Add API Key parsing for experimental APIs

content/browser/experiments/api_key.h

Index: content/browser/experiments/api_key.h
diff --git a/content/browser/experiments/api_key.h b/content/browser/experiments/api_key.h
new file mode 100644
index 0000000000000000000000000000000000000000..1c48be697f2e5579662feb03fa620608917ff6b2
--- /dev/null
+++ b/content/browser/experiments/api_key.h
@@ -0,0 +1,71 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_BROWSER_EXPERIMENTS_API_KEY_H_
+#define CONTENT_BROWSER_EXPERIMENTS_API_KEY_H_
+
+#include <string>
+
+#include "base/time/time.h"
+#include "content/common/content_export.h"
+#include "url/gurl.h"
+
+namespace content {
+
+// The Experimental Framework (EF) provides limited access to experimental APIs,
+// on a per-origin basis.  This class defines the API key data structure, used
+// to securely provide access to an experimental API.
+//
+// Experimental APIs are defined by string names, provided by the implementers.
+// The EF code does not maintain an enum or constant list for experiment names.
+// Instead, the EF validates the name provided by the API implementation against
+// any provided API keys.
+// TODO(chasej): Link to documentation, or provide more detail on keys, .etc
+class CONTENT_EXPORT ApiKey {
+ public:
+  ~ApiKey();
+
+  // Returns a key object if the string represents a well-formed key, or
+  // nullptr otherwise.
+  static scoped_ptr<ApiKey> Parse(const std::string& key_text);
+
+  // Returns true if this API key has a valid signature, and has not expired.
+  bool IsValidNow(const base::Time& now) const;

[Marijn Kruisselbrink, 2015/12/18 22:03:01]

IsValidNow seems a bit of an odd name if "now" is actually passed in as an
argument? Maybe IsValidAt or something would be clearer?

[iclelland, 2015/12/21 19:17:17]

Renamed to IsValid, mirroring the blink code.

+
+  std::string signature() { return signature_; }
+  std::string data() { return data_; }
+  GURL origin() { return origin_; }
+  std::string api_name() { return api_name_; }
+  uint64_t expiry_timestamp() { return expiry_timestamp_; }
+
+ private:
+  ApiKey();

[Marijn Kruisselbrink, 2015/12/18 22:03:01]

Why do you define (but not implement) a default constructor?

[iclelland, 2015/12/21 19:17:17]

Thanks for catching it; we don't need it. One private constructor is enough :)

+  ApiKey(const std::string& signature,
+         const std::string& data,
+         const GURL& origin,
+         const std::string& api_name,
+         uint64_t expiry_timestamp);
+
+  // The base64-encoded-signature portion of the key. For the key to be valid,
+  // this must be a valid signature for the data portion of the key, as verified
+  // by the public key in api_key.cc.
+  std::string signature_;
+
+  // The portion of the key string which is signed, and whose signature is
+  // contained in the signature_ member.
+  std::string data_;
+
+  // The origin for which this key is valid. Must be a secure origin.
+  GURL origin_;
+
+  // The name of the API experiment which this key enables.
+  std::string api_name_;
+
+  // The time until which this key should be considered valid, in UTC, as
+  // seconds since the Unix epoch.
+  uint64_t expiry_timestamp_;
+};
+
+}  // namespace

[Marijn Kruisselbrink, 2015/12/18 22:03:01]

// namespace content
(at least I would otherwise assume this closes an anonymous namespace)

And probably add a blank line between the } and the #endif

[iclelland, 2015/12/21 19:17:17]

Done.

+#endif  // CONTENT_BROWSER_EXPERIMENTS_API_KEY_H_