| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/origin_trials/trial_token.h" | 5 #include "content/common/origin_trials/trial_token.h" |
| 6 | 6 |
| 7 #include <openssl/curve25519.h> | 7 #include <openssl/curve25519.h> |
| 8 | 8 |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 25 matching lines...) Expand all Loading... |
| 36 | 36 |
| 37 // Version 2 is the only token version currently supported. Version 1 was | 37 // Version 2 is the only token version currently supported. Version 1 was |
| 38 // introduced in Chrome M50, and removed in M51. There were no experiments | 38 // introduced in Chrome M50, and removed in M51. There were no experiments |
| 39 // enabled in the stable M50 release which would have used those tokens. | 39 // enabled in the stable M50 release which would have used those tokens. |
| 40 const uint8_t kVersion2 = 2; | 40 const uint8_t kVersion2 = 2; |
| 41 | 41 |
| 42 } // namespace | 42 } // namespace |
| 43 | 43 |
| 44 TrialToken::~TrialToken() {} | 44 TrialToken::~TrialToken() {} |
| 45 | 45 |
| 46 // static | 46 // Static |
| 47 std::unique_ptr<TrialToken> TrialToken::From(const std::string& token_text, | 47 TrialTokenStatus TrialToken::From(const std::string& token_text, |
| 48 base::StringPiece public_key) { | 48 base::StringPiece public_key, |
| 49 std::unique_ptr<std::string> token_payload = Extract(token_text, public_key); | 49 std::unique_ptr<TrialToken>& out_token) { |
| 50 if (!token_payload) { | 50 std::unique_ptr<std::string> token_payload; |
| 51 return nullptr; | 51 TrialTokenStatus status = Extract(token_text, public_key, token_payload); |
| 52 if (status != TRIAL_TOKEN_STATUS_SUCCESS) { |
| 53 out_token.reset(); |
| 54 return status; |
| 52 } | 55 } |
| 53 return Parse(*token_payload); | 56 out_token = Parse(*token_payload); |
| 57 return out_token ? TRIAL_TOKEN_STATUS_SUCCESS : TRIAL_TOKEN_STATUS_MALFORMED; |
| 54 } | 58 } |
| 55 | 59 |
| 56 bool TrialToken::IsValidForFeature(const url::Origin& origin, | 60 TrialTokenStatus TrialToken::IsValidForFeature(const url::Origin& origin, |
| 57 base::StringPiece feature_name, | 61 base::StringPiece feature_name, |
| 58 const base::Time& now) const { | 62 const base::Time& now) const { |
| 59 return ValidateOrigin(origin) && ValidateFeatureName(feature_name) && | 63 // The order of these checks is intentional. For example, will only report a |
| 60 ValidateDate(now); | 64 // token as expired if it is valid for the origin + feature combination. |
| 65 if (!ValidateOrigin(origin)) { |
| 66 return TRIAL_TOKEN_STATUS_WRONG_ORIGIN; |
| 67 } |
| 68 if (!ValidateFeatureName(feature_name)) { |
| 69 return TRIAL_TOKEN_STATUS_WRONG_FEATURE; |
| 70 } |
| 71 if (!ValidateDate(now)) { |
| 72 return TRIAL_TOKEN_STATUS_EXPIRED; |
| 73 } |
| 74 return TRIAL_TOKEN_STATUS_SUCCESS; |
| 61 } | 75 } |
| 62 | 76 |
| 63 std::unique_ptr<std::string> TrialToken::Extract( | 77 TrialTokenStatus TrialToken::Extract( |
| 64 const std::string& token_payload, | 78 const std::string& token_payload, |
| 65 base::StringPiece public_key) { | 79 base::StringPiece public_key, |
| 80 std::unique_ptr<std::string>& out_token_json) { |
| 66 if (token_payload.empty()) { | 81 if (token_payload.empty()) { |
| 67 return nullptr; | 82 return TRIAL_TOKEN_STATUS_MALFORMED; |
| 68 } | 83 } |
| 69 | 84 |
| 70 // Token is base64-encoded; decode first. | 85 // Token is base64-encoded; decode first. |
| 71 std::string token_contents; | 86 std::string token_contents; |
| 72 if (!base::Base64Decode(token_payload, &token_contents)) { | 87 if (!base::Base64Decode(token_payload, &token_contents)) { |
| 73 return nullptr; | 88 return TRIAL_TOKEN_STATUS_MALFORMED; |
| 74 } | 89 } |
| 75 | 90 |
| 76 // Only version 2 currently supported. | 91 // Only version 2 currently supported. |
| 77 if (token_contents.length() < (kVersionOffset + kVersionSize)) { | 92 if (token_contents.length() < (kVersionOffset + kVersionSize)) { |
| 78 return nullptr; | 93 return TRIAL_TOKEN_STATUS_MALFORMED; |
| 79 } | 94 } |
| 80 uint8_t version = token_contents[kVersionOffset]; | 95 uint8_t version = token_contents[kVersionOffset]; |
| 81 if (version != kVersion2) { | 96 if (version != kVersion2) { |
| 82 return nullptr; | 97 return TRIAL_TOKEN_STATUS_MALFORMED; |
| 83 } | 98 } |
| 84 | 99 |
| 85 // Token must be large enough to contain a version, signature, and payload | 100 // Token must be large enough to contain a version, signature, and payload |
| 86 // length. | 101 // length. |
| 87 if (token_contents.length() < (kPayloadLengthOffset + kPayloadLengthSize)) { | 102 if (token_contents.length() < (kPayloadLengthOffset + kPayloadLengthSize)) { |
| 88 return nullptr; | 103 return TRIAL_TOKEN_STATUS_MALFORMED; |
| 89 } | 104 } |
| 90 | 105 |
| 91 // Extract the length of the signed data (Big-endian). | 106 // Extract the length of the signed data (Big-endian). |
| 92 uint32_t payload_length; | 107 uint32_t payload_length; |
| 93 base::ReadBigEndian(&(token_contents[kPayloadLengthOffset]), &payload_length); | 108 base::ReadBigEndian(&(token_contents[kPayloadLengthOffset]), &payload_length); |
| 94 | 109 |
| 95 // Validate that the stated length matches the actual payload length. | 110 // Validate that the stated length matches the actual payload length. |
| 96 if (payload_length != token_contents.length() - kPayloadOffset) { | 111 if (payload_length != token_contents.length() - kPayloadOffset) { |
| 97 return nullptr; | 112 return TRIAL_TOKEN_STATUS_MALFORMED; |
| 98 } | 113 } |
| 99 | 114 |
| 100 // Extract the version-specific contents of the token. | 115 // Extract the version-specific contents of the token. |
| 101 const char* token_bytes = token_contents.data(); | 116 const char* token_bytes = token_contents.data(); |
| 102 base::StringPiece version_piece(token_bytes + kVersionOffset, kVersionSize); | 117 base::StringPiece version_piece(token_bytes + kVersionOffset, kVersionSize); |
| 103 base::StringPiece signature(token_bytes + kSignatureOffset, kSignatureSize); | 118 base::StringPiece signature(token_bytes + kSignatureOffset, kSignatureSize); |
| 104 base::StringPiece payload_piece(token_bytes + kPayloadLengthOffset, | 119 base::StringPiece payload_piece(token_bytes + kPayloadLengthOffset, |
| 105 kPayloadLengthSize + payload_length); | 120 kPayloadLengthSize + payload_length); |
| 106 | 121 |
| 107 // The data which is covered by the signature is (version + length + payload). | 122 // The data which is covered by the signature is (version + length + payload). |
| 108 std::string signed_data = | 123 std::string signed_data = |
| 109 version_piece.as_string() + payload_piece.as_string(); | 124 version_piece.as_string() + payload_piece.as_string(); |
| 110 | 125 |
| 111 // Validate the signature on the data before proceeding. | 126 // Validate the signature on the data before proceeding. |
| 112 if (!TrialToken::ValidateSignature(signature, signed_data, public_key)) { | 127 if (!TrialToken::ValidateSignature(signature, signed_data, public_key)) { |
| 113 return nullptr; | 128 return TRIAL_TOKEN_STATUS_INVALID_SIGNATURE; |
| 114 } | 129 } |
| 115 | 130 |
| 116 // Return just the payload, as a new string. | 131 // Return just the payload, as a new string. |
| 117 return base::WrapUnique( | 132 out_token_json.reset( |
| 118 new std::string(token_contents, kPayloadOffset, payload_length)); | 133 new std::string(token_contents, kPayloadOffset, payload_length)); |
| 134 return TRIAL_TOKEN_STATUS_SUCCESS; |
| 119 } | 135 } |
| 120 | 136 |
| 121 std::unique_ptr<TrialToken> TrialToken::Parse(const std::string& token_json) { | 137 std::unique_ptr<TrialToken> TrialToken::Parse(const std::string& token_json) { |
| 122 std::unique_ptr<base::DictionaryValue> datadict = | 138 std::unique_ptr<base::DictionaryValue> datadict = |
| 123 base::DictionaryValue::From(base::JSONReader::Read(token_json)); | 139 base::DictionaryValue::From(base::JSONReader::Read(token_json)); |
| 124 if (!datadict) { | 140 if (!datadict) { |
| 125 return nullptr; | 141 return nullptr; |
| 126 } | 142 } |
| 127 | 143 |
| 128 std::string origin_string; | 144 std::string origin_string; |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 184 } | 200 } |
| 185 | 201 |
| 186 TrialToken::TrialToken(const url::Origin& origin, | 202 TrialToken::TrialToken(const url::Origin& origin, |
| 187 const std::string& feature_name, | 203 const std::string& feature_name, |
| 188 uint64_t expiry_timestamp) | 204 uint64_t expiry_timestamp) |
| 189 : origin_(origin), | 205 : origin_(origin), |
| 190 feature_name_(feature_name), | 206 feature_name_(feature_name), |
| 191 expiry_time_(base::Time::FromDoubleT(expiry_timestamp)) {} | 207 expiry_time_(base::Time::FromDoubleT(expiry_timestamp)) {} |
| 192 | 208 |
| 193 } // namespace content | 209 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1909633003:
Collect UMA data for Origin Trials (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master