Add Digital Asset Links verification for postMessage API

chrome/browser/android/digital_asset_links/digital_asset_links_handler.cc

Index: chrome/browser/android/digital_asset_links/digital_asset_links_handler.cc
diff --git a/chrome/browser/android/digital_asset_links/digital_asset_links_handler.cc b/chrome/browser/android/digital_asset_links/digital_asset_links_handler.cc
new file mode 100644
index 0000000000000000000000000000000000000000..ee569c82a9fbb888694b7871a3d59941a1e087c0
--- /dev/null
+++ b/chrome/browser/android/digital_asset_links/digital_asset_links_handler.cc
@@ -0,0 +1,102 @@
+// Copyright (c) 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/android/digital_asset_links/digital_asset_links_handler.h"
+
+#include "base/json/json_reader.h"
+#include "base/logging.h"
+#include "base/strings/string_number_conversions.h"
+#include "base/strings/stringprintf.h"
+#include "base/values.h"
+#include "net/base/load_flags.h"
+#include "net/base/url_util.h"
+#include "net/http/http_response_headers.h"
+#include "net/http/http_status_code.h"
+#include "net/http/http_util.h"
+#include "net/url_request/url_request_status.h"
+
+namespace {
+const char kDigitalAssetLinksBaseURL[] =
+    "https://digitalassetlinks.googleapis.com";
+const char kDigitalAssetLinksCheckAPI[] = "/v1/assetlinks:check?";
+const char kTargetOriginParam[] = "source.web.site";
+const char kSourcePackageNameParam[] = "target.androidApp.packageName";
+const char kSourceFingerprintParam[] =
+    "target.androidApp.certificate.sha256Fingerprint";
+const char kRelationshipParam[] = "relation";
+
+GURL GetUrlForCheckingRelationship(const std::string& web_domain,
+                                   const std::string& package_name,
+                                   const std::string& fingerprint,
+                                   const std::string& relationship) {
+  GURL request_url =
+      GURL(kDigitalAssetLinksBaseURL).Resolve(kDigitalAssetLinksCheckAPI);
+  request_url =
+      net::AppendQueryParameter(request_url, kTargetOriginParam, web_domain);
+  request_url = net::AppendQueryParameter(request_url, kSourcePackageNameParam,
+                                          package_name);
+  request_url = net::AppendQueryParameter(request_url, kSourceFingerprintParam,
+                                          fingerprint);
+  request_url =
+      net::AppendQueryParameter(request_url, kRelationshipParam, relationship);
+  DCHECK(request_url.is_valid());
+  return request_url;
+}
+}  // namespace
+
+namespace digital_asset_links {
+
+const char kDigitalAssetLinksCheckResponseKeyLinked[] = "linked";
+
+DigitalAssetLinksHandler::DigitalAssetLinksHandler(
+    const scoped_refptr<net::URLRequestContextGetter>& request_context)
+    : request_context_(request_context) {}
+
+DigitalAssetLinksHandler::~DigitalAssetLinksHandler() {}
+
+void DigitalAssetLinksHandler::OnURLFetchComplete(
+    const net::URLFetcher* source) {
+  if (!source->GetStatus().is_success() ||
+      source->GetResponseCode() != net::HTTP_OK) {
+    LOG(WARNING) << base::StringPrintf(
+        "Digital Asset Links endpoint responded with code %d.",
+        source->GetResponseCode());
+    callback_->Run(nullptr);
+    return;
+  }
+
+  std::string response_body;
+  source->GetResponseAsString(&response_body);
+
+  std::unique_ptr<base::Value> value = base::JSONReader::Read(response_body);

[Benoit L, 2017/04/04 18:44:12]

DictionaryValue::From() gives a unique_ptr<> directly, from the documentation of
GetAsDictionary.
It also does the nullptr check for you:

std::unique_ptr<DictionarValue> dict = DictionaryValue::From(value);

if (dict) {
...
}

Actually, you don't even need the if condition in this case, since if dict is
nullptr, you call callback with nullptr as a parameter.

[Yusuf, 2017/04/05 00:20:42]

Done.

+  base::DictionaryValue* dict;
+  if (!value || !value->GetAsDictionary(&dict)) {
+    callback_->Run(std::unique_ptr<base::DictionaryValue>(dict));
+    return;
+  }
+  callback_->Run(nullptr);

[Benoit L, 2017/04/04 18:44:12]

Should we delete the URLFetcher here?

[Yusuf, 2017/04/05 00:20:42]

Resetted. Does that work? :)

+}
+
+bool DigitalAssetLinksHandler::CheckDigitalAssetLinkRelationship(
+    std::unique_ptr<RelationshipCheckResultCallback> listener,
+    const std::string& web_domain,
+    const std::string& package_name,
+    const std::string& fingerprint,
+    const std::string& relationship) {
+  GURL request_url = GetUrlForCheckingRelationship(web_domain, package_name,
+                                                   fingerprint, relationship);
+  if (!request_url.is_valid())
+    return false;
+
+  callback_ = std::move(listener);

[Benoit L, 2017/04/04 18:44:12]

nit: as suggested above, passing the callback by value would simplify the code.

[Yusuf, 2017/04/05 00:20:42]

Done.

+
+  url_fetcher_ = std::move(

[Benoit L, 2017/04/04 18:44:12]

dumb question: is it OK to delete a URLFetcher while the request is in flight?

That may happen if we get two requests back to back.

[Yusuf, 2017/04/05 00:20:42]

I think so yes. At least I have seen examples of the same pattern.

+      net::URLFetcher::Create(0, request_url, net::URLFetcher::GET, this));
+  url_fetcher_->SetAutomaticallyRetryOn5xx(false);
+  url_fetcher_->SetRequestContext(request_context_.get());
+  url_fetcher_->Start();
+  return true;
+}
+
+}  // namespace digital_asset_links