Data reduction proxy sessions last no more than 24 hours

This CL ensures that data reduction proxy sessions last no longer than 24 hours. After 24 hours and on restart, a new session ID is used. BUG=402563 Review URL: https://codereview.chromium.org/465823002 Cr-Commit-Position: refs/heads/master@{#289289} git-svn-id: svn://svn.chromium.org/chrome/trunk/src@289289 0039d316-1c4b-4281-b951-d872f2087c98

Data reduction proxy sessions last no more than 24 hours
This CL ensures that data reduction proxy sessions last no longer than 24 hours. After 24 hours and on restart, a new session ID is used. BUG=402563 Review URL: https://codereview.chromium.org/465823002 Cr-Commit-Position: refs/heads/master@{#289289} git-svn-id: svn://svn.chromium.org/chrome/trunk/src@289289 0039d316-1c4b-4281-b951-d872f2087c98
7aaab497 · bengr@chromium.org · 804afc69 · 7aaab497 · 7aaab497 · 7aaab497
Commit 7aaab497 authored Aug 13, 2014 by bengr@chromium.org
3 changed files
--- a/components/data_reduction_proxy/browser/data_reduction_proxy_auth_request_handler.cc
+++ b/components/data_reduction_proxy/browser/data_reduction_proxy_auth_request_handler.cc
@@ -99,6 +99,11 @@ void DataReductionProxyAuthRequestHandler::MaybeAddRequestHeader(
 void DataReductionProxyAuthRequestHandler::AddAuthorizationHeader(
    net::HttpRequestHeaders* headers) {
+  base::Time now = Now();
+  if (now - last_update_time_ > base::TimeDelta::FromHours(24)) {
+    last_update_time_ = now;
+    ComputeCredentials(last_update_time_, &session_, &credentials_);
+  }
  const char kChromeProxyHeader[] = "Chrome-Proxy";
  std::string header_value;
  if (headers->HasHeader(kChromeProxyHeader)) {
@@ -115,34 +120,40 @@ void DataReductionProxyAuthRequestHandler::AddAuthorizationHeader(
 void DataReductionProxyAuthRequestHandler::InitAuthenticationOnUI(
    const std::string& key) {
-  key_ = key;
+  network_task_runner_->PostTask(FROM_HERE, base::Bind(
+      &DataReductionProxyAuthRequestHandler::InitAuthentication,
+      base::Unretained(this),
+      key));
+}
+void DataReductionProxyAuthRequestHandler::ComputeCredentials(
+    const base::Time& now,
+    std::string* session,
+    std::string* credentials) {
+  DCHECK(session);
+  DCHECK(credentials);
  int64 timestamp =
-      (Now() - base::Time::UnixEpoch()).InMilliseconds() / 1000;
+      (now - base::Time::UnixEpoch()).InMilliseconds() / 1000;
  int32 rand[3];
  RandBytes(rand, 3 * sizeof(rand[0]));
-  std::string session = base::StringPrintf("%lld-%u-%u-%u",
+  *session = base::StringPrintf("%lld-%u-%u-%u",
-                                           static_cast<long long>(timestamp),
+                                static_cast<long long>(timestamp),
-                                           rand[0],
+                                rand[0],
-                                           rand[1],
+                                rand[1],
-                                           rand[2]);
+                                rand[2]);
-  std::string credentials = base::UTF16ToUTF8(AuthHashForSalt(timestamp, key_));
+  *credentials = base::UTF16ToUTF8(AuthHashForSalt(timestamp, key_));
-  DVLOG(1) << "session: [" << session << "] "
+  DVLOG(1) << "session: [" << *session << "] "
-           << "password: [" << credentials  << "]";
+           << "password: [" << *credentials  << "]";
-  network_task_runner_->PostTask(FROM_HERE, base::Bind(
-      &DataReductionProxyAuthRequestHandler::InitAuthentication,
-      base::Unretained(this),
-      session,
-      credentials));
 }
 void DataReductionProxyAuthRequestHandler::InitAuthentication(
-    const std::string& session,
+    const std::string& key) {
-    const std::string& credentials) {
  DCHECK(network_task_runner_->BelongsToCurrentThread());
-  session_ = session;
+  key_ = key;
-  credentials_ = credentials;
+  last_update_time_ = Now();
+  ComputeCredentials(last_update_time_, &session_, &credentials_);
 }
 void DataReductionProxyAuthRequestHandler::SetKeyOnUI(const std::string& key) {

--- a/components/data_reduction_proxy/browser/data_reduction_proxy_auth_request_handler.h
+++ b/components/data_reduction_proxy/browser/data_reduction_proxy_auth_request_handler.h
@@ -82,9 +82,15 @@ class DataReductionProxyAuthRequestHandler {
  FRIEND_TEST_ALL_PREFIXES(DataReductionProxyAuthRequestHandlerTest,
                           AuthHashForSalt);
-  void InitAuthentication(
+  // Stores the supplied key and sets up credentials suitable for authenticating
-      const std::string& session,
+  // with the data reduction proxy.
-      const std::string& credentials);
+  void InitAuthentication(const std::string& key);
+  // Generates a session ID and credentials suitable for authenticating with
+  // the data reduction proxy.
+  void ComputeCredentials(const base::Time& now,
+                          std::string* session,
+                          std::string* credentials);
  // Authentication state.
  std::string key_;
@@ -98,6 +104,10 @@ class DataReductionProxyAuthRequestHandler {
  std::string client_;
  std::string version_;
+  // The last time the session was updated. Used to ensure that a session is
+  // never used for more than twenty-four hours.
+  base::Time last_update_time_;
  DataReductionProxyParams* data_reduction_proxy_params_;
  scoped_refptr<base::SingleThreadTaskRunner> network_task_runner_;

--- a/components/data_reduction_proxy/browser/data_reduction_proxy_auth_request_handler_unittest.cc
+++ b/components/data_reduction_proxy/browser/data_reduction_proxy_auth_request_handler_unittest.cc
@@ -43,14 +43,23 @@ const char kExpectedSession2[] = "0-1633771873-1633771873-1633771873";
 const char kExpectedHeader2[] =
    "ps=0-1633771873-1633771873-1633771873, "
    "sid=c911fdb402f578787562cf7f00eda972, v=0, c=android";
+const char kExpectedHeader3[] =
+    "ps=86401-1633771873-1633771873-1633771873, "
+    "sid=d7c1c34ef6b90303b01c48a6c1db6419, v=0, c=android";
 #elif defined(OS_IOS)
 const char kExpectedHeader2[] =
    "ps=0-1633771873-1633771873-1633771873, "
    "sid=c911fdb402f578787562cf7f00eda972, v=0, c=ios";
+const char kExpectedHeader3[] =
+    "ps=86401-1633771873-1633771873-1633771873, "
+    "sid=d7c1c34ef6b90303b01c48a6c1db6419, v=0, c=ios";
 #else
 const char kExpectedHeader2[] =
    "ps=0-1633771873-1633771873-1633771873, "
    "sid=c911fdb402f578787562cf7f00eda972, v=0";
+const char kExpectedHeader3[] =
+    "ps=86401-1633771873-1633771873-1633771873, "
+    "sid=d7c1c34ef6b90303b01c48a6c1db6419, v=0";
 #endif
 const char kDataReductionProxyKey[] = "12345";
@@ -75,7 +84,7 @@ class TestDataReductionProxyAuthRequestHandler
  }
  virtual base::Time Now() const OVERRIDE {
-    return base::Time::UnixEpoch();
+    return base::Time::UnixEpoch() + now_offset_;
  }
  virtual void RandBytes(void* output, size_t length) OVERRIDE {
@@ -84,6 +93,14 @@ class TestDataReductionProxyAuthRequestHandler
      c[i] = 'a';
    }
  }
+  // Time after the unix epoch that Now() reports.
+  void set_offset(const base::TimeDelta& now_offset) {
+    now_offset_ = now_offset;
+  }
+ private:
+  base::TimeDelta now_offset_;
 };
 }  // namespace
@@ -134,22 +151,52 @@ TEST_F(DataReductionProxyAuthRequestHandlerTest, Authorization) {
  // Don't write headers with a valid proxy, that's not a data reduction proxy.
  auth_handler.MaybeAddRequestHeader(
-    NULL,
+      NULL,
-    net::ProxyServer::FromURI(kOtherProxy, net::ProxyServer::SCHEME_HTTP),
+      net::ProxyServer::FromURI(kOtherProxy, net::ProxyServer::SCHEME_HTTP),
-    &headers);
+      &headers);
  EXPECT_FALSE(headers.HasHeader(kChromeProxyHeader));
  // Write headers with a valid data reduction proxy;
  auth_handler.MaybeAddRequestHeader(
-    NULL,
+      NULL,
-    net::ProxyServer::FromURI(
+      net::ProxyServer::FromURI(
-        net::HostPortPair::FromURL(GURL(params->DefaultOrigin())).ToString(),
+          net::HostPortPair::FromURL(GURL(params->DefaultOrigin())).ToString(),
-        net::ProxyServer::SCHEME_HTTP),
+          net::ProxyServer::SCHEME_HTTP),
-    &headers);
+      &headers);
  EXPECT_TRUE(headers.HasHeader(kChromeProxyHeader));
  std::string header_value;
  headers.GetHeader(kChromeProxyHeader, &header_value);
  EXPECT_EQ(kExpectedHeader2, header_value);
+  // Fast forward 24 hours. The header should be the same.
+  auth_handler.set_offset(base::TimeDelta::FromSeconds(24 * 60 * 60));
+  net::HttpRequestHeaders headers2;
+  // Write headers with a valid data reduction proxy;
+  auth_handler.MaybeAddRequestHeader(
+      NULL,
+      net::ProxyServer::FromURI(
+          net::HostPortPair::FromURL(GURL(params->DefaultOrigin())).ToString(),
+          net::ProxyServer::SCHEME_HTTP),
+      &headers2);
+  EXPECT_TRUE(headers2.HasHeader(kChromeProxyHeader));
+  std::string header_value2;
+  headers2.GetHeader(kChromeProxyHeader, &header_value2);
+  EXPECT_EQ(kExpectedHeader2, header_value2);
+  // Fast forward one more second. The header should be new.
+  auth_handler.set_offset(base::TimeDelta::FromSeconds(24 * 60 * 60 + 1));
+  net::HttpRequestHeaders headers3;
+  // Write headers with a valid data reduction proxy;
+  auth_handler.MaybeAddRequestHeader(
+      NULL,
+      net::ProxyServer::FromURI(
+          net::HostPortPair::FromURL(GURL(params->DefaultOrigin())).ToString(),
+          net::ProxyServer::SCHEME_HTTP),
+      &headers3);
+  EXPECT_TRUE(headers3.HasHeader(kChromeProxyHeader));
+  std::string header_value3;
+  headers3.GetHeader(kChromeProxyHeader, &header_value3);
+  EXPECT_EQ(kExpectedHeader3, header_value3);
 }
 TEST_F(DataReductionProxyAuthRequestHandlerTest, AuthHashForSalt) {