diff options
Diffstat (limited to 'content/renderer/origin_trials')
6 files changed, 200 insertions, 28 deletions
diff --git a/content/renderer/origin_trials/trial_token.cc b/content/renderer/origin_trials/trial_token.cc index 46624b6..5cf69ac 100644 --- a/content/renderer/origin_trials/trial_token.cc +++ b/content/renderer/origin_trials/trial_token.cc @@ -24,15 +24,6 @@ namespace { // Version 1 is the only token version currently supported const uint8_t kVersion1 = 1; -// This is the default public key used for validating signatures. -// TODO(iclelland): Move this to the embedder, and provide a mechanism to allow -// for multiple signing keys. https://crbug.com/543220 -static const uint8_t kPublicKey[] = { - 0x7c, 0xc4, 0xb8, 0x9a, 0x93, 0xba, 0x6e, 0xe2, 0xd0, 0xfd, 0x03, - 0x1d, 0xfb, 0x32, 0x66, 0xc7, 0x3b, 0x72, 0xfd, 0x54, 0x3a, 0x07, - 0x51, 0x14, 0x66, 0xaa, 0x02, 0x53, 0x4e, 0x33, 0xa1, 0x15, -}; - const char* kFieldSeparator = "|"; } // namespace @@ -116,12 +107,11 @@ bool TrialToken::IsAppropriate(const std::string& origin, return ValidateOrigin(origin) && ValidateFeatureName(feature_name); } -bool TrialToken::IsValid(const base::Time& now) const { +bool TrialToken::IsValid(const base::Time& now, + const base::StringPiece& public_key) const { // TODO(iclelland): Allow for multiple signing keys, and iterate over all // active keys here. https://crbug.com/543220 - return ValidateDate(now) && - ValidateSignature(base::StringPiece( - reinterpret_cast<const char*>(kPublicKey), arraysize(kPublicKey))); + return ValidateDate(now) && ValidateSignature(public_key); } bool TrialToken::ValidateOrigin(const std::string& origin) const { diff --git a/content/renderer/origin_trials/trial_token.h b/content/renderer/origin_trials/trial_token.h index c133bbb..7ad75df 100644 --- a/content/renderer/origin_trials/trial_token.h +++ b/content/renderer/origin_trials/trial_token.h @@ -44,7 +44,8 @@ class CONTENT_EXPORT TrialToken { const std::string& featureName) const; // Returns true if this token has a valid signature, and has not expired. - bool IsValid(const base::Time& now) const; + bool IsValid(const base::Time& now, + const base::StringPiece& public_key) const; uint8_t version() { return version_; } std::string signature() { return signature_; } diff --git a/content/renderer/origin_trials/trial_token_unittest.cc b/content/renderer/origin_trials/trial_token_unittest.cc index 2a19db7..2552152 100644 --- a/content/renderer/origin_trials/trial_token_unittest.cc +++ b/content/renderer/origin_trials/trial_token_unittest.cc @@ -6,6 +6,7 @@ #include "base/macros.h" #include "base/memory/scoped_ptr.h" +#include "base/strings/string_piece.h" #include "base/strings/string_util.h" #include "base/test/simple_test_clock.h" #include "base/time/time.h" @@ -30,6 +31,21 @@ const uint8_t kTestPublicKey[] = { 0x64, 0x90, 0x08, 0x8e, 0xa8, 0xe0, 0x56, 0x3a, 0x04, 0xd0, }; +// This is a valid, but incorrect, public key for testing signatures against. +// The corresponding private key is: +// +// 0x21, 0xee, 0xfa, 0x81, 0x6a, 0xff, 0xdf, 0xb8, 0xc1, 0xdd, 0x75, +// 0x05, 0x04, 0x29, 0x68, 0x67, 0x60, 0x85, 0x91, 0xd0, 0x50, 0x16, +// 0x0a, 0xcf, 0xa2, 0x37, 0xa3, 0x2e, 0x11, 0x7a, 0x17, 0x96, 0x50, +// 0x07, 0x4d, 0x76, 0x55, 0x56, 0x42, 0x17, 0x2d, 0x8a, 0x9c, 0x47, +// 0x96, 0x25, 0xda, 0x70, 0xaa, 0xb9, 0xfd, 0x53, 0x5d, 0x51, 0x3e, +// 0x16, 0xab, 0xb4, 0x86, 0xea, 0xf3, 0x35, 0xc6, 0xca +const uint8_t kTestPublicKey2[] = { + 0x50, 0x07, 0x4d, 0x76, 0x55, 0x56, 0x42, 0x17, 0x2d, 0x8a, 0x9c, + 0x47, 0x96, 0x25, 0xda, 0x70, 0xaa, 0xb9, 0xfd, 0x53, 0x5d, 0x51, + 0x3e, 0x16, 0xab, 0xb4, 0x86, 0xea, 0xf3, 0x35, 0xc6, 0xca, +}; + // This is a good trial token, signed with the above test private key. const char* kSampleToken = "1|UsEO0cNxoUtBnHDJdGPWTlXuLENjXcEIPL7Bs7sbvicPCcvAtyqhQuTJ9h/u1R3VZpWigtI+" @@ -97,9 +113,12 @@ const size_t kNumInvalidTokens = arraysize(kInvalidTokens); class TrialTokenTest : public testing::Test { public: TrialTokenTest() - : public_key_( + : correct_public_key_( base::StringPiece(reinterpret_cast<const char*>(kTestPublicKey), - arraysize(kTestPublicKey))) {} + arraysize(kTestPublicKey))), + incorrect_public_key_( + base::StringPiece(reinterpret_cast<const char*>(kTestPublicKey2), + arraysize(kTestPublicKey2))) {} protected: bool ValidateOrigin(TrialToken* token, const char* origin) { @@ -119,10 +138,14 @@ class TrialTokenTest : public testing::Test { return token->ValidateSignature(public_key); } - const base::StringPiece& public_key() { return public_key_; }; + const base::StringPiece& correct_public_key() { return correct_public_key_; } + const base::StringPiece& incorrect_public_key() { + return incorrect_public_key_; + } private: - base::StringPiece public_key_; + base::StringPiece correct_public_key_; + base::StringPiece incorrect_public_key_; }; TEST_F(TrialTokenTest, ParseEmptyString) { @@ -183,20 +206,27 @@ TEST_F(TrialTokenTest, TokenIsAppropriateForOriginAndFeature) { TEST_F(TrialTokenTest, ValidateValidSignature) { scoped_ptr<TrialToken> token = TrialToken::Parse(kSampleToken); ASSERT_TRUE(token); - EXPECT_TRUE(ValidateSignature(token.get(), public_key())); + EXPECT_TRUE(ValidateSignature(token.get(), correct_public_key())); } TEST_F(TrialTokenTest, ValidateInvalidSignature) { scoped_ptr<TrialToken> token = TrialToken::Parse(kInvalidSignatureToken); ASSERT_TRUE(token); - EXPECT_FALSE(ValidateSignature(token.get(), public_key())); + EXPECT_FALSE(ValidateSignature(token.get(), correct_public_key())); +} + +TEST_F(TrialTokenTest, ValidateTokenWithCorrectKey) { + scoped_ptr<TrialToken> token = TrialToken::Parse(kSampleToken); + ASSERT_TRUE(token); + EXPECT_TRUE(token->IsValid(base::Time::FromDoubleT(kValidTimestamp), + correct_public_key())); } -TEST_F(TrialTokenTest, ValidateSignatureOnWrongKey) { +TEST_F(TrialTokenTest, ValidateSignatureWithIncorrectKey) { scoped_ptr<TrialToken> token = TrialToken::Parse(kSampleToken); ASSERT_TRUE(token); - // Signature will be invalid if tested against the real public key - EXPECT_FALSE(token->IsValid(base::Time::FromDoubleT(kValidTimestamp))); + EXPECT_FALSE(token->IsValid(base::Time::FromDoubleT(kValidTimestamp), + incorrect_public_key())); } TEST_F(TrialTokenTest, ValidateWhenNotExpired) { diff --git a/content/renderer/origin_trials/trial_token_validator.cc b/content/renderer/origin_trials/trial_token_validator.cc index bbdd857..1df8dc78 100644 --- a/content/renderer/origin_trials/trial_token_validator.cc +++ b/content/renderer/origin_trials/trial_token_validator.cc @@ -5,6 +5,8 @@ #include "content/renderer/origin_trials/trial_token_validator.h" #include "base/time/time.h" +#include "content/public/common/content_client.h" +#include "content/public/renderer/content_renderer_client.h" #include "content/renderer/origin_trials/trial_token.h" namespace content { @@ -15,10 +17,17 @@ TrialTokenValidator::~TrialTokenValidator() {} bool TrialTokenValidator::validateToken(const blink::WebString& token, const blink::WebString& origin, const blink::WebString& featureName) { - scoped_ptr<TrialToken> trialToken = TrialToken::Parse(token.utf8()); - return trialToken && - trialToken->IsAppropriate(origin.utf8(), featureName.utf8()) && - trialToken->IsValid(base::Time::Now()); + scoped_ptr<TrialToken> trial_token = TrialToken::Parse(token.utf8()); + + ContentClient* content_client = GetContentClient(); + CHECK(content_client); + + base::StringPiece public_key = + content_client->renderer()->GetOriginTrialPublicKey(); + + return !public_key.empty() && trial_token && + trial_token->IsAppropriate(origin.utf8(), featureName.utf8()) && + trial_token->IsValid(base::Time::Now(), public_key); } } // namespace content diff --git a/content/renderer/origin_trials/trial_token_validator.h b/content/renderer/origin_trials/trial_token_validator.h index 6afd01b..a0ce6c2 100644 --- a/content/renderer/origin_trials/trial_token_validator.h +++ b/content/renderer/origin_trials/trial_token_validator.h @@ -6,6 +6,7 @@ #define CONTENT_RENDERER_ORIGIN_TRIALS_TRIAL_TOKEN_VALIDATOR_H_ #include <string> +#include "content/common/content_export.h" #include "third_party/WebKit/public/platform/WebTrialTokenValidator.h" namespace content { @@ -14,7 +15,8 @@ namespace content { // to validate tokens to enable experimental features. // // This class is thread-safe. -class TrialTokenValidator : public blink::WebTrialTokenValidator { +class CONTENT_EXPORT TrialTokenValidator + : public NON_EXPORTED_BASE(blink::WebTrialTokenValidator) { public: TrialTokenValidator(); ~TrialTokenValidator() override; diff --git a/content/renderer/origin_trials/trial_token_validator_unittest.cc b/content/renderer/origin_trials/trial_token_validator_unittest.cc new file mode 100644 index 0000000..2bdb8883 --- /dev/null +++ b/content/renderer/origin_trials/trial_token_validator_unittest.cc @@ -0,0 +1,140 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "content/renderer/origin_trials/trial_token_validator.h" + +#include "base/macros.h" +#include "base/memory/scoped_ptr.h" +#include "base/strings/string_util.h" +#include "base/test/simple_test_clock.h" +#include "base/time/time.h" +#include "content/public/renderer/content_renderer_client.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace content { + +namespace { + +// This is a sample public key for testing the API. The corresponding private +// key (use this to generate new samples for this test file) is: +// +// 0x83, 0x67, 0xf4, 0xcd, 0x2a, 0x1f, 0x0e, 0x04, 0x0d, 0x43, 0x13, +// 0x4c, 0x67, 0xc4, 0xf4, 0x28, 0xc9, 0x90, 0x15, 0x02, 0xe2, 0xba, +// 0xfd, 0xbb, 0xfa, 0xbc, 0x92, 0x76, 0x8a, 0x2c, 0x4b, 0xc7, 0x75, +// 0x10, 0xac, 0xf9, 0x3a, 0x1c, 0xb8, 0xa9, 0x28, 0x70, 0xd2, 0x9a, +// 0xd0, 0x0b, 0x59, 0xe1, 0xac, 0x2b, 0xb7, 0xd5, 0xca, 0x1f, 0x64, +// 0x90, 0x08, 0x8e, 0xa8, 0xe0, 0x56, 0x3a, 0x04, 0xd0 +const uint8_t kTestPublicKey[] = { + 0x75, 0x10, 0xac, 0xf9, 0x3a, 0x1c, 0xb8, 0xa9, 0x28, 0x70, 0xd2, + 0x9a, 0xd0, 0x0b, 0x59, 0xe1, 0xac, 0x2b, 0xb7, 0xd5, 0xca, 0x1f, + 0x64, 0x90, 0x08, 0x8e, 0xa8, 0xe0, 0x56, 0x3a, 0x04, 0xd0, +}; + +// 0x21, 0xee, 0xfa, 0x81, 0x6a, 0xff, 0xdf, 0xb8, 0xc1, 0xdd, 0x75, +// 0x05, 0x04, 0x29, 0x68, 0x67, 0x60, 0x85, 0x91, 0xd0, 0x50, 0x16, +// 0x0a, 0xcf, 0xa2, 0x37, 0xa3, 0x2e, 0x11, 0x7a, 0x17, 0x96, 0x50, +// 0x07, 0x4d, 0x76, 0x55, 0x56, 0x42, 0x17, 0x2d, 0x8a, 0x9c, 0x47, +// 0x96, 0x25, 0xda, 0x70, 0xaa, 0xb9, 0xfd, 0x53, 0x5d, 0x51, 0x3e, +// 0x16, 0xab, 0xb4, 0x86, 0xea, 0xf3, 0x35, 0xc6, 0xca +const uint8_t kTestPublicKey2[] = { + 0x50, 0x07, 0x4d, 0x76, 0x55, 0x56, 0x42, 0x17, 0x2d, 0x8a, 0x9c, + 0x47, 0x96, 0x25, 0xda, 0x70, 0xaa, 0xb9, 0xfd, 0x53, 0x5d, 0x51, + 0x3e, 0x16, 0xab, 0xb4, 0x86, 0xea, 0xf3, 0x35, 0xc6, 0xca, +}; + +// This is a good trial token, signed with the above test private key. +// TODO(iclelland): This token expires in 2033. Update it or find a way +// to autogenerate it before then. +const char kSampleToken[] = + "1|w694328Rl8l2vd96nkbAumpwvOOnvhWTj9/pfBRkvcWMDAsmiMEhZGEPzdBRy5Yao6il5qC" + "OyS6Ah7uuHf7JAQ==|https://valid.example.com|Frobulate|2000000000"; + +// The token should be valid for this origin and for this feature. +const char kAppropriateOrigin[] = "https://valid.example.com"; +const char kAppropriateFeatureName[] = "Frobulate"; + +const char kInappropriateFeatureName[] = "Grokalyze"; +const char kInappropriateOrigin[] = "https://invalid.example.com"; +const char kInsecureOrigin[] = "http://valid.example.com"; + +// Well-formed trial token with an invalid signature. +const char kInvalidSignatureToken[] = + "1|CO8hDne98QeFeOJ0DbRZCBN3uE0nyaPgaLlkYhSWnbRoDfEAg+TXELaYfQPfEvKYFauBg/h" + "nxmba765hz0mXMc==|https://valid.example.com|Frobulate|2000000000"; + +// Well-formed, but expired, trial token. (Expired in 2001) +const char kExpiredToken[] = + "1|Vtzq/H0qMxsMXPThIgGEvI13d3Fd8K3W11/0E+FrJJXqBpx6n/dFkeFkEUsPaP3KeT8PCPF" + "1zpZ7kVgWYRLpAA==|https://valid.example.com|Frobulate|1000000000"; + +const char kUnparsableToken[] = "abcde"; + +class TestContentRendererClient : public content::ContentRendererClient { + public: + base::StringPiece GetOriginTrialPublicKey() override { + return base::StringPiece(reinterpret_cast<const char*>(key_), + arraysize(kTestPublicKey)); + } + void SetOriginTrialPublicKey(const uint8_t* key) { key_ = key; } + const uint8_t* key_ = nullptr; +}; + +} // namespace + +class TrialTokenValidatorTest : public testing::Test { + public: + TrialTokenValidatorTest() { + SetPublicKey(kTestPublicKey); + SetRendererClientForTesting(&test_content_renderer_client_); + } + + void SetPublicKey(const uint8_t* key) { + test_content_renderer_client_.SetOriginTrialPublicKey(key); + } + + TrialTokenValidator trial_token_validator_; + + private: + TestContentRendererClient test_content_renderer_client_; +}; + +TEST_F(TrialTokenValidatorTest, ValidateValidToken) { + EXPECT_TRUE(trial_token_validator_.validateToken( + kSampleToken, kAppropriateOrigin, kAppropriateFeatureName)); +} + +TEST_F(TrialTokenValidatorTest, ValidateInappropriateOrigin) { + EXPECT_FALSE(TrialTokenValidator().validateToken( + kSampleToken, kInappropriateOrigin, kAppropriateFeatureName)); + EXPECT_FALSE(TrialTokenValidator().validateToken( + kSampleToken, kInsecureOrigin, kAppropriateFeatureName)); +} + +TEST_F(TrialTokenValidatorTest, ValidateInappropriateFeature) { + EXPECT_FALSE(TrialTokenValidator().validateToken( + kSampleToken, kAppropriateOrigin, kInappropriateFeatureName)); +} + +TEST_F(TrialTokenValidatorTest, ValidateInvalidSignature) { + EXPECT_FALSE(TrialTokenValidator().validateToken( + kInvalidSignatureToken, kAppropriateOrigin, kAppropriateFeatureName)); +} + +TEST_F(TrialTokenValidatorTest, ValidateUnparsableToken) { + EXPECT_FALSE(TrialTokenValidator().validateToken( + kUnparsableToken, kAppropriateOrigin, kAppropriateFeatureName)); +} + +TEST_F(TrialTokenValidatorTest, ValidateExpiredToken) { + EXPECT_FALSE(TrialTokenValidator().validateToken( + kExpiredToken, kAppropriateOrigin, kAppropriateFeatureName)); +} + +TEST_F(TrialTokenValidatorTest, ValidateValidTokenWithIncorrectKey) { + SetPublicKey(kTestPublicKey2); + EXPECT_FALSE(TrialTokenValidator().validateToken( + kSampleToken, kAppropriateOrigin, kAppropriateFeatureName)); +} + +} // namespace content |