File: aggregation_service_key_fetcher.h

package info (click to toggle)
chromium 138.0.7204.183-1~deb12u1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm-proposed-updates
  • size: 6,080,960 kB
  • sloc: cpp: 34,937,079; ansic: 7,176,967; javascript: 4,110,704; python: 1,419,954; asm: 946,768; xml: 739,971; pascal: 187,324; sh: 89,623; perl: 88,663; objc: 79,944; sql: 50,304; cs: 41,786; fortran: 24,137; makefile: 21,811; php: 13,980; tcl: 13,166; yacc: 8,925; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (115 lines) | stat: -rw-r--r-- 4,559 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
 
// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CONTENT_BROWSER_AGGREGATION_SERVICE_AGGREGATION_SERVICE_KEY_FETCHER_H_
#define CONTENT_BROWSER_AGGREGATION_SERVICE_AGGREGATION_SERVICE_KEY_FETCHER_H_

#include <memory>
#include <optional>
#include <vector>

#include "base/containers/circular_deque.h"
#include "base/containers/flat_map.h"
#include "base/functional/callback_forward.h"
#include "base/memory/raw_ptr.h"
#include "base/memory/weak_ptr.h"
#include "content/browser/aggregation_service/public_key.h"
#include "content/common/content_export.h"

class GURL;

namespace content {

class AggregationServiceStorageContext;

// This class is responsible for requesting keys from storage, owned by the
// assembler.
class CONTENT_EXPORT AggregationServiceKeyFetcher {
 public:
  // This class is responsible for fetching public keys from helper servers over
  // the network.
  class NetworkFetcher {
   public:
    virtual ~NetworkFetcher() = default;

    using NetworkFetchCallback =
        base::OnceCallback<void(std::optional<PublicKeyset>)>;

    // Fetch public keys from the helper server endpoint `url`. Returns
    // std::nullopt in case of network or parsing error.
    virtual void FetchPublicKeys(const GURL& url,
                                 NetworkFetchCallback callback) = 0;
  };

  enum class PublicKeyFetchStatus {
    // TODO(crbug.com/40185368): Propagate up more granular errors.
    kOk,
    kPublicKeyFetchFailed,
    kMaxValue = kPublicKeyFetchFailed,
  };

  using FetchCallback =
      base::OnceCallback<void(std::optional<PublicKey>, PublicKeyFetchStatus)>;

  AggregationServiceKeyFetcher(
      AggregationServiceStorageContext* storage_context,
      std::unique_ptr<NetworkFetcher> network_fetcher);
  AggregationServiceKeyFetcher(const AggregationServiceKeyFetcher& other) =
      delete;
  AggregationServiceKeyFetcher& operator=(
      const AggregationServiceKeyFetcher& other) = delete;
  virtual ~AggregationServiceKeyFetcher();

  // Gets a currently valid public key for `url` and triggers the `callback`
  // once completed.
  //
  // Helper server's keys must be rotated weekly which is primarily to limit the
  // impact of a compromised key. Any public key must be valid when fetched and
  // this will be enforced by the key fetcher. This ensures that the key used to
  // encrypt is valid at encryption time.
  //
  // To further limit the impact of a compromised key, we will support "key
  // slicing". That is, each helper server may make multiple public keys
  // available. At encryption time, the fetcher will (uniformly at random) pick
  // one of the public keys to use. This selection should be made independently
  // between reports so that the key choice cannot be used to partition reports
  // into separate groups of users. Virtual for mocking in tests.
  virtual void GetPublicKey(const GURL& url, FetchCallback callback);

 private:
  // Called when public keys are received from the storage.
  void OnPublicKeysReceivedFromStorage(const GURL& url,
                                       std::vector<PublicKey> keys);

  // Keys are fetched from the network if they are not found in storage.
  void FetchPublicKeysFromNetwork(const GURL& url);

  // Called when public keys are received from the network fetcher.
  void OnPublicKeysReceivedFromNetwork(const GURL& url,
                                       std::optional<PublicKeyset> keyset);

  // Runs callbacks for pending requests for `url` with the public keys
  // received from the network or storage. Any keys specified must be currently
  // valid.
  void RunCallbacksForUrl(const GURL& url, const std::vector<PublicKey>& keys);

  // Using a raw pointer is safe because `storage_context_` is guaranteed to
  // outlive `this`.
  raw_ptr<AggregationServiceStorageContext> storage_context_;

  // Map of all URLs that are currently waiting for the public keys, and
  // their associated fetch callbacks. Used to cache ongoing requests to the
  // storage or network to prevent looking up the same key multiple times at
  // once.
  base::flat_map<GURL, base::circular_deque<FetchCallback>> url_callbacks_;

  // Responsible for issuing requests to network for fetching public keys.
  std::unique_ptr<NetworkFetcher> network_fetcher_;

  base::WeakPtrFactory<AggregationServiceKeyFetcher> weak_factory_{this};
};

}  // namespace content

#endif  // CONTENT_BROWSER_AGGREGATION_SERVICE_AGGREGATION_SERVICE_KEY_FETCHER_H_