kudu-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ale...@apache.org
Subject kudu git commit: [security] add WARN_UNUSED_RESULT where possible
Date Sat, 25 Feb 2017 03:38:19 GMT
Repository: kudu
Updated Branches:
  refs/heads/master 981c5e1ab -> ed2bc18de


[security] add WARN_UNUSED_RESULT where possible

A lot of our security code could fail in awful ways if return codes are
ignored. This commit adds WARN_UNUSED_RESULT where possible in all
security headers (I found virtual methods and free functions produced
compiler errors with the annotation). Luckily, only test code needed to
be fixed up.

Change-Id: Ie8f5a0aea10709640e6c15c63d28b44e5de0ec6d
Reviewed-on: http://gerrit.cloudera.org:8080/6139
Reviewed-by: Alexey Serbin <aserbin@cloudera.com>
Tested-by: Alexey Serbin <aserbin@cloudera.com>


Project: http://git-wip-us.apache.org/repos/asf/kudu/repo
Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/ed2bc18d
Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/ed2bc18d
Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/ed2bc18d

Branch: refs/heads/master
Commit: ed2bc18de1e7318b621bb957aaf6ffbc850ef1b8
Parents: 981c5e1
Author: Dan Burkert <danburkert@apache.org>
Authored: Fri Feb 24 11:03:27 2017 -0800
Committer: Alexey Serbin <aserbin@cloudera.com>
Committed: Sat Feb 25 03:37:12 2017 +0000

----------------------------------------------------------------------
 src/kudu/security/ca/cert_management-test.cc |  2 +-
 src/kudu/security/ca/cert_management.h       | 31 ++++++++++++-----------
 src/kudu/security/cert-test.cc               |  2 +-
 src/kudu/security/cert.h                     | 20 +++++++--------
 src/kudu/security/crypto-test.cc             |  6 ++---
 src/kudu/security/crypto.h                   | 24 +++++++++---------
 src/kudu/security/openssl_util.h             |  2 +-
 src/kudu/security/tls_context.h              | 21 +++++++--------
 src/kudu/security/tls_handshake-test.cc      |  8 +++---
 src/kudu/security/tls_handshake.h            | 10 ++++----
 src/kudu/security/token-test.cc              |  1 -
 src/kudu/security/token_signer.h             |  6 ++---
 src/kudu/security/token_signing_key.h        |  2 +-
 src/kudu/security/token_verifier.h           |  3 +--
 14 files changed, 68 insertions(+), 70 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/ca/cert_management-test.cc
----------------------------------------------------------------------
diff --git a/src/kudu/security/ca/cert_management-test.cc b/src/kudu/security/ca/cert_management-test.cc
index 6e00df5..d209f5f 100644
--- a/src/kudu/security/ca/cert_management-test.cc
+++ b/src/kudu/security/ca/cert_management-test.cc
@@ -104,7 +104,7 @@ TEST_F(CertManagementTest, RequestGeneratorBasics) {
   CertRequestGenerator gen(gen_config);
   ASSERT_OK(gen.Init());
   string key_str;
-  key.ToString(&key_str, DataFormat::PEM);
+  ASSERT_OK(key.ToString(&key_str, DataFormat::PEM));
   // Check for non-supported number of bits for the key.
   Status s = GeneratePrivateKey(7, &key);
   ASSERT_TRUE(s.IsRuntimeError());

http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/ca/cert_management.h
----------------------------------------------------------------------
diff --git a/src/kudu/security/ca/cert_management.h b/src/kudu/security/ca/cert_management.h
index 2f36efc..0121513 100644
--- a/src/kudu/security/ca/cert_management.h
+++ b/src/kudu/security/ca/cert_management.h
@@ -72,12 +72,13 @@ class CertRequestGeneratorBase {
 
   // Generate X509 CSR using the specified key. To obtain the key,
   // call the GeneratePrivateKey() function.
-  Status GenerateRequest(const PrivateKey& key, CertSignRequest* ret) const;
+  Status GenerateRequest(const PrivateKey& key, CertSignRequest* ret) const WARN_UNUSED_RESULT;
 
  protected:
   // Push the specified extension into the stack provided.
-  static Status PushExtension(stack_st_X509_EXTENSION* st, int32_t nid,
-                              StringPiece value);
+  static Status PushExtension(stack_st_X509_EXTENSION* st,
+                              int32_t nid,
+                              StringPiece value) WARN_UNUSED_RESULT;
   // Set the certificate-specific extensions into the specified request.
   virtual Status SetExtensions(X509_REQ* req) const = 0;
 
@@ -96,7 +97,7 @@ class CertRequestGenerator : public CertRequestGeneratorBase {
   explicit CertRequestGenerator(Config config);
   ~CertRequestGenerator();
 
-  Status Init() override;
+  Status Init() override WARN_UNUSED_RESULT;
   bool Initialized() const override;
 
   CertRequestGenerator& enable_self_signing() {
@@ -106,7 +107,7 @@ class CertRequestGenerator : public CertRequestGeneratorBase {
   }
 
  protected:
-  Status SetExtensions(X509_REQ* req) const override;
+  Status SetExtensions(X509_REQ* req) const override WARN_UNUSED_RESULT;
 
  private:
   stack_st_X509_EXTENSION* extensions_ = nullptr;
@@ -121,11 +122,11 @@ class CaCertRequestGenerator : public CertRequestGeneratorBase {
   explicit CaCertRequestGenerator(Config config);
   ~CaCertRequestGenerator();
 
-  Status Init() override;
+  Status Init() override WARN_UNUSED_RESULT;
   bool Initialized() const override;
 
  protected:
-  Status SetExtensions(X509_REQ* req) const override;
+  Status SetExtensions(X509_REQ* req) const override WARN_UNUSED_RESULT;
 
  private:
   stack_st_X509_EXTENSION* extensions_;
@@ -149,13 +150,13 @@ class CertSigner {
   static Status SelfSignCA(const PrivateKey& key,
                            CaCertRequestGenerator::Config config,
                            int64_t cert_expiration_seconds,
-                           Cert* cert);
+                           Cert* cert) WARN_UNUSED_RESULT;
 
   // Generate a self-signed certificate using the given key and CSR
   // configuration.
   static Status SelfSignCert(const PrivateKey& key,
                              CertRequestGenerator::Config config,
-                             Cert* cert);
+                             Cert* cert) WARN_UNUSED_RESULT;
 
   // Create a CertSigner.
   //
@@ -174,16 +175,16 @@ class CertSigner {
     return *this;
   }
 
-  Status Sign(const CertSignRequest& req, Cert* ret) const;
+  Status Sign(const CertSignRequest& req, Cert* ret) const WARN_UNUSED_RESULT;
 
  private:
 
-  static Status CopyExtensions(X509_REQ* req, X509* x);
-  static Status FillCertTemplateFromRequest(X509_REQ* req, X509* tmpl);
-  static Status DigestSign(const EVP_MD* md, EVP_PKEY* pkey, X509* x);
-  static Status GenerateSerial(c_unique_ptr<ASN1_INTEGER>* ret);
+  static Status CopyExtensions(X509_REQ* req, X509* x) WARN_UNUSED_RESULT;
+  static Status FillCertTemplateFromRequest(X509_REQ* req, X509* tmpl) WARN_UNUSED_RESULT;
+  static Status DigestSign(const EVP_MD* md, EVP_PKEY* pkey, X509* x) WARN_UNUSED_RESULT;
+  static Status GenerateSerial(c_unique_ptr<ASN1_INTEGER>* ret) WARN_UNUSED_RESULT;
 
-  Status DoSign(const EVP_MD* digest, int32_t exp_seconds, X509 *ret) const;
+  Status DoSign(const EVP_MD* digest, int32_t exp_seconds, X509 *ret) const WARN_UNUSED_RESULT;
 
   // The expiration interval of certs signed by this signer.
   int32_t exp_interval_sec_ = 24 * 60 * 60;

http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/cert-test.cc
----------------------------------------------------------------------
diff --git a/src/kudu/security/cert-test.cc b/src/kudu/security/cert-test.cc
index 2185a83..91774bd 100644
--- a/src/kudu/security/cert-test.cc
+++ b/src/kudu/security/cert-test.cc
@@ -64,7 +64,7 @@ class CertTest : public KuduTest {
 TEST_F(CertTest, CertInputOutputPEM) {
   const Cert& cert = ca_cert_;
   string cert_str;
-  cert.ToString(&cert_str, DataFormat::PEM);
+  ASSERT_OK(cert.ToString(&cert_str, DataFormat::PEM));
   RemoveExtraWhitespace(&cert_str);
 
   string ca_input_cert(kCaCert);

http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/cert.h
----------------------------------------------------------------------
diff --git a/src/kudu/security/cert.h b/src/kudu/security/cert.h
index 929f8b2..02765d2 100644
--- a/src/kudu/security/cert.h
+++ b/src/kudu/security/cert.h
@@ -41,9 +41,9 @@ int GetKuduKerberosPrincipalOidNid();
 
 class Cert : public RawDataWrapper<X509> {
  public:
-  Status FromString(const std::string& data, DataFormat format);
-  Status ToString(std::string* data, DataFormat format) const;
-  Status FromFile(const std::string& fpath, DataFormat format);
+  Status FromString(const std::string& data, DataFormat format) WARN_UNUSED_RESULT;
+  Status ToString(std::string* data, DataFormat format) const WARN_UNUSED_RESULT;
+  Status FromFile(const std::string& fpath, DataFormat format) WARN_UNUSED_RESULT;
 
   std::string SubjectName() const;
   std::string IssuerName() const;
@@ -56,30 +56,30 @@ class Cert : public RawDataWrapper<X509> {
 
   // Check whether the specified private key matches the certificate.
   // Return Status::OK() if key match the certificate.
-  Status CheckKeyMatch(const PrivateKey& key) const;
+  Status CheckKeyMatch(const PrivateKey& key) const WARN_UNUSED_RESULT;
 
   // Returns the 'tls-server-end-point' channel bindings for the certificate as
   // specified in RFC 5929.
-  Status GetServerEndPointChannelBindings(std::string* channel_bindings) const;
+  Status GetServerEndPointChannelBindings(std::string* channel_bindings) const WARN_UNUSED_RESULT;
 
   // Adopts the provided X509 certificate, and increments the reference count.
   void AdoptAndAddRefRawData(X509* data);
 
   // Returns the certificate's public key.
-  Status GetPublicKey(PublicKey* key) const;
+  Status GetPublicKey(PublicKey* key) const WARN_UNUSED_RESULT;
 };
 
 class CertSignRequest : public RawDataWrapper<X509_REQ> {
  public:
-  Status FromString(const std::string& data, DataFormat format);
-  Status ToString(std::string* data, DataFormat format) const;
-  Status FromFile(const std::string& fpath, DataFormat format);
+  Status FromString(const std::string& data, DataFormat format) WARN_UNUSED_RESULT;
+  Status ToString(std::string* data, DataFormat format) const WARN_UNUSED_RESULT;
+  Status FromFile(const std::string& fpath, DataFormat format) WARN_UNUSED_RESULT;
 
   // Returns a shallow clone of the CSR (only a reference count is incremented).
   CertSignRequest Clone() const;
 
   // Returns the CSR's public key.
-  Status GetPublicKey(PublicKey* key) const;
+  Status GetPublicKey(PublicKey* key) const WARN_UNUSED_RESULT;
 };
 
 } // namespace security

http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/crypto-test.cc
----------------------------------------------------------------------
diff --git a/src/kudu/security/crypto-test.cc b/src/kudu/security/crypto-test.cc
index e8136f9..e262912 100644
--- a/src/kudu/security/crypto-test.cc
+++ b/src/kudu/security/crypto-test.cc
@@ -94,7 +94,7 @@ TEST_F(CryptoTest, RsaPrivateKeyInputOutputPEM) {
   PrivateKey key;
   ASSERT_OK(key.FromFile(private_key_file_, DataFormat::PEM));
   string key_str;
-  key.ToString(&key_str, DataFormat::PEM);
+  ASSERT_OK(key.ToString(&key_str, DataFormat::PEM));
   RemoveExtraWhitespace(&key_str);
 
   string ref_key_str(kCaPrivateKey);
@@ -122,7 +122,7 @@ TEST_F(CryptoTest, RsaPublicKeyInputOutputPEM) {
   PublicKey key;
   ASSERT_OK(key.FromFile(public_key_file_, DataFormat::PEM));
   string key_str;
-  key.ToString(&key_str, DataFormat::PEM);
+  ASSERT_OK(key.ToString(&key_str, DataFormat::PEM));
   RemoveExtraWhitespace(&key_str);
 
   string ref_key_str(kCaPublicKey);
@@ -154,7 +154,7 @@ TEST_F(CryptoTest, RsaExtractPublicPartFromPrivateKey) {
   PublicKey public_key;
   ASSERT_OK(private_key.GetPublicKey(&public_key));
   string str_public_key;
-  public_key.ToString(&str_public_key, DataFormat::PEM);
+  ASSERT_OK(public_key.ToString(&str_public_key, DataFormat::PEM));
   RemoveExtraWhitespace(&str_public_key);
 
   string ref_str_public_key(kCaPublicKey);

http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/crypto.h
----------------------------------------------------------------------
diff --git a/src/kudu/security/crypto.h b/src/kudu/security/crypto.h
index c9dd380..a96f1a7 100644
--- a/src/kudu/security/crypto.h
+++ b/src/kudu/security/crypto.h
@@ -43,21 +43,21 @@ class PublicKey : public RawDataWrapper<EVP_PKEY> {
  public:
   ~PublicKey() {}
 
-  Status FromString(const std::string& data, DataFormat format);
-  Status ToString(std::string* data, DataFormat format) const;
-  Status FromFile(const std::string& fpath, DataFormat format);
+  Status FromString(const std::string& data, DataFormat format) WARN_UNUSED_RESULT;
+  Status ToString(std::string* data, DataFormat format) const WARN_UNUSED_RESULT;
+  Status FromFile(const std::string& fpath, DataFormat format) WARN_UNUSED_RESULT;
 
-  Status FromBIO(BIO* bio, DataFormat format);
+  Status FromBIO(BIO* bio, DataFormat format) WARN_UNUSED_RESULT;
 
   // Using the key, verify data signature using the specified message
   // digest algorithm for signature verification.
   // The input signature should be in in raw format (i.e. no base64 encoding).
   Status VerifySignature(DigestType digest,
                          const std::string& data,
-                         const std::string& signature) const;
+                         const std::string& signature) const WARN_UNUSED_RESULT;
 
   // Sets 'equals' to true if the other public key equals this.
-  Status Equals(const PublicKey& other, bool* equals) const;
+  Status Equals(const PublicKey& other, bool* equals) const WARN_UNUSED_RESULT;
 };
 
 // A class with generic private key interface, but actually it represents
@@ -67,23 +67,23 @@ class PrivateKey : public RawDataWrapper<EVP_PKEY> {
  public:
   ~PrivateKey() {}
 
-  Status FromString(const std::string& data, DataFormat format);
-  Status ToString(std::string* data, DataFormat format) const;
-  Status FromFile(const std::string& fpath, DataFormat format);
+  Status FromString(const std::string& data, DataFormat format) WARN_UNUSED_RESULT;
+  Status ToString(std::string* data, DataFormat format) const WARN_UNUSED_RESULT;
+  Status FromFile(const std::string& fpath, DataFormat format) WARN_UNUSED_RESULT;
 
   // Output the public part of the keypair into the specified placeholder.
-  Status GetPublicKey(PublicKey* public_key) const;
+  Status GetPublicKey(PublicKey* public_key) const WARN_UNUSED_RESULT;
 
   // Using the key, generate data signature using the specified
   // message digest algorithm. The result signature is in raw format
   // (i.e. no base64 encoding).
   Status MakeSignature(DigestType digest,
                        const std::string& data,
-                       std::string* signature) const;
+                       std::string* signature) const WARN_UNUSED_RESULT;
 };
 
 // Utility method to generate private keys.
-Status GeneratePrivateKey(int num_bits, PrivateKey* ret);
+Status GeneratePrivateKey(int num_bits, PrivateKey* ret) WARN_UNUSED_RESULT;
 
 } // namespace security
 } // namespace kudu

http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/openssl_util.h
----------------------------------------------------------------------
diff --git a/src/kudu/security/openssl_util.h b/src/kudu/security/openssl_util.h
index 5830da4..1dd5859 100644
--- a/src/kudu/security/openssl_util.h
+++ b/src/kudu/security/openssl_util.h
@@ -54,7 +54,7 @@ namespace security {
 
 // Disable initialization of OpenSSL. Must be called before
 // any call to InitializeOpenSSL().
-Status DisableOpenSSLInitialization();
+Status DisableOpenSSLInitialization() WARN_UNUSED_RESULT;
 
 // Initializes static state required by the OpenSSL library.
 // This is a no-op if DisableOpenSSLInitialization() has been called.

http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/tls_context.h
----------------------------------------------------------------------
diff --git a/src/kudu/security/tls_context.h b/src/kudu/security/tls_context.h
index 27b9baa..6806b0b 100644
--- a/src/kudu/security/tls_context.h
+++ b/src/kudu/security/tls_context.h
@@ -70,7 +70,7 @@ class TlsContext {
 
   ~TlsContext() = default;
 
-  Status Init();
+  Status Init() WARN_UNUSED_RESULT;
 
   // Returns true if this TlsContext has been configured with a cert and key for
   // use with TLS-encrypted connections.
@@ -100,17 +100,17 @@ class TlsContext {
   // passed in to 'UseCertificateAndKey()' or 'AdoptSignedCert()'.
   //
   // If this cert has already been marked as trusted, this has no effect.
-  Status AddTrustedCertificate(const Cert& cert);
+  Status AddTrustedCertificate(const Cert& cert) WARN_UNUSED_RESULT;
 
   // Dump all of the certs that are currently trusted by this context, in DER
   // form, into 'cert_ders'.
-  Status DumpTrustedCerts(std::vector<std::string>* cert_ders) const;
+  Status DumpTrustedCerts(std::vector<std::string>* cert_ders) const WARN_UNUSED_RESULT;
 
   // Uses 'cert' and 'key' as the cert and key for use with TLS connections.
   //
   // Checks that the CA that issued the signature on 'cert' is already trusted
   // by this context (e.g. by AddTrustedCertificate()).
-  Status UseCertificateAndKey(const Cert& cert, const PrivateKey& key);
+  Status UseCertificateAndKey(const Cert& cert, const PrivateKey& key) WARN_UNUSED_RESULT;
 
   // Generates a self-signed cert and key for use with TLS connections.
   //
@@ -119,7 +119,7 @@ class TlsContext {
   // CA-signed cert for the generated private key, and 'AdoptSignedCert' can be
   // used to transition to using the CA-signed cert with subsequent TLS
   // connections.
-  Status GenerateSelfSignedCertAndKey();
+  Status GenerateSelfSignedCertAndKey() WARN_UNUSED_RESULT;
 
   // Returns a new certificate signing request (CSR) in DER format, if this
   // context's cert is self-signed. If the cert is already signed, returns
@@ -135,20 +135,21 @@ class TlsContext {
   // by this context (e.g. by AddTrustedCertificate()).
   //
   // This has no effect if the instance already has a CA-signed cert.
-  Status AdoptSignedCert(const Cert& cert);
+  Status AdoptSignedCert(const Cert& cert) WARN_UNUSED_RESULT;
 
   // Convenience functions for loading cert/CA/key from file paths.
   // -------------------------------------------------------------
 
   // Load the server certificate and key (PEM encoded).
   Status LoadCertificateAndKey(const std::string& certificate_path,
-                               const std::string& key_path);
+                               const std::string& key_path) WARN_UNUSED_RESULT;
 
   // Load the certificate authority (PEM encoded).
-  Status LoadCertificateAuthority(const std::string& certificate_path);
+  Status LoadCertificateAuthority(const std::string& certificate_path) WARN_UNUSED_RESULT;
 
   // Initiates a new TlsHandshake instance.
-  Status InitiateHandshake(TlsHandshakeType handshake_type, TlsHandshake* handshake) const;
+  Status InitiateHandshake(TlsHandshakeType handshake_type,
+                           TlsHandshake* handshake) const WARN_UNUSED_RESULT;
 
   // Return the number of certs that have been marked as trusted.
   // Used by tests.
@@ -159,7 +160,7 @@ class TlsContext {
 
  private:
 
-  Status VerifyCertChain(const Cert& cert);
+  Status VerifyCertChain(const Cert& cert) WARN_UNUSED_RESULT;
 
   // Owned SSL context.
   c_unique_ptr<SSL_CTX> ctx_;

http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/tls_handshake-test.cc
----------------------------------------------------------------------
diff --git a/src/kudu/security/tls_handshake-test.cc b/src/kudu/security/tls_handshake-test.cc
index 8ffc99c..681e270 100644
--- a/src/kudu/security/tls_handshake-test.cc
+++ b/src/kudu/security/tls_handshake-test.cc
@@ -83,8 +83,8 @@ class TestTlsHandshake : public KuduTest,
   Status RunHandshake(TlsVerificationMode client_verify,
                       TlsVerificationMode server_verify) {
     TlsHandshake client, server;
-    client_tls_.InitiateHandshake(TlsHandshakeType::CLIENT, &client);
-    server_tls_.InitiateHandshake(TlsHandshakeType::SERVER, &server);
+    RETURN_NOT_OK(client_tls_.InitiateHandshake(TlsHandshakeType::CLIENT, &client));
+    RETURN_NOT_OK(server_tls_.InitiateHandshake(TlsHandshakeType::SERVER, &server));
 
     client.set_verification_mode(client_verify);
     server.set_verification_mode(server_verify);
@@ -136,8 +136,8 @@ TEST_F(TestTlsHandshake, TestHandshakeSequence) {
 
   TlsHandshake server;
   TlsHandshake client;
-  client_tls_.InitiateHandshake(TlsHandshakeType::SERVER, &server);
-  server_tls_.InitiateHandshake(TlsHandshakeType::CLIENT, &client);
+  ASSERT_OK(client_tls_.InitiateHandshake(TlsHandshakeType::SERVER, &server));
+  ASSERT_OK(server_tls_.InitiateHandshake(TlsHandshakeType::CLIENT, &client));
 
   string buf1;
   string buf2;

http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/tls_handshake.h
----------------------------------------------------------------------
diff --git a/src/kudu/security/tls_handshake.h b/src/kudu/security/tls_handshake.h
index 7897d10..2e7031f 100644
--- a/src/kudu/security/tls_handshake.h
+++ b/src/kudu/security/tls_handshake.h
@@ -98,16 +98,16 @@ class TlsHandshake {
   // round of messages.
   //
   // Returns any other status code on error.
-  Status Continue(const std::string& recv, std::string* send);
+  Status Continue(const std::string& recv, std::string* send) WARN_UNUSED_RESULT;
 
   // Finishes the handshake, wrapping the provided socket in the negotiated TLS
   // channel. This 'TlsHandshake' instance should not be used again after
   // calling this.
-  Status Finish(std::unique_ptr<Socket>* socket);
+  Status Finish(std::unique_ptr<Socket>* socket) WARN_UNUSED_RESULT;
 
   // Finish the handshake, using the provided socket to verify the remote peer,
   // but without wrapping the socket.
-  Status FinishNoWrap(const Socket& socket);
+  Status FinishNoWrap(const Socket& socket) WARN_UNUSED_RESULT;
 
   // Retrieve the local certificate. This will return an error status if there
   // is no local certificate.
@@ -150,10 +150,10 @@ class TlsHandshake {
   }
 
   // Populates local_cert_ and remote_cert_.
-  Status GetCerts();
+  Status GetCerts() WARN_UNUSED_RESULT;
 
   // Verifies that the handshake is valid for the provided socket.
-  Status Verify(const Socket& socket) const;
+  Status Verify(const Socket& socket) const WARN_UNUSED_RESULT;
 
   // Owned SSL handle.
   c_unique_ptr<SSL> ssl_;

http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/token-test.cc
----------------------------------------------------------------------
diff --git a/src/kudu/security/token-test.cc b/src/kudu/security/token-test.cc
index 36bcdb2..84a0105 100644
--- a/src/kudu/security/token-test.cc
+++ b/src/kudu/security/token-test.cc
@@ -167,7 +167,6 @@ TEST_F(TokenTest, TestTokenSignerAddKeys) {
     // It should not need next key right away, but should need next key after
     // the rotation interval.
     static const int64_t kKeyRotationIntervalSeconds = 8;
-    const MonoTime t0 = MonoTime::Now();
     TokenSigner signer(10, kKeyRotationIntervalSeconds);
     std::unique_ptr<TokenSigningPrivateKey> key;
     ASSERT_OK(signer.CheckNeedKey(&key));

http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/token_signer.h
----------------------------------------------------------------------
diff --git a/src/kudu/security/token_signer.h b/src/kudu/security/token_signer.h
index 82aba2b..698bf45 100644
--- a/src/kudu/security/token_signer.h
+++ b/src/kudu/security/token_signer.h
@@ -230,8 +230,7 @@ class TokenSigner {
   Status TryRotateKey(bool* has_rotated = nullptr) WARN_UNUSED_RESULT;
 
   Status GenerateAuthnToken(std::string username,
-                            SignedTokenPB* signed_token) const
-      WARN_UNUSED_RESULT;
+                            SignedTokenPB* signed_token) const WARN_UNUSED_RESULT;
 
   Status SignToken(SignedTokenPB* token) const WARN_UNUSED_RESULT;
 
@@ -242,8 +241,7 @@ class TokenSigner {
 
   static Status GenerateSigningKey(int64_t key_seq_num,
                                    int64_t key_expiration,
-                                   std::unique_ptr<TokenSigningPrivateKey>* tsk)
-      WARN_UNUSED_RESULT;
+                                   std::unique_ptr<TokenSigningPrivateKey>* tsk) WARN_UNUSED_RESULT;
 
   std::shared_ptr<TokenVerifier> verifier_;
 

http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/token_signing_key.h
----------------------------------------------------------------------
diff --git a/src/kudu/security/token_signing_key.h b/src/kudu/security/token_signing_key.h
index 875ebbf..2ae6713 100644
--- a/src/kudu/security/token_signing_key.h
+++ b/src/kudu/security/token_signing_key.h
@@ -69,7 +69,7 @@ class TokenSigningPrivateKey {
   ~TokenSigningPrivateKey();
 
   // Sign a token, and store the signature and signing key's sequence number.
-  Status Sign(SignedTokenPB* token) const;
+  Status Sign(SignedTokenPB* token) const WARN_UNUSED_RESULT;
 
   // Export data into corresponding PB structure.
   void ExportPB(TokenSigningPrivateKeyPB* pb) const;

http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/token_verifier.h
----------------------------------------------------------------------
diff --git a/src/kudu/security/token_verifier.h b/src/kudu/security/token_verifier.h
index 00c541f..2879f8c 100644
--- a/src/kudu/security/token_verifier.h
+++ b/src/kudu/security/token_verifier.h
@@ -63,8 +63,7 @@ class TokenVerifier {
   // (which might be running on a remote node). If any public keys already
   // exist with matching key sequence numbers, they are replaced by
   // the new keys.
-  Status ImportKeys(const std::vector<TokenSigningPublicKeyPB>& keys)
-      WARN_UNUSED_RESULT;
+  Status ImportKeys(const std::vector<TokenSigningPublicKeyPB>& keys) WARN_UNUSED_RESULT;
 
   // Export token signing public keys. Specifying the 'after_sequence_number'
   // allows to get public keys with sequence numbers greater than


Mime
View raw message