blob: 638703ef79be05976d5d0b9f68a7ec43959a6f74 [file] [log] [blame]
// Copyright (c) 2023 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "quiche/blind_sign_auth/cached_blind_sign_auth.h"
#include <utility>
#include <vector>
#include "absl/functional/bind_front.h"
#include "absl/status/status.h"
#include "absl/status/statusor.h"
#include "absl/strings/str_format.h"
#include "absl/time/clock.h"
#include "absl/time/time.h"
#include "absl/types/span.h"
#include "quiche/blind_sign_auth/blind_sign_auth_interface.h"
#include "quiche/common/platform/api/quiche_logging.h"
#include "quiche/common/platform/api/quiche_mutex.h"
namespace quiche {
constexpr absl::Duration kFreshnessConstant = absl::Minutes(5);
void CachedBlindSignAuth::GetTokens(std::string oauth_token, int num_tokens,
ProxyLayer proxy_layer,
SignedTokenCallback callback) {
if (num_tokens > max_tokens_per_request_) {
std::move(callback)(absl::InvalidArgumentError(
absl::StrFormat("Number of tokens requested exceeds maximum: %d",
kBlindSignAuthRequestMaxTokens)));
return;
}
if (num_tokens < 0) {
std::move(callback)(absl::InvalidArgumentError(absl::StrFormat(
"Negative number of tokens requested: %d", num_tokens)));
return;
}
std::vector<BlindSignToken> output_tokens;
{
QuicheWriterMutexLock lock(&mutex_);
RemoveExpiredTokens();
// Try to fill the request from cache.
if (static_cast<size_t>(num_tokens) <= cached_tokens_.size()) {
output_tokens = CreateOutputTokens(num_tokens);
}
}
if (!output_tokens.empty() || num_tokens == 0) {
std::move(callback)(absl::MakeSpan(output_tokens));
return;
}
// Make a GetTokensRequest if the cache can't handle the request size.
SignedTokenCallback caching_callback =
absl::bind_front(&CachedBlindSignAuth::HandleGetTokensResponse, this,
std::move(callback), num_tokens);
blind_sign_auth_->GetTokens(oauth_token, kBlindSignAuthRequestMaxTokens,
proxy_layer, std::move(caching_callback));
}
void CachedBlindSignAuth::HandleGetTokensResponse(
SignedTokenCallback callback, int num_tokens,
absl::StatusOr<absl::Span<BlindSignToken>> tokens) {
if (!tokens.ok()) {
QUICHE_LOG(WARNING) << "BlindSignAuth::GetTokens failed: "
<< tokens.status();
std::move(callback)(tokens);
return;
}
if (tokens->size() < static_cast<size_t>(num_tokens) ||
tokens->size() > kBlindSignAuthRequestMaxTokens) {
QUICHE_LOG(WARNING) << "Expected " << num_tokens << " tokens, got "
<< tokens->size();
}
std::vector<BlindSignToken> output_tokens;
size_t cache_size;
{
QuicheWriterMutexLock lock(&mutex_);
// Add returned tokens to cache.
for (const BlindSignToken& token : *tokens) {
cached_tokens_.push_back(token);
}
RemoveExpiredTokens();
// Return tokens or a ResourceExhaustedError.
cache_size = cached_tokens_.size();
if (cache_size >= static_cast<size_t>(num_tokens)) {
output_tokens = CreateOutputTokens(num_tokens);
}
}
if (!output_tokens.empty()) {
std::move(callback)(absl::MakeSpan(output_tokens));
return;
}
std::move(callback)(absl::ResourceExhaustedError(absl::StrFormat(
"Requested %d tokens, cache only has %d after GetTokensRequest",
num_tokens, cache_size)));
}
std::vector<BlindSignToken> CachedBlindSignAuth::CreateOutputTokens(
int num_tokens) {
std::vector<BlindSignToken> output_tokens;
if (cached_tokens_.size() < static_cast<size_t>(num_tokens)) {
QUICHE_LOG(FATAL) << "Check failed, not enough tokens in cache: "
<< cached_tokens_.size() << " < " << num_tokens;
}
for (int i = 0; i < num_tokens; i++) {
output_tokens.push_back(std::move(cached_tokens_.front()));
cached_tokens_.pop_front();
}
return output_tokens;
}
void CachedBlindSignAuth::RemoveExpiredTokens() {
size_t original_size = cached_tokens_.size();
absl::Time now_plus_five_mins = absl::Now() + kFreshnessConstant;
for (size_t i = 0; i < original_size; i++) {
BlindSignToken token = std::move(cached_tokens_.front());
cached_tokens_.pop_front();
if (token.expiration > now_plus_five_mins) {
cached_tokens_.push_back(std::move(token));
}
}
}
} // namespace quiche