wbtiger
/
foundationdb
mirror of https://github.com/apple/foundationdb.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove rare annotations from Token code

This commit is contained in:
sfc-gh-tclinkenbeard 2023-01-15 17:23:48 -08:00 committed by Trevor Clinkenbeard
parent c12ea39599
commit b2222a5249
2 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
fdbrpc/TokenCache.actor.cpp
View File

@ -225,7 +225,7 @@ bool TokenCacheImpl::validateAndAdd(double currentTime, StringRef token, Network
Optional<StringRef> err; Optional<StringRef> err;
bool verifyOutcome; bool verifyOutcome;
if ((err = authz::jwt::parseToken(arena, token, t, signInput)).present()) { if ((err = authz::jwt::parseToken(arena, token, t, signInput)).present()) {
CODE_PROBE(true, "Token can't be parsed", probe::decoration::rare); CODE_PROBE(true, "Token can't be parsed");
TraceEvent te(SevWarn, "InvalidToken"); TraceEvent te(SevWarn, "InvalidToken");
te.detail("From", peer); te.detail("From", peer);
te.detail("Reason", "ParseError"); te.detail("Reason", "ParseError");
@ -239,41 +239,41 @@ bool TokenCacheImpl::validateAndAdd(double currentTime, StringRef token, Network
} }
auto key = FlowTransport::transport().getPublicKeyByName(t.keyId); auto key = FlowTransport::transport().getPublicKeyByName(t.keyId);
if (!key.present()) { if (!key.present()) {
CODE_PROBE(true, "Token referencing non-existing key", probe::decoration::rare); CODE_PROBE(true, "Token referencing non-existing key");
TRACE_INVALID_PARSED_TOKEN("UnknownKey", t); TRACE_INVALID_PARSED_TOKEN("UnknownKey", t);
return false; return false;
} else if (!t.issuedAtUnixTime.present()) { } else if (!t.issuedAtUnixTime.present()) {
CODE_PROBE(true, "Token has no issued-at field", probe::decoration::rare); CODE_PROBE(true, "Token has no issued-at field");
TRACE_INVALID_PARSED_TOKEN("NoIssuedAt", t); TRACE_INVALID_PARSED_TOKEN("NoIssuedAt", t);
return false; return false;
} else if (!t.expiresAtUnixTime.present()) { } else if (!t.expiresAtUnixTime.present()) {
CODE_PROBE(true, "Token has no expiration time", probe::decoration::rare); CODE_PROBE(true, "Token has no expiration time");
TRACE_INVALID_PARSED_TOKEN("NoExpirationTime", t); TRACE_INVALID_PARSED_TOKEN("NoExpirationTime", t);
return false; return false;
} else if (double(t.expiresAtUnixTime.get()) <= currentTime) { } else if (double(t.expiresAtUnixTime.get()) <= currentTime) {
CODE_PROBE(true, "Expired token", probe::decoration::rare); CODE_PROBE(true, "Expired token");
TRACE_INVALID_PARSED_TOKEN("Expired", t); TRACE_INVALID_PARSED_TOKEN("Expired", t);
return false; return false;
} else if (!t.notBeforeUnixTime.present()) { } else if (!t.notBeforeUnixTime.present()) {
CODE_PROBE(true, "Token has no not-before field", probe::decoration::rare); CODE_PROBE(true, "Token has no not-before field");
TRACE_INVALID_PARSED_TOKEN("NoNotBefore", t); TRACE_INVALID_PARSED_TOKEN("NoNotBefore", t);
return false; return false;
} else if (double(t.notBeforeUnixTime.get()) > currentTime) { } else if (double(t.notBeforeUnixTime.get()) > currentTime) {
CODE_PROBE(true, "Token's not-before is in the future", probe::decoration::rare); CODE_PROBE(true, "Token's not-before is in the future");
TRACE_INVALID_PARSED_TOKEN("TokenNotYetValid", t); TRACE_INVALID_PARSED_TOKEN("TokenNotYetValid", t);
return false; return false;
} else if (!t.tenants.present()) { } else if (!t.tenants.present()) {
CODE_PROBE(true, "Token with no tenants", probe::decoration::rare); CODE_PROBE(true, "Token with no tenants");
TRACE_INVALID_PARSED_TOKEN("NoTenants", t); TRACE_INVALID_PARSED_TOKEN("NoTenants", t);
return false; return false;
} }
std::tie(verifyOutcome, err) = authz::jwt::verifyToken(signInput, t, key.get()); std::tie(verifyOutcome, err) = authz::jwt::verifyToken(signInput, t, key.get());
if (err.present()) { if (err.present()) {
CODE_PROBE(true, "Error while verifying token", probe::decoration::rare); CODE_PROBE(true, "Error while verifying token");
TRACE_INVALID_PARSED_TOKEN("ErrorWhileVerifyingToken", t).detail("ErrorDetail", err.get()); TRACE_INVALID_PARSED_TOKEN("ErrorWhileVerifyingToken", t).detail("ErrorDetail", err.get());
return false; return false;
} else if (!verifyOutcome) { } else if (!verifyOutcome) {
CODE_PROBE(true, "Token with invalid signature", probe::decoration::rare); CODE_PROBE(true, "Token with invalid signature");
TRACE_INVALID_PARSED_TOKEN("InvalidSignature", t); TRACE_INVALID_PARSED_TOKEN("InvalidSignature", t);
return false; return false;
} else { } else {

2
fdbrpc/TokenSign.cpp
View File

@ -386,7 +386,7 @@ Optional<StringRef> parseField(Arena& arena,
if (decodedString.present()) { if (decodedString.present()) {
vector[i] = decodedString.get(); vector[i] = decodedString.get();
} else { } else {
CODE_PROBE(true, "Base64 token field has failed to be parsed", probe::decoration::rare); CODE_PROBE(true, "Base64 token field has failed to be parsed");
return StringRef(arena, return StringRef(arena,
fmt::format("Failed to base64-decode {}th element of '{}'", i + 1, fieldName)); fmt::format("Failed to base64-decode {}th element of '{}'", i + 1, fieldName));
} }