File: fake_security_domains_server.h

package info (click to toggle)
chromium 139.0.7258.127-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 6,122,156 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (136 lines) | stat: -rw-r--r-- 5,037 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
 
// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef COMPONENTS_TRUSTED_VAULT_TEST_FAKE_SECURITY_DOMAINS_SERVER_H_
#define COMPONENTS_TRUSTED_VAULT_TEST_FAKE_SECURITY_DOMAINS_SERVER_H_

#include <map>
#include <memory>
#include <string>
#include <vector>

#include "base/memory/scoped_refptr.h"
#include "base/observer_list_threadsafe.h"
#include "base/synchronization/lock.h"
#include "base/thread_annotations.h"
#include "components/trusted_vault/proto/vault.pb.h"
#include "net/test/embedded_test_server/http_request.h"
#include "net/test/embedded_test_server/http_response.h"
#include "url/gurl.h"

namespace trusted_vault {

// Mimics behavior of the security domains server. This class is designed to be
// used with EmbeddedTestServer via registration of HandleRequest() method.
class FakeSecurityDomainsServer {
 public:
  class Observer : public base::CheckedObserver {
   public:
    // Called when handling of request is completed. Called iff request is
    // supposed to be handled by FakeSecurityDomainsServer (determined by the
    // URL prefix).
    virtual void OnRequestHandled() = 0;
  };

  static GURL GetServerURL(GURL base_url);

  explicit FakeSecurityDomainsServer(GURL base_url);
  FakeSecurityDomainsServer(const FakeSecurityDomainsServer& other) = delete;
  FakeSecurityDomainsServer& operator=(const FakeSecurityDomainsServer& other) =
      delete;
  ~FakeSecurityDomainsServer();

  void AddObserver(Observer* observer);
  void RemoveObserver(Observer* observer);

  // Handles request if it belongs to security domains server (identified by
  // request url). Returns nullptr otherwise.
  // Unlike other methods of this class, which should be called on main thread,
  // this method is called on EmbeddedTestServer IO thread.
  std::unique_ptr<net::test_server::HttpResponse> HandleRequest(
      const net::test_server::HttpRequest& http_request);

  // Rotates trusted vault key by adding new shared key for all members. Returns
  // new trusted vault key.
  std::vector<uint8_t> RotateTrustedVaultKey(
      const std::vector<uint8_t>& last_trusted_vault_key);

  // Resets |state_| to the initial one.
  void ResetData();

  // Resets |state_| to the one derived from parameters.
  void ResetDataToState(const std::vector<std::vector<uint8_t>>& keys,
                        int last_key_version);

  // Causes the security domain to enter the degraded recoverability state
  // unless the provided |public_key| matches a member's public key.
  void RequirePublicKeyToAvoidRecoverabilityDegraded(
      const std::vector<uint8_t>& public_key);

  int GetMemberCount() const;
  std::vector<std::vector<uint8_t>> GetAllTrustedVaultKeys() const;
  bool AllMembersHaveKey(const std::vector<uint8_t>& trusted_vault_key) const;
  int GetCurrentEpoch() const;
  bool IsRecoverabilityDegraded() const;

  // Returns true if there was a request that violates supported protocol.
  bool ReceivedInvalidRequest() const;

 private:
  std::unique_ptr<net::test_server::HttpResponse>
  HandleJoinSecurityDomainsRequest(
      const net::test_server::HttpRequest& http_request);

  std::unique_ptr<net::test_server::HttpResponse>
  HandleGetSecurityDomainMemberRequest(
      const net::test_server::HttpRequest& http_request);

  std::unique_ptr<net::test_server::HttpResponse>
  HandleGetSecurityDomainRequest(
      const net::test_server::HttpRequest& http_request);

  class State {
   public:
    State();
    State(const State& other) = delete;
    State(State&& other);
    State& operator=(const State& other) = delete;
    State& operator=(State&& other);
    ~State();

    bool received_invalid_request = false;

    // Maps members public key to shared keys that belong to this member.
    std::map<std::string, std::vector<trusted_vault_pb::SharedMemberKey>>
        public_key_to_shared_keys;
    // Maps members public key to rotation proofs of members shared keys.
    std::map<std::string, std::vector<trusted_vault_pb::RotationProof>>
        public_key_to_rotation_proofs;

    // Zero epoch is used when there are no members in the security domain, once
    // first member is joined it is initialized to non-zero value. Members still
    // can join with constant key without populating epoch while
    // |constant_key_allowed_| set to true.
    int current_epoch = 0;
    bool constant_key_allowed = true;

    // All trusted vault keys ordered by increasing epoch.
    std::vector<std::vector<uint8_t>> trusted_vault_keys;

    std::string required_public_key_to_avoid_recoverability_degraded;
  };

  // This class is used on main thread and on EmbeddedTestServer IO thread, data
  // access is protected by |lock_|.
  mutable base::Lock lock_;

  const GURL server_url_;
  State state_ GUARDED_BY(lock_);

  const scoped_refptr<base::ObserverListThreadSafe<Observer>> observers_;
};

}  // namespace trusted_vault

#endif  // COMPONENTS_TRUSTED_VAULT_TEST_FAKE_SECURITY_DOMAINS_SERVER_H_