| // Copyright 2021 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef SERVICES_NETWORK_PRIVATE_NETWORK_ACCESS_CHECKER_H_ |
| #define SERVICES_NETWORK_PRIVATE_NETWORK_ACCESS_CHECKER_H_ |
| |
| #include <stdint.h> |
| |
| #include "base/component_export.h" |
| #include "base/memory/raw_ptr.h" |
| #include "services/network/public/cpp/cors/cors_error_status.h" |
| #include "services/network/public/cpp/private_network_access_check_result.h" |
| #include "services/network/public/mojom/client_security_state.mojom.h" |
| #include "services/network/public/mojom/ip_address_space.mojom-forward.h" |
| #include "services/network/public/mojom/network_context.mojom-forward.h" |
| #include "third_party/abseil-cpp/absl/types/optional.h" |
| |
| namespace net { |
| |
| struct TransportInfo; |
| |
| } // namespace net |
| |
| namespace network { |
| |
| struct ResourceRequest; |
| |
| // Applies Private Network Access checks to a single fetch / URL load. |
| // |
| // Manages state used for the "Private Network Access check" algorithm from |
| // the Private Network Access spec: |
| // https://wicg.github.io/private-network-access/#private-network-access-check |
| // |
| // Helper class for `URLLoader`. Should be instantiated once per `URLLoader`. |
| // |
| // Thread-compatible. |
| class COMPONENT_EXPORT(NETWORK_SERVICE) PrivateNetworkAccessChecker { |
| public: |
| // `resource_request` and `url_load_options` correspond to `URLLoader` |
| // constructor arguments. |
| // `factory_params` should point to the parameters used by the factory that |
| // built the owner `URLLoader`. Must not be nullptr and must outlive this |
| // instance. |
| PrivateNetworkAccessChecker( |
| const ResourceRequest& resource_request, |
| const mojom::URLLoaderFactoryParams* factory_params, |
| int32_t url_load_options); |
| |
| // Instances of this class are neither copyable nor movable. |
| PrivateNetworkAccessChecker(const PrivateNetworkAccessChecker&) = delete; |
| PrivateNetworkAccessChecker& operator=(const PrivateNetworkAccessChecker&) = |
| delete; |
| |
| ~PrivateNetworkAccessChecker(); |
| |
| // Checks whether the client should be allowed to use the given transport. |
| // |
| // Implements the following "Private Network Access check" algorithm: |
| // https://wicg.github.io/private-network-access/#private-network-access-check |
| PrivateNetworkAccessCheckResult Check( |
| const net::TransportInfo& transport_info); |
| |
| // Returns the IP address space derived from the `transport_info` argument |
| // passed to the last call to `Check()`, if any. |
| // |
| // Spec: |
| // https://wicg.github.io/private-network-access/#response-ip-address-space |
| absl::optional<mojom::IPAddressSpace> ResponseAddressSpace() const { |
| return response_address_space_; |
| } |
| |
| // The target IP address space applied to subsequent checks. |
| // |
| // Spec: |
| // https://wicg.github.io/private-network-access/#request-target-ip-address-space |
| mojom::IPAddressSpace TargetAddressSpace() const { |
| return target_address_space_; |
| } |
| |
| // Clears state from all checks this instance has performed. |
| // |
| // This instance will behave as if newly constructed once more. In addition, |
| // resets this instance's target IP address space to `kUnknown. |
| // |
| // This should be called upon following a redirect. |
| void ResetForRedirect(); |
| |
| // Returns the client security state that applies to the current request. |
| // May return nullptr. |
| // |
| // Contains relevant state derived from the fetch client's policy container. |
| const mojom::ClientSecurityState* client_security_state() const { |
| return client_security_state_.get(); |
| } |
| |
| // Returns an owned clone of `client_security_state()`. |
| mojom::ClientSecurityStatePtr CloneClientSecurityState() const; |
| |
| // Returns the IP address space in `client_security_state()`. |
| // Returns `kUnknown` if `client_security_state()` is nullptr. |
| mojom::IPAddressSpace ClientAddressSpace() const; |
| |
| private: |
| // Returns whether this instance has a client security state containing a |
| // policy set to `kPreflightWarn`. |
| bool IsPolicyPreflightWarn() const; |
| |
| // Helper for `Check()`. |
| PrivateNetworkAccessCheckResult CheckInternal( |
| mojom::IPAddressSpace resource_address_space); |
| |
| // The client security state copied from the request's trusted params. |
| // May be nullptr. |
| // |
| // Should not be used directly. Use `client_security_state_` instead, which |
| // points to the same struct iff this client security state should be used. |
| const mojom::ClientSecurityStatePtr request_client_security_state_; |
| |
| // The security state of the client of the fetch. May be nullptr. |
| const raw_ptr<const mojom::ClientSecurityState> client_security_state_; |
| |
| // Whether to block all requests to non-public IP address spaces, regardless |
| // of other considerations. Set based on URL load options. |
| const bool should_block_local_request_; |
| |
| // True iff |Check()| was called multiple times in between resets and the IP |
| // address space of the transport was not the same each time. |
| bool has_connected_to_mismatched_address_spaces_ = false; |
| |
| // The target IP address space set on the request. Ignored if `kUnknown`. |
| // |
| // Copied from `ResourceRequest::target_ip_address_space`. |
| // |
| // https://wicg.github.io/private-network-access/#request-target-ip-address-space |
| mojom::IPAddressSpace target_address_space_; |
| |
| // The IP address space derived from the `transport_info` argument passed to |
| // the last call to `Check()`. |
| // |
| // Set by `Check()`, reset by `ResetForRedirect()`. |
| absl::optional<mojom::IPAddressSpace> response_address_space_; |
| }; |
| |
| } // namespace network |
| |
| #endif // SERVICES_NETWORK_PRIVATE_NETWORK_ACCESS_CHECKER_H_ |