File: trust_token_request_handler.h

package info (click to toggle)
chromium 145.0.7632.159-1
links: PTS, VCS
area: main
in suites: forky, sid
size: 5,976,224 kB
sloc: cpp: 36,198,469; ansic: 7,634,080; javascript: 3,564,060; python: 1,649,622; xml: 838,470; asm: 717,087; pascal: 185,708; sh: 88,786; perl: 88,718; objc: 79,984; sql: 59,811; cs: 42,452; fortran: 24,101; makefile: 21,144; tcl: 15,277; php: 14,022; yacc: 9,066; ruby: 7,553; awk: 3,720; lisp: 3,233; lex: 1,328; ada: 727; jsp: 228; sed: 36
file content (137 lines) | stat: -rw-r--r-- 5,458 bytes
parent folder | download | duplicates (6)
// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef SERVICES_NETWORK_TEST_TRUST_TOKEN_REQUEST_HANDLER_H_
#define SERVICES_NETWORK_TEST_TRUST_TOKEN_REQUEST_HANDLER_H_

#include <optional>
#include <set>
#include <string>
#include <string_view>

#include "base/synchronization/lock.h"
#include "base/time/time.h"
#include "net/http/http_request_headers.h"
#include "services/network/public/mojom/trust_tokens.mojom.h"
#include "services/network/trust_tokens/types.h"
#include "url/gurl.h"
namespace network {
namespace test {

struct TrustTokenSignedRequest {
  GURL destination;
  net::HttpRequestHeaders headers;
};

// TrustTokenRequestHandler encapsulates server-side Trust Tokens issuance and
// redemption logic and implements some integrity and correctness checks for
// requests subsequently signed with keys bound to token redemptions.
//
// It's thread-safe so that the methods can be called by test code directly and
// by net::EmbeddedTestServer handlers.
class TrustTokenRequestHandler {
 public:
  struct Options;  // Definition below.
  explicit TrustTokenRequestHandler(Options options);

  // The default constructor uses reasonable default options.
  TrustTokenRequestHandler();

  ~TrustTokenRequestHandler();

  // TODO(davidvc): Provide a way to specify when keys expire.

  enum class ServerOperationOutcome {
    kExecuteOperationAsNormal,
    kUnconditionalFailure,
  };

  struct Options final {
    Options();
    ~Options();
    Options(const Options&);
    Options& operator=(const Options&);

    // The number of issuance key pairs to provide via key commitment results.
    int num_keys = 1;

    // The protocol version with which to parameterize the server-side
    // cryptographic logic. We return this value in key commitment results.
    std::string protocol_version = internal::ProtocolVersionToString(
        mojom::TrustTokenProtocolVersion::kTrustTokenV3Pmb);

    // The key commitment ID.
    int id = 1;

    // The number of tokens to sign per issuance operation; this value is also
    // provided to the client as part of key commitment results.
    int batch_size = 10;

    // If set to |kUnconditionalFailure|, returns a failure response for the
    // corresponding operation even if the operation would have succeeded had
    // the server been operating correctly.
    ServerOperationOutcome issuance_outcome =
        ServerOperationOutcome::kExecuteOperationAsNormal;
    ServerOperationOutcome redemption_outcome =
        ServerOperationOutcome::kExecuteOperationAsNormal;

    // The following two fields specify operating systems on which to specify
    // that the browser should attempt platform-provided trust token issuance
    // instead of sending requests directly to the issuer's server, and the
    // fallback behavior when these operations are unavailable. This information
    // will be included in GetKeyCommitmentRecord's returned commitments.
    std::set<mojom::TrustTokenKeyCommitmentResult::Os>
        specify_platform_issuance_on;
    mojom::TrustTokenKeyCommitmentResult::UnavailableLocalOperationFallback
        unavailable_local_operation_fallback =
            mojom::TrustTokenKeyCommitmentResult::
                UnavailableLocalOperationFallback::kReturnWithError;
  };

  // Updates the handler's options, resetting its internal state.
  void UpdateOptions(Options options);

  // Returns a key commitment record suitable for inserting into a {issuer:
  // commitment} dictionary passed to the network service via
  // NetworkService::SetTrustTokenKeyCommitments. This comprises |num_keys|
  // token verification keys, a protocol version of |protocol_version|, an ID of
  // |id| and  a batch size of |batch_size| (or none if |batch_size| is
  // nullopt).
  std::string GetKeyCommitmentRecord() const;

  // Given a base64-encoded issuance request, processes the
  // request and returns either nullopt (on error) or a base64-encoded response.
  std::optional<std::string> Issue(std::string_view issuance_request);

  // Given a base64-encoded redemption request, processes the
  // request and returns either nullopt (on error) or a string containing
  // the metadata values.
  std::optional<std::string> Redeem(std::string_view redemption_request);

  // Stores a representation of a signed request with the given destination and
  // headers in a manner that can be retrieved for inspection by calling
  // |last_incoming_signed_request|.
  void RecordSignedRequest(const GURL& destination,
                           const net::HttpRequestHeaders& headers);

  // Returns the public key hashes received in prior redemption requests.
  std::set<std::string> hashes_of_redemption_bound_public_keys() const;

  // Returns a structured representation of the last signed request received.
  std::optional<TrustTokenSignedRequest> last_incoming_signed_request() const;

 private:
  struct Rep;  // Contains state internal to this class's implementation.

  // Guards this class's internal state. This makes sure we're reading writes to
  // the state that occur while handling requests, which takes place off of the
  // main sequence due to how net::EmbeddedTestServer works.
  mutable base::Lock mutex_;
  std::unique_ptr<Rep> rep_ GUARDED_BY(mutex_);
};

}  // namespace test
}  // namespace network

#endif  // SERVICES_NETWORK_TEST_TRUST_TOKEN_REQUEST_HANDLER_H_