mtc_worker: Return MTC validity window on add entry

Add the MTC validity window to `AddEntryResponse`. In case the entry was
cached, it would be necessary to parse the validity window from the
entry itself. However, for now we don't actually want to cache MTC
entries, so remove caching for now.

Author: cjpatton

crates/mtc_api/src/lib.rs

@@ -119,8 +119,15 @@ pub struct AddEntryRequest {
 #[serde_as]
 #[derive(Serialize)]
 pub struct AddEntryResponse {
+    /// The index of the entry in the log.
     pub leaf_index: LeafIndex,
+
+    /// The time at which the entry was added to the log.
     pub timestamp: UnixTimestamp,
+
+    /// The validity period of the certificate.
+    pub not_before: UnixTimestamp,
+    pub not_after: UnixTimestamp,
 }
 
 /// Get-roots response. This is in the same format as the RFC 6962 get-roots
@@ -684,7 +691,7 @@ pub fn validate_chain(
     raw_chain: &[Vec<u8>],
     roots: &CertPool,
     issuer: RdnSequence,
-    mut validity: Validity,
+    validity: &mut Validity,
 ) -> Result<(BootstrapMtcPendingLogEntry, Option<usize>), MtcError> {
     // We will run the ordinary chain validation on our input, but we have some post-processing we
     // need to do too. Namely we need to adjust the validity period of the provided bootstrap cert,
@@ -741,7 +748,7 @@ pub fn validate_chain(
                 data: MerkleTreeCertEntry::TbsCertEntry(tbs_cert_to_log_entry(
                     leaf.tbs_certificate,
                     issuer,
-                    validity,
+                    *validity,
                 )?)
                 .encode()?,
             },

crates/mtc_worker/config.bootstrap-mtca.json

@@ -5,8 +5,7 @@
             "description": "Cloudflare bootstrap MTCA shard 1",
             "log_id": "13335.1",
             "submission_url": "https://bootstrap-mtca.cloudflareresearch.com/logs/shard1/",
-            "monitoring_url": "https://bootstrap-mtca-shard1.cloudflareresearch.com",
-            "enable_dedup": false
+            "monitoring_url": "https://bootstrap-mtca-shard1.cloudflareresearch.com"
         }
     }
 }

crates/mtc_worker/config.dev.json

@@ -5,17 +5,15 @@
             "description": "MTCA Dev1",
             "log_id": "13335.1",
             "submission_url": "http://localhost:8787/logs/dev1/",
-            "location_hint": "enam",
-            "enable_dedup": false
+            "location_hint": "enam"
         },
         "dev2": {
             "description": "MTCA Dev2",
             "log_id": "13335.2",
             "submission_url": "http://localhost:8787/logs/dev2/",
             "location_hint": "enam",
-            "enable_dedup": false,
             "max_certificate_lifetime_secs": 100,
             "landmark_interval_secs": 10
         }
     }
-}
+}

crates/mtc_worker/config.schema.json

@@ -90,11 +90,6 @@
                             "default": 256,
                             "description": "The maximum number of entries per batch."
                         },
-                        "enable_dedup": {
-                            "type": "boolean",
-                            "default": true,
-                            "description": "Enables checking the deduplication cache for add-(pre-)chain requests. Can be disabled for tests and benchmarks. If disabled, `kv_namespaces` can be omitted from `wrangler.jsonc`."
-                        },
                         "clean_interval_secs": {
                             "type": "integer",
                             "minimum": 1,
@@ -113,4 +108,4 @@
     "required": [
         "logs"
     ]
-}
+}

crates/mtc_worker/config/src/lib.rs

@@ -34,15 +34,10 @@ pub struct LogParams {
     pub batch_timeout_millis: u64,
     #[serde(default = "default_usize::<100>")]
     pub max_batch_entries: usize,
-    #[serde(default = "default_bool::<true>")]
-    pub enable_dedup: bool,
     #[serde(default = "default_u64::<60>")]
     pub clean_interval_secs: u64,
 }
 
-fn default_bool<const V: bool>() -> bool {
-    V
-}
 fn default_u8<const V: u8>() -> u8 {
     V
 }

crates/mtc_worker/src/batcher_do.rs

@@ -22,7 +22,7 @@ impl DurableObject for Batcher {
             name: name.to_string(),
             max_batch_entries: params.max_batch_entries,
             batch_timeout_millis: params.batch_timeout_millis,
-            enable_dedup: params.enable_dedup,
+            enable_dedup: false, // deduplication is not currently supported
             location_hint: params.location_hint.clone(),
         };
         Batcher(GenericBatcher::new(env, config))

crates/mtc_worker/src/frontend_worker.rs

@@ -12,12 +12,12 @@ use der::{
     Any, Encode, Tag,
 };
 use generic_log_worker::{
-    batcher_id_from_lookup_key, deserialize, get_cached_metadata, get_durable_object_stub,
-    init_logging, load_cache_kv, load_public_bucket,
+    batcher_id_from_lookup_key, deserialize, get_durable_object_stub, init_logging,
+    load_public_bucket,
     log_ops::{
         prove_subtree_consistency, prove_subtree_inclusion, read_leaf, ProofError, CHECKPOINT_KEY,
     },
-    put_cache_entry_metadata, serialize,
+    serialize,
     util::now_millis,
     ObjectBackend, ObjectBucket, ENTRY_ENDPOINT, METRICS_ENDPOINT,
 };
@@ -333,7 +333,7 @@ async fn add_entry(mut req: Request, env: &Env, name: &str) -> Result<Response>
     )]);
 
     let now = Duration::from_millis(now_millis());
-    let validity = Validity {
+    let mut validity = Validity {
         not_before: Time::UtcTime(UtcTime::from_unix_duration(now).map_err(|e| e.to_string())?),
         not_after: Time::UtcTime(
             UtcTime::from_unix_duration(
@@ -345,32 +345,18 @@ async fn add_entry(mut req: Request, env: &Env, name: &str) -> Result<Response>
 
     let roots = load_roots(env, name).await?;
     let (pending_entry, found_root_idx) =
-        match mtc_api::validate_chain(&req.chain, roots, issuer, validity) {
+        match mtc_api::validate_chain(&req.chain, roots, issuer, &mut validity) {
             Ok(v) => v,
             Err(e) => {
                 log::warn!("{name}: Bad request: {e}");
                 return Response::error("Bad request", 400);
             }
         };
 
-    // Retrieve the sequenced entry for this pending log entry by first checking the
-    // deduplication cache and then sending a request to the DO to sequence the entry.
+    // Retrieve the sequenced entry for this pending log entry by sending a request to the DO to
+    // sequence the entry.
     let lookup_key = pending_entry.lookup_key();
 
-    // Check if entry is cached and return right away if so.
-    if params.enable_dedup {
-        if let Some(metadata) = get_cached_metadata(&load_cache_kv(env, name)?, &lookup_key).await?
-        {
-            log::debug!("{name}: Entry is cached");
-            return Response::from_json(&AddEntryResponse {
-                leaf_index: metadata.0,
-                timestamp: metadata.1,
-            });
-        }
-    }
-
-    // Entry is not cached, so we need to sequence it.
-
     // First persist issuers. Use a block so memory is deallocated sooner.
     {
         let public_bucket = ObjectBucket::new(load_public_bucket(env, name)?);
@@ -425,19 +411,11 @@ async fn add_entry(mut req: Request, env: &Env, name: &str) -> Result<Response>
         return Ok(response);
     }
     let metadata = deserialize::<SequenceMetadata>(&response.bytes().await?)?;
-    if params.num_batchers == 0 && params.enable_dedup {
-        // Write sequenced entry to the long-term deduplication cache in Workers
-        // KV as there are no batchers configured to do it for us.
-        if put_cache_entry_metadata(&load_cache_kv(env, name)?, &pending_entry, metadata)
-            .await
-            .is_err()
-        {
-            log::warn!("{name}: Failed to write entry to deduplication cache");
-        }
-    }
     Response::from_json(&AddEntryResponse {
         leaf_index: metadata.0,
         timestamp: metadata.1,
+        not_before: validity.not_before.to_unix_duration().as_secs(),
+        not_after: validity.not_after.to_unix_duration().as_secs(),
     })
 }
 

crates/mtc_worker/src/sequencer_do.rs

@@ -35,7 +35,7 @@ impl DurableObject for Sequencer {
             checkpoint_extension: Box::new(|_| vec![]), // no checkpoint extension for MTC
             sequence_interval: Duration::from_millis(params.sequence_interval_millis),
             max_sequence_skips: params.max_sequence_skips,
-            enable_dedup: params.enable_dedup,
+            enable_dedup: false, // deduplication is not currently supported
             sequence_skip_threshold_millis: params.sequence_skip_threshold_millis,
             location_hint: params.location_hint.clone(),
             checkpoint_callback: checkpoint_callback(&env, name),