Also, to minimize audit log loss, handle token usage audit logging at each usage.
This has a side-effect of making the token use log less bursty.
This also subtly changes the dedup cache policy.
Dedup time window used to be 5 seconds (default) since the start of batch-logging.
Now it's 5 seconds from the first usage since the closing of the previous dedup window
- Remove redundant operation from TokenSign
- Let the sign/verify API directly report errors
instead of tracing at failing subroutine, which lacks context
- Revert JWT timestamp from double back to uint64_t
- Describe in comment the need for wait loop at the beginning of watchPublicKeyJwksFile()
- Revert CLI args definition in fdbserver.actor.cpp that was
incorrectly tabbed with a bad clang-format run
* Add JsonWebKeySet parser/stringifier
* Update header directory
* Make JWKS parser correctness clean for OpenSSL 1.x
Add RSA keygen support
* Make JWKS parser correctness clean for OpenSSL 3.x
+extend unique_ptr for scoped destruction of OpenSSL objects
* Use PKey::{sign|verify}() in TokenSign
* Apply AutoCPointer to MkCert
* Apply Clang format
* JWKS::toStringRef() returns StringRef > Optional<StringRef>
* Fix Mac/Windows build error
* Fix incorrect fix of Mac build
* Fix filename in license comment for AutoCPointer.h
* Refactor complex C macros into function templates
* Add JWT support to TokenSign
* Encapsulate OpenSSL public/private key type
Type-safe passing around of keys without having to DER/PEM-serialize
(OpenSSL doesn't have distinct types for public and private key)
* Apply Clang format
* Add verify benchmark for JWT and FlatBuffers token
* Unit test base64url::{encode, decode}
* Make all payload fields optional
Let user code validate non-signature fields
* Make all payload fields optional
Completely defer field check to user code
* Move rapidjson from fdbclient to contrib
* Make fdbrpc's rapidjson linkage private
Currently only sources include them.
* Modify rapidjson path in apiversioner.py
* Algorithm::Unknown > Algorithm::UNKNOWN
TokenSign was copying unused Arena held by Standalone instead of refering to it.
An Arena has to be used at least once before it holds a valid, copyable reference.
Otherwise the lifecycle of the copied Arena would be its own and not be shared with the original.
Thus, when the copied arena went out of scope,
the memory supposed to be held by returned Standalone also got released.
Fix: instead of copying, refer to Standalone's arena.
Junhyun Shim