| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CONTENT_RENDERER_ORIGIN_TRIALS_TRIAL_TOKEN_H_ | |
| 6 #define CONTENT_RENDERER_ORIGIN_TRIALS_TRIAL_TOKEN_H_ | |
| 7 | |
| 8 #include <string> | |
| 9 | |
| 10 #include "base/memory/scoped_ptr.h" | |
| 11 #include "base/strings/string_piece.h" | |
| 12 #include "base/time/time.h" | |
| 13 #include "content/common/content_export.h" | |
| 14 #include "url/origin.h" | |
| 15 | |
| 16 namespace content { | |
| 17 | |
| 18 // The Experimental Framework (EF) provides limited access to experimental | |
| 19 // features, on a per-origin basis (origin trials). This class defines the trial | |
| 20 // token data structure, used to securely provide access to an experimental | |
| 21 // feature. | |
| 22 // | |
| 23 // Features are defined by string names, provided by the implementers. The EF | |
| 24 // code does not maintain an enum or constant list for feature names. Instead, | |
| 25 // the EF validates the name provided by the feature implementation against any | |
| 26 // provided tokens. | |
| 27 // | |
| 28 // More documentation on the token format can be found at | |
| 29 // https://docs.google.com/document/d/1v5fi0EUV_QHckVHVF2K4P72iNywnrJtNhNZ6i2NPt
0M | |
| 30 | |
| 31 class CONTENT_EXPORT TrialToken { | |
| 32 public: | |
| 33 ~TrialToken(); | |
| 34 | |
| 35 // Returns a token object if the string represents a well-formed token, or | |
| 36 // nullptr otherwise. (This does not mean that the token is valid, just that | |
| 37 // it can be parsed.) | |
| 38 static scoped_ptr<TrialToken> Parse(const std::string& token_text); | |
| 39 | |
| 40 // Returns true if this feature is appropriate for use by the given origin, | |
| 41 // for the given feature name. This does not check whether the signature is | |
| 42 // valid, or whether the token itself has expired. | |
| 43 bool IsAppropriate(const url::Origin& origin, | |
| 44 base::StringPiece feature_name) const; | |
| 45 | |
| 46 // Returns true if this token has a valid signature, and has not expired. | |
| 47 bool IsValid(const base::Time& now, base::StringPiece public_key) const; | |
| 48 | |
| 49 uint8_t version() { return version_; } | |
| 50 std::string signature() { return signature_; } | |
| 51 std::string data() { return data_; } | |
| 52 url::Origin origin() { return origin_; } | |
| 53 std::string feature_name() { return feature_name_; } | |
| 54 base::Time expiry_time() { return expiry_time_; } | |
| 55 | |
| 56 protected: | |
| 57 friend class TrialTokenTest; | |
| 58 | |
| 59 bool ValidateOrigin(const url::Origin& origin) const; | |
| 60 bool ValidateFeatureName(base::StringPiece feature_name) const; | |
| 61 bool ValidateDate(const base::Time& now) const; | |
| 62 bool ValidateSignature(base::StringPiece public_key) const; | |
| 63 | |
| 64 static bool ValidateSignature(const std::string& signature_text, | |
| 65 const std::string& data, | |
| 66 base::StringPiece public_key); | |
| 67 | |
| 68 private: | |
| 69 TrialToken(uint8_t version, | |
| 70 const std::string& signature, | |
| 71 const std::string& data, | |
| 72 const url::Origin& origin, | |
| 73 const std::string& feature_name, | |
| 74 uint64_t expiry_timestamp); | |
| 75 | |
| 76 // The version number for this token. The version identifies the structure of | |
| 77 // the token, as well as the algorithm used to generate/validate the token. | |
| 78 // The version number is only incremented when incompatible changes are made | |
| 79 // to either the structure (e.g. adding a field), or the algorithm (e.g. | |
| 80 // changing the hash or signing algorithm). | |
| 81 // NOTE: The version number is not part of the token signature and validation. | |
| 82 // Thus it is possible to modify a token to use a different version from | |
| 83 // that used to generate the signature. To mitigate cross-version | |
| 84 // attacks, the signing key(s) should be changed whenever there are | |
| 85 // changes to the token structure or algorithms. | |
| 86 uint8_t version_; | |
| 87 | |
| 88 // The base64-encoded-signature portion of the token. For the token to be | |
| 89 // valid, this must be a valid signature for the data portion of the token, as | |
| 90 // verified by the public key in trial_token.cc. | |
| 91 std::string signature_; | |
| 92 | |
| 93 // The portion of the token string which is signed, and whose signature is | |
| 94 // contained in the signature_ member. | |
| 95 std::string data_; | |
| 96 | |
| 97 // The origin for which this token is valid. Must be a secure origin. | |
| 98 url::Origin origin_; | |
| 99 | |
| 100 // The name of the experimental feature which this token enables. | |
| 101 std::string feature_name_; | |
| 102 | |
| 103 // The time until which this token should be considered valid. | |
| 104 base::Time expiry_time_; | |
| 105 }; | |
| 106 | |
| 107 } // namespace content | |
| 108 | |
| 109 #endif // CONTENT_RENDERER_ORIGIN_TRIALS_TRIAL_TOKEN_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1742053002:
Move trial token code to content/common. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master