Implement available Trust Token counts in DevTools protocol

Design doc: https://bit.ly/devtools-trust-tokens

This CL adds a new "getTrustTokens" method in the storage
domain that returns the number of available Trust Tokens per issuer.

R=caseq@chromium.org, sigurds@chromium.org

Bug: chromium:1126824
Change-Id: Ic4693dfb5f4d88b54fd0f733ce38acd36632541d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2593112
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Andrey Kosyakov <caseq@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#845562}

content/browser/devtools/devtools_trust_token_browsertest.cc

@@ -278,4 +278,40 @@ IN_PROC_BROWSER_TEST_F(DevToolsTrustTokenBrowsertest,
           protocol::Network::TrustTokenOperationDone::StatusEnum::BadResponse));
 }
 
+IN_PROC_BROWSER_TEST_F(DevToolsTrustTokenBrowsertest, GetTrustTokens) {
+  ProvideRequestHandlerKeyCommitmentsToNetworkService({"a.test"});
+
+  // 1) Navigate to a test site.
+  GURL start_url = server_.GetURL("a.test", "/title1.html");
+  ASSERT_TRUE(NavigateToURL(shell(), start_url));
+
+  // 2) Open DevTools.
+  Attach();
+
+  // 3) Call Storage.getTrustTokens and expect none to be there.
+  SendCommand("Storage.getTrustTokens", nullptr);
+  base::Value* tokens = result_->FindPath("tokens");
+  EXPECT_TRUE(tokens);
+  EXPECT_EQ(tokens->GetList().size(), 0ul);
+
+  // 4) Request and redeem a token, then use the redeemed token in a Signing
+  // request.
+  std::string command = R"(
+  (async () => {
+    await fetch('/issue', {trustToken: {type: 'token-request'}});
+    return 'Success'; })(); )";
+
+  // We use EvalJs here, not ExecJs, because EvalJs waits for promises to
+  // resolve.
+  EXPECT_EQ(
+      "Success",
+      EvalJs(shell(), JsReplace(command, IssuanceOriginFromHost("a.test"))));
+
+  // 5) Call Storage.getTrustTokens and expect a Trust Token to be there.
+  SendCommand("Storage.getTrustTokens", nullptr);
+  tokens = result_->FindPath("tokens");
+  EXPECT_TRUE(tokens);
+  EXPECT_EQ(tokens->GetList().size(), 1ul);
+}
+
 }  // namespace content

content/browser/devtools/protocol/storage_handler.cc

@@ -545,5 +545,37 @@ Response StorageHandler::FindStoragePartition(
   return Response::Success();
 }
 
+namespace {
+
+void SendTrustTokens(
+    std::unique_ptr<StorageHandler::GetTrustTokensCallback> callback,
+    std::vector<::network::mojom::StoredTrustTokensForIssuerPtr> tokens) {
+  auto result =
+      std::make_unique<protocol::Array<protocol::Storage::TrustTokens>>();
+  for (auto const& token : tokens) {
+    auto protocol_token =
+        protocol::Storage::TrustTokens::Create()
+            .SetIssuerOrigin(token->issuer.GetURL().GetContent())
+            .SetCount(token->count)
+            .Build();
+    result->push_back(std::move(protocol_token));
+  }
+
+  callback->sendSuccess(std::move(result));
+}
+
+}  // namespace
+
+void StorageHandler::GetTrustTokens(
+    std::unique_ptr<GetTrustTokensCallback> callback) {
+  if (!storage_partition_) {
+    callback->sendFailure(Response::InternalError());
+    return;
+  }
+
+  storage_partition_->GetNetworkContext()->GetStoredTrustTokenCounts(
+      base::BindOnce(&SendTrustTokens, std::move(callback)));
+}
+
 }  // namespace protocol
 }  // namespace content

content/browser/devtools/protocol/storage_handler.h

@@ -72,6 +72,9 @@ class StorageHandler : public DevToolsDomainHandler,
   Response TrackIndexedDBForOrigin(const std::string& origin) override;
   Response UntrackIndexedDBForOrigin(const std::string& origin) override;
 
+  void GetTrustTokens(
+      std::unique_ptr<GetTrustTokensCallback> callback) override;
+
  private:
   // See definition for lifetime information.
   class CacheStorageObserver;

content/browser/devtools/protocol_config.json

@@ -86,7 +86,7 @@
             },
             {
                 "domain": "Storage",
-                "async": ["getUsageAndQuota", "clearDataForOrigin", "getCookies", "setCookies", "clearCookies", "overrideQuotaForOrigin"]
+                "async": ["getUsageAndQuota", "clearDataForOrigin", "getCookies", "setCookies", "clearCookies", "overrideQuotaForOrigin", "getTrustTokens"]
             },
             {
                 "domain": "SystemInfo",

third_party/blink/public/devtools_protocol/browser_protocol.pdl

@@ -7556,6 +7556,13 @@ experimental domain Storage
       # Storage usage (bytes).
       number usage
 
+  # Pair of issuer origin and number of available (signed, but not used) Trust
+  # Tokens from that issuer.
+  experimental type TrustTokens extends object
+    properties
+      string issuerOrigin
+      number count
+
   # Clears storage for origin.
   command clearDataForOrigin
     parameters
@@ -7640,6 +7647,12 @@ experimental domain Storage
       # Security origin.
       string origin
 
+  # Returns the number of stored Trust Tokens per issuer for the
+  # current browsing context.
+  experimental command getTrustTokens
+    returns
+      array of TrustTokens tokens
+
   # A cache's contents have been modified.
   event cacheStorageContentUpdated
     parameters