aboutsummaryrefslogtreecommitdiffstats
path: root/library/cpp/tvmauth/src/service_impl.cpp
diff options
context:
space:
mode:
authorcerevra <cerevra@yandex-team.ru>2022-02-10 16:45:59 +0300
committerDaniil Cherednik <dcherednik@yandex-team.ru>2022-02-10 16:45:59 +0300
commit4f292c7e2fd0a41da93fda51b2d440c979a330b7 (patch)
tree1a2c5ffcf89eb53ecd79dbc9bc0a195c27404d0c /library/cpp/tvmauth/src/service_impl.cpp
parentbf41dd01f6c920583e9faae7cd55ed25e547e052 (diff)
downloadydb-4f292c7e2fd0a41da93fda51b2d440c979a330b7.tar.gz
Restoring authorship annotation for <cerevra@yandex-team.ru>. Commit 2 of 2.
Diffstat (limited to 'library/cpp/tvmauth/src/service_impl.cpp')
-rw-r--r--library/cpp/tvmauth/src/service_impl.cpp226
1 files changed, 113 insertions, 113 deletions
diff --git a/library/cpp/tvmauth/src/service_impl.cpp b/library/cpp/tvmauth/src/service_impl.cpp
index b27727494c..528a244647 100644
--- a/library/cpp/tvmauth/src/service_impl.cpp
+++ b/library/cpp/tvmauth/src/service_impl.cpp
@@ -3,139 +3,139 @@
#include "parser.h"
#include "utils.h"
-#include <library/cpp/tvmauth/exception.h>
-#include <library/cpp/tvmauth/ticket_status.h>
+#include <library/cpp/tvmauth/exception.h>
+#include <library/cpp/tvmauth/ticket_status.h>
#include <util/generic/strbuf.h>
#include <util/string/cast.h>
#include <util/string/split.h>
-namespace NTvmAuth {
- static const char* EX_MSG = "Method cannot be used in non-valid ticket";
-
- TCheckedServiceTicket::TImpl::operator bool() const {
- return (Status_ == ETicketStatus::Ok);
+namespace NTvmAuth {
+ static const char* EX_MSG = "Method cannot be used in non-valid ticket";
+
+ TCheckedServiceTicket::TImpl::operator bool() const {
+ return (Status_ == ETicketStatus::Ok);
}
- TTvmId TCheckedServiceTicket::TImpl::GetSrc() const {
- Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG);
- return ProtobufTicket_.service().srcclientid();
+ TTvmId TCheckedServiceTicket::TImpl::GetSrc() const {
+ Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG);
+ return ProtobufTicket_.service().srcclientid();
}
- const TScopes& TCheckedServiceTicket::TImpl::GetScopes() const {
- Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG);
- if (CachedScopes_.empty()) {
- for (const auto& el : ProtobufTicket_.service().scopes()) {
- CachedScopes_.push_back(el);
+ const TScopes& TCheckedServiceTicket::TImpl::GetScopes() const {
+ Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG);
+ if (CachedScopes_.empty()) {
+ for (const auto& el : ProtobufTicket_.service().scopes()) {
+ CachedScopes_.push_back(el);
}
}
- return CachedScopes_;
+ return CachedScopes_;
}
- bool TCheckedServiceTicket::TImpl::HasScope(TStringBuf scopeName) const {
- Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG);
- return std::binary_search(ProtobufTicket_.service().scopes().begin(), ProtobufTicket_.service().scopes().end(), scopeName);
+ bool TCheckedServiceTicket::TImpl::HasScope(TStringBuf scopeName) const {
+ Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG);
+ return std::binary_search(ProtobufTicket_.service().scopes().begin(), ProtobufTicket_.service().scopes().end(), scopeName);
}
- ETicketStatus TCheckedServiceTicket::TImpl::GetStatus() const {
- return Status_;
+ ETicketStatus TCheckedServiceTicket::TImpl::GetStatus() const {
+ return Status_;
}
- time_t TCheckedServiceTicket::TImpl::GetExpirationTime() const {
- Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG);
- return ProtobufTicket_.expirationtime();
+ time_t TCheckedServiceTicket::TImpl::GetExpirationTime() const {
+ Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG);
+ return ProtobufTicket_.expirationtime();
}
- TString TCheckedServiceTicket::TImpl::DebugInfo() const {
- if (CachedDebugInfo_) {
- return CachedDebugInfo_;
- }
-
- if (Status_ == ETicketStatus::Malformed) {
- CachedDebugInfo_ = "status=malformed;";
- return CachedDebugInfo_;
+ TString TCheckedServiceTicket::TImpl::DebugInfo() const {
+ if (CachedDebugInfo_) {
+ return CachedDebugInfo_;
+ }
+
+ if (Status_ == ETicketStatus::Malformed) {
+ CachedDebugInfo_ = "status=malformed;";
+ return CachedDebugInfo_;
}
-
+
TString targetString = "ticket_type=";
- targetString.reserve(256);
- if (Status_ == ETicketStatus::InvalidTicketType) {
+ targetString.reserve(256);
+ if (Status_ == ETicketStatus::InvalidTicketType) {
targetString.append("not-serv;");
- CachedDebugInfo_ = targetString;
+ CachedDebugInfo_ = targetString;
return targetString;
}
-
+
targetString.append("serv");
- if (ProtobufTicket_.has_expirationtime())
- targetString.append(";expiration_time=").append(IntToString<10>(ProtobufTicket_.expirationtime()));
- if (ProtobufTicket_.service().has_srcclientid()) {
- targetString.append(";src=").append(IntToString<10>(ProtobufTicket_.service().srcclientid()));
- }
- if (ProtobufTicket_.service().has_dstclientid()) {
- targetString.append(";dst=").append(IntToString<10>(ProtobufTicket_.service().dstclientid()));
- }
- for (const auto& scope : ProtobufTicket_.service().scopes()) {
+ if (ProtobufTicket_.has_expirationtime())
+ targetString.append(";expiration_time=").append(IntToString<10>(ProtobufTicket_.expirationtime()));
+ if (ProtobufTicket_.service().has_srcclientid()) {
+ targetString.append(";src=").append(IntToString<10>(ProtobufTicket_.service().srcclientid()));
+ }
+ if (ProtobufTicket_.service().has_dstclientid()) {
+ targetString.append(";dst=").append(IntToString<10>(ProtobufTicket_.service().dstclientid()));
+ }
+ for (const auto& scope : ProtobufTicket_.service().scopes()) {
targetString.append(";scope=").append(scope);
}
- if (ProtobufTicket_.service().has_issueruid()) {
- targetString.append(";issuer_uid=").append(IntToString<10>(ProtobufTicket_.service().GetissuerUid()));
- }
+ if (ProtobufTicket_.service().has_issueruid()) {
+ targetString.append(";issuer_uid=").append(IntToString<10>(ProtobufTicket_.service().GetissuerUid()));
+ }
targetString.append(";");
-
- CachedDebugInfo_ = targetString;
+
+ CachedDebugInfo_ = targetString;
return targetString;
}
- TMaybe<TUid> TCheckedServiceTicket::TImpl::GetIssuerUid() const {
- Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG);
- return ProtobufTicket_.service().has_issueruid()
- ? ProtobufTicket_.service().GetissuerUid()
- : TMaybe<TUid>();
- }
-
- void TCheckedServiceTicket::TImpl::SetStatus(ETicketStatus status) {
- Status_ = status;
- }
-
- TCheckedServiceTicket::TImpl::TImpl(ETicketStatus status, ticket2::Ticket&& protobufTicket)
- : Status_(status)
- , ProtobufTicket_(std::move(protobufTicket))
+ TMaybe<TUid> TCheckedServiceTicket::TImpl::GetIssuerUid() const {
+ Y_ENSURE_EX(bool(*this), TNotAllowedException() << EX_MSG);
+ return ProtobufTicket_.service().has_issueruid()
+ ? ProtobufTicket_.service().GetissuerUid()
+ : TMaybe<TUid>();
+ }
+
+ void TCheckedServiceTicket::TImpl::SetStatus(ETicketStatus status) {
+ Status_ = status;
+ }
+
+ TCheckedServiceTicket::TImpl::TImpl(ETicketStatus status, ticket2::Ticket&& protobufTicket)
+ : Status_(status)
+ , ProtobufTicket_(std::move(protobufTicket))
{
}
- TServiceTicketImplPtr TCheckedServiceTicket::TImpl::CreateTicketForTests(ETicketStatus status,
- TTvmId src,
- TMaybe<TUid> issuerUid) {
- ticket2::Ticket proto;
- proto.mutable_service()->set_srcclientid(src);
- proto.mutable_service()->set_dstclientid(100500);
- if (issuerUid) {
- proto.mutable_service()->set_issueruid(*issuerUid);
- }
- return MakeHolder<TImpl>(status, std::move(proto));
- }
-
- TServiceContext::TImpl::TImpl(TStringBuf secretBase64, TTvmId selfTvmId, TStringBuf tvmKeysResponse)
- : Secret_(ParseSecret(secretBase64))
- , SelfTvmId_(selfTvmId)
+ TServiceTicketImplPtr TCheckedServiceTicket::TImpl::CreateTicketForTests(ETicketStatus status,
+ TTvmId src,
+ TMaybe<TUid> issuerUid) {
+ ticket2::Ticket proto;
+ proto.mutable_service()->set_srcclientid(src);
+ proto.mutable_service()->set_dstclientid(100500);
+ if (issuerUid) {
+ proto.mutable_service()->set_issueruid(*issuerUid);
+ }
+ return MakeHolder<TImpl>(status, std::move(proto));
+ }
+
+ TServiceContext::TImpl::TImpl(TStringBuf secretBase64, TTvmId selfTvmId, TStringBuf tvmKeysResponse)
+ : Secret_(ParseSecret(secretBase64))
+ , SelfTvmId_(selfTvmId)
{
ResetKeys(tvmKeysResponse);
}
- TServiceContext::TImpl::TImpl(TTvmId selfTvmId, TStringBuf tvmKeysResponse)
- : SelfTvmId_(selfTvmId)
+ TServiceContext::TImpl::TImpl(TTvmId selfTvmId, TStringBuf tvmKeysResponse)
+ : SelfTvmId_(selfTvmId)
{
ResetKeys(tvmKeysResponse);
}
- TServiceContext::TImpl::TImpl(TStringBuf secretBase64)
- : Secret_(ParseSecret(secretBase64))
- {
- }
-
+ TServiceContext::TImpl::TImpl(TStringBuf secretBase64)
+ : Secret_(ParseSecret(secretBase64))
+ {
+ }
+
void TServiceContext::TImpl::ResetKeys(TStringBuf tvmKeysResponse) {
tvm_keys::Keys protoKeys;
if (!protoKeys.ParseFromString(TParserTvmKeys::ParseStrV1(tvmKeysResponse))) {
- ythrow TMalformedTvmKeysException() << "Malformed TVM keys";
+ ythrow TMalformedTvmKeysException() << "Malformed TVM keys";
}
NRw::TPublicKeys keys;
@@ -146,41 +146,41 @@ namespace NTvmAuth {
}
if (keys.empty()) {
- ythrow TEmptyTvmKeysException() << "Empty TVM keys";
+ ythrow TEmptyTvmKeysException() << "Empty TVM keys";
}
- Keys_ = std::move(keys);
+ Keys_ = std::move(keys);
}
TServiceTicketImplPtr TServiceContext::TImpl::Check(TStringBuf ticketBody) const {
- if (Keys_.empty()) {
- ythrow TEmptyTvmKeysException() << "Empty TVM keys";
- }
-
- TParserTickets::TRes res = TParserTickets::ParseV3(ticketBody, Keys_, TParserTickets::ServiceFlag());
- if (res.Status != ETicketStatus::Ok) {
- return MakeHolder<TCheckedServiceTicket::TImpl>(res.Status, std::move(res.Ticket));
+ if (Keys_.empty()) {
+ ythrow TEmptyTvmKeysException() << "Empty TVM keys";
+ }
+
+ TParserTickets::TRes res = TParserTickets::ParseV3(ticketBody, Keys_, TParserTickets::ServiceFlag());
+ if (res.Status != ETicketStatus::Ok) {
+ return MakeHolder<TCheckedServiceTicket::TImpl>(res.Status, std::move(res.Ticket));
}
- const ETicketStatus status = CheckProtobufServiceTicket(res.Ticket);
- return MakeHolder<TCheckedServiceTicket::TImpl>(status, std::move(res.Ticket));
+ const ETicketStatus status = CheckProtobufServiceTicket(res.Ticket);
+ return MakeHolder<TCheckedServiceTicket::TImpl>(status, std::move(res.Ticket));
}
TString TServiceContext::TImpl::SignCgiParamsForTvm(TStringBuf ts, TStringBuf dst, TStringBuf scopes) const {
- if (Secret_.Value().empty()) {
- ythrow TMalformedTvmSecretException() << "Malformed TVM secret: it is empty";
+ if (Secret_.Value().empty()) {
+ ythrow TMalformedTvmSecretException() << "Malformed TVM secret: it is empty";
}
- return NUtils::SignCgiParamsForTvm(Secret_, ts, dst, scopes);
+ return NUtils::SignCgiParamsForTvm(Secret_, ts, dst, scopes);
}
- ETicketStatus TServiceContext::TImpl::CheckProtobufServiceTicket(const ticket2::Ticket& ticket) const {
+ ETicketStatus TServiceContext::TImpl::CheckProtobufServiceTicket(const ticket2::Ticket& ticket) const {
if (!ticket.has_service()) {
- return ETicketStatus::Malformed;
+ return ETicketStatus::Malformed;
}
- if (ticket.service().dstclientid() != SelfTvmId_) {
- return ETicketStatus::InvalidDst;
+ if (ticket.service().dstclientid() != SelfTvmId_) {
+ return ETicketStatus::InvalidDst;
}
- return ETicketStatus::Ok;
+ return ETicketStatus::Ok;
}
TString TServiceContext::TImpl::ParseSecret(TStringBuf secretBase64) {
@@ -188,16 +188,16 @@ namespace NTvmAuth {
secretBase64.Chop(1);
}
- if (secretBase64.empty()) {
- ythrow TMalformedTvmSecretException() << "Malformed TVM secret: it is empty";
- }
-
+ if (secretBase64.empty()) {
+ ythrow TMalformedTvmSecretException() << "Malformed TVM secret: it is empty";
+ }
+
const TString secret = NUtils::Base64url2bin(secretBase64);
if (secret.empty()) {
- ythrow TMalformedTvmSecretException() << "Malformed TVM secret: invalid base64url";
+ ythrow TMalformedTvmSecretException() << "Malformed TVM secret: invalid base64url";
}
return secret;
}
-}
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-22 23:10:42 +0000