230 lines
9.0 KiB
C++
230 lines
9.0 KiB
C++
// Copyright 2022 The Chromium Authors
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#ifndef NET_BASE_NETWORK_ANONYMIZATION_KEY_H_
|
|
#define NET_BASE_NETWORK_ANONYMIZATION_KEY_H_
|
|
|
|
#include <cstddef>
|
|
#include <string>
|
|
#include <tuple>
|
|
|
|
#include "base/unguessable_token.h"
|
|
#include "net/base/net_export.h"
|
|
#include "net/base/network_isolation_key.h"
|
|
#include "net/base/schemeful_site.h"
|
|
#include "third_party/abseil-cpp/absl/types/optional.h"
|
|
|
|
namespace base {
|
|
class Value;
|
|
}
|
|
|
|
namespace net {
|
|
|
|
// NetworkAnonymizationKey will be used to partition shared network state based
|
|
// on the context on which they were made. This class is an expiremental key
|
|
// that contains properties that will be changed via feature flags.
|
|
|
|
// NetworkAnonymizationKey contains the following properties:
|
|
|
|
// `top_frame_site` represents the SchemefulSite of the pages top level frame.
|
|
// In order to separate first and third party context from each other this field
|
|
// will always be populated.
|
|
|
|
// `is_cross_site` indicates whether the key is cross-site or same-site. A
|
|
// same-site key indicates that he schemeful site of the top frame and the frame
|
|
// are the same. Intermediary frames between the two may be cross-site to them.
|
|
// The effect of this property is to partition first-party and third-party
|
|
// resources within a given `top_frame_site`.
|
|
|
|
// The following show how the `is_cross_site` boolean is populated for the
|
|
// innermost frame in the chain.
|
|
// a->a => is_cross_site = false
|
|
// a->b => is_cross_site = true
|
|
// a->b->a => is_cross_site = false
|
|
// a->(sandboxed a [has nonce]) => is_cross_site = true
|
|
|
|
// The `nonce` value creates a key for anonymous iframes by giving them a
|
|
// temporary `nonce` value which changes per top level navigation. For now, any
|
|
// NetworkAnonymizationKey with a nonce will be considered transient. This is
|
|
// being considered to possibly change in the future in an effort to allow
|
|
// anonymous iframes with the same partition key access to shared resources.
|
|
// The nonce value will be empty except for anonymous iframes.
|
|
|
|
// TODO @brgoldstein, add link to public documentation of key scheme naming
|
|
// conventions.
|
|
|
|
class NET_EXPORT NetworkAnonymizationKey {
|
|
public:
|
|
// Construct an empty key.
|
|
NetworkAnonymizationKey();
|
|
|
|
NetworkAnonymizationKey(
|
|
const NetworkAnonymizationKey& network_anonymization_key);
|
|
NetworkAnonymizationKey(NetworkAnonymizationKey&& network_anonymization_key);
|
|
|
|
~NetworkAnonymizationKey();
|
|
|
|
NetworkAnonymizationKey& operator=(
|
|
const NetworkAnonymizationKey& network_anonymization_key);
|
|
NetworkAnonymizationKey& operator=(
|
|
NetworkAnonymizationKey&& network_anonymization_key);
|
|
|
|
// Compare keys for equality, true if all enabled fields are equal.
|
|
bool operator==(const NetworkAnonymizationKey& other) const {
|
|
return std::tie(top_frame_site_, is_cross_site_, nonce_) ==
|
|
std::tie(other.top_frame_site_, other.is_cross_site_, other.nonce_);
|
|
}
|
|
|
|
// Compare keys for inequality, true if any enabled field varies.
|
|
bool operator!=(const NetworkAnonymizationKey& other) const {
|
|
return !(*this == other);
|
|
}
|
|
|
|
// Provide an ordering for keys based on all enabled fields.
|
|
bool operator<(const NetworkAnonymizationKey& other) const {
|
|
return std::tie(top_frame_site_, is_cross_site_, nonce_) <
|
|
std::tie(other.top_frame_site_, other.is_cross_site_, other.nonce_);
|
|
}
|
|
|
|
// Create a `NetworkAnonymizationKey` from a `top_frame_site`, assuming it is
|
|
// same-site (see comment on the class, above) and has no nonce.
|
|
static NetworkAnonymizationKey CreateSameSite(
|
|
const SchemefulSite& top_frame_site) {
|
|
return NetworkAnonymizationKey(top_frame_site, false, absl::nullopt);
|
|
}
|
|
|
|
// Create a `NetworkAnonymizationKey` from a `top_frame_site`, assuming it is
|
|
// cross-site (see comment on the class, above) and has no nonce.
|
|
static NetworkAnonymizationKey CreateCrossSite(
|
|
const SchemefulSite& top_frame_site) {
|
|
return NetworkAnonymizationKey(top_frame_site, true, absl::nullopt);
|
|
}
|
|
|
|
// Create a `NetworkAnonymizationKey` from a `top_frame_site` and
|
|
// `frame_site`. This calculates is_cross_site on the basis of those two
|
|
// sites.
|
|
static NetworkAnonymizationKey CreateFromFrameSite(
|
|
const SchemefulSite& top_frame_site,
|
|
const SchemefulSite& frame_site,
|
|
absl::optional<base::UnguessableToken> nonce = absl::nullopt);
|
|
|
|
// Creates a `NetworkAnonymizationKey` from a `NetworkIsolationKey`. This is
|
|
// possible because a `NetworkIsolationKey` must always be more granular
|
|
// than a `NetworkAnonymizationKey`.
|
|
static NetworkAnonymizationKey CreateFromNetworkIsolationKey(
|
|
const net::NetworkIsolationKey& network_isolation_key);
|
|
|
|
// Creates a `NetworkAnonymizationKey` from its constituent parts. This
|
|
// is intended to be used to build a NAK from Mojo, and for tests.
|
|
static NetworkAnonymizationKey CreateFromParts(
|
|
const SchemefulSite& top_frame_site,
|
|
bool is_cross_site,
|
|
absl::optional<base::UnguessableToken> nonce = absl::nullopt) {
|
|
return NetworkAnonymizationKey(top_frame_site, is_cross_site, nonce);
|
|
}
|
|
|
|
// TODO(crbug/1372769)
|
|
// Intended for temporary use in locations that should be using main frame and
|
|
// frame origin, but are currently only using frame origin, because the
|
|
// creating object may be shared across main frame objects. Having a special
|
|
// constructor for these methods makes it easier to keep track of locating
|
|
// callsites that need to have their NetworkAnonymizationKey filled in.
|
|
static NetworkAnonymizationKey ToDoUseTopFrameOriginAsWell(
|
|
const url::Origin& incorrectly_used_frame_origin) {
|
|
net::SchemefulSite incorrectly_used_frame_site =
|
|
net::SchemefulSite(incorrectly_used_frame_origin);
|
|
return NetworkAnonymizationKey(incorrectly_used_frame_site, false);
|
|
}
|
|
|
|
// Creates a transient non-empty NetworkAnonymizationKey by creating an opaque
|
|
// origin. This prevents the NetworkAnonymizationKey from sharing data with
|
|
// other NetworkAnonymizationKey.
|
|
static NetworkAnonymizationKey CreateTransient();
|
|
|
|
// Returns the string representation of the key.
|
|
std::string ToDebugString() const;
|
|
|
|
// Returns true if all parts of the key are empty.
|
|
bool IsEmpty() const;
|
|
|
|
// Returns true if `top_frame_site_` is non-empty.
|
|
bool IsFullyPopulated() const;
|
|
|
|
// Returns true if this key's lifetime is short-lived. It may not make sense
|
|
// to persist state to disk related to it (e.g., disk cache).
|
|
// A NetworkAnonymizationKey will be considered transient if
|
|
// `top_frame_site_` is empty or opaque or if the key has a `nonce_`.
|
|
bool IsTransient() const;
|
|
|
|
// Getters for the top frame, frame site, nonce and is cross site flag.
|
|
const absl::optional<SchemefulSite>& GetTopFrameSite() const {
|
|
return top_frame_site_;
|
|
}
|
|
|
|
bool IsCrossSite() const { return is_cross_site_; }
|
|
|
|
bool IsSameSite() const { return !IsCrossSite(); }
|
|
|
|
const absl::optional<base::UnguessableToken>& GetNonce() const {
|
|
return nonce_;
|
|
}
|
|
|
|
// Returns a representation of |this| as a base::Value. Returns false on
|
|
// failure. Succeeds if either IsEmpty() or !IsTransient().
|
|
[[nodiscard]] bool ToValue(base::Value* out_value) const;
|
|
|
|
// Inverse of ToValue(). Writes the result to |network_anonymization_key|.
|
|
// Returns false on failure. Fails on values that could not have been produced
|
|
// by ToValue(), like transient origins.
|
|
[[nodiscard]] static bool FromValue(
|
|
const base::Value& value,
|
|
NetworkAnonymizationKey* out_network_anonymization_key);
|
|
|
|
// Determine whether network state partitioning is enabled. This is true if
|
|
// any of the features
|
|
//
|
|
// * `SplitHostCacheByNetworkIsolationKey`
|
|
// * `PartitionConnectionsByNetworkIsolationKey`
|
|
// * `PartitionHttpServerPropertiesByNetworkIsolationKey`
|
|
// * `PartitionSSLSessionsByNetworkIsolationKey`
|
|
// * `PartitionNelAndReportingByNetworkIsolationKey`
|
|
//
|
|
// is enabled, or if `PartitionByDefault()` has been called.
|
|
static bool IsPartitioningEnabled();
|
|
|
|
// Default partitioning to enabled, regardless of feature settings. This must
|
|
// be called before any calls to `IsPartitioningEnabled()`.
|
|
static void PartitionByDefault();
|
|
|
|
// Clear partitioning-related globals.
|
|
static void ClearGlobalsForTesting();
|
|
|
|
private:
|
|
NetworkAnonymizationKey(
|
|
const SchemefulSite& top_frame_site,
|
|
bool is_cross_site,
|
|
absl::optional<base::UnguessableToken> nonce = absl::nullopt);
|
|
|
|
std::string GetSiteDebugString(
|
|
const absl::optional<SchemefulSite>& site) const;
|
|
|
|
static absl::optional<std::string> SerializeSiteWithNonce(
|
|
const SchemefulSite& site);
|
|
|
|
// The origin/etld+1 of the top frame of the page making the request. This
|
|
// will always be populated unless all other fields are also nullopt.
|
|
absl::optional<SchemefulSite> top_frame_site_;
|
|
|
|
// True if the frame site is cross site when compared to the top frame site.
|
|
// This is always false for a non-fully-populated NAK.
|
|
bool is_cross_site_;
|
|
|
|
// for non-opaque origins.
|
|
absl::optional<base::UnguessableToken> nonce_;
|
|
};
|
|
|
|
} // namespace net
|
|
|
|
#endif // NET_BASE_NETWORK_ANONYMIZATION_KEY_H_
|