Remove 'signed' from send-srr and srr-token-redemption.

As part of the generalization of the Trust Token redemption record,
the protocol no longer specifies these as needing to be 'signed', so
the API types are updated to match, from send-srr to
send-redemption-record and srr-token-redemption to token-redemption.

Design: https://docs.google.com/document/d/1-4n1RLaJs8ANw34TsS6BVt7ARa7lK70F6aHFG2CL3Rc/edit#heading=h.6a92f2gfl9le
Bug: 1133310
Change-Id: Id6d668d10f59f3f0eac6a8f423e7c9a59134f2de
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2437697
Commit-Queue: Steven Valdez <svaldez@chromium.org>
Reviewed-by: Andrey Kosyakov <caseq@chromium.org>
Reviewed-by: Hiroshige Hayashizaki <hiroshige@chromium.org>
Reviewed-by: David Bertoni <dbertoni@chromium.org>
Reviewed-by: David Van Cleve <davidvc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#825609}

chrome/browser/extensions/corb_and_cors_extension_browsertest.cc

@@ -1313,7 +1313,7 @@ IN_PROC_BROWSER_TEST_P(
     content::DOMMessageQueue message_queue;
 
     base::Value request_init(base::Value::Type::DICTIONARY);
-    request_init.SetStringPath("trustToken.type", "srr-token-redemption");
+    request_init.SetStringPath("trustToken.type", "token-redemption");
 
     EXPECT_TRUE(ExecuteContentScript(
         active_web_contents(),
@@ -1336,7 +1336,7 @@ IN_PROC_BROWSER_TEST_P(
     content::DOMMessageQueue message_queue;
 
     base::Value request_init(base::Value::Type::DICTIONARY);
-    request_init.SetStringPath("trustToken.type", "srr-token-redemption");
+    request_init.SetStringPath("trustToken.type", "token-redemption");
 
     EXPECT_TRUE(ExecuteContentScript(
         active_web_contents(),

content/browser/devtools/devtools_trust_token_browsertest.cc

@@ -28,7 +28,7 @@ class DevToolsTrustTokenBrowsertest : public DevToolsProtocolTest,
 };
 
 // After a successful issuance and redemption, a subsequent redemption against
-// the same issuer should hit the signed redemption record (SRR) cache.
+// the same issuer should hit the redemption record (RR) cache.
 IN_PROC_BROWSER_TEST_F(DevToolsTrustTokenBrowsertest,
                        RedemptionRecordCacheHitIsReportedAsLoadingFinished) {
   ProvideRequestHandlerKeyCommitmentsToNetworkService({"a.test"});
@@ -44,7 +44,7 @@ IN_PROC_BROWSER_TEST_F(DevToolsTrustTokenBrowsertest,
 
   EXPECT_EQ("Success",
             EvalJs(shell(), JsReplace(R"(fetch($1,
-        { trustToken: { type: 'srr-token-redemption' } })
+        { trustToken: { type: 'token-redemption' } })
         .then(()=>'Success'); )",
                                       server_.GetURL("a.test", "/redeem"))));
 
@@ -58,7 +58,7 @@ IN_PROC_BROWSER_TEST_F(DevToolsTrustTokenBrowsertest,
   // 3) Issue another redemption, and verify its served from cache.
   EXPECT_EQ("NoModificationAllowedError",
             EvalJs(shell(), JsReplace(R"(fetch($1,
-        { trustToken: { type: 'srr-token-redemption' } })
+        { trustToken: { type: 'token-redemption' } })
         .catch(err => err.name); )",
                                       server_.GetURL("a.test", "/redeem"))));
 

content/test/data/page-executing-trust-token-signing-from-204-subframe.html

@@ -16,7 +16,7 @@
     const childDocument = child.contentDocument;
     const myFrame = childDocument.createElement('iframe');
     myFrame.trustToken = JSON.stringify({
-      type: 'send-srr',
+      type: 'send-redemption-record',
       issuers: ['https://issuer.example']
     });
     myFrame.src = '/title1.html'; // arbitrary URL, no need for handling logic

services/network/trust_tokens/test/trust_token_test_util.cc

@@ -71,9 +71,9 @@ std::string TrustTokenEnumToString(mojom::TrustTokenOperationType type) {
     case mojom::TrustTokenOperationType::kIssuance:
       return "token-request";
     case mojom::TrustTokenOperationType::kRedemption:
-      return "srr-token-redemption";
+      return "token-redemption";
     case mojom::TrustTokenOperationType::kSigning:
-      return "send-srr";
+      return "send-redemption-record";
   }
 }
 

third_party/blink/public/devtools_protocol/browser_protocol.pdl

@@ -4540,12 +4540,13 @@ domain Network
       network
 
   # Determines what type of Trust Token operation is executed and
-  # depending on the type, some additional parameters.
+  # depending on the type, some additional parameters. The values
+  # are specified in third_party/blink/renderer/core/fetch/trust_token.idl.
   experimental type TrustTokenParams extends object
     properties
       TrustTokenOperationType type
 
-      # Only set for "srr-token-redemption" type and determine whether
+      # Only set for "token-redemption" type and determine whether
       # to request a fresh SRR or use a still valid cached SRR.
       enum refreshPolicy
         UseCached
@@ -4559,9 +4560,9 @@ domain Network
     enum
       # Type "token-request" in the Trust Token API.
       Issuance
-      # Type "srr-token-redemption" in the Trust Token API.
+      # Type "token-redemption" in the Trust Token API.
       Redemption
-      # Type "send-srr" in the Trust Token API.
+      # Type "send-redemption-record" in the Trust Token API.
       Signing
 
   # HTTP response data.

third_party/blink/renderer/core/fetch/request.cc

@@ -539,8 +539,9 @@ Request* Request::CreateRequestWithRequestOrString(
         !execution_context->IsFeatureEnabled(
             mojom::blink::FeaturePolicyFeature::kTrustTokenRedemption)) {
       exception_state.ThrowTypeError(
-          "trustToken: Redemption ('srr-token-redemption') and signing "
-          "('send-srr') operations require that the trust-token-redemption "
+          "trustToken: Redemption ('token-redemption') and signing "
+          "('send-redemption-record') operations require that the "
+          "trust-token-redemption "
           "Feature Policy feature be enabled.");
       return nullptr;
     }

third_party/blink/renderer/core/fetch/trust_token.idl

@@ -3,7 +3,7 @@
 // found in the LICENSE file.
 
 enum RefreshPolicy { "none", "refresh" };
-enum OperationType { "token-request", "send-srr", "srr-token-redemption" };
+enum OperationType { "token-request", "send-redemption-record", "token-redemption" };
 enum SignRequestData { "omit", "include", "headers-only" };
 
 // A TrustToken object represents a request to execute a Trust Tokens protocol
@@ -15,19 +15,19 @@ dictionary TrustToken {
 
   // --- Parameters only for token redemption
   // The following parameters are ignored unless |type| is
-  // "srr-token-redemption":
+  // "token-redemption":
   // 1. refreshPolicy
   RefreshPolicy refreshPolicy = "none";
 
   // --- Parameters only for request signing
-  // The following parameters are ignored unless |type| is "send-srr":
+  // The following parameters are ignored unless |type| is "send-redemption-record":
   // 1. |issuers|
   // 2. |additionalSignedHeaders|
   // 3. |includeTimestampHeader|
   // 4. |signRequestData|
   // 5. |additionalSigningData|
   //
-  // Additionally, |issuers| must be nonempty when |type| is "send-srr".
+  // Additionally, |issuers| must be nonempty when |type| is "send-redemption-record".
   sequence<USVString> issuers;
   sequence<USVString> additionalSignedHeaders;
   boolean includeTimestampHeader = false;

third_party/blink/renderer/core/fetch/trust_token_to_mojom.cc

@@ -16,7 +16,7 @@ bool ConvertTrustTokenToMojom(const TrustToken& in,
     return true;
   }
 
-  if (in.type() == "srr-token-redemption") {
+  if (in.type() == "token-redemption") {
     out->type = network::mojom::blink::TrustTokenOperationType::kRedemption;
 
     DCHECK(in.hasRefreshPolicy());  // default is defined
@@ -32,7 +32,9 @@ bool ConvertTrustTokenToMojom(const TrustToken& in,
     return true;
   }
 
-  DCHECK_EQ(in.type(), "send-srr");  // final possible value of the input enum
+  DCHECK_EQ(
+      in.type(),
+      "send-redemption-record");  // final possible value of the input enum
   out->type = network::mojom::blink::TrustTokenOperationType::kSigning;
 
   if (in.hasSignRequestData()) {
@@ -65,7 +67,8 @@ bool ConvertTrustTokenToMojom(const TrustToken& in,
       KURL parsed_url = KURL(issuer);
       if (!parsed_url.ProtocolIsInHTTPFamily()) {
         exception_state->ThrowTypeError(
-            "trustToken: operation type 'send-srr' requires that the 'issuers' "
+            "trustToken: operation type 'send-redemption-record' requires that "
+            "the 'issuers' "
             "fields' members parse to HTTP(S) origins, but one did not: " +
             issuer);
         return false;
@@ -75,7 +78,8 @@ bool ConvertTrustTokenToMojom(const TrustToken& in,
       DCHECK(out->issuers.back());  // SecurityOrigin::Create cannot fail.
       if (!out->issuers.back()->IsPotentiallyTrustworthy()) {
         exception_state->ThrowTypeError(
-            "trustToken: operation type 'send-srr' requires that the 'issuers' "
+            "trustToken: operation type 'send-redemption-record' requires that "
+            "the 'issuers' "
             "fields' members parse to secure origins, but one did not: " +
             issuer);
         return false;
@@ -83,7 +87,8 @@ bool ConvertTrustTokenToMojom(const TrustToken& in,
     }
   } else {
     exception_state->ThrowTypeError(
-        "trustToken: operation type 'send-srr' requires that the 'issuers' "
+        "trustToken: operation type 'send-redemption-record' requires that the "
+        "'issuers' "
         "field be present and contain at least one secure, HTTP(S) URL, but it "
         "was missing or empty.");
     return false;

third_party/blink/renderer/core/html/trust_token_attribute_parsing.cc

@@ -19,10 +19,10 @@ bool ParseType(const String& in, network::mojom::TrustTokenOperationType* out) {
   if (in == "token-request") {
     *out = network::mojom::TrustTokenOperationType::kIssuance;
     return true;
-  } else if (in == "srr-token-redemption") {
+  } else if (in == "token-redemption") {
     *out = network::mojom::TrustTokenOperationType::kRedemption;
     return true;
-  } else if (in == "send-srr") {
+  } else if (in == "send-redemption-record") {
     *out = network::mojom::TrustTokenOperationType::kSigning;
     return true;
   } else {

third_party/blink/web_tests/external/wpt/feature-policy/experimental-features/resources/feature-policy-trust-token-redemption.html

@@ -3,14 +3,14 @@
 
   window.onload = function() {
     // When the trust-token-redemption feature policy is enabled, redemption
-    // and signing ("send-srr") should both be available; when it's disabled,
+    // and signing ("send-redemption-record") should both be available; when it's disabled,
     // they should both be unavailable. Send the number of available operations
     // upstream in order to enforce this in assertions.
     let num_enabled = 4;
     try {
       new Request("https://issuer.example/", {
         trustToken: {
-          type: "srr-token-redemption"
+          type: "token-redemption"
         }
       });
     } catch (e) {
@@ -19,7 +19,7 @@
     try {
       new Request("https://destination.example/", {
         trustToken: {
-          type: "send-srr",
+          type: "send-redemption-record",
           issuers: ["https://issuer.example/"]
         }
       });
@@ -31,7 +31,7 @@
       const xhr = new XMLHttpRequest();
       xhr.open("GET", "https://issuer.example/");
       xhr.setTrustToken({
-        type: "srr-token-redemption"
+        type: "token-redemption"
       });
     } catch (e) {
       num_enabled--;
@@ -41,7 +41,7 @@
       const xhr = new XMLHttpRequest();
       xhr.open("GET", "https://destination.example/");
       xhr.setTrustToken({
-        type: "send-srr",
+        type: "send-redemption-record",
         issuers: ["https://issuer.example/"]
       });
     } catch (e) {

third_party/blink/web_tests/external/wpt/feature-policy/experimental-features/trust-token-redemption-default-feature-policy.tentative.https.sub.html

@@ -18,12 +18,12 @@
         // and XHR interfaces.
         new Request("https://issuer.example/", {
           trustToken: {
-            type: "srr-token-redemption"
+            type: "token-redemption"
           }
         });
         new Request("https://destination.example/", {
           trustToken: {
-            type: "send-srr", // signing
+            type: "send-redemption-record", // signing
             issuers: ["https://issuer.example/"]
           }
         });
@@ -31,13 +31,13 @@
         const redemption_xhr = new XMLHttpRequest();
         redemption_xhr.open("GET", "https://issuer.example/");
         redemption_xhr.setTrustToken({
-          type: "srr-token-redemption"
+          type: "token-redemption"
         });
 
         const signing_xhr = new XMLHttpRequest();
         signing_xhr.open("GET", "https://destination.example/");
         signing_xhr.setTrustToken({
-          type: "send-srr", // signing
+          type: "send-redemption-record", // signing
           issuers: ["https://issuer.example/"]
         });
       } catch (e) {

third_party/blink/web_tests/external/wpt/permissions-policy/experimental-features/resources/permissions-policy-trust-token-redemption.html

@@ -3,14 +3,14 @@
 
   window.onload = function() {
     // When the trust-token-redemption permissions policy is enabled, redemption
-    // and signing ("send-srr") should both be available; when it's disabled,
+    // and signing ("send-redemption-record") should both be available; when it's disabled,
     // they should both be unavailable. Send the number of available operations
     // upstream in order to enforce this in assertions.
     let num_enabled = 4;
     try {
       new Request("https://issuer.example/", {
         trustToken: {
-          type: "srr-token-redemption"
+          type: "token-redemption"
         }
       });
     } catch (e) {
@@ -19,7 +19,7 @@
     try {
       new Request("https://destination.example/", {
         trustToken: {
-          type: "send-srr",
+          type: "send-redemption-record",
           issuers: ["https://issuer.example/"]
         }
       });
@@ -31,7 +31,7 @@
       const xhr = new XMLHttpRequest();
       xhr.open("GET", "https://issuer.example/");
       xhr.setTrustToken({
-        type: "srr-token-redemption"
+        type: "token-redemption"
       });
     } catch (e) {
       num_enabled--;
@@ -41,7 +41,7 @@
       const xhr = new XMLHttpRequest();
       xhr.open("GET", "https://destination.example/");
       xhr.setTrustToken({
-        type: "send-srr",
+        type: "send-redemption-record",
         issuers: ["https://issuer.example/"]
       });
     } catch (e) {

third_party/blink/web_tests/external/wpt/permissions-policy/experimental-features/trust-token-redemption-default-permissions-policy.tentative.https.sub.html

@@ -18,12 +18,12 @@
         // and XHR interfaces.
         new Request("https://issuer.example/", {
           trustToken: {
-            type: "srr-token-redemption"
+            type: "token-redemption"
           }
         });
         new Request("https://destination.example/", {
           trustToken: {
-            type: "send-srr", // signing
+            type: "send-redemption-record", // signing
             issuers: ["https://issuer.example/"]
           }
         });
@@ -31,13 +31,13 @@
         const redemption_xhr = new XMLHttpRequest();
         redemption_xhr.open("GET", "https://issuer.example/");
         redemption_xhr.setTrustToken({
-          type: "srr-token-redemption"
+          type: "token-redemption"
         });
 
         const signing_xhr = new XMLHttpRequest();
         signing_xhr.open("GET", "https://destination.example/");
         signing_xhr.setTrustToken({
-          type: "send-srr", // signing
+          type: "send-redemption-record", // signing
           issuers: ["https://issuer.example/"]
         });
       } catch (e) {

third_party/blink/web_tests/external/wpt/trust-tokens/trust-token-parameter-validation-xhr.tentative.https.html

@@ -71,7 +71,7 @@
       let request = new XMLHttpRequest();
       request.open('GET', 'https://trusttoken.example');
       request.setTrustToken({
-        type: "send-srr",
+        type: "send-redemption-record",
         issuers: []
       });
     });
@@ -82,7 +82,7 @@
       let request = new XMLHttpRequest();
       request.open('GET', 'https://trusttoken.example');
       request.setTrustToken({
-        type: "send-srr",
+        type: "send-redemption-record",
         issuers: [3]
       });
     });
@@ -93,7 +93,7 @@
       let request = new XMLHttpRequest();
       request.open('GET', 'https://trusttoken.example');
       request.setTrustToken({
-        type: "send-srr",
+        type: "send-redemption-record",
         issuers: ["not a valid URL"]
       });
     });
@@ -104,7 +104,7 @@
       let request = new XMLHttpRequest();
       request.open('GET', 'https://trusttoken.example');
       request.setTrustToken({
-        type: "send-srr",
+        type: "send-redemption-record",
         issuers: ["http://not-secure.com"]
       });
     });
@@ -114,7 +114,7 @@
     let request = new XMLHttpRequest();
     request.open('GET', 'https://trusttoken.example');
     request.setTrustToken({
-      type: "send-srr",
+      type: "send-redemption-record",
       issuers: ["http://localhost"]
     });
   }, 'Since localhost URLs are potentially trustworthy, setting an issuer to localhost should succeed.');

third_party/blink/web_tests/external/wpt/trust-tokens/trust-token-parameter-validation.tentative.https.html

@@ -50,7 +50,7 @@
     assert_throws_js(TypeError, () => {
       new Request('https://example.com', {
         trustToken: {
-          type: "send-srr",
+          type: "send-redemption-record",
           issuers: []
         }
       });
@@ -61,7 +61,7 @@
     assert_throws_js(TypeError, () => {
       new Request('https://example.com', {
         trustToken: {
-          type: "send-srr",
+          type: "send-redemption-record",
           issuers: [3]
         }
       });
@@ -72,7 +72,7 @@
     assert_throws_js(TypeError, () => {
       new Request('https://example.com', {
         trustToken: {
-          type: "send-srr",
+          type: "send-redemption-record",
           issuers: ["not a valid URL"]
         }
       });
@@ -83,7 +83,7 @@
     assert_throws_js(TypeError, () => {
       new Request('https://example.com', {
         trustToken: {
-          type: "send-srr",
+          type: "send-redemption-record",
           issuers: ["http://not-secure.com"]
         }
       });
@@ -93,7 +93,7 @@
   test(() => {
     new Request('https://example.com', {
       trustToken: {
-        type: "send-srr",
+        type: "send-redemption-record",
         issuers: ["http://localhost"]
       }
     });

third_party/blink/web_tests/http/tests/inspector-protocol/trust-tokens/trust-token-params-fetch.js

@@ -17,7 +17,7 @@
   const redemptionRequest = `
     fetch('https://trusttoken.test', {
       trustToken: {
-        type: 'srr-token-redemption'
+        type: 'token-redemption'
       }
     });
   `;
@@ -25,7 +25,7 @@
   const signingRequest = `
     fetch('https://destination.test', {
       trustToken: {
-        type: 'send-srr',
+        type: 'send-redemption-record',
         issuers: ['https://issuer.test']
       }
     });

third_party/blink/web_tests/http/tests/loading/trust-tokens/trust-token-fetch.tentative.https.html

@@ -28,7 +28,7 @@
       });
       return fetch('https://trusttoken.test', {
         trustToken: {
-          type: 'srr-token-redemption'
+          type: 'token-redemption'
         }
       });
     })(), 'Trust Token redemption should error.'),
@@ -41,11 +41,11 @@
       });
       return fetch('https://destination.test', {
         trustToken: {
-          type: 'send-srr',
+          type: 'send-redemption-record',
           issuers: ['https://issuer.test']
         }
       });
     })(), 'Trust Token signing should not fail a request.'),
-    'No SRR for the issuer -> expect signing to fail, but an error while' +
+    'No RR for the issuer -> expect signing to fail, but an error while' +
     ' signing shouldn\'t result in the request being aborted');
 </script>

third_party/blink/web_tests/http/tests/loading/trust-tokens/trust-token-xhr.tentative.https.html

@@ -27,7 +27,7 @@
     let request = new XMLHttpRequest();
     request.open('GET', 'https://trusttoken.test');
     request.setTrustToken({
-      type: 'srr-token-redemption'
+      type: 'token-redemption'
     });
     request.onerror = t.step_func(() => {
       assert_equals(request.trustTokenOperationError.name, "InvalidStateError");
@@ -42,7 +42,7 @@
       let request = new XMLHttpRequest();
       request.open('GET', 'https://destination.test');
       request.setTrustToken({
-        type: 'send-srr',
+        type: 'send-redemption-record',
         issuers: ['https://issuer.test']
       });
       request.onerror = t.step_func(() => {
@@ -55,6 +55,6 @@
       });
       request.send();
     },
-    'No SRR for the issuer -> expect signing to fail, but an error while' +
+    'No RR for the issuer -> expect signing to fail, but an error while' +
     ' signing shouldn\'t result in the request being aborted');
 </script>

third_party/blink/web_tests/virtual/trust-tokens/http/tests/inspector-protocol/trust-tokens/trust-token-params-fetch-expected.txt

@@ -10,7 +10,7 @@ Included trustTokenParams in request: {"type":"Issuance","refreshPolicy":"UseCac
 Sending request: 
     fetch('https://trusttoken.test', {
       trustToken: {
-        type: 'srr-token-redemption'
+        type: 'token-redemption'
       }
     });
   
@@ -18,7 +18,7 @@ Included trustTokenParams in request: {"type":"Redemption","refreshPolicy":"UseC
 Sending request: 
     fetch('https://destination.test', {
       trustToken: {
-        type: 'send-srr',
+        type: 'send-redemption-record',
         issuers: ['https://issuer.test']
       }
     });