services/network/public/mojom/url_loader_network_service_observer.mojom - chromium/src - Git at Google

 // Copyright 2021 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 module network.mojom;

 import "mojo/public/mojom/base/string16.mojom";
 import "mojo/public/mojom/base/time.mojom";
 import "mojo/public/mojom/base/unguessable_token.mojom";
 import "services/network/public/mojom/cookie_partition_key.mojom";
 import "services/network/public/mojom/network_param.mojom";
 import "url/mojom/url.mojom";

 // Loading info.
 struct LoadInfo {
   mojo_base.mojom.TimeTicks timestamp;
   string host;
   uint32 load_state;  // net::LoadState enum
   mojo_base.mojom.String16 state_param;
   uint64 upload_position;
   uint64 upload_size;
 };

 // This interface enables the UI to send client certificate selections back to
 // the network service.
 //
 // Defining an interface for this purpose, rather than using a union in the
 // response of OnCertificateRequested, enables the NetworkServiceClient to learn
 // of the URLLoader destruction via the connection error handler.
 interface ClientCertificateResponder {
   // Use the selected certificate and continue the URLRequest.
   //
   // - |provider_name| corresponds to the return value of
   //   net::SSLPrivateKey::GetProviderName().
   // - |algorithm_preferences| corresponds to the return value of
   //   net::SSLPrivateKey::GetAlgorithmPreferences().
   ContinueWithCertificate(network.mojom.X509Certificate x509_certificate,
                           string provider_name,
                           array<uint16> algorithm_preferences,
                           pending_remote<SSLPrivateKey> ssl_private_key);

   // Affirmatively select no certificate (this is cached and can affect future
   // URLRequests). Does not cancel the URLRequest.
   //
   // The connection is continued with no client cert.
   // net::URLRequest::ContinueWithCertificate(nullptr, nullptr) needs to be
   // called.
   ContinueWithoutCertificate();

   // Cancel the URLRequest. The request is aborted.
   // net::URLRequest::CancelWithError() needs to be called.
   CancelRequest();
 };

 // The content/browser implementation of this SSLPrivateKey interface wraps the
 // scoped_refptr<net::SSLPrivateKey> that is received from
 // SSLClientAuthDelegate::ContinueWithCertificate(), and this mojo interface is
 // sent from content/browser to services/network so that services/network can
 // have its own net::SSLPrivateKey implementation that internally uses this mojo
 // interface.
 // The |algorithm| and |input| parameters correspond to the |algorithm| and
 // |input| parameters in net::SSLPrivateKey::Sign().
 // The |net_error| and |signature| parameters correspond to the parameters in
 // net::SSLPrivateKey::SignCallback.
 interface SSLPrivateKey {
   // Sign |input| using the private key and |algorithm|.
   Sign(uint16 algorithm,
        array<uint8> input) => (int32 net_error, array<uint8> signature);
 };

 // The |credentials| output parameter is given to URLRequest::SetAuth()
 // through this mojo interface. It is not set when URLRequest::CancelAuth()
 // needs to be called.
 interface AuthChallengeResponder {
    // Called in response to an authentication request. See
    // URLLoaderNetworkServiceObserver::OnAuthRequired.
    OnAuthCredentials(AuthCredentials? credentials);
 };

 // This interface is used by an URLLoaderFactory to provide notification
 // of authentication and certificate events. This is typically implemented
 // by a trusted process such as the browser process.
 interface URLLoaderNetworkServiceObserver {
   // Called when an SSL certificate is encountered.
   // The callback argument is a net::ERROR value. If it's net::OK, then the
   // request is resumed. Otherwise it's cancelled with the given error.
   OnSSLCertificateError(url.mojom.Url url,
                         int32 net_error,
                         SSLInfo ssl_info,
                         bool fatal) => (int32 net_error);

   // Called when an SSL certificate requested message is received for client
   // authentication.
   //
   // Rather than using one response for multiple purposes, the caller expects
   // exactly one response (or disconnect) to be sent back via |cert_responder|.
   //
   // |window_id| indicates the frame making the request, see
   // network::ResourceRequest::fetch_window_id. This parameter is only set
   // when the request is from a service worker to identify the origin window.
   // The is not needed for frame based requests because they have their own
   // URLLoaderFactory and a unique URLLoaderNetworkServiceObserver for each
   // frame.
   OnCertificateRequested(
       mojo_base.mojom.UnguessableToken? window_id,
       network.mojom.SSLCertRequestInfo cert_info,
       pending_remote<ClientCertificateResponder> cert_responder);

   // Called when we receive an authentication failure.
   // The |auth_challenge_responder| will respond to auth challenge with
   // credentials. |head_headers| can provide response headers for the response
   // which has elicited this auth request, if applicable.
   //
   // |window_id| indicates the frame making the request, see
   // network::ResourceRequest::fetch_window_id. This parameter is only set
   // when the request is from a service worker to identify the origin window.
   // The is not needed for frame based requests because they have their own
   // URLLoaderFactory and a unique URLLoaderNetworkServiceObserver for each
   // frame.
   OnAuthRequired(
       mojo_base.mojom.UnguessableToken? window_id,
       uint32 request_id,
       url.mojom.Url url,
       bool first_auth_attempt,
       AuthChallengeInfo auth_info,
       HttpResponseHeaders? head_headers,
       pending_remote<AuthChallengeResponder> auth_challenge_responder);

   // Called when the Clear-Site-Data header has been received. The callback
   // should be run after the data is deleted.
   // https://www.w3.org/TR/clear-site-data/
   // TODO(crbug.com/876931): We might want to move header parsing work to
   // Network Service for security concerns (e.g. |header_value| => booleans).
   OnClearSiteData(url.mojom.Url url,
                   string header_value,
                   int32 load_flags,
                   CookiePartitionKey? cookie_partition_key) => ();

   // Called periodically to update the client about progress of the current
   // loads. To avoid flooding the client, it has to ack the update before it can
   // receive the next update. This will only be called if the
   // URLLoaderFactory has requested it in the URLLoaderFactoryParams.
   OnLoadingStateUpdate(LoadInfo info) => ();

   // Called on every request completion to update the network traffic annotation
   // ID, and the total bytes received and sent.
   // |network_traffic_annotation_id_hash| represents the hash of unique tag that
   // identifies the annotation of the request.
   OnDataUseUpdate(int32 network_traffic_annotation_id_hash, int64 recv_bytes,
                   int64 sent_bytes);

   // Used by the NetworkService to create a copy of this observer.
   // (e.g. when creating an observer for URLLoader from URLLoaderFactory's
   // observer).
   Clone(pending_receiver<URLLoaderNetworkServiceObserver> listener);
 };
	// Copyright 2021 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	module network.mojom;

	import "mojo/public/mojom/base/string16.mojom";
	import "mojo/public/mojom/base/time.mojom";
	import "mojo/public/mojom/base/unguessable_token.mojom";
	import "services/network/public/mojom/cookie_partition_key.mojom";
	import "services/network/public/mojom/network_param.mojom";
	import "url/mojom/url.mojom";

	// Loading info.
	struct LoadInfo {
	mojo_base.mojom.TimeTicks timestamp;
	string host;
	uint32 load_state; // net::LoadState enum
	mojo_base.mojom.String16 state_param;
	uint64 upload_position;
	uint64 upload_size;
	};

	// This interface enables the UI to send client certificate selections back to
	// the network service.
	//
	// Defining an interface for this purpose, rather than using a union in the
	// response of OnCertificateRequested, enables the NetworkServiceClient to learn
	// of the URLLoader destruction via the connection error handler.
	interface ClientCertificateResponder {
	// Use the selected certificate and continue the URLRequest.
	//
	// - \|provider_name\| corresponds to the return value of
	// net::SSLPrivateKey::GetProviderName().
	// - \|algorithm_preferences\| corresponds to the return value of
	// net::SSLPrivateKey::GetAlgorithmPreferences().
	ContinueWithCertificate(network.mojom.X509Certificate x509_certificate,
	string provider_name,
	array<uint16> algorithm_preferences,
	pending_remote<SSLPrivateKey> ssl_private_key);

	// Affirmatively select no certificate (this is cached and can affect future
	// URLRequests). Does not cancel the URLRequest.
	//
	// The connection is continued with no client cert.
	// net::URLRequest::ContinueWithCertificate(nullptr, nullptr) needs to be
	// called.
	ContinueWithoutCertificate();

	// Cancel the URLRequest. The request is aborted.
	// net::URLRequest::CancelWithError() needs to be called.
	CancelRequest();
	};

	// The content/browser implementation of this SSLPrivateKey interface wraps the
	// scoped_refptr<net::SSLPrivateKey> that is received from
	// SSLClientAuthDelegate::ContinueWithCertificate(), and this mojo interface is
	// sent from content/browser to services/network so that services/network can
	// have its own net::SSLPrivateKey implementation that internally uses this mojo
	// interface.
	// The \|algorithm\| and \|input\| parameters correspond to the \|algorithm\| and
	// \|input\| parameters in net::SSLPrivateKey::Sign().
	// The \|net_error\| and \|signature\| parameters correspond to the parameters in
	// net::SSLPrivateKey::SignCallback.
	interface SSLPrivateKey {
	// Sign \|input\| using the private key and \|algorithm\|.
	Sign(uint16 algorithm,
	array<uint8> input) => (int32 net_error, array<uint8> signature);
	};

	// The \|credentials\| output parameter is given to URLRequest::SetAuth()
	// through this mojo interface. It is not set when URLRequest::CancelAuth()
	// needs to be called.
	interface AuthChallengeResponder {
	// Called in response to an authentication request. See
	// URLLoaderNetworkServiceObserver::OnAuthRequired.
	OnAuthCredentials(AuthCredentials? credentials);
	};

	// This interface is used by an URLLoaderFactory to provide notification
	// of authentication and certificate events. This is typically implemented
	// by a trusted process such as the browser process.
	interface URLLoaderNetworkServiceObserver {
	// Called when an SSL certificate is encountered.
	// The callback argument is a net::ERROR value. If it's net::OK, then the
	// request is resumed. Otherwise it's cancelled with the given error.
	OnSSLCertificateError(url.mojom.Url url,
	int32 net_error,
	SSLInfo ssl_info,
	bool fatal) => (int32 net_error);

	// Called when an SSL certificate requested message is received for client
	// authentication.
	//
	// Rather than using one response for multiple purposes, the caller expects
	// exactly one response (or disconnect) to be sent back via \|cert_responder\|.
	//
	// \|window_id\| indicates the frame making the request, see
	// network::ResourceRequest::fetch_window_id. This parameter is only set
	// when the request is from a service worker to identify the origin window.
	// The is not needed for frame based requests because they have their own
	// URLLoaderFactory and a unique URLLoaderNetworkServiceObserver for each
	// frame.
	OnCertificateRequested(
	mojo_base.mojom.UnguessableToken? window_id,
	network.mojom.SSLCertRequestInfo cert_info,
	pending_remote<ClientCertificateResponder> cert_responder);

	// Called when we receive an authentication failure.
	// The \|auth_challenge_responder\| will respond to auth challenge with
	// credentials. \|head_headers\| can provide response headers for the response
	// which has elicited this auth request, if applicable.
	//
	// \|window_id\| indicates the frame making the request, see
	// network::ResourceRequest::fetch_window_id. This parameter is only set
	// when the request is from a service worker to identify the origin window.
	// The is not needed for frame based requests because they have their own
	// URLLoaderFactory and a unique URLLoaderNetworkServiceObserver for each
	// frame.
	OnAuthRequired(
	mojo_base.mojom.UnguessableToken? window_id,
	uint32 request_id,
	url.mojom.Url url,
	bool first_auth_attempt,
	AuthChallengeInfo auth_info,
	HttpResponseHeaders? head_headers,
	pending_remote<AuthChallengeResponder> auth_challenge_responder);

	// Called when the Clear-Site-Data header has been received. The callback
	// should be run after the data is deleted.
	// https://www.w3.org/TR/clear-site-data/
	// TODO(crbug.com/876931): We might want to move header parsing work to
	// Network Service for security concerns (e.g. \|header_value\| => booleans).
	OnClearSiteData(url.mojom.Url url,
	string header_value,
	int32 load_flags,
	CookiePartitionKey? cookie_partition_key) => ();

	// Called periodically to update the client about progress of the current
	// loads. To avoid flooding the client, it has to ack the update before it can
	// receive the next update. This will only be called if the
	// URLLoaderFactory has requested it in the URLLoaderFactoryParams.
	OnLoadingStateUpdate(LoadInfo info) => ();

	// Called on every request completion to update the network traffic annotation
	// ID, and the total bytes received and sent.
	// \|network_traffic_annotation_id_hash\| represents the hash of unique tag that
	// identifies the annotation of the request.
	OnDataUseUpdate(int32 network_traffic_annotation_id_hash, int64 recv_bytes,
	int64 sent_bytes);

	// Used by the NetworkService to create a copy of this observer.
	// (e.g. when creating an observer for URLLoader from URLLoaderFactory's
	// observer).
	Clone(pending_receiver<URLLoaderNetworkServiceObserver> listener);
	};