Add an interface for performing Trust Tokens operations.

This change adds an interface for performing the Trust Tokens protocol operations of issuance, redemption, and request signing. It is a common parent CL of three changes, each of which adds the implementation of a single protocol operation. The plan is for URLLoader to be provided a request helper on requests suitable for executing Trust Tokens operations (and no helper otherwise). Bug: 1042962 Change-Id: I8861ca08047da6b55bf90e67dca1b4f458598615 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2052468 Commit-Queue: David Van Cleve <davidvc@chromium.org> Reviewed-by: Charlie Harrison <csharrison@chromium.org> Cr-Commit-Position: refs/heads/master@{#742616}

Add an interface for performing Trust Tokens operations.
This change adds an interface for performing the Trust Tokens protocol operations of issuance, redemption, and request signing. It is a common parent CL of three changes, each of which adds the implementation of a single protocol operation. The plan is for URLLoader to be provided a request helper on requests suitable for executing Trust Tokens operations (and no helper otherwise). Bug: 1042962 Change-Id: I8861ca08047da6b55bf90e67dca1b4f458598615 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2052468 Commit-Queue: David Van Cleve <davidvc@chromium.org> Reviewed-by: Charlie Harrison <csharrison@chromium.org> Cr-Commit-Position: refs/heads/master@{#742616}
60db7ed4 · David Van Cleve · Commit Bot · 3f887232 · 60db7ed4 · 60db7ed4
Commit 60db7ed4 authored Feb 19, 2020 by David Van Cleve Committed by Commit Bot Feb 19, 2020
6 changed files
--- a/services/network/trust_tokens/BUILD.gn
+++ b/services/network/trust_tokens/BUILD.gn
@@ -18,9 +18,11 @@ source_set("trust_tokens") {
    "sqlite_trust_token_persister.h",
    "trust_token_database_owner.cc",
    "trust_token_database_owner.h",
-    "trust_token_parameterization.cc",
+    "trust_token_http_headers.h",
+    "trust_token_operation_status.h",
    "trust_token_parameterization.h",
    "trust_token_persister.h",
+    "trust_token_request_helper.h",
    "trust_token_store.cc",
    "trust_token_store.h",
    "types.cc",
@@ -31,6 +33,7 @@ source_set("trust_tokens") {
    ":storage_proto",
    "//base",
    "//components/sqlite_proto",
+    "//services/network/public/mojom",
    "//sql",
    "//url",
  ]

--- a/services/network/trust_tokens/trust_token_http_headers.h
+++ b/services/network/trust_tokens/trust_token_http_headers.h
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SERVICES_NETWORK_TRUST_TOKENS_TRUST_TOKEN_HTTP_HEADERS_H_
+#define SERVICES_NETWORK_TRUST_TOKENS_TRUST_TOKEN_HTTP_HEADERS_H_
+
+namespace network {
+
+// These are the HTTP headers defined in the Trust Tokens draft explainer:
+// https://github.com/WICG/trust-token-api
+
+// As a request header: during issuance, sends a collection of unsigned, blinded
+// tokens; during redemption, sends a single signed, unblinded token
+// along with associated redemption metadata.
+// As a response header: during issuance, provides a collection of signed,
+// blinded tokens; during redemption, includes a just-created Signed Redemption
+// Record.
+constexpr char kTrustTokensSecTrustTokenHeader[] = "Sec-Trust-Token";
+
+// As a request header, provides a timestamp associated with a
+// particular Trust Tokens signature-bearing request.
+constexpr char kTrustTokensRequestHeaderSecTime[] = "Sec-Time";
+
+// As a request header, provides a signature over the canonical record
+// associated with a given request (containing the request's URL; optionally, a
+// collection of headers; and, optionally, the request's body).
+constexpr char kTrustTokensRequestHeaderSecSignature[] = "Sec-Signature";
+
+// As a request header, provides a Signed Redemption Record obtained from a
+// prior issuance-and-redemption flow.
+constexpr char kTrustTokensRequestHeaderSecSignedRedemptionRecord[] =
+    "Sec-Signed-Redemption-Record";
+
+}  // namespace network
+
+#endif  // SERVICES_NETWORK_TRUST_TOKENS_TRUST_TOKEN_HTTP_HEADERS_H_
--- a/services/network/trust_tokens/trust_token_operation_status.h
+++ b/services/network/trust_tokens/trust_token_operation_status.h
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SERVICES_NETWORK_TRUST_TOKENS_TRUST_TOKEN_OPERATION_STATUS_H_
+#define SERVICES_NETWORK_TRUST_TOKENS_TRUST_TOKEN_OPERATION_STATUS_H_
+
+namespace network {
+
+// TrustTokenOperationStatus enumerates (an incomplete collection of) outcomes
+// for the Trust Tokens (http://github.com/WICG/trust-token-api) protocol
+// operation: token issuance, token redemption, and request signing.
+//
+// Each status may be returned in similar cases beyond those listed in its
+// comment.
+enum class TrustTokenOperationStatus {
+  kOk,
+
+  // A client-provided argument was malformed or otherwise invalid.
+  kInvalidArgument,
+
+  // A precondition failed (for instance, a rate limit would be exceeded, a key
+  // commitment check failed, or executing the operation would cause too many
+  // issuers to be associated with the operation's top-level origin).
+  kFailedPrecondition,
+
+  // No inputs for the given operation available, or a quota on the operation's
+  // output would be exceeded.
+  kResourceExhausted,
+
+  // The operation's result already exists (for instance, a cache was hit).
+  kAlreadyExists,
+
+  // Internal storage, or some other necessary resource, has not yet
+  // initialized or has become unavailable.
+  kUnavailable,
+
+  // The server response was malformed or otherwise invalid.
+  kBadResponse,
+
+  // A, usually severe, internal error occurred.
+  kInternalError,
+
+  // The operation failed for some other reason.
+  kUnknownError,
+
+  // Sentinel used for serialization in IPC_ENUM_TRAITS and/or logging; do not
+  // use directly.
+  kMaxValue = kUnknownError,
+};
+
+}  // namespace network
+#endif  // SERVICES_NETWORK_TRUST_TOKENS_TRUST_TOKEN_OPERATION_STATUS_H_
--- a/services/network/trust_tokens/trust_token_parameterization.cc
+++ b/services/network/trust_tokens/trust_token_parameterization.cc
-// Copyright 2020 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "services/network/trust_tokens/trust_token_parameterization.h"
-
-namespace network {
-
-constexpr base::TaskPriority kTrustTokenDatabaseTaskPriority =
-    base::TaskPriority::USER_VISIBLE;
-
-constexpr base::TimeDelta kTrustTokenWriteBufferingWindow =
-    base::TimeDelta::FromSeconds(2);
-
-}  // namespace network
--- a/services/network/trust_tokens/trust_token_parameterization.h
+++ b/services/network/trust_tokens/trust_token_parameterization.h
@@ -11,15 +11,17 @@

 namespace network {

-// Priority for running blocking Trust Tokens database IO. This is given type
+// Priority for running blocking Trust Tokens database IO. This is given value
 // USER_VISIBLE because Trust Tokens DB operations can sometimes be in the
 // loading critical path, but generally only for subresources.
-extern const base::TaskPriority kTrustTokenDatabaseTaskPriority;
+constexpr base::TaskPriority kTrustTokenDatabaseTaskPriority =
+    base::TaskPriority::USER_VISIBLE;

 // The maximum time Trust Tokens backing database writes will be buffered before
 // being committed to disk. Two seconds was chosen fairly arbitrarily as a value
 // close to what the cookie store uses.
-extern const base::TimeDelta kTrustTokenWriteBufferingWindow;
+constexpr base::TimeDelta kTrustTokenWriteBufferingWindow =
+    base::TimeDelta::FromSeconds(2);

 }  // namespace network


--- a/services/network/trust_tokens/trust_token_request_helper.h
+++ b/services/network/trust_tokens/trust_token_request_helper.h
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SERVICES_NETWORK_TRUST_TOKENS_TRUST_TOKEN_REQUEST_HELPER_H_
+#define SERVICES_NETWORK_TRUST_TOKENS_TRUST_TOKEN_REQUEST_HELPER_H_
+
+#include "base/callback_forward.h"
+#include "services/network/public/mojom/url_response_head.mojom-forward.h"
+#include "services/network/trust_tokens/trust_token_operation_status.h"
+
+namespace net {
+class URLRequest;
+}  // namespace net
+
+namespace network {
+
+// A request helper coordinates most externally-visible, high-level Trust Token
+// logic and state changes. It knows how to execute pre- and post-request logic
+// for a single Trust Token operation (issuance, redemption, or signing and
+// attaching cached redemption records).
+class TrustTokenRequestHelper {
+ public:
+  virtual ~TrustTokenRequestHelper() = default;
+
+  TrustTokenRequestHelper(const TrustTokenRequestHelper&) = delete;
+  TrustTokenRequestHelper& operator=(const TrustTokenRequestHelper&) = delete;
+
+  // Checks preconditions for |request| and the protocol operation
+  // that this TrustTokenRequestHelper is responsible for. This completes
+  // asynchronously because it might take a long time (for instance, for Trust
+  // Tokens issuance and redemption, this involves executing a network request).
+  virtual void Begin(
+      net::URLRequest* request,
+      base::OnceCallback<void(TrustTokenOperationStatus)> done) = 0;
+
+  // Checks |response| for issuance response headers; if these are present and
+  // valid, removes the headers, updates internal protocol state, and returns
+  // true. Otherwise, returns false.
+  virtual TrustTokenOperationStatus Finalize(
+      mojom::URLResponseHead* response) = 0;
+};
+
+}  // namespace network
+
+#endif  // SERVICES_NETWORK_TRUST_TOKENS_TRUST_TOKEN_REQUEST_HELPER_H_