| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/renderer/origin_trials/trial_token.h" | 5 #include "content/renderer/origin_trials/trial_token.h" |
| 6 | 6 |
| 7 #include <openssl/curve25519.h> | 7 #include <openssl/curve25519.h> |
| 8 | 8 |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/base64.h" | 11 #include "base/base64.h" |
| 12 #include "base/macros.h" | 12 #include "base/macros.h" |
| 13 #include "base/strings/string_number_conversions.h" | 13 #include "base/strings/string_number_conversions.h" |
| 14 #include "base/strings/string_split.h" | 14 #include "base/strings/string_split.h" |
| 15 #include "base/strings/string_util.h" | 15 #include "base/strings/string_util.h" |
| 16 #include "base/strings/utf_string_conversions.h" | 16 #include "base/strings/utf_string_conversions.h" |
| 17 #include "base/time/time.h" | 17 #include "base/time/time.h" |
| 18 #include "url/origin.h" | 18 #include "url/origin.h" |
| 19 | 19 |
| 20 namespace content { | 20 namespace content { |
| 21 | 21 |
| 22 namespace { | 22 namespace { |
| 23 | 23 |
| 24 // This is the default public key used for validating signatures. | |
| 25 // TODO(iclelland): Move this to the embedder, and provide a mechanism to allow | |
| 26 // for multiple signing keys. https://crbug.com/543220 | |
| 27 static const uint8_t kPublicKey[] = { | |
| 28 0x7c, 0xc4, 0xb8, 0x9a, 0x93, 0xba, 0x6e, 0xe2, 0xd0, 0xfd, 0x03, | |
| 29 0x1d, 0xfb, 0x32, 0x66, 0xc7, 0x3b, 0x72, 0xfd, 0x54, 0x3a, 0x07, | |
| 30 0x51, 0x14, 0x66, 0xaa, 0x02, 0x53, 0x4e, 0x33, 0xa1, 0x15, | |
| 31 }; | |
| 32 | |
| 33 const char* kFieldSeparator = "|"; | 24 const char* kFieldSeparator = "|"; |
| 34 | 25 |
| 35 } // namespace | 26 } // namespace |
| 36 | 27 |
| 37 TrialToken::~TrialToken() {} | 28 TrialToken::~TrialToken() {} |
| 38 | 29 |
| 39 scoped_ptr<TrialToken> TrialToken::Parse(const std::string& token_text) { | 30 scoped_ptr<TrialToken> TrialToken::Parse(const std::string& token_text) { |
| 40 if (token_text.empty()) { | 31 if (token_text.empty()) { |
| 41 return nullptr; | 32 return nullptr; |
| 42 } | 33 } |
| 43 | 34 |
| 44 // A valid token should resemble: | 35 // A valid token should resemble: |
| 45 // signature|origin|feature_name|expiry_timestamp | 36 // signature|origin|feature_name|expiry_timestamp |
| 46 // TODO(iclelland): Add version code to token format to identify key algo | 37 // TODO(iclelland): Add version code to token format to identify key algo |
| 47 // https://crbug.com/570684 | 38 // https://crbug.com/584737 |
| 48 std::vector<std::string> parts = SplitString( | 39 std::vector<std::string> parts = SplitString( |
| 49 token_text, kFieldSeparator, base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL); | 40 token_text, kFieldSeparator, base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL); |
| 50 if (parts.size() != 4) { | 41 if (parts.size() != 4) { |
| 51 return nullptr; | 42 return nullptr; |
| 52 } | 43 } |
| 53 | 44 |
| 54 const std::string& signature = parts[0]; | 45 const std::string& signature = parts[0]; |
| 55 const std::string& origin_string = parts[1]; | 46 const std::string& origin_string = parts[1]; |
| 56 const std::string& feature_name = parts[2]; | 47 const std::string& feature_name = parts[2]; |
| 57 const std::string& expiry_string = parts[3]; | 48 const std::string& expiry_string = parts[3]; |
| (...skipping 25 matching lines...) Expand all Loading... |
| 83 data_(data), | 74 data_(data), |
| 84 origin_(origin), | 75 origin_(origin), |
| 85 feature_name_(feature_name), | 76 feature_name_(feature_name), |
| 86 expiry_timestamp_(expiry_timestamp) {} | 77 expiry_timestamp_(expiry_timestamp) {} |
| 87 | 78 |
| 88 bool TrialToken::IsAppropriate(const std::string& origin, | 79 bool TrialToken::IsAppropriate(const std::string& origin, |
| 89 const std::string& feature_name) const { | 80 const std::string& feature_name) const { |
| 90 return ValidateOrigin(origin) && ValidateFeatureName(feature_name); | 81 return ValidateOrigin(origin) && ValidateFeatureName(feature_name); |
| 91 } | 82 } |
| 92 | 83 |
| 93 bool TrialToken::IsValid(const base::Time& now) const { | 84 bool TrialToken::IsValid(const base::Time& now, |
| 85 const base::StringPiece& public_key) const { |
| 94 // TODO(iclelland): Allow for multiple signing keys, and iterate over all | 86 // TODO(iclelland): Allow for multiple signing keys, and iterate over all |
| 95 // active keys here. https://crbug.com/543220 | 87 // active keys here. https://crbug.com/543220 |
| 96 return ValidateDate(now) && | 88 return ValidateDate(now) && ValidateSignature(public_key); |
| 97 ValidateSignature(base::StringPiece( | |
| 98 reinterpret_cast<const char*>(kPublicKey), arraysize(kPublicKey))); | |
| 99 } | 89 } |
| 100 | 90 |
| 101 bool TrialToken::ValidateOrigin(const std::string& origin) const { | 91 bool TrialToken::ValidateOrigin(const std::string& origin) const { |
| 102 return GURL(origin) == origin_; | 92 return GURL(origin) == origin_; |
| 103 } | 93 } |
| 104 | 94 |
| 105 bool TrialToken::ValidateFeatureName(const std::string& feature_name) const { | 95 bool TrialToken::ValidateFeatureName(const std::string& feature_name) const { |
| 106 return base::EqualsCaseInsensitiveASCII(feature_name, feature_name_); | 96 return base::EqualsCaseInsensitiveASCII(feature_name, feature_name_); |
| 107 } | 97 } |
| 108 | 98 |
| (...skipping 25 matching lines...) Expand all Loading... |
| 134 } | 124 } |
| 135 | 125 |
| 136 int result = ED25519_verify( | 126 int result = ED25519_verify( |
| 137 reinterpret_cast<const uint8_t*>(data.data()), data.length(), | 127 reinterpret_cast<const uint8_t*>(data.data()), data.length(), |
| 138 reinterpret_cast<const uint8_t*>(signature.data()), | 128 reinterpret_cast<const uint8_t*>(signature.data()), |
| 139 reinterpret_cast<const uint8_t*>(public_key.data())); | 129 reinterpret_cast<const uint8_t*>(public_key.data())); |
| 140 return (result != 0); | 130 return (result != 0); |
| 141 } | 131 } |
| 142 | 132 |
| 143 } // namespace content | 133 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1653263005:
[Experimental Framework] Move the trial token public key out of content and into the embedder. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master