Stop using Signed-Headers header in SignedHTTPExchange

To match spec text changes in https://github.com/WICG/webpackage/commit/3cae549.

Bug: 803774
Change-Id: I31dc56506cdaf1d67b05eba15b77d3c7fef89b33
Reviewed-on: https://chromium-review.googlesource.com/958748
Commit-Queue: Tsuyoshi Horo <horo@chromium.org>
Reviewed-by: Kunihiko Sakamoto <ksakamoto@chromium.org>
Cr-Commit-Position: refs/heads/master@{#542450}

content/browser/web_package/signed_exchange_consts.h

@@ -18,7 +18,7 @@ constexpr char kMethodKey[] = ":method";
 constexpr char kPayload[] = "payload";
 constexpr char kRequest[] = "request";
 constexpr char kResponse[] = "response";
-constexpr char kSignedHeadersName[] = "signed-headers";
+constexpr char kSignature[] = "signature";
 constexpr char kStatusKey[] = ":status";
 constexpr char kUrlKey[] = ":url";
 constexpr char kValidityUrlKey[] = "validityUrl";

content/browser/web_package/signed_exchange_header.cc

@@ -127,7 +127,7 @@ base::Optional<SignedExchangeHeader> SignedExchangeHeader::Parse(
       !ParseResponseMap(top_level_array[1], &ret))
     return base::nullopt;
 
-  auto signature_iter = ret.response_headers_.find("signature");
+  auto signature_iter = ret.response_headers_.find(kSignature);
   if (signature_iter == ret.response_headers_.end())
     return base::nullopt;
 

content/browser/web_package/signed_exchange_header_parser.cc

@@ -187,17 +187,6 @@ class StructuredHeaderParser {
 
 }  // namespace
 
-base::Optional<std::vector<std::string>>
-SignedExchangeHeaderParser::ParseSignedHeaders(
-    const std::string& signed_headers_str) {
-  std::vector<std::string> headers;
-  StructuredHeaderParser parser(signed_headers_str);
-  parser.ParseStringList(&headers);
-  if (!parser.ParsedSuccessfully())
-    return base::nullopt;
-  return headers;
-}
-
 base::Optional<std::vector<SignedExchangeHeaderParser::Signature>>
 SignedExchangeHeaderParser::ParseSignature(base::StringPiece signature_str) {
   StructuredHeaderParser parser(signature_str);

content/browser/web_package/signed_exchange_header_parser.h

@@ -39,11 +39,6 @@ class CONTENT_EXPORT SignedExchangeHeaderParser {
     uint64_t expires;
   };
 
-  // Parses a value of the Signed-Headers header.
-  // https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html#rfc.section.3.1
-  static base::Optional<std::vector<std::string>> ParseSignedHeaders(
-      const std::string& signed_headers_str);
-
   // Parses a value of the Signature header.
   // https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html#rfc.section.3.2
   static base::Optional<std::vector<Signature>> ParseSignature(

content/browser/web_package/signed_exchange_header_parser_unittest.cc

@@ -12,39 +12,6 @@ class SignedExchangeHeaderParserTest : public ::testing::Test {
   SignedExchangeHeaderParserTest() {}
 };
 
-TEST_F(SignedExchangeHeaderParserTest, ParseSignedHeaders) {
-  const char hdr_string[] = "\"content-type\", \"digest\"";
-  base::Optional<std::vector<std::string>> headers =
-      SignedExchangeHeaderParser::ParseSignedHeaders(hdr_string);
-  EXPECT_TRUE(headers.has_value());
-  ASSERT_EQ(headers->size(), 2u);
-  EXPECT_EQ(headers->at(0), "content-type");
-  EXPECT_EQ(headers->at(1), "digest");
-}
-
-TEST_F(SignedExchangeHeaderParserTest, SignedHeadersNoQuotes) {
-  const char hdr_string[] = "content-type, digest";
-  base::Optional<std::vector<std::string>> headers =
-      SignedExchangeHeaderParser::ParseSignedHeaders(hdr_string);
-  EXPECT_FALSE(headers.has_value());
-}
-
-TEST_F(SignedExchangeHeaderParserTest, SignedHeadersParseError) {
-  const char hdr_string[] = "\"content-type\", \"digest";
-  base::Optional<std::vector<std::string>> headers =
-      SignedExchangeHeaderParser::ParseSignedHeaders(hdr_string);
-  EXPECT_FALSE(headers.has_value());
-}
-
-TEST_F(SignedExchangeHeaderParserTest, QuotedChar) {
-  const char hdr_string[] = R"("\\o/")";
-  base::Optional<std::vector<std::string>> headers =
-      SignedExchangeHeaderParser::ParseSignedHeaders(hdr_string);
-  EXPECT_TRUE(headers.has_value());
-  ASSERT_EQ(headers->size(), 1u);
-  EXPECT_EQ(headers->at(0), "\\o/");
-}
-
 TEST_F(SignedExchangeHeaderParserTest, ParseSignature) {
   const char hdr_string[] =
       "sig1;"

content/browser/web_package/signed_exchange_signature_verifier.cc

@@ -53,38 +53,18 @@ base::Optional<cbor::CBORValue> GenerateCanonicalRequestCBOR(
 base::Optional<cbor::CBORValue> GenerateCanonicalResponseCBOR(
     const SignedExchangeHeader& header) {
   const auto& headers = header.response_headers();
-
-  auto it = headers.find(kSignedHeadersName);
-  if (it == headers.end()) {
-    DVLOG(1) << "The Signed-Headers http header not found";
-    return base::nullopt;
-  }
-  const std::string& signed_header_value = it->second;
-
-  base::Optional<std::vector<std::string>> signed_headers =
-      SignedExchangeHeaderParser::ParseSignedHeaders(signed_header_value);
-  if (!signed_headers)
-    return base::nullopt;
-
   cbor::CBORValue::MapValue map;
   std::string response_code_str = base::NumberToString(header.response_code());
   map.insert_or_assign(
       cbor::CBORValue(kStatusKey, cbor::CBORValue::Type::BYTE_STRING),
       cbor::CBORValue(response_code_str, cbor::CBORValue::Type::BYTE_STRING));
-
-  for (const std::string& name : *signed_headers) {
-    auto headers_it = headers.find(name);
-    if (headers_it == headers.end()) {
-      DVLOG(1) << "Signed header \"" << name
-               << "\" expected, but not found in response_headers.";
-      return base::nullopt;
-    }
-    const std::string& value = headers_it->second;
+  for (const auto& pair : headers) {
+    if (pair.first == kSignature)
+      continue;
     map.insert_or_assign(
-        cbor::CBORValue(name, cbor::CBORValue::Type::BYTE_STRING),
-        cbor::CBORValue(value, cbor::CBORValue::Type::BYTE_STRING));
+        cbor::CBORValue(pair.first, cbor::CBORValue::Type::BYTE_STRING),
+        cbor::CBORValue(pair.second, cbor::CBORValue::Type::BYTE_STRING));
   }
-
   return cbor::CBORValue(map);
 }
 

content/browser/web_package/signed_exchange_signature_verifier_unittest.cc

@@ -20,9 +20,6 @@ TEST(SignedExchangeSignatureVerifier, EncodeCanonicalExchangeHeaders) {
   header.set_response_code(net::HTTP_OK);
   header.AddResponseHeader("content-type", "text/html; charset=utf-8");
   header.AddResponseHeader("content-encoding", "mi-sha256");
-  header.AddResponseHeader("unsigned-header", "foobar");
-  header.AddResponseHeader("signed-headers",
-                           "\"content-type\", \"content-encoding\"");
 
   base::Optional<std::vector<uint8_t>> encoded =
       SignedExchangeSignatureVerifier::EncodeCanonicalExchangeHeaders(header);
@@ -120,8 +117,6 @@ TEST(SignedExchangeSignatureVerifier, Verify) {
   header.AddResponseHeader("content-encoding", "mi-sha256");
   header.AddResponseHeader(
       "mi", "mi-sha256=4ld4G-h-sQSoLBD39ndIO15O_82NXSzq9UMFEYI02JQ");
-  header.AddResponseHeader("signed-headers",
-                           "\"content-type\", \"content-encoding\", \"mi\"");
   header.SetSignatureForTesting((*signature)[0]);
 
   auto certificate = certlist[0];