services/network/trust_tokens/test/signed_request_verification_util.h - chromium/src - Git at Google

 // Copyright 2020 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef SERVICES_NETWORK_TRUST_TOKENS_TEST_SIGNED_REQUEST_VERIFICATION_UTIL_H_
 #define SERVICES_NETWORK_TRUST_TOKENS_TEST_SIGNED_REQUEST_VERIFICATION_UTIL_H_

 #include <string>

 #include "base/callback.h"
 #include "base/containers/span.h"
 #include "base/strings/string_piece.h"
 #include "net/http/http_request_headers.h"
 #include "services/network/public/mojom/trust_tokens.mojom-shared.h"
 #include "services/network/trust_tokens/suitable_trust_token_origin.h"
 #include "url/gurl.h"

 namespace network {
 namespace test {

 // Reconstructs a request's canonical request data, extracts the signatures from
 // its Sec-Signature header, checks that the Sec-Signature header's contained
 // signatures verify.
 //
 // Optionally:
 // - If |verification_keys_out| is non-null, on success, returns the
 // verification key for each issuer, so that the caller can verify further state
 // concerning the key (like confirming that the key was bound to a previous
 // redemption).
 // - If |error_out| is non-null, on failure, sets it to a human-readable
 // description of the reason the verification failed.
 // - If |verifier| is non-null, uses the given verifier to verify the
 // signatures instead of ecdsa_secp256r1_sha256.
 bool ReconstructSigningDataAndVerifySignatures(
     const GURL& destination,
     const net::HttpRequestHeaders& headers,
     base::RepeatingCallback<bool(base::span<const uint8_t> data,
                                  base::span<const uint8_t> signature,
                                  base::span<const uint8_t> verification_key,
                                  const std::string& sig_alg)> verifier =
         {},  // defaults to ecdsa_secp256r1_sha256
     std::string* error_out = nullptr,
     std::map<std::string, std::string>* verification_keys_out = nullptr,
     mojom::TrustTokenSignRequestData* sign_request_data_out = nullptr);

 // Parses a Sec-Redemption-Record header and extracts the (issuer, redemption
 // record) pairs the header contains. On success, returns true. On
 // failure, returns false and, if |error_out| is not null, stores a
 // helpful error message in |error_out| for debugging.
 bool ExtractRedemptionRecordsFromHeader(
     base::StringPiece sec_redemption_record_header,
     std::map<SuitableTrustTokenOrigin, std::string>*
         redemption_records_per_issuer_out,
     std::string* error_out);

 }  // namespace test
 }  // namespace network

 #endif  // SERVICES_NETWORK_TRUST_TOKENS_TEST_SIGNED_REQUEST_VERIFICATION_UTIL_H_
	// Copyright 2020 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef SERVICES_NETWORK_TRUST_TOKENS_TEST_SIGNED_REQUEST_VERIFICATION_UTIL_H_
	#define SERVICES_NETWORK_TRUST_TOKENS_TEST_SIGNED_REQUEST_VERIFICATION_UTIL_H_

	#include <string>

	#include "base/callback.h"
	#include "base/containers/span.h"
	#include "base/strings/string_piece.h"
	#include "net/http/http_request_headers.h"
	#include "services/network/public/mojom/trust_tokens.mojom-shared.h"
	#include "services/network/trust_tokens/suitable_trust_token_origin.h"
	#include "url/gurl.h"

	namespace network {
	namespace test {

	// Reconstructs a request's canonical request data, extracts the signatures from
	// its Sec-Signature header, checks that the Sec-Signature header's contained
	// signatures verify.
	//
	// Optionally:
	// - If \|verification_keys_out\| is non-null, on success, returns the
	// verification key for each issuer, so that the caller can verify further state
	// concerning the key (like confirming that the key was bound to a previous
	// redemption).
	// - If \|error_out\| is non-null, on failure, sets it to a human-readable
	// description of the reason the verification failed.
	// - If \|verifier\| is non-null, uses the given verifier to verify the
	// signatures instead of ecdsa_secp256r1_sha256.
	bool ReconstructSigningDataAndVerifySignatures(
	const GURL& destination,
	const net::HttpRequestHeaders& headers,
	base::RepeatingCallback<bool(base::span<const uint8_t> data,
	base::span<const uint8_t> signature,
	base::span<const uint8_t> verification_key,
	const std::string& sig_alg)> verifier =
	{}, // defaults to ecdsa_secp256r1_sha256
	std::string* error_out = nullptr,
	std::map<std::string, std::string>* verification_keys_out = nullptr,
	mojom::TrustTokenSignRequestData* sign_request_data_out = nullptr);

	// Parses a Sec-Redemption-Record header and extracts the (issuer, redemption
	// record) pairs the header contains. On success, returns true. On
	// failure, returns false and, if \|error_out\| is not null, stores a
	// helpful error message in \|error_out\| for debugging.
	bool ExtractRedemptionRecordsFromHeader(
	base::StringPiece sec_redemption_record_header,
	std::map<SuitableTrustTokenOrigin, std::string>*
	redemption_records_per_issuer_out,
	std::string* error_out);

	} // namespace test
	} // namespace network

	#endif // SERVICES_NETWORK_TRUST_TOKENS_TEST_SIGNED_REQUEST_VERIFICATION_UTIL_H_