1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101
|
// Copyright 2024 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef NET_DEVICE_BOUND_SESSIONS_REGISTRATION_FETCHER_PARAM_H_
#define NET_DEVICE_BOUND_SESSIONS_REGISTRATION_FETCHER_PARAM_H_
#include <string>
#include <vector>
#include "base/containers/span.h"
#include "crypto/signature_verifier.h"
#include "net/base/net_export.h"
#include "net/http/http_response_headers.h"
#include "net/http/structured_headers.h"
#include "url/gurl.h"
namespace net::device_bound_sessions {
// Class to parse Sec-Session-Registration header.
// See explainer for details:
// https://github.com/WICG/dbsc/blob/main/README.md#start-session
// The header format for the session registration is a list of
// algorithm tokens, the list have two parameters, one is a string
// representing the challenge, the other is a string representing
// the path. Example:
// (RS256 ES256);path="start";challenge="code"
class NET_EXPORT RegistrationFetcherParam {
public:
RegistrationFetcherParam(RegistrationFetcherParam&& other);
RegistrationFetcherParam& operator=(
RegistrationFetcherParam&& other) noexcept;
// Disabled to make accidental copies compile errors.
RegistrationFetcherParam(const RegistrationFetcherParam& other) = delete;
RegistrationFetcherParam& operator=(const RegistrationFetcherParam&) = delete;
~RegistrationFetcherParam();
// Checks `headers` for any Sec-Session-Registration headers. Parses any
// valid ones that are found into `RegistrationFetcherParam` instances and
// returns a vector of these. `request_url` corresponds to the request that
// returned these headers; it is used to resolve any relative registration
// endpoints in the response headers and to validate that the scheme is
// appropriate.
// TODO(chlily): Get IsolationInfo from the request as well
static std::vector<RegistrationFetcherParam> CreateIfValid(
const GURL& request_url,
const HttpResponseHeaders* headers);
// Convenience constructor for testing.
static RegistrationFetcherParam CreateInstanceForTesting(
GURL registration_endpoint,
std::vector<crypto::SignatureVerifier::SignatureAlgorithm>
supported_algos,
std::string challenge,
std::optional<std::string> authorization);
const GURL& registration_endpoint() const { return registration_endpoint_; }
base::span<const crypto::SignatureVerifier::SignatureAlgorithm>
supported_algos() const {
return supported_algos_;
}
const std::string& challenge() const { return challenge_; }
const std::optional<std::string>& authorization() const {
return authorization_;
}
GURL TakeRegistrationEndpoint() { return std::move(registration_endpoint_); }
std::string TakeChallenge() { return std::move(challenge_); }
std::optional<std::string> TakeAuthorization() {
return std::move(authorization_);
}
private:
RegistrationFetcherParam(
GURL registration_endpoint,
std::vector<crypto::SignatureVerifier::SignatureAlgorithm>
supported_algos,
std::string challenge,
std::optional<std::string> authorization);
static std::optional<RegistrationFetcherParam> ParseItem(
const GURL& request_url,
const structured_headers::ParameterizedMember& session_registration);
// TODO(chlily): Store last-updated time and last-updated isolationinfo as
// needed.
GURL registration_endpoint_;
std::vector<crypto::SignatureVerifier::SignatureAlgorithm> supported_algos_;
std::string challenge_;
std::optional<std::string> authorization_;
};
} // namespace net::device_bound_sessions
#endif // NET_DEVICE_BOUND_SESSIONS_REGISTRATION_FETCHER_PARAM_H_
|