Support subdomain matching in trial tokens

content/common/origin_trials/trial_token.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/origin_trials/trial_token.h"
 
 #include <openssl/curve25519.h>
 
 #include <vector>
 
@@ skipping 139 matching lines @@
   datadict->GetString("origin", &origin_string);
   datadict->GetString("feature", &feature_name);
   datadict->GetInteger("expiry", &expiry_timestamp);
 
   // Ensure that the origin is a valid (non-unique) origin URL.
   url::Origin origin = url::Origin(GURL(origin_string));
   if (origin.unique()) {
     return nullptr;
   }
 
+  // The |isSubdomain| flag is optional. If found, ensure it is a valid boolean.
+  bool is_subdomain = false;
+  if (datadict->HasKey("isSubdomain")) {
+    if (!datadict->GetBoolean("isSubdomain", &is_subdomain)) {
+      return nullptr;
+    }
+  }
+
   // Ensure that the feature name is a valid string.
   if (feature_name.empty()) {
     return nullptr;
   }
 
   // Ensure that the expiry timestamp is a valid (positive) integer.
   if (expiry_timestamp <= 0) {
     return nullptr;
   }
 
   return base::WrapUnique(
-      new TrialToken(origin, feature_name, expiry_timestamp));
+      new TrialToken(origin, is_subdomain, feature_name, expiry_timestamp));
 }
 
 bool TrialToken::ValidateOrigin(const url::Origin& origin) const {
+  if (match_subdomains_) {
+    return origin.scheme() == origin_.scheme() &&
+           origin.DomainIs(origin_.host()) &&

[estark, 2016/10/18 19:48:54]

Is token issuance restricted by the Public Suffix List? That is, is it possible
to get a token for, say, github.io or appspot.com?

+           origin.port() == origin_.port();
+  }
   return origin == origin_;
 }
 
 bool TrialToken::ValidateFeatureName(base::StringPiece feature_name) const {
   return feature_name == feature_name_;
 }
 
 bool TrialToken::ValidateDate(const base::Time& now) const {
   return expiry_time_ > now;
 }
@@ skipping 11 matching lines @@
   }
 
   int result = ED25519_verify(
       reinterpret_cast<const uint8_t*>(data.data()), data.length(),
       reinterpret_cast<const uint8_t*>(signature.data()),
       reinterpret_cast<const uint8_t*>(public_key.data()));
   return (result != 0);
 }
 
 TrialToken::TrialToken(const url::Origin& origin,
+                       bool match_subdomains,
                        const std::string& feature_name,
                        uint64_t expiry_timestamp)
     : origin_(origin),
+      match_subdomains_(match_subdomains),
       feature_name_(feature_name),
       expiry_time_(base::Time::FromDoubleT(expiry_timestamp)) {}
 
 }  // namespace content