// Copyright 2023 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "services/network/ip_protection/ip_protection_token_cache_manager_impl.h" #include <memory> #include <string> #include "base/metrics/histogram_functions.h" #include "base/rand_util.h" #include "base/task/task_traits.h" #include "base/task/thread_pool.h" #include "base/time/time.h" #include "components/ip_protection/common/ip_protection_data_types.h" #include "components/ip_protection/common/ip_protection_telemetry.h" #include "net/base/features.h" #include "services/network/ip_protection/ip_protection_config_cache.h" #include "services/network/ip_protection/ip_protection_geo_utils.h" namespace network { namespace { // Minimum time before actual expiration that a token is considered // "expired" and removed. The maximum time is given by the // `IpPrivacyExpirationFuzz` feature param. constexpr base::TimeDelta kMinimumFuzzInterval = …; // Interval between measurements of the token rates. constexpr base::TimeDelta kTokenRateMeasurementInterval = …; // Time delay used for immediate refill to prevent overloading servers. constexpr base::TimeDelta kImmediateTokenRefillDelay = …; // Time delay used for when a token limit has been exceeded. constexpr base::TimeDelta kTokenLimitExceededDelay = …; // Default Geo used until caching by geo is enabled. constexpr char kDefaultGeo[] = …; } // namespace BlindSignedAuthToken; IpProtectionTokenCacheManagerImpl::IpProtectionTokenCacheManagerImpl( IpProtectionConfigCache* config_cache, IpProtectionConfigGetter* config_getter, ip_protection::ProxyLayer proxy_layer, bool disable_cache_management_for_testing) : … { … } IpProtectionTokenCacheManagerImpl::~IpProtectionTokenCacheManagerImpl() = default; bool IpProtectionTokenCacheManagerImpl::IsAuthTokenAvailable() { … } bool IpProtectionTokenCacheManagerImpl::IsAuthTokenAvailable( const std::string& geo_id) { … } // If this is a good time to request another batch of tokens, do so. This // method is idempotent, and can be called at any time. void IpProtectionTokenCacheManagerImpl::MaybeRefillCache() { … } void IpProtectionTokenCacheManagerImpl::InvalidateTryAgainAfterTime() { … } std::string IpProtectionTokenCacheManagerImpl::CurrentGeo() const { … } void IpProtectionTokenCacheManagerImpl::SetCurrentGeo( const std::string& geo_id) { … } // Schedule the next timed call to `MaybeRefillCache()`. This method is // idempotent, and may be called at any time. void IpProtectionTokenCacheManagerImpl::ScheduleMaybeRefillCache() { … } // Returns true if the cache map does not contain the necessary geo or the // number of tokens in the latest geo is below the low water mark. bool IpProtectionTokenCacheManagerImpl::NeedsRefill( const std::string& geo_id) const { … } // Returns true if the cache of the latest geo contains more that enough // tokens. // This indicates a possible bad state where new tokens are continually // being requested "on-demand" due to a geo mismatch between token and proxy // list signals in `IpProtectionConfigCache`. bool IpProtectionTokenCacheManagerImpl::IsTokenLimitExceeded( const std::string& geo_id) const { … } void IpProtectionTokenCacheManagerImpl::OnGotAuthTokens( const base::TimeTicks attempt_start_time_for_metrics, std::optional<std::vector<BlindSignedAuthToken>> tokens, std::optional<base::Time> try_again_after) { … } std::optional<BlindSignedAuthToken> IpProtectionTokenCacheManagerImpl::GetAuthToken() { … } std::optional<BlindSignedAuthToken> IpProtectionTokenCacheManagerImpl::GetAuthToken(const std::string& geo_id) { … } // All calls to this function should be accompanied by a call to // `MaybeRefillCache()`. void IpProtectionTokenCacheManagerImpl::RemoveExpiredTokens() { … } void IpProtectionTokenCacheManagerImpl::MeasureTokenRates() { … } void IpProtectionTokenCacheManagerImpl::DisableCacheManagementForTesting( base::OnceClosure on_cache_management_disabled) { … } void IpProtectionTokenCacheManagerImpl::EnableTokenExpirationFuzzingForTesting( bool enable) { … } // Call `TryGetAuthTokens()`, which will call // `on_try_get_auth_tokens_completed_for_testing_` when complete. void IpProtectionTokenCacheManagerImpl::CallTryGetAuthTokensForTesting() { … } } // namespace network
Codebase Browser
chromium