File: identity_token_cache.h

package info (click to toggle)
chromium 139.0.7258.127-1~deb13u1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,096 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (135 lines) | stat: -rw-r--r-- 4,764 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
 
// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROME_BROWSER_EXTENSIONS_API_IDENTITY_IDENTITY_TOKEN_CACHE_H_
#define CHROME_BROWSER_EXTENSIONS_API_IDENTITY_IDENTITY_TOKEN_CACHE_H_

#include <map>
#include <set>
#include <string>
#include <variant>

#include "base/time/time.h"
#include "chrome/browser/extensions/api/identity/extension_token_key.h"
#include "google_apis/gaia/oauth2_mint_token_flow.h"

namespace extensions {

class IdentityTokenCacheValue {
 public:
  IdentityTokenCacheValue();
  IdentityTokenCacheValue(const IdentityTokenCacheValue& other);
  IdentityTokenCacheValue& operator=(const IdentityTokenCacheValue& other);
  ~IdentityTokenCacheValue();

  static IdentityTokenCacheValue CreateRemoteConsent(
      const RemoteConsentResolutionData& resolution_data);
  static IdentityTokenCacheValue CreateRemoteConsentApproved(
      const std::string& consent_result);
  static IdentityTokenCacheValue CreateToken(
      const std::string& token,
      const std::set<std::string>& granted_scopes,
      base::TimeDelta time_to_live);

  // Order of these entries is used to determine whether or not new
  // entries supersede older ones in SetCachedToken.
  enum CacheValueStatus {
    CACHE_STATUS_NOTFOUND,
    CACHE_STATUS_REMOTE_CONSENT,
    CACHE_STATUS_REMOTE_CONSENT_APPROVED,
    CACHE_STATUS_TOKEN
  };

  CacheValueStatus status() const;
  const base::Time& expiration_time() const;

  // These getters should be used only if `status()` returns a value
  // corresponding to the type. Otherwise, the application will crash.
  // CACHE_STATUS_REMOTE_CONSENT:
  const RemoteConsentResolutionData& resolution_data() const;
  // CACHE_STATUS_REMOTE_CONSENT_APPROVED:
  const std::string& consent_result() const;
  // CACHE_STATUS_TOKEN:
  const std::string& token() const;
  const std::set<std::string>& granted_scopes() const;

 private:
  struct TokenValue {
    TokenValue(const std::string& token,
               const std::set<std::string>& granted_scopes);
    TokenValue(const TokenValue& other);
    TokenValue& operator=(const TokenValue& other);
    ~TokenValue();

    std::string token;
    std::set<std::string> granted_scopes;
  };

  CacheValueStatus GetStatusInternal() const;

  bool is_expired() const;

  base::Time expiration_time_;

  std::variant<std::monostate,
               RemoteConsentResolutionData,
               std::string,
               TokenValue>
      value_;
};

// In-memory cache of OAuth2 access tokens that are requested by extensions
// through the `getAuthToken` API. Also caches intermediate short-lived values
// used at different stages of the `getAuthToken` flow before a token is
// obtained. The cache automatically handles token expiration. Extensions can
// manually remove tokens from the cache using `removeCachedAuthToken` API.
class IdentityTokenCache {
 public:
  IdentityTokenCache();
  ~IdentityTokenCache();
  IdentityTokenCache(const IdentityTokenCache& other) = delete;
  IdentityTokenCache& operator=(const IdentityTokenCache& other) = delete;

  // Used to order the cached scopes based on their sizes. This allows subset
  // matching to prioritize returning tokens with the smallest superset scope.
  // So, if there is an exact match for the requested scopes, the corresponding
  // cached token will be found first and returned.
  struct ScopesSizeCompare {
    bool operator()(const IdentityTokenCacheValue& lhs,
                    const IdentityTokenCacheValue& rhs) const;
  };

  struct AccessTokensKey {
    explicit AccessTokensKey(const ExtensionTokenKey& key);
    AccessTokensKey(const std::string& extension_id,
                    const CoreAccountId& account_id);
    bool operator<(const AccessTokensKey& rhs) const;
    std::string extension_id;
    CoreAccountId account_id;
  };
  using AccessTokensValue =
      std::set<IdentityTokenCacheValue, ScopesSizeCompare>;
  using AccessTokensCache = std::map<AccessTokensKey, AccessTokensValue>;

  void SetToken(const ExtensionTokenKey& key,
                const IdentityTokenCacheValue& token_data);
  void EraseAccessToken(const std::string& extension_id,
                        const std::string& token);
  void EraseAllTokensForExtension(const std::string& extension_id);
  void EraseAllTokens();
  const IdentityTokenCacheValue& GetToken(const ExtensionTokenKey& key);

  const AccessTokensCache& access_tokens_cache();

 private:
  void EraseStaleTokens();

  AccessTokensCache access_tokens_cache_;
  std::map<ExtensionTokenKey, IdentityTokenCacheValue>
      intermediate_value_cache_;
};

}  // namespace extensions

#endif  // CHROME_BROWSER_EXTENSIONS_API_IDENTITY_IDENTITY_TOKEN_CACHE_H_