src/access_revocation_manager.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

// Copyright 2016 The Weave Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef LIBWEAVE_SRC_ACCESS_REVOCATION_MANAGER_H_
#define LIBWEAVE_SRC_ACCESS_REVOCATION_MANAGER_H_

#include <vector>

#include <base/time/time.h>

namespace weave {

class AccessRevocationManager {
 public:
  struct Entry {
    Entry() = default;

    Entry(const std::vector<uint8_t>& user,
          const std::vector<uint8_t>& app,
          base::Time revocation_ts,
          base::Time expiration_ts)
        : user_id{user},
          app_id{app},
          revocation{revocation_ts},
          expiration{expiration_ts} {}
    // user_id is empty, app_id is empty: block everything.
    // user_id is not empty, app_id is empty: block if user_id matches.
    // user_id is empty, app_id is not empty: block if app_id matches.
    // user_id is not empty, app_id is not empty: block if both match.
    std::vector<uint8_t> user_id;
    std::vector<uint8_t> app_id;

    // Revoke matching entries if |revocation| is not less than
    // delegation timestamp.
    base::Time revocation;

    // Time after which to discard the rule.
    base::Time expiration;
  };
  virtual ~AccessRevocationManager() = default;

  virtual void AddEntryAddedCallback(const base::Closure& callback) = 0;
  virtual void Block(const Entry& entry, const DoneCallback& callback) = 0;
  virtual bool IsBlocked(const std::vector<uint8_t>& user_id,
                         const std::vector<uint8_t>& app_id,
                         base::Time timestamp) const = 0;
  virtual std::vector<Entry> GetEntries() const = 0;
  virtual size_t GetSize() const = 0;
  virtual size_t GetCapacity() const = 0;
};

inline bool operator==(const AccessRevocationManager::Entry& l,
                       const AccessRevocationManager::Entry& r) {
  auto make_tuple = [](const AccessRevocationManager::Entry& e) {
    return std::tie(e.revocation, e.expiration, e.user_id, e.app_id);
  };
  return make_tuple(l) == make_tuple(r);
}

inline bool operator!=(const AccessRevocationManager::Entry& l,
                       const AccessRevocationManager::Entry& r) {
  return !(l == r);
}

}  // namespace weave

#endif  // LIBWEAVE_SRC_ACCESS_REVOCATION_MANAGER_H_