Add API Key parsing for experimental APIs

third_party/WebKit/Source/core/experiments/APIKey.h

+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef APIKey_h
+#define APIKey_h
+
+#include "core/CoreExport.h"
+#include "core/dom/DOMException.h"
+#include "platform/heap/Handle.h"
+#include "platform/weborigin/KURL.h"
+#include "wtf/text/WTFString.h"
+
+namespace blink {
+
+// The Experimental Framework (EF) provides limited access to experimental APIs,
+// on a per-origin basis.  This class defines the API key data structure, used
+// to securely provide access to an experimental API.
+//
+// Experimental APIs are defined by string names, provided by the implementers.
+// The EF code does not maintain an enum or constant list for experiment names.
+// Instead, the EF validates the name provided by the API implementation against
+// any provided API keys.
+//
+// In the renderer, the EF is concerned with checking whether an API key claims
+// to be valid for the current origin. It does not attempt to actually validate
+// the signature on the key.
+//
+// TODO(chasej): Link to documentation, or provide more detail on keys, .etc

[Rick Byers, 2015/12/18 21:52:42]

Is this the doc you want (at least for now):
https://docs.google.com/document/d/1qVP2CK1lbfmtIJRIm6nwuEFFhGhYbtThLQPo3CSTt...
?

[iclelland, 2015/12/21 19:17:17]

Actually, more info on the key format itself is being collected at
https://docs.google.com/document/d/1v5fi0EUV_QHckVHVF2K4P72iNywnrJtNhNZ6i2NPt0M
. Updated the TODO. (And moved it to content/)

+class CORE_EXPORT APIKey : public RefCountedWillBeGarbageCollected<APIKey> {

[Marijn Kruisselbrink, 2015/12/18 22:03:01]

Why RefCountedWillBeGarbageCollected? New code should just be GarbageCollected
directly.

[iclelland, 2015/12/21 19:17:17]

[Class removed in subsequent CLs]

+public:
+    // Returns an APIKey object if the string can be parsed correctly. (This
+    // does not mean that the key is valid for the current origin, just that it
+    // is well-formed.) If the string is not a well-formed key, then a null
+    // pointer is returned.
+    static PassRefPtrWillBeRawPtr<APIKey> parse(const String&);
+
+    // Returns true if this API key was issued for the given origin and API
+    // combination, and contains an expiry timestamp which is still in the
+    // future.  Returning true does not mean that the key is valid nor
+    // is it a sufficient check to allow access to the API.
+    bool isValid(const String& origin, const String& apiName, uint64_t now) const;
+
+protected:
+    friend class APIKeyTest;
+
+    bool validateOrigin(const String& originText) const;
+    bool validateApiName(const String& apiName) const;
+    bool validateDate(uint64_t now) const;
+
+private:
+    APIKey();
+    explicit APIKey(const String& m_signature, const KURL& origin, const String& apiName, uint64_t m_expiry);
+
+    String m_signature;
+    KURL m_origin;
+    String m_apiName;
+    uint64_t m_expiry;
+};
+
+} // namespace blink
+
+#endif // APIKey_h