1 // Copyright 2020 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef SERVICES_NETWORK_TRUST_TOKENS_TRUST_TOKEN_KEY_COMMITMENTS_H_ 6 #define SERVICES_NETWORK_TRUST_TOKENS_TRUST_TOKEN_KEY_COMMITMENTS_H_ 7 8 #include <map> 9 #include <memory> 10 11 #include "base/callback.h" 12 #include "base/containers/flat_map.h" 13 #include "services/network/public/mojom/trust_tokens.mojom.h" 14 #include "services/network/trust_tokens/suitable_trust_token_origin.h" 15 #include "services/network/trust_tokens/trust_token_key_commitment_getter.h" 16 17 namespace network { 18 19 // Class TrustTokenKeyCommitments is a singleton owned by NetworkService; it 20 // stores all known information about issuers' Trust Tokens key state. This 21 // state is provided through offline updates via |Set|. 22 class TrustTokenKeyCommitments 23 : public TrustTokenKeyCommitmentGetter, 24 public SynchronousTrustTokenKeyCommitmentGetter { 25 public: 26 TrustTokenKeyCommitments(); 27 ~TrustTokenKeyCommitments() override; 28 29 TrustTokenKeyCommitments(const TrustTokenKeyCommitments&) = delete; 30 TrustTokenKeyCommitments& operator=(const TrustTokenKeyCommitments&) = delete; 31 32 // Overwrites the current issuers-to-commitments map with the values in |map|, 33 // ignoring those issuer origins which are not suitable Trust Tokens origins 34 // (in the sense of SuitableTrustTokenOrigin). 35 void Set( 36 base::flat_map<url::Origin, mojom::TrustTokenKeyCommitmentResultPtr> map); 37 38 // Overwrites the current issuers-to-commitments map with the values in 39 // |raw_commitments|, which should be the JSON-encoded string representation 40 // of a collection of issuers' key commitments according to the format 41 // specified, for now, in the Trust Tokens design doc: 42 // https://docs.google.com/document/d/1TNnya6B8pyomDK2F1R9CL3dY10OAmqWlnCxsWyOBDVQ/edit#heading=h.z52drgpfgulz. 43 void ParseAndSet(base::StringPiece raw_commitments); 44 45 // TrustTokenKeyCommitmentGetter implementation: 46 // 47 // If |origin| is a suitable Trust Tokens origin (in the sense of 48 // SuitableTrustTokenOrigin), searches for a key commitment result 49 // corresponding to |origin|. 50 // 51 // If |origin| is not suitable, or if no commitment result is found, returns 52 // nullptr. Otherwise, returns the key commitment result stored for |origin|, 53 // with its verification keys filtered to contain at most the maximum number 54 // of keys allowed for the protocol version, none of which has yet expired. 55 // 56 // If commitments for |origin| were passed both through a prior call to |Set| 57 // and through the --additional-trust-token-key-commitments command-line 58 // switch, the commitments passed through the switch take precedence. 59 // 60 // Implementation note: this is a thin wrapper around GetSync. 61 void Get(const url::Origin& origin, 62 base::OnceCallback<void(mojom::TrustTokenKeyCommitmentResultPtr)> 63 done) const override; 64 65 // SynchronousTrustTokenKeyCommitmentResultGetter implementation: 66 // 67 // Implementation note: This is where the guts of |Get| live. 68 mojom::TrustTokenKeyCommitmentResultPtr GetSync( 69 const url::Origin& origin) const override; 70 71 private: 72 base::flat_map<SuitableTrustTokenOrigin, 73 mojom::TrustTokenKeyCommitmentResultPtr> 74 commitments_; 75 76 // Additional commitments provided (for manual experimentation or testing) 77 // through the command-line switch. 78 const base::flat_map<SuitableTrustTokenOrigin, 79 mojom::TrustTokenKeyCommitmentResultPtr> 80 additional_commitments_from_command_line_; 81 }; 82 83 } // namespace network 84 85 #endif // SERVICES_NETWORK_TRUST_TOKENS_TRUST_TOKEN_KEY_COMMITMENTS_H_ 86