Add API Key parsing for experimental APIs

third_party/WebKit/Source/core/experiments/APIKey.h

Index: third_party/WebKit/Source/core/experiments/APIKey.h
diff --git a/third_party/WebKit/Source/core/experiments/APIKey.h b/third_party/WebKit/Source/core/experiments/APIKey.h
new file mode 100644
index 0000000000000000000000000000000000000000..f8b85acc7e69e0147805364008af193350f14862
--- /dev/null
+++ b/third_party/WebKit/Source/core/experiments/APIKey.h
@@ -0,0 +1,65 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef APIKey_h
+#define APIKey_h
+
+#include "core/CoreExport.h"
+#include "core/dom/DOMException.h"
+#include "platform/heap/Handle.h"
+#include "platform/weborigin/KURL.h"
+#include "wtf/text/WTFString.h"
+
+
+class APIKeyTest;
+
+namespace blink {
+
+// The Experimental Framework (EF) provides limited access to experimental APIs,
+// on a per-origin basis.  This class defines the API key data structure, used
+// to securely provide access to an experimental API.
+//
+// Experimental APIs are defined by string names, provided by the implementers.
+// The EF code does not maintain an enum or constant list for experiment names.
+// Instead, the EF validates the name provided by the API implementation against
+// any provided API keys.
+//
+// In the renderer, the EF is concerned with checking whether an API key claims
+// to be valid for the current origin. It does not attempt to actually validate
+// the signature on the key.
+//
+// TODO(chasej): Link to documentation, or provide more detail on keys, .etc
+class CORE_EXPORT APIKey : public RefCountedWillBeGarbageCollected<APIKey> {
+public:
+    // Returns an APIKey object if the string can be parsed correctly. (This
+    // does not mean that the key is valid for the current origin, just that it
+    // is well-formed.) If the string is not a well-formed key, then a null
+    // pointer is returned.
+    static PassRefPtrWillBeRawPtr<APIKey> parse(const String&);
+
+    // Returns true if this API key was issued for the given origin and API
+    // combination.  Returning true does not mean that the key is valid nor

[chasej, 2015/12/15 19:43:41]

Should update comment to mention expiry date validation.

[iclelland, 2015/12/15 21:22:24]

Done.

+    // is it a sufficient check to allow access to the API.
+    bool isValidNowForOrigin(const String& origin, const String& apiName, uint64_t now) const;

[chasej, 2015/12/15 19:43:41]

The naming for this method seems a little awkward.  There's three parameters
(conditions) that are validated, but the name essentially only mentions two of
those.  It's potentially confusing to see apiName as a parameter.  I know this
can be addressed by the comment.  I wonder if naming it "isValid(args)" with a
good comment might be better?

[iclelland, 2015/12/15 21:22:24]

Sounds good. Done.

+
+protected:
+    friend class APIKeyTest;
+
+    bool validateOrigin(const String& originText) const;
+    bool validateApiName(const String& apiName) const;
+    bool validateDate(uint64_t now) const;
+
+private:
+    APIKey();
+    explicit APIKey(const String& m_signature, const KURL& origin, const String& apiName, uint64_t m_expiry);
+
+    String m_signature;
+    KURL m_origin;
+    String m_apiName;
+    uint64_t m_expiry;
+};
+
+} // namespace blink
+
+#endif // APIKey_h