Merge pull request #111 from jhiemstrawisc/keycache_config2

Add configuration API to set keycache update/expiration intervals

Author: djw8605

configs/export-symbols

@@ -4,7 +4,8 @@ global:
   validator*;
   enforcer*;
   keycache*;
-
+  config*;
+  
 local:
   *;
 };

src/scitokens.cpp

@@ -1,11 +1,17 @@
-
+#include <atomic>
 #include <exception>
-
 #include <string.h>
 
+
 #include "scitokens.h"
 #include "scitokens_internal.h"
 
+/**
+ * GLOBALS
+ */
+std::atomic_int configurer::Configuration::m_next_update_delta{600};
+std::atomic_int configurer::Configuration::m_expiry_delta{4 * 24 * 3600};
+
 SciTokenKey scitoken_key_create(const char *key_id, const char *alg,
                                 const char *public_contents,
                                 const char *private_contents, char **err_msg) {
@@ -942,3 +948,69 @@ int keycache_set_jwks(const char *issuer, const char *jwks, char **err_msg) {
     }
     return 0;
 }
+
+int config_set_int(const char *key, int value, char **err_msg) {
+    if (!key) {
+        if (err_msg) {
+            *err_msg = strdup("A key must be provided.");
+        }
+        return -1;
+    }
+
+    std::string _key = key;
+
+    if (_key == "keycache.update_interval_s") {
+        if (value < 0) {
+            if (err_msg) {
+                *err_msg = strdup("Update interval must be positive.");
+            }
+            return -1;
+        }
+        configurer::Configuration::set_next_update_delta(value);
+        return 0;
+    }
+
+    if (_key == "keycache.expiration_interval_s") {
+        if (value < 0 ) {
+            if (err_msg) {
+                *err_msg = strdup("Expiry interval must be positive.");
+            }
+            return -1;
+        }
+        configurer::Configuration::set_expiry_delta(value);
+        return 0;
+    }
+
+    else {
+        if (err_msg) {
+            *err_msg = strdup("Key not recognized.");
+        }
+        return -1;
+    }
+}
+
+int config_get_int(const char *key, char **err_msg) {
+    if (!key) {
+        if (err_msg) {
+            *err_msg = strdup("A key must be provided.");
+        }
+        return -1;
+    }
+
+    std::string _key = key;
+
+    if (_key == "keycache.update_interval_s") {
+        return configurer::Configuration::get_next_update_delta();
+    }
+
+    if (_key == "keycache.expiration_interval_s") {
+        return configurer::Configuration::get_expiry_delta();
+    }
+
+    else {
+        if (err_msg) {
+            *err_msg = strdup("Key not recognized.");
+        }
+        return -1;
+    }
+}

src/scitokens.h

@@ -19,6 +19,7 @@ typedef void *SciToken;
 typedef void *Validator;
 typedef void *Enforcer;
 typedef void *SciTokenStatus;
+typedef void *Configuration;
 
 typedef int (*StringValidatorFunction)(const char *value, char **err_msg);
 typedef struct Acl_s {
@@ -289,6 +290,26 @@ int keycache_get_cached_jwks(const char *issuer, char **jwks, char **err_msg);
  */
 int keycache_set_jwks(const char *issuer, const char *jwks, char **err_msg);
 
+/**
+ * API for managing scitokens configuration parameters.
+ */
+
+/**
+ * Update scitokens parameters.
+ * Takes in key/value pairs and assigns the input value to whatever
+ * configuration variable is indicated by the key.
+ * Returns 0 on success, and non-zero for invalid keys or values.
+ */
+int config_set_int(const char *key, int value, char **err_msg);
+
+/**
+ * Get current scitokens parameters.
+ * Returns the value associated with the supplied input key on success, and -1
+ * on failure This assumes there are no keys for which a negative return value
+ * is permissible.
+ */
+int config_get_int(const char *key, char **err_msg);
+
 #ifdef __cplusplus
 }
 #endif

src/scitokens_internal.cpp

@@ -546,11 +546,6 @@ std::string normalize_absolute_path(const std::string &path) {
     return result.empty() ? "/" : result;
 }
 
-void get_default_expiry_time(int &next_update_delta, int &expiry_delta) {
-    next_update_delta = 600;
-    expiry_delta = 4 * 24 * 3600;
-}
-
 } // namespace
 
 void SciToken::deserialize(const std::string &data,
@@ -695,8 +690,9 @@ std::unique_ptr<AsyncStatus> Validator::get_public_keys_from_web_continue(
         // TODO: take expiration time from the cache-control header in the
         // response.
 
-        int next_update_delta, expiry_delta;
-        get_default_expiry_time(next_update_delta, expiry_delta);
+        int next_update_delta =
+            configurer::Configuration::get_next_update_delta();
+        int expiry_delta = configurer::Configuration::get_expiry_delta();
         status->m_next_update = now + next_update_delta;
         status->m_expires = now + expiry_delta;
         status->m_keys = json_obj;
@@ -738,8 +734,8 @@ bool Validator::store_jwks(const std::string &issuer,
     picojson::value jwks;
     std::string err = picojson::parse(jwks, jwks_str);
     auto now = std::time(NULL);
-    int next_update_delta, expiry_delta;
-    get_default_expiry_time(next_update_delta, expiry_delta);
+    int next_update_delta = configurer::Configuration::get_next_update_delta();
+    int expiry_delta = configurer::Configuration::get_expiry_delta();
     int64_t next_update = now + next_update_delta, expires = now + expiry_delta;
     if (!err.empty()) {
         throw JsonException(err);
@@ -980,8 +976,8 @@ bool scitokens::Validator::store_public_ec_key(const std::string &issuer,
     picojson::value top_value(top_obj);
 
     auto now = std::time(NULL);
-    int next_update_delta, expiry_delta;
-    get_default_expiry_time(next_update_delta, expiry_delta);
+    int next_update_delta = configurer::Configuration::get_next_update_delta();
+    int expiry_delta = configurer::Configuration::get_expiry_delta();
     return store_public_keys(issuer, top_value, now + next_update_delta,
                              now + expiry_delta);
 }

src/scitokens_internal.h

@@ -3,6 +3,7 @@
 #include <sstream>
 #include <unordered_map>
 
+#include <atomic>
 #include <curl/curl.h>
 #include <jwt-cpp/jwt.h>
 #include <uuid/uuid.h>
@@ -29,6 +30,24 @@ struct kazuho_picojson;
 }
 } // namespace jwt
 
+namespace configurer {
+class Configuration {
+  public:
+    Configuration() {}
+    static void set_next_update_delta(int _next_update_delta) {
+        m_next_update_delta = _next_update_delta;
+    }
+    static int get_next_update_delta() { return m_next_update_delta; }
+    static void set_expiry_delta(int _expiry_delta) {
+        m_expiry_delta = _expiry_delta;
+    }
+    static int get_expiry_delta() { return m_expiry_delta; }
+  private:
+    static std::atomic_int m_next_update_delta;
+    static std::atomic_int m_expiry_delta;
+};
+} // namespace configurer
+
 namespace scitokens {
 
 namespace internal {

test/main.cpp

@@ -165,6 +165,77 @@ TEST_F(KeycacheTest, SetGetTest) {
     EXPECT_EQ(demo_scitokens2, jwks_str);
 }
 
+TEST_F(KeycacheTest, InvalidConfigKeyTest) {
+    char *err_msg;
+    int new_update_interval = 400;
+    std::string key = "invalid key";
+    auto rv = config_set_int(key.c_str(), new_update_interval, &err_msg);
+    ASSERT_FALSE(rv == 0);
+
+    const char *key2 = nullptr;
+    rv = config_set_int(key2, new_update_interval, &err_msg);
+    ASSERT_FALSE(rv == 0);
+}
+
+TEST_F(KeycacheTest, SetGetUpdateTest) {
+    char *err_msg;
+    int new_update_interval = 400;
+    std::string key = "keycache.update_interval_s";
+    auto rv = config_set_int(key.c_str(), new_update_interval, &err_msg);
+    ASSERT_TRUE(rv == 0);
+
+    rv = config_get_int(key.c_str(), &err_msg);
+    EXPECT_EQ(rv, new_update_interval);
+}
+
+TEST_F(KeycacheTest, SetGetExpirationTest) {
+    char *err_msg;
+    int new_expiration_interval = 2 * 24 * 3600;
+    std::string key = "keycache.expiration_interval_s";
+    auto rv = config_set_int(key.c_str(), new_expiration_interval, &err_msg);
+    ASSERT_TRUE(rv == 0);
+
+    rv = config_get_int(key.c_str(), &err_msg);
+    EXPECT_EQ(rv, new_expiration_interval);
+}
+
+TEST_F(KeycacheTest, SetInvalidUpdateTest) {
+    char *err_msg;
+    int new_update_interval = -1;
+    std::string key = "keycache.update_interval_s";
+    auto rv = config_set_int(key.c_str(), new_update_interval, &err_msg);
+    ASSERT_FALSE(rv == 0);
+}
+
+TEST_F(KeycacheTest, SetInvalidExpirationTest) {
+    char *err_msg;
+    int new_expiration_interval = -2 * 24 * 3600;
+    std::string key = "keycache.expiration_interval_s";
+    auto rv = config_set_int(key.c_str(), new_expiration_interval, &err_msg);
+    ASSERT_FALSE(rv == 0);
+}
+
+TEST_F(KeycacheTest, RefreshExpiredTest) {
+    char *err_msg, *jwks;
+    int new_expiration_interval = 0;
+    std::string key = "keycache.expiration_interval_s";
+    auto rv = config_set_int(key.c_str(), new_expiration_interval, &err_msg);
+    ASSERT_TRUE(rv == 0);
+
+    rv = keycache_refresh_jwks(demo_scitokens_url.c_str(), &err_msg);
+    ASSERT_TRUE(rv == 0);
+
+    sleep(1);
+
+    rv = keycache_get_cached_jwks(demo_scitokens_url.c_str(), &jwks, &err_msg);
+    ASSERT_TRUE(rv == 0);
+    ASSERT_TRUE(jwks != nullptr);
+    std::string jwks_str(jwks);
+    free(jwks);
+
+    EXPECT_EQ(jwks_str, "{\"keys\": []}");
+}
+
 class SerializeTest : public ::testing::Test {
   protected:
     void SetUp() override {