• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2024 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_DEVICE_BOUND_SESSIONS_REGISTRATION_FETCHER_H_
6 #define NET_DEVICE_BOUND_SESSIONS_REGISTRATION_FETCHER_H_
7 
8 #include <optional>
9 #include <string>
10 
11 #include "base/functional/callback_forward.h"
12 #include "components/unexportable_keys/unexportable_key_service.h"
13 #include "net/base/isolation_info.h"
14 #include "net/base/net_errors.h"
15 #include "net/base/net_export.h"
16 #include "net/device_bound_sessions/registration_fetcher_param.h"
17 #include "net/device_bound_sessions/session_params.h"
18 #include "net/http/http_response_headers.h"
19 #include "url/gurl.h"
20 
21 namespace net {
22 class URLRequestContext;
23 }
24 
25 namespace unexportable_keys {
26 class UnexportableKeyService;
27 }
28 
29 namespace net::device_bound_sessions {
30 
31 class RegistrationRequestParam;
32 
33 // This class creates a new unexportable key, creates a registration JWT and
34 // signs it with the new key, and makes the network request to the DBSC
35 // registration endpoint with this signed JWT to get the registration
36 // instructions.
37 class NET_EXPORT RegistrationFetcher {
38  public:
39   struct NET_EXPORT RegistrationCompleteParams {
40     RegistrationCompleteParams(
41         SessionParams params,
42         unexportable_keys::UnexportableKeyId key_id,
43         const GURL& url,
44         std::optional<std::string> referral_session_identifier);
45     RegistrationCompleteParams(RegistrationCompleteParams&& other) noexcept;
46     RegistrationCompleteParams& operator=(
47         RegistrationCompleteParams&& other) noexcept;
48 
49     ~RegistrationCompleteParams();
50 
51     SessionParams params;
52     unexportable_keys::UnexportableKeyId key_id;
53     GURL url;
54     // The session identifier which initiated the registration request.
55     // It is `std::nullopt` for first time registration.
56     std::optional<std::string> referral_session_identifier;
57   };
58 
59   using RegistrationCompleteCallback =
60       base::OnceCallback<void(std::optional<RegistrationCompleteParams>)>;
61 
62   using FetcherType = std::optional<RegistrationCompleteParams> (*)();
63 
64   // TODO(kristianm): Add more parameters when the returned JSON is parsed.
65   struct NET_EXPORT RegistrationTokenResult {
66     std::string registration_token;
67     unexportable_keys::UnexportableKeyId key_id;
68   };
69 
70   // Creates an unexportable key from the key service, creates a registration
71   // JWT and signs it with the new key. Starts the network request to the DBSC
72   // registration endpoint with the signed JWT in the header. `callback`
73   // is called with the fetch results upon completion.
74   // This can fail during key creation, signing and during the network request,
75   // and if so it the callback with be called with a std::nullopt.
76   static void StartCreateTokenAndFetch(
77       RegistrationFetcherParam registration_params,
78       unexportable_keys::UnexportableKeyService& key_service,
79       const URLRequestContext* context,
80       const IsolationInfo& isolation_info,
81       RegistrationCompleteCallback callback);
82 
83   // Starts the network request to the DBSC refresh endpoint with existing key
84   // id. `callback` is called with the fetch results upon completion. This can
85   // fail during signing and during the network request, and if so the callback
86   // will be called with a std::nullopt.
87   static void StartFetchWithExistingKey(
88       RegistrationRequestParam request_params,
89       unexportable_keys::UnexportableKeyService& key_service,
90       const URLRequestContext* context,
91       const IsolationInfo& isolation_info,
92       RegistrationCompleteCallback callback,
93       unexportable_keys::ServiceErrorOr<unexportable_keys::UnexportableKeyId>
94           key_id);
95 
96   // Helper function for generating a new binding key and a registration token
97   // to bind the key on the server. unexportable_key_service must outlive the
98   // callback result
99   static void CreateTokenAsyncForTesting(
100       unexportable_keys::UnexportableKeyService& unexportable_key_service,
101       std::string challenge,
102       const GURL& registration_url,
103       std::optional<std::string> authorization,
104       base::OnceCallback<
105           void(std::optional<RegistrationFetcher::RegistrationTokenResult>)>
106           callback);
107 
108   static void SetFetcherForTesting(FetcherType);
109 };
110 
111 }  // namespace net::device_bound_sessions
112 
113 #endif  // NET_DEVICE_BOUND_SESSIONS_REGISTRATION_FETCHER_H_
114