| // Copyright 2014 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| // This file contains utilities related to working with "facets". |
| // |
| // A "facet" is defined as the manifestation of a logical application on a given |
| // platform. For example, "My Bank" may have released an Android application |
| // and a Web application accessible from a browser. These are all facets of the |
| // "My Bank" logical application. |
| // |
| // Facets that belong to the same logical application are said to be affiliated |
| // with each other. Conceptually, "affiliations" can be seen as an equivalence |
| // relation defined over the set of all facets. Each equivalence class contains |
| // facets that belong to the same logical application, and therefore should be |
| // treated as synonymous for certain purposes, e.g., sharing credentials. |
| // |
| // A valid facet identifier will be a URI of the form: |
| // |
| // * https://<host>[:<port>] |
| // |
| // For web sites. Only HTTPS sites are supported. The syntax corresponds to |
| // that of 'serialized-origin' in RFC 6454. That is, in canonical form, the |
| // URI must not contain components other than the scheme (required, must be |
| // "https"), host (required), and port (optional); with canonicalization |
| // performed the same way as it normally would be for standard URLs. |
| // |
| // * android://<certificate_hash>@<package_name> |
| // |
| // For Android applications. In canonical form, the URI must not contain |
| // components other than the scheme (must be "android"), username, and host |
| // (all required). The host part must be a valid Android package name, with |
| // no escaping, so it must be composed of characters [a-zA-Z0-9_.]. |
| // |
| // The username part must be the hash of the certificate used to sign the |
| // APK, base64-encoded using padding and the "URL and filename safe" base64 |
| // alphabet, with no further escaping. This is normally calculated as: |
| // |
| // echo -n -e "$PEM_KEY" | |
| // openssl x509 -outform DER | |
| // openssl sha -sha512 -binary | base64 | tr '+/' '-_' |
| // |
| |
| #ifndef COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_ANDROID_AFFILIATION_AFFILIATION_UTILS_H_ |
| #define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_ANDROID_AFFILIATION_AFFILIATION_UTILS_H_ |
| |
| #include <cstddef> |
| #include <iosfwd> |
| #include <string> |
| #include <vector> |
| |
| #include "base/check.h" |
| #include "base/strings/utf_string_conversions.h" |
| #include "base/time/time.h" |
| #include "url/gurl.h" |
| #include "url/third_party/mozilla/url_parse.h" |
| |
| namespace password_manager { |
| |
| // Encapsulates a facet URI in canonical form. |
| // |
| // This is a very light-weight wrapper around an std::string containing the text |
| // of the URI, and can be passed around as a value. The main rationale for the |
| // existence of this class is to make it clearer in the code when a certain URI |
| // is known to be a valid facet URI in canonical form, and to allow verifying |
| // and converting URIs to such canonical form. |
| // |
| // Note that it would be impractical to use GURL to represent facet URIs, as |
| // GURL has built-in logic to parse the rest of the URI according to its scheme, |
| // and obviously, it does not recognize the "android" scheme. Therefore, after |
| // parsing, everything ends up in the path component, which is not too helpful. |
| class FacetURI { |
| public: |
| FacetURI(); |
| |
| // As a light-weight std::string wrapper, allow copy and assign. |
| FacetURI(const FacetURI&) = default; |
| FacetURI& operator=(const FacetURI&) = default; |
| |
| // Constructs an instance to encapsulate the canonical form of |spec|. |
| // If |spec| is not a valid facet URI, then an invalid instance is returned, |
| // which then should be discarded. |
| static FacetURI FromPotentiallyInvalidSpec(const std::string& spec); |
| |
| // Constructs a valid FacetURI instance from a valid |canonical_spec|. |
| // Note: The passed-in URI is not verified at all. Use only when you are sure |
| // the URI is valid and in canonical form. |
| static FacetURI FromCanonicalSpec(const std::string& canonical_spec); |
| |
| // Comparison operators so that FacetURI can be used in std::equal. |
| bool operator==(const FacetURI& other) const; |
| bool operator!=(const FacetURI& other) const; |
| |
| // Relational operators so that FacetURI can be used in sorted containers. |
| bool operator<(const FacetURI& other) const; |
| bool operator>(const FacetURI& other) const; |
| |
| // Returns whether or not this instance represents a valid facet identifier |
| // referring to a Web application. |
| bool IsValidWebFacetURI() const; |
| |
| // Returns whether or not this instance represents a valid facet identifier |
| // referring to an Android application. |
| bool IsValidAndroidFacetURI() const; |
| |
| // Returns whether or not this instance represents a valid facet identifier |
| // referring to either a Web or an Android application. The empty identfier is |
| // not considered valid. |
| bool is_valid() const { return is_valid_; } |
| |
| // Returns whether or not this instance represents the empty facet identifier. |
| bool is_empty() const { return canonical_spec_.empty(); } |
| |
| // Returns the canonical scheme of the encapsulated facet URI, provided it is |
| // valid, or the empty string otherwise. |
| std::string scheme() const; |
| |
| // Returns the canonical package name that the encapsulated facet URI |
| // references, provided it is a valid Android facet URI, or the empty string |
| // otherwise. |
| std::string android_package_name() const; |
| |
| // Returns the text of the encapsulated canonical URI, which must be valid. |
| const std::string& canonical_spec() const { |
| DCHECK(is_valid_); |
| return canonical_spec_; |
| } |
| |
| // Returns the text of the encapsulated canonical URI, even if it is invalid. |
| const std::string& potentially_invalid_spec() const { |
| return canonical_spec_; |
| } |
| |
| private: |
| // Internal constructor to be used by the static factory methods. |
| FacetURI(const std::string& canonical_spec, bool is_valid); |
| |
| // Whether |canonical_spec_| contains a valid facet URI in canonical form. |
| bool is_valid_; |
| |
| // The text of the encapsulated canonical URI, valid if and only if |
| // |is_valid_| is true. |
| std::string canonical_spec_; |
| |
| // Identified components of the canonical spec. |
| url::Parsed parsed_; |
| }; |
| |
| // The branding information for a given facet. Corresponds to the |BrandingInfo| |
| // message in affiliation_api.proto. |
| struct FacetBrandingInfo { |
| // Human readable name of this facet, or empty if this information is not |
| // available. |
| // |
| // For example, this would be something like "Netflix" for the popular |
| // video-on-demand application corresponding to FacetURIs |
| // `android://...@com.netflix.mediaclient` and `https://netflix.com`. |
| std::string name; |
| |
| // URL of the icon of this facet, or empty if this information is not |
| // available. |
| // |
| // For example, this would be something like |
| // "https://lh3.googleusercontent.com/..." for the popular video-on-demand |
| // application corresponding to FacetURIs |
| // `android://...@com.netflix.mediaclient` and `https://netflix.com`. |
| GURL icon_url; |
| }; |
| |
| // Facet struct, corresponds to the |Facet| message in affiliation_api.proto. |
| struct Facet { |
| FacetURI uri; |
| FacetBrandingInfo branding_info; |
| GURL change_password_url; |
| }; |
| |
| // A collection of facets affiliated with each other, i.e. an equivalence class. |
| using AffiliatedFacets = std::vector<Facet>; |
| |
| // A collection of grouped facets. |
| using GroupedFacets = std::vector<Facet>; |
| |
| // A collection of facets affiliated with each other, i.e. an equivalence class, |
| // plus a timestamp that indicates the last time the data was updated from an |
| // authoritative source. |
| struct AffiliatedFacetsWithUpdateTime { |
| AffiliatedFacetsWithUpdateTime(); |
| AffiliatedFacetsWithUpdateTime(const AffiliatedFacetsWithUpdateTime& other); |
| AffiliatedFacetsWithUpdateTime(AffiliatedFacetsWithUpdateTime&& other); |
| AffiliatedFacetsWithUpdateTime& operator=( |
| const AffiliatedFacetsWithUpdateTime& other); |
| AffiliatedFacetsWithUpdateTime& operator=( |
| AffiliatedFacetsWithUpdateTime&& other); |
| ~AffiliatedFacetsWithUpdateTime(); |
| |
| AffiliatedFacets facets; |
| base::Time last_update_time; |
| }; |
| |
| // Returns whether or not equivalence classes |a| and |b| are equal, that is, |
| // whether or not they consist of the same set of facet URIs. Note that branding |
| // information is ignored for this check. |
| // |
| // Note that this will do some sorting, so it can be expensive for large inputs. |
| bool AreEquivalenceClassesEqual(const AffiliatedFacets& a, |
| const AffiliatedFacets& b); |
| |
| // A shorter way to spell FacetURI::IsValidAndroidFacetURI(). |
| bool IsValidAndroidFacetURI(const std::string& uri); |
| |
| // For logging use only. |
| std::ostream& operator<<(std::ostream& os, const FacetURI& facet_uri); |
| |
| // Needed for testing. |
| bool operator==(const FacetBrandingInfo& lhs, const FacetBrandingInfo& rhs); |
| bool operator!=(const FacetBrandingInfo& lhs, const FacetBrandingInfo& rhs); |
| |
| // Needed for testing. |
| bool operator==(const Facet& lhs, const Facet& rhs); |
| bool operator!=(const Facet& lhs, const Facet& rhs); |
| |
| struct FacetURIHash { |
| size_t operator()(const FacetURI& facet_uri) const { |
| return std::hash<std::string>()(facet_uri.potentially_invalid_spec()); |
| } |
| }; |
| |
| } // namespace password_manager |
| |
| #endif // COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_ANDROID_AFFILIATION_AFFILIATION_UTILS_H_ |