Add API Key parsing for experimental APIs

content/common/experiments/api_key.h

Index: content/common/experiments/api_key.h
diff --git a/content/common/experiments/api_key.h b/content/common/experiments/api_key.h
new file mode 100644
index 0000000000000000000000000000000000000000..6b06ea279c070871a45a32312fa53490b9a0a82e
--- /dev/null
+++ b/content/common/experiments/api_key.h
@@ -0,0 +1,89 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_COMMON_EXPERIMENTS_API_KEY_H_
+#define CONTENT_COMMON_EXPERIMENTS_API_KEY_H_
+
+#include <string>
+
+#include "base/memory/scoped_ptr.h"
+#include "base/time/time.h"
+#include "content/common/content_export.h"
+#include "url/gurl.h"
+
+namespace content {
+
+// The Experimental Framework (EF) provides limited access to experimental APIs,
+// on a per-origin basis.  This class defines the API key data structure, used
+// to securely provide access to an experimental API.
+//
+// Experimental APIs are defined by string names, provided by the implementers.
+// The EF code does not maintain an enum or constant list for experiment names.
+// Instead, the EF validates the name provided by the API implementation against
+// any provided API keys.
+//
+// More documentation on the key format can be found at
+// https://docs.google.com/document/d/1v5fi0EUV_QHckVHVF2K4P72iNywnrJtNhNZ6i2NPt0M
+
+class CONTENT_EXPORT ApiKey {
+ public:
+  ~ApiKey();
+
+  // Returns a key object if the string represents a well-formed key, or
+  // nullptr otherwise. (This does not mean that the key is valid, just that it
+  // can be parsed.)
+  static scoped_ptr<ApiKey> Parse(const std::string& key_text);
+
+  // Returns true if this API is appropriate for use by the given origin, for
+  // the given API name. This does not check whether the signature is valid, or
+  // whether the key itself has expired.
+  bool IsAppropriate(const std::string& origin,
+                     const std::string& apiName) const;
+
+  // Returns true if this API key has a valid signature, and has not expired.
+  bool IsValid(const base::Time& now) const;
+
+  std::string signature() { return signature_; }
+  std::string data() { return data_; }
+  GURL origin() { return origin_; }
+  std::string api_name() { return api_name_; }
+  uint64_t expiry_timestamp() { return expiry_timestamp_; }
+
+ protected:
+  friend class ApiKeyTest;
+
+  bool ValidateOrigin(const std::string& origin) const;
+  bool ValidateApiName(const std::string& api_name) const;
+  bool ValidateDate(const base::Time& now) const;
+
+ private:
+  ApiKey(const std::string& signature,
+         const std::string& data,
+         const GURL& origin,
+         const std::string& api_name,
+         uint64_t expiry_timestamp);
+
+  // The base64-encoded-signature portion of the key. For the key to be valid,
+  // this must be a valid signature for the data portion of the key, as verified
+  // by the public key in api_key.cc.
+  std::string signature_;
+
+  // The portion of the key string which is signed, and whose signature is
+  // contained in the signature_ member.
+  std::string data_;
+
+  // The origin for which this key is valid. Must be a secure origin.
+  GURL origin_;
+
+  // The name of the API experiment which this key enables.
+  std::string api_name_;
+
+  // The time until which this key should be considered valid, in UTC, as
+  // seconds since the Unix epoch.
+  uint64_t expiry_timestamp_;
+};
+
+}  // namespace content
+
+#endif  // CONTENT_COMMON_EXPERIMENTS_API_KEY_H_