// Copyright 2022 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef CHROME_BROWSER_WEB_APPLICATIONS_ISOLATED_WEB_APPS_SIGNED_WEB_BUNDLE_READER_H_ #define CHROME_BROWSER_WEB_APPLICATIONS_ISOLATED_WEB_APPS_SIGNED_WEB_BUNDLE_READER_H_ #include <memory> #include <optional> #include <string> #include <vector> #include "base/containers/flat_set.h" #include "base/containers/unique_ptr_adapters.h" #include "base/files/file_path.h" #include "base/functional/callback_forward.h" #include "base/sequence_checker.h" #include "base/types/expected.h" #include "chrome/browser/web_applications/isolated_web_apps/error/unusable_swbn_file_error.h" #include "components/web_package/mojom/web_bundle_parser.mojom-forward.h" #include "components/web_package/signed_web_bundles/signed_web_bundle_id.h" #include "components/web_package/signed_web_bundles/signed_web_bundle_integrity_block.h" #include "components/web_package/signed_web_bundles/signed_web_bundle_signature_verifier.h" #include "mojo/public/cpp/system/data_pipe_producer.h" #include "net/base/net_errors.h" #include "services/data_decoder/public/cpp/safe_web_bundle_parser.h" #include "url/gurl.h" namespace network { struct ResourceRequest; } namespace mojo { class DataPipeProducer; } // namespace mojo namespace web_app { // This class is a reader for Signed Web Bundles. // // `Create` returns a new instance of this class. // // `ReadIntegrityBlock` starts the process to read the Signed Web Bundle's // integrity block and metadata, as well as to verify that the signatures // contained in the integrity block sign the bundle correctly. // // If everything is parsed successfully, then // the caller can make requests to responses contained in the Signed Web Bundle // using `ReadResponse` and `ReadResponseBody`. The caller can then also access // the metadata contained in the Signed Web Bundle. Potential errors occurring // during initialization are irrecoverable. Whether initialization has completed // can be determined by either waiting for the callback passed to `StartReading` // to run or by querying `GetState`. // // URLs passed to `ReadResponse` will be simplified to remove username, // password, and fragment before looking up the corresponding response inside // the Signed Web Bundle. This is the same behavior as with unsigned Web // Bundles (see `content::WebBundleReader`). class SignedWebBundleReader { … }; // This is a base class for fetching an info about a unsecure .swbn file. // The implementation of the pure virtual functions of this class should // provide a logic to read a specific thing from a bundle. // A signed web bundle considered unsecure if the signed web bundle ID of the // file is not known from a trusted source. Examples of trusted source of the ID // are the enterprise policy, a distributor store, etc. // Integrity check of the .swbn file without knowing the expected ID makes no // sense as an attacker can resign the tampered bundle with their private key. class UnsecureReader { … }; class UnsecureSignedWebBundleIdReader : public UnsecureReader { … }; } // namespace web_app #endif // CHROME_BROWSER_WEB_APPLICATIONS_ISOLATED_WEB_APPS_SIGNED_WEB_BUNDLE_READER_H_
Codebase Browser
chromium