Implement Firebase Instance ID on desktop to call into App's IID library.

Implement GetId() and GetToken() synchronously (for now). DeleteId() and DeleteToken() are also implemented synchronously (though they don't call Delete on the server yet).

Turns out that the AppId needs to use an alternate version of Base64 that is "url safe" so this CL adds support for that as well, and fleshes out the tests/fuzzer to ensure coverage.

PiperOrigin-RevId: 248639274

Author: jonsimantov

app/instance_id/instance_id_desktop_impl.cc

@@ -135,12 +135,18 @@ InstanceIdDesktopImpl* InstanceIdDesktopImpl::GetInstance(App* app) {
 }
 
 Future<std::string> InstanceIdDesktopImpl::GetId() {
-  // TODO(b/132622932)
+  // GetId() -> Check-in, generate an ID / get cached ID, return the ID
   SafeFutureHandle<std::string> handle =
       ref_future()->SafeAlloc<std::string>(kInstanceIdFnGetId);
-  ref_future()->Complete(handle, kErrorUnavailable, "Not Implemented yet");
 
-  return MakeFuture(ref_future(), handle);
+  Future<std::string> future = MakeFuture(ref_future(), handle);
+  if (!InitialOrRefreshCheckin()) {
+    ref_future()->Complete(handle, kErrorUnavailable, "Error in checkin");
+    return future;
+  }
+  ref_future()->CompleteWithResult(handle, 0, "", instance_id_);
+
+  return future;
 }
 
 Future<std::string> InstanceIdDesktopImpl::GetIdLastResult() {
@@ -149,10 +155,25 @@ Future<std::string> InstanceIdDesktopImpl::GetIdLastResult() {
 }
 
 Future<void> InstanceIdDesktopImpl::DeleteId() {
-  // TODO(b/132621850)
+  // DeleteId() -> Delete all tokens and remove them from the cache, then clear
+  // ID.
   SafeFutureHandle<void> handle =
       ref_future()->SafeAlloc<void>(kInstanceIdFnRemoveId);
-  ref_future()->Complete(handle, kErrorUnavailable, "Not Implemented yet");
+
+  std::vector<std::string> token_scopes;
+  for (auto i = tokens_.begin(); i != tokens_.end(); ++i) {
+    token_scopes.push_back(i->first);
+  }
+  // Delete all tokens.
+  while (!token_scopes.empty()) {
+    /* TODO DeleteTokenRequest(token_scopes.back()); */
+    DeleteCachedToken(token_scopes.back().c_str());
+    token_scopes.pop_back();
+  }
+  instance_id_ = "";
+  DeleteFromStorage();
+  checkin_data_.Clear();
+  ref_future()->Complete(handle, 0, "");
 
   return MakeFuture(ref_future(), handle);
 }
@@ -162,11 +183,20 @@ Future<void> InstanceIdDesktopImpl::DeleteIdLastResult() {
       ref_future()->LastResult(kInstanceIdFnRemoveId));
 }
 
-Future<std::string> InstanceIdDesktopImpl::GetToken() {
-  // TODO(b/132622932)
+Future<std::string> InstanceIdDesktopImpl::GetToken(const char* scope) {
+  // GetToken() -> GetId() then get token from cache or using check-in
+  // information, return the token
+
   SafeFutureHandle<std::string> handle =
       ref_future()->SafeAlloc<std::string>(kInstanceIdFnGetToken);
-  ref_future()->Complete(handle, kErrorUnavailable, "Not Implemented yet");
+
+  std::string scope_str(scope);
+  if (FetchToken(scope_str.c_str())) {
+    ref_future()->CompleteWithResult(handle, 0, "",
+                                     FindCachedToken(scope_str.c_str()));
+  } else {
+    ref_future()->Complete(handle, kErrorUnknownError, "FetchToken failed");
+  }
 
   return MakeFuture(ref_future(), handle);
 }
@@ -176,12 +206,20 @@ Future<std::string> InstanceIdDesktopImpl::GetTokenLastResult() {
       ref_future()->LastResult(kInstanceIdFnGetToken));
 }
 
-Future<void> InstanceIdDesktopImpl::DeleteToken() {
-  // TODO(b/132621850)
+Future<void> InstanceIdDesktopImpl::DeleteToken(const char* scope) {
+  // DeleteToken() --> delete token request and remove from the cache
+
   SafeFutureHandle<void> handle =
       ref_future()->SafeAlloc<void>(kInstanceIdFnRemoveToken);
-  ref_future()->Complete(handle, kErrorUnavailable, "Not Implemented yet");
 
+  std::string scope_str(scope);
+  DeleteCachedToken(scope_str.c_str());
+  if (/*ServerDeleteToken(scope_str.c_str() && */
+      tokens_.find(scope_str) == tokens_.end()) {
+    ref_future()->Complete(handle, 0, "");
+  } else {
+    ref_future()->Complete(handle, kErrorUnknownError, "DeleteToken failed");
+  }
   return MakeFuture(ref_future(), handle);
 }
 
@@ -315,11 +353,14 @@ bool InstanceIdDesktopImpl::InitialOrRefreshCheckin() {
     instance_id_ = GenerateAppId();
   }
 
+  if (checkin_data_.device_id.empty() || checkin_data_.security_token.empty() ||
+      checkin_data_.digest.empty()) {
+    // If any of these aren't set, checkin data is incomplete, so clear it.
+    checkin_data_.Clear();
+  }
+
   // If we've already checked in.
   if (checkin_data_.last_checkin_time_ms > 0) {
-    FIREBASE_ASSERT(!checkin_data_.device_id.empty() &&
-                    !checkin_data_.security_token.empty() &&
-                    !checkin_data_.digest.empty());
     // Make sure the device ID and token aren't expired.
     uint64_t time_elapsed_ms =
         firebase::internal::GetTimestamp() - checkin_data_.last_checkin_time_ms;
@@ -465,7 +506,7 @@ std::string InstanceIdDesktopImpl::GenerateAppId() {
   std::string input(reinterpret_cast<char*>(buffer), sizeof(buffer));
   std::string output;
 
-  if (firebase::internal::Base64Encode(input, &output)) {
+  if (firebase::internal::Base64EncodeUrlSafe(input, &output)) {
     return output;
   }
   return "";  // Error encoding.

app/instance_id/instance_id_desktop_impl.h

@@ -87,13 +87,13 @@ class InstanceIdDesktopImpl {
 
   // Returns a token that authorizes an Entity to perform an action on
   // behalf of the application identified by Instance ID.
-  Future<std::string> GetToken();
+  Future<std::string> GetToken(const char* scope);
 
   // Get the results of the most recent call to @ref GetToken.
   Future<std::string> GetTokenLastResult();
 
   // Revokes access to a scope (action)
-  Future<void> DeleteToken();
+  Future<void> DeleteToken(const char* scope);
 
   // Get the results of the most recent call to @ref DeleteToken.
   Future<void> DeleteTokenLastResult();

app/src/base64.cc

@@ -27,17 +27,19 @@ namespace internal {
 // Maps 6-bit index to base64 encoded character.
 static const char kBase64Table[] =
     "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+static const char kBase64TableUrlSafe[] =
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
 
 // Reverse lookup for kBase64Table above; -1 signifies an invalid character.
 // Maps ASCII value to 6-bit index.
 // clang-format off
 static const int8_t kBase64TableReverse[256] = {
   /*   0 */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
   /*  16 */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-  /*  32 */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63,
+  /*  32 */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, 62, -1, 63,
   /*  48 */ 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1,  0, -1, -1,
   /*  64 */ -1,  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14,
-  /*  80 */ 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1,
+  /*  80 */ 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, 63,
   /*  96 */ -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
   /* 112 */ 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1,
   /* 128 */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
@@ -58,7 +60,7 @@ static const char kBase64NullEnding = '=';
 
 // Base64 encode a string (binary allowed). Returns true if successful.
 static bool Base64EncodeInternal(const std::string& input, std::string* output,
-                                 bool pad_to_32_bits) {
+                                 bool url_safe, bool pad_to_32_bits) {
   if (!output) {
     return false;
   }
@@ -68,6 +70,8 @@ static bool Base64EncodeInternal(const std::string& input, std::string* output,
   std::string inplace_buffer;
   std::string* output_ptr = inplace ? &inplace_buffer : output;
 
+  const char* base64_table = url_safe ? kBase64TableUrlSafe : kBase64Table;
+
   // The base64 algorithm is pretty simple: take 3 bytes = 24 bits of data at a
   // time, and encode them in four 6-bit chunks.
   output_ptr->resize(GetBase64EncodedSize(input));
@@ -80,13 +84,13 @@ static bool Base64EncodeInternal(const std::string& input, std::string* output,
 
     uint32_t stream = (b2 & 0xFF) | ((b1 & 0xFF) << 8) | ((b0 & 0xFF) << 16);
 
-    (*output_ptr)[o + 0] = kBase64Table[(stream >> 18) & 0x3F];
-    (*output_ptr)[o + 1] = kBase64Table[(stream >> 12) & 0x3F];
+    (*output_ptr)[o + 0] = base64_table[(stream >> 18) & 0x3F];
+    (*output_ptr)[o + 1] = base64_table[(stream >> 12) & 0x3F];
     (*output_ptr)[o + 2] = (i + 1 < input.size())
-                               ? kBase64Table[(stream >> 6) & 0x3F]
+                               ? base64_table[(stream >> 6) & 0x3F]
                                : kBase64NullEnding;
     (*output_ptr)[o + 3] = (i + 2 < input.size())
-                               ? kBase64Table[(stream >> 0) & 0x3F]
+                               ? base64_table[(stream >> 0) & 0x3F]
                                : kBase64NullEnding;
   }
   if (!pad_to_32_bits) {
@@ -108,11 +112,20 @@ static bool Base64EncodeInternal(const std::string& input, std::string* output,
 }
 
 bool Base64Encode(const std::string& input, std::string* output) {
-  return Base64EncodeInternal(input, output, false);
+  return Base64EncodeInternal(input, output, false, false);
 }
 
 bool Base64EncodeWithPadding(const std::string& input, std::string* output) {
-  return Base64EncodeInternal(input, output, true);
+  return Base64EncodeInternal(input, output, false, true);
+}
+
+bool Base64EncodeUrlSafe(const std::string& input, std::string* output) {
+  return Base64EncodeInternal(input, output, true, false);
+}
+
+bool Base64EncodeUrlSafeWithPadding(const std::string& input,
+                                    std::string* output) {
+  return Base64EncodeInternal(input, output, true, true);
 }
 
 // Get the size that a given string would take up if encoded to Base64.

app/src/base64.h

@@ -29,16 +29,23 @@ bool Base64Encode(const std::string& input, std::string* output);
 // Pads output to 32 bits by adding = or == to the end, as is tradition.
 bool Base64EncodeWithPadding(const std::string& input, std::string* output);
 
+// Base64 encode a string (binary allowed). Returns true if successful.
+// Uses URL-safe characters (- and _ in place of + and /).
+bool Base64EncodeUrlSafe(const std::string& input, std::string* output);
+
+// Base64 encode a string (binary allowed). Returns true if successful.
+// Pads output to 32 bits by adding = or == to the end, as is tradition.
+// Uses URL-safe characters (- and _ in place of + and /).
+bool Base64EncodeUrlSafeWithPadding(const std::string& input,
+                                    std::string* output);
+
 // Get the size that a given string would take up if encoded to Base64, rounded
 // up to the next 4 bytes.
 size_t GetBase64EncodedSize(const std::string& input);
 
 // Base64 decode a string (may output binary). Returns true if successful, or
 // false if there is an error (in which case the output string is undefined).
-bool Base64Decode(const std::string& input, std::string* output);
-
-// Base64 decode a string (may output binary). Returns true if successful, or
-// false if there is an error (in which case the output string is undefined).
+// Can parse standard or url-safe characters.
 bool Base64Decode(const std::string& input, std::string* output);
 
 // Get the size that a given string would take up if decoded from Base64.

app/src/base64_fuzzer.cc

@@ -20,10 +20,27 @@
 #include "app/src/base64.h"
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-  // Test encoding and decoding this string.
+  // Test encoding and decoding this string with various permutations of
+  // options.
   std::string orig(reinterpret_cast<const char *>(data), size);
   std::string encoded, decoded;
-  bool success = firebase::internal::Base64Encode(orig, &encoded);
+  bool success;
+  success = firebase::internal::Base64Encode(orig, &encoded);
+  assert(success);
+  success = firebase::internal::Base64Decode(encoded, &decoded);
+  assert(success);
+  assert(orig == decoded);
+  success = firebase::internal::Base64EncodeWithPadding(orig, &encoded);
+  assert(success);
+  success = firebase::internal::Base64Decode(encoded, &decoded);
+  assert(success);
+  assert(orig == decoded);
+  success = firebase::internal::Base64EncodeUrlSafe(orig, &encoded);
+  assert(success);
+  success = firebase::internal::Base64Decode(encoded, &decoded);
+  assert(success);
+  assert(orig == decoded);
+  success = firebase::internal::Base64EncodeUrlSafeWithPadding(orig, &encoded);
   assert(success);
   success = firebase::internal::Base64Decode(encoded, &decoded);
   assert(success);