Merge into development-branch : public-cookie-api : Code : Mir

Reviewer	Review Type	Date Requested	Status
PS Jenkins bot (community)	continuous-integration		Approve on 2016-01-26
Alan Griffiths			Abstain on 2016-01-25
Mir CI Bot	continuous-integration		Approve on 2016-01-25
Andreas Pokorny (community)			Approve on 2016-01-23
Alexandros Frantzis (community)			Needs Fixing on 2016-01-22
Alberto Aguirre (community)			Approve on 2016-01-22
Chris Halse Rogers		2016-01-12	Approve on 2016-01-21
Daniel van Vugt			Abstain on 2016-01-21
Kevin DuBois (community)			Approve on 2016-01-14
Review via email: mp+282279@code.launchpad.net

Revision history for this message

Brandon Schaefer (brandontschaefer) wrote on 2016-01-12:

#

Should the mir_input_event_get_cookie use MirCookie* or just a uint8_t* (or char*?)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-12:

#

FAILED: Continuous integration, rev:3239
http://jenkins.qa.ubuntu.com/job/mir-ci/5989/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5500
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4407
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5456/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/313/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/313/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5453/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/5989/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-12:

#

FAILED: Continuous integration, rev:3239
http://jenkins.qa.ubuntu.com/job/mir-ci/5991/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5502
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4409
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5458/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/315/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/315/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5455/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/5991/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-13:

#

FAILED: Continuous integration, rev:3241
http://jenkins.qa.ubuntu.com/job/mir-ci/5996/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5508
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4415
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5464/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/320/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/320/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5461/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/5996/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-13:

#

FAILED: Continuous integration, rev:3240
http://jenkins.qa.ubuntu.com/job/mir-ci/5995/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5507
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4414
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5463/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/319/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/319/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5460/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/5995/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-13:

#

FAILED: Continuous integration, rev:3241
http://jenkins.qa.ubuntu.com/job/mir-ci/5997/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5509
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4416
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5465/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/321/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/321/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5462/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/5997/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-13:

#

FAILED: Continuous integration, rev:3242
http://jenkins.qa.ubuntu.com/job/mir-ci/5998/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5510
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4417
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5466/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/322/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/322/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5463/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/5998/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-13:

#

FAILED: Continuous integration, rev:3243
http://jenkins.qa.ubuntu.com/job/mir-ci/5999/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5511
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4418
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5467/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/323/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/323/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5464/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/5999/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-13:

#

FAILED: Continuous integration, rev:3243
https://mir-jenkins.ubuntu.com/job/mir-ci/31/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/31/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/31/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Kevin DuBois (kdub) wrote on 2016-01-13:

#

> Should the mir_input_event_get_cookie use MirCookie* or just a uint8_t* (or
> char*?)

my vote is MirCookie*

Revision history for this message

Brandon Schaefer (brandontschaefer) wrote on 2016-01-13:

#

After ROAF and I talking for a bit we settled on void* since we are send a stream of *unknown* bytes. Since not just the mac is being sent, so is the timestamp

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-13:

#

FAILED: Continuous integration, rev:3244
https://mir-jenkins.ubuntu.com/job/mir-ci/45/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/45/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/45/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-13:

#

FAILED: Continuous integration, rev:3244
http://jenkins.qa.ubuntu.com/job/mir-ci/6010/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5523/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4430/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5479/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/334/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/334/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5476/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6010/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Chris Halse Rogers (raof) wrote on 2016-01-13:

#

The Story Of The Void*:
Brandon and I had a *long* back and forth about client API wrt MirCookie, ranging from having a MirCookie type that can be converted into a MirBlob, to essentially duplicating MirBlob's API against a MirCookie, to a non-opaque struct MirCookie { size_t length, void* data };

Neither of us were particularly happy with any of them.

The void* API here is (a) transparent - it's clear to everyone that they've just got a blob of data, (b) quick to implement, and (c) is minimally constraining for future, better, implementations with better APIs.

General comment: I'm pretty sure you don't need reinterpret_cast<> to go between void* and MirCookie*; static_cast<MirCookie*> should be sufficient. (Wheras you *do* need to reinterpret_cast between uint8_t* and uint64_t*)

42 + * \params[in] ev The input event
43 + * \params[in] cookie An allocated void* with exactly cookie_size bytes
44 + * \params[in] size The size of the MirCookie
45 + */
46 +void mir_input_event_copy_cookie(MirInputEvent const* ev, void* cookie, size_t size);

Two things: do we need to pass size in here? We're only going to assert that it's exactly mir_input_event_get_cookie_size(), right?

And: If we do keep the size, you need to update the comment; no MirCookie here ☺.

Also a couple of inline comments.

review: Needs Fixing

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-14:

#

FAILED: Continuous integration, rev:3245
https://mir-jenkins.ubuntu.com/job/mir-ci/46/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/46/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/46/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-14:

#

FAILED: Continuous integration, rev:3245
http://jenkins.qa.ubuntu.com/job/mir-ci/6011/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5524
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4431
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5480/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/335/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/335/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5477/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6011/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-14:

#

FAILED: Continuous integration, rev:3246
https://mir-jenkins.ubuntu.com/job/mir-ci/47/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/47/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/47/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-14:

#

FAILED: Continuous integration, rev:3246
http://jenkins.qa.ubuntu.com/job/mir-ci/6012/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5526
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4433
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5482/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/336/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/336/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5479/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6012/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Kevin DuBois (kdub) wrote on 2016-01-14:

#

not too flummoxed about use of void*, especially if you & Chris gave it more thought than I had behind my comment. Some other things that I'm not too flummoxed about (esp given that (as I understand) this is needed in short order)

+ auto const* pev = mir_input_event_get_pointer_event(ev);
no need for * (a few other places)

+ // FIXME Moveing to 160bits soon
typo

+ void* cookie = malloc(size);
would be a bit better to use a RAII type in allocation for this test (and would eliminate the need for a destructor too)

768: std::mutex mutex;
A bit strange to have the mutex be public, and require locking it before accessing some members. Would be better encapsulated to have functions on the object to do that.

review: Approve

Revision history for this message

Brandon Schaefer (brandontschaefer) wrote on 2016-01-14:

#

> not too flummoxed about use of void*, especially if you & Chris gave it more
> thought than I had behind my comment. Some other things that I'm not too
> flummoxed about (esp given that (as I understand) this is needed in short
> order)
>
> + auto const* pev = mir_input_event_get_pointer_event(ev);
> no need for * (a few other places)

I was mainly doing that so you can see its a pointer (I like seeing types sometimes), but yeah auto captures that :). Fixed.

>
> + // FIXME Moveing to 160bits soon
> typo
>

Opps. Fixed.

> + void* cookie = malloc(size);
> would be a bit better to use a RAII type in allocation for this test (and
> would eliminate the need for a destructor too)
Yes! I attempted it but ran into issue when I was using the MirCookie* since the size was not known (should have just written my own destructor for the shared_ptr to cast and delete[].) Fixed.

>
> 768: std::mutex mutex;
> A bit strange to have the mutex be public, and require locking it before
> accessing some members. Would be better encapsulated to have functions on the
> object to do that.

Agreed, and it looks much cleaner :). Fixed.

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2016-01-14:

#

There's stuff I'm concerned about, but I'm out of time today to review properly - will get to it first thing tomorrow.

review: Abstain

Revision history for this message

Brandon Schaefer (brandontschaefer) wrote on 2016-01-14:

#

(pushing coming in a few :)

Revision history for this message

Brandon Schaefer (brandontschaefer) wrote on 2016-01-14:

#

void* is an incomplete type, soo to put it into a shared/unique ptr fails on a static_assert. I suppose for testing i could just cast it to a uint8_t, since its in bytes... or just leave it with a malloc/free :)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-14:

#

FAILED: Continuous integration, rev:3247
https://mir-jenkins.ubuntu.com/job/mir-ci/58/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/58/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/58/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-14:

#

FAILED: Continuous integration, rev:3249
https://mir-jenkins.ubuntu.com/job/mir-ci/59/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/59/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/59/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-14:

#

FAILED: Continuous integration, rev:3248
http://jenkins.qa.ubuntu.com/job/mir-ci/6024/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5540
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4447
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5496/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/348/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/348/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5493/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6024/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Chris Halse Rogers (raof) wrote on 2016-01-14:

#

Bunch of locking issues still in the tests; marked inline.

review: Needs Fixing

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-14:

#

PASSED: Continuous integration, rev:3250
https://mir-jenkins.ubuntu.com/job/mir-ci/60/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/60/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/60/rebuild

review: Approve (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-14:

#

PASSED: Continuous integration, rev:3251
https://mir-jenkins.ubuntu.com/job/mir-ci/61/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/61/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/61/rebuild

review: Approve (continuous-integration)

Revision history for this message

Brandon Schaefer (brandontschaefer) wrote on 2016-01-15:

#

Different APIs we have considered:
https://pastebin.canonical.com/147720/

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-15:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6025/rebuild

review: Approve (continuous-integration)

Revision history for this message

Chris Halse Rogers (raof) wrote on 2016-01-15:

#

566 + void handle_input_event(MirInputEvent const* iev)
567 + {
568 + std::lock_guard<std::mutex> lk(mutex);
569 + if (mir_input_event_has_cookie(iev))
570 + {
571 + auto const size = mir_input_event_get_cookie_size(iev);
572 + std::vector<uint8_t> cookie(size);
573 +
574 + mir_input_event_copy_cookie(iev, cookie.data());
575 + out_cookies.push_back(cookie);
576 + }
577 +
578 + event_count++;
579 + }
580 +
581 + size_t get_event_count() const
582 + {
583 + std::lock_guard<std::mutex> lk(mutex);
584 + return event_count;
585 + }
586 +
587 + size_t cookie_size() const
588 + {
589 + std::lock_guard<std::mutex> lk(mutex);
590 + return out_cookies.size();
591 + }
592 +
593 + std::vector<uint8_t> back_cookie() const
594 + {
595 + std::lock_guard<std::mutex> lk(mutex);
596 + return out_cookies.back();
597 + }
598 +
599 + bool cookies_empty() const
600 + {
601 + std::lock_guard<std::mutex> lk(mutex);
602 + return out_cookies.empty();
603 + }

While not blocking, this seems to be a bit of a faff for the testcase vs just directly locking the mutex when necessary :).

Otherwise, I'm OK, pending possible API changes :)

review: Approve

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-15:

#

PASSED: Continuous integration, rev:3252
https://mir-jenkins.ubuntu.com/job/mir-ci/63/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/63/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/63/rebuild

review: Approve (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-15:

#

PASSED: Continuous integration, rev:3253
https://mir-jenkins.ubuntu.com/job/mir-ci/64/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/64/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/64/rebuild

review: Approve (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-15:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6027/rebuild

review: Approve (continuous-integration)

Revision history for this message

Chris Halse Rogers (raof) wrote on 2016-01-15:

#

Oh, whoops! Missed one thing, sorry.

This would appear to be a libmircookie ABI break, so should be accompanied by a SONAME bump.

review: Needs Fixing

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-15:

#

FAILED: Continuous integration, rev:3254
https://mir-jenkins.ubuntu.com/job/mir-ci/65/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/65/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/65/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-15:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6028/rebuild

review: Approve (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-15:

#

FAILED: Continuous integration, rev:3254
http://jenkins.qa.ubuntu.com/job/mir-ci/6029/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5545
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4452/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5501/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/353/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/353/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5498/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6029/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Alexandros Frantzis (afrantzis) wrote on 2016-01-15:

#

+ typedef struct MirCookie MirCookie;

Not needed (at the moment at least), and also may conflict with mir::cookie::MirCookie.

- virtual MirCookie timestamp_to_cookie(uint64_t const& timestamp) = 0;

A *Cookie*Factory that doesn't create cookies seems strange.

Needs discussion/fixing

review: Needs Fixing

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-15:

#

PASSED: Continuous integration, rev:3255
https://mir-jenkins.ubuntu.com/job/mir-ci/66/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/66/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/66/rebuild

review: Approve (continuous-integration)

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2016-01-15:

#

+// FIXME Remove me when we are no longer returning 8 byte MACS
+// We assert that what we return is 8 bytes, so lets test for that for now!
+TEST(MirCookieFactory, assert_8_bytes_for_mac)
+{
+ std::vector<uint8_t> secret{ 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0xde, 0x01 };
+ auto factory = mir::cookie::CookieFactory::create_from_secret(secret);
+ uint64_t mock_timestamp{0x322322322332};
+ auto mac = factory->timestamp_to_mac(mock_timestamp);
+
+ EXPECT_EQ(mac.size(), sizeof(uint64_t));
+}

sizeof(uint64_t) is not a synonym for 8 - although platforms with 16bit characters are of little interest to us.

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2016-01-15:

#

Nits to fix and questions:

CookieFactory looks less and less like a "factory" interface. Would "CookieAuthority" be a better name?

~~~~

+ virtual bool attest_timestamp(MirCookie const* cookie) = 0;

This is the only place in the interface MirCookie is mentioned. Should we simply lose this function and require the user to call the other overload?

~~~~

+void mir_input_event_copy_cookie(MirInputEvent const* ev, void* cookie);

I'm always cautions of APIs that take a target buffer and no buffer size - while not bulletproof the latter is at least a reminder to the user to obtain the size.

~~~~

+void mir_surface_raise_with_cookie(MirSurface* surface, void const* cookie);

By using void* we loose the type safety that we have with other Mir APIs. Can you provide some justification for this design choice? E.g. will this function be primarily for clients that obtained the cookie from a non-Mir API?

~~~~

Don't remove the 2015 copyright claim. (I know these headers are legally unnecessary and PITA, but let's try to do it right.)

~~~~

+ /* No mac == no size! */
+ return 0;

It should be a precondition that there's a MAC. I.e. the function should begin with something like:

mir::require(mir_input_event_has_cookie(ev));

~~~~

+#include "mir/cookie.h"
#include "mir/cookie_factory.h"

The first include of the source file should be the corresponding header (to ensure it compiles by itself).

review: Needs Fixing

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-15:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6030/rebuild

review: Approve (continuous-integration)

Revision history for this message

Brandon Schaefer (brandontschaefer) wrote on 2016-01-15:

#

> +// FIXME Remove me when we are no longer returning 8 byte MACS
> +// We assert that what we return is 8 bytes, so lets test for that for now!
> +TEST(MirCookieFactory, assert_8_bytes_for_mac)
> +{
> + std::vector<uint8_t> secret{ 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0xde,
> 0x01 };
> + auto factory = mir::cookie::CookieFactory::create_from_secret(secret);
> + uint64_t mock_timestamp{0x322322322332};
> + auto mac = factory->timestamp_to_mac(mock_timestamp);
> +
> + EXPECT_EQ(mac.size(), sizeof(uint64_t));
> +}
>
> sizeof(uint64_t) is not a synonym for 8 - although platforms with 16bit
> characters are of little interest to us.

Hmm should I just not assert this then? Since really all im assert is that our mac == sizeof(uint64_t). So possibly I should just change the name.

Revision history for this message

Brandon Schaefer (brandontschaefer) wrote on 2016-01-15:

#

> Nits to fix and questions:
>
> CookieFactory looks less and less like a "factory" interface. Would
> "CookieAuthority" be a better name?
>
> ~~~~

Agreed.

>
> + virtual bool attest_timestamp(MirCookie const* cookie) = 0;
>
> This is the only place in the interface MirCookie is mentioned. Should we
> simply lose this function and require the user to call the other overload?
>
> ~~~~

The reason for keeping this, is theres no way to de construct a MirCookie in the public. So once the content hub gets a mir cookie it wont know how to *attest* it.

>
> +void mir_input_event_copy_cookie(MirInputEvent const* ev, void* cookie);
>
> I'm always cautions of APIs that take a target buffer and no buffer size -
> while not bulletproof the latter is at least a reminder to the user to obtain
> the size.
>
> ~~~~

Thats sounds quite reasonable to me.
>
> +void mir_surface_raise_with_cookie(MirSurface* surface, void const* cookie);
>
> By using void* we loose the type safety that we have with other Mir APIs. Can
> you provide some justification for this design choice? E.g. will this
> function be primarily for clients that obtained the cookie from a non-Mir API?
>
> ~~~~

I agree, and will be switching to a MirCookie* for both the copy and these functions since void* and MirCookie* will both be incomplete types.

>
> - * Copyright © 2015 Canonical Ltd.
> + * Copyright © 2016 Canonical Ltd.
>
> Don't remove the 2015 copyright claim. (I know these headers are legally
> unnecessary and PITA, but let's try to do it right.)
>
> ~~~~

Opps. Yeah Ill fix those!

>
> + /* No mac == no size! */
> + return 0;
>
> It should be a precondition that there's a MAC. I.e. the function should begin
> with something like:
>
> mir::require(mir_input_event_has_cookie(ev));
>
> ~~~~

This is true, if we have a function that tells you if an event has a cookie we better require it to actually have one when attempting to construct it!.

>
> +#include "mir/cookie.h"
> #include "mir/cookie_factory.h"
>
> The first include of the source file should be the corresponding header (to
> ensure it compiles by itself).

Will fix!

> Nits to fix and questions:
> 
> CookieFactory looks less and less like a "factory" interface. Would
> "CookieAuthority" be a better name?
> 
> ~~~~

Agreed.
 
> 
> + virtual bool attest_timestamp(MirCookie const* cookie) = 0;
> 
> This is the only place in the interface MirCookie is mentioned. Should we
> simply lose this function and require the user to call the other overload?
> 
> ~~~~

The reason for keeping this, is theres no way to de construct a MirCookie in the public. So once the content hub gets a mir cookie it wont know how to *attest* it.

> 
> +void mir_input_event_copy_cookie(MirInputEvent const* ev, void* cookie);
> 
> I'm always cautions of APIs that take a target buffer and no buffer size -
> while not bulletproof the latter is at least a reminder to the user to obtain
> the size.
> 
> ~~~~

Thats sounds quite reasonable to me.
> 
> +void mir_surface_raise_with_cookie(MirSurface* surface, void const* cookie);
> 
> By using void* we loose the type safety that we have with other Mir APIs. Can
> you provide some justification for this design choice?  E.g. will this
> function be primarily for clients that obtained the cookie from a non-Mir API?
> 
> ~~~~

I agree, and will be switching to a MirCookie* for both the copy and these functions since void* and MirCookie* will both be incomplete types.

> 
> - * Copyright © 2015 Canonical Ltd.
> + * Copyright © 2016 Canonical Ltd.
> 
> Don't remove the 2015 copyright claim. (I know these headers are legally
> unnecessary and PITA, but let's try to do it right.)
> 
> ~~~~

Opps. Yeah Ill fix those!

> 
> +    /* No mac == no size! */
> + return 0;
> 
> It should be a precondition that there's a MAC. I.e. the function should begin
> with something like:
> 
>     mir::require(mir_input_event_has_cookie(ev));
> 
> ~~~~

This is true, if we have a function that tells you if an event has a cookie we better require it to actually have one when attempting to construct it!.

> 
> +#include "mir/cookie.h"
> #include "mir/cookie_factory.h"
> 
> The first include of the source file should be the corresponding header (to
> ensure it compiles by itself).

Will fix!

Revision history for this message

Brandon Schaefer (brandontschaefer) wrote on 2016-01-15:

#

> + typedef struct MirCookie MirCookie;
>
> Not needed (at the moment at least), and also may conflict with
> mir::cookie::MirCookie.

Opps thought I removed all thoses... Had an idea at one point that I think made it into a file :)
>
> - virtual MirCookie timestamp_to_cookie(uint64_t const& timestamp) = 0;
>
> A *Cookie*Factory that doesn't create cookies seems strange.
>
> Needs discussion/fixing

Right it doesnt create any MirCookies but it creates what a cookie is. With alans comment, changing the name to:
CookieAuthority

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2016-01-15:

#

> > sizeof(uint64_t) is not a synonym for 8 - although platforms with 16bit
> > characters are of little interest to us.
>
> Hmm should I just not assert this then? Since really all im assert is that our
> mac == sizeof(uint64_t). So possibly I should just change the name.

On reflection, if unit8_t exists we're safe to assume 8 bit chars. (And if it doesn't we don't compile.)

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2016-01-15:

#

> > + virtual bool attest_timestamp(MirCookie const* cookie) = 0;
> >
> > This is the only place in the interface MirCookie is mentioned. Should we
> > simply lose this function and require the user to call the other overload?
> >
> > ~~~~
>
> The reason for keeping this, is theres no way to de construct a MirCookie in
> the public. So once the content hub gets a mir cookie it wont know how to
> *attest* it.

are you conflating ::MirCookie and mir::cookie::MirCookie?

Revision history for this message

Brandon Schaefer (brandontschaefer) wrote on 2016-01-15:

#

> > > + virtual bool attest_timestamp(MirCookie const* cookie) = 0;
> > >
> > > This is the only place in the interface MirCookie is mentioned. Should we
> > > simply lose this function and require the user to call the other overload?
> > >
> > > ~~~~
> >
> > The reason for keeping this, is theres no way to de construct a MirCookie in
> > the public. So once the content hub gets a mir cookie it wont know how to
> > *attest* it.
>
> are you conflating ::MirCookie and mir::cookie::MirCookie?

Well only mir::cookie::MirCookie should be used? The attest_timestamp is in the mir::cookie namespace. Not sure if they are different and being combined? I Could be wrong :)

Revision history for this message

Brandon Schaefer (brandontschaefer) wrote on 2016-01-15:

#

Though there will be an issue... if i move from a void* to a MirCookie* in the public API... not sure how to combine a MirCookie* into a mir::cookie::MirCookie*? Just cast it? I would like a MirCookie* vs void* :)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-15:

#

FAILED: Continuous integration, rev:3258
https://mir-jenkins.ubuntu.com/job/mir-ci/69/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/69/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/69/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2016-01-15:

#

Some concerns addressed. Abstaining until I have time to review again.

review: Abstain

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-15:

#

FAILED: Continuous integration, rev:3258
http://jenkins.qa.ubuntu.com/job/mir-ci/6032/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5553/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4460/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5509/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/356/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/356/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5506/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6032/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-15:

#

PASSED: Continuous integration, rev:3259
https://mir-jenkins.ubuntu.com/job/mir-ci/71/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/71/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/71/rebuild

review: Approve (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-15:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6034/rebuild

review: Approve (continuous-integration)

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2016-01-18:

#

+/*
+ *
+ * \params[in] ev The input event
+ * \params[in] cookie An allocated void* with exactly cookie_size bytes
+ * \params[in] size The size of the allocated void*
+ */
+void mir_input_event_copy_cookie(MirInputEvent const* ev, MirCookie* cookie, size_t size);

When comments and code disagree, both are likely wrong.

While I'm not sure I fully understand the intended usage I suspect that have two scenarios:

1. Getting a MirCookie from an event.
2. Converting a MirCookie to and from a chunk of memory.

In neither of these does it make sense for a user to supply allocate and supply a pointer to an incomplete type.

How about:

MirCookie* mir_input_event_get_cookie(MirInputEvent const* ev);

and either:

MirCookie* mir_blob_to_mir_cookie(MirBlob* blob);
MirBlob* mir_blob_from_mir_cookie(MirCookie* cookie);

Or:

size_t mir_cookie_get_buffer_size(MirCookie* cookie);
void mir_cookie_to_buffer(MirCookie* cookie, void* buffer, size_t size);
MirCookie* mir_cookie_from_buffer(void const* buffer, size_t size);

review: Needs Fixing

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2016-01-18:

#

[Just comment]

It (still) seems odd that CookieAuthority deals with both MirCookies and with pairs of timestamp and MAC. Surely a /cookie/ authority should deal with Cookies? Would it not make more sense as:

auto make_cookie(Timestamp t) -> unique_ptr<MirCookie>

auto authenticated_timestamp(MirCookie const& c) -> Timestamp

Having clients aware of the MAC seems like a leaky abstraction

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-19:

#

FAILED: Continuous integration, rev:3261
https://mir-jenkins.ubuntu.com/job/mir-ci/89/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/89/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/89/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-19:

#

FAILED: Continuous integration, rev:3262
https://mir-jenkins.ubuntu.com/job/mir-ci/91/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/90/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/91/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-19:

#

FAILED: Continuous integration, rev:3263
https://mir-jenkins.ubuntu.com/job/mir-ci/92/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/92/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/92/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-19:

#

PASSED: Continuous integration, rev:3264
https://mir-jenkins.ubuntu.com/job/mir-ci/93/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/93/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/93/rebuild

review: Approve (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-20:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6064/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-20:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6066/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-20:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6068/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-20:

#

PASSED: Continuous integration, rev:3265
https://mir-jenkins.ubuntu.com/job/mir-ci/95/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/95/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/95/rebuild

review: Approve (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-20:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6069/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-20:

#

PASSED: Continuous integration, rev:3266
https://mir-jenkins.ubuntu.com/job/mir-ci/96/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/96/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/96/rebuild

review: Approve (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-20:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6070/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Chris Halse Rogers (raof) wrote on 2016-01-20:

#

394 +/* Returns an allocated MirCookie that you must release with mir_cookie_release
394 + *
395 + * \params[in] ev The input event
396 + * \return An allocated and ref'ed cookie
397 + */

There's no need to say “allocated” or “ref'ed” here.

394 +/* Returns the MirCookie associated with this input event.
394 + *
395 + * \params[in] ev The input event
396 + * \return A reference to the MirCookie associated with this input event.
397 + * This must be released with a call to mir_cookie_release().
398 + */

Likewise:
415 +/* Turns the user copyed buffer back into a MirCookie, which must be
416 + * released with mir_cookie_release
417 + *
418 + * \params[in] buffer The buffer used to get a MirCookie back
419 + * \return A newely allocated MirCookie
420 + */
421 +MirCookie const* mir_cookie_from_buffer(void const* buffer);

should maybe be:
415 +/* Create a MirCookie from a serialised representation.
417 + *
418 + * \params[in] buffer The buffer containing a serialised MirCookie.
418 + * The buffer may be freed immediately after this call.
419 + * \return A reference to a MirCookie.
418 + * This must be released with a call to mir_cookie_release().
420 + */
421 +MirCookie const* mir_cookie_from_buffer(void const* buffer);

This can never return NULL, right?

Actually: we should probably pass in the length of the buffer here and return NULL if it doesn't match what we expect. Clients will get this passed in from other sources, and it'll courteous to tell them if it's easy to detect that it's wrong.

443 +* \param [in] cookie The void* from the input event that you want to raise the window from.
Ba baw!

1143 + mir_surface_raise_with_cookie;
1144 + mir_input_event_has_cookie;
1145 + mir_cookie_get_size;
1146 + mir_input_event_get_cookie;
1147 + mir_cookie_copy_to_buffer;
1148 + mir_cookie_from_buffer;
1149 + mir_cookie_release;

These should be in MIR_CLIENT_unreleased, not MIR_CLIENT_DETAIL (which is pseudo-private implementation details).

+ if (raw_cookie.size() < cookie_size_from_format(mir::cookie::Format::HMAC_SHA_1_8))

Should be !=, right?

Why did you move mir::SecurityCheckFailed?

2029 + auto const& cookie_ptr = cookie_authority->unmarshall_cookie(cookie_bytes);

I'm surprised this passed valgrind? unmarshall_cookie() returns a std::unique_ptr<>, that you take a *reference* to, and then the std::unique_ptr<> gets *destroyed* at the end of the statement.

Likewise in a bunch of other places. Why doesn't this blow up?

A: http://herbsutter.com/2008/01/01/gotw-88-a-candidate-for-the-most-important-const/. I wonder why people think C++ is needlessly arcane‽.

394	+/* Returns an allocated MirCookie that you must release with mir_cookie_release
394	+ *
395	+ * \params[in] ev The input event
396	+ * \return        An allocated and ref'ed cookie
397	+ */

There's no need to say “allocated” or “ref'ed” here.

394	+/* Returns the MirCookie associated with this input event.
394	+ *
395	+ * \params[in] ev The input event
396	+ * \return        A reference to the MirCookie associated with this input event.
397	+ *                This must be released with a call to mir_cookie_release().
398	+ */

Likewise:
415	+/* Turns the user copyed buffer back into a MirCookie, which must be
416	+ * released with mir_cookie_release
417	+ *
418	+ * \params[in] buffer The buffer used to get a MirCookie back
419	+ * \return            A newely allocated MirCookie
420	+ */
421	+MirCookie const* mir_cookie_from_buffer(void const* buffer);

should maybe be:
415	+/* Create a MirCookie from a serialised representation.
417	+ *
418	+ * \params[in] buffer The buffer containing a serialised MirCookie.
418	+ *                    The buffer may be freed immediately after this call.
419	+ * \return            A reference to a MirCookie.
418	+ *                    This must be released with a call to mir_cookie_release().
420	+ */
421	+MirCookie const* mir_cookie_from_buffer(void const* buffer);

This can never return NULL, right?

Actually: we should probably pass in the length of the buffer here and return NULL if it doesn't match what we expect. Clients will get this passed in from other sources, and it'll courteous to tell them if it's easy to detect that it's wrong.

443	+*   \param [in] cookie  The void* from the input event that you want to raise the window from.
Ba baw!

1143	+    mir_surface_raise_with_cookie;
1144	+    mir_input_event_has_cookie;
1145	+    mir_cookie_get_size;
1146	+    mir_input_event_get_cookie;
1147	+    mir_cookie_copy_to_buffer;
1148	+    mir_cookie_from_buffer;
1149	+    mir_cookie_release;

These should be in MIR_CLIENT_unreleased, not MIR_CLIENT_DETAIL (which is pseudo-private implementation details).

+        if (raw_cookie.size() < cookie_size_from_format(mir::cookie::Format::HMAC_SHA_1_8))

Should be !=, right?

Why did you move mir::SecurityCheckFailed?

2029	+    auto const& cookie_ptr = cookie_authority->unmarshall_cookie(cookie_bytes);

I'm surprised this passed valgrind? unmarshall_cookie() returns a std::unique_ptr<>, that you take a *reference* to, and then the std::unique_ptr<> gets *destroyed* at the end of the statement.

Likewise in a bunch of other places. Why doesn't this blow up?

A: http://herbsutter.com/2008/01/01/gotw-88-a-candidate-for-the-most-important-const/. I wonder why people think C++ is needlessly arcane‽.

review: Needs Fixing

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-20:

#

PASSED: Continuous integration, rev:3267
https://mir-jenkins.ubuntu.com/job/mir-ci/104/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/104/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/104/rebuild

review: Approve (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-20:

#

PASSED: Continuous integration, rev:3267
https://mir-jenkins.ubuntu.com/job/mir-ci/106/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/106/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/106/rebuild

review: Approve (continuous-integration)

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2016-01-20:

#

First pass - cosmetic stuff

+/* Returns an allocated MirCookie that you must release with mir_cookie_release
+ *
+ * \params[in] ev The input event
+ * \return An allocated and ref'ed cookie
+ */
+MirCookie const* mir_input_event_get_cookie(MirInputEvent const* ev);

1. The /precondition/ that the event has a cookie is missing.

2. "An allocated and ref'ed cookie" is implementation detail the user isn't interested in.

~~~~

+ * \return The size needed to allocate a buffer
+ */
+size_t mir_cookie_get_size(MirCookie const* cookie);

While allocation is likely what the client will do, surely this is just the size of buffer needed by mir_cookie_copy_to_buffer().

~~~~

+ * \params[in] buffer The allocated buffer to copy the MirCookie into
+ * \params[in] size The size of the allocated buffer
+ */
+void mir_cookie_copy_to_buffer(MirCookie const* cookie, void* buffer, size_t size);

%s/allocated //

~~~~

+MirCookie const* mir_cookie_from_buffer(void const* buffer);

I think it would be useful validation for the buffer size to be supplied and checked. While not bulletproof the it is a reminder to the user that size matters.

~~~~

+* \param [in] cookie The void* from the input event that you want to raise the window from.
+*/
+void mir_surface_raise_with_cookie(MirSurface* surface, MirCookie const* cookie);

The comment and the code disagree

~~~~

+ HMAC_SHA_1_8

Is there a reason for the non standard naming style? https://unity.ubuntu.com/mir/cppguide/index.html?showone=Enumerator_Names#Enumerator_Names

review: Needs Fixing

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-20:

#

PASSED: Continuous integration, rev:3270
https://mir-jenkins.ubuntu.com/job/mir-ci/110/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/110/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/110/rebuild

review: Approve (continuous-integration)

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2016-01-21:

#

From what I've been hearing, I think the terms "cookie" and "marshalling" are over-abstracting the situation. It's better to use more concrete nouns and verbs so the reader more easily understands what's going on. But this is not a review.

review: Abstain

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-21:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6080/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-21:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6084/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-21:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6088/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-21:

#

PASSED: Continuous integration, rev:3271
https://mir-jenkins.ubuntu.com/job/mir-ci/113/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/113/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/113/rebuild

review: Approve (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-21:

#

FAILED: Continuous integration, rev:3271
http://jenkins.qa.ubuntu.com/job/mir-ci/6091/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5630
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4537
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5586/console
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/415
        deb: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/415/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/415
        deb: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/415/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5583
        deb: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5583/artifact/work/output/*zip*/output.zip
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-runner-touch/8026/console
    SUCCESS: http://s-jenkins.ubuntu-ci:8080/job/touch-flash-device/26876

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6091/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-21:

#

FAILED: Continuous integration, rev:3271
http://jenkins.qa.ubuntu.com/job/mir-ci/6092/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5631
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4538
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5587/console
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/416
        deb: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/416/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/416
        deb: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/416/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5584
        deb: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5584/artifact/work/output/*zip*/output.zip
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-runner-touch/8027/console
    SUCCESS: http://s-jenkins.ubuntu-ci:8080/job/touch-flash-device/26878

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6092/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-21:

#

PASSED: Continuous integration, rev:3272
https://mir-jenkins.ubuntu.com/job/mir-ci/114/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/114/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/114/rebuild

review: Approve (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-21:

#

PASSED: Continuous integration, rev:3273
https://mir-jenkins.ubuntu.com/job/mir-ci/116/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/116/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/116/rebuild

review: Approve (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-21:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6093/rebuild

review: Approve (continuous-integration)

Revision history for this message

Chris Halse Rogers (raof) wrote on 2016-01-21:

#

Ok, I think. Two inline nonblocking doc comments.

review: Approve

Revision history for this message

Alberto Aguirre (albaguirre) wrote on 2016-01-21:

#

Download full text (7.0 KiB)

Mostly cosmetic things.

mir::cookie::Array => mir::cookie::Blob

Comment suggestions
---
+
386 +/* Tells if the MirInputEvent has a MirCookie
387 + *
388 + * \params[in] ev The input event
389 + * \return True if the input event has a MirCookie
390 + */

change to:

+
386 +/* Query if an input event contains a cookie
387 + *
388 + * \params[in] ev The input event
389 + * \return True if the input event contains a cookie
390 + */

---

---
/* Returns the MirCookie associated with this input event.
*
* \pre The input event must have a MirCookie
* \params[in] ev The input event
* \return A reference to the MirCookie associated with this input event
* This must be released with a call to mir_cookie_release()
*/

change to:

/* Returns the cookie associated with an input event.
*
* \pre The input event must have a MirCookie
* \params[in] ev An input event
* \return The cookie associated with the given input event
* The cookie must be released by calling mir_cookie_release
*/
---

/* The size of the buffer needed to serialize this MirCookie
*
* \params[in] cookie The MirCookie
* \return The size needed for a buffer
*/
size_t mir_cookie_get_size(MirCookie const* cookie);

change to:

/* Queries the size needed to serialize a given cookie
*
* \params[in] cookie A cookie instance
* \return The size of the serialized representation of the given cookie
*/
size_t mir_cookie_size(MirCookie const* cookie);
---

---
/* Copy the MirCookie into an allocated buffer
*
* \pre The size must be equal to mir_cookie_get_size
* \params[in] cookie The MirCookie
* \params[in] buffer The allocated buffer to copy the MirCookie into
* \params[in] size The size of the allocated buffer
*/

change to:

/* Serializes a cookie into the given buffer
*
* \pre The size must be equal to mir_cookie_get_size
* \params[in] cookie A cookie instance
* \params[in] buffer A buffer which is filled with the serialized representation
of the given cookie
* \params[in] size The size of the given buffer
*/
void mir_cookie_copy_to_buffer(MirCookie const* cookie, void* buffer, size_t size);

To be consistent with mir_cookie_from_buffer
mir_cookie_copy_to_buffer => mir_cookie_to_buffer

---
/* Create a MirCookie from a serialised representation
*
* \pre The size must be equal to mir_cookie_get_size
* \params[in] buffer The buffer containing a serialised MirCookie.
* The buffer may be freed immediately after this call.
* \return A reference to a MirCookie.
* This must be released with a call to mir_cookie_release().
*/
MirCookie const* mir_cookie_from_buffer(void const* buffer, size_t size);

change to:

/* Create a cookie from a serialized representation
*
* \pre The size must be equal to mir_cookie_get_size
* \params[in] buffer The buffer containing a serialized cookie.
* The buffer may be freed immediately after this call.
* \return A MirCookie instance. The instance must be re...

Mostly cosmetic things.

mir::cookie::Array => mir::cookie::Blob

Comment suggestions
---
+
386	+/* Tells if the MirInputEvent has a MirCookie
387	+ *
388	+ * \params[in] ev The input event
389	+ * \return        True if the input event has a MirCookie
390	+ */

change to:

+
386	+/* Query if an input event contains a cookie
387	+ *
388	+ * \params[in] ev The input event
389	+ * \return        True if the input event contains a cookie
390	+ */

---

---
/* Returns the MirCookie associated with this input event.
 *
 * \pre           The input event must have a MirCookie
 * \params[in] ev The input event
 * \return        A reference to the MirCookie associated with this input event
 *                This must be released with a call to mir_cookie_release()
 */
 
 change to: 
 
/* Returns the cookie associated with an input event.
 *
 * \pre           The input event must have a MirCookie
 * \params[in] ev An input event
 * \return        The cookie associated with the given input event
 *                The cookie must be released by calling mir_cookie_release
 */
---

/* The size of the buffer needed to serialize this MirCookie
 *
 * \params[in] cookie  The MirCookie
 * \return             The size needed for a buffer
 */
size_t mir_cookie_get_size(MirCookie const* cookie);

change to:

/* Queries the size needed to serialize a given cookie
 *
 * \params[in] cookie  A cookie instance
 * \return             The size of the serialized representation of the given cookie
 */
size_t mir_cookie_size(MirCookie const* cookie);
---

---
/* Copy the MirCookie into an allocated buffer
 *
 * \pre               The size must be equal to mir_cookie_get_size
 * \params[in] cookie The MirCookie
 * \params[in] buffer The allocated buffer to copy the MirCookie into
 * \params[in] size   The size of the allocated buffer
 */
 
 change to: 
 
/* Serializes a cookie into the given buffer
 *
 * \pre               The size must be equal to mir_cookie_get_size
 * \params[in] cookie A cookie instance
 * \params[in] buffer A buffer which is filled with the serialized representation
                      of the given cookie
 * \params[in] size   The size of the given buffer
 */
void mir_cookie_copy_to_buffer(MirCookie const* cookie, void* buffer, size_t size);

To be consistent with mir_cookie_from_buffer
mir_cookie_copy_to_buffer => mir_cookie_to_buffer

---
/* Create a MirCookie from a serialised representation
 *
 * \pre               The size must be equal to mir_cookie_get_size
 * \params[in] buffer The buffer containing a serialised MirCookie.
 *                    The buffer may be freed immediately after this call.
 * \return            A reference to a MirCookie.
 *                    This must be released with a call to mir_cookie_release().
 */
MirCookie const* mir_cookie_from_buffer(void const* buffer, size_t size);

change to:

/* Create a cookie from a serialized representation
 *
 * \pre               The size must be equal to mir_cookie_get_size
 * \params[in] buffer The buffer containing a serialized cookie.
 *                    The buffer may be freed immediately after this call.
 * \return            A MirCookie instance. The instance must be released
                      with a call to mir_cookie_release.
 */
---

---
/*
* Attempts to raise the surface based on a keyboard/touch/pointer cookie.
*
*   \param [in] surface The surface to operate on.
*   \param [in] cookie  The MirCookie from an input event.
*   \post               Sumbittiming an invalid cookie will temrinate your connection.
*/
void mir_surface_raise_with_cookie(MirSurface* surface, MirCookie const* cookie);

change to:

/*
* Attempts to raise the surface to the front.
*
*   \param [in] surface The surface to raise
*   \param [in] cookie  A cookie instance obtained from an input event.
*                       An invalid cookie will terminate the client connection.
*/
void mir_surface_raise(MirSurface* surface, MirCookie const* cookie);

---

SecurityCheckFailed => SecurityCheckError

This is pre-existing, but:

---

/**
    *   Construction function used to create a CookieAuthority. The secret size must be
    *   no less then minimum_secret_size otherwise an exception will be thrown
    *
    *   \param [in] secret  A filled in secret used to set the key for the hash function
    *   \return             A unique_ptr CookieAuthority
    */
    static std::unique_ptr<CookieAuthority> create_from_secret(Secret const& secret);
    
change to (secret in the name is redundant given the parameter type):

/**
    *   Construction function used to create a CookieAuthority. The secret size must be
    *   no less then minimum_secret_size otherwise an exception will be thrown
    *
    *   \param [in] secret  A secret used to set the key for the hash function
    *   \return             A unique_ptr CookieAuthority
    */
    static std::unique_ptr<CookieAuthority> create_from(Secret const& secret);
---

---
    static std::unique_ptr<CookieAuthority> create_saving_secret(Secret& save_secret);
    
    This api is weird, If you really need the secret, shouldn't it be part of the CookieAuthority interface?
---

---
    /**
    *   Construction function used to create a CookieAuthority and a secret which it keeps internally.
    *
    *   \return                   A unique_ptr CookieAuthority
    */
    static std::unique_ptr<CookieAuthority> create_keeping_secret();

change to:

/**
    *   Create a default CookieAuthority instance
    *
    *   \return                   A CookieAuthority instance
    */
    static std::unique_ptr<CookieAuthority> create();
---

---
    /**
    *   Creates a cookie from a timestamp.
    *
    *   \param [in] timestamp A timestamp
    *   \return      A cookie instance
    */
    virtual std::unique_ptr<MirCookie> make_cookie(uint64_t const& timestamp) = 0;

change to:
    /**
    *   Creates a cookie from a serialized representation
    *
    *   \param [in]  blob A blob of bytes representing a serialized cookie
    *   \return      A cookie instance
    */
    virtual std::unique_ptr<MirCookie> make_cookie(std::vector<uint8_t> const& blob) = 0;
---

---

auto new_cookie = new uint8_t[old_ev->motion.cookie.size()];
        memcpy(new_cookie, old_ev->motion.cookie.data(), old_ev->motion.cookie.size());
        return reinterpret_cast<MirCookie*>(new_cookie);
----
I would prefer:

class MirCookie
{
public:
    MirCookie(mir::cookie::blob const& blob);
    
    void copy_to(void* buffer, size_t size);
    
private:
    mir::cookie::blob blob;
};

MirCookie::MirCookie(mir::cookie::blob const& blob)
    : blob{blobl}
    {}
    
MirCookie::copy_to(void* buffer, size_t size)
{
    mir::require(size == mir::cookie::default_blob_size);
    memcpy(buffer, cookie, size);
}

auto cookie = new MirCookie(old_ev->motion.cookie);
return cookie;

---
mir::cookie::array_size => mir::cookie::default_blob_size;
---

---
void mir_cookie_copy_to_buffer(MirCookie const* cookie, void* buffer, size_t size)
{
    mir::require(size == mir::cookie::array_size);
    memcpy(buffer, cookie, size);
}
---

---
marsharlled_cookie => marshalled_cookie

review: Needs Fixing

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2016-01-21:

#

+#include "mir/cookie_array.h"

Seeing this caused me to notice an existing issue:

It really ought reflect the "namespace == directory" convention used elsewhere: #include "mir/cookie/array.h"

Not sure if we should fix, or just live with it as "mir/cookie_factory.h" is pre-existing.

review: Needs Information

Revision history for this message

Alberto Aguirre (albaguirre) wrote on 2016-01-21:

#

Oops on the last one I meant:

---
void mir_cookie_copy_to_buffer(MirCookie const* cookie, void* buffer, size_t size)
{
mir::require(size == mir::cookie::array_size);
memcpy(buffer, cookie, size);
}
---

With a client side MirCookie class suggested above would just become:
void mir_cookie_copy_to_buffer(MirCookie const* cookie, void* buffer, size_t size)
{
return cookie->copy_to(buffer, size);
}

and mir_cookie_release turns into:

+void mir_cookie_release(MirCookie const* cookie)
{
delete cookie;
}

review: Needs Fixing

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-21:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6098/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-22:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6100/rebuild

review: Approve (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-22:

#

FAILED: Continuous integration, rev:3276
https://mir-jenkins.ubuntu.com/job/mir-ci/125/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/125/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/125/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-22:

#

FAILED: Continuous integration, rev:3276
http://jenkins.qa.ubuntu.com/job/mir-ci/6105/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5655/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4562/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5611/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/429/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/429/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5608/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6105/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-22:

#

PASSED: Continuous integration, rev:3277
https://mir-jenkins.ubuntu.com/job/mir-ci/126/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/126/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/126/rebuild

review: Approve (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-22:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6106/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-22:

#

PASSED: Continuous integration, rev:3278
https://mir-jenkins.ubuntu.com/job/mir-ci/127/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/127/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/127/rebuild

review: Approve (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-22:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6107/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-22:

#

PASSED: Continuous integration, rev:3279
https://mir-jenkins.ubuntu.com/job/mir-ci/128/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/128/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/128/rebuild

review: Approve (continuous-integration)

Revision history for this message

Alberto Aguirre (albaguirre) wrote on 2016-01-22:

#

LGTM.

review: Approve

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-22:

#

FAILED: Continuous integration, rev:3281
https://mir-jenkins.ubuntu.com/job/mir-ci/130/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/130/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/130/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-22:

#

PASSED: Continuous integration, rev:3285
https://mir-jenkins.ubuntu.com/job/mir-ci/132/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/131/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/132/rebuild

review: Approve (continuous-integration)

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2016-01-22:

#

+/* Queries the size needed to serialize a given cookie
+ *
+ * \params[in] cookie A cookie instance
+ * \return The size of the serialized representation of the given cookie
+ */
+size_t mir_cookie_size(MirCookie const* cookie);

Would mir_cookie_buffer_size() be a clearer name?

~~~~

+/* Create a cookie from a serialized representation
+ *
+ * \pre The size must be equal to mir_cookie_size
+ * \params[in] buffer The buffer containing a serialized cookie.
+ * The buffer may be freed immediately after this call.
+ * \return A MirCookie instance. The instance must be released
+ with a call to mir_cookie_release.
+ */
+MirCookie const* mir_cookie_from_buffer(void const* buffer, size_t size);

The precondition is impossible for the client to check - mir_cookie_size() takes a parameter that isn't (in the general case) available to the client.

Perhaps we should drop the cookie parameter from mir_cookie_size()? Or do we expect different cookies to have different sizes?

~~~~

+class Cookie
+{
+public:
+ virtual ~Cookie() = default;
+
+ /**
+ * Returns the timestamp that the cookie is built with
+ *
+ * \return The timestamp
+ */
+ virtual uint64_t timestamp() const = 0;
+
+ /**
+ * Converts the cookie into a stream of bytes.
+ *
+ * \return The stream of bytes formatted
+ */
+ virtual std::vector<uint8_t> serialize() const = 0;
+};

interfaces should delete CopyAssign

~~~~

- void raise_surface_with_timestamp(
+ void raise_surface(

Is this API break necessary? It will break downstreams. (And is how it motivated by the purpose of this MP?)

~~~~

inline mir::cookie::Blob const& getCookie() const { return mCookie; }

so getCookie() returns a blob? Confusing! "getCookieAsBlob()"?

review: Needs Fixing

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2016-01-22:

#

Non-blocking questions and comments:

mev::make_event(MirInputDeviceId(android_event->getDeviceId()),
kev->getEventTime(),
- kev->getMac(),
+ {std::begin(cookie), std::end(cookie)},
mia::mir_keyboard_action_from_android(kev->getAction(), kev->getRepeatCount()),
kev->getKeyCode(),
kev->getScanCode(),

Why do we need to create a "std::vector<uint8_t>" temporary from a blob (called "cookie"!)? What stops make_event taking a blob const&?

~~~~

+ MirCookie() = delete;

What advantage is there for disabling default construction?

~~~~

+#include "cookie.h"

We usually write the full path in public headers. Vis:

#include "mir/cookie/cookie.h"

~~~~

+ * \return A unique_ptr Authority

I don't think it useful to mention unique_ptr in the doc comment. (And you don't do it consistently.)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-22:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6108/rebuild

review: Approve (continuous-integration)

Revision history for this message

Brandon Schaefer (brandontschaefer) wrote on 2016-01-22:

#

> +/* Queries the size needed to serialize a given cookie
> + *
> + * \params[in] cookie A cookie instance
> + * \return The size of the serialized representation of the given
> cookie
> + */
> +size_t mir_cookie_size(MirCookie const* cookie);
>
> Would mir_cookie_buffer_size() be a clearer name?
>
> ~~~~

Yes it would. Changing.

>
> +/* Create a cookie from a serialized representation
> + *
> + * \pre The size must be equal to mir_cookie_size
> + * \params[in] buffer The buffer containing a serialized cookie.
> + * The buffer may be freed immediately after this call.
> + * \return A MirCookie instance. The instance must be released
> + with a call to mir_cookie_release.
> + */
> +MirCookie const* mir_cookie_from_buffer(void const* buffer, size_t size);
>
> The precondition is impossible for the client to check - mir_cookie_size()
> takes a parameter that isn't (in the general case) available to the client.
>
> Perhaps we should drop the cookie parameter from mir_cookie_size()? Or do we
> expect different cookies to have different sizes?
>
> ~~~~

While atm the cookie size is consistent, the cookie size is dependent on the cookie authority implementation.

As far as the size, the size for the buffer *must* be mir_cookie_size() and it *must* get that size to allocate said buffer. The only way they could have gotten an allocated buffer, would be by querying the size. So I would think its up to the user to pass the size_t size around which MUST be equal to the mir_cookie_size at one point.

>
> +class Cookie
> +{
> +public:
> + virtual ~Cookie() = default;
> +
> + /**
> + * Returns the timestamp that the cookie is built with
> + *
> + * \return The timestamp
> + */
> + virtual uint64_t timestamp() const = 0;
> +
> + /**
> + * Converts the cookie into a stream of bytes.
> + *
> + * \return The stream of bytes formatted
> + */
> + virtual std::vector<uint8_t> serialize() const = 0;
> +};
>
> interfaces should delete CopyAssign
>
> ~~~~

Reasonable, Changing.

>
> - void raise_surface_with_timestamp(
> + void raise_surface(
>
> Is this API break necessary? It will break downstreams. (And is how it
> motivated by the purpose of this MP?)
>
> ~~~~

This API is new, (was removed from the API before the 0.18 release). So just trying to get the correct name for it.
>
> inline mir::cookie::Blob const& getCookie() const { return mCookie; }
>
> so getCookie() returns a blob? Confusing! "getCookieAsBlob()"?

Very confusing, and yes Ill go through and rename that.

> +/* Queries the size needed to serialize a given cookie
> + *
> + * \params[in] cookie A cookie instance
> + * \return            The size of the serialized representation of the given
> cookie
> + */
> +size_t mir_cookie_size(MirCookie const* cookie);
> 
> Would mir_cookie_buffer_size() be a clearer name?
> 
> ~~~~

Yes it would. Changing.

> 
> +/* Create a cookie from a serialized representation
> + *
> + * \pre The size must be equal to mir_cookie_size
> + * \params[in] buffer The buffer containing a serialized cookie.
> + *                    The buffer may be freed immediately after this call.
> + * \return            A MirCookie instance. The instance must be released
> +                      with a call to mir_cookie_release.
> + */
> +MirCookie const* mir_cookie_from_buffer(void const* buffer, size_t size);
> 
> The precondition is impossible for the client to check - mir_cookie_size()
> takes a parameter that isn't (in the general case) available to the client.
> 
> Perhaps we should drop the cookie parameter from mir_cookie_size()? Or do we
> expect different cookies to have different sizes?
> 
> ~~~~

While atm the cookie size is consistent, the cookie size is dependent on the cookie authority implementation.

As far as the size, the size for the buffer *must* be mir_cookie_size() and it *must* get that size to allocate said buffer. The only way they could have gotten an allocated buffer, would be by querying the size. So I would think its up to the user to pass the size_t size around which MUST be equal to the mir_cookie_size at one point.

> 
> +class Cookie
> +{
> +public:
> +    virtual ~Cookie() = default;
> +
> +    /**
> +    *  Returns the timestamp that the cookie is built with
> +    *
> +    *  \return  The timestamp
> +    */
> +    virtual uint64_t timestamp() const = 0;
> +
> +    /**
> +    *  Converts the cookie into a stream of bytes.
> +    *
> +    *  \return  The stream of bytes formatted
> +    */
> +    virtual std::vector<uint8_t> serialize() const = 0;
> +};
> 
> interfaces should delete CopyAssign
> 
> ~~~~

Reasonable, Changing.

> 
> -    void raise_surface_with_timestamp(
> + void raise_surface(
> 
> Is this API break necessary? It will break downstreams. (And is how it
> motivated by the purpose of  this MP?)
> 
> ~~~~

This API is new, (was removed from the API before the 0.18 release). So just trying to get the correct name for it.
> 
> inline mir::cookie::Blob const& getCookie() const { return mCookie; }
> 
> so getCookie() returns a blob? Confusing! "getCookieAsBlob()"?

Very confusing, and yes Ill go through and rename that.

Revision history for this message

Brandon Schaefer (brandontschaefer) wrote on 2016-01-22:

#

> Non-blocking questions and comments:
>
> mev::make_event(MirInputDeviceId(android_event->getDeviceId()),
> kev->getEventTime(),
> - kev->getMac(),
> + {std::begin(cookie), std::end(cookie)},
> mia::mir_keyboard_action_from_android(kev->getAction(),
> kev->getRepeatCount()),
> kev->getKeyCode(),
> kev->getScanCode(),
>
> Why do we need to create a "std::vector<uint8_t>" temporary from a blob
> (called "cookie"!)? What stops make_event taking a blob const&?
>
> ~~~~
>

Since blob const& is a std::array<uint8_t, 17> and the event_builder.h is c++ public API. Since its a public API I move back to std::array so we dont depend on a fix size for the cookie.
> + MirCookie() = delete;
>
> What advantage is there for disabling default construction?
>
>
> ~~~~
>
> +#include "cookie.h"
>
> We usually write the full path in public headers. Vis:
>
> #include "mir/cookie/cookie.h"
>
> ~~~~

Makes sesne, and reads better. Changing.

>
> + * \return A unique_ptr Authority
>
> I don't think it useful to mention unique_ptr in the doc comment. (And you
> don't do it consistently.)

Changing.

Revision history for this message

Brandon Schaefer (brandontschaefer) wrote on 2016-01-22:

#

> MirCookie() = delete;
> What advantage is there for disabling default construction?

Mainly to force the creation of only valid MirCookies. So if we ever get one we know it must have been created through one of its explicit CTOR.

Revision history for this message

Andreas Pokorny (andreas-pokorny) wrote on 2016-01-22:

#

From what I see at the ClientCookies fixture. The test body does not wait for the client surface to be exposed and focused. So there is a chance that the SurfaceInputDispatcher does not forward the event to the client. I.e. you could cut some code out of the TestClientInput fixture. CI does not seem to affected by that problem, so you might as well do that some time after the release.

Is there a reason why you do not throw SecurityCheckErrors with BOOST_THROW_EXCEPTION?

review: Needs Information

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-22:

#

PASSED: Continuous integration, rev:3286
https://mir-jenkins.ubuntu.com/job/mir-ci/136/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/136/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/136/rebuild

review: Approve (continuous-integration)

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2016-01-22:

#

+MirCookie const* mir_cookie_from_buffer(void const* buffer, size_t size)
+{
+ if (size != mir::cookie::default_blob_size)
+ return NULL;
+
+ return new MirCookie(buffer, size);
+}

While it is extremely unlikely for operator new() (or any of the other code currently invoked here) to throw I think we should trap exceptions and not allow them to propagate from a C API.

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2016-01-22:

#

> Is there a reason why you do not throw SecurityCheckErrors with
> BOOST_THROW_EXCEPTION?

review: Needs Fixing

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2016-01-22:

#

> > Is there a reason why you do not throw SecurityCheckErrors with
> > BOOST_THROW_EXCEPTION?

Rats! the code changed while I was reading it.

review: Abstain

Revision history for this message

Brandon Schaefer (brandontschaefer) wrote on 2016-01-22:

#

> +MirCookie const* mir_cookie_from_buffer(void const* buffer, size_t size)
> +{
> + if (size != mir::cookie::default_blob_size)
> + return NULL;
> +
> + return new MirCookie(buffer, size);
> +}
>
> While it is extremely unlikely for operator new() (or any of the other code
> currently invoked here) to throw I think we should trap exceptions and not
> allow them to propagate from a C API.

Fixed!

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-22:

#

PASSED: Continuous integration, rev:3287
https://mir-jenkins.ubuntu.com/job/mir-ci/137/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/137/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/137/rebuild

review: Approve (continuous-integration)

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2016-01-22:

#

I've looked at this code too many times today to approve it. I'm not seeing what is there anymore.

review: Abstain

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-22:

#

PASSED: Continuous integration, rev:3289
https://mir-jenkins.ubuntu.com/job/mir-ci/138/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/138/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/138/rebuild

review: Approve (continuous-integration)

Revision history for this message

Alexandros Frantzis (afrantzis) wrote on 2016-01-22:

#

A first pass:

+ static std::unique_ptr<Authority> create_saving(Secret& save_secret);

The name 'create_saving' is not very clear.

+ std::copy_n(std::begin(cookie), cookie.size(), std::begin(kev.cookie));

The code as written could overflow the kev.cookie array.

+#include "../mir_cookie.h"

We generally try to avoid pulling headers from parent directories (but it's not a dealbreaker, and it seems we are doing it more on the client side).

review: Needs Fixing

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-22:

#

FAILED: Continuous integration, rev:3290
https://mir-jenkins.ubuntu.com/job/mir-ci/139/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/139/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/139/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-22:

#

FAILED: Continuous integration, rev:3291
https://mir-jenkins.ubuntu.com/job/mir-ci/141/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/141/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/141/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-22:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6111/rebuild

review: Approve (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-22:

#

FAILED: Continuous integration, rev:3292
https://mir-jenkins.ubuntu.com/job/mir-ci/142/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/142/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/142/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-23:

#

FAILED: Continuous integration, rev:3291
http://jenkins.qa.ubuntu.com/job/mir-ci/6114/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5667/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4574/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5623/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/438/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/438/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5620/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6114/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-23:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6115/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-23:

#

FAILED: Continuous integration, rev:3293
https://mir-jenkins.ubuntu.com/job/mir-ci/143/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/143/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/143/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-23:

#

FAILED: Continuous integration, rev:3293
http://jenkins.qa.ubuntu.com/job/mir-ci/6116/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5671/console
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4578
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5627/console
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/440
        deb: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/440/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/440
        deb: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/440/artifact/work/output/*zip*/output.zip
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5624/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6116/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-23:

#

FAILED: Continuous integration, rev:3294
https://mir-jenkins.ubuntu.com/job/mir-ci/144/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/144/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/144/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-23:

#

PASSED: Continuous integration, rev:3296
https://mir-jenkins.ubuntu.com/job/mir-ci/145/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/145/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/145/rebuild

review: Approve (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-23:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6117/rebuild

review: Approve (continuous-integration)

Revision history for this message

Andreas Pokorny (andreas-pokorny) wrote on 2016-01-23:

#

ok you resolved everything i saw in this or the upcoming MP

review: Approve

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2016-01-25:

#

@"* I guess gcc 4.* assume const for auto = make_unique<..> which causes issues when attempting to return a derived class to a base class. You cannot return a const unique_ptr since it cannot be std::moved"

I guess you're wrong: that would make auto support implausibly broken.

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2016-01-25:

#

+ * NULL will be returned if the buffer and size dont describe

s/dont/don't/

~~~~

+ * Construction function used to create a Authority. The secret size must be

s/a Authority/an Authority/

~~~~

+ // TODO Soon to be removed!
+ static std::unique_ptr<Authority> create_saving(Secret& save_secret);

Why?

~~~~

/// Sets an override functor for creating the cookie factory.

s/factory/authority/

~~~~

+ mir::cookie::Blob copy_vector_to_cookie_blob(std::vector<uint8_t> const& vector)

It's local to the TU, so I wouldn't block, but I'd reserve "copy" for functions that take a target. I'd call it something like "as_blob".

review: Needs Fixing

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2016-01-25:

#

This introduces a number of FIXME/TODO comments, without it being clear when or why they will addressed.

Revision history for this message

Brandon Schaefer (brandontschaefer) wrote on 2016-01-25:

#

> This introduces a number of FIXME/TODO comments, without it being clear when
> or why they will addressed.

All removed in this branch:
https://code.launchpad.net/~mir-team/mir/160-bit-finally/+merge/283751

Revision history for this message

Brandon Schaefer (brandontschaefer) wrote on 2016-01-25:

#

> @"* I guess gcc 4.* assume const for auto = make_unique<..> which causes
> issues when attempting to return a derived class to a base class. You cannot
> return a const unique_ptr since it cannot be std::moved"
>
> I guess you're wrong: that would make auto support implausibly broken.

Re looking at the compiler error... just looks like problem with implicit conversions? Not sure how removing the auto fixed it for me now though :(
https://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4576/console

Revision history for this message

Brandon Schaefer (brandontschaefer) wrote on 2016-01-25:

#

> + * NULL will be returned if the buffer and size dont describe
>
> s/dont/don't/
>
> ~~~~
Fixing

>
> + * Construction function used to create a Authority. The secret size must be
>
> s/a Authority/an Authority/
>
> ~~~~
Fixing

>
> + // TODO Soon to be removed!
> + static std::unique_ptr<Authority> create_saving(Secret& save_secret);
>
> Why?
>
> ~~~~
Hmm that fixme shouldnt be there anymore? The reason was because we were going to create a lazy creation method for the secret. So we didnt depend on it on boot. Which ill be making a branch soon for that even though we've a work around in USC for the moment.
>
> /// Sets an override functor for creating the cookie factory.
>
> s/factory/authority/
>
> ~~~~
Fixing.
>
> + mir::cookie::Blob copy_vector_to_cookie_blob(std::vector<uint8_t> const&
> vector)
>
> It's local to the TU, so I wouldn't block, but I'd reserve "copy" for
> functions that take a target. I'd call it something like "as_blob".

Sounds good, fixing!

Revision history for this message

Brandon Schaefer (brandontschaefer) wrote on 2016-01-25:

#

>+ // TODO Soon to be removed!
>+ static std::unique_ptr<Authority> create_saving(Secret& save_secret);
>
>Why?

Opps its a TODO, and yeah removed that this branch no need to have that TODO, and ill be address it very soon!

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2016-01-25:

#

PASSED: Continuous integration, rev:3297
https://mir-jenkins.ubuntu.com/job/mir-ci/151/
Executed test runs:
None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/151/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/151/rebuild

review: Approve (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-25:

#

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6123/rebuild

review: Approve (continuous-integration)

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2016-01-25:

#

Doc fixes have been applied.

review: Abstain

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-25:

#

review: Needs Fixing (continuous-integration)

Revision history for this message

Alberto Aguirre (albaguirre) wrote on 2016-01-25:

#

^-Network hiccup

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-26:

#

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2016-01-26:

#

review: Needs Fixing (continuous-integration)

Revision history for this message

PS Jenkins bot (ps-jenkins) on 2016-01-26:

#

review: Approve (continuous-integration)

Mir

Merge lp:~mir-team/mir/public-cookie-api into lp:mir

Commit message

Description of the change

Preview Diff

Subscribers

 === modified file '3rd_party/CMakeLists.txt'
 --- 3rd_party/CMakeLists.txt	2016-01-20 23:59:18 +0000
 +++ 3rd_party/CMakeLists.txt	2016-01-25 13:42:04 +0000
@@ -11,6 +11,7 @@
  set(MIR_INPUT_ANDROID_COMPILE_FLAGS ${MIR_INPUT_ANDROID_COMPILE_FLAGS}
    PARENT_SCOPE)
++include_directories(${PROJECT_SOURCE_DIR}/src/include/cookie)
  include_directories(${PROJECT_SOURCE_DIR}/src/include/common)
  include_directories(${PROJECT_SOURCE_DIR}/src/include/platform)
  include_directories(${CMAKE_CURRENT_SOURCE_DIR}/android-deps)
 === modified file '3rd_party/android-input/android/frameworks/base/include/androidfw/Input.h'
 --- 3rd_party/android-input/android/frameworks/base/include/androidfw/Input.h	2016-01-20 23:59:18 +0000
 +++ 3rd_party/android-input/android/frameworks/base/include/androidfw/Input.h	2016-01-25 13:42:04 +0000
@@ -31,6 +31,8 @@
  #include <chrono>
++#include "mir/cookie/blob.h"
++
  #ifdef HAVE_ANDROID_OS
  class SkMatrix;
  #endif
@@ -276,7 +278,7 @@
      inline int32_t getRepeatCount() const { return mRepeatCount; }
--    inline uint64_t getMac() const { return mMac; }
++    inline mir::cookie::Blob const& getCookieAsBlob() const { return mCookieBlob; }
      inline std::chrono::nanoseconds getDownTime() const { return mDownTime; }
@@ -299,7 +301,7 @@
              int32_t scanCode,
              int32_t metaState,
              int32_t repeatCount,
--            uint64_t mac,
++            mir::cookie::Blob const& cookie,
              std::chrono::nanoseconds downTime,
              std::chrono::nanoseconds eventTime);
      void initialize(const KeyEvent& from);
@@ -311,7 +313,7 @@
      int32_t mScanCode;
      int32_t mMetaState;
      int32_t mRepeatCount;
--    uint64_t mMac;
++    mir::cookie::Blob mCookieBlob;
      std::chrono::nanoseconds mDownTime;
      std::chrono::nanoseconds mEventTime;
  };
@@ -358,7 +360,7 @@
      inline float getYPrecision() const { return mYPrecision; }
--    inline uint64_t getMac() const { return mMac; }
++    inline mir::cookie::Blob const& getCookieAsBlob() const { return mCookieBlob; }
      inline std::chrono::nanoseconds getDownTime() const { return mDownTime; }
@@ -513,7 +515,7 @@
              float yOffset,
              float xPrecision,
              float yPrecision,
--            uint64_t mac,
++            mir::cookie::Blob const& cookie,
              std::chrono::nanoseconds downTime,
              std::chrono::nanoseconds eventTime,
              size_t pointerCount,
@@ -561,7 +563,7 @@
      float mYOffset;
      float mXPrecision;
      float mYPrecision;
--    uint64_t mMac;
++    mir::cookie::Blob mCookieBlob;
      std::chrono::nanoseconds mDownTime;
      Vector<PointerProperties> mPointerProperties;
      Vector<std::chrono::nanoseconds> mSampleEventTimes;
 === modified file '3rd_party/android-input/android/frameworks/base/include/androidfw/InputTransport.h'
 --- 3rd_party/android-input/android/frameworks/base/include/androidfw/InputTransport.h	2016-01-20 23:59:18 +0000
 +++ 3rd_party/android-input/android/frameworks/base/include/androidfw/InputTransport.h	2016-01-25 13:42:04 +0000
@@ -62,7 +62,7 @@
          struct Key {
              uint32_t seq;
              int64_t eventTime;
--            uint64_t mac;
++            mir::cookie::Blob cookieBlob;
              int32_t deviceId;
              int32_t source;
              int32_t action;
@@ -81,7 +81,7 @@
          struct Motion {
              uint32_t seq;
              int64_t eventTime;
--            uint64_t mac;
++            mir::cookie::Blob cookieBlob;
              int32_t deviceId;
              int32_t source;
              int32_t action;
@@ -212,7 +212,7 @@
              int32_t scanCode,
              int32_t metaState,
              int32_t repeatCount,
--            uint64_t mac,
++            mir::cookie::Blob const& cookieBlob,
              std::chrono::nanoseconds downTime,
              std::chrono::nanoseconds eventTime);
@@ -237,7 +237,7 @@
              float yOffset,
              float xPrecision,
              float yPrecision,
--            uint64_t mac,
++            mir::cookie::Blob const& cookieBlob,
              std::chrono::nanoseconds downTime,
              std::chrono::nanoseconds eventTime,
              size_t pointerCount,
 === modified file '3rd_party/android-input/android/frameworks/base/services/input/Input.cpp'
 --- 3rd_party/android-input/android/frameworks/base/services/input/Input.cpp	2016-01-20 23:59:18 +0000
 +++ 3rd_party/android-input/android/frameworks/base/services/input/Input.cpp	2016-01-25 13:42:04 +0000
@@ -127,7 +127,7 @@
          int32_t scanCode,
          int32_t metaState,
          int32_t repeatCount,
--        uint64_t mac,
++        mir::cookie::Blob const& cookieBlob,
          std::chrono::nanoseconds downTime,
          std::chrono::nanoseconds eventTime) {
      InputEvent::initialize(deviceId, source);
@@ -137,7 +137,7 @@
      mScanCode = scanCode;
      mMetaState = metaState;
      mRepeatCount = repeatCount;
--    mMac = mac;
++    mCookieBlob = cookieBlob;
      mDownTime = downTime;
      mEventTime = eventTime;
+ }
@@ -150,7 +150,7 @@
      mScanCode = from.mScanCode;
      mMetaState = from.mMetaState;
      mRepeatCount = from.mRepeatCount;
--    mMac = from.mMac;
++    mCookieBlob = from.mCookieBlob;
      mDownTime = from.mDownTime;
      mEventTime = from.mEventTime;
+ }
@@ -294,7 +294,7 @@
          float yOffset,
          float xPrecision,
          float yPrecision,
--        uint64_t mac,
++        mir::cookie::Blob const& cookieBlob,
          std::chrono::nanoseconds downTime,
          std::chrono::nanoseconds eventTime,
          size_t pointerCount,
@@ -310,7 +310,7 @@
      mYOffset = yOffset;
      mXPrecision = xPrecision;
      mYPrecision = yPrecision;
--    mMac = mac;
++    mCookieBlob = cookieBlob;
      mDownTime = downTime;
      mPointerProperties.clear();
      mPointerProperties.appendArray(pointerProperties, pointerCount);
@@ -330,7 +330,7 @@
      mYOffset = other->mYOffset;
      mXPrecision = other->mXPrecision;
      mYPrecision = other->mYPrecision;
--    mMac = other->mMac;
++    mCookieBlob = other->mCookieBlob;
      mDownTime = other->mDownTime;
      mPointerProperties = other->mPointerProperties;
 === modified file '3rd_party/android-input/android/frameworks/base/services/input/InputTransport.cpp'
 --- 3rd_party/android-input/android/frameworks/base/services/input/InputTransport.cpp	2016-01-20 23:59:18 +0000
 +++ 3rd_party/android-input/android/frameworks/base/services/input/InputTransport.cpp	2016-01-25 13:42:04 +0000
@@ -236,16 +236,16 @@
          int32_t scanCode,
          int32_t metaState,
          int32_t repeatCount,
--        uint64_t mac,
++        mir::cookie::Blob const& cookieBlob,
          std::chrono::nanoseconds downTime,
          std::chrono::nanoseconds eventTime) {
  #if DEBUG_TRANSPORT_ACTIONS
      ALOGD("channel '%s' publisher ~ publishKeyEvent: seq=%u, deviceId=%d, source=0x%x, "
              "action=0x%x, flags=0x%x, keyCode=%d, scanCode=%d, metaState=0x%x, repeatCount=%d,"
--            "mac=%lu, downTime=%lld, eventTime=%lld",
++            "downTime=%lld, eventTime=%lld",
              c_str(mChannel->getName()), seq,
              deviceId, source, action, flags, keyCode, scanCode, metaState, repeatCount,
--            mac, downTime, eventTime);
++            downTime, eventTime);
  #endif
      if (!seq) {
@@ -264,7 +264,7 @@
      msg.body.key.scanCode = scanCode;
      msg.body.key.metaState = metaState;
      msg.body.key.repeatCount = repeatCount;
--    msg.body.key.mac = mac;
++    msg.body.key.cookieBlob = cookieBlob;
      msg.body.key.downTime = downTime.count();
      msg.body.key.eventTime = eventTime.count();
      return mChannel->sendMessage(&msg);
@@ -283,7 +283,7 @@
          float yOffset,
          float xPrecision,
          float yPrecision,
--        uint64_t mac,
++        mir::cookie::Blob const& cookieBlob,
          std::chrono::nanoseconds downTime,
          std::chrono::nanoseconds eventTime,
          size_t pointerCount,
@@ -293,11 +293,11 @@
      ALOGD("channel '%s' publisher ~ publishMotionEvent: seq=%u, deviceId=%d, source=0x%x, "
              "action=0x%x, flags=0x%x, edgeFlags=0x%x, metaState=0x%x, buttonState=0x%x, "
              "xOffset=%f, yOffset=%f, "
--            "xPrecision=%f, yPrecision=%f, mac=%lu, "
++            "xPrecision=%f, yPrecision=%f,"
              "downTime=%lld, eventTime=%lld, pointerCount=%d",
              c_str(mChannel->getName()), seq,
              deviceId, source, action, flags, edgeFlags, metaState, buttonState,
--            xOffset, yOffset, xPrecision, yPrecision, mac, downTime, eventTime, pointerCount);
++            xOffset, yOffset, xPrecision, yPrecision, downTime, eventTime, pointerCount);
  #endif
      if (!seq) {
@@ -325,7 +325,7 @@
      msg.body.motion.yOffset = yOffset;
      msg.body.motion.xPrecision = xPrecision;
      msg.body.motion.yPrecision = yPrecision;
--    msg.body.motion.mac = mac;
++    msg.body.motion.cookieBlob = cookieBlob;
      msg.body.motion.downTime = downTime.count();
      msg.body.motion.eventTime = eventTime.count();
      msg.body.motion.pointerCount = pointerCount;
@@ -882,7 +882,7 @@
              msg->body.key.scanCode,
              msg->body.key.metaState,
              msg->body.key.repeatCount,
--            msg->body.key.mac,
++            msg->body.key.cookieBlob,
              std::chrono::nanoseconds(msg->body.key.downTime),
              std::chrono::nanoseconds(msg->body.key.eventTime));
+ }
@@ -908,7 +908,7 @@
              msg->body.motion.yOffset,
              msg->body.motion.xPrecision,
              msg->body.motion.yPrecision,
--            msg->body.motion.mac,
++            msg->body.motion.cookieBlob,
              std::chrono::nanoseconds(msg->body.motion.downTime),
              std::chrono::nanoseconds(msg->body.motion.eventTime),
              pointerCount,
 === modified file 'debian/control'
 --- debian/control	2016-01-21 23:54:16 +0000
 +++ debian/control	2016-01-25 13:42:04 +0000
@@ -420,7 +420,7 @@
   This package depends on a full set of graphics drivers for running Mir on top
   of an existing Android driver stack.
--Package: libmircookie1
++Package: libmircookie2
  Section: libs
  Architecture: any
  Multi-Arch: same
@@ -439,7 +439,7 @@
  Architecture: any
  Multi-Arch: same
  Pre-Depends: ${misc:Pre-Depends}
--Depends: libmircookie1 (= ${binary:Version}),
++Depends: libmircookie2 (= ${binary:Version}),
           ${misc:Depends},
  Description: Produce and verify spoof-resistant timestamps - development headers
   libmircookie provides a simple mechanism for a group of cooperating processes
 === renamed file 'debian/libmircookie1.install' => 'debian/libmircookie2.install'
 --- debian/libmircookie1.install	2015-09-08 21:22:41 +0000
 +++ debian/libmircookie2.install	2016-01-25 13:42:04 +0000
@@ -1,1 +1,1 @@
--/usr/lib/*/libmircookie.so.1
++/usr/lib/*/libmircookie.so.2
 === modified file 'include/client/mir/events/event_builders.h'
 --- include/client/mir/events/event_builders.h	2016-01-23 03:16:06 +0000
 +++ include/client/mir/events/event_builders.h	2016-01-25 13:42:04 +0000
@@ -28,6 +28,7 @@
  #include <memory>
  #include <functional>
  #include <chrono>
++#include <vector>
  namespace mir
+ {
@@ -58,13 +59,18 @@
  // Key event
  EventUPtr make_event(MirInputDeviceId device_id, std::chrono::nanoseconds timestamp,
--    uint64_t mac, MirKeyboardAction action, xkb_keysym_t key_code,
++    std::vector<uint8_t> const& cookie, MirKeyboardAction action, xkb_keysym_t key_code,
      int scan_code, MirInputEventModifiers modifiers);
  void set_modifier(MirEvent& event, MirInputEventModifiers modifiers);
  void set_cursor_position(MirEvent& event, mir::geometry::Point const& pos);
  void set_button_state(MirEvent& event, MirPointerButtons button_state);
++// Deprecated version with uint64_t mac
++EventUPtr make_event(MirInputDeviceId device_id, std::chrono::nanoseconds timestamp,
++    uint64_t mac, MirKeyboardAction action, xkb_keysym_t key_code,
++    int scan_code, MirInputEventModifiers modifiers) __attribute__ ((deprecated));
++
  // Deprecated version without mac
  EventUPtr make_event(MirInputDeviceId device_id, std::chrono::nanoseconds timestamp,
      MirKeyboardAction action, xkb_keysym_t key_code,
@@ -72,7 +78,11 @@
  // Touch event
  EventUPtr make_event(MirInputDeviceId device_id, std::chrono::nanoseconds timestamp,
--    uint64_t mac, MirInputEventModifiers modifiers);
++    std::vector<uint8_t> const& mac, MirInputEventModifiers modifiers);
++
++// Deprecated version with uint64_t mac
++EventUPtr make_event(MirInputDeviceId device_id, std::chrono::nanoseconds timestamp,
++    uint64_t mac, MirInputEventModifiers modifiers) __attribute__ ((deprecated));
  // Deprecated version without mac
  EventUPtr make_event(MirInputDeviceId device_id, std::chrono::nanoseconds timestamp,
@@ -98,12 +108,20 @@
      float hscroll_value, float vscroll_value) __attribute__ ((deprecated));
  EventUPtr make_event(MirInputDeviceId device_id, std::chrono::nanoseconds timestamp,
--    uint64_t mac, MirInputEventModifiers modifiers, MirPointerAction action,
++    std::vector<uint8_t> const& mac, MirInputEventModifiers modifiers, MirPointerAction action,
      MirPointerButtons buttons_pressed,
      float x_axis_value, float y_axis_value,
      float hscroll_value, float vscroll_value,
      float relative_x_value, float relative_y_value);
++// Deprecated version with uint64_t mac
++EventUPtr make_event(MirInputDeviceId device_id, std::chrono::nanoseconds timestamp,
++    uint64_t mac, MirInputEventModifiers modifiers, MirPointerAction action,
++    MirPointerButtons buttons_pressed,
++    float x_axis_value, float y_axis_value,
++    float hscroll_value, float vscroll_value,
++    float relative_x_value, float relative_y_value) __attribute__ ((deprecated));
++
  // Deprecated version without mac
  EventUPtr make_event(MirInputDeviceId device_id, std::chrono::nanoseconds timestamp,
      MirInputEventModifiers modifiers, MirPointerAction action,
 === modified file 'include/client/mir_toolkit/events/event.h'
 --- include/client/mir_toolkit/events/event.h	2016-01-22 19:03:16 +0000
 +++ include/client/mir_toolkit/events/event.h	2016-01-25 13:42:04 +0000
@@ -58,6 +58,8 @@
  typedef struct MirInputConfigurationEvent MirInputConfigurationEvent;
  typedef struct MirSurfaceOutputEvent MirSurfaceOutputEvent;
++typedef struct MirCookie MirCookie;
++
  typedef union MirEvent MirEvent;
  #ifdef __cplusplus
 === modified file 'include/client/mir_toolkit/events/input/input_event.h'
 --- include/client/mir_toolkit/events/input/input_event.h	2016-01-20 23:59:18 +0000
 +++ include/client/mir_toolkit/events/input/input_event.h	2016-01-25 13:42:04 +0000
@@ -1,5 +1,5 @@
  /*
-- * Copyright © 2014 Canonical Ltd.
++ * Copyright © 2014-2016 Canonical Ltd.
+  *
   * This program is free software: you can redistribute it and/or modify it
   * under the terms of the GNU Lesser General Public License version 3,
@@ -22,6 +22,7 @@
  #include "mir_toolkit/events/event.h"
  #include <stdint.h>
++#include <stdbool.h>
  #ifdef __cplusplus
  /**
@@ -132,6 +133,22 @@
   */
  MirPointerEvent const* mir_input_event_get_pointer_event(MirInputEvent const* ev);
++/* Query if an input event contains a cookie
++ *
++ * \params[in] ev The input event
++ * \return        True if the input event contains a cookie
++ */
++bool mir_input_event_has_cookie(MirInputEvent const* ev);
++
++/* Returns the cookie associated with an input event.
++ *
++ * \pre The input event must have a MirCookie
++ * \params[in] ev An input event
++ * \return        The cookie associated with the given input event
++ *                The cookie must be released by calling mir_cookie_release
++ */
++MirCookie const* mir_input_event_get_cookie(MirInputEvent const* ev);
++
  #ifdef __cplusplus
+ }
  /**@}*/
 === modified file 'include/client/mir_toolkit/mir_client_library.h'
 --- include/client/mir_toolkit/mir_client_library.h	2015-04-28 07:54:10 +0000
 +++ include/client/mir_toolkit/mir_client_library.h	2016-01-25 13:42:04 +0000
@@ -25,5 +25,6 @@
  #include <mir_toolkit/version.h>
  #include <mir_toolkit/mir_platform_message.h>
  #include <mir_toolkit/cursors.h>
++#include <mir_toolkit/mir_cookie.h>
  #endif /* MIR_CLIENT_LIBRARY_H */
 === added file 'include/client/mir_toolkit/mir_cookie.h'
 --- include/client/mir_toolkit/mir_cookie.h	1970-01-01 00:00:00 +0000
 +++ include/client/mir_toolkit/mir_cookie.h	2016-01-25 13:42:04 +0000
@@ -0,0 +1,71 @@
++/*
++* Copyright © 2016 Canonical Ltd.
++ *
++ * This program is free software: you can redistribute it and/or modify it
++ * under the terms of the GNU Lesser General Public License version 3,
++ * as published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ * Authored by: Brandon Schaefer <brandon.schaefer@canonical.com>
++ */
++
++#ifndef MIR_TOOLKIT_MIR_COOKIE_H_
++#define MIR_TOOLKIT_MIR_COOKIE_H_
++
++#include <stdint.h>
++
++#ifdef __cplusplus
++/**
++ * \addtogroup mir_toolkit
++ * @{
++ */
++extern "C" {
++#endif
++
++/* Queries the size needed to serialize a given cookie
++ *
++ * \params[in] cookie A cookie instance
++ * \return            The size of the serialized representation of the given cookie
++ */
++size_t mir_cookie_buffer_size(MirCookie const* cookie);
++
++/* Serializes a cookie into the given buffer
++ *
++ * \pre The size must be equal to mir_cookie_size
++ * \params[in] cookie A cookie instance
++ * \params[in] buffer A buffer which is filled with the serialized representation
++                      of the given cookie
++ * \params[in] size   The size of the given buffer
++ */
++void mir_cookie_to_buffer(MirCookie const* cookie, void* buffer, size_t size);
++
++/* Create a cookie from a serialized representation
++ *
++ * \params[in] buffer The buffer containing a serialized cookie.
++ *                    The buffer may be freed immediately after this call.
++ * \return            A MirCookie instance. The instance must be released
++ *                    with a call to mir_cookie_release.
++ *                    NULL will be returned if the buffer and size don't describe
++ *                    the contents of a MirCookie.
++ */
++MirCookie const* mir_cookie_from_buffer(void const* buffer, size_t size);
++
++/* Release the MirCookie
++ *
++ * \params[in] cookie The cookie to release
++ */
++void mir_cookie_release(MirCookie const* cookie);
++
++#ifdef __cplusplus
++}
++/**@}*/
++#endif
++
++#endif // MIR_TOOLKIT_MIR_COOKIE_H_
 === modified file 'include/client/mir_toolkit/mir_surface.h'
 --- include/client/mir_toolkit/mir_surface.h	2016-01-20 23:59:18 +0000
 +++ include/client/mir_toolkit/mir_surface.h	2016-01-25 13:42:04 +0000
@@ -756,6 +756,15 @@
   */
  MirPersistentId* mir_persistent_id_from_string(char const* string_representation);
++/*
++* Attempts to raise the surface to the front.
++*
++* \param [in] surface The surface to raise
++* \param [in] cookie  A cookie instance obtained from an input event.
++*                     An invalid cookie will terminate the client connection.
++*/
++void mir_surface_raise(MirSurface* surface, MirCookie const* cookie);
++
  #ifdef __cplusplus
+ }
  /**@}*/
 === added directory 'include/cookie/mir/cookie'
 === renamed file 'include/cookie/mir/cookie_factory.h' => 'include/cookie/mir/cookie/authority.h'
 --- include/cookie/mir/cookie_factory.h	2016-01-20 23:59:18 +0000
 +++ include/cookie/mir/cookie/authority.h	2016-01-25 13:42:04 +0000
@@ -1,5 +1,5 @@
  /*
-- * Copyright © 2015 Canonical Ltd.
++ * Copyright © 2015-2016 Canonical Ltd.
+  *
   * This program is free software: you can redistribute it and/or modify
   * it under the terms of the GNU General Public License version 3 as
@@ -14,22 +14,29 @@
   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+  *
   * Authored by: Christopher James Halse Rogers <christopher.halse.rogers@canonical.com>
++ *              Brandon Schaefer <brandon.schaefer@canonical.com>
   */
--#ifndef MIR_COOKIE_COOKIE_FACTORY_H_
--#define MIR_COOKIE_COOKIE_FACTORY_H_
--
--#include "mir_toolkit/cookie.h"
++#ifndef MIR_COOKIE_AUTHORITY_H_
++#define MIR_COOKIE_AUTHORITY_H_
  #include <memory>
++#include <stdexcept>
  #include <vector>
++#include "mir/cookie/cookie.h"
++
  namespace mir
+ {
  namespace cookie
+ {
  using Secret = std::vector<uint8_t>;
++struct SecurityCheckError : std::runtime_error
++{
++    SecurityCheckError();
++};
++
  /**
   * \brief A source of moderately-difficult-to-spoof cookies.
+  *
@@ -41,7 +48,7 @@
   * to attempt to bypass focus stealing prevention.
+  *
   */
--class CookieFactory
++class Authority
+ {
  public:
      /**
@@ -54,60 +61,60 @@
      static size_t optimal_secret_size();
      /**
--    *   Construction function used to create a CookieFactory. The secret size must be
++    *   Construction function used to create an Authority. The secret size must be
      *   no less then minimum_secret_size otherwise an exception will be thrown
+     *
--    *   \param [in] secret  A filled in secret used to set the key for the hash function
--    *   \return             A unique_ptr CookieFactory
++    *   \param [in] secret  A secret used to set the key for the hash function
++    *   \return             An Authority
      */
--    static std::unique_ptr<CookieFactory> create_from_secret(Secret const& secret);
++    static std::unique_ptr<Authority> create_from(Secret const& secret);
      /**
--    *   Construction function used to create a CookieFactory as well as a secret.
++    *   Construction function used to create an Authority as well as a secret.
+     *
      *   \param [out] save_secret  The secret that was created.
--    *   \return                   A unique_ptr CookieFactory
--    */
--    static std::unique_ptr<CookieFactory> create_saving_secret(Secret& save_secret);
--
--    /**
--    *   Construction function used to create a CookieFactory and a secret which it keeps internally.
--    *
--    *   \return                   A unique_ptr CookieFactory
--    */
--    static std::unique_ptr<CookieFactory> create_keeping_secret();
--
--    CookieFactory(CookieFactory const& factory) = delete;
--    CookieFactory& operator=(CookieFactory const& factory) = delete;
--    virtual ~CookieFactory() noexcept = default;
--
--    /**
--    *   Turns a timestamp into a MAC and returns a MirCookie.
--    *
--    *   \param [in] timestamp The timestamp
--    *   \return               MirCookie with the stored MAC and timestamp
--    */
--    virtual MirCookie timestamp_to_cookie(uint64_t const& timestamp) = 0;
--
--    /**
--    *   Checks that a MirCookie is a valid MirCookie.
--    *
--    *   \param [in] cookie  A created MirCookie
--    *   \return             True when the MirCookie is valid, False when the MirCookie is not valid
--    */
--    virtual bool attest_timestamp(MirCookie const& cookie) = 0;
--
--    /**
--     * Absolute minimum size of secret key the CookieFactory will accept.
--     *
--     * Code should be using optimum_secret_size(); this minimum size is provided
--     * as a user convenience to guard against catastrophically bad initialisation.
--     */
++    *   \return                   An Authority
++    */
++    static std::unique_ptr<Authority> create_saving(Secret& save_secret);
++
++    /**
++    *   Construction function used to create an Authority and a secret which it keeps internally.
++    *
++    *   \return                   An Authority
++    */
++    static std::unique_ptr<Authority> create();
++
++    Authority(Authority const& authority) = delete;
++    Authority& operator=(Authority const& authority) = delete;
++    virtual ~Authority() noexcept = default;
++
++    /**
++    * Creates a cookie from a timestamp.
++    *
++    * \param [in] timestamp A timestamp
++    * \return               A cookie instance
++    */
++    virtual std::unique_ptr<Cookie> make_cookie(uint64_t const& timestamp) = 0;
++
++    /**
++    * Creates a cookie from a serialized representation
++    *
++    * \param [in] blob A blob of bytes representing a serialized cookie
++    * \return          A cookie instance
++    */
++    virtual std::unique_ptr<Cookie> make_cookie(std::vector<uint8_t> const& raw_cookie) = 0;
++
++    /**
++    * Absolute minimum size of secret key the Authority will accept.
++    *
++    * Code should be using optimum_secret_size(); this minimum size is provided
++    * as a user convenience to guard against catastrophically bad initialisation.
++    */
      static unsigned const minimum_secret_size = 8;
  protected:
--    CookieFactory() = default;
++    Authority() = default;
  };
+ }
+ }
--#endif // MIR_COOKIE_COOKIE_FACTORY_H_
++#endif // MIR_COOKIE_COOKIE_AUTHORITY_H_
 === added file 'include/cookie/mir/cookie/cookie.h'
 --- include/cookie/mir/cookie/cookie.h	1970-01-01 00:00:00 +0000
 +++ include/cookie/mir/cookie/cookie.h	2016-01-25 13:42:04 +0000
@@ -0,0 +1,57 @@
++/*
++ * Copyright © 2016 Canonical Ltd.
++ *
++ * This program is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 3 as
++ * published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ * Authored by: Brandon Schaefer <brandon.schaefer@canonical.com>
++ */
++
++#ifndef MIR_COOKIE_COOKIE_H_
++#define MIR_COOKIE_COOKIE_H_
++
++#include <stdint.h>
++#include <vector>
++
++namespace mir
++{
++namespace cookie
++{
++
++class Cookie
++{
++public:
++    Cookie() = default;
++    virtual ~Cookie() = default;
++
++    Cookie(Cookie const& cookie) = delete;
++    Cookie& operator=(Cookie const& cookie) = delete;
++
++    /**
++    *  Returns the timestamp that the cookie is built with
++    *
++    *  \return  The timestamp
++    */
++    virtual uint64_t timestamp() const = 0;
++
++    /**
++    *  Converts the cookie into a stream of bytes.
++    *
++    *  \return  The stream of bytes formatted
++    */
++    virtual std::vector<uint8_t> serialize() const = 0;
++};
++
++}
++}
++
++#endif // MIR_COOKIE_COOKIE_H_
 === removed directory 'include/cookie/mir_toolkit'
 === modified file 'include/server/mir/server.h'
 --- include/server/mir/server.h	2016-01-20 23:59:18 +0000
 +++ include/server/mir/server.h	2016-01-25 13:42:04 +0000
@@ -37,7 +37,7 @@
  namespace cookie
+ {
  using Secret = std::vector<uint8_t>;
--class CookieFactory;
++class Authority;
+ }
  namespace shell
+ {
@@ -86,11 +86,11 @@
      /// This must remain valid while apply_settings() and run() are called.
      void set_command_line(int argc, char const* argv[]);
--    /// Sets an override functor for creating the cookie factory.
++    /// Sets an override functor for creating the cookie authority.
      /// A secret can be saved and any process this secret is shared
      /// with can verify Mir-generated cookies, or produce their own.
--    void override_the_cookie_factory(
--        std::function<std::shared_ptr<cookie::CookieFactory>()> const& cookie_factory_builder);
++    void override_the_cookie_authority(
++        std::function<std::shared_ptr<cookie::Authority>()> const& cookie_authority_builder);
      /// Applies any configuration options, hooks, or custom implementations.
      /// Must be called before calling run() or accessing any mir subsystems.
 === modified file 'include/server/mir/shell/abstract_shell.h'
 --- include/server/mir/shell/abstract_shell.h	2016-01-20 23:59:18 +0000
 +++ include/server/mir/shell/abstract_shell.h	2016-01-25 13:42:04 +0000
@@ -71,7 +71,7 @@
          std::shared_ptr<scene::Surface> const& surface,
          MirSurfaceAttrib attrib) override;
--    void raise_surface_with_timestamp(
++    void raise_surface(
          std::shared_ptr<scene::Session> const& session,
          std::shared_ptr<scene::Surface> const& surface,
          uint64_t timestamp) override;
 === modified file 'include/server/mir/shell/shell.h'
 --- include/server/mir/shell/shell.h	2016-01-20 23:59:18 +0000
 +++ include/server/mir/shell/shell.h	2016-01-25 13:42:04 +0000
@@ -95,7 +95,7 @@
          std::shared_ptr<scene::Surface> const& surface,
          MirSurfaceAttrib attrib) = 0;
--    virtual void raise_surface_with_timestamp(
++    virtual void raise_surface(
          std::shared_ptr<scene::Session> const& session,
          std::shared_ptr<scene::Surface> const& surface,
          uint64_t timestamp) = 0;
 === modified file 'include/server/mir/shell/shell_wrapper.h'
 --- include/server/mir/shell/shell_wrapper.h	2016-01-20 23:59:18 +0000
 +++ include/server/mir/shell/shell_wrapper.h	2016-01-25 13:42:04 +0000
@@ -80,7 +80,7 @@
          std::shared_ptr<scene::Surface> const& surface,
          MirSurfaceAttrib attrib) override;
--    void raise_surface_with_timestamp(
++    void raise_surface(
          std::shared_ptr<scene::Session> const& session,
          std::shared_ptr<scene::Surface> const& surface,
          uint64_t timestamp) override;
 === modified file 'src/client/CMakeLists.txt'
 --- src/client/CMakeLists.txt	2016-01-22 03:09:31 +0000
 +++ src/client/CMakeLists.txt	2016-01-25 13:42:04 +0000
@@ -20,9 +20,9 @@
  include_directories(
    ${PROTOBUF_INCLUDE_DIRS}
    ${CMAKE_CURRENT_BINARY_DIR}
--  ${PROJECT_SOURCE_DIR}/include/cookie
    ${PROJECT_SOURCE_DIR}/include/client
    ${PROJECT_SOURCE_DIR}/src/include/client
++  ${PROJECT_SOURCE_DIR}/src/include/cookie
    ${DRM_INCLUDE_DIRS}
+ )
@@ -49,6 +49,7 @@
    event.cpp
    event_printer.cpp
    mir_blob.cpp
++  mir_cookie.cpp
    mir_connection.cpp
    mir_connection_api.cpp
    mir_wait_handle.cpp
@@ -95,6 +96,7 @@
  set(LINKS
    mircommon
    mirprotobuf
++  mircookie
    ${XKBCOMMON_LIBRARIES}
+ )
 === modified file 'src/client/events/event_builders.cpp'
 --- src/client/events/event_builders.cpp	2016-01-23 03:16:06 +0000
 +++ src/client/events/event_builders.cpp	2016-01-25 13:42:04 +0000
@@ -24,11 +24,14 @@
  #include "mir/events/event_builders.h"
  #include "mir/events/event_private.h"
++#include "mir/cookie/blob.h"
  #include "mir/input/xkb_mapper.h"
  #include <string.h>
  #include <boost/throw_exception.hpp>
++
++#include <algorithm>
  #include <stdexcept>
  namespace mi = mir::input;
@@ -36,6 +39,25 @@
  namespace mev = mir::events;
  namespace geom = mir::geometry;
++namespace
++{
++    mir::cookie::Blob vector_to_cookie_as_blob(std::vector<uint8_t> const& vector)
++    {
++        mir::cookie::Blob blob{{}};
++
++        if (vector.size() > blob.size())
++        {
++            throw std::runtime_error("Vector size " + std::to_string(vector.size()) +
++                                     " is larger then array size: " +
++                                     std::to_string(blob.size()));
++        }
++
++        std::copy_n(vector.begin(), vector.size(), blob.begin());
++
++        return blob;
++    }
++}
++
  mir::EventUPtr mev::make_event(mf::SurfaceId const& surface_id, MirOrientation orientation)
+ {
      auto e = make_empty_event();
@@ -137,7 +159,7 @@
+ }
  mir::EventUPtr mev::make_event(MirInputDeviceId device_id, std::chrono::nanoseconds timestamp,
--    uint64_t mac, MirKeyboardAction action, xkb_keysym_t key_code,
++    std::vector<uint8_t> const& cookie, MirKeyboardAction action, xkb_keysym_t key_code,
      int scan_code, MirInputEventModifiers modifiers)
+ {
      auto e = make_empty_event();
@@ -147,7 +169,7 @@
      kev.device_id = device_id;
      kev.source_id = AINPUT_SOURCE_KEYBOARD;
      kev.event_time = timestamp;
--    kev.mac = mac;
++    kev.cookie = vector_to_cookie_as_blob(cookie);
      kev.action = action;
      kev.key_code = key_code;
      kev.scan_code = scan_code;
@@ -156,7 +178,6 @@
      return e;
+ }
--
  void mev::set_modifier(MirEvent& event, MirInputEventModifiers modifiers)
+ {
      switch(event.type)
@@ -199,16 +220,24 @@
      event.motion.buttons = button_state;
+ }
++// Deprecated version with uint64_t mac
++mir::EventUPtr mev::make_event(MirInputDeviceId device_id, std::chrono::nanoseconds timestamp,
++    uint64_t /*mac*/, MirKeyboardAction action, xkb_keysym_t key_code,
++    int scan_code, MirInputEventModifiers modifiers)
++{
++    return make_event(device_id, timestamp, std::vector<uint8_t>{}, action, key_code, scan_code, modifiers);
++}
++
  // Deprecated version without mac
  mir::EventUPtr mev::make_event(MirInputDeviceId device_id, std::chrono::nanoseconds timestamp,
      MirKeyboardAction action, xkb_keysym_t key_code,
      int scan_code, MirInputEventModifiers modifiers)
+ {
--    return make_event(device_id, timestamp, 0, action, key_code, scan_code, modifiers);
++    return make_event(device_id, timestamp, std::vector<uint8_t>{}, action, key_code, scan_code, modifiers);
+ }
  mir::EventUPtr mev::make_event(MirInputDeviceId device_id, std::chrono::nanoseconds timestamp,
--    uint64_t mac, MirInputEventModifiers modifiers)
++    std::vector<uint8_t> const& cookie, MirInputEventModifiers modifiers)
+ {
      auto e = make_empty_event();
@@ -216,18 +245,25 @@
      auto& mev = e->motion;
      mev.device_id = device_id;
      mev.event_time = timestamp;
--    mev.mac = mac;
++    mev.cookie = vector_to_cookie_as_blob(cookie);
      mev.modifiers = modifiers;
      mev.source_id = AINPUT_SOURCE_TOUCHSCREEN;
      return e;
+ }
++// Deprecated version with uint64_t mac
++mir::EventUPtr mev::make_event(MirInputDeviceId device_id, std::chrono::nanoseconds timestamp,
++    uint64_t /*mac*/, MirInputEventModifiers modifiers)
++{
++    return make_event(device_id, timestamp, std::vector<uint8_t>{}, modifiers);
++}
++
  // Deprecated version without mac
  mir::EventUPtr mev::make_event(MirInputDeviceId device_id, std::chrono::nanoseconds timestamp,
      MirInputEventModifiers modifiers)
+ {
--    return make_event(device_id, timestamp, 0, modifiers);
++    return make_event(device_id, timestamp, std::vector<uint8_t>{}, modifiers);
+ }
  void mev::add_touch(MirEvent &event, MirTouchId touch_id, MirTouchAction action,
@@ -248,7 +284,7 @@
+ }
  mir::EventUPtr mev::make_event(MirInputDeviceId device_id, std::chrono::nanoseconds timestamp,
--    uint64_t mac, MirInputEventModifiers modifiers, MirPointerAction action,
++    std::vector<uint8_t> const& cookie, MirInputEventModifiers modifiers, MirPointerAction action,
      MirPointerButtons buttons_pressed,
      float x_axis_value, float y_axis_value,
      float hscroll_value, float vscroll_value,
@@ -260,7 +296,7 @@
      auto& mev = e->motion;
      mev.device_id = device_id;
      mev.event_time = timestamp;
--    mev.mac = mac;
++    mev.cookie = vector_to_cookie_as_blob(cookie);
      mev.modifiers = modifiers;
      mev.source_id = AINPUT_SOURCE_MOUSE;
      mev.buttons = buttons_pressed;
@@ -278,6 +314,19 @@
      return e;
+ }
++// Deprecated version with uint64_t mac
++mir::EventUPtr mev::make_event(MirInputDeviceId device_id, std::chrono::nanoseconds timestamp,
++    uint64_t /*mac*/, MirInputEventModifiers modifiers, MirPointerAction action,
++    MirPointerButtons buttons_pressed,
++    float x_axis_value, float y_axis_value,
++    float hscroll_value, float vscroll_value,
++    float relative_x_value, float relative_y_value)
++{
++    return make_event(device_id, timestamp, std::vector<uint8_t>{}, modifiers, action,
++                      buttons_pressed, x_axis_value, y_axis_value, hscroll_value,
++                      vscroll_value, relative_x_value, relative_y_value);
++}
++
  // Deprecated version without mac
  mir::EventUPtr mev::make_event(MirInputDeviceId device_id, std::chrono::nanoseconds timestamp,
      MirInputEventModifiers modifiers, MirPointerAction action,
@@ -286,19 +335,19 @@
      float hscroll_value, float vscroll_value,
      float relative_x_value, float relative_y_value)
+ {
--    return make_event(device_id, timestamp, 0, modifiers, action,
++    return make_event(device_id, timestamp, std::vector<uint8_t>{}, modifiers, action,
                        buttons_pressed, x_axis_value, y_axis_value, hscroll_value,
                        vscroll_value, relative_x_value, relative_y_value);
+ }
  // Deprecated version without relative axis
  mir::EventUPtr mev::make_event(MirInputDeviceId device_id, std::chrono::nanoseconds timestamp,
--    uint64_t mac, MirInputEventModifiers modifiers, MirPointerAction action,
++    uint64_t /*mac*/, MirInputEventModifiers modifiers, MirPointerAction action,
      MirPointerButtons buttons_pressed,
      float x_axis_value, float y_axis_value,
      float hscroll_value, float vscroll_value)
+ {
--    return make_event(device_id, timestamp, mac, modifiers, action, buttons_pressed,
++    return make_event(device_id, timestamp, std::vector<uint8_t>{}, modifiers, action, buttons_pressed,
                        x_axis_value, y_axis_value, hscroll_value, vscroll_value, 0, 0);
+ }
@@ -309,7 +358,7 @@
      float x_axis_value, float y_axis_value,
      float hscroll_value, float vscroll_value)
+ {
--    return make_event(device_id, timestamp, 0, modifiers, action, buttons_pressed,
++    return make_event(device_id, timestamp, std::vector<uint8_t>{}, modifiers, action, buttons_pressed,
                        x_axis_value, y_axis_value, hscroll_value, vscroll_value, 0, 0);
+ }
 === modified file 'src/client/input/android/android_input_lexicon.cpp'
 --- src/client/input/android/android_input_lexicon.cpp	2016-01-20 23:59:18 +0000
 +++ src/client/input/android/android_input_lexicon.cpp	2016-01-25 13:42:04 +0000
@@ -20,6 +20,7 @@
  #include "mir/input/android/android_input_lexicon.h"
  #include "mir/input/android/event_conversion_helpers.h"
  #include "mir/events/event_builders.h"
++#include "mir/cookie/blob.h"
  #include <androidfw/Input.h>
@@ -38,9 +39,10 @@
          case AINPUT_EVENT_TYPE_KEY:
+         {
              auto kev = static_cast<const droidinput::KeyEvent*>(android_event);
++            auto const cookie = kev->getCookieAsBlob();
              return mev::make_event(MirInputDeviceId(android_event->getDeviceId()),
                                     kev->getEventTime(),
--                                   kev->getMac(),
++                                   {std::begin(cookie), std::end(cookie)},
                                     mia::mir_keyboard_action_from_android(kev->getAction(), kev->getRepeatCount()),
                                     kev->getKeyCode(),
                                     kev->getScanCode(),
@@ -51,9 +53,10 @@
              if (mia::android_source_id_is_pointer_device(android_event->getSource()))
+             {
                  auto mev = static_cast<const droidinput::MotionEvent*>(android_event);
++                auto const cookie = mev->getCookieAsBlob();
                  return mev::make_event(MirInputDeviceId(android_event->getDeviceId()),
                                         mev->getEventTime(),
--                                       mev->getMac(),
++                                       {std::begin(cookie), std::end(cookie)},
                                         mia::mir_modifiers_from_android(mev->getMetaState()),
                                         mia::mir_pointer_action_from_masked_android(mev->getAction() & AMOTION_EVENT_ACTION_MASK),
                                         mia::mir_pointer_buttons_from_android(mev->getButtonState()),
@@ -66,9 +69,10 @@
              else
+             {
                  auto mev = static_cast<const droidinput::MotionEvent*>(android_event);
++                auto const cookie = mev->getCookieAsBlob();
                  auto ev = mev::make_event(MirInputDeviceId(android_event->getDeviceId()),
                                            mev->getEventTime(),
--                                          mev->getMac(),
++                                          {std::begin(cookie), std::end(cookie)},
                                            mia::mir_modifiers_from_android(mev->getMetaState()));
                  auto action = mev->getAction();
                  size_t index_with_action = (action & AMOTION_EVENT_ACTION_POINTER_INDEX_MASK) >> AMOTION_EVENT_ACTION_POINTER_INDEX_SHIFT;
 === modified file 'src/client/input/input_event.cpp'
 --- src/client/input/input_event.cpp	2016-01-20 23:59:18 +0000
 +++ src/client/input/input_event.cpp	2016-01-25 13:42:04 +0000
@@ -1,5 +1,5 @@
  /*
-- * Copyright © 2014 Canonical Ltd.
++ * Copyright © 2014-2016 Canonical Ltd.
+  *
   * This program is free software: you can redistribute it and/or modify it
   * under the terms of the GNU Lesser General Public License version 3,
@@ -18,9 +18,16 @@
  #define MIR_LOG_COMPONENT "input-event-access"
++#include "mir/cookie/cookie.h"
  #include "mir/event_type_to_string.h"
  #include "mir/events/event_private.h"
  #include "mir/log.h"
++#include "mir/require.h"
++#include "mir_toolkit/mir_cookie.h"
++
++#include "../mir_cookie.h"
++
++#include <string.h>
  namespace ml = mir::logging;
@@ -395,3 +402,92 @@
         abort();
+    }
+ }
++
++bool mir_input_event_has_cookie(MirInputEvent const* ev)
++{
++    switch (mir_input_event_get_type(ev))
++    {
++        case mir_input_event_type_key:
++            return true;
++        case mir_input_event_type_pointer:
++        {
++            auto const pev = mir_input_event_get_pointer_event(ev);
++            auto const pev_action = mir_pointer_event_action(pev);
++            return (pev_action == mir_pointer_action_button_up ||
++                    pev_action == mir_pointer_action_button_down);
++        }
++        case mir_input_event_type_touch:
++        {
++            auto const tev = mir_input_event_get_touch_event(ev);
++            auto const point_count = mir_touch_event_point_count(tev);
++            for (size_t i = 0; i < point_count; i++)
++            {
++                auto const tev_action = mir_touch_event_action(tev, i);
++                if (tev_action == mir_touch_action_up ||
++                    tev_action == mir_touch_action_down)
++                {
++                    return true;
++                }
++            }
++            break;
++        }
++    }
++
++    return false;
++}
++
++size_t mir_cookie_buffer_size(MirCookie const* cookie) try
++{
++    return cookie->size();
++} catch (...)
++{
++    abort();
++}
++
++MirCookie const* mir_input_event_get_cookie(MirInputEvent const* iev) try
++{
++    auto const ev = old_ev_from_new(iev);
++
++    switch (ev->type)
++    {
++    case mir_event_type_motion:
++        return new MirCookie(ev->motion.cookie);
++    case mir_event_type_key:
++        return new MirCookie(ev->key.cookie);
++    default:
++    {
++        mir::log_critical("expected a key or motion events, type was: " + mir::event_type_to_string(ev->type));
++        abort();
++    }
++    }
++} catch (...)
++{
++    abort();
++}
++
++void mir_cookie_to_buffer(MirCookie const* cookie, void* buffer, size_t size) try
++{
++    return cookie->copy_to(buffer, size);
++} catch (...)
++{
++    abort();
++}
++
++MirCookie const* mir_cookie_from_buffer(void const* buffer, size_t size) try
++{
++    if (size != mir::cookie::default_blob_size)
++        return NULL;
++
++    return new MirCookie(buffer, size);
++} catch (...)
++{
++    abort();
++}
++
++void mir_cookie_release(MirCookie const* cookie) try
++{
++    delete cookie;
++} catch (...)
++{
++    abort();
++}
 === added file 'src/client/mir_cookie.cpp'
 --- src/client/mir_cookie.cpp	1970-01-01 00:00:00 +0000
 +++ src/client/mir_cookie.cpp	2016-01-25 13:42:04 +0000
@@ -0,0 +1,49 @@
++/*
++ * Copyright © 2016 Canonical Ltd.
++ *
++ * This program is free software: you can redistribute it and/or modify it
++ * under the terms of the GNU Lesser General Public License version 3,
++ * as published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ * Authored by: Brandon Schaefer <brandon.schaefer@canonical.com>
++ */
++
++#include "mir_cookie.h"
++
++#include "mir/require.h"
++
++#include <string.h>
++
++MirCookie::MirCookie(void const* buffer, size_t size)
++{
++    memcpy(blob_.data(), buffer, size);
++}
++
++MirCookie::MirCookie(mir::cookie::Blob const& blob) :
++    blob_(blob)
++{
++}
++
++void MirCookie::copy_to(void* buffer, size_t size) const
++{
++    mir::require(size == blob_.size());
++    memcpy(buffer, blob_.data(), size);
++}
++
++size_t MirCookie::size() const
++{
++    return blob_.size();
++}
++
++mir::cookie::Blob MirCookie::blob() const
++{
++    return blob_;
++}
 === added file 'src/client/mir_cookie.h'
 --- src/client/mir_cookie.h	1970-01-01 00:00:00 +0000
 +++ src/client/mir_cookie.h	2016-01-25 13:42:04 +0000
@@ -0,0 +1,40 @@
++/*
++ * Copyright © 2016 Canonical Ltd.
++ *
++ * This program is free software: you can redistribute it and/or modify it
++ * under the terms of the GNU Lesser General Public License version 3,
++ * as published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ * Authored by: Brandon Schaefer <brandon.schaefer@canonical.com>
++ */
++
++
++#ifndef MIR_CLIENT_MIR_COOKIE_H_
++#define MIR_CLIENT_MIR_COOKIE_H_
++
++#include "mir/cookie/blob.h"
++
++class MirCookie
++{
++public:
++    explicit MirCookie(void const* buffer, size_t size);
++    explicit MirCookie(mir::cookie::Blob const& blob);
++
++    void copy_to(void* buffer, size_t size) const;
++    size_t size() const;
++
++    mir::cookie::Blob blob() const;
++
++private:
++    mir::cookie::Blob blob_;
++};
++
++#endif // MIR_CLIENT_MIR_COOKIE_H_
 === modified file 'src/client/mir_surface.cpp'
 --- src/client/mir_surface.cpp	2016-01-23 03:16:06 +0000
 +++ src/client/mir_surface.cpp	2016-01-25 13:42:04 +0000
@@ -29,7 +29,8 @@
  #include "mir/dispatch/threaded_dispatcher.h"
  #include "mir/input/input_platform.h"
  #include "mir/input/xkb_mapper.h"
--#include "mir_toolkit/cookie.h"
++#include "mir/cookie/cookie.h"
++#include "mir_cookie.h"
  #include <cassert>
  #include <unistd.h>
@@ -485,7 +486,7 @@
      return configure(mir_surface_attrib_preferred_orientation, mode);
+ }
--void MirSurface::raise_surface_with_cookie(MirCookie const& cookie)
++void MirSurface::raise_surface(MirCookie const* cookie)
+ {
      mp::RaiseRequest raise_request;
@@ -494,10 +495,9 @@
      auto const event_cookie = raise_request.mutable_cookie();
--    event_cookie->set_timestamp(cookie.timestamp);
--    event_cookie->set_mac(cookie.mac);
++    event_cookie->set_cookie(cookie->blob().data(), cookie->size());
--    server->raise_surface_with_cookie(
++    server->raise_surface(
          &raise_request,
          void_response.get(),
          google::protobuf::NewCallback(google::protobuf::DoNothing));
 === modified file 'src/client/mir_surface.h'
 --- src/client/mir_surface.h	2016-01-20 23:59:18 +0000
 +++ src/client/mir_surface.h	2016-01-25 13:42:04 +0000
@@ -31,7 +31,6 @@
  #include "mir_toolkit/common.h"
  #include "mir_toolkit/mir_client_library.h"
  #include "mir/graphics/native_buffer.h"
--#include "mir/cookie_factory.h"
  #include <memory>
  #include <functional>
@@ -175,7 +174,7 @@
      MirOrientation get_orientation() const;
      MirWaitHandle* set_preferred_orientation(MirOrientationMode mode);
--    void raise_surface_with_cookie(MirCookie const& cookie);
++    void raise_surface(MirCookie const* cookie);
      MirWaitHandle* configure_cursor(MirCursorConfiguration const* cursor);
 === modified file 'src/client/mir_surface_api.cpp'
 --- src/client/mir_surface_api.cpp	2016-01-20 23:59:18 +0000
 +++ src/client/mir_surface_api.cpp	2016-01-25 13:42:04 +0000
@@ -20,7 +20,6 @@
  #include "mir_toolkit/mir_surface.h"
  #include "mir_toolkit/mir_wait.h"
--#include "mir_toolkit/cookie.h"
  #include "mir/require.h"
  #include "mir_connection.h"
@@ -486,13 +485,13 @@
      return result;
+ }
--void mir_surface_raise_with_cookie(MirSurface* surf, MirCookie const cookie)
++void mir_surface_raise(MirSurface* surf, MirCookie const* cookie)
+ {
      mir::require(mir_surface_is_valid(surf));
      try
+     {
--        surf->raise_surface_with_cookie(cookie);
++        surf->raise_surface(cookie);
+     }
      catch (std::exception const& ex)
+     {
 === modified file 'src/client/rpc/mir_display_server.cpp'
 --- src/client/rpc/mir_display_server.cpp	2016-01-20 23:59:18 +0000
 +++ src/client/rpc/mir_display_server.cpp	2016-01-25 13:42:04 +0000
@@ -210,7 +210,7 @@
+ {
      channel->call_method(std::string(__func__), request, response, done);
+ }
--void mclr::DisplayServer::raise_surface_with_cookie(
++void mclr::DisplayServer::raise_surface(
      mir::protobuf::RaiseRequest const* request,
      mir::protobuf::Void* response,
      google::protobuf::Closure* done)
 === modified file 'src/client/rpc/mir_display_server.h'
 --- src/client/rpc/mir_display_server.h	2016-01-20 23:59:18 +0000
 +++ src/client/rpc/mir_display_server.h	2016-01-25 13:42:04 +0000
@@ -139,7 +139,7 @@
          mir::protobuf::StreamConfiguration const* request,
          mir::protobuf::Void* response,
          google::protobuf::Closure* done) override;
--    void raise_surface_with_cookie(
++    void raise_surface(
          mir::protobuf::RaiseRequest const* request,
          mir::protobuf::Void* response,
          google::protobuf::Closure* done) override;
 === modified file 'src/client/symbols.map'
 --- src/client/symbols.map	2016-01-23 03:16:06 +0000
 +++ src/client/symbols.map	2016-01-25 13:42:04 +0000
@@ -210,6 +210,13 @@
  MIR_CLIENT_unreleased {
    global:
      mir_connection_get_graphics_module;
++    mir_surface_raise;
++    mir_input_event_has_cookie;
++    mir_cookie_buffer_size;
++    mir_input_event_get_cookie;
++    mir_cookie_to_buffer;
++    mir_cookie_from_buffer;
++    mir_cookie_release;
      mir_keymap_event_get_keymap_buffer;
      mir_keymap_event_get_device_id;
    local:
 === modified file 'src/cookie/CMakeLists.txt'
 --- src/cookie/CMakeLists.txt	2016-01-22 03:09:31 +0000
 +++ src/cookie/CMakeLists.txt	2016-01-25 13:42:04 +0000
@@ -12,17 +12,19 @@
+ )
  include_directories(
++  ${PROJECT_SOURCE_DIR}/src/include/cookie
    ${PROJECT_SOURCE_DIR}/include/cookie
    ${NETTLE_INCLUDE_DIRS}
+ )
--set(MIRCOOKIE_ABI 1)
++set(MIRCOOKIE_ABI 2)
  set(symbol_map ${CMAKE_SOURCE_DIR}/src/cookie/symbols.map)
  mir_add_library_with_symbols(mircookie SHARED
    ${symbol_map}
--  cookie_factory.cpp
++  authority.cpp
++  hmac_cookie.cpp
+ )
  set_target_properties(mircookie
@@ -41,7 +43,7 @@
    ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
  install(
--  DIRECTORY ${CMAKE_SOURCE_DIR}/include/cookie/mir ${CMAKE_SOURCE_DIR}/include/cookie/mir_toolkit
++  DIRECTORY ${CMAKE_SOURCE_DIR}/include/cookie/mir
    DESTINATION "include/mircookie"
+ )
 === renamed file 'src/cookie/cookie_factory.cpp' => 'src/cookie/authority.cpp'
 --- src/cookie/cookie_factory.cpp	2016-01-20 23:59:18 +0000
 +++ src/cookie/authority.cpp	2016-01-25 13:42:04 +0000
@@ -1,5 +1,5 @@
  /*
-- * Copyright © 2015 Canonical Ltd.
++ * Copyright © 2015-2016 Canonical Ltd.
+  *
   * This program is free software: you can redistribute it and/or modify
   * it under the terms of the GNU General Public License version 3 as
@@ -14,9 +14,13 @@
   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+  *
   * Authored by: Christopher James Halse Rogers <christopher.halse.rogers@canonical.com>
++ *              Brandon Schaefer <brandon.schaefer@canonical.com>
   */
--#include "mir/cookie_factory.h"
++#include "mir/cookie/authority.h"
++#include "mir/cookie/blob.h"
++#include "hmac_cookie.h"
++#include "format.h"
  #include <algorithm>
  #include <random>
@@ -29,6 +33,7 @@
  #include <sys/stat.h>
  #include <fcntl.h>
  #include <sys/select.h>
++#include <string.h>
  #include <boost/throw_exception.hpp>
@@ -37,6 +42,19 @@
  std::string const random_device_path{"/dev/random"};
  std::string const urandom_device_path{"/dev/urandom"};
  int const wait_seconds{30};
++
++size_t cookie_size_from_format(mir::cookie::Format const& format)
++{
++    switch (format)
++    {
++        case mir::cookie::Format::hmac_sha_1_8:
++            return mir::cookie::default_blob_size;
++        default:
++            break;
++    }
++
++    return 0;
++}
+ }
  static mir::cookie::Secret get_random_data(unsigned size)
@@ -94,10 +112,15 @@
      return buffer;
+ }
--class CookieFactoryNettle : public mir::cookie::CookieFactory
++mir::cookie::SecurityCheckError::SecurityCheckError() :
++    runtime_error("Invalid Cookie")
++{
++}
++
++class AuthorityNettle : public mir::cookie::Authority
+ {
  public:
--    CookieFactoryNettle(mir::cookie::Secret const& secret)
++    AuthorityNettle(mir::cookie::Secret const& secret)
+     {
          if (secret.size() < minimum_secret_size)
              BOOST_THROW_EXCEPTION(std::logic_error("Secret size " + std::to_string(secret.size()) + " is to small, require " +
@@ -106,41 +129,83 @@
          hmac_sha1_set_key(&ctx, secret.size(), secret.data());
+     }
--    virtual ~CookieFactoryNettle() noexcept = default;
--
--    MirCookie timestamp_to_cookie(uint64_t const& timestamp) override
--    {
--        MirCookie cookie { timestamp, 0 };
--        calculate_mac(cookie);
++    virtual ~AuthorityNettle() noexcept = default;
++
++
++    std::unique_ptr<mir::cookie::Cookie> make_cookie(uint64_t const& timestamp) override
++    {
++        return std::make_unique<mir::cookie::HMACCookie>(timestamp, calculate_cookie(timestamp), mir::cookie::Format::hmac_sha_1_8);
++    }
++
++    std::unique_ptr<mir::cookie::Cookie> make_cookie(std::vector<uint8_t> const& raw_cookie) override
++    {
++        /*
++        SHA_1 Format:
++        1 byte  = FORMAT
++        8 btyes = TIMESTAMP
++        8 BYTES = MAC
++        */
++
++        if (raw_cookie.size() != cookie_size_from_format(mir::cookie::Format::hmac_sha_1_8))
++        {
++           BOOST_THROW_EXCEPTION(mir::cookie::SecurityCheckError());
++        }
++
++        mir::cookie::Format format = static_cast<mir::cookie::Format>(raw_cookie[0]);
++        if (format != mir::cookie::Format::hmac_sha_1_8)
++        {
++            BOOST_THROW_EXCEPTION(mir::cookie::SecurityCheckError());
++        }
++
++        uint64_t timestamp = 0;
++
++        auto ptr = raw_cookie.data();
++        ptr++;
++
++        memcpy(&timestamp, ptr, 8);
++        ptr += sizeof(timestamp);
++
++        // FIXME Soon to be 20 bytes
++        std::vector<uint8_t> mac(8);
++        memcpy(mac.data(), ptr, mac.size());
++
++        std::unique_ptr<mir::cookie::Cookie> cookie =
++            std::make_unique<mir::cookie::HMACCookie>(timestamp, mac, mir::cookie::Format::hmac_sha_1_8);
++
++        if (!verify_cookie(timestamp, cookie))
++        {
++            BOOST_THROW_EXCEPTION(mir::cookie::SecurityCheckError());
++        }
++
          return cookie;
+     }
--    bool attest_timestamp(MirCookie const& cookie) override
--    {
--        return verify_mac(cookie);
--    }
--
  private:
--    void calculate_mac(MirCookie& cookie)
++    std::vector<uint8_t> calculate_cookie(uint64_t const& timestamp)
+     {
--        hmac_sha1_update(&ctx, sizeof(cookie.timestamp), reinterpret_cast<uint8_t*>(&cookie.timestamp));
--        hmac_sha1_digest(&ctx, sizeof(cookie.mac), reinterpret_cast<uint8_t*>(&cookie.mac));
++        // FIXME Soon to change to 160bits, for now uint64_t
++        std::vector<uint8_t> mac(sizeof(uint64_t));
++        hmac_sha1_update(&ctx, sizeof(timestamp), reinterpret_cast<uint8_t const*>(&timestamp));
++        hmac_sha1_digest(&ctx, sizeof(uint64_t), reinterpret_cast<uint8_t*>(mac.data()));
++
++        return mac;
+     }
--    bool verify_mac(MirCookie const& cookie)
++    bool verify_cookie(uint64_t const& timestamp, std::unique_ptr<mir::cookie::Cookie> const& cookie)
+     {
--        decltype(cookie.mac) calculated_mac;
--        uint8_t* message = reinterpret_cast<uint8_t*>(const_cast<decltype(cookie.timestamp)*>(&cookie.timestamp));
--        hmac_sha1_update(&ctx, sizeof(cookie.timestamp), message);
--        hmac_sha1_digest(&ctx, sizeof(calculated_mac), reinterpret_cast<uint8_t*>(&calculated_mac));
--
--        return calculated_mac == cookie.mac;
++        auto const calculated_cookie = make_cookie(timestamp);
++
++        auto const this_stream  = cookie->serialize();
++        auto const other_stream = calculated_cookie->serialize();
++
++        // FIXME Need to do a constant memcmp here!
++        return std::equal(std::begin(this_stream), std::end(this_stream), std::begin(other_stream));
+     }
      struct hmac_sha1_ctx ctx;
  };
--size_t mir::cookie::CookieFactory::optimal_secret_size()
++size_t mir::cookie::Authority::optimal_secret_size()
+ {
      // Secret keys smaller than this are internally zero-extended to this size.
      // Secret keys larger than this are internally hashed to this size.
@@ -148,19 +213,19 @@
      return hmac_sha1_block_size;
+ }
--std::unique_ptr<mir::cookie::CookieFactory> mir::cookie::CookieFactory::create_from_secret(mir::cookie::Secret const& secret)
++std::unique_ptr<mir::cookie::Authority> mir::cookie::Authority::create_from(mir::cookie::Secret const& secret)
+ {
--  return std::make_unique<CookieFactoryNettle>(secret);
++  return std::make_unique<AuthorityNettle>(secret);
+ }
--std::unique_ptr<mir::cookie::CookieFactory> mir::cookie::CookieFactory::create_saving_secret(mir::cookie::Secret& save_secret)
++std::unique_ptr<mir::cookie::Authority> mir::cookie::Authority::create_saving(mir::cookie::Secret& save_secret)
+ {
    save_secret = get_random_data(optimal_secret_size());
--  return std::make_unique<CookieFactoryNettle>(save_secret);
++  return std::make_unique<AuthorityNettle>(save_secret);
+ }
--std::unique_ptr<mir::cookie::CookieFactory> mir::cookie::CookieFactory::create_keeping_secret()
++std::unique_ptr<mir::cookie::Authority> mir::cookie::Authority::create()
+ {
    auto secret = get_random_data(optimal_secret_size());
--  return std::make_unique<CookieFactoryNettle>(secret);
++  return std::make_unique<AuthorityNettle>(secret);
+ }
 === added file 'src/cookie/format.h'
 --- src/cookie/format.h	1970-01-01 00:00:00 +0000
 +++ src/cookie/format.h	2016-01-25 13:42:04 +0000
@@ -0,0 +1,35 @@
++/*
++ * Copyright © 2016 Canonical Ltd.
++ *
++ * This program is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 3 as
++ * published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ * Authored by: Brandon Schaefer <brandon.schaefer@canonical.com>
++ */
++
++#ifndef MIR_COOKIE_COOKIE_FORMAT_H_
++#define MIR_COOKIE_COOKIE_FORMAT_H_
++
++#include <stdint.h>
++
++namespace mir
++{
++namespace cookie
++{
++enum class Format : uint8_t
++{
++    hmac_sha_1_8,
++};
++}
++}
++
++#endif // MIR_COOKIE_COOKIE_FORMAT_H_
 === added file 'src/cookie/hmac_cookie.cpp'
 --- src/cookie/hmac_cookie.cpp	1970-01-01 00:00:00 +0000
 +++ src/cookie/hmac_cookie.cpp	2016-01-25 13:42:04 +0000
@@ -0,0 +1,53 @@
++/*
++ * Copyright © 2016 Canonical Ltd.
++ *
++ * This program is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 3 as
++ * published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ * Authored by: Brandon Schaefer <brandon.schaefer@canonical.com>
++ */
++
++#include "hmac_cookie.h"
++
++#include <string.h>
++
++mir::cookie::HMACCookie::HMACCookie(uint64_t const& timestamp,
++                                    std::vector<uint8_t> const& mac,
++                                    mir::cookie::Format const& format) :
++    timestamp_(timestamp),
++    mac_(mac),
++    format_(format)
++{
++}
++
++uint64_t mir::cookie::HMACCookie::timestamp() const
++{
++    return timestamp_;
++}
++
++std::vector<uint8_t> mir::cookie::HMACCookie::serialize() const
++{
++    std::vector<uint8_t> serialized_cookie(sizeof(format_) + sizeof(timestamp_) + mac_.size());
++
++    auto cookie_ptr = serialized_cookie.data();
++
++    cookie_ptr[0] = static_cast<uint8_t>(format_);
++    cookie_ptr += sizeof(format_);
++
++    auto timestamp_ptr = reinterpret_cast<uint8_t const*>(&timestamp_);
++    memcpy(cookie_ptr, timestamp_ptr, sizeof(timestamp_));
++    cookie_ptr += sizeof(timestamp_);
++
++    memcpy(cookie_ptr, mac_.data(), mac_.size());
++
++    return serialized_cookie;
++}
 === added file 'src/cookie/hmac_cookie.h'
 --- src/cookie/hmac_cookie.h	1970-01-01 00:00:00 +0000
 +++ src/cookie/hmac_cookie.h	2016-01-25 13:42:04 +0000
@@ -0,0 +1,51 @@
++/*
++ * Copyright © 2016 Canonical Ltd.
++ *
++ * This program is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 3 as
++ * published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ * Authored by: Brandon Schaefer <brandon.schaefer@canonical.com>
++ */
++
++#ifndef MIR_COOKIE_HMAC_COOKIE_H_
++#define MIR_COOKIE_HMAC_COOKIE_H_
++
++#include "mir/cookie/cookie.h"
++#include "format.h"
++
++namespace mir
++{
++namespace cookie
++{
++
++class HMACCookie : public mir::cookie::Cookie
++{
++public:
++    HMACCookie() = delete;
++
++    explicit HMACCookie(uint64_t const& timestamp,
++                        std::vector<uint8_t> const& mac,
++                        mir::cookie::Format const& format);
++
++    uint64_t timestamp() const override;
++    std::vector<uint8_t> serialize() const override;
++
++private:
++    uint64_t timestamp_;
++    std::vector<uint8_t> mac_;
++    mir::cookie::Format format_;
++};
++
++}
++}
++
++#endif // MIR_COOKIE_HMAC_COOKIE_H_
 === modified file 'src/cookie/symbols.map'
 --- src/cookie/symbols.map	2016-01-20 23:59:18 +0000
 +++ src/cookie/symbols.map	2016-01-25 13:42:04 +0000
@@ -1,10 +1,10 @@
--MIR_COOKIE_1 {
++MIR_COOKIE_2 {
   global:
    extern "C++" {
--    mir::cookie::CookieFactory::optimal_secret_size*;
--    mir::cookie::CookieFactory::create_from_secret*;
--    mir::cookie::CookieFactory::create_saving_secret*;
--    mir::cookie::CookieFactory::create_keeping_secret*;
++    mir::cookie::Authority::optimal_secret_size*;
++    mir::cookie::Authority::create_from*;
++    mir::cookie::Authority::create_saving*;
++    mir::cookie::Authority::create*;
    };
   local: *;
  };
 === modified file 'src/include/common/mir/events/event_private.h'
 --- src/include/common/mir/events/event_private.h	2016-01-23 03:16:06 +0000
 +++ src/include/common/mir/events/event_private.h	2016-01-25 13:42:04 +0000
@@ -29,10 +29,10 @@
  #include <stdint.h>
  #include "mir_toolkit/event.h"
  #include "mir_toolkit/common.h"
++#include "mir/cookie/blob.h"
  #include <xkbcommon/xkbcommon.h>
--#include <chrono>
--
++#include <array>
  #include <chrono>
  #ifdef __cplusplus
@@ -61,7 +61,7 @@
      int32_t scan_code;
      std::chrono::nanoseconds event_time;
--    uint64_t mac;
++    mir::cookie::Blob cookie;
  };
  typedef struct
@@ -99,7 +99,7 @@
      MirPointerButtons buttons;
      std::chrono::nanoseconds event_time;
--    uint64_t mac;
++    mir::cookie::Blob cookie;
      size_t pointer_count;
      MirMotionPointer pointer_coordinates[MIR_INPUT_EVENT_MAX_POINTER_COUNT];
 === modified file 'src/include/common/mir/protobuf/display_server.h'
 --- src/include/common/mir/protobuf/display_server.h	2016-01-20 23:59:18 +0000
 +++ src/include/common/mir/protobuf/display_server.h	2016-01-25 13:42:04 +0000
@@ -135,7 +135,7 @@
          mir::protobuf::StreamConfiguration const* request,
          mir::protobuf::Void* response,
          google::protobuf::Closure* done) = 0;
--    virtual void raise_surface_with_cookie(
++    virtual void raise_surface(
          mir::protobuf::RaiseRequest const* request,
          mir::protobuf::Void* response,
          google::protobuf::Closure* done) = 0;
 === added directory 'src/include/cookie'
 === added directory 'src/include/cookie/mir'
 === added directory 'src/include/cookie/mir/cookie'
 === renamed file 'include/cookie/mir_toolkit/cookie.h' => 'src/include/cookie/mir/cookie/blob.h'
 --- include/cookie/mir_toolkit/cookie.h	2015-09-17 08:57:46 +0000
 +++ src/include/cookie/mir/cookie/blob.h	2016-01-25 13:42:04 +0000
@@ -1,5 +1,5 @@
  /*
-- * Copyright © 2015 Canonical Ltd.
++ * Copyright © 2015-2016 Canonical Ltd.
+  *
   * This program is free software: you can redistribute it and/or modify
   * it under the terms of the GNU General Public License version 3 as
@@ -13,32 +13,21 @@
   * You should have received a copy of the GNU General Public License
   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+  *
-- * Authored by: Christopher James Halse Rogers <christopher.halse.rogers@canonical.com>
-- */
--
--#ifndef MIR_TOOLKIT_COOKIE_FACTORY_H_
--#define MIR_TOOLKIT_COOKIE_FACTORY_H_
--
--#include <stdint.h>
--
--/**
-- * \addtogroup mir_toolkit
-- * @{
-- */
--/* This is C code. Not C++. */
--#ifdef __cplusplus
--extern "C" {
--#endif
--
--typedef struct MirCookie
--{
--    uint64_t timestamp;
--    uint64_t mac;
--} MirCookie;
--
--#ifdef __cplusplus
--}
--#endif
--/**@}*/
--
--#endif // MIR_TOOLKIT_COOKIE_FACTORY_H_
++ * Authored by: Brandon Schaefer <brandon.schaefer@canonical.com>
++ */
++
++#ifndef MIR_COOKIE_BLOB_H_
++#define MIR_COOKIE_BLOB_H_
++
++#include <array>
++
++namespace mir
++{
++namespace cookie
++{
++size_t const default_blob_size = 17;
++using Blob = std::array<uint8_t, default_blob_size>;
++}
++}
++
++#endif // MIR_COOKIE_BLOB_H_
 === modified file 'src/include/server/mir/default_server_configuration.h'
 --- src/include/server/mir/default_server_configuration.h	2016-01-20 23:59:18 +0000
 +++ src/include/server/mir/default_server_configuration.h	2016-01-25 13:42:04 +0000
@@ -33,7 +33,7 @@
  namespace cookie
+ {
--class CookieFactory;
++class Authority;
+ }
  namespace dispatch
+ {
@@ -170,7 +170,7 @@
      std::shared_ptr<graphics::Platform>     the_graphics_platform() override;
      std::shared_ptr<input::InputDispatcher> the_input_dispatcher() override;
      std::shared_ptr<EmergencyCleanup>       the_emergency_cleanup() override;
--    std::shared_ptr<cookie::CookieFactory>  the_cookie_factory() override;
++    std::shared_ptr<cookie::Authority>      the_cookie_authority() override;
      /**
       * Function to call when a "fatal" error occurs. This implementation allows
       * the default strategy to be overridden by --on-fatal-error-abort to force a
@@ -416,7 +416,7 @@
      CachedPtr<shell::Shell> shell;
      CachedPtr<shell::ShellReport> shell_report;
      CachedPtr<scene::ApplicationNotRespondingDetector> application_not_responding_detector;
--    CachedPtr<cookie::CookieFactory> cookie_factory;
++    CachedPtr<cookie::Authority> cookie_authority;
  private:
      std::shared_ptr<options::Configuration> const configuration_options;
 === removed file 'src/include/server/mir/frontend/security_check_failed.h'
 --- src/include/server/mir/frontend/security_check_failed.h	2015-10-30 17:24:29 +0000
 +++ src/include/server/mir/frontend/security_check_failed.h	1970-01-01 00:00:00 +0000
@@ -1,34 +0,0 @@
--/*
-- * Copyright © 2015 Canonical Ltd.
-- *
-- * This program is free software: you can redistribute it and/or modify
-- * it under the terms of the GNU General Public License version 3 as
-- * published by the Free Software Foundation.
-- *
-- * This program is distributed in the hope that it will be useful,
-- * but WITHOUT ANY WARRANTY; without even the implied warranty of
-- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-- * GNU General Public License for more details.
-- *
-- * You should have received a copy of the GNU General Public License
-- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-- *
-- * Authored by: Brandon Schaefer <brandon.schaefer@canonical.com>
-- */
--
--#ifndef MIR_SECURITY_CHECK_FAILED_H_
--#define MIR_SECURITY_CHECK_FAILED_H_
--
--#include <stdexcept>
--
--namespace mir
--{
--
--struct SecurityCheckFailed : std::runtime_error
--{
--    SecurityCheckFailed();
--};
--
--}
--
--#endif /* MIR_SECURITY_CHECK_FAILED_H_ */
 === modified file 'src/include/server/mir/frontend/shell.h'
 --- src/include/server/mir/frontend/shell.h	2016-01-20 23:59:18 +0000
 +++ src/include/server/mir/frontend/shell.h	2016-01-25 13:42:04 +0000
@@ -82,7 +82,7 @@
          SurfaceId surface_id,
          MirSurfaceAttrib attrib) = 0;
--    virtual void raise_surface_with_timestamp(
++    virtual void raise_surface(
          std::shared_ptr<Session> const& session,
          SurfaceId surface_id,
          uint64_t timestamp) = 0;
 === modified file 'src/include/server/mir/frontend/template_protobuf_message_processor.h'
 --- src/include/server/mir/frontend/template_protobuf_message_processor.h	2016-01-20 23:59:18 +0000
 +++ src/include/server/mir/frontend/template_protobuf_message_processor.h	2016-01-25 13:42:04 +0000
@@ -21,7 +21,7 @@
  #define MIR_FRONTEND_TEMPLATE_PROTOBUF_MESSAGE_PROCESSOR_H_
  #include "mir/frontend/message_processor.h"
--#include "mir/frontend/security_check_failed.h"
++#include "mir/cookie/authority.h"
  #include <google/protobuf/stubs/common.h>
  #include <boost/exception/diagnostic_information.hpp>
@@ -76,7 +76,7 @@
              &result_message,
              callback.get());
+     }
--    catch (mir::SecurityCheckFailed const& /*err*/)
++    catch (mir::cookie::SecurityCheckError const& /*err*/)
+     {
          throw;
+     }
 === modified file 'src/include/server/mir/server_configuration.h'
 --- src/include/server/mir/server_configuration.h	2016-01-20 23:59:18 +0000
 +++ src/include/server/mir/server_configuration.h	2016-01-25 13:42:04 +0000
@@ -24,7 +24,7 @@
+ {
  namespace cookie
+ {
--class CookieFactory;
++class Authority;
+ }
  namespace compositor
+ {
@@ -79,7 +79,7 @@
      virtual std::shared_ptr<DisplayChanger> the_display_changer() = 0;
      virtual std::shared_ptr<graphics::Platform>  the_graphics_platform() = 0;
      virtual std::shared_ptr<EmergencyCleanup> the_emergency_cleanup() = 0;
--    virtual std::shared_ptr<cookie::CookieFactory> the_cookie_factory() = 0;
++    virtual std::shared_ptr<cookie::Authority> the_cookie_authority() = 0;
      virtual auto the_fatal_error_strategy() -> void (*)(char const* reason, ...) = 0;
      virtual std::shared_ptr<scene::ApplicationNotRespondingDetector> the_application_not_responding_detector() = 0;
 === modified file 'src/protobuf/mir_protobuf.proto'
 --- src/protobuf/mir_protobuf.proto	2016-01-20 23:59:18 +0000
 +++ src/protobuf/mir_protobuf.proto	2016-01-25 13:42:04 +0000
@@ -343,8 +343,7 @@
+ }
  message Cookie {
--  required uint64 timestamp = 1;
--  required uint64 mac = 2;
++  required bytes cookie = 1;
+ }
  message RaiseRequest {
 === modified file 'src/server/CMakeLists.txt'
 --- src/server/CMakeLists.txt	2016-01-22 03:09:31 +0000
 +++ src/server/CMakeLists.txt	2016-01-25 13:42:04 +0000
@@ -14,6 +14,7 @@
    ${PROJECT_SOURCE_DIR}/src/include/client
    ${PROJECT_SOURCE_DIR}/src/include/server
    ${PROJECT_SOURCE_DIR}/include/cookie
++  ${PROJECT_SOURCE_DIR}/src/include/cookie
    ${GLIB_INCLUDE_DIRS}
+ )
  add_definitions(-DMIR_SERVER_INPUT_PLATFORM_VERSION="${MIR_SERVER_INPUT_PLATFORM_VERSION}")
 === modified file 'src/server/default_server_configuration.cpp'
 --- src/server/default_server_configuration.cpp	2016-01-20 23:59:18 +0000
 +++ src/server/default_server_configuration.cpp	2016-01-25 13:42:04 +0000
@@ -24,7 +24,7 @@
  #include "mir/default_server_status_listener.h"
  #include "mir/emergency_cleanup.h"
  #include "mir/default_configuration.h"
--#include "mir/cookie_factory.h"
++#include "mir/cookie/authority.h"
  #include "mir/logging/dumb_console_logger.h"
  #include "mir/options/program_option.h"
@@ -186,15 +186,15 @@
          });
+ }
--std::shared_ptr<mir::cookie::CookieFactory> mir::DefaultServerConfiguration::the_cookie_factory()
++std::shared_ptr<mir::cookie::Authority> mir::DefaultServerConfiguration::the_cookie_authority()
+ {
--    return cookie_factory(
++    return cookie_authority(
          []()
+         {
--            static_assert(secret_size >= mir::cookie::CookieFactory::minimum_secret_size,
++            static_assert(secret_size >= mir::cookie::Authority::minimum_secret_size,
                            "Secret size is smaller then the minimum secret size");
--            return mir::cookie::CookieFactory::create_keeping_secret();
++            return mir::cookie::Authority::create();
          });
+ }
 === modified file 'src/server/frontend/CMakeLists.txt'
 --- src/server/frontend/CMakeLists.txt	2016-01-20 23:59:18 +0000
 +++ src/server/frontend/CMakeLists.txt	2016-01-25 13:42:04 +0000
@@ -28,7 +28,6 @@
    reordering_message_sender.cpp
    reordering_message_sender.h
    event_sink_factory.h
--  security_check_failed.cpp
+ )
  add_library(
 === modified file 'src/server/frontend/default_configuration.cpp'
 --- src/server/frontend/default_configuration.cpp	2016-01-20 23:59:18 +0000
 +++ src/server/frontend/default_configuration.cpp	2016-01-25 13:42:04 +0000
@@ -163,5 +163,5 @@
                  the_cursor_images(),
                  the_coordinate_translator(),
                  the_application_not_responding_detector(),
--                the_cookie_factory());
++                the_cookie_authority());
+ }
 === modified file 'src/server/frontend/default_ipc_factory.cpp'
 --- src/server/frontend/default_ipc_factory.cpp	2016-01-20 23:59:18 +0000
 +++ src/server/frontend/default_ipc_factory.cpp	2016-01-25 13:42:04 +0000
@@ -26,7 +26,7 @@
  #include "mir/frontend/session_authorizer.h"
  #include "mir/frontend/event_sink.h"
  #include "mir/graphics/graphic_buffer_allocator.h"
--#include "mir/cookie_factory.h"
++#include "mir/cookie/authority.h"
  namespace mf = mir::frontend;
  namespace mg = mir::graphics;
@@ -44,7 +44,7 @@
      std::shared_ptr<mi::CursorImages> const& cursor_images,
      std::shared_ptr<scene::CoordinateTranslator> const& translator,
      std::shared_ptr<scene::ApplicationNotRespondingDetector> const& anr_detector,
--    std::shared_ptr<mir::cookie::CookieFactory> const& cookie_factory) :
++    std::shared_ptr<mir::cookie::Authority> const& cookie_authority) :
      shell(shell),
      no_prompt_shell(std::make_shared<NoPromptShell>(shell)),
      sm_report(sm_report),
@@ -57,7 +57,7 @@
      cursor_images(cursor_images),
      translator{translator},
      anr_detector{anr_detector},
--    cookie_factory(cookie_factory)
++    cookie_authority(cookie_authority)
+ {
+ }
@@ -132,5 +132,5 @@
          cursor_images,
          translator,
          anr_detector,
--        cookie_factory);
++        cookie_authority);
+ }
 === modified file 'src/server/frontend/default_ipc_factory.h'
 --- src/server/frontend/default_ipc_factory.h	2016-01-20 23:59:18 +0000
 +++ src/server/frontend/default_ipc_factory.h	2016-01-25 13:42:04 +0000
@@ -25,7 +25,7 @@
+ {
  namespace cookie
+ {
--class CookieFactory;
++class Authority;
+ }
  namespace graphics
+ {
@@ -66,7 +66,7 @@
          std::shared_ptr<input::CursorImages> const& cursor_images,
          std::shared_ptr<scene::CoordinateTranslator> const& translator,
          std::shared_ptr<scene::ApplicationNotRespondingDetector> const& anr_detector,
--        std::shared_ptr<cookie::CookieFactory> const& cookie_factory);
++        std::shared_ptr<cookie::Authority> const& cookie_authority);
      std::shared_ptr<detail::DisplayServer> make_ipc_server(
          SessionCredentials const &creds,
@@ -101,7 +101,7 @@
      std::shared_ptr<input::CursorImages> const cursor_images;
      std::shared_ptr<scene::CoordinateTranslator> const translator;
      std::shared_ptr<scene::ApplicationNotRespondingDetector> const anr_detector;
--    std::shared_ptr<cookie::CookieFactory> const cookie_factory;
++    std::shared_ptr<cookie::Authority> const cookie_authority;
  };
+ }
+ }
 === modified file 'src/server/frontend/protobuf_message_processor.cpp'
 --- src/server/frontend/protobuf_message_processor.cpp	2016-01-20 23:59:18 +0000
 +++ src/server/frontend/protobuf_message_processor.cpp	2016-01-25 13:42:04 +0000
@@ -18,7 +18,7 @@
  #include "display_server.h"
  #include "protobuf_message_processor.h"
--#include "mir/frontend/security_check_failed.h"
++#include "mir/cookie/authority.h"
  #include "mir/frontend/message_processor_report.h"
  #include "mir/frontend/protobuf_message_sender.h"
  #include "mir/frontend/template_protobuf_message_processor.h"
@@ -136,7 +136,7 @@
              result_message.get(),
              callback);
+     }
--    catch (mir::SecurityCheckFailed const& /*err*/)
++    catch (mir::cookie::SecurityCheckError const& /*err*/)
+     {
          throw;
+     }
@@ -315,9 +315,9 @@
+         {
              invoke(this, display_server.get(), &DisplayServer::configure_buffer_stream, invocation);
+         }
--        else if ("raise_surface_with_cookie" == invocation.method_name())
++        else if ("raise_surface" == invocation.method_name())
+         {
--            invoke(this, display_server.get(), &DisplayServer::raise_surface_with_cookie, invocation);
++            invoke(this, display_server.get(), &DisplayServer::raise_surface, invocation);
+         }
          else if ("translate_surface_to_screen" == invocation.method_name())
+         {
 === removed file 'src/server/frontend/security_check_failed.cpp'
 --- src/server/frontend/security_check_failed.cpp	2015-10-30 17:24:29 +0000
 +++ src/server/frontend/security_check_failed.cpp	1970-01-01 00:00:00 +0000
@@ -1,24 +0,0 @@
--/*
-- * Copyright © 2015 Canonical Ltd.
-- *
-- * This program is free software: you can redistribute it and/or modify it
-- * under the terms of the GNU General Public License version 3,
-- * as published by the Free Software Foundation.
-- *
-- * This program is distributed in the hope that it will be useful,
-- * but WITHOUT ANY WARRANTY; without even the implied warranty of
-- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-- * GNU General Public License for more details.
-- *
-- * You should have received a copy of the GNU General Public License
-- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-- *
-- * Authored by: Brandon Schaefer <brandon.schaefer@canonical.com>
-- */
--
--#include "mir/frontend/security_check_failed.h"
--
--mir::SecurityCheckFailed::SecurityCheckFailed() :
--    runtime_error("Invalid MirCookie")
--{
--}
 === modified file 'src/server/frontend/session_mediator.cpp'
 --- src/server/frontend/session_mediator.cpp	2016-01-20 23:59:18 +0000
 +++ src/server/frontend/session_mediator.cpp	2016-01-25 13:42:04 +0000
@@ -46,10 +46,9 @@
  #include "mir/frontend/screencast.h"
  #include "mir/frontend/prompt_session.h"
  #include "mir/frontend/buffer_stream.h"
--#include "mir/frontend/security_check_failed.h"
  #include "mir/scene/prompt_session_creation_parameters.h"
  #include "mir/fd.h"
--#include "mir/cookie_factory.h"
++#include "mir/cookie/authority.h"
  #include "mir/module_properties.h"
  #include "mir/geometry/rectangles.h"
@@ -90,7 +89,7 @@
      std::shared_ptr<mi::CursorImages> const& cursor_images,
      std::shared_ptr<scene::CoordinateTranslator> const& translator,
      std::shared_ptr<scene::ApplicationNotRespondingDetector> const& anr_detector,
--    std::shared_ptr<mir::cookie::CookieFactory> const& cookie_factory) :
++    std::shared_ptr<mir::cookie::Authority> const& cookie_authority) :
      client_pid_(0),
      shell(shell),
      ipc_operations(ipc_operations),
@@ -106,7 +105,7 @@
      cursor_images(cursor_images),
      translator{translator},
      anr_detector{anr_detector},
--    cookie_factory(cookie_factory),
++    cookie_authority(cookie_authority),
      buffer_stream_tracker{static_cast<size_t>(client_buffer_cache_size)}
+ {
+ }
@@ -1022,7 +1021,7 @@
      done->Run();
+ }
--void mf::SessionMediator::raise_surface_with_cookie(
++void mf::SessionMediator::raise_surface(
      mir::protobuf::RaiseRequest const* request,
      mir::protobuf::Void*,
      google::protobuf::Closure* done)
@@ -1034,11 +1033,12 @@
      auto const cookie     = request->cookie();
      auto const surface_id = request->surface_id();
--    MirCookie const mir_cookie = {cookie.timestamp(), cookie.mac()};
--    if (!cookie_factory->attest_timestamp(mir_cookie))
--        throw mir::SecurityCheckFailed();
--
--    shell->raise_surface_with_timestamp(session, mf::SurfaceId{surface_id.value()}, cookie.timestamp());
++    auto cookie_string = cookie.cookie();
++
++    std::vector<uint8_t> cookie_bytes(cookie_string.begin(), cookie_string.end());
++    auto const cookie_ptr = cookie_authority->make_cookie(cookie_bytes);
++
++    shell->raise_surface(session, mf::SurfaceId{surface_id.value()}, cookie_ptr->timestamp());
      done->Run();
+ }
 === modified file 'src/server/frontend/session_mediator.h'
 --- src/server/frontend/session_mediator.h	2016-01-20 23:59:18 +0000
 +++ src/server/frontend/session_mediator.h	2016-01-25 13:42:04 +0000
@@ -40,7 +40,7 @@
+ {
  namespace cookie
+ {
--class CookieFactory;
++class Authority;
+ }
  namespace graphics
+ {
@@ -105,7 +105,7 @@
          std::shared_ptr<input::CursorImages> const& cursor_images,
          std::shared_ptr<scene::CoordinateTranslator> const& translator,
          std::shared_ptr<scene::ApplicationNotRespondingDetector> const& anr_detector,
--        std::shared_ptr<cookie::CookieFactory> const& cookie_factory);
++        std::shared_ptr<cookie::Authority> const& cookie_authority);
      ~SessionMediator() noexcept;
@@ -215,7 +215,7 @@
          mir::protobuf::StreamConfiguration const* request,
          mir::protobuf::Void*,
          google::protobuf::Closure* done) override;
--    void raise_surface_with_cookie(
++    void raise_surface(
          mir::protobuf::RaiseRequest const* request,
          mir::protobuf::Void*,
          google::protobuf::Closure* done) override;
@@ -259,7 +259,7 @@
      std::shared_ptr<input::CursorImages> const cursor_images;
      std::shared_ptr<scene::CoordinateTranslator> const translator;
      std::shared_ptr<scene::ApplicationNotRespondingDetector> const anr_detector;
--    std::shared_ptr<cookie::CookieFactory> const cookie_factory;
++    std::shared_ptr<cookie::Authority> const cookie_authority;
      BufferStreamTracker buffer_stream_tracker;
 === modified file 'src/server/frontend/shell_wrapper.cpp'
 --- src/server/frontend/shell_wrapper.cpp	2016-01-20 23:59:18 +0000
 +++ src/server/frontend/shell_wrapper.cpp	2016-01-25 13:42:04 +0000
@@ -99,10 +99,10 @@
      return wrapped->get_surface_attribute(session, surface_id, attrib);
+ }
--void mf::ShellWrapper::raise_surface_with_timestamp(
++void mf::ShellWrapper::raise_surface(
      std::shared_ptr<Session> const& session,
      SurfaceId surface_id,
      uint64_t timestamp)
+ {
--    wrapped->raise_surface_with_timestamp(session, surface_id, timestamp);
++    wrapped->raise_surface(session, surface_id, timestamp);
+ }
 === modified file 'src/server/frontend/shell_wrapper.h'
 --- src/server/frontend/shell_wrapper.h	2016-01-20 23:59:18 +0000
 +++ src/server/frontend/shell_wrapper.h	2016-01-25 13:42:04 +0000
@@ -75,7 +75,7 @@
          SurfaceId surface_id,
          MirSurfaceAttrib attrib) override;
--    void raise_surface_with_timestamp(
++    void raise_surface(
          std::shared_ptr<Session> const& session,
          SurfaceId surface_id,
          uint64_t timestamp) override;
 === modified file 'src/server/input/android/input_sender.cpp'
 --- src/server/input/android/input_sender.cpp	2016-01-20 23:59:18 +0000
 +++ src/server/input/android/input_sender.cpp	2016-01-25 13:42:04 +0000
@@ -247,7 +247,7 @@
                                       mir_keyboard_event_scan_code(key_event),
                                       mia::android_modifiers_from_mir(mir_keyboard_event_modifiers(key_event)),
                                       repeat_count,
--                                     event.key.mac,
++                                     event.key.cookie,
                                       event_time,
                                       event_time);
+ }
@@ -324,7 +324,7 @@
          ret = publisher.publishMotionEvent(seq, mir_input_event_get_device_id(input_event), AINPUT_SOURCE_TOUCHSCREEN,
                                             state_change.android_action, flags, edge_flags,
                                             mia::android_modifiers_from_mir(mir_touch_event_modifiers(touch)),
--                                           button_state, x_offset, y_offset, x_precision, y_precision, event.motion.mac,
++                                           button_state, x_offset, y_offset, x_precision, y_precision, event.motion.cookie,
                                             event_time, event_time, contacts_in_event, properties, coords);
+     }
@@ -361,7 +361,7 @@
          mia::android_pointer_action_from_mir(mir_pointer_event_action(pointer), mir_pointer_event_buttons(pointer)),
          flags, edge_flags, mia::android_modifiers_from_mir(mir_pointer_event_modifiers(pointer)),
          mia::android_pointer_buttons_from_mir(mir_pointer_event_buttons(pointer)), x_offset, y_offset, x_precision,
--        y_precision, event.motion.mac, event_time, event_time, 1, &pointer_properties, &pointer_coord);
++        y_precision, event.motion.cookie, event_time, event_time, 1, &pointer_properties, &pointer_coord);
+ }
 === modified file 'src/server/input/default_configuration.cpp'
 --- src/server/input/default_configuration.cpp	2016-01-20 23:59:18 +0000
 +++ src/server/input/default_configuration.cpp	2016-01-25 13:42:04 +0000
@@ -147,7 +147,7 @@
              auto enable_repeat = options->get<bool>(options::enable_key_repeat_opt);
              return std::make_shared<mi::KeyRepeatDispatcher>(
--                the_event_filter_chain_dispatcher(), the_main_loop(), the_cookie_factory(),
++                the_event_filter_chain_dispatcher(), the_main_loop(), the_cookie_authority(),
                  enable_repeat, key_repeat_timeout, key_repeat_delay);
          });
+ }
@@ -278,7 +278,7 @@
                                              the_touch_visualizer(),
                                              the_cursor_listener(),
                                              the_input_region(),
--                                            the_cookie_factory());
++                                            the_cookie_authority());
                                      });
+ }
@@ -293,6 +293,6 @@
                                              the_touch_visualizer(),
                                              the_cursor_listener(),
                                              the_input_region(),
--                                            the_cookie_factory());
++                                            the_cookie_authority());
                                      });
+ }
 === modified file 'src/server/input/default_event_builder.cpp'
 --- src/server/input/default_event_builder.cpp	2016-01-20 23:59:18 +0000
 +++ src/server/input/default_event_builder.cpp	2016-01-25 13:42:04 +0000
@@ -19,29 +19,31 @@
  #include "default_event_builder.h"
  #include "mir/events/event_builders.h"
--#include "mir/cookie_factory.h"
++#include "mir/cookie/authority.h"
  #include "mir/events/event_private.h"
++#include <algorithm>
++
  namespace me = mir::events;
  namespace mi = mir::input;
  mi::DefaultEventBuilder::DefaultEventBuilder(MirInputDeviceId device_id,
--                                             std::shared_ptr<mir::cookie::CookieFactory> const& cookie_factory)
++                                             std::shared_ptr<mir::cookie::Authority> const& cookie_authority)
      : device_id(device_id),
--      cookie_factory(cookie_factory)
++      cookie_authority(cookie_authority)
+ {
+ }
  mir::EventUPtr mi::DefaultEventBuilder::key_event(Timestamp timestamp, MirKeyboardAction action, xkb_keysym_t key_code,
                                                    int scan_code)
+ {
--    uint64_t mac = cookie_factory->timestamp_to_cookie(timestamp.count()).mac;
--    return me::make_event(device_id, timestamp, mac, action, key_code, scan_code, mir_input_event_modifier_none);
++    auto const cookie = cookie_authority->make_cookie(timestamp.count());
++    return me::make_event(device_id, timestamp, cookie->serialize(), action, key_code, scan_code, mir_input_event_modifier_none);
+ }
  mir::EventUPtr mi::DefaultEventBuilder::touch_event(Timestamp timestamp)
+ {
--    return me::make_event(device_id, timestamp, 0, mir_input_event_modifier_none);
++    return me::make_event(device_id, timestamp, std::vector<uint8_t>{}, mir_input_event_modifier_none);
+ }
  void mi::DefaultEventBuilder::add_touch(MirEvent& event, MirTouchId touch_id, MirTouchAction action,
@@ -51,8 +53,9 @@
+ {
      if (action == mir_touch_action_up || action == mir_touch_action_down)
+     {
--        auto cookie = cookie_factory->timestamp_to_cookie(event.motion.event_time.count());
--        event.motion.mac = cookie.mac;
++        auto const cookie = cookie_authority->make_cookie(event.motion.event_time.count());
++        auto const serialized_cookie = cookie->serialize();
++        std::copy_n(std::begin(serialized_cookie), event.motion.cookie.size(), std::begin(event.motion.cookie));
+     }
      me::add_touch(event, touch_id, action, tooltype, x_axis_value, y_axis_value, pressure_value, touch_major_value,
@@ -65,10 +68,14 @@
+ {
      const float x_axis_value = 0;
      const float y_axis_value = 0;
--    uint64_t mac = 0;
++    std::vector<uint8_t> vec_cookie{};
++    // FIXME Moving to 160bits soon
      if (action == mir_pointer_action_button_up || action == mir_pointer_action_button_down)
--        mac = cookie_factory->timestamp_to_cookie(timestamp.count()).mac;
--    return me::make_event(device_id, timestamp, mac, mir_input_event_modifier_none, action, buttons_pressed, x_axis_value, y_axis_value,
++    {
++        auto const cookie = cookie_authority->make_cookie(timestamp.count());
++        vec_cookie = cookie->serialize();
++    }
++    return me::make_event(device_id, timestamp, vec_cookie, mir_input_event_modifier_none, action, buttons_pressed, x_axis_value, y_axis_value,
                            hscroll_value, vscroll_value, relative_x_value, relative_y_value);
+ }
 === modified file 'src/server/input/default_event_builder.h'
 --- src/server/input/default_event_builder.h	2016-01-20 23:59:18 +0000
 +++ src/server/input/default_event_builder.h	2016-01-25 13:42:04 +0000
@@ -27,7 +27,7 @@
+ {
  namespace cookie
+ {
--class CookieFactory;
++class Authority;
+ }
  namespace input
+ {
@@ -35,7 +35,7 @@
+ {
  public:
      explicit DefaultEventBuilder(MirInputDeviceId device_id,
--                                 std::shared_ptr<cookie::CookieFactory> const& cookie_factory);
++                                 std::shared_ptr<cookie::Authority> const& cookie_authority);
      EventUPtr key_event(Timestamp timestamp, MirKeyboardAction action, xkb_keysym_t key_code, int scan_code) override;
@@ -52,7 +52,7 @@
  private:
      MirInputDeviceId const device_id;
--    std::shared_ptr<cookie::CookieFactory> const cookie_factory;
++    std::shared_ptr<cookie::Authority> const cookie_authority;
  };
+ }
+ }
 === modified file 'src/server/input/default_input_device_hub.cpp'
 --- src/server/input/default_input_device_hub.cpp	2016-01-20 23:59:18 +0000
 +++ src/server/input/default_input_device_hub.cpp	2016-01-25 13:42:04 +0000
@@ -29,7 +29,7 @@
  #include "mir/dispatch/multiplexing_dispatchable.h"
  #include "mir/dispatch/action_queue.h"
  #include "mir/server_action_queue.h"
--#include "mir/cookie_factory.h"
++#include "mir/cookie/authority.h"
  #define MIR_LOG_COMPONENT "Input"
  #include "mir/log.h"
@@ -49,13 +49,13 @@
      std::shared_ptr<TouchVisualizer> const& touch_visualizer,
      std::shared_ptr<CursorListener> const& cursor_listener,
      std::shared_ptr<InputRegion> const& input_region,
--    std::shared_ptr<mir::cookie::CookieFactory> const& cookie_factory)
++    std::shared_ptr<mir::cookie::Authority> const& cookie_authority)
      : input_dispatcher(input_dispatcher),
        input_dispatchable{input_multiplexer},
        observer_queue(observer_queue),
        device_queue(std::make_shared<dispatch::ActionQueue>()),
        input_region(input_region),
--      cookie_factory(cookie_factory),
++      cookie_authority(cookie_authority),
        seat(touch_visualizer, cursor_listener, input_region),
        device_id_generator{0}
+ {
@@ -78,7 +78,7 @@
+     {
          // send input device info to observer loop..
          devices.push_back(std::make_unique<RegisteredDevice>(
--            device, create_new_device_id(), input_dispatcher, input_dispatchable, cookie_factory, this, &seat));
++            device, create_new_device_id(), input_dispatcher, input_dispatchable, cookie_authority, this, &seat));
          auto const& dev = devices.back();
          seat.add_device(dev->id());
@@ -142,10 +142,10 @@
      MirInputDeviceId device_id,
      std::shared_ptr<InputDispatcher> const& dispatcher,
      std::shared_ptr<dispatch::MultiplexingDispatchable> const& multiplexer,
--    std::shared_ptr<mir::cookie::CookieFactory> const& cookie_factory,
++    std::shared_ptr<mir::cookie::Authority> const& cookie_authority,
      DefaultInputDeviceHub* hub,
      Seat* seat)
--    : device_id(device_id), builder(device_id, cookie_factory), device(dev), dispatcher(dispatcher),
++    : device_id(device_id), builder(device_id, cookie_authority), device(dev), dispatcher(dispatcher),
        multiplexer(multiplexer), hub(hub), seat(seat)
+ {
+ }
 === modified file 'src/server/input/default_input_device_hub.h'
 --- src/server/input/default_input_device_hub.h	2016-01-20 23:59:18 +0000
 +++ src/server/input/default_input_device_hub.h	2016-01-25 13:42:04 +0000
@@ -38,7 +38,7 @@
  class ServerActionQueue;
  namespace cookie
+ {
--class CookieFactory;
++class Authority;
+ }
  namespace dispatch
+ {
@@ -65,7 +65,7 @@
                            std::shared_ptr<TouchVisualizer> const& touch_visualizer,
                            std::shared_ptr<CursorListener> const& cursor_listener,
                            std::shared_ptr<InputRegion> const& input_region,
--                          std::shared_ptr<cookie::CookieFactory> const& cookie_factory);
++                          std::shared_ptr<cookie::Authority> const& cookie_authority);
      // InputDeviceRegistry - calls from mi::Platform
      void add_device(std::shared_ptr<InputDevice> const& device) override;
@@ -85,7 +85,7 @@
      std::shared_ptr<ServerActionQueue> const observer_queue;
      std::shared_ptr<dispatch::ActionQueue> const device_queue;
      std::shared_ptr<InputRegion> const input_region;
--    std::shared_ptr<cookie::CookieFactory> const cookie_factory;
++    std::shared_ptr<cookie::Authority> const cookie_authority;
      Seat seat;
      struct RegisteredDevice : public InputSink
@@ -95,7 +95,7 @@
                           MirInputDeviceId dev_id,
                           std::shared_ptr<InputDispatcher> const& dispatcher,
                           std::shared_ptr<dispatch::MultiplexingDispatchable> const& multiplexer,
--                         std::shared_ptr<cookie::CookieFactory> const& cookie_factory,
++                         std::shared_ptr<cookie::Authority> const& cookie_authority,
                           DefaultInputDeviceHub* hub,
                           Seat* seat);
          void handle_input(MirEvent& event) override;
 === modified file 'src/server/input/key_repeat_dispatcher.cpp'
 --- src/server/input/key_repeat_dispatcher.cpp	2016-01-20 23:59:18 +0000
 +++ src/server/input/key_repeat_dispatcher.cpp	2016-01-25 13:42:04 +0000
@@ -21,10 +21,11 @@
  #include "mir/time/alarm_factory.h"
  #include "mir/time/alarm.h"
  #include "mir/events/event_private.h"
--#include "mir/cookie_factory.h"
++#include "mir/cookie/authority.h"
  #include <boost/throw_exception.hpp>
++#include <algorithm>
  #include <stdexcept>
  #include <string.h>
@@ -33,13 +34,13 @@
  mi::KeyRepeatDispatcher::KeyRepeatDispatcher(
      std::shared_ptr<mi::InputDispatcher> const& next_dispatcher,
      std::shared_ptr<mir::time::AlarmFactory> const& factory,
--    std::shared_ptr<mir::cookie::CookieFactory> const& cookie_factory,
++    std::shared_ptr<mir::cookie::Authority> const& cookie_authority,
      bool repeat_enabled,
      std::chrono::milliseconds repeat_timeout,
      std::chrono::milliseconds repeat_delay)
      : next_dispatcher(next_dispatcher),
        alarm_factory(factory),
--      cookie_factory(cookie_factory),
++      cookie_authority(cookie_authority),
        repeat_enabled(repeat_enabled),
        repeat_timeout(repeat_timeout),
        repeat_delay(repeat_delay)
@@ -119,7 +120,9 @@
                  std::lock_guard<std::mutex> lg(repeat_state_mutex);
                  ev.key.event_time = std::chrono::steady_clock::now().time_since_epoch();
--                ev.key.mac = cookie_factory->timestamp_to_cookie(ev.key.event_time.count()).mac;
++                auto const cookie = cookie_authority->make_cookie(ev.key.event_time.count());
++                auto const serialized_cookie = cookie->serialize();
++                std::copy_n(std::begin(serialized_cookie), ev.key.cookie.size(), std::begin(ev.key.cookie));
                  next_dispatcher->dispatch(ev);
                  capture_alarm->reschedule_in(repeat_delay);
 === modified file 'src/server/input/key_repeat_dispatcher.h'
 --- src/server/input/key_repeat_dispatcher.h	2016-01-20 23:59:18 +0000
 +++ src/server/input/key_repeat_dispatcher.h	2016-01-25 13:42:04 +0000
@@ -30,7 +30,7 @@
+ {
  namespace cookie
+ {
--class CookieFactory;
++class Authority;
+ }
  namespace time
+ {
@@ -45,7 +45,7 @@
  public:
      KeyRepeatDispatcher(std::shared_ptr<InputDispatcher> const& next_dispatcher,
                          std::shared_ptr<time::AlarmFactory> const& factory,
--                        std::shared_ptr<cookie::CookieFactory> const& cookie_factory,
++                        std::shared_ptr<cookie::Authority> const& cookie_authority,
                          bool repeat_enabled,
                          std::chrono::milliseconds repeat_timeout, /* timeout before sending first repeat */
                          std::chrono::milliseconds repeat_delay /* delay between repeated keys */);
@@ -60,7 +60,7 @@
      std::shared_ptr<InputDispatcher> const next_dispatcher;
      std::shared_ptr<time::AlarmFactory> const alarm_factory;
--    std::shared_ptr<cookie::CookieFactory> const cookie_factory;
++    std::shared_ptr<cookie::Authority> const cookie_authority;
      bool const repeat_enabled;
      std::chrono::milliseconds repeat_timeout;
      std::chrono::milliseconds repeat_delay;
 === modified file 'src/server/input/surface_input_dispatcher.cpp'
 --- src/server/input/surface_input_dispatcher.cpp	2016-01-20 23:59:18 +0000
 +++ src/server/input/surface_input_dispatcher.cpp	2016-01-25 13:42:04 +0000
@@ -24,7 +24,6 @@
  #include "mir/scene/surface.h"
  #include "mir/events/event_builders.h"
  #include "mir/events/event_private.h"
--#include "mir/cookie_factory.h"
  #include <string.h>
@@ -221,7 +220,7 @@
      deliver(surface, &*mev::make_event(mir_input_event_get_device_id(iev),
          std::chrono::nanoseconds(mir_input_event_get_event_time(iev)),
--        0, // FIXME Revet cookie API, fix incoming for 0.19
++        std::vector<uint8_t>{},
          mir_pointer_event_modifiers(pev),
          action, mir_pointer_event_buttons(pev),
          mir_pointer_event_axis_value(pev,mir_pointer_axis_x),
 === modified file 'src/server/input/validator.cpp'
 --- src/server/input/validator.cpp	2016-01-20 23:59:18 +0000
 +++ src/server/input/validator.cpp	2016-01-25 13:42:04 +0000
@@ -244,7 +244,7 @@
      MirTouchEvent const* last_ev = nullptr;
      auto default_ev = mev::make_event(id,
          std::chrono::high_resolution_clock::now().time_since_epoch(),
--        0, /* No need for a mac, since there's no pointer count for a default event */
++        std::vector<uint8_t>{}, /* No need for a mac, since there's no pointer count for a default event */
          mir_input_event_modifier_none);
      if (it == last_event_by_device.end())
 === modified file 'src/server/server.cpp'
 --- src/server/server.cpp	2016-01-20 23:59:18 +0000
 +++ src/server/server.cpp	2016-01-25 13:42:04 +0000
@@ -31,7 +31,7 @@
  #include "mir/main_loop.h"
  #include "mir/report_exception.h"
  #include "mir/run_mir.h"
--#include "mir/cookie_factory.h"
++#include "mir/cookie/authority.h"
  // TODO these are used to frig a stub renderer when running headless
  #include "mir/compositor/renderer.h"
@@ -67,7 +67,7 @@
      MACRO(session_mediator_report)\
      MACRO(shell)\
      MACRO(application_not_responding_detector)\
--    MACRO(cookie_factory)\
++    MACRO(cookie_authority)\
      MACRO(coordinate_translator)
  #define FOREACH_ACCESSOR(MACRO)\
 === modified file 'src/server/shell/abstract_shell.cpp'
 --- src/server/shell/abstract_shell.cpp	2016-01-20 23:59:18 +0000
 +++ src/server/shell/abstract_shell.cpp	2016-01-25 13:42:04 +0000
@@ -164,7 +164,7 @@
      return surface->query(attrib);
+ }
--void msh::AbstractShell::raise_surface_with_timestamp(
++void msh::AbstractShell::raise_surface(
      std::shared_ptr<ms::Session> const& session,
      std::shared_ptr<ms::Surface> const& surface,
      uint64_t timestamp)
 === modified file 'src/server/shell/frontend_shell.cpp'
 --- src/server/shell/frontend_shell.cpp	2016-01-20 23:59:18 +0000
 +++ src/server/shell/frontend_shell.cpp	2016-01-25 13:42:04 +0000
@@ -148,12 +148,12 @@
      return wrapped->get_surface_attribute(surface, attrib);
+ }
--void msh::FrontendShell::raise_surface_with_timestamp(
++void msh::FrontendShell::raise_surface(
      std::shared_ptr<mf::Session> const& session,
      mf::SurfaceId surface_id,
      uint64_t timestamp)
+ {
      auto const scene_session = std::dynamic_pointer_cast<ms::Session>(session);
      auto const surface = scene_session->surface(surface_id);
--    wrapped->raise_surface_with_timestamp(scene_session, surface, timestamp);
++    wrapped->raise_surface(scene_session, surface, timestamp);
+ }
 === modified file 'src/server/shell/frontend_shell.h'
 --- src/server/shell/frontend_shell.h	2016-01-20 23:59:18 +0000
 +++ src/server/shell/frontend_shell.h	2016-01-25 13:42:04 +0000
@@ -87,7 +87,7 @@
          mf::SurfaceId surface_id,
          MirSurfaceAttrib attrib) override;
--    void raise_surface_with_timestamp(
++    void raise_surface(
          std::shared_ptr<mf::Session> const& session,
          mf::SurfaceId surface_id,
          uint64_t timestamp) override;
 === modified file 'src/server/shell/shell_wrapper.cpp'
 --- src/server/shell/shell_wrapper.cpp	2016-01-20 23:59:18 +0000
 +++ src/server/shell/shell_wrapper.cpp	2016-01-25 13:42:04 +0000
@@ -112,12 +112,12 @@
      return wrapped->get_surface_attribute(surface, attrib);
+ }
--void msh::ShellWrapper::raise_surface_with_timestamp(
++void msh::ShellWrapper::raise_surface(
      std::shared_ptr<ms::Session> const& session,
      std::shared_ptr<ms::Surface> const& surface,
      uint64_t timestamp)
+ {
--    wrapped->raise_surface_with_timestamp(session, surface, timestamp);
++    wrapped->raise_surface(session, surface, timestamp);
+ }
  void msh::ShellWrapper::add_display(geometry::Rectangle const& area)
 === modified file 'src/server/symbols.map'
 --- src/server/symbols.map	2016-01-20 23:59:18 +0000
 +++ src/server/symbols.map	2016-01-25 13:42:04 +0000
@@ -165,7 +165,7 @@
      mir::Server::open_prompt_socket*;
      mir::Server::override_the_application_not_responding_detector*;
      mir::Server::override_the_compositor*;
--    mir::Server::override_the_cookie_factory*;
++    mir::Server::override_the_cookie_authority*;
      mir::Server::override_the_coordinate_translator*;
      mir::Server::override_the_cursor_images*;
      mir::Server::override_the_display_buffer_compositor_factory*;
@@ -240,7 +240,7 @@
      mir::shell::AbstractShell::modify_surface*;
      mir::shell::AbstractShell::open_session*;
      mir::shell::AbstractShell::raise*;
--    mir::shell::AbstractShell::raise_surface_with_timestamp*;
++    mir::shell::AbstractShell::raise_surface*;
      mir::shell::AbstractShell::remove_display*;
      mir::shell::AbstractShell::set_focus_to*;
      mir::shell::AbstractShell::set_surface_attribute*;
@@ -282,7 +282,7 @@
      mir::shell::ShellWrapper::modify_surface*;
      mir::shell::ShellWrapper::open_session*;
      mir::shell::ShellWrapper::raise*;
--    mir::shell::ShellWrapper::raise_surface_with_timestamp*;
++    mir::shell::ShellWrapper::raise_surface*;
      mir::shell::ShellWrapper::remove_display*;
      mir::shell::ShellWrapper::set_focus_to*;
      mir::shell::ShellWrapper::set_surface_attribute*;
@@ -395,7 +395,7 @@
      non-virtual?thunk?to?mir::shell::AbstractShell::modify_surface*;
      non-virtual?thunk?to?mir::shell::AbstractShell::open_session*;
      non-virtual?thunk?to?mir::shell::AbstractShell::raise*;
--    non-virtual?thunk?to?mir::shell::AbstractShell::raise_surface_with_timestamp*;
++    non-virtual?thunk?to?mir::shell::AbstractShell::raise_surface*;
      non-virtual?thunk?to?mir::shell::AbstractShell::remove_display*;
      non-virtual?thunk?to?mir::shell::AbstractShell::set_focus_to*;
      non-virtual?thunk?to?mir::shell::AbstractShell::set_surface_attribute*;
@@ -422,7 +422,7 @@
      non-virtual?thunk?to?mir::shell::ShellWrapper::modify_surface*;
      non-virtual?thunk?to?mir::shell::ShellWrapper::open_session*;
      non-virtual?thunk?to?mir::shell::ShellWrapper::raise*;
--    non-virtual?thunk?to?mir::shell::ShellWrapper::raise_surface_with_timestamp*;
++    non-virtual?thunk?to?mir::shell::ShellWrapper::raise_surface*;
      non-virtual?thunk?to?mir::shell::ShellWrapper::remove_display*;
      non-virtual?thunk?to?mir::shell::ShellWrapper::set_focus_to*;
      non-virtual?thunk?to?mir::shell::ShellWrapper::set_surface_attribute*;
@@ -677,7 +677,7 @@
      mir::DefaultServerConfiguration::the_buffer_stream_factory*;
      mir::DefaultServerConfiguration::the_clock*;
      mir::DefaultServerConfiguration::the_composite_event_filter*;
--    mir::DefaultServerConfiguration::the_cookie_factory*;
++    mir::DefaultServerConfiguration::the_cookie_authority*;
      mir::DefaultServerConfiguration::the_event_filter_chain_dispatcher*;
      mir::DefaultServerConfiguration::the_surface_input_dispatcher;
      mir::DefaultServerConfiguration::the_compositor*;
 === modified file 'tests/acceptance-tests/test_client_cookie.cpp'
 --- tests/acceptance-tests/test_client_cookie.cpp	2016-01-20 23:59:18 +0000
 +++ tests/acceptance-tests/test_client_cookie.cpp	2016-01-25 13:42:04 +0000
@@ -1,5 +1,5 @@
  /*
-- * Copyright © 2015 Canonical Ltd.
++ * Copyright © 2015-2016 Canonical Ltd.
+  *
   * This program is free software: you can redistribute it and/or modify
   * it under the terms of the GNU General Public License version 3 as
@@ -23,12 +23,14 @@
  #include "mir_test_framework/stub_server_platform_factory.h"
  #include "mir_test_framework/connected_client_with_a_surface.h"
  #include "mir/test/spin_wait.h"
--#include "mir/cookie_factory.h"
++#include "mir/cookie/authority.h"
  #include "boost/throw_exception.hpp"
  #include <linux/input.h>
++#include <mutex>
++
  namespace mtf = mir_test_framework;
  namespace mt = mir::test;
  namespace mi = mir::input;
@@ -45,8 +47,8 @@
  public:
      ClientCookies()
+     {
--        server.override_the_cookie_factory([this] ()
--            { return mir::cookie::CookieFactory::create_saving_secret(cookie_secret); });
++        server.override_the_cookie_authority([this] ()
++            { return mir::cookie::Authority::create_saving(cookie_secret); });
+     }
      void SetUp() override
@@ -63,9 +65,6 @@
          mir_buffer_stream_swap_buffers_sync(mir_surface_get_buffer_stream(surface));
+     }
--    std::vector<uint8_t> cookie_secret;
--    std::vector<MirCookie> out_cookies;
--
      std::unique_ptr<mtf::FakeInputDevice> fake_keyboard{
          mtf::add_fake_input_device(mi::InputDeviceInfo{"keyboard", "keyboard-uid" , mi::DeviceCapability::keyboard})
          };
@@ -76,21 +75,49 @@
         mtf::add_fake_input_device(mi::InputDeviceInfo{
         "touch screen", "touch-screen-uid", mi::DeviceCapability::touchscreen | mi::DeviceCapability::multitouch})
         };
++
++    std::vector<std::vector<uint8_t>> out_cookies;
++    std::vector<uint8_t> cookie_secret;
++    size_t event_count{0};
++    mutable std::mutex mutex;
  };
  namespace
+ {
--// FIXME Removing the public API calls for the mir cookie, fix coming in 0.19
--void cookie_capturing_callback(MirSurface*, MirEvent const* /*ev*/, void* /*ctx*/)
++
++void cookie_capturing_callback(MirSurface*, MirEvent const* ev, void* ctx)
+ {
++    auto const event_type = mir_event_get_type(ev);
++    auto client_cookie = static_cast<ClientCookies*>(ctx);
++
++    if (event_type == mir_event_type_input)
++    {
++        auto const* iev = mir_event_get_input_event(ev);
++
++        std::lock_guard<std::mutex> lk(client_cookie->mutex);
++        if (mir_input_event_has_cookie(iev))
++        {
++            auto cookie = mir_input_event_get_cookie(iev);
++            size_t size = mir_cookie_buffer_size(cookie);
++
++            std::vector<uint8_t> cookie_bytes(size);
++            mir_cookie_to_buffer(cookie, cookie_bytes.data(), size);
++
++            mir_cookie_release(cookie);
++            client_cookie->out_cookies.push_back(cookie_bytes);
++        }
++
++        client_cookie->event_count++;
++    }
+ }
--bool wait_for_n_events(size_t n, std::vector<MirCookie>& cookies)
++bool wait_for_n_events(size_t n, ClientCookies* client_cookie)
+ {
      bool all_events = mt::spin_wait_for_condition_or_timeout(
--        [&n, &cookies]
++        [&n, &client_cookie]
+         {
--            return cookies.size() >= n;
++            std::lock_guard<std::mutex> lk(client_cookie->mutex);
++            return client_cookie->event_count >= n;
          },
          std::chrono::seconds{max_wait});
@@ -99,41 +126,52 @@
+ }
+ }
--// FIXME Removing the public API calls for the mir cookie, fix coming in 0.19
--TEST_F(ClientCookies, DISABLED_keyboard_events_have_attestable_cookies)
++TEST_F(ClientCookies, keyboard_events_have_cookies)
+ {
      fake_keyboard->emit_event(mis::a_key_down_event().of_scancode(KEY_M));
--    if (wait_for_n_events(1, out_cookies))
++
++    int events = 1;
++    if (wait_for_n_events(events, this))
+     {
--        auto factory = mir::cookie::CookieFactory::create_from_secret(cookie_secret);
--        EXPECT_TRUE(factory->attest_timestamp(out_cookies.back()));
++        std::lock_guard<std::mutex> lk(mutex);
++
++        ASSERT_FALSE(out_cookies.empty());
++        auto authority = mir::cookie::Authority::create_from(cookie_secret);
++
++        EXPECT_NO_THROW(authority->make_cookie(out_cookies.back()));
+     }
+ }
--// FIXME Removing the public API calls for the mir cookie, fix coming in 0.19
--TEST_F(ClientCookies, DISABLED_pointer_motion_events_do_not_have_attestable_cookies)
++TEST_F(ClientCookies, pointer_motion_events_do_not_have_cookies)
+ {
++    // with movement generates 2 events
      fake_pointer->emit_event(mis::a_pointer_event().with_movement(1, 1));
--    if (wait_for_n_events(1, out_cookies))
++
++    int events = 2;
++    if (wait_for_n_events(events, this))
+     {
--        auto factory = mir::cookie::CookieFactory::create_from_secret(cookie_secret);
--        EXPECT_FALSE(factory->attest_timestamp(out_cookies.back()));
++        std::lock_guard<std::mutex> lk(mutex);
++        EXPECT_EQ(event_count, events);
++        EXPECT_TRUE(out_cookies.empty());
+     }
+ }
--TEST_F(ClientCookies, DISABLED_pointer_click_events_have_attestable_cookies)
++TEST_F(ClientCookies, pointer_click_events_have_cookies)
+ {
      fake_pointer->emit_event(mis::a_button_down_event().of_button(BTN_LEFT).with_action(mis::EventAction::Down));
      fake_pointer->emit_event(mis::a_button_up_event().of_button(BTN_LEFT));
--    if (wait_for_n_events(2, out_cookies))
++
++    int events = 2;
++    if (wait_for_n_events(events, this))
+     {
--        auto factory = mir::cookie::CookieFactory::create_from_secret(cookie_secret);
--        EXPECT_TRUE(factory->attest_timestamp(out_cookies.back()));
++        std::lock_guard<std::mutex> lk(mutex);
++        ASSERT_FALSE(out_cookies.empty());
++        auto authority = mir::cookie::Authority::create_from(cookie_secret);
++        EXPECT_NO_THROW(authority->make_cookie(out_cookies.back()));
+     }
+ }
--// FIXME Removing the public API calls for the mir cookie, fix coming in 0.19
--TEST_F(ClientCookies, DISABLED_touch_motion_events_do_not_have_attestable_cookies)
++TEST_F(ClientCookies, touch_motion_events_do_not_have_cookies)
+ {
      fake_touch_screen->emit_event(
           mis::a_touch_event()
@@ -146,24 +184,11 @@
          .at_position({1, 1})
          );
--    if (wait_for_n_events(2, out_cookies))
--    {
--        auto factory = mir::cookie::CookieFactory::create_from_secret(cookie_secret);
--        EXPECT_FALSE(factory->attest_timestamp(out_cookies.back()));
--    }
--}
--
--// FIXME Removing the public API calls for the mir cookie, fix coming in 0.19
--TEST_F(ClientCookies, DISABLED_touch_click_events_have_attestable_cookies)
--{
--    fake_touch_screen->emit_event(
--         mis::a_touch_event()
--        .at_position({0, 0})
--        );
--
--    if (wait_for_n_events(1, out_cookies))
--    {
--        auto factory = mir::cookie::CookieFactory::create_from_secret(cookie_secret);
--        EXPECT_TRUE(factory->attest_timestamp(out_cookies.back()));
++    int events = 1;
++    if (wait_for_n_events(events, this))
++    {
++        std::lock_guard<std::mutex> lk(mutex);
++        EXPECT_GE(event_count, events);
++        EXPECT_EQ(out_cookies.size(), 1);
+     }
+ }
 === modified file 'tests/acceptance-tests/test_client_input.cpp'
 --- tests/acceptance-tests/test_client_input.cpp	2016-01-23 03:16:06 +0000
 +++ tests/acceptance-tests/test_client_input.cpp	2016-01-25 13:42:04 +0000
@@ -587,7 +587,7 @@
      EXPECT_CALL(first_client, handle_input(mt::KeyDownEvent()))
          .WillOnce(mt::WakeUp(&first_client.all_events_received));
--    auto key_event = mir::events::make_event(MirInputDeviceId{0}, 0ns, 0, mir_keyboard_action_down, 0, KEY_M,
++    auto key_event = mir::events::make_event(MirInputDeviceId{0}, 0ns, std::vector<uint8_t>{}, mir_keyboard_action_down, 0, KEY_M,
                                               mir_input_event_modifier_none);
      server.the_shell()->focused_surface()->consume(key_event.get());
 === modified file 'tests/acceptance-tests/test_surface_modifications.cpp'
 --- tests/acceptance-tests/test_surface_modifications.cpp	2016-01-20 23:59:18 +0000
 +++ tests/acceptance-tests/test_surface_modifications.cpp	2016-01-25 13:42:04 +0000
@@ -83,11 +83,10 @@
          auto const hscroll_value = 0.0;
          auto const vscroll_value = 0.0;
          auto const action = mir_pointer_action_button_down;
--        auto const mac = 0;
          auto const relative_x_value = 0.0;
          auto const relative_y_value = 0.0;
--        auto const click_event = mev::make_event(device_id, timestamp, mac, modifiers,
++        auto const click_event = mev::make_event(device_id, timestamp, cookie, modifiers,
              action, mir_pointer_button_tertiary, x_axis_value, y_axis_value,
              hscroll_value, vscroll_value, relative_x_value, relative_y_value);
@@ -103,11 +102,10 @@
          auto const hscroll_value = 0.0;
          auto const vscroll_value = 0.0;
          auto const action = mir_pointer_action_motion;
--        auto const mac = 0;
          auto const relative_x_value = 0.0;
          auto const relative_y_value = 0.0;
--        auto const drag_event = mev::make_event(device_id, timestamp, mac, modifiers,
++        auto const drag_event = mev::make_event(device_id, timestamp, cookie, modifiers,
              action, mir_pointer_button_tertiary, x_axis_value, y_axis_value,
              hscroll_value, vscroll_value, relative_x_value, relative_y_value);
@@ -146,6 +144,7 @@
      std::chrono::nanoseconds const timestamp = std::chrono::nanoseconds(39);
      NiceMock<MockSurfaceObserver> surface_observer;
      std::weak_ptr<ms::Surface> shell_surface;
++    std::vector<uint8_t> cookie;
  };
  MATCHER_P(WidthEq, value, "")
 === modified file 'tests/acceptance-tests/test_surface_placement.cpp'
 --- tests/acceptance-tests/test_surface_placement.cpp	2016-01-20 23:59:18 +0000
 +++ tests/acceptance-tests/test_surface_placement.cpp	2016-01-25 13:42:04 +0000
@@ -127,12 +127,11 @@
          auto const hscroll_value = 0.0;
          auto const vscroll_value = 0.0;
          auto const action = mir_pointer_action_button_down;
--        auto const mac = 0;
          auto const relative_x_value = 0.0;
          auto const relative_y_value = 0.0;
--        auto const click_event = mev::make_event(device_id, std::chrono::nanoseconds(1), mac, modifiers,
++        auto const click_event = mev::make_event(device_id, std::chrono::nanoseconds(1), std::vector<uint8_t>{}, modifiers,
              action, depressed_buttons, x_axis_value, y_axis_value, hscroll_value,
              vscroll_value, relative_x_value, relative_y_value);
 === modified file 'tests/acceptance-tests/test_surface_raise.cpp'
 --- tests/acceptance-tests/test_surface_raise.cpp	2015-11-30 21:08:18 +0000
 +++ tests/acceptance-tests/test_surface_raise.cpp	2016-01-25 13:42:04 +0000
@@ -1,5 +1,5 @@
  /*
-- * Copyright © 2015 Canonical Ltd.
++ * Copyright © 2015-2016 Canonical Ltd.
+  *
   * This program is free software: you can redistribute it and/or modify
   * it under the terms of the GNU General Public License version 3 as
@@ -24,7 +24,7 @@
  #include "mir_test_framework/any_surface.h"
  #include "mir/test/wait_condition.h"
  #include "mir/test/spin_wait.h"
--#include "mir/cookie_factory.h"
++#include "mir/cookie/authority.h"
  #include "mir_toolkit/mir_client_library.h"
@@ -33,6 +33,8 @@
  #include <gtest/gtest.h>
  #include <gmock/gmock.h>
++#include <mutex>
++
  namespace mtf = mir_test_framework;
  namespace mt = mir::test;
  namespace mi = mir::input;
@@ -42,7 +44,6 @@
+ {
  std::chrono::seconds const max_wait{4};
  void cookie_capturing_callback(MirSurface* surface, MirEvent const* ev, void* ctx);
--void lifecycle_changed(MirConnection* /* connection */, MirLifecycleState state, void* ctx);
+ }
  struct RaiseSurfaces : mtf::ConnectedClientHeadlessServer
@@ -77,17 +78,14 @@
              std::chrono::seconds{max_wait});
          EXPECT_TRUE(surface_fullscreen);
--
--        mir_connection_set_lifecycle_event_callback(connection, lifecycle_changed, this);
+     }
      MirSurface* surface1;
      MirSurface* surface2;
--    std::vector<MirCookie> key_cookies;
--    std::vector<MirCookie> pointer_cookies;
--
--    MirLifecycleState lifecycle_state{mir_lifecycle_state_resumed};
++    std::vector<std::vector<uint8_t>> out_cookies;
++    size_t event_count{0};
++    mutable std::mutex mutex;
      std::unique_ptr<mtf::FakeInputDevice> fake_keyboard{
          mtf::add_fake_input_device(mi::InputDeviceInfo{"keyboard", "keyboard-uid", mi::DeviceCapability::keyboard})
@@ -99,23 +97,41 @@
  namespace
+ {
--// FIXME Removing the public API calls for the mir cookie, fix coming in 0.19
--void cookie_capturing_callback(MirSurface* /*surface*/, MirEvent const* /*ev*/, void* /*ctx*/)
--{
--}
--
--void lifecycle_changed(MirConnection* /*connection*/, MirLifecycleState state, void* ctx)
--{
--    auto client = reinterpret_cast<RaiseSurfaces*>(ctx);
--    client->lifecycle_state = state;
--}
--
--bool wait_for_n_events(size_t n, std::vector<MirCookie>& cookies)
++
++void cookie_capturing_callback(MirSurface* /*surface*/, MirEvent const* ev, void* ctx)
++{
++    auto const event_type = mir_event_get_type(ev);
++    auto raise_surfaces = static_cast<RaiseSurfaces*>(ctx);
++
++    if (event_type == mir_event_type_input)
++    {
++        auto const* iev = mir_event_get_input_event(ev);
++
++        std::lock_guard<std::mutex> lk(raise_surfaces->mutex);
++        if (mir_input_event_has_cookie(iev))
++        {
++            auto cookie = mir_input_event_get_cookie(iev);
++            size_t size = mir_cookie_buffer_size(cookie);
++
++            std::vector<uint8_t> cookie_bytes(size);
++            mir_cookie_to_buffer(cookie, cookie_bytes.data(), size);
++
++            mir_cookie_release(cookie);
++
++            raise_surfaces->out_cookies.push_back(cookie_bytes);
++        }
++
++        raise_surfaces->event_count++;
++    }
++}
++
++bool wait_for_n_events(size_t n, RaiseSurfaces const* raise_surfaces)
+ {
      bool all_events = mt::spin_wait_for_condition_or_timeout(
--        [&n, &cookies]
++        [&n, &raise_surfaces]
+         {
--            return cookies.size() >= n;
++            std::lock_guard<std::mutex> lk(raise_surfaces->mutex);
++            return raise_surfaces->event_count >= n;
          },
          std::chrono::seconds{max_wait});
@@ -123,30 +139,55 @@
     return all_events;
+ }
--}
--
--// FIXME Removing the public API calls for the mir cookie, fix coming in 0.19
--TEST_F(RaiseSurfaces, DISABLED_key_event_with_cookie)
++bool attempt_focus(MirSurface* surface, MirCookie const* cookie)
++{
++    mir_surface_raise(surface, cookie);
++    bool surface_becomes_focused = mt::spin_wait_for_condition_or_timeout(
++        [&surface]
++        {
++            return mir_surface_get_focus(surface) == mir_surface_focused;
++        },
++        std::chrono::seconds{max_wait});
++
++    return surface_becomes_focused;
++}
++
++}
++
++TEST_F(RaiseSurfaces, key_event_with_cookie)
+ {
      fake_keyboard->emit_event(mis::a_key_down_event().of_scancode(KEY_M));
--    if (wait_for_n_events(1, key_cookies))
++
++    int events = 1;
++    if (wait_for_n_events(events, this))
+     {
++        std::lock_guard<std::mutex> lk(mutex);
++        ASSERT_FALSE(out_cookies.empty());
          EXPECT_EQ(mir_surface_get_focus(surface2), mir_surface_focused);
--        // EXPECT_TRUE attempt_focus surface2 key_cookies.back()
++
++        MirCookie const* cookie = mir_cookie_from_buffer(out_cookies.back().data(), out_cookies.back().size());
++        attempt_focus(surface2, cookie);
++
++        mir_cookie_release(cookie);
+     }
+ }
--// FIXME Removing the public API calls for the mir cookie, fix coming in 0.19
--TEST_F(RaiseSurfaces, DISABLED_older_timestamp_does_not_focus)
++TEST_F(RaiseSurfaces, older_timestamp_does_not_focus)
+ {
      fake_keyboard->emit_event(mis::a_key_down_event().of_scancode(KEY_M));
      fake_keyboard->emit_event(mis::a_key_up_event().of_scancode(KEY_M));
--    if (wait_for_n_events(2, key_cookies))
++
++    int events = 2;
++    if (wait_for_n_events(events, this))
+     {
--        EXPECT_TRUE(key_cookies.front().timestamp < key_cookies.back().timestamp);
++        std::lock_guard<std::mutex> lk(mutex);
++        ASSERT_FALSE(out_cookies.empty());
          EXPECT_EQ(mir_surface_get_focus(surface2), mir_surface_focused);
--        // mir_surface_raise_with_cookie
++        MirCookie const* cookie = mir_cookie_from_buffer(out_cookies.front().data(), out_cookies.front().size());
++        mir_surface_raise(surface1, cookie);
++
++        mir_cookie_release(cookie);
          // Need to wait for this call to actually go through
          std::this_thread::sleep_for(std::chrono::milliseconds{1000});
@@ -154,33 +195,21 @@
+     }
+ }
--// FIXME Removing the public API calls for the mir cookie, fix coming in 0.19
--TEST_F(RaiseSurfaces, DISABLED_motion_events_dont_prevent_raise)
++TEST_F(RaiseSurfaces, motion_events_dont_prevent_raise)
+ {
      fake_keyboard->emit_event(mis::a_key_down_event().of_scancode(KEY_M));
      fake_keyboard->emit_event(mis::a_key_up_event().of_scancode(KEY_M));
--    if (wait_for_n_events(2, key_cookies))
++    if (wait_for_n_events(2, this))
+     {
          fake_pointer->emit_event(mis::a_pointer_event().with_movement(1, 1));
--        if (wait_for_n_events(1, pointer_cookies))
++        if (wait_for_n_events(1, this))
+         {
++            std::lock_guard<std::mutex> lk(mutex);
++            ASSERT_FALSE(out_cookies.empty());
              EXPECT_EQ(mir_surface_get_focus(surface2), mir_surface_focused);
--            // EXPECT_TRUE attempt_focus surface1 key_cookies.back()
++            MirCookie const* cookie = mir_cookie_from_buffer(out_cookies.back().data(), out_cookies.back().size());
++            EXPECT_TRUE(attempt_focus(surface1, cookie));
++            mir_cookie_release(cookie);
+         }
+     }
+ }
--
--// FIXME Removing the public API calls for the mir cookie, fix coming in 0.19
--TEST_F(RaiseSurfaces, DISABLED_client_connection_close_invalid_cookie)
--{
--    // mir_surface_raise_with_cookie
--
--    bool connection_close = mt::spin_wait_for_condition_or_timeout(
--        [this]
--        {
--            return lifecycle_state == mir_lifecycle_connection_lost;
--        },
--        std::chrono::seconds{max_wait});
--
--    EXPECT_TRUE(connection_close);
--}
 === modified file 'tests/acceptance-tests/test_surface_specification.cpp'
 --- tests/acceptance-tests/test_surface_specification.cpp	2016-01-20 23:59:18 +0000
 +++ tests/acceptance-tests/test_surface_specification.cpp	2016-01-25 13:42:04 +0000
@@ -116,11 +116,10 @@
          auto const hscroll_value = 0.0;
          auto const vscroll_value = 0.0;
          auto const action = mir_pointer_action_button_down;
--        auto const mac = 0;
          auto const relative_x_value = 0.0;
          auto const relative_y_value = 0.0;
--        auto const click_event = mev::make_event(device_id, timestamp, mac, modifiers,
++        auto const click_event = mev::make_event(device_id, timestamp, cookie, modifiers,
                                                   action, mir_pointer_button_tertiary,
                                                   x_axis_value, y_axis_value,
                                                   hscroll_value, vscroll_value,
@@ -138,11 +137,10 @@
          auto const hscroll_value = 0.0;
          auto const vscroll_value = 0.0;
          auto const action = mir_pointer_action_motion;
--        auto const mac = 0;
          auto const relative_x_value = 0.0;
          auto const relative_y_value = 0.0;
--        auto const drag_event = mev::make_event(device_id, timestamp, mac, modifiers,
++        auto const drag_event = mev::make_event(device_id, timestamp, cookie, modifiers,
                                                  action, mir_pointer_button_tertiary,
                                                  x_axis_value, y_axis_value,
                                                  hscroll_value, vscroll_value,
@@ -172,6 +170,7 @@
  private:
      std::shared_ptr<mtd::WrapShellToTrackLatestSurface> shell;
      mt::Signal signal_change;
++    std::vector<uint8_t> cookie;
      void init_pixel_format()
+     {
 === modified file 'tests/include/mir/test/doubles/mock_shell.h'
 --- tests/include/mir/test/doubles/mock_shell.h	2016-01-20 23:59:18 +0000
 +++ tests/include/mir/test/doubles/mock_shell.h	2016-01-25 13:42:04 +0000
@@ -70,7 +70,7 @@
      MOCK_METHOD3(get_surface_attribute, int(std::shared_ptr<frontend::Session> const& session,
          frontend::SurfaceId surface_id, MirSurfaceAttrib attrib));
--    MOCK_METHOD3(raise_surface_with_timestamp, void(std::shared_ptr<frontend::Session> const& session,
++    MOCK_METHOD3(raise_surface, void(std::shared_ptr<frontend::Session> const& session,
          frontend::SurfaceId surface_id, uint64_t timestamp));
  };
 === modified file 'tests/include/mir/test/doubles/stub_display_server.h'
 --- tests/include/mir/test/doubles/stub_display_server.h	2016-01-20 23:59:18 +0000
 +++ tests/include/mir/test/doubles/stub_display_server.h	2016-01-25 13:42:04 +0000
@@ -134,7 +134,7 @@
          mir::protobuf::StreamConfiguration const* /*request*/,
          mir::protobuf::Void* /*response*/,
          google::protobuf::Closure* /*done*/) {}
--    void raise_surface_with_cookie(
++    void raise_surface(
          mir::protobuf::RaiseRequest const* /*request*/,
          mir::protobuf::Void* /*response*/,
          google::protobuf::Closure* /*done*/) {}
 === modified file 'tests/integration-tests/CMakeLists.txt'
 --- tests/integration-tests/CMakeLists.txt	2016-01-20 23:59:18 +0000
 +++ tests/integration-tests/CMakeLists.txt	2016-01-25 13:42:04 +0000
@@ -6,6 +6,7 @@
    ${CMAKE_CURRENT_BINARY_DIR}
    ${PROJECT_SOURCE_DIR}/include/cookie
    ${PROJECT_SOURCE_DIR}/src/include/platform
++  ${PROJECT_SOURCE_DIR}/src/include/cookie
    ${PROJECT_SOURCE_DIR}/src/include/common
    ${PROJECT_SOURCE_DIR}/src/include/server
    ${PROJECT_SOURCE_DIR}/src/include/client
 === modified file 'tests/integration-tests/input/test_single_seat_setup.cpp'
 --- tests/integration-tests/input/test_single_seat_setup.cpp	2016-01-11 10:23:20 +0000
 +++ tests/integration-tests/input/test_single_seat_setup.cpp	2016-01-25 13:42:04 +0000
@@ -27,7 +27,7 @@
  #include "mir/test/fake_shared.h"
  #include "mir/dispatch/multiplexing_dispatchable.h"
--#include "mir/cookie_factory.h"
++#include "mir/cookie/authority.h"
  #include "mir/input/cursor_listener.h"
  #include "mir/input/device.h"
@@ -67,13 +67,13 @@
      mtd::TriggeredMainLoop observer_loop;
      NiceMock<mtd::MockInputDispatcher> mock_dispatcher;
      NiceMock<mtd::MockInputRegion> mock_region;
--    std::shared_ptr<mir::cookie::CookieFactory> cookie_factory = mir::cookie::CookieFactory::create_keeping_secret();
++    std::shared_ptr<mir::cookie::Authority> cookie_authority = mir::cookie::Authority::create();
      NiceMock<MockCursorListener> mock_cursor_listener;
      NiceMock<MockTouchVisualizer> mock_visualizer;
      mir::dispatch::MultiplexingDispatchable multiplexer;
      mi::DefaultInputDeviceHub hub{mt::fake_shared(mock_dispatcher), mt::fake_shared(multiplexer),
                                    mt::fake_shared(observer_loop), mt::fake_shared(mock_visualizer),
--                                  mt::fake_shared(mock_cursor_listener), mt::fake_shared(mock_region), cookie_factory};
++                                  mt::fake_shared(mock_cursor_listener), mt::fake_shared(mock_region), cookie_authority};
      NiceMock<mtd::MockInputDeviceObserver> mock_observer;
      NiceMock<mtd::MockInputDevice> device{"device","dev-1", mi::DeviceCapability::unknown};
      NiceMock<mtd::MockInputDevice> another_device{"another_device","dev-2", mi::DeviceCapability::keyboard};
 === modified file 'tests/mir_test_doubles/CMakeLists.txt'
 --- tests/mir_test_doubles/CMakeLists.txt	2016-01-20 23:59:18 +0000
 +++ tests/mir_test_doubles/CMakeLists.txt	2016-01-25 13:42:04 +0000
@@ -4,6 +4,7 @@
    ${PROJECT_SOURCE_DIR}/src/include/common
    ${PROJECT_SOURCE_DIR}/src/include/server
    ${PROJECT_SOURCE_DIR}/src/include/client
++  ${PROJECT_SOURCE_DIR}/src/include/cookie
      ${Boost_INCLUDE_DIRS}
      ${CMAKE_SOURCE_DIR}
 === modified file 'tests/unit-tests/CMakeLists.txt'
 --- tests/unit-tests/CMakeLists.txt	2016-01-20 23:59:18 +0000
 +++ tests/unit-tests/CMakeLists.txt	2016-01-25 13:42:04 +0000
@@ -26,6 +26,7 @@
    ${UMOCKDEV_INCLUDE_DIRS}
    ${PROJECT_SOURCE_DIR}/include/cookie
++  ${PROJECT_SOURCE_DIR}/src/include/cookie
    ${PROJECT_SOURCE_DIR}/src/include/platform
    ${PROJECT_SOURCE_DIR}/src/include/server
    ${PROJECT_SOURCE_DIR}/src/include/client
 === modified file 'tests/unit-tests/client/input/test_android_input_receiver.cpp'
 --- tests/unit-tests/client/input/test_android_input_receiver.cpp	2016-01-20 23:59:18 +0000
 +++ tests/unit-tests/client/input/test_android_input_receiver.cpp	2016-01-25 13:42:04 +0000
@@ -69,7 +69,7 @@
                                           testing_key_event_scan_code,
 /* meta_state */,
 /* repeat_count */,
--                                         0 /* mac */,
++                                         {{}} /* mac */,
                                           std::chrono::nanoseconds(0) /* down_time */,
                                           std::chrono::nanoseconds(0) /* event_time */);
+     }
@@ -96,7 +96,7 @@
 /* y_offset */,
 /* x_precision */,
 /* y_precision */,
--                                            0 /* mac */,
++                                            {{}} /* mac */,
                                              std::chrono::nanoseconds(0) /* down_time */,
                                              t,
                                              default_pointer_count,
 === modified file 'tests/unit-tests/client/input/test_xkb_mapper.cpp'
 --- tests/unit-tests/client/input/test_xkb_mapper.cpp	2016-01-20 23:59:18 +0000
 +++ tests/unit-tests/client/input/test_xkb_mapper.cpp	2016-01-25 13:42:04 +0000
@@ -35,8 +35,7 @@
  static int map_key(mircv::XKBMapper &mapper, MirKeyboardAction action, int scan_code)
+ {
--    auto mac = 0;
--    auto ev = mev::make_event(MirInputDeviceId(0), std::chrono::nanoseconds(0), mac, action,
++    auto ev = mev::make_event(MirInputDeviceId(0), std::chrono::nanoseconds(0), std::vector<uint8_t>{}, action,
 , scan_code, mir_input_event_modifier_none);
      mapper.update_state_and_map_event(*ev);
 === modified file 'tests/unit-tests/frontend/test_event_sender.cpp'
 --- tests/unit-tests/frontend/test_event_sender.cpp	2016-01-20 23:59:18 +0000
 +++ tests/unit-tests/frontend/test_event_sender.cpp	2016-01-25 13:42:04 +0000
@@ -168,8 +168,7 @@
+ {
      using namespace testing;
--    auto mac = 0;
--    auto ev = mev::make_event(MirInputDeviceId(), std::chrono::nanoseconds(0), mac, MirKeyboardAction(),
++    auto ev = mev::make_event(MirInputDeviceId(), std::chrono::nanoseconds(0), std::vector<uint8_t>{}, MirKeyboardAction(),
 , 0, MirInputEventModifiers());
      EXPECT_CALL(mock_msg_sender, send(_, _, _))
 === modified file 'tests/unit-tests/frontend/test_session_mediator.cpp'
 --- tests/unit-tests/frontend/test_session_mediator.cpp	2016-01-20 23:59:18 +0000
 +++ tests/unit-tests/frontend/test_session_mediator.cpp	2016-01-25 13:42:04 +0000
@@ -59,8 +59,7 @@
  #include "mir/test/signal.h"
  #include "mir/frontend/connector.h"
  #include "mir/frontend/event_sink.h"
--#include "mir/frontend/security_check_failed.h"
--#include "mir/cookie_factory.h"
++#include "mir/cookie/authority.h"
  #include "mir_protobuf.pb.h"
  #include "mir_protobuf_wire.pb.h"
@@ -232,7 +231,7 @@
              std::make_shared<mtd::NullMessageSender>(),
              resource_cache, stub_screencast, &connector, nullptr, nullptr,
              std::make_shared<mtd::NullANRDetector>(),
--            mir::cookie::CookieFactory::create_keeping_secret()}
++            mir::cookie::Authority::create()}
+     {
          using namespace ::testing;
@@ -257,7 +256,7 @@
              resource_cache, std::make_shared<mtd::NullScreencast>(),
              nullptr, nullptr, nullptr,
              std::make_shared<mtd::NullANRDetector>(),
--            mir::cookie::CookieFactory::create_keeping_secret());
++            mir::cookie::Authority::create());
+     }
      MockConnector connector;
@@ -311,7 +310,7 @@
          std::make_shared<mtd::NullMessageSender>(),
          resource_cache, stub_screencast, context, nullptr, nullptr,
          std::make_shared<mtd::NullANRDetector>(),
--        mir::cookie::CookieFactory::create_keeping_secret()};
++        mir::cookie::Authority::create()};
      EXPECT_THAT(connects_handled_count, Eq(0));
@@ -855,7 +854,7 @@
          std::make_shared<mtd::NullMessageSender>(),
          mt::fake_shared(mock_cache), stub_screencast, &connector, nullptr, nullptr,
          std::make_shared<mtd::NullANRDetector>(),
--        mir::cookie::CookieFactory::create_keeping_secret()};
++        mir::cookie::Authority::create()};
      mediator.connect(&connect_parameters, &connection, null_callback.get());
      mediator.create_surface(&surface_parameters, &surface_response, null_callback.get());
@@ -969,7 +968,7 @@
          nullptr,
          nullptr,
          std::make_shared<mtd::NullANRDetector>(),
--        mir::cookie::CookieFactory::create_keeping_secret()};
++        mir::cookie::Authority::create()};
      mp::Void null;
      mp::BufferRequest request;
@@ -1060,7 +1059,7 @@
          std::make_shared<mtd::NullMessageSender>(),
          resource_cache, stub_screencast, nullptr, nullptr, nullptr,
          std::make_shared<mtd::NullANRDetector>(),
--        mir::cookie::CookieFactory::create_keeping_secret()};
++        mir::cookie::Authority::create()};
      mp::Void null;
      mp::BufferRequest request;
@@ -1204,7 +1203,7 @@
          mock_sender,
          resource_cache, stub_screencast, nullptr, nullptr, nullptr,
          std::make_shared<mtd::NullANRDetector>(),
--        mir::cookie::CookieFactory::create_keeping_secret()};
++        mir::cookie::Authority::create()};
      ON_CALL(*shell, create_surface( _, _, _))
          .WillByDefault(
@@ -1308,6 +1307,6 @@
      mediator.connect(&connect_parameters, &connection, null_callback.get());
      EXPECT_THROW({
--        mediator.raise_surface_with_cookie(&raise_request, &void_response, null_callback.get());
--    }, mir::SecurityCheckFailed);
++        mediator.raise_surface(&raise_request, &void_response, null_callback.get());
++    }, mir::cookie::SecurityCheckError);
+ }
 === modified file 'tests/unit-tests/input/android/test_android_input_lexicon.cpp'
 --- tests/unit-tests/input/android/test_android_input_lexicon.cpp	2016-01-20 23:59:18 +0000
 +++ tests/unit-tests/input/android/test_android_input_lexicon.cpp	2016-01-25 13:42:04 +0000
@@ -17,6 +17,7 @@
   */
  #include "mir/input/android/android_input_lexicon.h"
++#include "mir/cookie/blob.h"
  #include <androidfw/Input.h>
@@ -39,13 +40,13 @@
      const int32_t scan_code = 6;
      const int32_t meta_state = AMETA_ALT_ON;
      const int32_t repeat_count = 0;
--    const uint64_t mac = 11;
++    const mir::cookie::Blob cookie{{14}};
      auto const down_time = std::chrono::nanoseconds(9);
      auto const event_time = std::chrono::nanoseconds(10);
      android_key_ev->initialize(device_id, source_id, action, flags, key_code,
                                 scan_code, meta_state, repeat_count,
--                               mac, down_time, event_time);
++                               cookie, down_time, event_time);
      auto mir_ev = mia::Lexicon::translate(android_key_ev);
@@ -62,8 +63,6 @@
      EXPECT_EQ(key_code, mir_keyboard_event_key_code(kev));
      EXPECT_EQ(scan_code, mir_keyboard_event_scan_code(kev));
--    // FIXME Test the mac value once the public API has landed in 0.19
--
      delete android_key_ev;
+ }
@@ -84,7 +83,7 @@
      const float y_offset = 9;
      const float x_precision = 10;
      const float y_precision = 11;
--    const uint64_t mac = 14;
++    const mir::cookie::Blob cookie{{14}};
      auto const down_time = std::chrono::nanoseconds(12);
      auto const event_time = std::chrono::nanoseconds(13);
      const size_t pointer_count = 1;
@@ -115,7 +114,7 @@
      android_motion_ev->initialize(device_id, source_id, action, flags, edge_flags,
                                    meta_state, button_state, x_offset, y_offset,
--                                  x_precision, y_precision, mac, down_time,
++                                  x_precision, y_precision, cookie, down_time,
                                    event_time, pointer_count, &pointer_properties, &pointer_coords);
      auto mir_ev = mia::Lexicon::translate(android_motion_ev);
@@ -130,7 +129,6 @@
      auto tev = mir_input_event_get_touch_event(iev);
      EXPECT_EQ(pointer_count, mir_touch_event_point_count(tev));
--    // FIXME Test the mac value once the public API has landed in 0.19
      EXPECT_EQ(pointer_id, mir_touch_event_id(tev, 0));
      // Notice these two coordinates are offset by x/y offset
@@ -161,7 +159,7 @@
      const float y_offset = 9;
      const float x_precision = 10;
      const float y_precision = 11;
--    const uint64_t mac = 14;
++    const mir::cookie::Blob cookie{{14}};
      const std::chrono::nanoseconds down_time = std::chrono::nanoseconds(12);
      const std::chrono::nanoseconds event_time = std::chrono::nanoseconds(13);
      const size_t pointer_count = 2;
@@ -203,7 +201,7 @@
      android_motion_ev->initialize(device_id, source_id, action, flags,
                                    edge_flags, meta_state, 0,
                                    x_offset, y_offset, x_precision, y_precision,
--                                  mac, down_time, event_time, pointer_count,
++                                  cookie, down_time, event_time, pointer_count,
                                    pointer_properties, pointer_coords);
      auto mir_ev = mia::Lexicon::translate(android_motion_ev);
@@ -218,7 +216,6 @@
      auto tev = mir_input_event_get_touch_event(iev);
      EXPECT_EQ(pointer_count, mir_touch_event_point_count(tev));
--    // FIXME Test the mac value once the public API has landed in 0.19
      for (unsigned i = 0; i < pointer_count; i++)
+     {
 === modified file 'tests/unit-tests/input/android/test_android_input_sender.cpp'
 --- tests/unit-tests/input/android/test_android_input_sender.cpp	2016-01-20 23:59:18 +0000
 +++ tests/unit-tests/input/android/test_android_input_sender.cpp	2016-01-25 13:42:04 +0000
@@ -31,11 +31,13 @@
  #include "mir/test/fake_shared.h"
  #include "mir/test/event_matchers.h"
++
  #include "androidfw/Input.h"
  #include "androidfw/InputTransport.h"
  #include "mir/input/input_report.h"
--#include "mir/cookie_factory.h"
++#include "mir/cookie/authority.h"
++#include "mir/cookie/blob.h"
  #include <gtest/gtest.h>
  #include <gmock/gmock.h>
@@ -89,15 +91,6 @@
      std::shared_ptr<ms::Observer> observer;
  };
--
--class StubCookieFactory : public mir::cookie::CookieFactory
--{
--public:
--    MirCookie timestamp_to_cookie(uint64_t const&) override { return {0, 0};}
--    bool attest_timestamp(MirCookie const&) override {return true;}
--    StubCookieFactory() = default;
--};
--
+ }
  class AndroidInputSender : public ::testing::Test
@@ -113,11 +106,13 @@
      float const minor = 4;
      float const size = 8;
      mir::geometry::Displacement const movement{10, -10};
--    StubCookieFactory cookie_factory;
--    mi::DefaultEventBuilder builder{MirInputDeviceId(), mt::fake_shared(cookie_factory)};
++    std::shared_ptr<mir::cookie::Authority> const cookie_authority;
++    mi::DefaultEventBuilder builder;
      AndroidInputSender()
--        : key_event(builder.key_event(std::chrono::nanoseconds(1), mir_keyboard_action_down, 7, test_scan_code)),
++        : cookie_authority(mir::cookie::Authority::create_from({0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88})),
++          builder(MirInputDeviceId(), cookie_authority),
++          key_event(builder.key_event(std::chrono::nanoseconds(1), mir_keyboard_action_down, 7, test_scan_code)),
            motion_event(builder.touch_event(std::chrono::nanoseconds(-1))),
            pointer_event(builder.pointer_event(std::chrono::nanoseconds(123), mir_pointer_action_motion,
                                          mir_pointer_button_primary, 0.0f, 0.0f,
 === modified file 'tests/unit-tests/input/evdev/test_libinput_device.cpp'
 --- tests/unit-tests/input/evdev/test_libinput_device.cpp	2016-01-21 22:09:00 +0000
 +++ tests/unit-tests/input/evdev/test_libinput_device.cpp	2016-01-25 13:42:04 +0000
@@ -31,7 +31,7 @@
  #include "mir/test/doubles/mock_libinput.h"
  #include "mir/test/gmock_fixes.h"
  #include "mir/udev/wrapper.h"
--#include "mir/cookie_factory.h"
++#include "mir/cookie/authority.h"
  #include "mir_test_framework/udev_environment.h"
  #include <gmock/gmock.h>
@@ -74,8 +74,8 @@
  struct MockEventBuilder : mi::EventBuilder
+ {
--    std::shared_ptr<mir::cookie::CookieFactory> const cookie_factory = mir::cookie::CookieFactory::create_keeping_secret();
--    mi::DefaultEventBuilder builder{MirInputDeviceId{3}, cookie_factory};
++    std::shared_ptr<mir::cookie::Authority> const cookie_authority = mir::cookie::Authority::create();
++    mi::DefaultEventBuilder builder{MirInputDeviceId{3}, cookie_authority};
      MockEventBuilder()
+     {
          ON_CALL(*this, key_event(_,_,_,_))
 === modified file 'tests/unit-tests/input/test_default_input_device_hub.cpp'
 --- tests/unit-tests/input/test_default_input_device_hub.cpp	2016-01-20 23:59:18 +0000
 +++ tests/unit-tests/input/test_default_input_device_hub.cpp	2016-01-25 13:42:04 +0000
@@ -28,11 +28,11 @@
  #include "mir/test/event_matchers.h"
  #include "mir/test/fake_shared.h"
--#include "mir/cookie_factory.h"
  #include "mir/dispatch/action_queue.h"
  #include "mir/dispatch/multiplexing_dispatchable.h"
  #include "mir/events/event_builders.h"
  #include "mir/input/cursor_listener.h"
++#include "mir/cookie/authority.h"
  #include "mir/input/device.h"
  #include "mir/input/input_device.h"
@@ -54,13 +54,13 @@
      mtd::TriggeredMainLoop observer_loop;
      Nice<mtd::MockInputDispatcher> mock_dispatcher;
      Nice<mtd::MockInputRegion> mock_region;
--    std::shared_ptr<mir::cookie::CookieFactory> cookie_factory = mir::cookie::CookieFactory::create_keeping_secret();
++    std::shared_ptr<mir::cookie::Authority> cookie_authority = mir::cookie::Authority::create();
      mtd::StubCursorListener stub_cursor_listener;
      mtd::StubTouchVisualizer stub_visualizer;
      mir::dispatch::MultiplexingDispatchable multiplexer;
      mi::DefaultInputDeviceHub hub{mt::fake_shared(mock_dispatcher), mt::fake_shared(multiplexer),
                                    mt::fake_shared(observer_loop), mt::fake_shared(stub_visualizer),
--                                  mt::fake_shared(stub_cursor_listener), mt::fake_shared(mock_region), cookie_factory};
++                                  mt::fake_shared(stub_cursor_listener), mt::fake_shared(mock_region), cookie_authority};
      Nice<mtd::MockInputDeviceObserver> mock_observer;
      Nice<mtd::MockInputDevice> device{"device","dev-1", mi::DeviceCapability::unknown};
      Nice<mtd::MockInputDevice> another_device{"another_device","dev-2", mi::DeviceCapability::keyboard};
 === modified file 'tests/unit-tests/input/test_event_builders.cpp'
 --- tests/unit-tests/input/test_event_builders.cpp	2016-01-20 23:59:18 +0000
 +++ tests/unit-tests/input/test_event_builders.cpp	2016-01-25 13:42:04 +0000
@@ -29,7 +29,7 @@
+ {
      MirInputDeviceId const device_id = 7;
      std::chrono::nanoseconds const timestamp = std::chrono::nanoseconds(39);
--    uint64_t const mac = 12;
++    std::vector<uint8_t> const cookie{};
      MirInputEventModifiers const modifiers = mir_input_event_modifier_meta;
  };
+ }
@@ -41,7 +41,7 @@
      int const scan_code = 17;
     auto ev = mev::make_event(device_id, timestamp,
--       mac, action, key_code, scan_code, modifiers);
++       cookie, action, key_code, scan_code, modifiers);
     auto e = ev.get();
     EXPECT_EQ(mir_event_type_input, mir_event_get_type(e));
@@ -52,7 +52,6 @@
     EXPECT_EQ(key_code, mir_keyboard_event_key_code(kev));
     EXPECT_EQ(scan_code, mir_keyboard_event_scan_code(kev));
     EXPECT_EQ(modifiers, mir_keyboard_event_modifiers(kev));
--   // FIXME Test the mac value once the public API has landed in 0.19
+ }
  TEST_F(InputEventBuilder, makes_valid_touch_event)
@@ -69,7 +68,7 @@
      float size_values[] = {4, 9, 6};
     auto ev = mev::make_event(device_id, timestamp,
--       mac, modifiers);
++       cookie, modifiers);
     for (unsigned i = 0; i < touch_count; i++)
+    {
         mev::add_touch(*ev, touch_ids[i], actions[i], tooltypes[i], x_axis_values[i], y_axis_values[i],
@@ -83,7 +82,6 @@
     auto tev = mir_input_event_get_touch_event(ie);
     EXPECT_EQ(modifiers, mir_touch_event_modifiers(tev));
     EXPECT_EQ(touch_count, mir_touch_event_point_count(tev));
--   // FIXME Test the mac value once the public API has landed in 0.19
     for (unsigned i = 0; i < touch_count; i++)
+    {
@@ -106,7 +104,7 @@
      float x_axis_value = 3.9, y_axis_value = 7.4, hscroll_value = .9, vscroll_value = .3;
      auto const relative_x_value = 0.0;
      auto const relative_y_value = 0.0;
--    auto ev = mev::make_event(device_id, timestamp, mac, modifiers,
++    auto ev = mev::make_event(device_id, timestamp, cookie, modifiers,
          action, depressed_buttons, x_axis_value, y_axis_value,
          hscroll_value, vscroll_value, relative_x_value, relative_y_value);
      auto e = ev.get();
@@ -117,7 +115,6 @@
      auto pev = mir_input_event_get_pointer_event(ie);
      EXPECT_EQ(modifiers, mir_pointer_event_modifiers(pev));
      EXPECT_EQ(action, mir_pointer_event_action(pev));
--    // FIXME Test the mac value once the public API has landed in 0.19
      EXPECT_TRUE(mir_pointer_event_button_state(pev, mir_pointer_button_back));
      EXPECT_TRUE(mir_pointer_event_button_state(pev, mir_pointer_button_tertiary));
      EXPECT_FALSE(mir_pointer_event_button_state(pev, mir_pointer_button_primary));
@@ -136,7 +133,7 @@
+ {
      MirTouchAction action =  mir_touch_action_down;
--    auto ev = mev::make_event(device_id, timestamp, mac, modifiers);
++    auto ev = mev::make_event(device_id, timestamp, cookie, modifiers);
      mev::add_touch(*ev, 0, action, mir_touch_tooltype_finger, 0, 0, 0, 0, 0, 0);
      auto e = ev.get();
@@ -152,7 +149,7 @@
+ {
      MirTouchAction action =  mir_touch_action_up;
--    auto ev = mev::make_event(device_id, timestamp, mac, modifiers);
++    auto ev = mev::make_event(device_id, timestamp, cookie, modifiers);
      mev::add_touch(*ev, 0, action, mir_touch_tooltype_finger, 0, 0, 0, 0, 0, 0);
      auto e = ev.get();
@@ -162,7 +159,6 @@
      auto tev = mir_input_event_get_touch_event(ie);
      EXPECT_EQ(action, mir_touch_event_action(tev, 0));
--    // FIXME Test the mac value once the public API has landed in 0.19
+ }
  TEST_F(InputEventBuilder, map_to_hover_if_no_button_pressed)
@@ -171,7 +167,7 @@
      auto const relative_x_value = 0.0;
      auto const relative_y_value = 0.0;
      MirPointerAction action = mir_pointer_action_motion;
--    auto ev = mev::make_event(device_id, timestamp, mac, modifiers,
++    auto ev = mev::make_event(device_id, timestamp, cookie, modifiers,
          action, 0, x_axis_value, y_axis_value,
          hscroll_value, vscroll_value, relative_x_value, relative_y_value);
      auto e = ev.get();
@@ -181,5 +177,4 @@
      auto pev = mir_input_event_get_pointer_event(ie);
      EXPECT_EQ(modifiers, mir_pointer_event_modifiers(pev));
      EXPECT_EQ(action, mir_pointer_event_action(pev));
--    // FIXME Test the mac value once the public API has landed in 0.19
+ }
 === modified file 'tests/unit-tests/input/test_event_filter_chain_dispatcher.cpp'
 --- tests/unit-tests/input/test_event_filter_chain_dispatcher.cpp	2016-01-20 23:59:18 +0000
 +++ tests/unit-tests/input/test_event_filter_chain_dispatcher.cpp	2016-01-25 13:42:04 +0000
@@ -43,7 +43,7 @@
  struct EventFilterChainDispatcher : public ::testing::Test
+ {
      mir::EventUPtr const event = mir::events::make_event(MirInputDeviceId(),
--        std::chrono::nanoseconds(0), 0, MirKeyboardAction(),
++        std::chrono::nanoseconds(0), std::vector<uint8_t>{}, MirKeyboardAction(),
          xkb_keysym_t(), 0, MirInputEventModifiers());
  };
+ }
 === modified file 'tests/unit-tests/input/test_key_repeat_dispatcher.cpp'
 --- tests/unit-tests/input/test_key_repeat_dispatcher.cpp	2016-01-20 23:59:18 +0000
 +++ tests/unit-tests/input/test_key_repeat_dispatcher.cpp	2016-01-25 13:42:04 +0000
@@ -22,7 +22,7 @@
  #include "mir/events/event_builders.h"
  #include "mir/time/alarm.h"
  #include "mir/time/alarm_factory.h"
--#include "mir/cookie_factory.h"
++#include "mir/cookie/authority.h"
  #include "mir/test/event_matchers.h"
  #include "mir/test/doubles/mock_input_dispatcher.h"
@@ -62,12 +62,12 @@
  struct KeyRepeatDispatcher : public testing::Test
+ {
      KeyRepeatDispatcher()
--        : dispatcher(mock_next_dispatcher, mock_alarm_factory, cookie_factory, true, repeat_time, repeat_delay)
++        : dispatcher(mock_next_dispatcher, mock_alarm_factory, cookie_authority, true, repeat_time, repeat_delay)
+     {
+     }
      std::shared_ptr<mtd::MockInputDispatcher> mock_next_dispatcher = std::make_shared<mtd::MockInputDispatcher>();
      std::shared_ptr<MockAlarmFactory> mock_alarm_factory = std::make_shared<MockAlarmFactory>();
--    std::shared_ptr<mir::cookie::CookieFactory> cookie_factory = mir::cookie::CookieFactory::create_keeping_secret();
++    std::shared_ptr<mir::cookie::Authority> cookie_authority = mir::cookie::Authority::create();
      std::chrono::milliseconds const repeat_time{2};
      std::chrono::milliseconds const repeat_delay{1};
      mi::KeyRepeatDispatcher dispatcher;
@@ -90,11 +90,11 @@
+ {
  mir::EventUPtr a_key_down_event()
+ {
--    return mev::make_event(0, std::chrono::nanoseconds(0), 0, mir_keyboard_action_down, 0, 0, mir_input_event_modifier_alt);
++    return mev::make_event(0, std::chrono::nanoseconds(0), std::vector<uint8_t>{}, mir_keyboard_action_down, 0, 0, mir_input_event_modifier_alt);
+ }
  mir::EventUPtr a_key_up_event()
+ {
--    return mev::make_event(0, std::chrono::nanoseconds(0), 0, mir_keyboard_action_up, 0, 0, mir_input_event_modifier_alt);
++    return mev::make_event(0, std::chrono::nanoseconds(0), std::vector<uint8_t>{}, mir_keyboard_action_up, 0, 0, mir_input_event_modifier_alt);
+ }
+ }
 === modified file 'tests/unit-tests/input/test_surface_input_dispatcher.cpp'
 --- tests/unit-tests/input/test_surface_input_dispatcher.cpp	2016-01-20 23:59:18 +0000
 +++ tests/unit-tests/input/test_surface_input_dispatcher.cpp	2016-01-25 13:42:04 +0000
@@ -138,12 +138,12 @@
+     }
      mir::EventUPtr press(int scan_code = 7)
+     {
--        return mev::make_event(id, std::chrono::nanoseconds(0), 0,
++        return mev::make_event(id, std::chrono::nanoseconds(0), std::vector<uint8_t>{},
  	    mir_keyboard_action_down, 0, scan_code, mir_input_event_modifier_alt);
+     }
      mir::EventUPtr release(int scan_code = 7)
+     {
--        return mev::make_event(id, std::chrono::nanoseconds(0), 0,
++        return mev::make_event(id, std::chrono::nanoseconds(0), std::vector<uint8_t>{},
  	    mir_keyboard_action_up, 0, scan_code, mir_input_event_modifier_alt);
+     }
      MirInputDeviceId const id;
@@ -159,7 +159,7 @@
      mir::EventUPtr move_to(geom::Point const& location)
+     {
--        return mev::make_event(id, std::chrono::nanoseconds(0), 0,
++        return mev::make_event(id, std::chrono::nanoseconds(0), std::vector<uint8_t>{},
 , mir_pointer_action_motion, buttons,
              location.x.as_int(), location.y.as_int(),
 , 0, 0, 0);
@@ -168,7 +168,7 @@
+     {
          buttons &= ~button;
--        return mev::make_event(id, std::chrono::nanoseconds(0), 0,
++        return mev::make_event(id, std::chrono::nanoseconds(0), std::vector<uint8_t>{},
 , mir_pointer_action_button_up, buttons,
              location.x.as_int(), location.y.as_int(),
 , 0, 0, 0);
@@ -177,7 +177,7 @@
+     {
          buttons |= button;
--        return mev::make_event(id, std::chrono::nanoseconds(0), 0,
++        return mev::make_event(id, std::chrono::nanoseconds(0), std::vector<uint8_t>{},
 , mir_pointer_action_button_down, buttons,
              location.x.as_int(), location.y.as_int(),
 , 0, 0, 0);
@@ -196,7 +196,7 @@
      mir::EventUPtr move_to(geom::Point const& point)
+     {
--        auto ev = mev::make_event(id, std::chrono::nanoseconds(0), 0, 0);
++        auto ev = mev::make_event(id, std::chrono::nanoseconds(0), std::vector<uint8_t>{}, 0);
          mev::add_touch(*ev, 0, mir_touch_action_change,
                         mir_touch_tooltype_finger, point.x.as_int(), point.y.as_int(),
                         touched ? 1.0 : 0.0,
@@ -209,7 +209,7 @@
+     {
          touched = true;
--        auto ev = mev::make_event(id, std::chrono::nanoseconds(0), 0, 0);
++        auto ev = mev::make_event(id, std::chrono::nanoseconds(0), std::vector<uint8_t>{}, 0);
          mev::add_touch(*ev, 0, mir_touch_action_down,
                         mir_touch_tooltype_finger, point.x.as_int(), point.y.as_int(),
 .0, 1.0, 1.0, 1.0);
@@ -219,7 +219,7 @@
+     {
          touched = true;
--        auto ev = mev::make_event(id, std::chrono::nanoseconds(0), 0, 0);
++        auto ev = mev::make_event(id, std::chrono::nanoseconds(0), std::vector<uint8_t>{}, 0);
          mev::add_touch(*ev, 0, mir_touch_action_down,
                         mir_touch_tooltype_finger, point1.x.as_int(), point1.y.as_int(),
 .0, 1.0, 1.0, 1.0);
@@ -232,7 +232,7 @@
+     {
          touched = false;
--        auto ev = mev::make_event(id, std::chrono::nanoseconds(0), 0, 0);
++        auto ev = mev::make_event(id, std::chrono::nanoseconds(0), std::vector<uint8_t>{}, 0);
          mev::add_touch(*ev, 0, mir_touch_action_up,
                         mir_touch_tooltype_finger, point.x.as_int(), point.y.as_int(),
 .0, 0.0, 0.0, 0.0);
@@ -242,7 +242,7 @@
+     {
          touched = false;
--        auto ev = mev::make_event(id, std::chrono::nanoseconds(0), 0, 0);
++        auto ev = mev::make_event(id, std::chrono::nanoseconds(0), std::vector<uint8_t>{}, 0);
          mev::add_touch(*ev, 0, mir_touch_action_up,
                         mir_touch_tooltype_finger, point1.x.as_int(), point1.y.as_int(),
 .0, 1.0, 1.0, 1.0);
 === modified file 'tests/unit-tests/input/test_validator.cpp'
 --- tests/unit-tests/input/test_validator.cpp	2016-01-20 23:59:18 +0000
 +++ tests/unit-tests/input/test_validator.cpp	2016-01-25 13:42:04 +0000
@@ -67,7 +67,7 @@
  mir::EventUPtr make_touch(MirTouchId id, MirTouchAction action)
+ {
      auto ev = mev::make_event(MirInputDeviceId(0), std::chrono::nanoseconds(0),
--                              0, mir_input_event_modifier_none);
++                              std::vector<uint8_t>{}, mir_input_event_modifier_none);
      add_another_touch(ev, id, action);
      return ev;
+ }
 === modified file 'tests/unit-tests/input/test_x11_platform.cpp'
 --- tests/unit-tests/input/test_x11_platform.cpp	2016-01-20 23:59:18 +0000
 +++ tests/unit-tests/input/test_x11_platform.cpp	2016-01-25 13:42:04 +0000
@@ -32,7 +32,7 @@
  #include "mir/test/doubles/mock_x11.h"
  #include "mir/test/doubles/mock_x11.h"
  #include "mir/test/fake_shared.h"
--#include "mir/cookie_factory.h"
++#include "mir/cookie/authority.h"
  #include "mir/test/event_matchers.h"
  namespace md = mir::dispatch;
@@ -51,7 +51,7 @@
      NiceMock<mtd::MockInputSink> mock_keyboard_sink;
      NiceMock<mtd::MockX11> mock_x11;
      NiceMock<mtd::MockInputDeviceRegistry> mock_registry;
--    mir::input::DefaultEventBuilder builder{0, mir::cookie::CookieFactory::create_keeping_secret()};
++    mir::input::DefaultEventBuilder builder{0, mir::cookie::Authority::create()};
      mir::input::X::XInputPlatform x11_platform{
          mt::fake_shared(mock_registry),
 === modified file 'tests/unit-tests/scene/test_abstract_shell.cpp'
 --- tests/unit-tests/scene/test_abstract_shell.cpp	2016-01-20 23:59:18 +0000
 +++ tests/unit-tests/scene/test_abstract_shell.cpp	2016-01-25 13:42:04 +0000
@@ -144,7 +144,7 @@
+     }
      std::chrono::nanoseconds const event_timestamp = std::chrono::nanoseconds(0);
--    uint64_t const mac = 0;
++    std::vector<uint8_t> const cookie;
  };
+ }
@@ -286,7 +286,7 @@
      auto const event = mir::events::make_event(
          mir_input_event_type_key,
          event_timestamp,
--        mac,
++        cookie,
          action,
          key_code,
          scan_code,
@@ -307,7 +307,7 @@
      auto const event = mir::events::make_event(
          mir_input_event_type_touch,
          event_timestamp,
--        mac,
++        cookie,
          modifiers);
      EXPECT_CALL(*wm, handle_touch_event(_))
@@ -333,7 +333,7 @@
      auto const event = mir::events::make_event(
          mir_input_event_type_pointer,
          event_timestamp,
--        mac,
++        cookie,
          modifiers,
          action,
          buttons_pressed,
 === modified file 'tests/unit-tests/scene/test_surface.cpp'
 --- tests/unit-tests/scene/test_surface.cpp	2016-01-20 23:59:18 +0000
 +++ tests/unit-tests/scene/test_surface.cpp	2016-01-25 13:42:04 +0000
@@ -407,9 +407,9 @@
          std::shared_ptr<mg::CursorImage>(),
          report);
--    auto key_event = mev::make_event(MirInputDeviceId(0), std::chrono::nanoseconds(0), 0,
++    auto key_event = mev::make_event(MirInputDeviceId(0), std::chrono::nanoseconds(0), std::vector<uint8_t>{},
                                       mir_keyboard_action_down, 0, 0, mir_input_event_modifier_none);
--    auto touch_event = mev::make_event(MirInputDeviceId(0), std::chrono::nanoseconds(0), 0,
++    auto touch_event = mev::make_event(MirInputDeviceId(0), std::chrono::nanoseconds(0), std::vector<uint8_t>{},
                                         mir_input_event_modifier_none);
      mev::add_touch(*touch_event, 0, mir_touch_action_down, mir_touch_tooltype_finger, 0, 0,
 , 0, 0, 0);
 === modified file 'tests/unit-tests/test_mir_cookie.cpp'
 --- tests/unit-tests/test_mir_cookie.cpp	2016-01-20 23:59:18 +0000
 +++ tests/unit-tests/test_mir_cookie.cpp	2016-01-25 13:42:04 +0000
@@ -16,94 +16,102 @@
   * Authored by: Christopher James Halse Rogers <christopher.halse.rogers@canonical.com>
   */
--#include "mir/cookie_factory.h"
++#include "mir/cookie/authority.h"
++#include "mir/cookie/cookie.h"
  #include <gtest/gtest.h>
  #include <gmock/gmock.h>
--TEST(MirCookieFactory, attests_real_timestamp)
++TEST(MirCookieAuthority, attests_real_timestamp)
+ {
      std::vector<uint8_t> secret{ 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0xde, 0x01 };
--    auto factory = mir::cookie::CookieFactory::create_from_secret(secret);
++    auto authority = mir::cookie::Authority::create_from(secret);
      uint64_t mock_timestamp{0x322322322332};
--    auto cookie = factory->timestamp_to_cookie(mock_timestamp);
--
--    EXPECT_TRUE(factory->attest_timestamp(cookie));
++    auto cookie = authority->make_cookie(mock_timestamp);
++    EXPECT_NO_THROW({
++        authority->make_cookie(cookie->serialize());
++    });
+ }
--TEST(MirCookieFactory, doesnt_attest_faked_timestamp)
++TEST(MirCookieAuthority, doesnt_attest_faked_mac)
+ {
      std::vector<uint8_t> secret{ 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0xde, 0x01 };
--    auto factory = mir::cookie::CookieFactory::create_from_secret(secret);
--
--    MirCookie bad_client_no_biscuit{ 0x33221100, 0x33221100 };
--
--    EXPECT_FALSE(factory->attest_timestamp(bad_client_no_biscuit));
++    auto authority = mir::cookie::Authority::create_from(secret);
++
++    std::vector<uint8_t> cookie{ 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0xde, 0x01 };
++
++    EXPECT_THROW({
++        authority->make_cookie(cookie);
++    }, mir::cookie::SecurityCheckError);
+ }
--TEST(MirCookieFactory, timestamp_trusted_with_different_secret_doesnt_attest)
++TEST(MirCookieAuthority, timestamp_trusted_with_different_secret_doesnt_attest)
+ {
      std::vector<uint8_t> alice{ 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0xde, 0x01 };
      std::vector<uint8_t> bob{ 0x01, 0x02, 0x44, 0xd8, 0xee, 0x0f, 0xde, 0x01 };
--    auto alices_factory = mir::cookie::CookieFactory::create_from_secret(alice);
--    auto bobs_factory   = mir::cookie::CookieFactory::create_from_secret(bob);
++    auto alices_authority = mir::cookie::Authority::create_from(alice);
++    auto bobs_authority   = mir::cookie::Authority::create_from(bob);
      uint64_t mock_timestamp{0x01020304};
--    auto alices_cookie = alices_factory->timestamp_to_cookie(mock_timestamp);
--    auto bobs_cookie = bobs_factory->timestamp_to_cookie(mock_timestamp);
++    EXPECT_THROW({
++        auto alices_cookie = alices_authority->make_cookie(mock_timestamp);
++        auto bobs_cookie   = bobs_authority->make_cookie(mock_timestamp);
--    EXPECT_FALSE(alices_factory->attest_timestamp(bobs_cookie));
--    EXPECT_FALSE(bobs_factory->attest_timestamp(alices_cookie));
++        alices_authority->make_cookie(bobs_cookie->serialize());
++        bobs_authority->make_cookie(alices_cookie->serialize());
++    }, mir::cookie::SecurityCheckError);
+ }
--TEST(MirCookieFactory, throw_when_secret_size_to_small)
++TEST(MirCookieAuthority, throw_when_secret_size_to_small)
+ {
--    std::vector<uint8_t> bob(mir::cookie::CookieFactory::minimum_secret_size - 1);
++    std::vector<uint8_t> bob(mir::cookie::Authority::minimum_secret_size - 1);
      EXPECT_THROW({
--        auto factory = mir::cookie::CookieFactory::create_from_secret(bob);
++        auto authority = mir::cookie::Authority::create_from(bob);
      }, std::logic_error);
+ }
--TEST(MirCookieFactory, saves_a_secret)
++TEST(MirCookieAuthority, saves_a_secret)
+ {
      using namespace testing;
      std::vector<uint8_t> secret;
--    mir::cookie::CookieFactory::create_saving_secret(secret);
++    mir::cookie::Authority::create_saving(secret);
--    EXPECT_THAT(secret.size(), Ge(mir::cookie::CookieFactory::minimum_secret_size));
++    EXPECT_THAT(secret.size(), Ge(mir::cookie::Authority::minimum_secret_size));
+ }
--TEST(MirCookieFactory, timestamp_trusted_with_saved_secret_does_attest)
++TEST(MirCookieAuthority, timestamp_trusted_with_saved_secret_does_attest)
+ {
      uint64_t timestamp   = 23;
      std::vector<uint8_t> secret;
--    auto source_factory = mir::cookie::CookieFactory::create_saving_secret(secret);
--    auto sink_factory   = mir::cookie::CookieFactory::create_from_secret(secret);
--    auto cookie = source_factory->timestamp_to_cookie(timestamp);
++    auto source_authority = mir::cookie::Authority::create_saving(secret);
++    auto sink_authority   = mir::cookie::Authority::create_from(secret);
++    auto cookie = source_authority->make_cookie(timestamp);
--    EXPECT_TRUE(sink_factory->attest_timestamp(cookie));
++    EXPECT_NO_THROW({
++        sink_authority->make_cookie(cookie->serialize());
++    });
+ }
--TEST(MirCookieFactory, internally_generated_secret_has_optimum_size)
++TEST(MirCookieAuthority, internally_generated_secret_has_optimum_size)
+ {
      using namespace testing;
      std::vector<uint8_t> secret;
--    mir::cookie::CookieFactory::create_saving_secret(secret);
++    mir::cookie::Authority::create_saving(secret);
--    EXPECT_THAT(secret.size(), Eq(mir::cookie::CookieFactory::optimal_secret_size()));
++    EXPECT_THAT(secret.size(), Eq(mir::cookie::Authority::optimal_secret_size()));
+ }
--TEST(MirCookieFactory, optimal_secret_size_is_larger_than_minimum_size)
++TEST(MirCookieAuthority, optimal_secret_size_is_larger_than_minimum_size)
+ {
      using namespace testing;
--    EXPECT_THAT(mir::cookie::CookieFactory::optimal_secret_size(),
--        Ge(mir::cookie::CookieFactory::minimum_secret_size));
++    EXPECT_THAT(mir::cookie::Authority::optimal_secret_size(),
++        Ge(mir::cookie::Authority::minimum_secret_size));
+ }