2021-11-03 10:44:10 +01:00
|
|
|
import { AmountString, j2s, Logger } from "@gnu-taler/taler-util";
|
|
|
|
import { AuthMethod, Policy, PolicyProvider } from "./reducer-types.js";
|
|
|
|
|
|
|
|
const logger = new Logger("anastasis-core:policy-suggestion.ts");
|
|
|
|
|
2021-11-05 09:40:46 +01:00
|
|
|
const maxMethodSelections = 200;
|
|
|
|
const maxPolicyEvaluations = 10000;
|
|
|
|
|
2021-11-03 10:44:10 +01:00
|
|
|
/**
|
|
|
|
* Provider information used during provider/method mapping.
|
|
|
|
*/
|
|
|
|
export interface ProviderInfo {
|
|
|
|
url: string;
|
|
|
|
methodCost: Record<string, AmountString>;
|
|
|
|
}
|
|
|
|
|
|
|
|
export function suggestPolicies(
|
|
|
|
methods: AuthMethod[],
|
|
|
|
providers: ProviderInfo[],
|
|
|
|
): PolicySelectionResult {
|
|
|
|
const numMethods = methods.length;
|
|
|
|
if (numMethods === 0) {
|
|
|
|
throw Error("no methods");
|
|
|
|
}
|
|
|
|
let numSel: number;
|
|
|
|
if (numMethods <= 2) {
|
|
|
|
numSel = numMethods;
|
|
|
|
} else if (numMethods <= 4) {
|
|
|
|
numSel = numMethods - 1;
|
|
|
|
} else if (numMethods <= 6) {
|
|
|
|
numSel = numMethods - 2;
|
|
|
|
} else if (numMethods == 7) {
|
|
|
|
numSel = numMethods - 3;
|
|
|
|
} else {
|
|
|
|
numSel = 4;
|
|
|
|
}
|
|
|
|
const policies: Policy[] = [];
|
2021-11-05 09:40:46 +01:00
|
|
|
const selections = enumerateMethodSelections(
|
|
|
|
numSel,
|
|
|
|
numMethods,
|
|
|
|
maxMethodSelections,
|
|
|
|
);
|
2021-11-03 10:44:10 +01:00
|
|
|
logger.info(`selections: ${j2s(selections)}`);
|
|
|
|
for (const sel of selections) {
|
|
|
|
const p = assignProviders(policies, methods, providers, sel);
|
|
|
|
if (p) {
|
|
|
|
policies.push(p);
|
|
|
|
}
|
|
|
|
}
|
2021-11-05 09:40:46 +01:00
|
|
|
logger.info(`suggesting policies ${j2s(policies)}`);
|
2021-11-03 10:44:10 +01:00
|
|
|
return {
|
|
|
|
policies,
|
|
|
|
policy_providers: providers.map((x) => ({
|
|
|
|
provider_url: x.url,
|
|
|
|
})),
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Assign providers to a method selection.
|
|
|
|
*
|
|
|
|
* The evaluation of the assignment is made with respect to
|
|
|
|
* previously generated policies.
|
|
|
|
*/
|
|
|
|
function assignProviders(
|
|
|
|
existingPolicies: Policy[],
|
|
|
|
methods: AuthMethod[],
|
|
|
|
providers: ProviderInfo[],
|
|
|
|
methodSelection: number[],
|
|
|
|
): Policy | undefined {
|
|
|
|
const providerSelections = enumerateProviderMappings(
|
|
|
|
methodSelection.length,
|
|
|
|
providers.length,
|
2021-11-05 09:40:46 +01:00
|
|
|
maxPolicyEvaluations,
|
2021-11-03 10:44:10 +01:00
|
|
|
);
|
|
|
|
|
|
|
|
let bestProvSel: ProviderSelection | undefined;
|
2021-11-05 09:40:46 +01:00
|
|
|
// Number of different providers selected, larger is better
|
2021-11-03 10:44:10 +01:00
|
|
|
let bestDiversity = 0;
|
2021-11-05 09:40:46 +01:00
|
|
|
// Number of identical challenges duplicated at different providers,
|
|
|
|
// smaller is better
|
|
|
|
let bestDuplication = Number.MAX_SAFE_INTEGER;
|
2021-11-03 10:44:10 +01:00
|
|
|
|
|
|
|
for (const provSel of providerSelections) {
|
|
|
|
// First, check if selection is even possible with the methods offered
|
|
|
|
let possible = true;
|
2021-11-08 15:51:39 +01:00
|
|
|
for (const methSelIndex in provSel) {
|
|
|
|
const provIndex = provSel[methSelIndex];
|
|
|
|
if (typeof provIndex !== "number") {
|
|
|
|
throw Error("invariant failed");
|
|
|
|
}
|
|
|
|
const methIndex = methodSelection[methSelIndex];
|
2021-11-03 10:44:10 +01:00
|
|
|
const meth = methods[methIndex];
|
2021-11-08 15:51:39 +01:00
|
|
|
if (!meth) {
|
|
|
|
throw Error("invariant failed");
|
|
|
|
}
|
2021-11-03 10:44:10 +01:00
|
|
|
const prov = providers[provIndex];
|
|
|
|
if (!prov.methodCost[meth.type]) {
|
|
|
|
possible = false;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!possible) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
// Evaluate diversity, always prefer policies
|
|
|
|
// that increase diversity.
|
|
|
|
const providerSet = new Set<string>();
|
2021-11-05 09:40:46 +01:00
|
|
|
// The C reducer evaluates diversity only per policy
|
|
|
|
// for (const pol of existingPolicies) {
|
|
|
|
// for (const m of pol.methods) {
|
|
|
|
// providerSet.add(m.provider);
|
|
|
|
// }
|
|
|
|
// }
|
2021-11-03 10:44:10 +01:00
|
|
|
for (const provIndex of provSel) {
|
|
|
|
const prov = providers[provIndex];
|
|
|
|
providerSet.add(prov.url);
|
|
|
|
}
|
|
|
|
|
|
|
|
const diversity = providerSet.size;
|
2021-11-05 09:40:46 +01:00
|
|
|
|
|
|
|
// Number of providers that each method shows up at.
|
|
|
|
const provPerMethod: Set<string>[] = [];
|
|
|
|
for (let i = 0; i < methods.length; i++) {
|
|
|
|
provPerMethod[i] = new Set<string>();
|
|
|
|
}
|
|
|
|
for (const pol of existingPolicies) {
|
|
|
|
for (const m of pol.methods) {
|
|
|
|
provPerMethod[m.authentication_method].add(m.provider);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
for (const methSelIndex in provSel) {
|
|
|
|
const prov = providers[provSel[methSelIndex]];
|
|
|
|
provPerMethod[methodSelection[methSelIndex]].add(prov.url);
|
|
|
|
}
|
|
|
|
|
|
|
|
let duplication = 0;
|
|
|
|
for (const provSet of provPerMethod) {
|
|
|
|
duplication += provSet.size;
|
|
|
|
}
|
|
|
|
|
|
|
|
logger.info(`diversity ${diversity}, duplication ${duplication}`);
|
|
|
|
|
2021-11-03 10:44:10 +01:00
|
|
|
if (!bestProvSel || diversity > bestDiversity) {
|
|
|
|
bestProvSel = provSel;
|
|
|
|
bestDiversity = diversity;
|
2021-11-05 09:40:46 +01:00
|
|
|
bestDuplication = duplication;
|
|
|
|
logger.info(`taking based on diversity`);
|
|
|
|
} else if (diversity == bestDiversity && duplication < bestDuplication) {
|
|
|
|
bestProvSel = provSel;
|
|
|
|
bestDiversity = diversity;
|
|
|
|
bestDuplication = duplication;
|
|
|
|
logger.info(`taking based on duplication`);
|
2021-11-03 10:44:10 +01:00
|
|
|
}
|
2021-11-05 09:40:46 +01:00
|
|
|
// TODO: also evaluate costs
|
2021-11-03 10:44:10 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!bestProvSel) {
|
|
|
|
return undefined;
|
|
|
|
}
|
|
|
|
|
|
|
|
return {
|
|
|
|
methods: bestProvSel.map((x, i) => ({
|
|
|
|
authentication_method: methodSelection[i],
|
|
|
|
provider: providers[x].url,
|
|
|
|
})),
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
2021-11-05 09:40:46 +01:00
|
|
|
/**
|
|
|
|
* A provider selection maps a method selection index to a provider index.
|
2021-11-08 15:51:39 +01:00
|
|
|
*
|
|
|
|
* I.e. "PSEL[i] = x" means that provider with index "x" should be used
|
|
|
|
* for method with index "MSEL[i]"
|
2021-11-05 09:40:46 +01:00
|
|
|
*/
|
2021-11-03 10:44:10 +01:00
|
|
|
type ProviderSelection = number[];
|
|
|
|
|
2021-11-08 15:51:39 +01:00
|
|
|
/**
|
|
|
|
* A method selection "MSEL[j] = y" means that policy method j
|
|
|
|
* should use method y.
|
|
|
|
*/
|
|
|
|
type MethodSelection = number[];
|
|
|
|
|
2021-11-03 10:44:10 +01:00
|
|
|
/**
|
|
|
|
* Compute provider mappings.
|
|
|
|
* Enumerates all n-combinations with repetition of m providers.
|
|
|
|
*/
|
2021-11-05 09:40:46 +01:00
|
|
|
function enumerateProviderMappings(
|
|
|
|
n: number,
|
|
|
|
m: number,
|
|
|
|
limit?: number,
|
|
|
|
): ProviderSelection[] {
|
2021-11-03 10:44:10 +01:00
|
|
|
const selections: ProviderSelection[] = [];
|
|
|
|
const a = new Array(n);
|
|
|
|
const sel = (i: number, start: number = 0) => {
|
|
|
|
if (i === n) {
|
|
|
|
selections.push([...a]);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
for (let j = start; j < m; j++) {
|
|
|
|
a[i] = j;
|
2021-11-08 15:51:39 +01:00
|
|
|
sel(i + 1, 0);
|
2021-11-05 09:40:46 +01:00
|
|
|
if (limit && selections.length >= limit) {
|
|
|
|
break;
|
|
|
|
}
|
2021-11-03 10:44:10 +01:00
|
|
|
}
|
|
|
|
};
|
|
|
|
sel(0);
|
|
|
|
return selections;
|
|
|
|
}
|
|
|
|
|
|
|
|
interface PolicySelectionResult {
|
|
|
|
policies: Policy[];
|
|
|
|
policy_providers: PolicyProvider[];
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Compute method selections.
|
|
|
|
* Enumerates all n-combinations without repetition of m methods.
|
|
|
|
*/
|
2021-11-05 09:40:46 +01:00
|
|
|
function enumerateMethodSelections(
|
|
|
|
n: number,
|
|
|
|
m: number,
|
|
|
|
limit?: number,
|
|
|
|
): MethodSelection[] {
|
2021-11-03 10:44:10 +01:00
|
|
|
const selections: MethodSelection[] = [];
|
|
|
|
const a = new Array(n);
|
|
|
|
const sel = (i: number, start: number = 0) => {
|
|
|
|
if (i === n) {
|
|
|
|
selections.push([...a]);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
for (let j = start; j < m; j++) {
|
|
|
|
a[i] = j;
|
|
|
|
sel(i + 1, j + 1);
|
2021-11-05 09:40:46 +01:00
|
|
|
if (limit && selections.length >= limit) {
|
|
|
|
break;
|
|
|
|
}
|
2021-11-03 10:44:10 +01:00
|
|
|
}
|
|
|
|
};
|
|
|
|
sel(0);
|
|
|
|
return selections;
|
|
|
|
}
|