File: fake_security_domain_service.h

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (85 lines) | stat: -rw-r--r-- 3,108 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
// Copyright 2024 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROME_BROWSER_WEBAUTHN_FAKE_SECURITY_DOMAIN_SERVICE_H_
#define CHROME_BROWSER_WEBAUTHN_FAKE_SECURITY_DOMAIN_SERVICE_H_

#include <memory>
#include <optional>
#include <string>

#include "base/containers/span.h"
#include "base/functional/callback_forward.h"
#include "components/trusted_vault/proto/vault.pb.h"
#include "components/trusted_vault/trusted_vault_connection.h"
#include "net/http/http_status_code.h"

namespace network {
struct ResourceRequest;
}

namespace trusted_vault_pb {
class SecurityDomainMember;
}

// A fake implementation of the Security Domain Service (SDS) for passkeys
// testing. This implementation can be fed network requests via the callback
// returned by `GetCallback`. If the request URL is for the SDS then it'll
// return an HTTP status and response body.
//
// This implementation will record members and enforce that the correct epochs
// are set in requests. It assumes that only a single security domain is being
// used.
class FakeSecurityDomainService {
 public:
  // If present, values of this type contain an HTTP status code (e.g. 200) and
  // the body of the response.
  using MaybeResponse =
      std::optional<std::pair<net::HttpStatusCode, std::string>>;

  using JoinMemberMatcher = base::RepeatingCallback<bool(
      const trusted_vault_pb::JoinSecurityDomainsRequest&)>;

  static std::unique_ptr<FakeSecurityDomainService> New(int epoch);

  virtual ~FakeSecurityDomainService() = 0;

  // Get a callback that processes network requests and, if they are for the
  // security domain service, returns a response.
  virtual base::RepeatingCallback<
      MaybeResponse(const network::ResourceRequest&)>
  GetCallback() = 0;

  // If called, all future requests will return HTTP 500 errors.
  virtual void fail_all_requests() = 0;

  // If called, the security domain will accept a join request with the correct
  // epoch, as if MagicArch had just completed.
  virtual void pretend_there_are_members() = 0;

  // Returns an HTTP 500 when the request matches |filter|.
  virtual void fail_join_requests_matching(JoinMemberMatcher filter) = 0;

  // Simulates the user resetting the security domain.
  virtual void ResetSecurityDomain() = 0;

  // Changes the GPM PIN recovery member to not be usable, i.e.
  // usable_for_recovery is set to false and no metadata is returned.
  virtual void MakePinMemberUnusable() = 0;

  // Removes the GPM PIN recovery member.
  virtual void RemovePinMember() = 0;

  // Updates the public key of the PIN member.
  virtual void SetPinMemberPublicKey(std::string public_key) = 0;

  virtual size_t num_physical_members() const = 0;
  virtual size_t num_pin_members() const = 0;
  virtual std::string GetPinMemberPublicKey() const = 0;
  virtual trusted_vault::GpmPinMetadata GetPinMetadata() const = 0;
  virtual base::span<const trusted_vault_pb::SecurityDomainMember> members()
      const = 0;
};

#endif  // CHROME_BROWSER_WEBAUTHN_FAKE_SECURITY_DOMAIN_SERVICE_H_