content/common/origin_trials/trial_token.cc - Issue 1635593004: Rename Experimental Framework classes and concepts

Side by Side Diff: content/common/origin_trials/trial_token.cc

Issue 1635593004: Rename Experimental Framework classes and concepts (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Rebase Created 4 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/common/experiments/api_key.h"	5 #include "content/common/origin_trials/trial_token.h"

6	6

7 #include <openssl/curve25519.h>	7 #include <openssl/curve25519.h>

8	8

9 #include <vector>	9 #include <vector>

10	10

11 #include "base/base64.h"	11 #include "base/base64.h"

12 #include "base/macros.h"	12 #include "base/macros.h"

13 #include "base/strings/string_number_conversions.h"	13 #include "base/strings/string_number_conversions.h"

14 #include "base/strings/string_split.h"	14 #include "base/strings/string_split.h"

15 #include "base/strings/string_util.h"	15 #include "base/strings/string_util.h"

16 #include "base/strings/utf_string_conversions.h"	16 #include "base/strings/utf_string_conversions.h"

17 #include "base/time/time.h"	17 #include "base/time/time.h"

18 #include "url/origin.h"	18 #include "url/origin.h"

19	19

20 namespace content {	20 namespace content {

21	21

22 namespace {	22 namespace {

23	23

24 // This is the default public key used for validating signatures.	24 // This is the default public key used for validating signatures.

25 // TODO(iclelland): Move this to the embedder, and provide a mechanism to allow	25 // TODO(iclelland): Move this to the embedder, and provide a mechanism to allow

26 // for multiple signing keys. https://crbug.com/543220	26 // for multiple signing keys. https://crbug.com/543220

27 static const uint8_t kPublicKey[] = {	27 static const uint8_t kPublicKey[] = {

28 0x7c, 0xc4, 0xb8, 0x9a, 0x93, 0xba, 0x6e, 0xe2, 0xd0, 0xfd, 0x03,	28 0x7c, 0xc4, 0xb8, 0x9a, 0x93, 0xba, 0x6e, 0xe2, 0xd0, 0xfd, 0x03,

29 0x1d, 0xfb, 0x32, 0x66, 0xc7, 0x3b, 0x72, 0xfd, 0x54, 0x3a, 0x07,	29 0x1d, 0xfb, 0x32, 0x66, 0xc7, 0x3b, 0x72, 0xfd, 0x54, 0x3a, 0x07,

30 0x51, 0x14, 0x66, 0xaa, 0x02, 0x53, 0x4e, 0x33, 0xa1, 0x15,	30 0x51, 0x14, 0x66, 0xaa, 0x02, 0x53, 0x4e, 0x33, 0xa1, 0x15,

31 };	31 };

32	32

33 const char* kApiKeyFieldSeparator = "\|";	33 const char* kFieldSeparator = "\|";

34	34

35 } // namespace	35 } // namespace

36	36

37 ApiKey::~ApiKey() {}	37 TrialToken::~TrialToken() {}

38	38

39 scoped_ptr<ApiKey> ApiKey::Parse(const std::string& key_text) {	39 scoped_ptr<TrialToken> TrialToken::Parse(const std::string& token_text) {

40 if (key_text.empty()) {	40 if (token_text.empty()) {

41 return nullptr;	41 return nullptr;

42 }	42 }

43	43

44 // API Key should resemble:	44 // A valid token should resemble:

45 // signature\|origin\|api_name\|expiry_timestamp	45 // signature\|origin\|feature_name\|expiry_timestamp

46 // TODO(iclelland): Add version code to API key format to identify key algo	46 // TODO(iclelland): Add version code to token format to identify key algo

47 // https://crbug.com/570684	47 // https://crbug.com/570684

48 std::vector<std::string> parts =	48 std::vector<std::string> parts = SplitString(

49 SplitString(key_text, kApiKeyFieldSeparator, base::KEEP_WHITESPACE,	49 token_text, kFieldSeparator, base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL);

50 base::SPLIT_WANT_ALL);

51 if (parts.size() != 4) {	50 if (parts.size() != 4) {

52 return nullptr;	51 return nullptr;

53 }	52 }

54	53

55 const std::string& signature = parts[0];	54 const std::string& signature = parts[0];

56 const std::string& origin_string = parts[1];	55 const std::string& origin_string = parts[1];

57 const std::string& api_name = parts[2];	56 const std::string& feature_name = parts[2];

58 const std::string& expiry_string = parts[3];	57 const std::string& expiry_string = parts[3];

59	58

60 uint64_t expiry_timestamp;	59 uint64_t expiry_timestamp;

61 if (!base::StringToUint64(expiry_string, &expiry_timestamp)) {	60 if (!base::StringToUint64(expiry_string, &expiry_timestamp)) {

62 return nullptr;	61 return nullptr;

63 }	62 }

64	63

65 // Ensure that the origin is a valid (non-unique) origin URL	64 // Ensure that the origin is a valid (non-unique) origin URL

66 GURL origin_url(origin_string);	65 GURL origin_url(origin_string);

67 if (url::Origin(origin_url).unique()) {	66 if (url::Origin(origin_url).unique()) {

68 return nullptr;	67 return nullptr;

69 }	68 }

70	69

71 // signed data is (origin + "\|" + api_name + "\|" + expiry).	70 // signed data is (origin + "\|" + feature_name + "\|" + expiry).

72 std::string data = key_text.substr(signature.length() + 1);	71 std::string data = token_text.substr(signature.length() + 1);

73	72

74 return make_scoped_ptr(	73 return make_scoped_ptr(new TrialToken(signature, data, origin_url,

75 new ApiKey(signature, data, origin_url, api_name, expiry_timestamp));	74 feature_name, expiry_timestamp));

76 }	75 }

77	76

78 ApiKey::ApiKey(const std::string& signature,	77 TrialToken::TrialToken(const std::string& signature,

79 const std::string& data,	78 const std::string& data,

80 const GURL& origin,	79 const GURL& origin,

81 const std::string& api_name,	80 const std::string& feature_name,

82 uint64_t expiry_timestamp)	81 uint64_t expiry_timestamp)

83 : signature_(signature),	82 : signature_(signature),

84 data_(data),	83 data_(data),

85 origin_(origin),	84 origin_(origin),

86 api_name_(api_name),	85 feature_name_(feature_name),

87 expiry_timestamp_(expiry_timestamp) {}	86 expiry_timestamp_(expiry_timestamp) {}

88	87

89 bool ApiKey::IsAppropriate(const std::string& origin,	88 bool TrialToken::IsAppropriate(const std::string& origin,

90 const std::string& api_name) const {	89 const std::string& feature_name) const {

91 return ValidateOrigin(origin) && ValidateApiName(api_name);	90 return ValidateOrigin(origin) && ValidateFeatureName(feature_name);

92 }	91 }

93	92

94 bool ApiKey::IsValid(const base::Time& now) const {	93 bool TrialToken::IsValid(const base::Time& now) const {

95 // TODO(iclelland): Allow for multiple signing keys, and iterate over all	94 // TODO(iclelland): Allow for multiple signing keys, and iterate over all

96 // active keys here. https://crbug.com/543220	95 // active keys here. https://crbug.com/543220

97 return ValidateDate(now) &&	96 return ValidateDate(now) &&

98 ValidateSignature(base::StringPiece(	97 ValidateSignature(base::StringPiece(

99 reinterpret_cast<const char*>(kPublicKey), arraysize(kPublicKey)));	98 reinterpret_cast<const char*>(kPublicKey), arraysize(kPublicKey)));

100 }	99 }

101	100

102 bool ApiKey::ValidateOrigin(const std::string& origin) const {	101 bool TrialToken::ValidateOrigin(const std::string& origin) const {

103 return GURL(origin) == origin_;	102 return GURL(origin) == origin_;

104 }	103 }

105	104

106 bool ApiKey::ValidateApiName(const std::string& api_name) const {	105 bool TrialToken::ValidateFeatureName(const std::string& feature_name) const {

107 return base::EqualsCaseInsensitiveASCII(api_name, api_name_);	106 return base::EqualsCaseInsensitiveASCII(feature_name, feature_name_);

108 }	107 }

109	108

110 bool ApiKey::ValidateDate(const base::Time& now) const {	109 bool TrialToken::ValidateDate(const base::Time& now) const {

111 base::Time expiry_time = base::Time::FromDoubleT((double)expiry_timestamp_);	110 base::Time expiry_time = base::Time::FromDoubleT((double)expiry_timestamp_);

112 return expiry_time > now;	111 return expiry_time > now;

113 }	112 }

114	113

115 bool ApiKey::ValidateSignature(const base::StringPiece& public_key) const {	114 bool TrialToken::ValidateSignature(const base::StringPiece& public_key) const {

116 return ValidateSignature(signature_, data_, public_key);	115 return ValidateSignature(signature_, data_, public_key);

117 }	116 }

118	117

119 // static	118 // static

120 bool ApiKey::ValidateSignature(const std::string& signature_text,	119 bool TrialToken::ValidateSignature(const std::string& signature_text,

121 const std::string& data,	120 const std::string& data,

122 const base::StringPiece& public_key) {	121 const base::StringPiece& public_key) {

123 // Public key must be 32 bytes long for Ed25519.	122 // Public key must be 32 bytes long for Ed25519.

124 CHECK_EQ(public_key.length(), 32UL);	123 CHECK_EQ(public_key.length(), 32UL);

125	124

126 std::string signature;	125 std::string signature;

127 // signature_text is base64-encoded; decode first.	126 // signature_text is base64-encoded; decode first.

128 if (!base::Base64Decode(signature_text, &signature)) {	127 if (!base::Base64Decode(signature_text, &signature)) {

129 return false;	128 return false;

130 }	129 }

131	130

132 // Signature must be 64 bytes long	131 // Signature must be 64 bytes long

133 if (signature.length() != 64) {	132 if (signature.length() != 64) {

134 return false;	133 return false;

135 }	134 }

136	135

137 int result = ED25519_verify(	136 int result = ED25519_verify(

138 reinterpret_cast<const uint8_t*>(data.data()), data.length(),	137 reinterpret_cast<const uint8_t*>(data.data()), data.length(),

139 reinterpret_cast<const uint8_t*>(signature.data()),	138 reinterpret_cast<const uint8_t*>(signature.data()),

140 reinterpret_cast<const uint8_t*>(public_key.data()));	139 reinterpret_cast<const uint8_t*>(public_key.data()));

141 return (result != 0);	140 return (result != 0);

142 }	141 }

143	142

144 } // namespace content	143 } // namespace content

OLD	NEW

« no previous file with comments | « content/common/origin_trials/trial_token.h ('k') | content/common/origin_trials/trial_token_unittest.cc » ('j') | no next file with comments »