[devtools] Add TrustTokenParams to network requests in CDP

Design doc: http://bit.ly/devtools-trust-tokens The Trust Token API has some parameters that can be passed to a corresponding fetch or XHR request (or iframe). This CL surfaces the parameters as understood by the backend as part of the Network.Request CDP structure. R=sigurds@chromium.org Bug: chromium:1126824 Change-Id: I9cf4b1f17dc3b2f193b900eb26cfc9e11964f56b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2448370 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Andrey Kosyakov <caseq@chromium.org> Cr-Commit-Position: refs/heads/master@{#815569}

[devtools] Add TrustTokenParams to network requests in CDP
Design doc: http://bit.ly/devtools-trust-tokens The Trust Token API has some parameters that can be passed to a corresponding fetch or XHR request (or iframe). This CL surfaces the parameters as understood by the backend as part of the Network.Request CDP structure. R=sigurds@chromium.org Bug: chromium:1126824 Change-Id: I9cf4b1f17dc3b2f193b900eb26cfc9e11964f56b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2448370 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Andrey Kosyakov <caseq@chromium.org> Cr-Commit-Position: refs/heads/master@{#815569}
6bfc6a17 · Simon Zünd · Commit Bot · 516413c9 · 6bfc6a17 · 6bfc6a17
Commit 6bfc6a17 authored Oct 09, 2020 by Simon Zünd Committed by Commit Bot Oct 09, 2020
8 changed files
--- a/content/browser/devtools/protocol/network_handler.cc
+++ b/content/browser/devtools/protocol/network_handler.cc
@@ -43,6 +43,7 @@
 #include "content/browser/web_package/signed_exchange_envelope.h"
 #include "content/browser/web_package/signed_exchange_error.h"
 #include "content/common/navigation_params.h"
+#include "content/common/navigation_params.mojom.h"
 #include "content/common/web_package/signed_exchange_utils.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/browser_task_traits.h"
@@ -1611,6 +1612,48 @@ Maybe<String> GetBlockedReasonFor(
  return blockedReason(static_cast<blink::ResourceRequestBlockedReason>(
      status.extended_error_code));
 }
+String GetTrustTokenOperationType(
+    network::mojom::TrustTokenOperationType type) {
+  switch (type) {
+    case network::mojom::TrustTokenOperationType::kIssuance:
+      return protocol::Network::TrustTokenOperationTypeEnum::Issuance;
+    case network::mojom::TrustTokenOperationType::kRedemption:
+      return protocol::Network::TrustTokenOperationTypeEnum::Redemption;
+    case network::mojom::TrustTokenOperationType::kSigning:
+      return protocol::Network::TrustTokenOperationTypeEnum::Signing;
+  }
+}
+String GetTrustTokenRefreshPolicy(
+    network::mojom::TrustTokenRefreshPolicy policy) {
+  switch (policy) {
+    case network::mojom::TrustTokenRefreshPolicy::kUseCached:
+      return protocol::Network::TrustTokenParams::RefreshPolicyEnum::UseCached;
+    case network::mojom::TrustTokenRefreshPolicy::kRefresh:
+      return protocol::Network::TrustTokenParams::RefreshPolicyEnum::Refresh;
+  }
+}
+std::unique_ptr<protocol::Network::TrustTokenParams> BuildTrustTokenParams(
+    const network::mojom::TrustTokenParams& params) {
+  auto protocol_params =
+      protocol::Network::TrustTokenParams::Create()
+          .SetType(GetTrustTokenOperationType(params.type))
+          .SetRefreshPolicy(GetTrustTokenRefreshPolicy(params.refresh_policy))
+          .Build();
+  if (!params.issuers.empty()) {
+    auto issuers = std::make_unique<protocol::Array<protocol::String>>();
+    for (const auto& issuer : params.issuers) {
+      issuers->push_back(issuer.Serialize());
+    }
+    protocol_params->SetIssuers(std::move(issuers));
+  }
+  return protocol_params;
+}
 }  // namespace
 void NetworkHandler::NavigationRequestWillBeSent(
@@ -1685,6 +1728,13 @@ void NetworkHandler::NavigationRequestWillBeSent(
  double current_wall_time = base::Time::Now().ToDoubleT();
  std::string frame_token =
      nav_request.frame_tree_node()->devtools_frame_token().ToString();
+  const mojom::BeginNavigationParams* begin_params = nav_request.begin_params();
+  if (begin_params->trust_token_params) {
+    request->SetTrustTokenParams(
+        BuildTrustTokenParams(*begin_params->trust_token_params));
+  }
  frontend_->RequestWillBeSent(
      id, id, url_without_fragment, std::move(request), current_ticks,
      current_wall_time, std::move(initiator), std::move(redirect_response),
@@ -1720,6 +1770,10 @@ void NetworkHandler::RequestSent(const std::string& request_id,
          .Build();
  if (!url_fragment.empty())
    request_object->SetUrlFragment(url_fragment);
+  if (request.trust_token_params.has_value()) {
+    request_object->SetTrustTokenParams(
+        BuildTrustTokenParams(request.trust_token_params.value()));
+  }
  frontend_->RequestWillBeSent(
      request_id, loader_id, url_without_fragment, std::move(request_object),
      timestamp.since_origin().InSecondsF(), base::Time::Now().ToDoubleT(),

--- a/third_party/blink/public/devtools_protocol/browser_protocol.pdl
+++ b/third_party/blink/public/devtools_protocol/browser_protocol.pdl
@@ -4374,6 +4374,9 @@ domain Network
        strict-origin-when-cross-origin
      # Whether is loaded via link preload.
      optional boolean isLinkPreload
+      # Set for requests when the TrustToken API is used. Contains the parameters
+      # passed by the developer (e.g. via "fetch") as understood by the backend.
+      experimental optional TrustTokenParams trustTokenParams
  # Details of a signed certificate timestamp (SCT).
  type SignedCertificateTimestamp extends object
@@ -4457,6 +4460,31 @@ domain Network
      fallback-code
      network
+  # Determines what type of Trust Token operation is executed and
+  # depending on the type, some additional parameters.
+  experimental type TrustTokenParams extends object
+    properties
+      TrustTokenOperationType type
+      # Only set for "srr-token-redemption" type and determine whether
+      # to request a fresh SRR or use a still valid cached SRR.
+      enum refreshPolicy
+        UseCached
+        Refresh
+      # Origins of issuers from whom to request tokens or redemption
+      # records.
+      optional array of string issuers
+  experimental type TrustTokenOperationType extends string
+    enum
+      # Type "token-request" in the Trust Token API.
+      Issuance
+      # Type "srr-token-redemption" in the Trust Token API.
+      Redemption
+      # Type "send-srr" in the Trust Token API.
+      Signing
  # HTTP response data.
  type Response extends object
    properties

--- a/third_party/blink/renderer/core/inspector/inspector_network_agent.cc
+++ b/third_party/blink/renderer/core/inspector/inspector_network_agent.cc
@@ -41,6 +41,7 @@
 #include "net/base/ip_endpoint.h"
 #include "net/http/http_status_code.h"
 #include "services/network/public/mojom/referrer_policy.mojom-blink.h"
+#include "services/network/public/mojom/trust_tokens.mojom-blink.h"
 #include "services/network/public/mojom/websocket.mojom-blink.h"
 #include "third_party/blink/public/common/loader/referrer_utils.h"
 #include "third_party/blink/public/mojom/loader/request_context_frame_type.mojom-blink.h"
@@ -60,6 +61,7 @@
 #include "third_party/blink/renderer/core/inspector/identifiers_factory.h"
 #include "third_party/blink/renderer/core/inspector/inspected_frames.h"
 #include "third_party/blink/renderer/core/inspector/network_resources_data.h"
+#include "third_party/blink/renderer/core/inspector/protocol/Network.h"
 #include "third_party/blink/renderer/core/inspector/request_debug_header_scope.h"
 #include "third_party/blink/renderer/core/loader/document_loader.h"
 #include "third_party/blink/renderer/core/loader/frame_loader.h"
@@ -478,6 +480,47 @@ std::unique_ptr<protocol::Network::WebSocketFrame> WebSocketMessageToProtocol(
      .build();
 }
+String GetTrustTokenOperationType(
+    network::mojom::TrustTokenOperationType type) {
+  switch (type) {
+    case network::mojom::TrustTokenOperationType::kIssuance:
+      return protocol::Network::TrustTokenOperationTypeEnum::Issuance;
+    case network::mojom::TrustTokenOperationType::kRedemption:
+      return protocol::Network::TrustTokenOperationTypeEnum::Redemption;
+    case network::mojom::TrustTokenOperationType::kSigning:
+      return protocol::Network::TrustTokenOperationTypeEnum::Signing;
+  }
+}
+String GetTrustTokenRefreshPolicy(
+    network::mojom::TrustTokenRefreshPolicy policy) {
+  switch (policy) {
+    case network::mojom::TrustTokenRefreshPolicy::kUseCached:
+      return protocol::Network::TrustTokenParams::RefreshPolicyEnum::UseCached;
+    case network::mojom::TrustTokenRefreshPolicy::kRefresh:
+      return protocol::Network::TrustTokenParams::RefreshPolicyEnum::Refresh;
+  }
+}
+std::unique_ptr<protocol::Network::TrustTokenParams> BuildTrustTokenParams(
+    const network::mojom::blink::TrustTokenParams& params) {
+  auto protocol_params =
+      protocol::Network::TrustTokenParams::create()
+          .setType(GetTrustTokenOperationType(params.type))
+          .setRefreshPolicy(GetTrustTokenRefreshPolicy(params.refresh_policy))
+          .build();
+  if (!params.issuers.IsEmpty()) {
+    auto issuers = std::make_unique<protocol::Array<protocol::String>>();
+    for (const auto& issuer : params.issuers) {
+      issuers->push_back(issuer->ToString());
+    }
+    protocol_params->setIssuers(std::move(issuers));
+  }
+  return protocol_params;
+}
 void SetNetworkStateOverride(bool offline,
                             double latency,
                             double download_throughput,
@@ -606,6 +649,10 @@ BuildObjectForResourceRequest(const ResourceRequest& request,
    result->setPostDataEntries(std::move(data_entries));
  if (has_post_data)
    result->setHasPostData(true);
+  if (request.TrustTokenParams()) {
+    result->setTrustTokenParams(
+        BuildTrustTokenParams(*request.TrustTokenParams()));
+  }
  return result;
 }

--- a/third_party/blink/web_tests/http/tests/inspector-protocol/resources/iframe-request-trust-token.html
+++ b/third_party/blink/web_tests/http/tests/inspector-protocol/resources/iframe-request-trust-token.html
+<iframe src="https://issuer.example" trusttoken="{&#x22;type&#x22;: &#x22;token-request&#x22;}"></iframe>
--- a/third_party/blink/web_tests/http/tests/inspector-protocol/trust-tokens/trust-token-params-fetch.js
+++ b/third_party/blink/web_tests/http/tests/inspector-protocol/trust-tokens/trust-token-params-fetch.js
+(async function(testRunner) {
+  const {session, dp} = await testRunner.startBlank(
+    `Check that TrustTokenParams are included in the basic Trust Token operations on 'fetch'`);
+  const clearTrustTokenState = async () => {
+    await session.evaluateAsync(`await new Promise(res => window.testRunner.clearTrustTokenState(res));`);
+  };
+  const issuanceRequest = `
+    fetch('https://trusttoken.test', {
+      trustToken: {
+        type: 'token-request'
+      }
+    });
+  `;
+  const redemptionRequest = `
+    fetch('https://trusttoken.test', {
+      trustToken: {
+        type: 'srr-token-redemption'
+      }
+    });
+  `;
+  const signingRequest = `
+    fetch('https://destination.test', {
+      trustToken: {
+        type: 'send-srr',
+        issuers: ['https://issuer.test']
+      }
+    });
+  `;
+  // Note that the requests are failing, as the provided URLs are neither valid
+  // issuers, nor redeemers. This test only cares about the parameters included
+  // in the requests.
+  await dp.Network.enable();
+  await dp.Network.onRequestWillBeSent(event => {
+    const trustTokenParams = event.params.request.trustTokenParams;
+    testRunner.log(`Included trustTokenParams in request: ${JSON.stringify(trustTokenParams)}`);
+  });
+  for (const request of [issuanceRequest, redemptionRequest, signingRequest]) {
+    testRunner.log(`Sending request: ${request}`);
+    await session.evaluateAsync(request);
+    await clearTrustTokenState();
+  }
+  testRunner.completeTest();
+})
--- a/third_party/blink/web_tests/http/tests/inspector-protocol/trust-tokens/trust-token-params-iframe.js
+++ b/third_party/blink/web_tests/http/tests/inspector-protocol/trust-tokens/trust-token-params-iframe.js
+(async function(testRunner) {
+  const {page, dp} = await testRunner.startBlank(
+      `Check that TrustTokenParams are included when an iframe requests a trust token'`);
+  await dp.Network.enable();
+  await dp.Network.onRequestWillBeSent(event => {
+    const trustTokenParams = event.params.request.trustTokenParams;
+    if (trustTokenParams) {
+      testRunner.log(`Included trustTokenParams in request: ${JSON.stringify(trustTokenParams)}`);
+    } else {
+      testRunner.log(`Main frame navigation not expected to contain trustTokenParams.`);
+    }
+  });
+  await page.navigate('https://devtools.test:8443/inspector-protocol/resources/iframe-request-trust-token.html');
+  testRunner.completeTest();
+})
--- a/third_party/blink/web_tests/virtual/trust-tokens/http/tests/inspector-protocol/trust-tokens/trust-token-params-fetch-expected.txt
+++ b/third_party/blink/web_tests/virtual/trust-tokens/http/tests/inspector-protocol/trust-tokens/trust-token-params-fetch-expected.txt
+Check that TrustTokenParams are included in the basic Trust Token operations on 'fetch'
+Sending request: 
+    fetch('https://trusttoken.test', {
+      trustToken: {
+        type: 'token-request'
+      }
+    });
+Included trustTokenParams in request: {"type":"Issuance","refreshPolicy":"UseCached"}
+Sending request: 
+    fetch('https://trusttoken.test', {
+      trustToken: {
+        type: 'srr-token-redemption'
+      }
+    });
+Included trustTokenParams in request: {"type":"Redemption","refreshPolicy":"UseCached"}
+Sending request: 
+    fetch('https://destination.test', {
+      trustToken: {
+        type: 'send-srr',
+        issuers: ['https://issuer.test']
+      }
+    });
+Included trustTokenParams in request: {"type":"Signing","refreshPolicy":"UseCached","issuers":["https://issuer.test"]}
--- a/third_party/blink/web_tests/virtual/trust-tokens/http/tests/inspector-protocol/trust-tokens/trust-token-params-iframe-expected.txt
+++ b/third_party/blink/web_tests/virtual/trust-tokens/http/tests/inspector-protocol/trust-tokens/trust-token-params-iframe-expected.txt
+Check that TrustTokenParams are included when an iframe requests a trust token'
+Main frame navigation not expected to contain trustTokenParams.
+Included trustTokenParams in request: {"type":"Issuance","refreshPolicy":"UseCached"}