anonymizer.rs - mozsearch

Enable keyboard shortcuts

/* This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this

 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

extern crate url;

use address::{Address, ExplicitlyTypedAddress};

use std::collections::HashMap;

use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};

use std::num::Wrapping;

pub trait AnonymizingClone {

    fn masked_clone(&self, anon: &mut StatefulSdpAnonymizer) -> Self;

pub trait ToBytesVec {

    fn to_byte_vec(&self) -> Vec<u8>;

impl ToBytesVec for u64 {

    fn to_byte_vec(&self) -> Vec<u8> {

        let mut bytes = Vec::new();

        let mut val = *self;

        for _ in 0..8 {

            bytes.push(val as u8);

            val <<= 8;

        bytes.reverse();

        bytes

/*

* Anonymizes SDP in a stateful fashion, such that a pre-anonymized value will

* always be transformed into the same anonymized value within the context of

* the anonymizer.

* Stores the opaque state necessary for intelligent anonymization of SDP. This

* state can be stored and reused during the offer-answer period, and it

* will maintain a stable set of masked values.

*/

pub struct StatefulSdpAnonymizer {

    ips: HashMap<IpAddr, IpAddr>,

    ip_v4_inc: Wrapping<u32>,

    ip_v6_inc: Wrapping<u128>,

    host_names: AnonymizationStrMap,

    ports: HashMap<u32, u32>,

    port_inc: Wrapping<u32>,

    origin_users: AnonymizationStrMap,

    ice_passwords: AnonymizationStrMap,

    ice_users: AnonymizationStrMap,

    cert_finger_prints: HashMap<Vec<u8>, Vec<u8>>,

    cert_finger_print_inc: Wrapping<u64>,

    cnames: AnonymizationStrMap,

impl Default for StatefulSdpAnonymizer {

    fn default() -> Self {

        Self::new()

impl StatefulSdpAnonymizer {

    pub fn new() -> Self {

        StatefulSdpAnonymizer {

            ips: HashMap::new(),

            ip_v4_inc: Wrapping(0),

            ip_v6_inc: Wrapping(0),

            host_names: AnonymizationStrMap::new("fqdn-", 8),

            ports: HashMap::new(),

            port_inc: Wrapping(0),

            origin_users: AnonymizationStrMap::new("origin-user-", 8),

            ice_passwords: AnonymizationStrMap::new("ice-password-", 8),

            ice_users: AnonymizationStrMap::new("ice-user-", 8),

            cert_finger_prints: HashMap::new(),

            cert_finger_print_inc: Wrapping(0),

            cnames: AnonymizationStrMap::new("cname-", 8),

    pub fn mask_host(&mut self, host: &str) -> String {

        self.host_names.mask(host)

    pub fn mask_ip(&mut self, addr: &IpAddr) -> IpAddr {

        if let Some(address) = self.ips.get(addr) {

            return *address;

        let mapped = match addr {

            IpAddr::V4(_) => {

                self.ip_v4_inc += Wrapping(1);

                IpAddr::V4(Ipv4Addr::from(self.ip_v4_inc.0))

            IpAddr::V6(_) => {

                self.ip_v6_inc += Wrapping(1);

                IpAddr::V6(Ipv6Addr::from(self.ip_v6_inc.0))

};

        self.ips.insert(*addr, mapped);

        mapped

    pub fn mask_address(&mut self, address: &Address) -> Address {

        match address {

            Address::Fqdn(host) => Address::Fqdn(self.mask_host(host)),

            Address::Ip(ip) => Address::Ip(self.mask_ip(ip)),

    pub fn mask_typed_address(

        &mut self,

        address: &ExplicitlyTypedAddress,

    ) -> ExplicitlyTypedAddress {

        match address {

            ExplicitlyTypedAddress::Fqdn {

                address_type,

                domain,

            } => ExplicitlyTypedAddress::Fqdn {

                address_type: *address_type,

                domain: self.mask_host(domain),

},

            ExplicitlyTypedAddress::Ip(ip) => ExplicitlyTypedAddress::Ip(self.mask_ip(ip)),

    pub fn mask_port(&mut self, port: u32) -> u32 {

        if let Some(stored) = self.ports.get(&port) {

            return *stored;

        self.port_inc += Wrapping(1);

        self.ports.insert(port, self.port_inc.0);

        self.port_inc.0

    pub fn mask_origin_user(&mut self, user: &str) -> String {

        self.origin_users.mask(user)

    pub fn mask_ice_password(&mut self, password: &str) -> String {

        self.ice_passwords.mask(password)

    pub fn mask_ice_user(&mut self, user: &str) -> String {

        self.ice_users.mask(user)

    pub fn mask_cert_finger_print(&mut self, finger_print: &[u8]) -> Vec<u8> {

        if let Some(stored) = self.cert_finger_prints.get(finger_print) {

            return stored.clone();

        self.cert_finger_print_inc += Wrapping(1);

        self.cert_finger_prints.insert(

            finger_print.to_vec(),

            self.cert_finger_print_inc.0.to_byte_vec(),

);

        self.cert_finger_print_inc.0.to_byte_vec()

    pub fn mask_cname(&mut self, cname: &str) -> String {

        self.cnames.mask(cname)

struct AnonymizationStrMap {

    map: HashMap<String, String>,

    counter: Wrapping<u64>,

    prefix: &'static str,

    padding: usize,

impl AnonymizationStrMap {

    pub fn new(prefix: &'static str, padding: usize) -> Self {

        Self {

            map: HashMap::new(),

            counter: Wrapping(0),

            prefix,

            padding,

    pub fn mask(&mut self, value: &str) -> String {

        let key = value.to_owned();

        if let Some(stored) = self.map.get(&key) {

            return stored.clone();

        self.counter += Wrapping(1);

        let store = format!(

            "{}{:0padding$}",

            self.prefix,

            self.counter.0,

            padding = self.padding

);

        self.map.insert(key, store.clone());

        store

#[cfg(test)]

#[path = "./anonymizer_tests.rs"]

mod tests;