Add API Key parsing for experimental APIs

third_party/WebKit/Source/core/experiments/APIKey.cpp

+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "config.h"
+#include "core/experiments/APIKey.h"
+
+#include "core/dom/ElementTraversal.h"
+#include "core/dom/ExceptionCode.h"
+#include "core/frame/LocalDOMWindow.h"
+#include "core/html/HTMLHeadElement.h"
+#include "core/html/HTMLMetaElement.h"
+#include "platform/RuntimeEnabledFeatures.h"
+#include "platform/weborigin/SecurityOrigin.h"
+
+#include <string>
+
+namespace blink {
+
+PassRefPtrWillBeRawPtr<APIKey> APIKey::parse(const String& keyText)
+{
+    if (keyText.isEmpty()) {
+        return nullptr;
+    }
+
+    // API Key should resemble:
+    // signature|origin|apiName|expiry
+    Vector<String> parts;
+    keyText.split('|', parts);
+    if (parts.size() != 4) {
+        return nullptr;
+    }
+
+    const String& signature = parts[0];
+    const String& originText = parts[1];
+    const String& apiName = parts[2];
+    const String& expiryText = parts[3];
+
+    // Expiry field must be an integer
+    bool expiryIsValid = false;
+    uint64_t expiry = expiryText.toUInt64Strict(&expiryIsValid);
+    if (!expiryIsValid) {
+        return nullptr;
+    }
+
+    // Origin field must be a valid URL

[Marijn Kruisselbrink, 2015/12/18 22:03:01]

Do we want to accept arbitrary URLs? Or should either we make sure the origin is
just an origin, or extract the origin from the URL?

+    KURL origin = KURL(KURL(), originText);

[Marijn Kruisselbrink, 2015/12/18 22:03:01]

Does this work? The KURL(KURL, String) constructor claims it always creates an
invalid URL if the KURL argument is an invalid URL. So in this case it seems
like this should always create an invalid url? (it seems it might just be the
KURL docs that are wrong...)

[iclelland, 2015/12/21 19:17:17]

It works (as in it creates URLs that pass that test), and the unit tests in
platform/weborigin/KURLTest.cpp (like Valid_HTTP_FTP_URLsHaveHosts) seem to
validate this pattern as well; the docs may simply be out of date if they're
suggesting that it shouldn't work. I looked around, and it seemed to be the
standard way to construct a KURL given an absolute URL in a String.

+    if (!origin.isValid()) {
+        return nullptr;
+    }
+
+    return adoptRefWillBeNoop(new APIKey(signature, origin, apiName, expiry));
+}
+
+APIKey::APIKey(const String& signature, const KURL& origin, const String& apiName, uint64_t expiry)
+    : m_signature(signature)
+    , m_origin(origin)
+    , m_apiName(apiName)
+    , m_expiry(expiry)
+{
+}
+
+bool APIKey::isValid(const String& origin, const String& apiName, uint64_t now) const
+{
+    return validateOrigin(origin)
+        && validateApiName(apiName)
+        && validateDate(now);
+}
+
+bool APIKey::validateOrigin(const String& originText) const
+{
+    KURL origin = KURL(KURL(), originText);
+    if (!origin.isValid()) {
+        return false;
+    }
+    return origin == m_origin;
+}
+
+bool APIKey::validateApiName(const String& apiName) const
+{
+    return equalIgnoringCase(m_apiName, apiName);
+}
+
+bool APIKey::validateDate(uint64_t now) const
+{
+    return m_expiry > now;
+}
+
+} // namespace blink