Chromium Code Reviews Chromium Code Reviews
Issue 1752463002:
Cleanup TrialToken in preparation of moving it to content/common. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/renderer/origin_trials/trial_token.h" | 5 #include "content/renderer/origin_trials/trial_token.h" |
| 6 | 6 |
| 7 #include <openssl/curve25519.h> | 7 #include <openssl/curve25519.h> |
| 8 | 8 |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/base64.h" | 11 #include "base/base64.h" |
| 12 #include "base/macros.h" | 12 #include "base/macros.h" |
| 13 #include "base/strings/string_number_conversions.h" | 13 #include "base/strings/string_number_conversions.h" |
| 14 #include "base/strings/string_split.h" | 14 #include "base/strings/string_split.h" |
| 15 #include "base/strings/string_util.h" | 15 #include "base/strings/string_util.h" |
| 16 #include "base/strings/utf_string_conversions.h" | 16 #include "base/strings/utf_string_conversions.h" |
| 17 #include "base/time/time.h" | 17 #include "base/time/time.h" |
| 18 #include "url/gurl.h" | |
| 18 #include "url/origin.h" | 19 #include "url/origin.h" |
| 19 | 20 |
| 20 namespace content { | 21 namespace content { |
| 21 | 22 |
| 22 namespace { | 23 namespace { |
| 23 | 24 |
| 24 // Version 1 is the only token version currently supported | 25 // Version 1 is the only token version currently supported |
| 25 const uint8_t kVersion1 = 1; | 26 const uint8_t kVersion1 = 1; |
| 26 | 27 |
| 27 const char* kFieldSeparator = "|"; | 28 const char* kFieldSeparator = "|"; |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 70 const std::string& origin_string = parts[1]; | 71 const std::string& origin_string = parts[1]; |
| 71 const std::string& feature_name = parts[2]; | 72 const std::string& feature_name = parts[2]; |
| 72 const std::string& expiry_string = parts[3]; | 73 const std::string& expiry_string = parts[3]; |
| 73 | 74 |
| 74 uint64_t expiry_timestamp; | 75 uint64_t expiry_timestamp; |
| 75 if (!base::StringToUint64(expiry_string, &expiry_timestamp)) { | 76 if (!base::StringToUint64(expiry_string, &expiry_timestamp)) { |
| 76 return nullptr; | 77 return nullptr; |
| 77 } | 78 } |
| 78 | 79 |
| 79 // Ensure that the origin is a valid (non-unique) origin URL | 80 // Ensure that the origin is a valid (non-unique) origin URL |
| 80 GURL origin_url(origin_string); | 81 url::Origin origin = url::Origin(GURL(origin_string)); |
| 81 if (url::Origin(origin_url).unique()) { | 82 if (origin.unique()) { |
| 82 return nullptr; | 83 return nullptr; |
| 83 } | 84 } |
| 84 | 85 |
| 85 // Signed data is (origin + "|" + feature_name + "|" + expiry). | 86 // Signed data is (origin + "|" + feature_name + "|" + expiry). |
| 86 std::string data = token_contents.substr(signature.length() + 1); | 87 std::string data = token_contents.substr(signature.length() + 1); |
| 87 | 88 |
| 88 return make_scoped_ptr(new TrialToken(version, signature, data, origin_url, | 89 return make_scoped_ptr(new TrialToken(version, signature, data, origin, |
| 89 feature_name, expiry_timestamp)); | 90 feature_name, expiry_timestamp)); |
| 90 } | 91 } |
| 91 | 92 |
| 92 TrialToken::TrialToken(uint8_t version, | 93 bool TrialToken::IsAppropriate(const url::Origin& origin, |
| 93 const std::string& signature, | 94 base::StringPiece feature_name) const { |
| 94 const std::string& data, | |
| 95 const GURL& origin, | |
| 96 const std::string& feature_name, | |
| 97 uint64_t expiry_timestamp) | |
| 98 : version_(version), | |
| 99 signature_(signature), | |
| 100 data_(data), | |
| 101 origin_(origin), | |
| 102 feature_name_(feature_name), | |
| 103 expiry_timestamp_(expiry_timestamp) {} | |
| 104 | |
| 105 bool TrialToken::IsAppropriate(const std::string& origin, | |
| 106 const std::string& feature_name) const { | |
| 107 return ValidateOrigin(origin) && ValidateFeatureName(feature_name); | 95 return ValidateOrigin(origin) && ValidateFeatureName(feature_name); |
| 108 } | 96 } |
| 109 | 97 |
| 110 bool TrialToken::IsValid(const base::Time& now, | 98 bool TrialToken::IsValid(const base::Time& now, |
| 111 const base::StringPiece& public_key) const { | 99 base::StringPiece public_key) const { |
| 112 // TODO(iclelland): Allow for multiple signing keys, and iterate over all | |
| 113 // active keys here. https://crbug.com/543220 | |
|
Avi (use Gerrit)
2016/03/10 22:55:29
Is the removal of the comment intentional?
Marijn Kruisselbrink
2016/03/11 00:07:33
No, in an earlier version of this CL I moved to co
| |
| 114 return ValidateDate(now) && ValidateSignature(public_key); | 100 return ValidateDate(now) && ValidateSignature(public_key); |
| 115 } | 101 } |
| 116 | 102 |
| 117 bool TrialToken::ValidateOrigin(const std::string& origin) const { | 103 bool TrialToken::ValidateOrigin(const url::Origin& origin) const { |
| 118 return GURL(origin) == origin_; | 104 return origin == origin_; |
| 119 } | 105 } |
| 120 | 106 |
| 121 bool TrialToken::ValidateFeatureName(const std::string& feature_name) const { | 107 bool TrialToken::ValidateFeatureName(base::StringPiece feature_name) const { |
| 122 return feature_name == feature_name_; | 108 return feature_name == feature_name_; |
| 123 } | 109 } |
| 124 | 110 |
| 125 bool TrialToken::ValidateDate(const base::Time& now) const { | 111 bool TrialToken::ValidateDate(const base::Time& now) const { |
| 126 base::Time expiry_time = base::Time::FromDoubleT((double)expiry_timestamp_); | 112 return expiry_time_ > now; |
| 127 return expiry_time > now; | |
| 128 } | 113 } |
| 129 | 114 |
| 130 bool TrialToken::ValidateSignature(const base::StringPiece& public_key) const { | 115 bool TrialToken::ValidateSignature(base::StringPiece public_key) const { |
| 131 return ValidateSignature(signature_, data_, public_key); | 116 return ValidateSignature(signature_, data_, public_key); |
| 132 } | 117 } |
| 133 | 118 |
| 134 // static | 119 // static |
| 135 bool TrialToken::ValidateSignature(const std::string& signature_text, | 120 bool TrialToken::ValidateSignature(const std::string& signature_text, |
| 136 const std::string& data, | 121 const std::string& data, |
| 137 const base::StringPiece& public_key) { | 122 base::StringPiece public_key) { |
| 138 // Public key must be 32 bytes long for Ed25519. | 123 // Public key must be 32 bytes long for Ed25519. |
| 139 CHECK_EQ(public_key.length(), 32UL); | 124 CHECK_EQ(public_key.length(), 32UL); |
| 140 | 125 |
| 141 std::string signature; | 126 std::string signature; |
| 142 // signature_text is base64-encoded; decode first. | 127 // signature_text is base64-encoded; decode first. |
| 143 if (!base::Base64Decode(signature_text, &signature)) { | 128 if (!base::Base64Decode(signature_text, &signature)) { |
| 144 return false; | 129 return false; |
| 145 } | 130 } |
| 146 | 131 |
| 147 // Signature must be 64 bytes long | 132 // Signature must be 64 bytes long |
| 148 if (signature.length() != 64) { | 133 if (signature.length() != 64) { |
| 149 return false; | 134 return false; |
| 150 } | 135 } |
| 151 | 136 |
| 152 int result = ED25519_verify( | 137 int result = ED25519_verify( |
| 153 reinterpret_cast<const uint8_t*>(data.data()), data.length(), | 138 reinterpret_cast<const uint8_t*>(data.data()), data.length(), |
| 154 reinterpret_cast<const uint8_t*>(signature.data()), | 139 reinterpret_cast<const uint8_t*>(signature.data()), |
| 155 reinterpret_cast<const uint8_t*>(public_key.data())); | 140 reinterpret_cast<const uint8_t*>(public_key.data())); |
| 156 return (result != 0); | 141 return (result != 0); |
| 157 } | 142 } |
| 158 | 143 |
| 144 TrialToken::TrialToken(uint8_t version, | |
| 145 const std::string& signature, | |
| 146 const std::string& data, | |
| 147 const url::Origin& origin, | |
| 148 const std::string& feature_name, | |
| 149 uint64_t expiry_timestamp) | |
| 150 : version_(version), | |
| 151 signature_(signature), | |
| 152 data_(data), | |
| 153 origin_(origin), | |
| 154 feature_name_(feature_name), | |
| 155 expiry_time_(base::Time::FromDoubleT(expiry_timestamp)) {} | |
| 156 | |
| 159 } // namespace content | 157 } // namespace content |
| OLD | NEW |
