Skip to content

GitLab

T
tangled
Commit 992a6952 authored by Maksim Moskvitin's avatar Maksim Moskvitin Committed by Chromium LUCI CQ
Browse files
Options

[TrustedVault] Add TrustedVaultKeyAndVersion struct 

Trusted vault key is often passed as argument together with its
version. Moreover, there are plans to pass them as optional parameters.

This CL introduces a new struct that stores both vault key and its
version and updates some APIs to use it.

Bug: 1113598
Change-Id: I2ddf20ffe7a3c252b70230001c630b5ace58c017
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2592989Reviewed-by: default avatarMikel Astiz <mastiz@chromium.org>
Commit-Queue: Maksim Moskvitin <mmoskvitin@google.com>
Cr-Commit-Position: refs/heads/master@{#837021}
parent b4dce31d
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 196 additions and 140 deletions
components/sync/trusted_vault/BUILD.gn
View file @ 992a6952
...@@ -19,6 +19,7 @@ static_library("trusted_vault") { ...@@ -19,6 +19,7 @@ static_library("trusted_vault") {
"trusted_vault_access_token_fetcher_frontend.h", "trusted_vault_access_token_fetcher_frontend.h",
"trusted_vault_access_token_fetcher_impl.cc", "trusted_vault_access_token_fetcher_impl.cc",
"trusted_vault_access_token_fetcher_impl.h", "trusted_vault_access_token_fetcher_impl.h",
"trusted_vault_connection.cc",
"trusted_vault_connection.h", "trusted_vault_connection.h",
"trusted_vault_connection_impl.cc", "trusted_vault_connection_impl.cc",
"trusted_vault_connection_impl.h", "trusted_vault_connection_impl.h",
......
components/sync/trusted_vault/download_keys_response_handler.cc
View file @ 992a6952
...@@ -87,19 +87,21 @@ std::vector<ExtractedSharedKey> ExtractAndSortSharedKeys( ...@@ -87,19 +87,21 @@ std::vector<ExtractedSharedKey> ExtractAndSortSharedKeys(
} }
// Validates |key_proof| starting from the key next to // Validates |key_proof| starting from the key next to
// |last_known_trusted_vault_key|, returns false if validation fails or |keys| // last known trusted vault key, returns false if validation fails or |keys|
// doesn't have a key next to |last_known_trusted_vault_key|. // doesn't have a key next to last known trusted vault key.
bool IsValidKeyChain(const std::vector<ExtractedSharedKey>& key_chain, bool IsValidKeyChain(
const std::vector<uint8_t>& last_known_trusted_vault_key, const std::vector<ExtractedSharedKey>& key_chain,
const int last_known_trusted_vault_key_version) { const TrustedVaultKeyAndVersion& last_known_trusted_vault_key_and_version) {
DCHECK(!key_chain.empty()); DCHECK(!key_chain.empty());
if (key_chain.back().version <= last_known_trusted_vault_key_version) { if (key_chain.back().version <=
last_known_trusted_vault_key_and_version.version) {
// |keys| doesn't contain any new key. Note: this may mean that key rotation // |keys| doesn't contain any new key. Note: this may mean that key rotation
// happened, but state corresponding to the current member wasn't updated. // happened, but state corresponding to the current member wasn't updated.
return false; return false;
} }
int last_valid_key_version = last_known_trusted_vault_key_version; int last_valid_key_version = last_known_trusted_vault_key_and_version.version;
std::vector<uint8_t> last_valid_key = last_known_trusted_vault_key; std::vector<uint8_t> last_valid_key =
last_known_trusted_vault_key_and_version.key;
for (const ExtractedSharedKey& next_key : key_chain) { for (const ExtractedSharedKey& next_key : key_chain) {
if (next_key.version <= last_valid_key_version) { if (next_key.version <= last_valid_key_version) {
continue; continue;
...@@ -144,11 +146,9 @@ DownloadKeysResponseHandler::ProcessedResponse::operator=( ...@@ -144,11 +146,9 @@ DownloadKeysResponseHandler::ProcessedResponse::operator=(
DownloadKeysResponseHandler::ProcessedResponse::~ProcessedResponse() = default; DownloadKeysResponseHandler::ProcessedResponse::~ProcessedResponse() = default;
DownloadKeysResponseHandler::DownloadKeysResponseHandler( DownloadKeysResponseHandler::DownloadKeysResponseHandler(
const std::vector<uint8_t>& last_trusted_vault_key, const TrustedVaultKeyAndVersion& last_trusted_vault_key_and_version,
int last_trusted_vault_key_version,
std::unique_ptr<SecureBoxKeyPair> device_key_pair) std::unique_ptr<SecureBoxKeyPair> device_key_pair)
: last_trusted_vault_key_(last_trusted_vault_key), : last_trusted_vault_key_and_version_(last_trusted_vault_key_and_version),
last_trusted_vault_key_version_(last_trusted_vault_key_version),
device_key_pair_(std::move(device_key_pair)) { device_key_pair_(std::move(device_key_pair)) {
DCHECK(device_key_pair_); DCHECK(device_key_pair_);
} }
...@@ -187,18 +187,17 @@ DownloadKeysResponseHandler::ProcessResponse( ...@@ -187,18 +187,17 @@ DownloadKeysResponseHandler::ProcessResponse(
std::vector<ExtractedSharedKey> extracted_keys = ExtractAndSortSharedKeys( std::vector<ExtractedSharedKey> extracted_keys = ExtractAndSortSharedKeys(
*current_member, device_key_pair_->private_key()); *current_member, device_key_pair_->private_key());
if (extracted_keys.empty() || if (extracted_keys.empty() ||
!IsValidKeyChain(extracted_keys, last_trusted_vault_key_, !IsValidKeyChain(extracted_keys, last_trusted_vault_key_and_version_)) {
last_trusted_vault_key_version_)) {
return ProcessedResponse( return ProcessedResponse(
/*status=*/TrustedVaultRequestStatus::kLocalDataObsolete); /*status=*/TrustedVaultRequestStatus::kLocalDataObsolete);
} }
std::vector<std::vector<uint8_t>> new_keys; std::vector<std::vector<uint8_t>> new_keys;
for (const ExtractedSharedKey& key : extracted_keys) { for (const ExtractedSharedKey& key : extracted_keys) {
if (key.version >= last_trusted_vault_key_version_) { if (key.version >= last_trusted_vault_key_and_version_.version) {
// Don't include previous keys into the result, because they weren't // Don't include previous keys into the result, because they weren't
// validated using |last_trusted_vault_key_| and client should be already // validated using |last_trusted_vault_key_and_version| and client should
// aware of them. // be already aware of them.
new_keys.push_back(key.trusted_vault_key); new_keys.push_back(key.trusted_vault_key);
} }
} }
......
components/sync/trusted_vault/download_keys_response_handler.h
View file @ 992a6952
...@@ -38,20 +38,19 @@ class DownloadKeysResponseHandler { ...@@ -38,20 +38,19 @@ class DownloadKeysResponseHandler {
// isn't valid serialized ListSecurityDomainsResponse proto. // isn't valid serialized ListSecurityDomainsResponse proto.
TrustedVaultRequestStatus status; TrustedVaultRequestStatus status;
// Contains new keys and potentially |last_trusted_vault_key| if it wasn't // Contains new keys and potentially previously known trusted vault key if
// removed server-side. Doesn't contain keys that predate // it wasn't removed server-side. Doesn't contain keys that predate
// |last_trusted_vault_key|, because it's impossible to validate them and // last known trusted vault key, because it's impossible to validate them
// the client should be aware of them already. // and the client should be aware of them already.
std::vector<std::vector<uint8_t>> keys; std::vector<std::vector<uint8_t>> keys;
int last_key_version; int last_key_version;
}; };
// |device_key_pair| must not be null. This class doesn't make an assumption // |device_key_pair| must not be null. This class doesn't make an assumption
// of |last_trusted_vault_key| being non-empty or // of |last_trusted_vault_key_and_version.key| being non-empty or
// |last_trusted_vault_key_version| being non-negative. // |last_trusted_vault_key_version_and_version.version| being non-negative.
DownloadKeysResponseHandler( DownloadKeysResponseHandler(
const std::vector<uint8_t>& last_trusted_vault_key, const TrustedVaultKeyAndVersion& last_trusted_vault_key_and_version,
int last_trusted_vault_key_version,
std::unique_ptr<SecureBoxKeyPair> device_key_pair); std::unique_ptr<SecureBoxKeyPair> device_key_pair);
DownloadKeysResponseHandler(const DownloadKeysResponseHandler& other) = DownloadKeysResponseHandler(const DownloadKeysResponseHandler& other) =
delete; delete;
...@@ -63,8 +62,7 @@ class DownloadKeysResponseHandler { ...@@ -63,8 +62,7 @@ class DownloadKeysResponseHandler {
const std::string& response_body) const; const std::string& response_body) const;
private: private:
const std::vector<uint8_t> last_trusted_vault_key_; const TrustedVaultKeyAndVersion last_trusted_vault_key_and_version_;
const int last_trusted_vault_key_version_;
const std::unique_ptr<SecureBoxKeyPair> device_key_pair_; const std::unique_ptr<SecureBoxKeyPair> device_key_pair_;
}; };
......
components/sync/trusted_vault/download_keys_response_handler_unittest.cc
View file @ 992a6952
...@@ -33,6 +33,8 @@ std::unique_ptr<SecureBoxKeyPair> MakeTestKeyPair() { ...@@ -33,6 +33,8 @@ std::unique_ptr<SecureBoxKeyPair> MakeTestKeyPair() {
return SecureBoxKeyPair::CreateByPrivateKeyImport(private_key_bytes); return SecureBoxKeyPair::CreateByPrivateKeyImport(private_key_bytes);
} }
// TODO(crbug.com/1113598): consider using TrustedVaultKeyAndVersion instead of
// |trusted_vault_key| and |trusted_vault_keys_versions|.
void FillSecurityDomainMember( void FillSecurityDomainMember(
const SecureBoxPublicKey& public_key, const SecureBoxPublicKey& public_key,
const std::vector<std::vector<uint8_t>>& trusted_vault_keys, const std::vector<std::vector<uint8_t>>& trusted_vault_keys,
...@@ -77,8 +79,8 @@ std::string CreateListSecurityDomainsResponseWithSingleSyncMember( ...@@ -77,8 +79,8 @@ std::string CreateListSecurityDomainsResponseWithSingleSyncMember(
class DownloadKeysResponseHandlerTest : public testing::Test { class DownloadKeysResponseHandlerTest : public testing::Test {
public: public:
DownloadKeysResponseHandlerTest() DownloadKeysResponseHandlerTest()
: handler_(kKnownTrustedVaultKey, : handler_(TrustedVaultKeyAndVersion(kKnownTrustedVaultKey,
kKnownTrustedVaultKeyVersion, kKnownTrustedVaultKeyVersion),
MakeTestKeyPair()) {} MakeTestKeyPair()) {}
~DownloadKeysResponseHandlerTest() override = default; ~DownloadKeysResponseHandlerTest() override = default;
......
components/sync/trusted_vault/standalone_trusted_vault_backend.cc
View file @ 992a6952
...@@ -51,6 +51,16 @@ void WriteToDisk(const sync_pb::LocalTrustedVault& data, ...@@ -51,6 +51,16 @@ void WriteToDisk(const sync_pb::LocalTrustedVault& data,
} }
} }
base::Optional<TrustedVaultKeyAndVersion> GetLastTrustedVaultKeyAndVersion(
const sync_pb::LocalTrustedVaultPerUser& per_user_vault) {
if (per_user_vault.vault_key_size() != 0) {
return TrustedVaultKeyAndVersion(
ProtoStringToBytes(per_user_vault.vault_key().rbegin()->key_material()),
per_user_vault.last_vault_key_version());
}
return base::nullopt;
}
} // namespace } // namespace
StandaloneTrustedVaultBackend::StandaloneTrustedVaultBackend( StandaloneTrustedVaultBackend::StandaloneTrustedVaultBackend(
...@@ -115,21 +125,20 @@ void StandaloneTrustedVaultBackend::FetchKeys( ...@@ -115,21 +125,20 @@ void StandaloneTrustedVaultBackend::FetchKeys(
FulfillOngoingFetchKeys(); FulfillOngoingFetchKeys();
return; return;
} }
if (per_user_vault->vault_key_size() == 0) { base::Optional<TrustedVaultKeyAndVersion> last_trusted_vault_key_and_version =
// Corrupted state: device is registered, but there is no vault keys. GetLastTrustedVaultKeyAndVersion(*per_user_vault);
// TODO(crbug.com/1094326): restore from this state (just mark device as not if (!last_trusted_vault_key_and_version.has_value()) {
// registered?). // TODO(crbug.com/1094326): properly support this state (constant key case).
FulfillOngoingFetchKeys(); FulfillOngoingFetchKeys();
NOTIMPLEMENTED();
return; return;
} }
// |this| outlives |connection_| and |ongoing_connection_request_|, so it's // |this| outlives |connection_| and |ongoing_connection_request_|, so it's
// safe to use base::Unretained() here. // safe to use base::Unretained() here.
ongoing_connection_request_ = connection_->DownloadKeys( ongoing_connection_request_ = connection_->DownloadKeys(
*primary_account_, *primary_account_, *last_trusted_vault_key_and_version,
/*last_trusted_vault_key=*/ std::move(key_pair),
ProtoStringToBytes(per_user_vault->vault_key().rbegin()->key_material()),
per_user_vault->last_vault_key_version(), std::move(key_pair),
base::BindOnce(&StandaloneTrustedVaultBackend::OnKeysDownloaded, base::BindOnce(&StandaloneTrustedVaultBackend::OnKeysDownloaded,
base::Unretained(this), account_info.gaia)); base::Unretained(this), account_info.gaia));
DCHECK(ongoing_connection_request_); DCHECK(ongoing_connection_request_);
...@@ -250,9 +259,19 @@ void StandaloneTrustedVaultBackend::MaybeRegisterDevice( ...@@ -250,9 +259,19 @@ void StandaloneTrustedVaultBackend::MaybeRegisterDevice(
return; return;
} }
sync_pb::LocalTrustedVaultPerUser* per_user_vault = FindUserVault(gaia_id); sync_pb::LocalTrustedVaultPerUser* per_user_vault = FindUserVault(gaia_id);
if (!per_user_vault || per_user_vault->vault_key_size() == 0 || if (!per_user_vault) {
// TODO(crbug.com/1102340): make non-null |per_user_vault| a precondition
// for this function?
return;
}
base::Optional<TrustedVaultKeyAndVersion> last_trusted_vault_key_and_version =
GetLastTrustedVaultKeyAndVersion(*per_user_vault);
if (!last_trusted_vault_key_and_version.has_value() ||
per_user_vault->keys_are_stale()) { per_user_vault->keys_are_stale()) {
// Fresh vault key is required to register the device. // Fresh vault key is required to register the device.
// TODO(crbug.com/1102340): relax this condition to support device
// registration without real trusted vault key.
NOTIMPLEMENTED();
return; return;
} }
if (per_user_vault->local_device_registration_info().device_registered()) { if (per_user_vault->local_device_registration_info().device_registered()) {
...@@ -294,10 +313,8 @@ void StandaloneTrustedVaultBackend::MaybeRegisterDevice( ...@@ -294,10 +313,8 @@ void StandaloneTrustedVaultBackend::MaybeRegisterDevice(
// |this| outlives |connection_| and |ongoing_connection_request_|, so it's // |this| outlives |connection_| and |ongoing_connection_request_|, so it's
// safe to use base::Unretained() here. // safe to use base::Unretained() here.
ongoing_connection_request_ = connection_->RegisterAuthenticationFactor( ongoing_connection_request_ = connection_->RegisterAuthenticationFactor(
*primary_account_, *primary_account_, *last_trusted_vault_key_and_version,
/*last_trusted_vault_key=*/ key_pair->public_key(),
ProtoStringToBytes(per_user_vault->vault_key().rbegin()->key_material()),
per_user_vault->last_vault_key_version(), key_pair->public_key(),
base::BindOnce(&StandaloneTrustedVaultBackend::OnDeviceRegistered, base::BindOnce(&StandaloneTrustedVaultBackend::OnDeviceRegistered,
base::Unretained(this), gaia_id)); base::Unretained(this), gaia_id));
DCHECK(ongoing_connection_request_); DCHECK(ongoing_connection_request_);
......
components/sync/trusted_vault/trusted_vault_connection.cc 0 → 100644
View file @ 992a6952
// Copyright 2020 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "components/sync/trusted_vault/trusted_vault_connection.h"
namespace syncer {
TrustedVaultKeyAndVersion::TrustedVaultKeyAndVersion(
const std::vector<uint8_t>& key,
int version)
: key(key), version(version) {}
TrustedVaultKeyAndVersion::TrustedVaultKeyAndVersion(
const TrustedVaultKeyAndVersion& other) = default;
TrustedVaultKeyAndVersion& TrustedVaultKeyAndVersion::operator=(
const TrustedVaultKeyAndVersion& other) = default;
TrustedVaultKeyAndVersion::~TrustedVaultKeyAndVersion() = default;
} // namespace syncer
components/sync/trusted_vault/trusted_vault_connection.h
View file @ 992a6952
...@@ -27,6 +27,16 @@ enum class TrustedVaultRequestStatus { ...@@ -27,6 +27,16 @@ enum class TrustedVaultRequestStatus {
kOtherError kOtherError
}; };
struct TrustedVaultKeyAndVersion {
TrustedVaultKeyAndVersion(const std::vector<uint8_t>& key, int version);
TrustedVaultKeyAndVersion(const TrustedVaultKeyAndVersion& other);
TrustedVaultKeyAndVersion& operator=(const TrustedVaultKeyAndVersion& other);
~TrustedVaultKeyAndVersion();
std::vector<uint8_t> key;
int version;
};
// Supports interaction with vault service, all methods must called on trusted // Supports interaction with vault service, all methods must called on trusted
// vault backend sequence. // vault backend sequence.
class TrustedVaultConnection { class TrustedVaultConnection {
...@@ -61,8 +71,7 @@ class TrustedVaultConnection { ...@@ -61,8 +71,7 @@ class TrustedVaultConnection {
// object until |callback| call or until request needs to be cancelled. // object until |callback| call or until request needs to be cancelled.
virtual std::unique_ptr<Request> RegisterAuthenticationFactor( virtual std::unique_ptr<Request> RegisterAuthenticationFactor(
const CoreAccountInfo& account_info, const CoreAccountInfo& account_info,
const std::vector<uint8_t>& last_trusted_vault_key, const TrustedVaultKeyAndVersion& last_trusted_vault_key_and_version,
int last_trusted_vault_key_version,
const SecureBoxPublicKey& authentication_factor_public_key, const SecureBoxPublicKey& authentication_factor_public_key,
RegisterAuthenticationFactorCallback callback) WARN_UNUSED_RESULT = 0; RegisterAuthenticationFactorCallback callback) WARN_UNUSED_RESULT = 0;
...@@ -71,8 +80,7 @@ class TrustedVaultConnection { ...@@ -71,8 +80,7 @@ class TrustedVaultConnection {
// or until request needs to be cancelled. // or until request needs to be cancelled.
virtual std::unique_ptr<Request> DownloadKeys( virtual std::unique_ptr<Request> DownloadKeys(
const CoreAccountInfo& account_info, const CoreAccountInfo& account_info,
const std::vector<uint8_t>& last_trusted_vault_key, const TrustedVaultKeyAndVersion& last_trusted_vault_key_and_version,
int last_trusted_vault_key_version,
std::unique_ptr<SecureBoxKeyPair> device_key_pair, std::unique_ptr<SecureBoxKeyPair> device_key_pair,
DownloadKeysCallback callback) WARN_UNUSED_RESULT = 0; DownloadKeysCallback callback) WARN_UNUSED_RESULT = 0;
}; };
......
components/sync/trusted_vault/trusted_vault_connection_impl.cc
View file @ 992a6952
...@@ -46,31 +46,29 @@ void ProcessRegisterDeviceResponse( ...@@ -46,31 +46,29 @@ void ProcessRegisterDeviceResponse(
} }
sync_pb::SharedKey CreateMemberSharedKey( sync_pb::SharedKey CreateMemberSharedKey(
int trusted_vault_key_version, const TrustedVaultKeyAndVersion& trusted_vault_key_and_version,
const std::vector<uint8_t>& trusted_vault_key,
const SecureBoxPublicKey& public_key) { const SecureBoxPublicKey& public_key) {
sync_pb::SharedKey shared_key; sync_pb::SharedKey shared_key;
shared_key.set_epoch(trusted_vault_key_version); shared_key.set_epoch(trusted_vault_key_and_version.version);
AssignBytesToProtoString(ComputeTrustedVaultWrappedKey(
public_key, trusted_vault_key_and_version.key),
shared_key.mutable_wrapped_key());
AssignBytesToProtoString( AssignBytesToProtoString(
ComputeTrustedVaultWrappedKey(public_key, trusted_vault_key), ComputeTrustedVaultHMAC(/*key=*/trusted_vault_key_and_version.key,
shared_key.mutable_wrapped_key());
AssignBytesToProtoString(
ComputeTrustedVaultHMAC(/*key=*/trusted_vault_key,
/*data=*/public_key.ExportToBytes()), /*data=*/public_key.ExportToBytes()),
shared_key.mutable_member_proof()); shared_key.mutable_member_proof());
return shared_key; return shared_key;
} }
sync_pb::JoinSecurityDomainsRequest CreateJoinSecurityDomainsRequest( sync_pb::JoinSecurityDomainsRequest CreateJoinSecurityDomainsRequest(
int last_trusted_vault_key_version, const TrustedVaultKeyAndVersion& last_trusted_vault_key_and_version,
const std::vector<uint8_t>& last_trusted_vault_key,
const SecureBoxPublicKey& public_key) { const SecureBoxPublicKey& public_key) {
sync_pb::SecurityDomain::Member member; sync_pb::SecurityDomain::Member member;
const std::vector<uint8_t> public_key_bytes = public_key.ExportToBytes(); const std::vector<uint8_t> public_key_bytes = public_key.ExportToBytes();
AssignBytesToProtoString(public_key.ExportToBytes(), AssignBytesToProtoString(public_key.ExportToBytes(),
member.mutable_public_key()); member.mutable_public_key());
*member.add_keys() = CreateMemberSharedKey( *member.add_keys() =
last_trusted_vault_key_version, last_trusted_vault_key, public_key); CreateMemberSharedKey(last_trusted_vault_key_and_version, public_key);
sync_pb::SecurityDomain security_domain; sync_pb::SecurityDomain security_domain;
security_domain.set_name(kSecurityDomainName); security_domain.set_name(kSecurityDomainName);
...@@ -110,16 +108,15 @@ TrustedVaultConnectionImpl::~TrustedVaultConnectionImpl() = default; ...@@ -110,16 +108,15 @@ TrustedVaultConnectionImpl::~TrustedVaultConnectionImpl() = default;
std::unique_ptr<TrustedVaultConnection::Request> std::unique_ptr<TrustedVaultConnection::Request>
TrustedVaultConnectionImpl::RegisterAuthenticationFactor( TrustedVaultConnectionImpl::RegisterAuthenticationFactor(
const CoreAccountInfo& account_info, const CoreAccountInfo& account_info,
const std::vector<uint8_t>& last_trusted_vault_key, const TrustedVaultKeyAndVersion& last_trusted_vault_key_and_version,
int last_trusted_vault_key_version,
const SecureBoxPublicKey& public_key, const SecureBoxPublicKey& public_key,
RegisterAuthenticationFactorCallback callback) { RegisterAuthenticationFactorCallback callback) {
auto request = std::make_unique<TrustedVaultRequest>( auto request = std::make_unique<TrustedVaultRequest>(
TrustedVaultRequest::HttpMethod::kPost, TrustedVaultRequest::HttpMethod::kPost,
GURL(trusted_vault_service_url_.spec() + kJoinSecurityDomainsURLPath), GURL(trusted_vault_service_url_.spec() + kJoinSecurityDomainsURLPath),
/*serialized_request_proto=*/ /*serialized_request_proto=*/
CreateJoinSecurityDomainsRequest(last_trusted_vault_key_version, CreateJoinSecurityDomainsRequest(last_trusted_vault_key_and_version,
last_trusted_vault_key, public_key) public_key)
.SerializeAsString()); .SerializeAsString());
request->FetchAccessTokenAndSendRequest( request->FetchAccessTokenAndSendRequest(
account_info.account_id, GetOrCreateURLLoaderFactory(), account_info.account_id, GetOrCreateURLLoaderFactory(),
...@@ -131,8 +128,7 @@ TrustedVaultConnectionImpl::RegisterAuthenticationFactor( ...@@ -131,8 +128,7 @@ TrustedVaultConnectionImpl::RegisterAuthenticationFactor(
std::unique_ptr<TrustedVaultConnection::Request> std::unique_ptr<TrustedVaultConnection::Request>
TrustedVaultConnectionImpl::DownloadKeys( TrustedVaultConnectionImpl::DownloadKeys(
const CoreAccountInfo& account_info, const CoreAccountInfo& account_info,
const std::vector<uint8_t>& last_trusted_vault_key, const TrustedVaultKeyAndVersion& last_trusted_vault_key_and_version,
int last_trusted_vault_key_version,
std::unique_ptr<SecureBoxKeyPair> device_key_pair, std::unique_ptr<SecureBoxKeyPair> device_key_pair,
DownloadKeysCallback callback) { DownloadKeysCallback callback) {
auto request = std::make_unique<TrustedVaultRequest>( auto request = std::make_unique<TrustedVaultRequest>(
...@@ -144,12 +140,12 @@ TrustedVaultConnectionImpl::DownloadKeys( ...@@ -144,12 +140,12 @@ TrustedVaultConnectionImpl::DownloadKeys(
request->FetchAccessTokenAndSendRequest( request->FetchAccessTokenAndSendRequest(
account_info.account_id, GetOrCreateURLLoaderFactory(), account_info.account_id, GetOrCreateURLLoaderFactory(),
access_token_fetcher_.get(), access_token_fetcher_.get(),
base::BindOnce(ProcessDownloadKeysResponse, base::BindOnce(
/*response_processor=*/ ProcessDownloadKeysResponse,
std::make_unique<DownloadKeysResponseHandler>( /*response_processor=*/
last_trusted_vault_key, last_trusted_vault_key_version, std::make_unique<DownloadKeysResponseHandler>(
std::move(device_key_pair)), last_trusted_vault_key_and_version, std::move(device_key_pair)),
std::move(callback))); std::move(callback)));
return request; return request;
} }
......
components/sync/trusted_vault/trusted_vault_connection_impl.h
View file @ 992a6952
...@@ -38,15 +38,13 @@ class TrustedVaultConnectionImpl : public TrustedVaultConnection { ...@@ -38,15 +38,13 @@ class TrustedVaultConnectionImpl : public TrustedVaultConnection {
std::unique_ptr<Request> RegisterAuthenticationFactor( std::unique_ptr<Request> RegisterAuthenticationFactor(
const CoreAccountInfo& account_info, const CoreAccountInfo& account_info,
const std::vector<uint8_t>& last_trusted_vault_key, const TrustedVaultKeyAndVersion& last_trusted_vault_key_and_version,
int last_trusted_vault_key_version,
const SecureBoxPublicKey& authentication_factor_public_key, const SecureBoxPublicKey& authentication_factor_public_key,
RegisterAuthenticationFactorCallback callback) override; RegisterAuthenticationFactorCallback callback) override;
std::unique_ptr<Request> DownloadKeys( std::unique_ptr<Request> DownloadKeys(
const CoreAccountInfo& account_info, const CoreAccountInfo& account_info,
const std::vector<uint8_t>& last_trusted_vault_key, const TrustedVaultKeyAndVersion& last_trusted_vault_key_and_version,
int last_trusted_vault_key_version,
std::unique_ptr<SecureBoxKeyPair> device_key_pair, std::unique_ptr<SecureBoxKeyPair> device_key_pair,
DownloadKeysCallback callback) override; DownloadKeysCallback callback) override;
......
components/sync/trusted_vault/trusted_vault_connection_impl_unittest.cc
View file @ 992a6952
...@@ -144,7 +144,8 @@ TEST_F(TrustedVaultConnectionImplTest, ShouldSendJoinSecurityDomainsRequest) { ...@@ -144,7 +144,8 @@ TEST_F(TrustedVaultConnectionImplTest, ShouldSendJoinSecurityDomainsRequest) {
std::unique_ptr<TrustedVaultConnection::Request> request = std::unique_ptr<TrustedVaultConnection::Request> request =
connection()->RegisterAuthenticationFactor( connection()->RegisterAuthenticationFactor(
/*account_info=*/CoreAccountInfo(), kTrustedVaultKey, kLastKeyVersion, /*account_info=*/CoreAccountInfo(),
TrustedVaultKeyAndVersion(kTrustedVaultKey, kLastKeyVersion),
key_pair->public_key(), key_pair->public_key(),
TrustedVaultConnection::RegisterAuthenticationFactorCallback()); TrustedVaultConnection::RegisterAuthenticationFactorCallback());
EXPECT_THAT(request, NotNull()); EXPECT_THAT(request, NotNull());
...@@ -204,9 +205,9 @@ TEST_F(TrustedVaultConnectionImplTest, ...@@ -204,9 +205,9 @@ TEST_F(TrustedVaultConnectionImplTest,
std::unique_ptr<TrustedVaultConnection::Request> request = std::unique_ptr<TrustedVaultConnection::Request> request =
connection()->RegisterAuthenticationFactor( connection()->RegisterAuthenticationFactor(
/*account_info=*/CoreAccountInfo(), kTrustedVaultKey, /*account_info=*/CoreAccountInfo(),
/*last_trusted_vault_key_version=*/1, key_pair->public_key(), TrustedVaultKeyAndVersion(kTrustedVaultKey, /*version=*/1),
callback.Get()); key_pair->public_key(), callback.Get());
ASSERT_THAT(request, NotNull()); ASSERT_THAT(request, NotNull());
EXPECT_CALL(callback, Run(Eq(TrustedVaultRequestStatus::kSuccess))); EXPECT_CALL(callback, Run(Eq(TrustedVaultRequestStatus::kSuccess)));
...@@ -224,9 +225,9 @@ TEST_F(TrustedVaultConnectionImplTest, ...@@ -224,9 +225,9 @@ TEST_F(TrustedVaultConnectionImplTest,
std::unique_ptr<TrustedVaultConnection::Request> request = std::unique_ptr<TrustedVaultConnection::Request> request =
connection()->RegisterAuthenticationFactor( connection()->RegisterAuthenticationFactor(
/*account_info=*/CoreAccountInfo(), kTrustedVaultKey, /*account_info=*/CoreAccountInfo(),
/*last_trusted_vault_key_version=*/1, key_pair->public_key(), TrustedVaultKeyAndVersion(kTrustedVaultKey, /*version=*/1),
callback.Get()); key_pair->public_key(), callback.Get());
ASSERT_THAT(request, NotNull()); ASSERT_THAT(request, NotNull());
EXPECT_CALL(callback, Run(Eq(TrustedVaultRequestStatus::kOtherError))); EXPECT_CALL(callback, Run(Eq(TrustedVaultRequestStatus::kOtherError)));
...@@ -245,13 +246,13 @@ TEST_F(TrustedVaultConnectionImplTest, ...@@ -245,13 +246,13 @@ TEST_F(TrustedVaultConnectionImplTest,
std::unique_ptr<TrustedVaultConnection::Request> request = std::unique_ptr<TrustedVaultConnection::Request> request =
connection()->RegisterAuthenticationFactor( connection()->RegisterAuthenticationFactor(
/*account_info=*/CoreAccountInfo(), kTrustedVaultKey, /*account_info=*/CoreAccountInfo(),
/*last_trusted_vault_key_version=*/1, key_pair->public_key(), TrustedVaultKeyAndVersion(kTrustedVaultKey, /*version=*/1),
callback.Get()); key_pair->public_key(), callback.Get());
ASSERT_THAT(request, NotNull()); ASSERT_THAT(request, NotNull());
// In particular, HTTP_BAD_REQUEST indicates that // In particular, HTTP_BAD_REQUEST indicates that
// |last_trusted_vault_key_version| is not actually the last on the server // |last_trusted_vault_key_and_version| is not actually the last on the server
// side. // side.
EXPECT_CALL(callback, Run(Eq(TrustedVaultRequestStatus::kLocalDataObsolete))); EXPECT_CALL(callback, Run(Eq(TrustedVaultRequestStatus::kLocalDataObsolete)));
EXPECT_TRUE(RespondToJoinSecurityDomainsRequest(net::HTTP_BAD_REQUEST)); EXPECT_TRUE(RespondToJoinSecurityDomainsRequest(net::HTTP_BAD_REQUEST));
...@@ -276,9 +277,9 @@ TEST_F( ...@@ -276,9 +277,9 @@ TEST_F(
EXPECT_CALL(callback, Run(Eq(TrustedVaultRequestStatus::kOtherError))); EXPECT_CALL(callback, Run(Eq(TrustedVaultRequestStatus::kOtherError)));
std::unique_ptr<TrustedVaultConnection::Request> request = std::unique_ptr<TrustedVaultConnection::Request> request =
connection->RegisterAuthenticationFactor( connection->RegisterAuthenticationFactor(
/*account_info=*/CoreAccountInfo(), kTrustedVaultKey, /*account_info=*/CoreAccountInfo(),
/*last_trusted_vault_key_version=*/1, key_pair->public_key(), TrustedVaultKeyAndVersion(kTrustedVaultKey, /*version=*/1),
callback.Get()); key_pair->public_key(), callback.Get());
ASSERT_THAT(request, NotNull()); ASSERT_THAT(request, NotNull());
// No requests should be sent to the network. // No requests should be sent to the network.
...@@ -295,9 +296,9 @@ TEST_F(TrustedVaultConnectionImplTest, ShouldCancelJoinSecurityDomainsRequest) { ...@@ -295,9 +296,9 @@ TEST_F(TrustedVaultConnectionImplTest, ShouldCancelJoinSecurityDomainsRequest) {
std::unique_ptr<TrustedVaultConnection::Request> request = std::unique_ptr<TrustedVaultConnection::Request> request =
connection()->RegisterAuthenticationFactor( connection()->RegisterAuthenticationFactor(
/*account_info=*/CoreAccountInfo(), kTrustedVaultKey, /*account_info=*/CoreAccountInfo(),
/*last_trusted_vault_key_version=*/1, key_pair->public_key(), TrustedVaultKeyAndVersion(kTrustedVaultKey, /*version=*/1),
callback.Get()); key_pair->public_key(), callback.Get());
ASSERT_THAT(request, NotNull()); ASSERT_THAT(request, NotNull());
EXPECT_CALL(callback, Run).Times(0); EXPECT_CALL(callback, Run).Times(0);
...@@ -311,8 +312,8 @@ TEST_F(TrustedVaultConnectionImplTest, ShouldSendListSecurityDomainsRequest) { ...@@ -311,8 +312,8 @@ TEST_F(TrustedVaultConnectionImplTest, ShouldSendListSecurityDomainsRequest) {
std::unique_ptr<TrustedVaultConnection::Request> request = std::unique_ptr<TrustedVaultConnection::Request> request =
connection()->DownloadKeys( connection()->DownloadKeys(
/*account_info=*/CoreAccountInfo(), /*account_info=*/CoreAccountInfo(),
/*last_trusted_vault_key=*/std::vector<uint8_t>(), TrustedVaultKeyAndVersion(/*key=*/std::vector<uint8_t>(),
/*last_trusted_vault_key_version=*/0, /*version=*/0),
/*device_key_pair=*/MakeTestKeyPair(), base::DoNothing()); /*device_key_pair=*/MakeTestKeyPair(), base::DoNothing());
EXPECT_THAT(request, NotNull()); EXPECT_THAT(request, NotNull());
...@@ -336,8 +337,8 @@ TEST_F(TrustedVaultConnectionImplTest, ...@@ -336,8 +337,8 @@ TEST_F(TrustedVaultConnectionImplTest,
std::unique_ptr<TrustedVaultConnection::Request> request = std::unique_ptr<TrustedVaultConnection::Request> request =
connection()->DownloadKeys( connection()->DownloadKeys(
/*account_info=*/CoreAccountInfo(), /*account_info=*/CoreAccountInfo(),
/*last_trusted_vault_key=*/std::vector<uint8_t>(), TrustedVaultKeyAndVersion(/*key=*/std::vector<uint8_t>(),
/*last_trusted_vault_key_version=*/0, /*version=*/0),
/*device_key_pair=*/MakeTestKeyPair(), callback.Get()); /*device_key_pair=*/MakeTestKeyPair(), callback.Get());
ASSERT_THAT(request, NotNull()); ASSERT_THAT(request, NotNull());
...@@ -360,8 +361,9 @@ TEST_F(TrustedVaultConnectionImplTest, ...@@ -360,8 +361,9 @@ TEST_F(TrustedVaultConnectionImplTest,
std::unique_ptr<TrustedVaultConnection::Request> request = std::unique_ptr<TrustedVaultConnection::Request> request =
connection->DownloadKeys( connection->DownloadKeys(
/*account_info=*/CoreAccountInfo(), /*account_info=*/CoreAccountInfo(),
/*last_trusted_vault_key=*/std::vector<uint8_t>(), TrustedVaultKeyAndVersion(
/*last_trusted_vault_key_version=*/0, /*key=*/std::vector<uint8_t>(),
/*version=*/0),
/*device_key_pair=*/MakeTestKeyPair(), callback.Get()); /*device_key_pair=*/MakeTestKeyPair(), callback.Get());
ASSERT_THAT(request, NotNull()); ASSERT_THAT(request, NotNull());
...@@ -375,8 +377,9 @@ TEST_F(TrustedVaultConnectionImplTest, ShouldCancelListSecurityDomainsRequest) { ...@@ -375,8 +377,9 @@ TEST_F(TrustedVaultConnectionImplTest, ShouldCancelListSecurityDomainsRequest) {
std::unique_ptr<TrustedVaultConnection::Request> request = std::unique_ptr<TrustedVaultConnection::Request> request =
connection()->DownloadKeys( connection()->DownloadKeys(
/*account_info=*/CoreAccountInfo(), /*account_info=*/CoreAccountInfo(),
/*last_trusted_vault_key=*/std::vector<uint8_t>(), TrustedVaultKeyAndVersion(
/*last_trusted_vault_key_version=*/0, /*key=*/std::vector<uint8_t>(),
/*version=*/0),
/*device_key_pair=*/MakeTestKeyPair(), callback.Get()); /*device_key_pair=*/MakeTestKeyPair(), callback.Get());
ASSERT_THAT(request, NotNull()); ASSERT_THAT(request, NotNull());
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment