The RevokeTree was built out of an attempt to optimize the search for
a match between a candidate token and the list of revocation events.
The performance proved to be poor, mostly due to the cost of creating
and checking hash values.
The RevokeTree code is also so complex that most of the team could not
understand it or troubleshoot it. There are some subtle bugs due to
race conditions with revocation events, and it is impossible to track
them down due to the code complexity.
This change replaces the tree based search with a linear search through
the list of revocation events. A failure-to-match will pass through
the entire list. A revoked token should match on O(n/2) comparisons.
With the past year of Fernet tokens in deployment, the feedback is that
the number of revocation events is small, and they only are kept for
the lifetime of the tokens (usually 1-8 hours) so the linear search is
not expected to slow down token validations in live deployments.
Future work will also reduce the number of revocation events.
Change-Id: Ib6a686494e897840b09d134ecf1ca50ce712f281
75abc21ecf