d3/d12/session__token_8cc_source.html

 #include "session_token.h"


 #include <limits>


 #include "crypto/encrypt.h"

 #include "json.h"

 #include "json_document.h"

 #include "util/logging.h"

 #include "util/platform.h"

 #include "util/pointer.h"

 #include "util/string.h"


 namespace receiver {


 bool GenerateSessionToken(const std::string &key_id, const std::string &path,

                           uint64_t max_lease_time, std::string *session_token,

                           std::string *public_token_id,

                           std::string *token_secret) {

   if (session_token == NULL || public_token_id == NULL

       || token_secret == NULL) {

     return false;

   }


   if (key_id.empty() && path.empty()) {

     return false;

   }


   const UniquePtr<cipher::Key> secret(cipher::Key::CreateRandomly(32));

   if (!secret.IsValid()) {

     return false;

   }


   const UniquePtr<cipher::Cipher> cipher(

       cipher::Cipher::Create(cipher::kAes256Cbc));

   if (!cipher.IsValid()) {

     return false;

   }


   *public_token_id = key_id + path;

   *token_secret = secret->ToBase64();


   const uint64_t current_time = platform_monotonic_time();

   if (std::numeric_limits<uint64_t>::max() - max_lease_time < current_time) {

     return false;

   }


   const std::string expiry(StringifyUint(current_time + max_lease_time));


   std::string encrypted_body;

   if (!cipher->Encrypt(

           "{\"path\" : \"" + path + "\", \"expiry\" : \"" + expiry + "\"}",

           *secret, &encrypted_body)) {

     return false;

   }


   *session_token = Base64("{\"token_id\" : \"" + *public_token_id

                           + "\", \"blob\" : \"" + Base64(encrypted_body)

                           + "\"}");


   return true;

 }


 bool GetTokenPublicId(const std::string &token, std::string *public_id) {

   if (public_id == NULL) {

     return false;

   }


   std::string debased64_token;

   if (!Debase64(token, &debased64_token)) {

     return false;

   }


   const UniquePtr<JsonDocument> token_json(

       JsonDocument::Create(debased64_token));

   if (!token_json.IsValid()) {

     return false;

   }


   const JSON *token_id = JsonDocument::SearchInObject(token_json->root(),

                                                       "token_id", JSON_STRING);

   const JSON *blob = JsonDocument::SearchInObject(token_json->root(), "blob",

                                                   JSON_STRING);


   if (token_id == NULL || blob == NULL) {

     return false;

   }


   *public_id = token_id->string_value;


   return true;

 }


 /*

  * Check the validity of a session token using the associated secret

  */

 TokenCheckResult CheckToken(const std::string &token, const std::string &secret,

                             std::string *lease_path) {

   if (!lease_path) {

     return kInvalid;

   }


   std::string debased64_token;

   if (!Debase64(token, &debased64_token)) {

     return kInvalid;

   }


   const UniquePtr<JsonDocument> token_json(

       JsonDocument::Create(debased64_token));

   if (!token_json.IsValid()) {

     return kInvalid;

   }


   const JSON *token_id = JsonDocument::SearchInObject(token_json->root(),

                                                       "token_id", JSON_STRING);

   const JSON *blob = JsonDocument::SearchInObject(token_json->root(), "blob",

                                                   JSON_STRING);

   if (token_id == NULL || blob == NULL) {

     return kInvalid;

   }


   std::string debased64_secret;

   if (!Debase64(secret, &debased64_secret)) {

     return kInvalid;

   }

   const UniquePtr<cipher::Key> key(

       cipher::Key::CreateFromString(debased64_secret));

   if (!key.IsValid()) {

     return kInvalid;

   }


   std::string encrypted_body;

   if (!Debase64(blob->string_value, &encrypted_body)) {

     return kInvalid;

   }


   std::string body;

   if (!cipher::Cipher::Decrypt(encrypted_body, *key, &body)) {

     return kInvalid;

   }


   const UniquePtr<JsonDocument> body_json(JsonDocument::Create(body));

   if (!token_json.IsValid()) {

     return kInvalid;

   }


   const JSON *path = JsonDocument::SearchInObject(body_json->root(), "path",

                                                   JSON_STRING);

   const JSON *expiry = JsonDocument::SearchInObject(body_json->root(), "expiry",

                                                     JSON_STRING);

   if (path == NULL || expiry == NULL) {

     return kInvalid;

   }


   // TODO(radu): can we still use monotonic time if the process restarts?

   const uint64_t expiry_time = String2Uint64(expiry->string_value);

   const uint64_t current_time = platform_monotonic_time();

   if (current_time > expiry_time) {

     return kExpired;

   }


   *lease_path = path->string_value;


   return kValid;

 }


 }  // namespace receiver

cipher::Cipher::Decrypt
static bool Decrypt(const std::string &ciphertext, const Key &key, std::string *plaintext)
Definition: encrypt.cc:186

string.h

JsonDocument::SearchInObject
static JSON * SearchInObject(const JSON *json_object, const std::string &name, const json_type type)
Definition: json_document.cc:196

json_document.h

receiver::kExpired
Definition: session_token.h:17

cipher::Cipher::Create
static Cipher * Create(const Algorithms a)
Definition: encrypt.cc:157

cipher::Key::ToBase64
std::string ToBase64() const
Definition: encrypt.cc:109

receiver::GenerateSessionToken
bool GenerateSessionToken(const std::string &key_id, const std::string &path, uint64_t max_lease_time, std::string *session_token, std::string *public_token_id, std::string *token_secret)
Definition: session_token.cc:30

receiver::TokenCheckResult
TokenCheckResult
Definition: session_token.h:14

UniquePtr
Definition: pointer.h:65

session_token.h

platform.h

encrypt.h

cipher::Key::CreateRandomly
static Key * CreateRandomly(const unsigned size)
Definition: encrypt.cc:32

logging.h

StringifyUint
std::string StringifyUint(const uint64_t value)
Definition: string.cc:83

Debase64
bool Debase64(const string &data, string *decoded)
Definition: string.cc:598

receiver::kValid
Definition: session_token.h:15

JsonDocument::Create
static JsonDocument * Create(const std::string &text)
Definition: json_document.cc:18

platform_monotonic_time
uint64_t platform_monotonic_time()
Definition: platform_linux.h:332

UniquePtrBase< T, UniquePtr< T > >::IsValid
bool IsValid() const
Definition: pointer.h:47

receiver::kInvalid
Definition: session_token.h:16

receiver::GetTokenPublicId
bool GetTokenPublicId(const std::string &token, std::string *public_id)
Definition: session_token.cc:82

receiver::CheckToken
TokenCheckResult CheckToken(const std::string &token, const std::string &secret, std::string *lease_path)
Definition: session_token.cc:115

cipher::kAes256Cbc
Definition: encrypt.h:29

Base64
string Base64(const string &data)
Definition: string.cc:537

cipher::Cipher::Encrypt
bool Encrypt(const std::string &plaintext, const Key &key, std::string *ciphertext)
Definition: encrypt.cc:170

String2Uint64
uint64_t String2Uint64(const string &value)
Definition: string.cc:240

cipher::Key::CreateFromString
static Key * CreateFromString(const std::string &key)
Definition: encrypt.cc:77

pointer.h

JSON
struct json_value JSON
Definition: helper_allow.cc:11

JsonDocument::root
const JSON * root() const
Definition: json_document.h:25