) checkAttestationAndSave(ctx context.Context, d *iapi.Attestatio
 	if err != nil {
 		return false, err
 	}
-	//spew.Dump(d)
-	//spew.Dump(attesterh)
-	//spew.Dump(attloc)
 	attester, srcvalid, err := e.LookupEntity(ctx, attesterh, attloc)
 	if err != nil {
 		return false, err
@@ -42,8 +39,6 @@ func (e *Engine) checkAttestationAndSave(ctx context.Context, d *iapi.Attestatio
 		return false, err
 	}
 	subjecth, subjloc := d.Subject()
-	//spew.Dump(subjecth)
-	//spew.Dump(subjloc)
 	subject, dstvalid, err := e.LookupEntity(ctx, subjecth, subjloc)
 	if err != nil {
 		return false, err

iapi/policyscheme.go

@@ -180,10 +180,10 @@ next:
 	rv.SerdesForm = serdes.RTreePolicy{
 		Namespace: lhs.SerdesForm.Namespace,
 	}
-	if lhs.SerdesForm.Indirections < rhs.SerdesForm.Indirections {
+	if lhs.SerdesForm.Indirections <= rhs.SerdesForm.Indirections {
 		rv.SerdesForm.Indirections = lhs.SerdesForm.Indirections - 1
 	} else {
-		rv.SerdesForm.Indirections = rhs.SerdesForm.Indirections - 1
+		rv.SerdesForm.Indirections = rhs.SerdesForm.Indirections
 	}
 	rv.SerdesForm.Statements = dedup_statements
 

iapi/wr1partition.go

@@ -6,14 +6,12 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/davecgh/go-spew/spew"
 	"github.com/immesys/wave/serdes"
 	"github.com/immesys/wave/wve"
 )
 
 func CalculateWR1Partition(validFrom time.Time, validUntil time.Time, userPrefix [][]byte) ([][]byte, wve.WVE) {
 	if len(userPrefix) > 12 {
-		spew.Dump(userPrefix)
 		return nil, wve.Err(wve.InvalidParameter, "user prefix partition must be < 12 elements")
 	}
 	tiers := WR1PartitionTiers

policyutils/rtree/rtreebuilder.go

@@ -5,6 +5,7 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/davecgh/go-spew/spew"
 	"github.com/immesys/wave/engine"
 	"github.com/immesys/wave/iapi"
 )
@@ -218,11 +219,14 @@ func (s *Solution) Policy() *iapi.RTreePolicy {
 		pol := &lpol
 		for _, el := range path[1:] {
 			rhs := iapi.RTreePolicy(*el.Policy)
-			result, okay, _, err := pol.Intersect(&rhs)
+			result, okay, msg, err := pol.Intersect(&rhs)
 			if err != nil {
 				panic(err)
 			}
 			if !okay {
+				spew.Dump(pol)
+				spew.Dump(rhs)
+				spew.Dump(msg)
 				//fmt.Printf("msg: %v %v\n", msg, err)
 				panic("we should not be here")
 			}