1
    2
    3
    4
    5
    6
    7
    8
    9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48
   49
   50
   51
   52
   53
   54
   55
   56
   57
   58
   59
   60
   61
   62
   63
   64
   65
   66
   67
   68
   69
   70
   71
   72
   73
   74
   75
   76
   77
   78
   79
   80
   81
   82
   83
   84
   85
   86
   87
   88
   89
   90
   91
   92
   93
   94
   95
   96
   97
   98
   99
  100
  101
  102
  103
  104
  105
  106
  107
  108
  109
  110
  111
  112
  113
  114
  115
  116
  117
  118
  119
  120
  121
  122
  123
  124
  125
  126
  127
  128
  129
  130
  131


content / browser / web_package / subresource_signed_exchange_url_loader_factory.cc [blame]

// Copyright 2024 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "content/browser/web_package/subresource_signed_exchange_url_loader_factory.h"

#include <stdint.h>

#include <memory>
#include <utility>

#include "base/functional/bind.h"
#include "base/functional/callback.h"
#include "base/notreached.h"
#include "base/time/time.h"
#include "content/browser/web_package/signed_exchange_inner_response_url_loader.h"
#include "mojo/public/cpp/bindings/message.h"
#include "mojo/public/cpp/bindings/remote.h"
#include "mojo/public/cpp/bindings/self_owned_receiver.h"
#include "net/base/net_errors.h"
#include "services/network/public/cpp/initiator_lock_compatibility.h"
#include "services/network/public/cpp/resource_request.h"
#include "services/network/public/mojom/url_loader.mojom.h"
#include "storage/browser/blob/blob_data_handle.h"

namespace content {

namespace {

bool IsValidRequestInitiator(const network::ResourceRequest& request,
                             const url::Origin& request_initiator_origin_lock) {
  // TODO(lukasza): Deduplicate the check below by reusing parts of
  // CorsURLLoaderFactory::IsValidRequest (potentially also reusing the parts
  // that validate non-initiator-related parts of a ResourceRequest).
  network::InitiatorLockCompatibility initiator_lock_compatibility =
      network::VerifyRequestInitiatorLock(request_initiator_origin_lock,
                                          request.request_initiator);
  switch (initiator_lock_compatibility) {
    case network::InitiatorLockCompatibility::kBrowserProcess:
      // kBrowserProcess cannot happen outside of NetworkService.
      NOTREACHED_IN_MIGRATION();
      return false;

    case network::InitiatorLockCompatibility::kNoLock:
    case network::InitiatorLockCompatibility::kNoInitiator:
      // Only browser-initiated navigations can specify no initiator and we only
      // expect subresource requests (i.e. non-navigations) to go through
      // SubresourceSignedExchangeURLLoaderFactory::CreateLoaderAndStart.
      NOTREACHED_IN_MIGRATION();
      return false;

    case network::InitiatorLockCompatibility::kCompatibleLock:
      return true;

    case network::InitiatorLockCompatibility::kIncorrectLock:
      // This branch indicates that either 1) the CreateLoaderAndStart IPC was
      // forged by a malicious/compromised renderer process or 2) there are
      // renderer-side bugs.
      NOTREACHED_IN_MIGRATION();
      return false;
  }

  // Failing safely for an unrecognied `network::InitiatorLockCompatibility`
  // enum value.
  NOTREACHED_IN_MIGRATION();
  return false;
}

}  // namespace

SubresourceSignedExchangeURLLoaderFactory::
    SubresourceSignedExchangeURLLoaderFactory(
        mojo::PendingReceiver<network::mojom::URLLoaderFactory> receiver,
        std::unique_ptr<const PrefetchedSignedExchangeCacheEntry> entry,
        const url::Origin& request_initiator_origin_lock)
    : entry_(std::move(entry)),
      request_initiator_origin_lock_(request_initiator_origin_lock) {
  receivers_.Add(this, std::move(receiver));
  receivers_.set_disconnect_handler(base::BindRepeating(
      &SubresourceSignedExchangeURLLoaderFactory::OnMojoDisconnect,
      base::Unretained(this)));
}

SubresourceSignedExchangeURLLoaderFactory::
    ~SubresourceSignedExchangeURLLoaderFactory() = default;

void SubresourceSignedExchangeURLLoaderFactory::CreateLoaderAndStart(
    mojo::PendingReceiver<network::mojom::URLLoader> loader,
    int32_t request_id,
    uint32_t options,
    const network::ResourceRequest& request,
    mojo::PendingRemote<network::mojom::URLLoaderClient> client,
    const net::MutableNetworkTrafficAnnotationTag& traffic_annotation) {
  if (!IsValidRequestInitiator(request, request_initiator_origin_lock_)) {
    NOTREACHED_IN_MIGRATION();
    network::debug::ScopedResourceRequestCrashKeys request_crash_keys(request);
    network::debug::ScopedRequestInitiatorOriginLockCrashKey lock_crash_keys(
        request_initiator_origin_lock_);
    mojo::ReportBadMessage(
        "SubresourceSignedExchangeURLLoaderFactory: "
        "lock VS initiator mismatch");
    mojo::Remote<network::mojom::URLLoaderClient>(std::move(client))
        ->OnComplete(
            network::URLLoaderCompletionStatus(net::ERR_INVALID_ARGUMENT));
    return;
  }

  DCHECK_EQ(request.url, entry_->inner_url());
  mojo::MakeSelfOwnedReceiver(
      std::make_unique<SignedExchangeInnerResponseURLLoader>(
          request, entry_->inner_response().Clone(),
          std::make_unique<const storage::BlobDataHandle>(
              *entry_->blob_data_handle()),
          *entry_->completion_status(), std::move(client),
          false /* is_navigation_request */, orb_state_),
      std::move(loader));
}

void SubresourceSignedExchangeURLLoaderFactory::Clone(
    mojo::PendingReceiver<network::mojom::URLLoaderFactory> receiver) {
  receivers_.Add(this, std::move(receiver));
}

void SubresourceSignedExchangeURLLoaderFactory::OnMojoDisconnect() {
  if (!receivers_.empty()) {
    return;
  }
  delete this;
}

}  // namespace content