Trust Tokens: Define a //content/public interface for local issuance

This CL defines an interface with which //content embedders can satisfy
requests for "local" issuance of trust tokens
(https://github.com/wicg/trust-token-api), which are normally obtained
by querying a token issuer's HTTP server but may in some instances be
able to be provided by on-device entities, like system services or other
trusted applications.

Like the comment in trust_tokens.mojom discusses, we're adding this to
//content/public because the implementations will likely, at least in
part, vary by operating system and by specific browser brand or app.

Design doc for one implementation: http://go/clank-device-integrity
(internal only, sorry).

Fixed: 1130276
Change-Id: I577050aaae103288576e04e9f75330a16bce718b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2493520
Commit-Queue: David Van Cleve <davidvc@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Nate Fischer <ntfschr@chromium.org>
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#820529}

content/public/android/BUILD.gn

@@ -80,6 +80,7 @@ android_library("content_java") {
     "//base:jni_java",
     "//components/download/public/common:public_java",
     "//components/payments/mojom:mojom_java",
+    "//content/public/common:trust_tokens_mojo_bindings_java",
     "//device/bluetooth:java",
     "//device/gamepad:java",
     "//media/base/android:media_java",
@@ -324,6 +325,7 @@ android_library("content_java") {
     "java/src/org/chromium/content_public/browser/WebContentsInternals.java",
     "java/src/org/chromium/content_public/browser/WebContentsObserver.java",
     "java/src/org/chromium/content_public/browser/WebContentsStatics.java",
+    "java/src/org/chromium/content_public/browser/trusttokens/TrustTokenFulfillerManager.java",
     "java/src/org/chromium/content_public/common/ContentProcessInfo.java",
     "java/src/org/chromium/content_public/common/ContentUrlConstants.java",
     "java/src/org/chromium/content_public/common/Referrer.java",

content/public/android/java/src/org/chromium/content/browser/InterfaceRegistrarImpl.java

@@ -9,9 +9,11 @@ import org.chromium.base.annotations.JNINamespace;
 import org.chromium.blink.mojom.AndroidFontLookup;
 import org.chromium.content.browser.androidoverlay.AndroidOverlayProviderImpl;
 import org.chromium.content.browser.font.AndroidFontLookupImpl;
+import org.chromium.content.mojom.LocalTrustTokenFulfiller;
 import org.chromium.content_public.browser.InterfaceRegistrar;
 import org.chromium.content_public.browser.RenderFrameHost;
 import org.chromium.content_public.browser.WebContents;
+import org.chromium.content_public.browser.trusttokens.TrustTokenFulfillerManager;
 import org.chromium.media.mojom.AndroidOverlayProvider;
 import org.chromium.mojo.system.impl.CoreImpl;
 import org.chromium.services.service_manager.InterfaceRegistry;
@@ -61,6 +63,8 @@ class InterfaceRegistrarImpl {
                     AndroidOverlayProvider.MANAGER, new AndroidOverlayProviderImpl.Factory());
             // TODO(avayvod): Register the PresentationService implementation here.
             registry.addInterface(AndroidFontLookup.MANAGER, new AndroidFontLookupImpl.Factory());
+            registry.addInterface(
+                    LocalTrustTokenFulfiller.MANAGER, () -> TrustTokenFulfillerManager.create());
         }
     }
 }

content/public/android/java/src/org/chromium/content_public/browser/trusttokens/TrustTokenFulfillerManager.java

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+package org.chromium.content_public.browser.trusttokens;
+
+import org.chromium.content.mojom.LocalTrustTokenFulfiller;
+
+/**
+ * TrustTokenFulfillerManager is a static utility class that allows embedders to plug in
+ * implementations of LocalTrustTokenFulfiller to accommodate the fact that they might
+ * use different mechanisms for executing Trust Tokens operations locally.
+ */
+public class TrustTokenFulfillerManager {
+    /**
+     * Clients provide their implementations of LocalTrustTokenFulfiller by subclassing Factory.
+     */
+    public interface Factory {
+        LocalTrustTokenFulfiller create();
+    }
+
+    /**
+     * Returns a Trust Tokens operation fulfiller, or null if:
+     * <ul>
+     *   <li> the embedder hasn't provided a way of constructing a fulfiller, or
+     *   <li> the embedder indicated some kind of failure when constructing the fulfiller.
+     */
+    public static LocalTrustTokenFulfiller create() {
+        if (sFactory == null) return null;
+        return sFactory.create();
+    }
+
+    private static Factory sFactory;
+
+    public static void setFactory(Factory factory) {
+        sFactory = factory;
+    }
+}

content/public/common/BUILD.gn

@@ -197,6 +197,7 @@ source_set("common_sources") {
     ":interfaces",
     ":renderer_type",
     ":service_names",
+    ":trust_tokens_mojo_bindings",
     "//content/common",
     "//content/public/common/zygote:buildflags",
     "//ipc",
@@ -389,6 +390,19 @@ mojom("interfaces") {
   ]
 }
 
+mojom("trust_tokens_mojo_bindings") {
+  generate_java = true
+  sources = [ "trust_tokens.mojom" ]
+  public_deps = [
+    "//services/network/public/mojom",
+
+    # Generating Java code requires that we depend directly, not transitively,
+    # on this target, because it contains symbols needed by the generated Java
+    # classes.
+    "//services/network/public/mojom:url_loader_base",
+  ]
+}
+
 mojom("renderer_type") {
   sources = [ "media_playback_renderer_type.mojom" ]
 }

content/public/common/DEPS

 include_rules = [
   "+services/device/public/mojom",
   "+services/network/public/cpp/constants.h",
+  "+services/network/public/mojom",
   "+services/network/network_service.h",
   "+services/network/public/cpp",
 ]

content/public/common/trust_tokens.mojom

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+module content.mojom;
+
+import "services/network/public/mojom/trust_tokens.mojom";
+
+// LocalTrustTokenFulfiller provides responses to Trust Tokens
+// (https://github.com/wicg/trust-token-api) operations mediated by the OS,
+// e.g. on platforms where some system service provides a capability of
+// executing Trust Tokens operations against certain issuers that have
+// presences on the device.
+//
+// This is a //content/public/common API because the expectation is that it
+// will be called from //content C++ code and implemented by different
+// embedders' higher-layer code on (eventually) multiple operating systems.
+interface LocalTrustTokenFulfiller {
+  // At a high level, the request and response have "the same" semantics as
+  // Trust Tokens-over-HTTP request and response messages. The request and
+  // response structs' definitions contain documentation of the semantics of
+  // each field.
+  FulfillTrustTokenIssuance(
+    network.mojom.FulfillTrustTokenIssuanceRequest request)
+    => (network.mojom.FulfillTrustTokenIssuanceAnswer answer);
+};