Move trial token code to content/common.

Moves content/renderer/origin_trials/trial_token.* to content/common, and
moves ContentRendererClient::GetOriginTrialPublicKey to ContentClient, to
enable verification of trial tokens from the browser process.

BUG=590873

Review URL: https://codereview.chromium.org/1742053002

Cr-Commit-Position: refs/heads/master@{#380823}

30 files changed, 180 insertions, 127 deletions

diff --git a/chrome/chrome_common.gypi b/chrome/chrome_common.gypi
index b64dd6e83..44291f3 100644
--- a/chrome/chrome_common.gypi
+++ b/chrome/chrome_common.gypi
@@ -62,6 +62,8 @@
       'common/multi_process_lock_linux.cc',
       'common/multi_process_lock_mac.cc',
       'common/multi_process_lock_win.cc',
+      'common/origin_trials/origin_trial_key_manager.cc',
+      'common/origin_trials/origin_trial_key_manager.h',
       'common/partial_circular_buffer.cc',
       'common/partial_circular_buffer.h',
       'common/pref_names_util.cc',
diff --git a/chrome/chrome_renderer.gypi b/chrome/chrome_renderer.gypi
index b63109a..1afaa0f 100644
--- a/chrome/chrome_renderer.gypi
+++ b/chrome/chrome_renderer.gypi
@@ -33,8 +33,6 @@
       'renderer/net/net_error_page_controller.h',
       'renderer/net_benchmarking_extension.cc',
       'renderer/net_benchmarking_extension.h',
-      'renderer/origin_trials/origin_trial_key_manager.cc',
-      'renderer/origin_trials/origin_trial_key_manager.h',
       'renderer/page_load_histograms.cc',
       'renderer/page_load_histograms.h',
       'renderer/plugins/non_loadable_plugin_placeholder.cc',
diff --git a/chrome/common/chrome_content_client.cc b/chrome/common/chrome_content_client.cc
index f79b019..4a2456f 100644
--- a/chrome/common/chrome_content_client.cc
+++ b/chrome/common/chrome_content_client.cc
@@ -642,3 +642,7 @@ bool ChromeContentClient::IsSupplementarySiteIsolationModeEnabled() {
   return false;
 #endif
 }
+
+base::StringPiece ChromeContentClient::GetOriginTrialPublicKey() {
+  return origin_trial_key_manager_.GetPublicKey();
+}
diff --git a/chrome/common/chrome_content_client.h b/chrome/common/chrome_content_client.h
index c5b7d2d..227f737 100644
--- a/chrome/common/chrome_content_client.h
+++ b/chrome/common/chrome_content_client.h
@@ -11,6 +11,7 @@
 #include "base/compiler_specific.h"
 #include "base/files/file_path.h"
 #include "build/build_config.h"
+#include "chrome/common/origin_trials/origin_trial_key_manager.h"
 #include "content/public/common/content_client.h"
 
 #if defined(ENABLE_PLUGINS)
@@ -86,6 +87,10 @@ class ChromeContentClient : public content::ContentClient {
   void AddServiceWorkerSchemes(std::set<std::string>* schemes) override;
 
   bool IsSupplementarySiteIsolationModeEnabled() override;
+  base::StringPiece GetOriginTrialPublicKey() override;
+
+ private:
+  OriginTrialKeyManager origin_trial_key_manager_;
 };
 
 #endif  // CHROME_COMMON_CHROME_CONTENT_CLIENT_H_
diff --git a/chrome/renderer/origin_trials/origin_trial_key_manager.cc b/chrome/common/origin_trials/origin_trial_key_manager.cc
index e074f40..9277066 100644
--- a/chrome/renderer/origin_trials/origin_trial_key_manager.cc
+++ b/chrome/common/origin_trials/origin_trial_key_manager.cc
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "chrome/renderer/origin_trials/origin_trial_key_manager.h"
+#include "chrome/common/origin_trials/origin_trial_key_manager.h"
 
 #include <stdint.h>
 
diff --git a/chrome/common/origin_trials/origin_trial_key_manager.h b/chrome/common/origin_trials/origin_trial_key_manager.h
new file mode 100644
index 0000000..cd6b245
--- /dev/null
+++ b/chrome/common/origin_trials/origin_trial_key_manager.h
@@ -0,0 +1,17 @@
+// Copyright (c) 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_COMMON_ORIGIN_TRIALS_ORIGIN_TRIAL_KEY_MANAGER_H_
+#define CHROME_COMMON_ORIGIN_TRIALS_ORIGIN_TRIAL_KEY_MANAGER_H_
+
+#include "base/strings/string_piece.h"
+
+// This class is instantiated on the main/ui thread, but its methods can be
+// accessed from any thread.
+class OriginTrialKeyManager {
+ public:
+  base::StringPiece GetPublicKey();
+};
+
+#endif  // CHROME_COMMON_ORIGIN_TRIALS_ORIGIN_TRIAL_KEY_MANAGER_H_
diff --git a/chrome/renderer/chrome_content_renderer_client.cc b/chrome/renderer/chrome_content_renderer_client.cc
index 93ef2c2..5fa4a89 100644
--- a/chrome/renderer/chrome_content_renderer_client.cc
+++ b/chrome/renderer/chrome_content_renderer_client.cc
@@ -1422,7 +1422,3 @@ bool ChromeContentRendererClient::ShouldEnforceWebRTCRoutingPreferences() {
   return true;
 #endif
 }
-
-base::StringPiece ChromeContentRendererClient::GetOriginTrialPublicKey() {
-  return origin_trial_key_manager_.GetPublicKey();
-}
diff --git a/chrome/renderer/chrome_content_renderer_client.h b/chrome/renderer/chrome_content_renderer_client.h
index c56c2bb..97ee060 100644
--- a/chrome/renderer/chrome_content_renderer_client.h
+++ b/chrome/renderer/chrome_content_renderer_client.h
@@ -16,7 +16,6 @@
 #include "base/gtest_prod_util.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/strings/string16.h"
-#include "chrome/renderer/origin_trials/origin_trial_key_manager.h"
 #include "content/public/renderer/content_renderer_client.h"
 #include "ipc/ipc_channel_proxy.h"
 #include "v8/include/v8.h"
@@ -153,7 +152,6 @@ class ChromeContentRendererClient : public content::ContentRendererClient {
       v8::Local<v8::Context> context,
       const GURL& url) override;
   bool ShouldEnforceWebRTCRoutingPreferences() override;
-  base::StringPiece GetOriginTrialPublicKey() override;
 
 #if defined(ENABLE_SPELLCHECK)
   // Sets a new |spellcheck|. Used for testing only.
@@ -202,8 +200,6 @@ class ChromeContentRendererClient : public content::ContentRendererClient {
   scoped_ptr<network_hints::PrescientNetworkingDispatcher>
       prescient_networking_dispatcher_;
 
-  OriginTrialKeyManager origin_trial_key_manager_;
-
 #if defined(ENABLE_SPELLCHECK)
   scoped_ptr<SpellCheck> spellcheck_;
 #endif
diff --git a/chrome/renderer/origin_trials/origin_trial_key_manager.h b/chrome/renderer/origin_trials/origin_trial_key_manager.h
deleted file mode 100644
index 18b01d8..0000000
--- a/chrome/renderer/origin_trials/origin_trial_key_manager.h
+++ /dev/null
@@ -1,15 +0,0 @@
-// Copyright (c) 2016 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef CHROME_RENDERER_ORIGIN_TRIALS_ORIGIN_TRIAL_KEY_MANAGER_H_
-#define CHROME_RENDERER_ORIGIN_TRIALS_ORIGIN_TRIAL_KEY_MANAGER_H_
-
-#include "base/strings/string_piece.h"
-
-class OriginTrialKeyManager {
- public:
-  base::StringPiece GetPublicKey();
-};
-
-#endif  // CHROME_RENDERER_ORIGIN_TRIALS_ORIGIN_TRIAL_KEY_MANAGER_H_
diff --git a/content/renderer/origin_trials/trial_token.cc b/content/common/origin_trials/trial_token.cc
index 2cd9f18..e44f6f0 100644
--- a/content/renderer/origin_trials/trial_token.cc
+++ b/content/common/origin_trials/trial_token.cc
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "content/renderer/origin_trials/trial_token.h"
+#include "content/common/origin_trials/trial_token.h"
 
 #include <openssl/curve25519.h>
 
diff --git a/content/renderer/origin_trials/trial_token.h b/content/common/origin_trials/trial_token.h
index 216c9b9..3109240 100644
--- a/content/renderer/origin_trials/trial_token.h
+++ b/content/common/origin_trials/trial_token.h
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef CONTENT_RENDERER_ORIGIN_TRIALS_TRIAL_TOKEN_H_
-#define CONTENT_RENDERER_ORIGIN_TRIALS_TRIAL_TOKEN_H_
+#ifndef CONTENT_COMMON_ORIGIN_TRIALS_TRIAL_TOKEN_H_
+#define CONTENT_COMMON_ORIGIN_TRIALS_TRIAL_TOKEN_H_
 
 #include <string>
 
@@ -106,4 +106,4 @@ class CONTENT_EXPORT TrialToken {
 
 }  // namespace content
 
-#endif  // CONTENT_RENDERER_ORIGIN_TRIALS_TRIAL_TOKEN_H_
+#endif  // CONTENT_COMMON_ORIGIN_TRIALS_TRIAL_TOKEN_H_
diff --git a/content/renderer/origin_trials/trial_token_unittest.cc b/content/common/origin_trials/trial_token_unittest.cc
index e7e52e7..dd83508 100644
--- a/content/renderer/origin_trials/trial_token_unittest.cc
+++ b/content/common/origin_trials/trial_token_unittest.cc
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "content/renderer/origin_trials/trial_token.h"
+#include "content/common/origin_trials/trial_token.h"
 
 #include "base/macros.h"
 #include "base/memory/scoped_ptr.h"
diff --git a/content/common/origin_trials/trial_token_validator.cc b/content/common/origin_trials/trial_token_validator.cc
new file mode 100644
index 0000000..b7d61fe
--- /dev/null
+++ b/content/common/origin_trials/trial_token_validator.cc
@@ -0,0 +1,28 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/common/origin_trials/trial_token_validator.h"
+
+#include "base/time/time.h"
+#include "content/common/origin_trials/trial_token.h"
+#include "content/public/common/content_client.h"
+
+namespace content {
+
+bool TrialTokenValidator::ValidateToken(const std::string& token,
+                                        const url::Origin& origin,
+                                        base::StringPiece featureName) {
+  scoped_ptr<TrialToken> trial_token = TrialToken::Parse(token);
+
+  // TODO(iclelland): Allow for multiple signing keys, and iterate over all
+  // active keys here. https://crbug.com/543220
+  ContentClient* content_client = GetContentClient();
+  base::StringPiece public_key = content_client->GetOriginTrialPublicKey();
+
+  return !public_key.empty() && trial_token &&
+         trial_token->IsAppropriate(origin, featureName) &&
+         trial_token->IsValid(base::Time::Now(), public_key);
+}
+
+}  // namespace content
diff --git a/content/common/origin_trials/trial_token_validator.h b/content/common/origin_trials/trial_token_validator.h
new file mode 100644
index 0000000..d19c112
--- /dev/null
+++ b/content/common/origin_trials/trial_token_validator.h
@@ -0,0 +1,26 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_COMMON_ORIGIN_TRIALS_TRIAL_TOKEN_VALIDATOR_H_
+#define CONTENT_COMMON_ORIGIN_TRIALS_TRIAL_TOKEN_VALIDATOR_H_
+
+#include <string>
+#include "base/strings/string_piece.h"
+#include "content/common/content_export.h"
+#include "url/origin.h"
+
+namespace content {
+
+namespace TrialTokenValidator {
+
+// This method is thread-safe.
+CONTENT_EXPORT bool ValidateToken(const std::string& token,
+                                  const url::Origin& origin,
+                                  base::StringPiece featureName);
+
+}  // namespace TrialTokenValidator
+
+}  // namespace content
+
+#endif  // CONTENT_COMMON_ORIGIN_TRIALS_TRIAL_TOKEN_VALIDATOR_H_
diff --git a/content/renderer/origin_trials/trial_token_validator_unittest.cc b/content/common/origin_trials/trial_token_validator_unittest.cc
index 858aa6f..9a2d27c 100644
--- a/content/renderer/origin_trials/trial_token_validator_unittest.cc
+++ b/content/common/origin_trials/trial_token_validator_unittest.cc
@@ -2,14 +2,14 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "content/renderer/origin_trials/trial_token_validator.h"
+#include "content/common/origin_trials/trial_token_validator.h"
 
 #include "base/macros.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/strings/string_util.h"
 #include "base/test/simple_test_clock.h"
 #include "base/time/time.h"
-#include "content/public/renderer/content_renderer_client.h"
+#include "content/public/common/content_client.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "url/gurl.h"
 
@@ -71,7 +71,7 @@ const char kExpiredToken[] =
 
 const char kUnparsableToken[] = "abcde";
 
-class TestContentRendererClient : public content::ContentRendererClient {
+class TestContentClient : public ContentClient {
  public:
   base::StringPiece GetOriginTrialPublicKey() override {
     return base::StringPiece(reinterpret_cast<const char*>(key_),
@@ -90,57 +90,58 @@ class TrialTokenValidatorTest : public testing::Test {
         inappropriate_origin_(GURL(kInappropriateOrigin)),
         insecure_origin_(GURL(kInsecureOrigin)) {
     SetPublicKey(kTestPublicKey);
-    SetRendererClientForTesting(&test_content_renderer_client_);
+    SetContentClient(&test_content_client_);
   }
 
+  ~TrialTokenValidatorTest() override { SetContentClient(nullptr); }
+
   void SetPublicKey(const uint8_t* key) {
-    test_content_renderer_client_.SetOriginTrialPublicKey(key);
+    test_content_client_.SetOriginTrialPublicKey(key);
   }
 
-  TrialTokenValidator trial_token_validator_;
   const url::Origin appropriate_origin_;
   const url::Origin inappropriate_origin_;
   const url::Origin insecure_origin_;
 
  private:
-  TestContentRendererClient test_content_renderer_client_;
+  TestContentClient test_content_client_;
 };
 
 TEST_F(TrialTokenValidatorTest, ValidateValidToken) {
-  EXPECT_TRUE(trial_token_validator_.validateToken(
+  EXPECT_TRUE(TrialTokenValidator::ValidateToken(
       kSampleToken, appropriate_origin_, kAppropriateFeatureName));
 }
 
 TEST_F(TrialTokenValidatorTest, ValidateInappropriateOrigin) {
-  EXPECT_FALSE(TrialTokenValidator().validateToken(
+  EXPECT_FALSE(TrialTokenValidator::ValidateToken(
       kSampleToken, inappropriate_origin_, kAppropriateFeatureName));
-  EXPECT_FALSE(TrialTokenValidator().validateToken(
+  EXPECT_FALSE(TrialTokenValidator::ValidateToken(
       kSampleToken, insecure_origin_, kAppropriateFeatureName));
 }
 
 TEST_F(TrialTokenValidatorTest, ValidateInappropriateFeature) {
-  EXPECT_FALSE(TrialTokenValidator().validateToken(
+  EXPECT_FALSE(TrialTokenValidator::ValidateToken(
       kSampleToken, appropriate_origin_, kInappropriateFeatureName));
 }
 
 TEST_F(TrialTokenValidatorTest, ValidateInvalidSignature) {
-  EXPECT_FALSE(TrialTokenValidator().validateToken(
+  EXPECT_FALSE(TrialTokenValidator::ValidateToken(
       kInvalidSignatureToken, appropriate_origin_, kAppropriateFeatureName));
 }
 
 TEST_F(TrialTokenValidatorTest, ValidateUnparsableToken) {
-  EXPECT_FALSE(TrialTokenValidator().validateToken(
+  EXPECT_FALSE(TrialTokenValidator::ValidateToken(
       kUnparsableToken, appropriate_origin_, kAppropriateFeatureName));
 }
 
 TEST_F(TrialTokenValidatorTest, ValidateExpiredToken) {
-  EXPECT_FALSE(TrialTokenValidator().validateToken(
+  EXPECT_FALSE(TrialTokenValidator::ValidateToken(
       kExpiredToken, appropriate_origin_, kAppropriateFeatureName));
 }
 
 TEST_F(TrialTokenValidatorTest, ValidateValidTokenWithIncorrectKey) {
   SetPublicKey(kTestPublicKey2);
-  EXPECT_FALSE(TrialTokenValidator().validateToken(
+  EXPECT_FALSE(TrialTokenValidator::ValidateToken(
       kSampleToken, appropriate_origin_, kAppropriateFeatureName));
 }
 
diff --git a/content/content_common.gypi b/content/content_common.gypi
index 6fb7d99..da15942 100644
--- a/content/content_common.gypi
+++ b/content/content_common.gypi
@@ -538,6 +538,10 @@
       'common/notification_constants.h',
       'common/one_writer_seqlock.cc',
       'common/one_writer_seqlock.h',
+      'common/origin_trials/trial_token.cc',
+      'common/origin_trials/trial_token.h',
+      'common/origin_trials/trial_token_validator.cc',
+      'common/origin_trials/trial_token_validator.h',
       'common/origin_util.cc',
       'common/p2p_messages.h',
       'common/page_state_serialization.cc',
diff --git a/content/content_renderer.gypi b/content/content_renderer.gypi
index adf3d1d..5c03975 100644
--- a/content/content_renderer.gypi
+++ b/content/content_renderer.gypi
@@ -373,10 +373,8 @@
       'renderer/net_info_helper.h',
       'renderer/notification_permission_dispatcher.cc',
       'renderer/notification_permission_dispatcher.h',
-      'renderer/origin_trials/trial_token.cc',
-      'renderer/origin_trials/trial_token.h',
-      'renderer/origin_trials/trial_token_validator.cc',
-      'renderer/origin_trials/trial_token_validator.h',
+      'renderer/origin_trials/web_trial_token_validator_impl.cc',
+      'renderer/origin_trials/web_trial_token_validator_impl.h',
       'renderer/peripheral_content_heuristic.cc',
       'renderer/peripheral_content_heuristic.h',
       'renderer/presentation/presentation_connection_client.cc',
diff --git a/content/content_tests.gypi b/content/content_tests.gypi
index 23710bd..f5f1358 100644
--- a/content/content_tests.gypi
+++ b/content/content_tests.gypi
@@ -682,6 +682,8 @@
       'common/mac/attributed_string_coder_unittest.mm',
       'common/mac/font_descriptor_unittest.mm',
       'common/one_writer_seqlock_unittest.cc',
+      'common/origin_trials/trial_token_unittest.cc',
+      'common/origin_trials/trial_token_validator_unittest.cc',
       'common/origin_util_unittest.cc',
       'common/page_state_serialization_unittest.cc',
       'common/page_zoom_unittest.cc',
@@ -721,8 +723,6 @@
       'renderer/media/video_capture_impl_unittest.cc',
       'renderer/media/video_capture_message_filter_unittest.cc',
       'renderer/media/webmediaplayer_ms_unittest.cc',
-      'renderer/origin_trials/trial_token_unittest.cc',
-      'renderer/origin_trials/trial_token_validator_unittest.cc',
       'renderer/peripheral_content_heuristic_unittest.cc',
       'renderer/raster_worker_pool_unittest.cc',
       'renderer/render_thread_impl_unittest.cc',
diff --git a/content/public/common/content_client.cc b/content/public/common/content_client.cc
index 75ed9979..34350d5 100644
--- a/content/public/common/content_client.cc
+++ b/content/public/common/content_client.cc
@@ -120,4 +120,8 @@ bool ContentClient::IsSupplementarySiteIsolationModeEnabled() {
   return false;
 }
 
+base::StringPiece ContentClient::GetOriginTrialPublicKey() {
+  return base::StringPiece();
+}
+
 }  // namespace content
diff --git a/content/public/common/content_client.h b/content/public/common/content_client.h
index eabd3da..ba15b3e 100644
--- a/content/public/common/content_client.h
+++ b/content/public/common/content_client.h
@@ -156,6 +156,10 @@ class CONTENT_EXPORT ContentClient {
   // model decisions.
   virtual bool IsSupplementarySiteIsolationModeEnabled();
 
+  // Returns the public key to be used for origin trials, or an empty string if
+  // origin trials are not enabled in this context.
+  virtual base::StringPiece GetOriginTrialPublicKey();
+
  private:
   friend class ContentClientInitializer;  // To set these pointers.
   friend class InternalTestInitializer;
diff --git a/content/public/renderer/content_renderer_client.cc b/content/public/renderer/content_renderer_client.cc
index f928d33..d32eccc 100644
--- a/content/public/renderer/content_renderer_client.cc
+++ b/content/public/renderer/content_renderer_client.cc
@@ -225,8 +225,4 @@ bool ContentRendererClient::ShouldEnforceWebRTCRoutingPreferences() {
   return true;
 }
 
-base::StringPiece ContentRendererClient::GetOriginTrialPublicKey() {
-  return base::StringPiece();
-}
-
 }  // namespace content
diff --git a/content/public/renderer/content_renderer_client.h b/content/public/renderer/content_renderer_client.h
index 52b397f..880550c 100644
--- a/content/public/renderer/content_renderer_client.h
+++ b/content/public/renderer/content_renderer_client.h
@@ -327,10 +327,6 @@ class CONTENT_EXPORT ContentRendererClient {
   // Whether this renderer should enforce preferences related to the WebRTC
   // routing logic, i.e. allowing multiple routes and non-proxied UDP.
   virtual bool ShouldEnforceWebRTCRoutingPreferences();
-
-  // Returns the public key to be used for origin trials, or an empty string if
-  // origin trials are not enabled in this context.
-  virtual base::StringPiece GetOriginTrialPublicKey();
 };
 
 }  // namespace content
diff --git a/content/renderer/origin_trials/trial_token_validator.cc b/content/renderer/origin_trials/trial_token_validator.cc
deleted file mode 100644
index f34afd1..0000000
--- a/content/renderer/origin_trials/trial_token_validator.cc
+++ /dev/null
@@ -1,33 +0,0 @@
-// Copyright 2016 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "content/renderer/origin_trials/trial_token_validator.h"
-
-#include "base/time/time.h"
-#include "content/public/common/content_client.h"
-#include "content/public/renderer/content_renderer_client.h"
-#include "content/renderer/origin_trials/trial_token.h"
-
-namespace content {
-
-TrialTokenValidator::TrialTokenValidator() {}
-TrialTokenValidator::~TrialTokenValidator() {}
-
-bool TrialTokenValidator::validateToken(const blink::WebString& token,
-                                        const blink::WebSecurityOrigin& origin,
-                                        const blink::WebString& featureName) {
-  scoped_ptr<TrialToken> trial_token = TrialToken::Parse(token.utf8());
-
-  ContentClient* content_client = GetContentClient();
-  CHECK(content_client);
-
-  base::StringPiece public_key =
-      content_client->renderer()->GetOriginTrialPublicKey();
-
-  return !public_key.empty() && trial_token &&
-         trial_token->IsAppropriate(origin, featureName.utf8()) &&
-         trial_token->IsValid(base::Time::Now(), public_key);
-}
-
-}  // namespace content
diff --git a/content/renderer/origin_trials/web_trial_token_validator_impl.cc b/content/renderer/origin_trials/web_trial_token_validator_impl.cc
new file mode 100644
index 0000000..01078ed
--- /dev/null
+++ b/content/renderer/origin_trials/web_trial_token_validator_impl.cc
@@ -0,0 +1,22 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/renderer/origin_trials/web_trial_token_validator_impl.h"
+
+#include "content/common/origin_trials/trial_token_validator.h"
+
+namespace content {
+
+WebTrialTokenValidatorImpl::WebTrialTokenValidatorImpl() {}
+WebTrialTokenValidatorImpl::~WebTrialTokenValidatorImpl() {}
+
+bool WebTrialTokenValidatorImpl::validateToken(
+    const blink::WebString& token,
+    const blink::WebSecurityOrigin& origin,
+    const blink::WebString& featureName) {
+  return TrialTokenValidator::ValidateToken(token.utf8(), origin,
+                                            featureName.utf8());
+}
+
+}  // namespace content
diff --git a/content/renderer/origin_trials/trial_token_validator.h b/content/renderer/origin_trials/web_trial_token_validator_impl.h
index 4d877fc..ad20a1c 100644
--- a/content/renderer/origin_trials/trial_token_validator.h
+++ b/content/renderer/origin_trials/web_trial_token_validator_impl.h
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef CONTENT_RENDERER_ORIGIN_TRIALS_TRIAL_TOKEN_VALIDATOR_H_
-#define CONTENT_RENDERER_ORIGIN_TRIALS_TRIAL_TOKEN_VALIDATOR_H_
+#ifndef CONTENT_RENDERER_ORIGIN_TRIALS_WEB_TRIAL_TOKEN_VALIDATOR_IMPL_H_
+#define CONTENT_RENDERER_ORIGIN_TRIALS_WEB_TRIAL_TOKEN_VALIDATOR_IMPL_H_
 
 #include <string>
 #include "content/common/content_export.h"
@@ -15,11 +15,11 @@ namespace content {
 // to validate tokens to enable experimental features.
 //
 // This class is thread-safe.
-class CONTENT_EXPORT TrialTokenValidator
+class CONTENT_EXPORT WebTrialTokenValidatorImpl
     : public NON_EXPORTED_BASE(blink::WebTrialTokenValidator) {
  public:
-  TrialTokenValidator();
-  ~TrialTokenValidator() override;
+  WebTrialTokenValidatorImpl();
+  ~WebTrialTokenValidatorImpl() override;
 
   // blink::WebTrialTokenValidator implementation
   bool validateToken(const blink::WebString& token,
@@ -27,9 +27,9 @@ class CONTENT_EXPORT TrialTokenValidator
                      const blink::WebString& featureName) override;
 
  private:
-  DISALLOW_COPY_AND_ASSIGN(TrialTokenValidator);
+  DISALLOW_COPY_AND_ASSIGN(WebTrialTokenValidatorImpl);
 };
 
 }  // namespace content
 
-#endif  // CONTENT_RENDERER_ORIGIN_TRIALS_TRIAL_TOKEN_VALIDATOR_H_
+#endif  // CONTENT_RENDERER_ORIGIN_TRIALS_WEB_TRIAL_TOKEN_VALIDATOR_IMPL_H_
diff --git a/content/renderer/renderer_blink_platform_impl.h b/content/renderer/renderer_blink_platform_impl.h
index 90e644d..6fc8155 100644
--- a/content/renderer/renderer_blink_platform_impl.h
+++ b/content/renderer/renderer_blink_platform_impl.h
@@ -16,7 +16,7 @@
 #include "cc/blink/web_compositor_support_impl.h"
 #include "content/child/blink_platform_impl.h"
 #include "content/common/content_export.h"
-#include "content/renderer/origin_trials/trial_token_validator.h"
+#include "content/renderer/origin_trials/web_trial_token_validator_impl.h"
 #include "content/renderer/webpublicsuffixlist_impl.h"
 #include "device/vibration/vibration_manager.mojom.h"
 #include "third_party/WebKit/public/platform/WebGraphicsContext3D.h"
@@ -294,7 +294,7 @@ class CONTENT_EXPORT RendererBlinkPlatformImpl : public BlinkPlatformImpl {
 
   scheduler::RendererScheduler* renderer_scheduler_;  // NOT OWNED
 
-  TrialTokenValidator trial_token_validator_;
+  WebTrialTokenValidatorImpl trial_token_validator_;
 
   scoped_ptr<LocalStorageCachedAreas> local_storage_cached_areas_;
 
diff --git a/content/shell/common/shell_content_client.cc b/content/shell/common/shell_content_client.cc
index 842e0c1..82c2f0c 100644
--- a/content/shell/common/shell_content_client.cc
+++ b/content/shell/common/shell_content_client.cc
@@ -20,6 +20,19 @@
 
 namespace content {
 
+namespace {
+
+// This is the public key which the content shell will use to enable origin
+// trial features.
+// TODO(iclelland): Update this comment with the location of the public and
+// private key files when the command-line tool CL lands
+static const uint8_t kOriginTrialPublicKey[] = {
+    0x75, 0x10, 0xac, 0xf9, 0x3a, 0x1c, 0xb8, 0xa9, 0x28, 0x70, 0xd2,
+    0x9a, 0xd0, 0x0b, 0x59, 0xe1, 0xac, 0x2b, 0xb7, 0xd5, 0xca, 0x1f,
+    0x64, 0x90, 0x08, 0x8e, 0xa8, 0xe0, 0x56, 0x3a, 0x04, 0xd0,
+};
+}  // namespace
+
 std::string GetShellUserAgent() {
   std::string product = "Chrome/" CONTENT_SHELL_VERSION;
   base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
@@ -28,8 +41,12 @@ std::string GetShellUserAgent() {
   return BuildUserAgentFromProduct(product);
 }
 
-ShellContentClient::~ShellContentClient() {
-}
+ShellContentClient::ShellContentClient()
+    : origin_trial_public_key_(base::StringPiece(
+          reinterpret_cast<const char*>(kOriginTrialPublicKey),
+          arraysize(kOriginTrialPublicKey))) {}
+
+ShellContentClient::~ShellContentClient() {}
 
 std::string ShellContentClient::GetUserAgent() const {
   return GetShellUserAgent();
@@ -95,4 +112,8 @@ bool ShellContentClient::IsSupplementarySiteIsolationModeEnabled() {
       switches::kIsolateSitesForTesting);
 }
 
+base::StringPiece ShellContentClient::GetOriginTrialPublicKey() {
+  return origin_trial_public_key_;
+}
+
 }  // namespace content
diff --git a/content/shell/common/shell_content_client.h b/content/shell/common/shell_content_client.h
index ceebc52..2b1e7b6 100644
--- a/content/shell/common/shell_content_client.h
+++ b/content/shell/common/shell_content_client.h
@@ -17,6 +17,7 @@ std::string GetShellUserAgent();
 
 class ShellContentClient : public ContentClient {
  public:
+  ShellContentClient();
   ~ShellContentClient() override;
 
   std::string GetUserAgent() const override;
@@ -28,6 +29,10 @@ class ShellContentClient : public ContentClient {
       int resource_id) const override;
   gfx::Image& GetNativeImageNamed(int resource_id) const override;
   bool IsSupplementarySiteIsolationModeEnabled() override;
+  base::StringPiece GetOriginTrialPublicKey() override;
+
+ private:
+  base::StringPiece origin_trial_public_key_;
 };
 
 }  // namespace content
diff --git a/content/shell/renderer/shell_content_renderer_client.cc b/content/shell/renderer/shell_content_renderer_client.cc
index 1d12609..c799904 100644
--- a/content/shell/renderer/shell_content_renderer_client.cc
+++ b/content/shell/renderer/shell_content_renderer_client.cc
@@ -17,23 +17,7 @@
 
 namespace content {
 
-namespace {
-
-// This is the public key which the content shell will use to enable origin
-// trial features.
-// TODO(iclelland): Update this comment with the location of the public and
-// private key files when the command-line tool CL lands
-static const uint8_t kOriginTrialPublicKey[] = {
-    0x75, 0x10, 0xac, 0xf9, 0x3a, 0x1c, 0xb8, 0xa9, 0x28, 0x70, 0xd2,
-    0x9a, 0xd0, 0x0b, 0x59, 0xe1, 0xac, 0x2b, 0xb7, 0xd5, 0xca, 0x1f,
-    0x64, 0x90, 0x08, 0x8e, 0xa8, 0xe0, 0x56, 0x3a, 0x04, 0xd0,
-};
-}  // namespace
-
-ShellContentRendererClient::ShellContentRendererClient()
-    : origin_trial_public_key_(base::StringPiece(
-          reinterpret_cast<const char*>(kOriginTrialPublicKey),
-          arraysize(kOriginTrialPublicKey))) {}
+ShellContentRendererClient::ShellContentRendererClient() {}
 
 ShellContentRendererClient::~ShellContentRendererClient() {
 }
@@ -67,8 +51,4 @@ bool ShellContentRendererClient::IsPluginAllowedToUseDevChannelAPIs() {
 #endif
 }
 
-base::StringPiece ShellContentRendererClient::GetOriginTrialPublicKey() {
-  return origin_trial_public_key_;
-}
-
 }  // namespace content
diff --git a/content/shell/renderer/shell_content_renderer_client.h b/content/shell/renderer/shell_content_renderer_client.h
index 23d71a8..6c4e295 100644
--- a/content/shell/renderer/shell_content_renderer_client.h
+++ b/content/shell/renderer/shell_content_renderer_client.h
@@ -28,11 +28,9 @@ class ShellContentRendererClient : public ContentRendererClient {
   // need that outside of layout tests?
   bool IsPluginAllowedToUseCompositorAPI(const GURL& url) override;
   bool IsPluginAllowedToUseDevChannelAPIs() override;
-  base::StringPiece GetOriginTrialPublicKey() override;
 
  private:
   scoped_ptr<web_cache::WebCacheRenderProcessObserver> web_cache_observer_;
-  base::StringPiece origin_trial_public_key_;
 };
 
 }  // namespace content