Adding deserialize async functions - checkpoint

djw8605 · djw8605 · commit 785835718056 · 2022-12-02T22:15:50.000-06:00
diff --git a/src/scitokens.cpp b/src/scitokens.cpp
@@ -255,6 +255,68 @@ int scitoken_deserialize_v2(const char *value, SciToken token, char const* const
     return 0;
 }
 
+int scitoken_deserialize_start(const char *value, SciToken *token, char const* const* allowed_issuers, SciTokenStatus *status_out, char **err_msg) {
+    if (value == nullptr) {
+        if (err_msg) {*err_msg = strdup("Token may not be NULL");}
+        return -1;
+    }
+    if (token == nullptr) {
+        if (err_msg) {*err_msg = strdup("Output token not provided");}
+        return -1;
+    }
+    
+    scitokens::SciTokenKey key;
+    scitokens::SciToken *real_token = new scitokens::SciToken(key);
+    
+
+    std::vector<std::string> allowed_issuers_vec;
+    if (allowed_issuers != nullptr) {
+        for (int idx=0; allowed_issuers[idx]; idx++) {
+            allowed_issuers_vec.push_back(allowed_issuers[idx]);
+        }
+    }
+
+    std::unique_ptr<scitokens::SciTokenAsyncStatus> status;
+    try {
+        status = real_token->deserialize_start(value, allowed_issuers_vec);
+    } catch (std::exception &exc) {
+        if (err_msg) {
+            *err_msg = strdup(exc.what());
+        }
+        delete real_token;
+        return -1;
+    }
+    *token = real_token;
+    *status_out = status.release();
+    return 0;
+}
+
+int scitoken_deserialize_continue(SciToken token, SciTokenStatus *status, char **err_msg) {
+    if (token == nullptr) {
+        if (err_msg) {*err_msg = strdup("Output token not provided");}
+        return -1;
+    }
+    scitokens::SciToken *real_token = reinterpret_cast<scitokens::SciToken*>(token);
+    std::unique_ptr<scitokens::SciTokenAsyncStatus> real_status(reinterpret_cast<scitokens::SciTokenAsyncStatus*>(*status));
+
+    try {
+        real_status = real_token->deserialize_continue(std::move(real_status));
+    } catch (std::exception &exc) {
+        *status = nullptr;
+        if (err_msg) {
+            *err_msg = strdup(exc.what());
+        }
+        return -1;
+    }
+
+    if (real_status->m_status->m_done) {
+        *status = nullptr;
+    } else {
+        *status = real_status.release();
+    }
+    return 0;
+}
+
 int scitoken_store_public_ec_key(const char *issuer, const char *keyid, const char *key, char **err_msg)
 {
     bool success;
@@ -458,7 +520,7 @@ int enforcer_generate_acls_start(const Enforcer enf, const SciToken scitoken,
     auto real_scitoken = reinterpret_cast<scitokens::SciToken*>(scitoken);
 
     scitokens::Enforcer::AclsList acls_list;
-    std::unique_ptr<scitokens::Validator::AsyncStatus> status;
+    std::unique_ptr<scitokens::AsyncStatus> status;
     try {
          status = real_enf->generate_acls_start(*real_scitoken, acls_list);
     } catch (std::exception &exc) {
@@ -491,8 +553,8 @@ int enforcer_generate_acls_continue(const Enforcer enf, SciTokenStatus *status,
     }
     
     scitokens::Enforcer::AclsList acls_list;
-    std::unique_ptr<scitokens::Validator::AsyncStatus> status_internal(
-        reinterpret_cast<scitokens::Validator::AsyncStatus*>(*status));
+    std::unique_ptr<scitokens::AsyncStatus> status_internal(
+        reinterpret_cast<scitokens::AsyncStatus*>(*status));
     try {
         status_internal = real_enf->generate_acls_continue(std::move(status_internal), acls_list);
     } catch (std::exception &exc) {
@@ -539,8 +601,8 @@ int enforcer_test(const Enforcer enf, const SciToken scitoken, const Acl *acl, c
 
 
 void scitoken_status_free(SciTokenStatus status) {
-    std::unique_ptr<scitokens::Validator::AsyncStatus> status_real(
-        reinterpret_cast<scitokens::Validator::AsyncStatus*>(status));
+    std::unique_ptr<scitokens::AsyncStatus> status_real(
+        reinterpret_cast<scitokens::AsyncStatus*>(status));
 }
 
 
@@ -555,7 +617,7 @@ int scitoken_status_get_timeout_val(const SciTokenStatus *status, time_t expiry_
         return -1;
     }
 
-    auto real_status = reinterpret_cast<const scitokens::Validator::AsyncStatus*>(status);
+    auto real_status = reinterpret_cast<const scitokens::AsyncStatus*>(status);
     struct timeval timeout_internal = real_status->get_timeout_val(expiry_time);
     timeout->tv_sec = timeout_internal.tv_sec;
     timeout->tv_usec = timeout_internal.tv_usec;
@@ -575,7 +637,7 @@ int scitoken_status_get_read_fd_set(SciTokenStatus *status, fd_set **read_fd_set
         return -1;
     }
 
-    auto real_status = reinterpret_cast<scitokens::Validator::AsyncStatus*>(status);
+    auto real_status = reinterpret_cast<scitokens::AsyncStatus*>(status);
     *read_fd_set = real_status->get_read_fd_set();
     return 0;
 }
@@ -592,7 +654,7 @@ int scitoken_status_get_write_fd_set(SciTokenStatus *status, fd_set **write_fd_s
         return -1;
     }
 
-    auto real_status = reinterpret_cast<scitokens::Validator::AsyncStatus*>(status);
+    auto real_status = reinterpret_cast<scitokens::AsyncStatus*>(status);
     *write_fd_set = real_status->get_write_fd_set();
     return 0;
 }
@@ -609,7 +671,7 @@ int scitoken_status_get_exc_fd_set(SciTokenStatus *status, fd_set **exc_fd_set,
         return -1;
     }
 
-    auto real_status = reinterpret_cast<scitokens::Validator::AsyncStatus*>(status);
+    auto real_status = reinterpret_cast<scitokens::AsyncStatus*>(status);
     *exc_fd_set = real_status->get_exc_fd_set();
     return 0;
 }
@@ -626,7 +688,7 @@ int scitoken_status_get_max_fd(const SciTokenStatus *status, int *max_fd, char *
         return -1;
     }
 
-    auto real_status = reinterpret_cast<const scitokens::Validator::AsyncStatus*>(status);
+    auto real_status = reinterpret_cast<const scitokens::AsyncStatus*>(status);
     *max_fd = real_status->get_max_fd();
     return 0;
 }
diff --git a/src/scitokens.h b/src/scitokens.h
@@ -92,6 +92,23 @@ void scitoken_set_deserialize_profile(SciToken token, SciTokenProfile profile);
 
 int scitoken_deserialize(const char *value, SciToken *token, char const* const* allowed_issuers, char **err_msg);
 
+/**
+ * @brief Start the deserialization process for a token, returning a status object.
+ * 
+ * @param value The serialized token.
+ * @param token Destination for the token object.
+ * @param allowed_issuers List of allowed issuers, or nullptr for no issuer check.
+ * @param status Destination for the status object.
+ * @param err_msg Destination for error message.
+ * @return int 0 on success, -1 on error.
+ */
+
+int scitoken_deserialize_start(const char *value, SciToken *token, char const* const* allowed_issuers,
+    SciTokenStatus *status, char **err_msg);
+
+
+int scitoken_deserialize_continue(SciToken *token, SciTokenStatus *status, char **err_msg);
+
 int scitoken_deserialize_v2(const char *value, SciToken token, char const* const* allowed_issuers, char **err_msg);
 
 int scitoken_store_public_ec_key(const char *issuer, const char *keyid, const char *value, char **err_msg);
diff --git a/src/scitokens_internal.cpp b/src/scitokens_internal.cpp
@@ -447,8 +447,37 @@ SciToken::deserialize(const std::string &data, const std::vector<std::string> al
     m_profile = val.get_profile();
 }
 
+std::unique_ptr<SciTokenAsyncStatus>
+SciToken::deserialize_start(const std::string &data, const std::vector<std::string> allowed_issuers) {
+    m_decoded.reset(new jwt::decoded_jwt(data));
+
+    scitokens::Validator val;
+    val.add_allowed_issuers(allowed_issuers);
+    val.set_validate_all_claims_scitokens_1(false);
+    val.set_validate_profile(m_deserialize_profile);
+    std::unique_ptr<SciTokenAsyncStatus> status(new SciTokenAsyncStatus());
+    status->m_status = val.verify_async(*m_decoded);
+
+    return std::move(deserialize_continue(std::move(status)));
+}
+
+std::unique_ptr<SciTokenAsyncStatus>
+SciToken::deserialize_continue(std::unique_ptr<SciTokenAsyncStatus> status) {
+
+    status->m_status = status->m_validator->verify_async_continue(std::move(status->m_status));
+    // Check if the status is completed
+    if (status->m_status) {
+        // Set all the claims
+        m_claims = m_decoded->get_payload_claims();
+
+        // Copy over the profile
+        m_profile = m_profile;
+    }
+    return std::move(status);
+}
+
 
-std::unique_ptr<Validator::AsyncStatus>
+std::unique_ptr<AsyncStatus>
 Validator::get_public_keys_from_web(const std::string &issuer)
 {
     std::string openid_metadata, oauth_metadata;
@@ -466,7 +495,7 @@ Validator::get_public_keys_from_web(const std::string &issuer)
 }
 
 
-std::unique_ptr<Validator::AsyncStatus>
+std::unique_ptr<AsyncStatus>
 Validator::get_public_keys_from_web_continue(std::unique_ptr<AsyncStatus> status)
 {
     char *buffer;
@@ -537,7 +566,7 @@ Validator::get_public_keys_from_web_continue(std::unique_ptr<AsyncStatus> status
 }
 
 
-std::unique_ptr<Validator::AsyncStatus>
+std::unique_ptr<AsyncStatus>
 Validator::get_public_key_pem(const std::string &issuer, const std::string &kid, std::string &public_pem, std::string &algorithm) {
 
     auto now = std::time(NULL);
@@ -566,8 +595,8 @@ Validator::get_public_key_pem(const std::string &issuer, const std::string &kid,
     }
 }
 
-std::unique_ptr<Validator::AsyncStatus>
-Validator::get_public_key_pem_continue(std::unique_ptr<Validator::AsyncStatus> status, std::string &public_pem, std::string &algorithm) {
+std::unique_ptr<AsyncStatus>
+Validator::get_public_key_pem_continue(std::unique_ptr<AsyncStatus> status, std::string &public_pem, std::string &algorithm) {
 
     if (status->m_continue_fetch) {
         try {
diff --git a/src/scitokens_internal.h b/src/scitokens_internal.h
@@ -157,6 +157,55 @@ class SciTokenKey {
 
 class Validator;
 
+class AsyncStatus {
+public:
+    AsyncStatus() = default;
+    AsyncStatus(const AsyncStatus &) = delete;
+    AsyncStatus & operator=(const AsyncStatus &) = delete;
+
+    bool m_done{false};
+    bool m_continue_fetch{false};
+    bool m_ignore_error{false};
+    bool m_do_store{true};
+    bool m_has_metadata{false};
+    bool m_oauth_fallback{false};
+
+    int64_t m_next_update{-1};
+    int64_t m_expires{-1};
+    picojson::value m_keys;
+    std::string m_issuer;
+    std::string m_kid;
+    std::string m_oauth_metadata_url;
+    std::unique_ptr<internal::SimpleCurlGet> m_cget;
+    std::string m_jwt_string;
+    std::string m_public_pem;
+    std::string m_algorithm;
+
+    struct timeval get_timeout_val(time_t expiry_time) const {
+        auto now = time(NULL);
+        long timeout_ms = 100*(expiry_time - now);
+        if (m_cget && (m_cget->get_timeout_ms() < timeout_ms)) timeout_ms = m_cget->get_timeout_ms();
+        struct timeval timeout;
+        timeout.tv_sec = timeout_ms / 1000;
+        timeout.tv_usec = (timeout_ms % 1000) * 1000;
+        return timeout;
+    }
+
+    int get_max_fd() const {return m_cget ? m_cget->get_max_fd() : -1;}
+    fd_set *get_read_fd_set() {return m_cget ? m_cget->get_read_fd_set() : nullptr;}
+    fd_set *get_write_fd_set() {return m_cget ? m_cget->get_write_fd_set() : nullptr;}
+    fd_set *get_exc_fd_set() {return m_cget ? m_cget->get_exc_fd_set() : nullptr;}
+};
+
+class SciTokenAsyncStatus {
+public:
+    SciTokenAsyncStatus() = default;
+    SciTokenAsyncStatus(const SciTokenAsyncStatus &) = delete;
+    SciTokenAsyncStatus & operator=(const SciTokenAsyncStatus &) = delete;
+
+    std::unique_ptr<Validator> m_validator;
+    std::unique_ptr<AsyncStatus> m_status;
+};
 
 class SciToken {
 
@@ -286,6 +335,10 @@ friend class scitokens::Validator;
     void
     deserialize(const std::string &data, std::vector<std::string> allowed_issuers={});
 
+    std::unique_ptr<SciTokenAsyncStatus> deserialize_start(const std::string &data, std::vector<std::string> allowed_issuers={});
+
+    std::unique_ptr<SciTokenAsyncStatus> deserialize_continue(std::unique_ptr<SciTokenAsyncStatus> status);
+
 private:
     bool m_issuer_set{false};
     int m_lifetime{600};
@@ -306,46 +359,6 @@ class Validator {
 
 public:
 
-    class AsyncStatus {
-    public:
-        AsyncStatus() = default;
-        AsyncStatus(const AsyncStatus &) = delete;
-        AsyncStatus & operator=(const AsyncStatus &) = delete;
-
-        bool m_done{false};
-        bool m_continue_fetch{false};
-        bool m_ignore_error{false};
-        bool m_do_store{true};
-        bool m_has_metadata{false};
-        bool m_oauth_fallback{false};
-
-        int64_t m_next_update{-1};
-        int64_t m_expires{-1};
-        picojson::value m_keys;
-        std::string m_issuer;
-        std::string m_kid;
-        std::string m_oauth_metadata_url;
-        std::unique_ptr<internal::SimpleCurlGet> m_cget;
-        std::string m_jwt_string;
-        std::string m_public_pem;
-        std::string m_algorithm;
-
-        struct timeval get_timeout_val(time_t expiry_time) const {
-            auto now = time(NULL);
-            long timeout_ms = 100*(expiry_time - now);
-            if (m_cget && (m_cget->get_timeout_ms() < timeout_ms)) timeout_ms = m_cget->get_timeout_ms();
-            struct timeval timeout;
-            timeout.tv_sec = timeout_ms / 1000;
-            timeout.tv_usec = (timeout_ms % 1000) * 1000;
-            return timeout;
-        }
-
-        int get_max_fd() const {return m_cget ? m_cget->get_max_fd() : -1;}
-        fd_set *get_read_fd_set() {return m_cget ? m_cget->get_read_fd_set() : nullptr;}
-        fd_set *get_write_fd_set() {return m_cget ? m_cget->get_write_fd_set() : nullptr;}
-        fd_set *get_exc_fd_set() {return m_cget ? m_cget->get_exc_fd_set() : nullptr;}
-    };
-
     std::unique_ptr<AsyncStatus> verify_async(const SciToken &scitoken) {
         const jwt::decoded_jwt *jwt_decoded = scitoken.m_decoded.get();
         if (!jwt_decoded) {
@@ -701,7 +714,7 @@ class Enforcer {
     }
 
 
-    std::unique_ptr<Validator::AsyncStatus> generate_acls_start(const SciToken &scitoken, AclsList &acls) {
+    std::unique_ptr<AsyncStatus> generate_acls_start(const SciToken &scitoken, AclsList &acls) {
         reset_state();
         auto status = m_validator.verify_async(scitoken);
         if (status->m_done) {
@@ -711,7 +724,7 @@ class Enforcer {
     }
 
 
-    std::unique_ptr<Validator::AsyncStatus>  generate_acls_continue(std::unique_ptr<Validator::AsyncStatus> status, AclsList &acls) {
+    std::unique_ptr<AsyncStatus>  generate_acls_continue(std::unique_ptr<AsyncStatus> status, AclsList &acls) {
         auto result = m_validator.verify_async_continue(std::move(status));
         if (result->m_done) {
             acls = m_gen_acls;
diff --git a/test/main.cpp b/test/main.cpp
@@ -344,9 +344,28 @@ TEST_F(SerializeTest, EnforcerScopeTest) {
     ASSERT_TRUE(found_read);
     ASSERT_TRUE(found_write);
 
+}
+
+TEST_F(SerializeTest, DeserializeAsyncTest) {
+    char *err_msg = nullptr;
+
+    // Serialize as "compat" token.
+    char *token_value = nullptr;
+    scitoken_set_serialize_profile(m_token.get(), SciTokenProfile::COMPAT);
+    auto rv = scitoken_serialize(m_token.get(), &token_value, &err_msg);
+    ASSERT_TRUE(rv == 0);
+    std::unique_ptr<char, decltype(&free)> token_value_ptr(token_value, free);
 
+    SciToken scitoken;
+    SciTokenStatus status;
 
+    // Accepts any profile.
+    rv = scitoken_deserialize_start(token_value, &scitoken, nullptr, &status, &err_msg);
+    ASSERT_TRUE(rv == 0);
 
+    // Accepts only an at+jwt token, should fail with COMPAT token
+    rv = scitoken_deserialize_continue(&scitoken, &status, &err_msg);
+    ASSERT_FALSE(rv == 0);
 }
 
 }
