1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
content / browser / web_package / signed_exchange_handler.h [blame]
// Copyright 2018 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CONTENT_BROWSER_WEB_PACKAGE_SIGNED_EXCHANGE_HANDLER_H_
#define CONTENT_BROWSER_WEB_PACKAGE_SIGNED_EXCHANGE_HANDLER_H_
#include <optional>
#include <string>
#include <string_view>
#include "base/functional/callback.h"
#include "base/memory/raw_ptr.h"
#include "base/time/time.h"
#include "content/browser/web_package/signed_exchange_consts.h"
#include "content/browser/web_package/signed_exchange_envelope.h"
#include "content/browser/web_package/signed_exchange_error.h"
#include "content/browser/web_package/signed_exchange_prologue.h"
#include "content/common/content_export.h"
#include "content/public/browser/frame_tree_node_id.h"
#include "mojo/public/cpp/bindings/remote.h"
#include "mojo/public/cpp/system/data_pipe.h"
#include "net/base/io_buffer.h"
#include "net/base/ip_endpoint.h"
#include "net/base/isolation_info.h"
#include "net/cert/cert_verifier.h"
#include "net/cert/cert_verify_result.h"
#include "net/log/net_log_with_source.h"
#include "services/network/public/cpp/shared_url_loader_factory.h"
#include "services/network/public/mojom/restricted_cookie_manager.mojom.h"
#include "services/network/public/mojom/url_response_head.mojom.h"
#include "url/gurl.h"
#include "url/origin.h"
namespace blink {
class WebPackageRequestMatcher;
} // namespace blink
namespace net {
class CertVerifyResult;
class DrainableIOBuffer;
class SourceStream;
} // namespace net
namespace bssl {
struct OCSPVerifyResult;
} // namespace bssl
namespace network {
namespace mojom {
class NetworkContext;
}
} // namespace network
namespace content {
class PrefetchedSignedExchangeCacheEntry;
class SignedExchangeCertFetcher;
class SignedExchangeCertFetcherFactory;
class SignedExchangeCertificateChain;
class SignedExchangeDevToolsProxy;
class SignedExchangeReporter;
// SignedExchangeHandler reads "application/signed-exchange" format from a
// net::SourceStream, parses and verifies the signed exchange, and reports
// the result asynchronously via SignedExchangeHandler::ExchangeHeadersCallback.
//
// Note that verifying a signed exchange requires an associated certificate
// chain. SignedExchangeHandler creates a SignedExchangeCertFetcher to
// fetch the certificate chain over the network, and verifies it with the
// net::CertVerifier.
class CONTENT_EXPORT SignedExchangeHandler {
public:
// Callback that will be called when SXG header is parsed and its signature is
// validated against a verified certificate, or on failure.
// On success:
// - |result| is kSuccess.
// - |request_url| is the exchange's request's URL.
// - |resource_response| contains inner response's headers.
// - The payload stream can be read from |payload_stream|.
// On failure:
// - |result| indicates the failure reason.
// - |error| indicates the net::Error if |result| is kSXGHeaderNetError.
// - |request_url| may refer to the fallback URL.
using ExchangeHeadersCallback = base::OnceCallback<void(
SignedExchangeLoadResult result,
net::Error error,
const GURL& request_url,
network::mojom::URLResponseHeadPtr resource_response,
std::unique_ptr<net::SourceStream> payload_stream)>;
static void SetNetworkContextForTesting(
network::mojom::NetworkContext* network_context);
static void SetShouldIgnoreCertValidityPeriodErrorForTesting(bool ignore);
// Once constructed |this| starts reading the |body| and parses the response
// as a signed HTTP exchange. The response body of the exchange can be read
// from |payload_stream| passed to |headers_callback|. |cert_fetcher_factory|
// is used to create a SignedExchangeCertFetcher that fetches the certificate.
SignedExchangeHandler(
bool is_secure_transport,
bool has_nosniff,
std::string_view content_type,
std::unique_ptr<net::SourceStream> body,
ExchangeHeadersCallback headers_callback,
std::unique_ptr<SignedExchangeCertFetcherFactory> cert_fetcher_factory,
std::optional<net::IsolationInfo> outer_request_isolation_info,
int load_flags,
const net::IPEndPoint& remote_endpoint,
std::unique_ptr<blink::WebPackageRequestMatcher> request_matcher,
std::unique_ptr<SignedExchangeDevToolsProxy> devtools_proxy,
SignedExchangeReporter* reporter,
FrameTreeNodeId frame_tree_node_id);
SignedExchangeHandler(const SignedExchangeHandler&) = delete;
SignedExchangeHandler& operator=(const SignedExchangeHandler&) = delete;
virtual ~SignedExchangeHandler();
int64_t GetExchangeHeaderLength() const { return exchange_header_length_; }
// Called to get the following information about the loaded signed exchange:
// - Header integrity value
// - Signature expire time
// - Cert URL
// - Cert server IP address
// If failed to parse the signed exchange, this method fails and returns
// false. Otherwise, returns true.
virtual bool GetSignedExchangeInfoForPrefetchCache(
PrefetchedSignedExchangeCacheEntry& entry) const;
protected:
SignedExchangeHandler();
private:
enum class State {
kReadingPrologueBeforeFallbackUrl,
kReadingPrologueFallbackUrlAndAfter,
kReadingHeaders,
kFetchingCertificate,
kHeadersCallbackCalled,
};
const GURL& GetFallbackUrl() const;
void SetupBuffers(size_t size);
void DoHeaderLoop();
void DidReadHeader(bool completed_syncly, int result);
SignedExchangeLoadResult ParsePrologueBeforeFallbackUrl();
SignedExchangeLoadResult ParsePrologueFallbackUrlAndAfter();
SignedExchangeLoadResult ParseHeadersAndFetchCertificate();
void RunErrorCallback(SignedExchangeLoadResult result, net::Error);
void OnCertReceived(
SignedExchangeLoadResult result,
std::unique_ptr<SignedExchangeCertificateChain> cert_chain,
net::IPAddress cert_server_ip_address);
SignedExchangeLoadResult CheckCertRequirements(
const net::X509Certificate* verified_cert);
bool CheckOCSPStatus(const bssl::OCSPVerifyResult& ocsp_result);
void OnVerifyCert(int32_t error_code,
const net::CertVerifyResult& cv_result,
bool pkp_bypassed);
void CheckAbsenceOfCookies(base::OnceClosure callback);
void OnGetCookies(base::OnceClosure callback,
const std::vector<net::CookieWithAccessResult>& results);
void CreateResponse(network::mojom::URLResponseHeadPtr response_head);
std::unique_ptr<net::SourceStream> CreateResponseBodyStream();
const bool is_secure_transport_;
const bool has_nosniff_;
ExchangeHeadersCallback headers_callback_;
std::optional<SignedExchangeVersion> version_;
std::unique_ptr<net::SourceStream> source_;
State state_ = State::kReadingPrologueBeforeFallbackUrl;
// Buffer used for prologue and envelope reading.
scoped_refptr<net::IOBuffer> header_buf_;
// Wrapper around |header_buf_| to progressively read fixed-size data.
scoped_refptr<net::DrainableIOBuffer> header_read_buf_;
int64_t exchange_header_length_ = 0;
signed_exchange_prologue::BeforeFallbackUrl prologue_before_fallback_url_;
signed_exchange_prologue::FallbackUrlAndAfter
prologue_fallback_url_and_after_;
std::optional<SignedExchangeEnvelope> envelope_;
std::unique_ptr<SignedExchangeCertFetcherFactory> cert_fetcher_factory_;
std::unique_ptr<SignedExchangeDevToolsProxy> devtools_proxy_;
// `cert_fetcher_` borrows reference from `devtools_proxy_`, so it needs to be
// declared last, so that it is destroyed first.
std::unique_ptr<SignedExchangeCertFetcher> cert_fetcher_;
// `outer_request_isolation_info_` will be set unless this corresponds to a
// prefetch request.
std::optional<net::IsolationInfo> outer_request_isolation_info_;
const int load_flags_ = 0;
const net::IPEndPoint remote_endpoint_;
std::unique_ptr<SignedExchangeCertificateChain> unverified_cert_chain_;
std::unique_ptr<blink::WebPackageRequestMatcher> request_matcher_;
mojo::Remote<network::mojom::RestrictedCookieManager> cookie_manager_;
// This is owned by SignedExchangeLoader which is the owner of |this|.
raw_ptr<SignedExchangeReporter> reporter_;
const FrameTreeNodeId frame_tree_node_id_;
base::TimeTicks cert_fetch_start_time_;
net::IPAddress cert_server_ip_address_;
base::WeakPtrFactory<SignedExchangeHandler> weak_factory_{this};
};
// Used only for testing.
class SignedExchangeHandlerFactory {
public:
virtual ~SignedExchangeHandlerFactory() {}
virtual std::unique_ptr<SignedExchangeHandler> Create(
const GURL& outer_url,
std::unique_ptr<net::SourceStream> body,
SignedExchangeHandler::ExchangeHeadersCallback headers_callback,
std::unique_ptr<SignedExchangeCertFetcherFactory>
cert_fetcher_factory) = 0;
};
} // namespace content
#endif // CONTENT_BROWSER_WEB_PACKAGE_SIGNED_EXCHANGE_HANDLER_H_