[services] Tunnelbroker - Handle SessionID collision without erroring, using random device to generate it.
Summary:
This is the fix for the follow-up task ENG-621
Context from the task:
- At the moment for sessionID creation, we rely on boost::uuids::random_generator() which instance creates every gRPC handler request that affects the random generator internal counter. We need to fix this by moving the generator out of the function or not using an internal counter.
Solution:
By default boost::uuids::random_generator() uses mt19937 which is not cryptographically secure. By switching to use std::random_device we will produce enough secure results because it uses /dev/(u)random and no need to move it outside the function.
- When the unique SessionID has a collision with the already existing in the Database we are falling into the error instead of generating a new one.
Solution:
In case we already have a record with the same sessionID in the database we generate a new sessionID until we have not the record with the same sessionID (in case of multiple collisions).
Dependencies
Depends on D3124
Test Plan:
- Does the session successfully created in case we have no collision.
- Does the session creation recover when we have a collision (by adding to the database record with the same sessionID).
Reviewers: karol-bisztyga, palys-swm, ashoat, jimpo
Reviewed By: karol-bisztyga, palys-swm, ashoat, jimpo
Subscribers: benschac, ashoat, palys-swm, Adrian, atul, karol-bisztyga
Differential Revision: https://phabricator.ashoat.com/D3103