services/network/trust_tokens/trust_token_key_commitments.h - chromium/src.git - Git at Google

 // Copyright 2020 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef SERVICES_NETWORK_TRUST_TOKENS_TRUST_TOKEN_KEY_COMMITMENTS_H_
 #define SERVICES_NETWORK_TRUST_TOKENS_TRUST_TOKEN_KEY_COMMITMENTS_H_

 #include <map>
 #include <memory>

 #include "base/callback.h"
 #include "base/containers/flat_map.h"
 #include "services/network/public/mojom/trust_tokens.mojom.h"
 #include "services/network/trust_tokens/suitable_trust_token_origin.h"
 #include "services/network/trust_tokens/trust_token_key_commitment_getter.h"

 namespace network {

 // Class TrustTokenKeyCommitments is a singleton owned by NetworkService; it
 // stores all known information about issuers' Trust Tokens key state. This
 // state is provided through offline updates via |Set|.
 class TrustTokenKeyCommitments
     : public TrustTokenKeyCommitmentGetter,
       public SynchronousTrustTokenKeyCommitmentGetter {
  public:
   TrustTokenKeyCommitments();
   ~TrustTokenKeyCommitments() override;

   TrustTokenKeyCommitments(const TrustTokenKeyCommitments&) = delete;
   TrustTokenKeyCommitments& operator=(const TrustTokenKeyCommitments&) = delete;

   // Overwrites the current issuers-to-commitments map with the values in |map|,
   // ignoring those issuer origins which are not suitable Trust Tokens origins
   // (in the sense of SuitableTrustTokenOrigin).
   void Set(
       base::flat_map<url::Origin, mojom::TrustTokenKeyCommitmentResultPtr> map);

   // Overwrites the current issuers-to-commitments map with the values in
   // |raw_commitments|, which should be the JSON-encoded string representation
   // of a collection of issuers' key commitments according to the format
   // specified, for now, in the Trust Tokens design doc:
   // https://docs.google.com/document/d/1TNnya6B8pyomDK2F1R9CL3dY10OAmqWlnCxsWyOBDVQ/edit#heading=h.z52drgpfgulz.
   void ParseAndSet(base::StringPiece raw_commitments);

   // TrustTokenKeyCommitmentGetter implementation:
   //
   // If |origin| is a suitable Trust Tokens origin (in the sense of
   // SuitableTrustTokenOrigin), searches for a key commitment result
   // corresponding to |origin|.
   //
   // If |origin| is not suitable, or if no commitment result is found, returns
   // nullptr. Otherwise, returns the key commitment result stored for |origin|,
   // with its verification keys filtered to contain at most
   // |kMaximumConcurrentlyValidTrustTokenVerificationKeys| keys, none of
   // which has yet expired.
   //
   // If commitments for |origin| were passed both through a prior call to |Set|
   // and through the --additional-trust-token-key-commitments command-line
   // switch, the commitments passed through the switch take precedence.
   //
   // Implementation note: this is a thin wrapper around GetSync.
   void Get(const url::Origin& origin,
            base::OnceCallback<void(mojom::TrustTokenKeyCommitmentResultPtr)>
                done) const override;

   // SynchronousTrustTokenKeyCommitmentResultGetter implementation:
   //
   // Implementation note: This is where the guts of |Get| live.
   mojom::TrustTokenKeyCommitmentResultPtr GetSync(
       const url::Origin& origin) const override;

  private:
   base::flat_map<SuitableTrustTokenOrigin,
                  mojom::TrustTokenKeyCommitmentResultPtr>
       commitments_;

   // Additional commitments provided (for manual experimentation or testing)
   // through the command-line switch.
   const base::flat_map<SuitableTrustTokenOrigin,
                        mojom::TrustTokenKeyCommitmentResultPtr>
       additional_commitments_from_command_line_;
 };

 }  // namespace network

 #endif  // SERVICES_NETWORK_TRUST_TOKENS_TRUST_TOKEN_KEY_COMMITMENTS_H_
	// Copyright 2020 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef SERVICES_NETWORK_TRUST_TOKENS_TRUST_TOKEN_KEY_COMMITMENTS_H_
	#define SERVICES_NETWORK_TRUST_TOKENS_TRUST_TOKEN_KEY_COMMITMENTS_H_

	#include <map>
	#include <memory>

	#include "base/callback.h"
	#include "base/containers/flat_map.h"
	#include "services/network/public/mojom/trust_tokens.mojom.h"
	#include "services/network/trust_tokens/suitable_trust_token_origin.h"
	#include "services/network/trust_tokens/trust_token_key_commitment_getter.h"

	namespace network {

	// Class TrustTokenKeyCommitments is a singleton owned by NetworkService; it
	// stores all known information about issuers' Trust Tokens key state. This
	// state is provided through offline updates via \|Set\|.
	class TrustTokenKeyCommitments
	: public TrustTokenKeyCommitmentGetter,
	public SynchronousTrustTokenKeyCommitmentGetter {
	public:
	TrustTokenKeyCommitments();
	~TrustTokenKeyCommitments() override;

	TrustTokenKeyCommitments(const TrustTokenKeyCommitments&) = delete;
	TrustTokenKeyCommitments& operator=(const TrustTokenKeyCommitments&) = delete;

	// Overwrites the current issuers-to-commitments map with the values in \|map\|,
	// ignoring those issuer origins which are not suitable Trust Tokens origins
	// (in the sense of SuitableTrustTokenOrigin).
	void Set(
	base::flat_map<url::Origin, mojom::TrustTokenKeyCommitmentResultPtr> map);

	// Overwrites the current issuers-to-commitments map with the values in
	// \|raw_commitments\|, which should be the JSON-encoded string representation
	// of a collection of issuers' key commitments according to the format
	// specified, for now, in the Trust Tokens design doc:
	// https://docs.google.com/document/d/1TNnya6B8pyomDK2F1R9CL3dY10OAmqWlnCxsWyOBDVQ/edit#heading=h.z52drgpfgulz.
	void ParseAndSet(base::StringPiece raw_commitments);

	// TrustTokenKeyCommitmentGetter implementation:
	//
	// If \|origin\| is a suitable Trust Tokens origin (in the sense of
	// SuitableTrustTokenOrigin), searches for a key commitment result
	// corresponding to \|origin\|.
	//
	// If \|origin\| is not suitable, or if no commitment result is found, returns
	// nullptr. Otherwise, returns the key commitment result stored for \|origin\|,
	// with its verification keys filtered to contain at most
	// \|kMaximumConcurrentlyValidTrustTokenVerificationKeys\| keys, none of
	// which has yet expired.
	//
	// If commitments for \|origin\| were passed both through a prior call to \|Set\|
	// and through the --additional-trust-token-key-commitments command-line
	// switch, the commitments passed through the switch take precedence.
	//
	// Implementation note: this is a thin wrapper around GetSync.
	void Get(const url::Origin& origin,
	base::OnceCallback<void(mojom::TrustTokenKeyCommitmentResultPtr)>
	done) const override;

	// SynchronousTrustTokenKeyCommitmentResultGetter implementation:
	//
	// Implementation note: This is where the guts of \|Get\| live.
	mojom::TrustTokenKeyCommitmentResultPtr GetSync(
	const url::Origin& origin) const override;

	private:
	base::flat_map<SuitableTrustTokenOrigin,
	mojom::TrustTokenKeyCommitmentResultPtr>
	commitments_;

	// Additional commitments provided (for manual experimentation or testing)
	// through the command-line switch.
	const base::flat_map<SuitableTrustTokenOrigin,
	mojom::TrustTokenKeyCommitmentResultPtr>
	additional_commitments_from_command_line_;
	};

	} // namespace network

	#endif // SERVICES_NETWORK_TRUST_TOKENS_TRUST_TOKEN_KEY_COMMITMENTS_H_