Fix vet

Author: arjan-bal

experimental/credentials/credentials_test.go

@@ -41,22 +41,6 @@ func Test(t *testing.T) {
 	grpctest.RunSubTests(t, s{})
 }
 
-// A struct that implements AuthInfo interface but does not implement GetCommonAuthInfo() method.
-type testAuthInfoNoGetCommonAuthInfoMethod struct{}
-
-func (ta testAuthInfoNoGetCommonAuthInfoMethod) AuthType() string {
-	return "testAuthInfoNoGetCommonAuthInfoMethod"
-}
-
-// A struct that implements AuthInfo interface and implements CommonAuthInfo() method.
-type testAuthInfo struct {
-	credentials.CommonAuthInfo
-}
-
-func (ta testAuthInfo) AuthType() string {
-	return "testAuthInfo"
-}
-
 func (s) TestTLSOverrideServerName(t *testing.T) {
 	expectedServerName := "server.name"
 	c := NewTLSWithALPNDisabled(nil)
@@ -157,8 +141,8 @@ func compare(a1, a2 credentials.AuthInfo) bool {
 	}
 	switch a1.AuthType() {
 	case "tls":
-		state1 := a1.(TLSInfo).State
-		state2 := a2.(TLSInfo).State
+		state1 := a1.(credentials.TLSInfo).State
+		state2 := a2.(credentials.TLSInfo).State
 		if state1.Version == state2.Version &&
 			state1.HandshakeComplete == state2.HandshakeComplete &&
 			state1.CipherSuite == state2.CipherSuite &&
@@ -255,7 +239,7 @@ func tlsServerHandshake(conn net.Conn) (credentials.AuthInfo, error) {
 	if err != nil {
 		return nil, err
 	}
-	return TLSInfo{State: serverConn.ConnectionState(), CommonAuthInfo: credentials.CommonAuthInfo{SecurityLevel: credentials.PrivacyAndIntegrity}}, nil
+	return credentials.TLSInfo{State: serverConn.ConnectionState(), CommonAuthInfo: credentials.CommonAuthInfo{SecurityLevel: credentials.PrivacyAndIntegrity}}, nil
 }
 
 func tlsClientHandshake(conn net.Conn, _ string) (credentials.AuthInfo, error) {
@@ -264,5 +248,5 @@ func tlsClientHandshake(conn net.Conn, _ string) (credentials.AuthInfo, error) {
 	if err := clientConn.Handshake(); err != nil {
 		return nil, err
 	}
-	return TLSInfo{State: clientConn.ConnectionState(), CommonAuthInfo: credentials.CommonAuthInfo{SecurityLevel: credentials.PrivacyAndIntegrity}}, nil
+	return credentials.TLSInfo{State: clientConn.ConnectionState(), CommonAuthInfo: credentials.CommonAuthInfo{SecurityLevel: credentials.PrivacyAndIntegrity}}, nil
 }

experimental/credentials/internal/spiffe.go

@@ -16,7 +16,7 @@
  *
  */
 
-// Package credentials defines APIs for parsing SPIFFE ID.
+// Package internal defines APIs for parsing SPIFFE ID.
 //
 // All APIs in this package are experimental.
 package internal

experimental/credentials/tls.go

@@ -16,6 +16,7 @@
  *
  */
 
+// Package credentials contains experimental TLS credentials.
 package credentials
 
 import (
@@ -24,58 +25,13 @@ import (
 	"crypto/x509"
 	"fmt"
 	"net"
-	"net/url"
 	"os"
 
 	"golang.org/x/net/http2"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/experimental/credentials/internal"
-	"google.golang.org/grpc/grpclog"
 )
 
-var logger = grpclog.Component("credentials")
-
-// TLSInfo contains the auth information for a TLS authenticated connection.
-// It implements the AuthInfo interface.
-type TLSInfo struct {
-	State tls.ConnectionState
-	credentials.CommonAuthInfo
-	// This API is experimental.
-	SPIFFEID *url.URL
-}
-
-// AuthType returns the type of TLSInfo as a string.
-func (t TLSInfo) AuthType() string {
-	return "tls"
-}
-
-// cipherSuiteLookup returns the string version of a TLS cipher suite ID.
-func cipherSuiteLookup(cipherSuiteID uint16) string {
-	for _, s := range tls.CipherSuites() {
-		if s.ID == cipherSuiteID {
-			return s.Name
-		}
-	}
-	for _, s := range tls.InsecureCipherSuites() {
-		if s.ID == cipherSuiteID {
-			return s.Name
-		}
-	}
-	return fmt.Sprintf("unknown ID: %v", cipherSuiteID)
-}
-
-// GetSecurityValue returns security info requested by channelz.
-func (t TLSInfo) GetSecurityValue() credentials.ChannelzSecurityValue {
-	v := &TLSChannelzSecurityValue{
-		StandardName: cipherSuiteLookup(t.State.CipherSuite),
-	}
-	// Currently there's no way to get LocalCertificate info from tls package.
-	if len(t.State.PeerCertificates) > 0 {
-		v.RemoteCertificate = t.State.PeerCertificates[0].Raw
-	}
-	return v
-}
-
 // tlsCreds is the credentials required for authenticating a connection using TLS.
 type tlsCreds struct {
 	// TLS configuration
@@ -118,7 +74,7 @@ func (c *tlsCreds) ClientHandshake(ctx context.Context, authority string, rawCon
 		return nil, nil, ctx.Err()
 	}
 
-	tlsInfo := TLSInfo{
+	tlsInfo := credentials.TLSInfo{
 		State: conn.ConnectionState(),
 		CommonAuthInfo: credentials.CommonAuthInfo{
 			SecurityLevel: credentials.PrivacyAndIntegrity,
@@ -138,7 +94,7 @@ func (c *tlsCreds) ServerHandshake(rawConn net.Conn) (net.Conn, credentials.Auth
 		return nil, nil, err
 	}
 	cs := conn.ConnectionState()
-	tlsInfo := TLSInfo{
+	tlsInfo := credentials.TLSInfo{
 		State: cs,
 		CommonAuthInfo: credentials.CommonAuthInfo{
 			SecurityLevel: credentials.PrivacyAndIntegrity,
@@ -245,20 +201,6 @@ func NewServerTLSFromFileWithALPNDisabled(certFile, keyFile string) (credentials
 	return NewTLSWithALPNDisabled(&tls.Config{Certificates: []tls.Certificate{cert}}), nil
 }
 
-// TLSChannelzSecurityValue defines the struct that TLS protocol should return
-// from GetSecurityValue(), containing security info like cipher and certificate used.
-//
-// # Experimental
-//
-// Notice: This type is EXPERIMENTAL and may be changed or removed in a
-// later release.
-type TLSChannelzSecurityValue struct {
-	credentials.ChannelzSecurityValue
-	StandardName      string
-	LocalCertificate  []byte
-	RemoteCertificate []byte
-}
-
 // cloneTLSConfig returns a shallow clone of the exported
 // fields of cfg, ignoring the unexported sync.Once, which
 // contains a mutex and must not be copied.