1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
content / browser / aggregation_service / aggregation_service_key_fetcher.h [blame]
// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CONTENT_BROWSER_AGGREGATION_SERVICE_AGGREGATION_SERVICE_KEY_FETCHER_H_
#define CONTENT_BROWSER_AGGREGATION_SERVICE_AGGREGATION_SERVICE_KEY_FETCHER_H_
#include <memory>
#include <optional>
#include <vector>
#include "base/containers/circular_deque.h"
#include "base/containers/flat_map.h"
#include "base/functional/callback_forward.h"
#include "base/memory/raw_ptr.h"
#include "base/memory/weak_ptr.h"
#include "content/browser/aggregation_service/public_key.h"
#include "content/common/content_export.h"
class GURL;
namespace content {
class AggregationServiceStorageContext;
// This class is responsible for requesting keys from storage, owned by the
// assembler.
class CONTENT_EXPORT AggregationServiceKeyFetcher {
public:
// This class is responsible for fetching public keys from helper servers over
// the network.
class NetworkFetcher {
public:
virtual ~NetworkFetcher() = default;
using NetworkFetchCallback =
base::OnceCallback<void(std::optional<PublicKeyset>)>;
// Fetch public keys from the helper server endpoint `url`. Returns
// std::nullopt in case of network or parsing error.
virtual void FetchPublicKeys(const GURL& url,
NetworkFetchCallback callback) = 0;
};
enum class PublicKeyFetchStatus {
// TODO(crbug.com/40185368): Propagate up more granular errors.
kOk,
kPublicKeyFetchFailed,
kMaxValue = kPublicKeyFetchFailed,
};
using FetchCallback =
base::OnceCallback<void(std::optional<PublicKey>, PublicKeyFetchStatus)>;
AggregationServiceKeyFetcher(
AggregationServiceStorageContext* storage_context,
std::unique_ptr<NetworkFetcher> network_fetcher);
AggregationServiceKeyFetcher(const AggregationServiceKeyFetcher& other) =
delete;
AggregationServiceKeyFetcher& operator=(
const AggregationServiceKeyFetcher& other) = delete;
virtual ~AggregationServiceKeyFetcher();
// Gets a currently valid public key for `url` and triggers the `callback`
// once completed.
//
// Helper server's keys must be rotated weekly which is primarily to limit the
// impact of a compromised key. Any public key must be valid when fetched and
// this will be enforced by the key fetcher. This ensures that the key used to
// encrypt is valid at encryption time.
//
// To further limit the impact of a compromised key, we will support "key
// slicing". That is, each helper server may make multiple public keys
// available. At encryption time, the fetcher will (uniformly at random) pick
// one of the public keys to use. This selection should be made independently
// between reports so that the key choice cannot be used to partition reports
// into separate groups of users. Virtual for mocking in tests.
virtual void GetPublicKey(const GURL& url, FetchCallback callback);
private:
// Called when public keys are received from the storage.
void OnPublicKeysReceivedFromStorage(const GURL& url,
std::vector<PublicKey> keys);
// Keys are fetched from the network if they are not found in storage.
void FetchPublicKeysFromNetwork(const GURL& url);
// Called when public keys are received from the network fetcher.
void OnPublicKeysReceivedFromNetwork(const GURL& url,
std::optional<PublicKeyset> keyset);
// Runs callbacks for pending requests for `url` with the public keys
// received from the network or storage. Any keys specified must be currently
// valid.
void RunCallbacksForUrl(const GURL& url, const std::vector<PublicKey>& keys);
// Using a raw pointer is safe because `storage_context_` is guaranteed to
// outlive `this`.
raw_ptr<AggregationServiceStorageContext> storage_context_;
// Map of all URLs that are currently waiting for the public keys, and
// their associated fetch callbacks. Used to cache ongoing requests to the
// storage or network to prevent looking up the same key multiple times at
// once.
base::flat_map<GURL, base::circular_deque<FetchCallback>> url_callbacks_;
// Responsible for issuing requests to network for fetching public keys.
std::unique_ptr<NetworkFetcher> network_fetcher_;
base::WeakPtrFactory<AggregationServiceKeyFetcher> weak_factory_{this};
};
} // namespace content
#endif // CONTENT_BROWSER_AGGREGATION_SERVICE_AGGREGATION_SERVICE_KEY_FETCHER_H_