Trust Tokens: Add TestRunner support for state reset and key commitments

The prototype Trust Token API (https://github.com/wicg/trust-token-api) provides new JS functionality with which one can specify certain cryptographic operations to execute along outgoing requests. These operations can affect persistent state stored in the network service, so tests exercising them would be non-hermetic absent additional functionality to reset the state. Additionally, the operations rely on the presence of "key commitments" (collections of cryptographic keys and associated metadata) obtained through the component updater in standard operation; tests need a way to set these keys without relying on the updater. This CL adds testRunner bindings to 1. reset persistent Trust Tokens state and 2. manually set Trust Tokens key commitments so that it's possible to write end-to-end Blink layout tests for the new Trust Tokens functionality. Eventually, the same functionality will likely become available through WPT testdriver, and the Trust Tokens tests will be able to migrate to WPT: since it's slightly more involved to implement equivalent functionality via testdriver, this is a first pass allowing writing end-to-end HTML/JS tests before the equivalent WPT automation exists. Test: Migrate a WPT to use the state reset binding. Fixed: 1061764 Change-Id: I0d8b9458f89e1ba4c641f27a189480028957094d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2139444 Commit-Queue: David Van Cleve <davidvc@chromium.org> Reviewed-by: Matthew Denton <mpdenton@chromium.org> Reviewed-by: Matt Falkenhagen <falken@chromium.org> Cr-Commit-Position: refs/heads/master@{#759493}

Trust Tokens: Add TestRunner support for state reset and key commitments
The prototype Trust Token API (https://github.com/wicg/trust-token-api) provides new JS functionality with which one can specify certain cryptographic operations to execute along outgoing requests. These operations can affect persistent state stored in the network service, so tests exercising them would be non-hermetic absent additional functionality to reset the state. Additionally, the operations rely on the presence of "key commitments" (collections of cryptographic keys and associated metadata) obtained through the component updater in standard operation; tests need a way to set these keys without relying on the updater. This CL adds testRunner bindings to 1. reset persistent Trust Tokens state and 2. manually set Trust Tokens key commitments so that it's possible to write end-to-end Blink layout tests for the new Trust Tokens functionality. Eventually, the same functionality will likely become available through WPT testdriver, and the Trust Tokens tests will be able to migrate to WPT: since it's slightly more involved to implement equivalent functionality via testdriver, this is a first pass allowing writing end-to-end HTML/JS tests before the equivalent WPT automation exists. Test: Migrate a WPT to use the state reset binding. Fixed: 1061764 Change-Id: I0d8b9458f89e1ba4c641f27a189480028957094d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2139444 Commit-Queue: David Van Cleve <davidvc@chromium.org> Reviewed-by: Matthew Denton <mpdenton@chromium.org> Reviewed-by: Matt Falkenhagen <falken@chromium.org> Cr-Commit-Position: refs/heads/master@{#759493}
33c40e08 · David Van Cleve · Commit Bot · 1e0f0d3a · 33c40e08 · 33c40e08
Commit 33c40e08 authored Apr 16, 2020 by David Van Cleve Committed by Commit Bot Apr 16, 2020
9 changed files
--- a/content/shell/browser/web_test/web_test_client_impl.cc
+++ b/content/shell/browser/web_test/web_test_client_impl.cc
@@ -9,6 +9,7 @@
 #include <utility>
 #include "base/bind.h"
+#include "base/bind_helpers.h"
 #include "base/files/file_util.h"
 #include "base/task/post_task.h"
 #include "base/threading/thread_restrictions.h"
@@ -17,6 +18,7 @@
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/child_process_security_policy.h"
 #include "content/public/browser/content_index_context.h"
+#include "content/public/browser/network_service_instance.h"
 #include "content/public/browser/storage_partition.h"
 #include "content/shell/browser/shell_content_browser_client.h"
 #include "content/shell/browser/web_test/blink_test_controller.h"
@@ -28,6 +30,7 @@
 #include "content/test/mock_platform_notification_service.h"
 #include "mojo/public/cpp/bindings/pending_receiver.h"
 #include "mojo/public/cpp/bindings/self_owned_associated_receiver.h"
+#include "services/network/public/mojom/network_context.mojom.h"
 #include "services/network/public/mojom/network_service.mojom.h"
 #include "storage/browser/database/database_tracker.h"
 #include "storage/browser/file_system/isolated_context.h"
@@ -97,7 +100,8 @@ WebTestClientImpl::WebTestClientImpl(
    network::mojom::NetworkContext* network_context)
    : render_process_id_(render_process_id),
      quota_manager_(quota_manager),
-      database_tracker_(database_tracker) {
+      database_tracker_(database_tracker),
+      network_context_(network_context) {
  DCHECK_CURRENTLY_ON(BrowserThread::UI);
  network_context->GetCookieManager(
      cookie_manager_.BindNewPipeAndPassReceiver());
@@ -297,4 +301,16 @@ void WebTestClientImpl::InitiateCaptureDump(bool capture_navigation_history,
  }
 }
+void WebTestClientImpl::SetTrustTokenKeyCommitments(
+    const std::string& raw_commitments,
+    base::OnceClosure callback) {
+  GetNetworkService()->SetTrustTokenKeyCommitments(raw_commitments,
+                                                   std::move(callback));
+}
+void WebTestClientImpl::ClearTrustTokenState(base::OnceClosure callback) {
+  // nullptr denotes a wildcard filter.
+  network_context_->ClearTrustTokenData(nullptr, std::move(callback));
+}
 }  // namespace content
--- a/content/shell/browser/web_test/web_test_client_impl.h
+++ b/content/shell/browser/web_test/web_test_client_impl.h
@@ -77,6 +77,9 @@ class WebTestClientImpl : public mojom::WebTestClient {
      const std::vector<base::FilePath>& absolute_filenames,
      RegisterIsolatedFileSystemCallback callback) override;
  void SetFilePathForMockFileDialog(const base::FilePath& path) override;
+  void SetTrustTokenKeyCommitments(const std::string& raw_commitments,
+                                   base::OnceClosure callback) override;
+  void ClearTrustTokenState(base::OnceClosure callback) override;
  int render_process_id_;
@@ -84,6 +87,7 @@ class WebTestClientImpl : public mojom::WebTestClient {
  scoped_refptr<storage::DatabaseTracker> database_tracker_;
  mojo::Remote<network::mojom::CookieManager> cookie_manager_;
+  network::mojom::NetworkContext* const network_context_;
 };
 }  // namespace content

--- a/content/shell/common/web_test/web_test.mojom
+++ b/content/shell/common/web_test/web_test.mojom
@@ -9,6 +9,7 @@ import "mojo/public/mojom/base/values.mojom";
 import "mojo/public/mojom/base/string16.mojom";
 import "third_party/blink/public/mojom/permissions/permission_status.mojom";
 import "url/mojom/url.mojom";
+import "url/mojom/origin.mojom";
 // Web test messages sent from the browser process to the renderer.
 interface WebTestControl {
@@ -94,4 +95,12 @@ interface WebTestClient {
  // Initialize to dump the main frame with a navigation history or pixels.
  InitiateCaptureDump(bool capture_navigation_history, bool capture_pixels);
+  // Sets the network service-global Trust Tokens key commitments.
+  // |raw_commitments| should be JSON-encoded according to the format expected
+  // by NetworkService::SetTrustTokenKeyCommitments.
+  SetTrustTokenKeyCommitments(string raw_commitments) => ();
+  // Clears all persistent Trust Tokens state.
+  ClearTrustTokenState() => ();
 };
--- a/content/shell/renderer/web_test/blink_test_runner.cc
+++ b/content/shell/renderer/web_test/blink_test_runner.cc
@@ -597,6 +597,17 @@ void BlinkTestRunner::SetScreenOrientationChanged() {
  GetBlinkTestClientRemote()->SetScreenOrientationChanged();
 }
+void BlinkTestRunner::SetTrustTokenKeyCommitments(
+    const std::string& raw_commitments,
+    base::OnceClosure callback) {
+  GetWebTestClientRemote()->SetTrustTokenKeyCommitments(raw_commitments,
+                                                        std::move(callback));
+}
+void BlinkTestRunner::ClearTrustTokenState(base::OnceClosure callback) {
+  GetWebTestClientRemote()->ClearTrustTokenState(std::move(callback));
+}
 // Public methods - -----------------------------------------------------------
 void BlinkTestRunner::CaptureDump(

--- a/content/shell/renderer/web_test/blink_test_runner.h
+++ b/content/shell/renderer/web_test/blink_test_runner.h
@@ -11,6 +11,7 @@
 #include "base/callback_forward.h"
 #include "base/containers/circular_deque.h"
+#include "base/containers/flat_map.h"
 #include "base/files/file_path.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
@@ -28,6 +29,7 @@
 #include "third_party/blink/public/platform/web_string.h"
 #include "third_party/blink/public/platform/web_url.h"
 #include "third_party/blink/public/platform/web_vector.h"
+#include "url/origin.h"
 #include "v8/include/v8.h"
 class SkBitmap;
@@ -225,6 +227,16 @@ class BlinkTestRunner : public RenderViewObserver,
  // Mark the orientation changed for fullscreen layout tests.
  void SetScreenOrientationChanged();
+  // Sets the network service-global Trust Tokens key commitments.
+  // |raw_commitments| should be JSON-encoded according to the format expected
+  // by NetworkService::SetTrustTokenKeyCommitments.
+  void SetTrustTokenKeyCommitments(const std::string& raw_commitments,
+                                   base::OnceClosure callback);
+  // Clears persistent Trust Token API state
+  // (https://github.com/wicg/trust-token-api).
+  void ClearTrustTokenState(base::OnceClosure callback);
  // Message handlers forwarded by WebTestRenderFrameObserver.
  void OnSetTestConfiguration(mojom::ShellTestConfigurationPtr params);
  void OnReplicateTestConfiguration(mojom::ShellTestConfigurationPtr params);

--- a/content/shell/test_runner/test_runner.cc
+++ b/content/shell/test_runner/test_runner.cc
@@ -152,6 +152,7 @@ class TestRunnerBindings : public gin::Wrappable<TestRunnerBindings> {
  void CapturePixelsAsyncThen(v8::Local<v8::Function> callback);
  void ClearAllDatabases();
  void ClearPrinting();
+  void ClearTrustTokenState(v8::Local<v8::Function> callback);
  void CopyImageAtAndCapturePixelsAsyncThen(int x,
                                            int y,
                                            v8::Local<v8::Function> callback);
@@ -265,6 +266,8 @@ class TestRunnerBindings : public gin::Wrappable<TestRunnerBindings> {
  void SetTabKeyCyclesThroughElements(bool tab_key_cycles_through_elements);
  void SetTextDirection(const std::string& direction_name);
  void SetTextSubpixelPositioning(bool value);
+  void SetTrustTokenKeyCommitments(const std::string& raw_commitments,
+                                   v8::Local<v8::Function> callback);
  void SetViewSourceForFrame(const std::string& name, bool enabled);
  void SetWillSendRequestClearHeader(const std::string& header);
  void SetWillSendRequestClearReferrer();
@@ -406,6 +409,8 @@ gin::ObjectTemplateBuilder TestRunnerBindings::GetObjectTemplateBuilder(
      .SetMethod("clearAllDatabases", &TestRunnerBindings::ClearAllDatabases)
      .SetMethod("clearBackForwardList", &TestRunnerBindings::NotImplemented)
      .SetMethod("clearPrinting", &TestRunnerBindings::ClearPrinting)
+      .SetMethod("clearTrustTokenState",
+                 &TestRunnerBindings::ClearTrustTokenState)
      .SetMethod("copyImageAtAndCapturePixelsAsyncThen",
                 &TestRunnerBindings::CopyImageAtAndCapturePixelsAsyncThen)
      .SetMethod("didAcquirePointerLock",
@@ -594,6 +599,8 @@ gin::ObjectTemplateBuilder TestRunnerBindings::GetObjectTemplateBuilder(
      .SetMethod("setTextDirection", &TestRunnerBindings::SetTextDirection)
      .SetMethod("setTextSubpixelPositioning",
                 &TestRunnerBindings::SetTextSubpixelPositioning)
+      .SetMethod("setTrustTokenKeyCommitments",
+                 &TestRunnerBindings::SetTrustTokenKeyCommitments)
      .SetMethod("setUseDashboardCompatibilityMode",
                 &TestRunnerBindings::NotImplemented)
      .SetMethod("setViewSourceForFrame",
@@ -877,6 +884,13 @@ void TestRunnerBindings::SetTextSubpixelPositioning(bool value) {
    runner_->SetTextSubpixelPositioning(value);
 }
+void TestRunnerBindings::SetTrustTokenKeyCommitments(
+    const std::string& raw_commitments,
+    v8::Local<v8::Function> callback) {
+  if (view_runner_)
+    view_runner_->SetTrustTokenKeyCommitments(raw_commitments, callback);
+}
 void TestRunnerBindings::SetPageVisibility(const std::string& new_visibility) {
  if (view_runner_)
    view_runner_->SetPageVisibility(new_visibility);
@@ -1118,6 +1132,12 @@ void TestRunnerBindings::ClearPrinting() {
    runner_->ClearPrinting();
 }
+void TestRunnerBindings::ClearTrustTokenState(
+    v8::Local<v8::Function> callback) {
+  if (view_runner_)
+    view_runner_->ClearTrustTokenState(callback);
+}
 void TestRunnerBindings::SetShouldGeneratePixelResults(bool value) {
  if (runner_)
    runner_->SetShouldGeneratePixelResults(value);

--- a/content/shell/test_runner/test_runner_for_specific_view.cc
+++ b/content/shell/test_runner/test_runner_for_specific_view.cc
@@ -670,6 +670,24 @@ void TestRunner::InsertStyleSheet(const std::string& source_code) {
      .InsertStyleSheet(blink::WebString::FromUTF8(source_code));
 }
+// Sets the network service-global Trust Tokens key commitments.
+// |raw_commitments| should be JSON-encoded according to the format expected
+// by NetworkService::SetTrustTokenKeyCommitments.
+void TestRunnerForSpecificView::SetTrustTokenKeyCommitments(
+    const std::string& raw_commitments,
+    v8::Local<v8::Function> callback) {
+  blink_test_runner()->SetTrustTokenKeyCommitments(
+      raw_commitments, CreateClosureThatPostsV8Callback(callback));
+}
+// Clears persistent Trust Tokens state
+// (https://github.com/wicg/trust-token-api) via a test-only Mojo interface.
+void TestRunnerForSpecificView::ClearTrustTokenState(
+    v8::Local<v8::Function> callback) {
+  blink_test_runner()->ClearTrustTokenState(
+      CreateClosureThatPostsV8Callback(callback));
+}
 bool TestRunnerForSpecificView::FindString(
    const std::string& search_text,
    const std::vector<std::string>& options_array) {

--- a/content/shell/test_runner/test_runner_for_specific_view.h
+++ b/content/shell/test_runner/test_runner_for_specific_view.h
@@ -216,6 +216,16 @@ class TestRunnerForSpecificView {
  std::string SelectionAsMarkup();
  void SetViewSourceForFrame(const std::string& name, bool enabled);
+  // Sets the network service-global Trust Tokens key commitments.
+  // |raw_commitments| should be JSON-encoded according to the format expected
+  // by NetworkService::SetTrustTokenKeyCommitments.
+  void SetTrustTokenKeyCommitments(const std::string& raw_commitments,
+                                   v8::Local<v8::Function> callback);
+  // Clears persistent Trust Tokens state
+  // (https://github.com/wicg/trust-token-api) via a test-only Mojo interface.
+  void ClearTrustTokenState(v8::Local<v8::Function> callback);
  // Many parts of the web test harness assume that the main frame is local.
  // Having all of them go through the helper below makes it easier to catch
  // scenarios that require breaking this assumption.

--- a/third_party/blink/web_tests/external/wpt/trust-tokens/end-to-end/has-trust-token.tentative.https.html
+++ b/third_party/blink/web_tests/external/wpt/trust-tokens/end-to-end/has-trust-token.tentative.https.html
@@ -24,13 +24,15 @@
  // of hasTrustToken(issuer) will result in |issuer| becoming associated in
  // persistent storage with the calling top frame's origin.
  //
-  // TODO(davidvc, crbug.com/1061764): Add a way to reset the global state after
-  // the test concludes.
-  //
  // TODO(davidvc, crbug.com/1063140): Once it's possible to write WPTs that
  // result in a trust token being deposited in storage, this should be
  // expanded to cover the case where the user _does_ have a token.
  promise_test(async (t) => {
+      t.add_cleanup(async () => {
+        if (window.testRunner)
+          await new Promise(res => window.testRunner.clearTrustTokenState(res));
+      });
      let result = await document.hasTrustToken("https://issuer.example/");
      assert_false(result, "The client should not possess any trust tokens for " +
        "https://issuer.example since it has not executed an issuance operation" +
@@ -52,6 +54,15 @@
        "with https://issuer2.example, subsequent hasTrustToken operations should " +
        "not error out even though the top-level origin is at its " +
        "number-of-issuers limit.");
+      if (window.testRunner) {
+        await new Promise(res =>
+          window.testRunner.clearTrustTokenState(res)
+        );
+        result = await document.hasTrustToken("https://issuer3.example/");
+        assert_false(result, "Since state was cleared, it should be possible to" +
+          "run hasTrustToken against more issuers.");
+      }
    }, "When given a valid, secure origin, hasTrustToken should succeed " +
    "unless associating that origin with the top-level domain would exceed " +
    "the top-level origin's number-of-associated-issuers limit.");