blob: 409117f8d8864f7fc587c33924192e624e3654a0 [file] [log] [blame]
// Copyright 2024 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef NET_DEVICE_BOUND_SESSIONS_REGISTRATION_FETCHER_H_
#define NET_DEVICE_BOUND_SESSIONS_REGISTRATION_FETCHER_H_
#include <optional>
#include <string>
#include "base/functional/callback_forward.h"
#include "components/unexportable_keys/unexportable_key_service.h"
#include "net/base/isolation_info.h"
#include "net/base/net_errors.h"
#include "net/base/net_export.h"
#include "net/device_bound_sessions/registration_fetcher_param.h"
#include "net/device_bound_sessions/session_params.h"
#include "net/http/http_response_headers.h"
#include "net/log/net_log_source.h"
#include "url/gurl.h"
namespace net {
class URLRequestContext;
}
namespace unexportable_keys {
class UnexportableKeyService;
}
namespace net::device_bound_sessions {
class RegistrationRequestParam;
// This class creates a new unexportable key, creates a registration JWT and
// signs it with the new key, and makes the network request to the DBSC
// registration endpoint with this signed JWT to get the registration
// instructions.
class NET_EXPORT RegistrationFetcher {
public:
struct NET_EXPORT RegistrationCompleteParams {
RegistrationCompleteParams(ParsedSessionParams params,
unexportable_keys::UnexportableKeyId key_id,
const GURL& url);
RegistrationCompleteParams(RegistrationCompleteParams&& other) noexcept;
RegistrationCompleteParams& operator=(
RegistrationCompleteParams&& other) noexcept;
~RegistrationCompleteParams();
ParsedSessionParams params;
unexportable_keys::UnexportableKeyId key_id;
GURL url;
};
// Returning std::nullopt indicates that the fetch failed.
using RegistrationCompleteCallback =
base::OnceCallback<void(std::optional<RegistrationCompleteParams>)>;
using FetcherType = std::optional<RegistrationCompleteParams> (*)();
// TODO(kristianm): Add more parameters when the returned JSON is parsed.
struct NET_EXPORT RegistrationTokenResult {
std::string registration_token;
unexportable_keys::UnexportableKeyId key_id;
};
// Creates an unexportable key from the key service, creates a registration
// JWT and signs it with the new key. Starts the network request to the DBSC
// registration endpoint with the signed JWT in the header. `callback`
// is called with the fetch results upon completion.
// This can fail during key creation, signing and during the network request,
// and if so it the callback with be called with a std::nullopt.
static void StartCreateTokenAndFetch(
RegistrationFetcherParam registration_params,
unexportable_keys::UnexportableKeyService& key_service,
const URLRequestContext* context,
const IsolationInfo& isolation_info,
std::optional<NetLogSource> net_log_source,
RegistrationCompleteCallback callback);
// Starts the network request to the DBSC refresh endpoint with existing key
// id. `callback` is called with the fetch results upon completion. This can
// fail during signing and during the network request, and if so the callback
// will be called with a std::nullopt.
static void StartFetchWithExistingKey(
RegistrationRequestParam request_params,
unexportable_keys::UnexportableKeyService& key_service,
const URLRequestContext* context,
const IsolationInfo& isolation_info,
std::optional<net::NetLogSource> net_log_source,
RegistrationCompleteCallback callback,
unexportable_keys::ServiceErrorOr<unexportable_keys::UnexportableKeyId>
key_id);
// Helper function for generating a new binding key and a registration token
// to bind the key on the server. unexportable_key_service must outlive the
// callback result
static void CreateTokenAsyncForTesting(
unexportable_keys::UnexportableKeyService& unexportable_key_service,
std::string challenge,
const GURL& registration_url,
std::optional<std::string> authorization,
base::OnceCallback<
void(std::optional<RegistrationFetcher::RegistrationTokenResult>)>
callback);
static void SetFetcherForTesting(FetcherType);
};
} // namespace net::device_bound_sessions
#endif // NET_DEVICE_BOUND_SESSIONS_REGISTRATION_FETCHER_H_