// Copyright 2015 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/351564777): Remove this and convert code to safer constructs. #pragma allow_unsafe_buffers #endif #include "third_party/blink/public/common/origin_trials/trial_token.h" #include <memory> #include <optional> #include <string_view> #include "base/base64.h" #include "base/json/json_reader.h" #include "base/logging.h" #include "base/memory/ptr_util.h" #include "base/numerics/byte_conversions.h" #include "base/strings/strcat.h" #include "base/time/time.h" #include "base/values.h" #include "third_party/blink/public/common/origin_trials/origin_trials.h" #include "third_party/boringssl/src/include/openssl/curve25519.h" #include "url/gurl.h" #include "url/origin.h" namespace blink { namespace { // Token payloads can be at most 4KB in size, as a guard against trying to parse // excessively large tokens (see crbug.com/802377). The origin is the only part // of the payload that is user-supplied. The 4KB payload limit allows for the // origin to be ~3900 chars. In some cases, 2KB is suggested as the practical // limit for URLs, e.g.: // https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers // This means tokens can contain origins that are nearly twice as long as any // expected to be seen in the wild. const size_t kMaxPayloadSize = …; // Encoded tokens can be at most 6KB in size. Based on the 4KB payload limit, // this allows for the payload, signature, and other format bits, plus the // Base64 encoding overhead (~4/3 of the input). const size_t kMaxTokenSize = …; // Version is a 1-byte field at offset 0. const size_t kVersionOffset = …; const size_t kVersionSize = …; // These constants define the Version 2 field sizes and offsets. const size_t kSignatureOffset = …; const size_t kSignatureSize = …; const size_t kPayloadLengthOffset = …; const size_t kPayloadLengthSize = …; const size_t kPayloadOffset = …; // Version 3 introduced support to match tokens against third party origins (see // design doc // https://docs.google.com/document/d/1xALH9W7rWmX0FpjudhDeS2TNTEOXuPn4Tlc9VmuPdHA // for more details). const uint8_t kVersion3 = …; // Version 2 is also currently supported. Version 1 was // introduced in Chrome M50, and removed in M51. There were no experiments // enabled in the stable M50 release which would have used those tokens. const uint8_t kVersion2 = …; const char* kUsageSubset = …; } // namespace TrialToken::~TrialToken() = default; // static std::unique_ptr<TrialToken> TrialToken::From( std::string_view token_text, const OriginTrialPublicKey& public_key, OriginTrialTokenStatus* out_status) { … } OriginTrialTokenStatus TrialToken::IsValid(const url::Origin& origin, const base::Time& now) const { … } // static OriginTrialTokenStatus TrialToken::Extract( std::string_view token_text, const OriginTrialPublicKey& public_key, std::string* out_token_payload, std::string* out_token_signature, uint8_t* out_token_version) { … } // static std::unique_ptr<TrialToken> TrialToken::Parse(const std::string& token_payload, const uint8_t version) { … } bool TrialToken::ValidateOrigin(const url::Origin& origin) const { … } bool TrialToken::ValidateFeatureName(std::string_view feature_name) const { … } bool TrialToken::ValidateDate(const base::Time& now) const { … } // static bool TrialToken::ValidateSignature(std::string_view signature, const std::string& data, const OriginTrialPublicKey& public_key) { … } TrialToken::TrialToken(const url::Origin& origin, bool match_subdomains, const std::string& feature_name, base::Time expiry_time, bool is_third_party, UsageRestriction usage_restriction) : … { … } // static std::unique_ptr<TrialToken> TrialToken::CreateTrialTokenForTesting( const url::Origin& origin, bool match_subdomains, const std::string& feature_name, base::Time expiry_time, bool is_third_party, UsageRestriction usage_restriction, const std::string& signature) { … } } // namespace blink
Codebase Browser
chromium