Google Git
Sign in
quiche/quiche.git/b1fb613a46944eee28e7bc260922e62be8fe177f^!/.
commit
b1fb613a46944eee28e7bc260922e62be8fe177f
[log]
author
elburrito <elburrito@google.com>
Thu Nov 02 11:23:28 2023 -0700
committer
Copybara-Service <copybara-worker@google.com>
Thu Nov 02 11:24:39 2023 -0700
tree
da7afc887e6f194a952fc7b7540c3d88153f7a19
parent
567bd54c0ebd12d5c59560c2dbbd641276977495 [diff]
Use ValidateExtensionsCardinality in BlindSignAuth

PiperOrigin-RevId: 578921500

diff --git a/quiche/blind_sign_auth/blind_sign_auth.cc b/quiche/blind_sign_auth/blind_sign_auth.cc
index fbfd429..62ca574 100644
--- a/quiche/blind_sign_auth/blind_sign_auth.cc
+++ b/quiche/blind_sign_auth/blind_sign_auth.cc

@@ -4,7 +4,6 @@
 
 #include "quiche/blind_sign_auth/blind_sign_auth.h"
 
-#include <algorithm>
 #include <cstddef>
 #include <cstdint>
 #include <cstring>
@@ -19,6 +18,7 @@
 #include "absl/strings/escaping.h"
 #include "absl/strings/str_cat.h"
 #include "absl/strings/string_view.h"
+#include "absl/time/clock.h"
 #include "absl/types/span.h"
 #include "anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client.h"
 #include "anonymous_tokens/cpp/crypto/crypto_utils.h"
@@ -146,6 +146,17 @@
     std::move(callback)(extensions.status());
     return;
   }
+  std::vector<uint16_t> kExpectedExtensionTypes = {
+      /*ExpirationTimestamp=*/0x0001, /*GeoHint=*/0x0002,
+      /*ServiceType=*/0xF001, /*DebugMode=*/0xF002};
+  absl::Status result =
+      anonymous_tokens::ValidateExtensionsOrderAndValues(
+          *extensions, absl::MakeSpan(kExpectedExtensionTypes), absl::Now());
+  if (!result.ok()) {
+    QUICHE_LOG(WARNING) << "Failed to validate extensions: " << result;
+    std::move(callback)(result);
+    return;
+  }
 
   // Create token challenge.
   anonymous_tokens::TokenChallenge challenge;

diff --git a/quiche/blind_sign_auth/blind_sign_auth_test.cc b/quiche/blind_sign_auth/blind_sign_auth_test.cc
index 9f61ee4..e2727fe 100644
--- a/quiche/blind_sign_auth/blind_sign_auth_test.cc
+++ b/quiche/blind_sign_auth/blind_sign_auth_test.cc

@@ -124,7 +124,7 @@
     extensions_.extensions.push_back(*expiration_extension);
 
     anonymous_tokens::GeoHint geo_hint;
-    geo_hint.country_code = "US";
+    geo_hint.geo_hint = "US,US-AL,ALABASTER";
     absl::StatusOr<anonymous_tokens::Extension>
         geo_hint_extension = geo_hint.AsExtension();
     QUICHE_EXPECT_OK(geo_hint_extension);
@@ -138,6 +138,13 @@
     QUICHE_EXPECT_OK(service_type_extension);
     extensions_.extensions.push_back(*service_type_extension);
 
+    anonymous_tokens::DebugMode debug_mode;
+    debug_mode.mode = anonymous_tokens::DebugMode::kDebug;
+    absl::StatusOr<anonymous_tokens::Extension>
+        debug_mode_extension = debug_mode.AsExtension();
+    QUICHE_EXPECT_OK(debug_mode_extension);
+    extensions_.extensions.push_back(*debug_mode_extension);
+
     absl::StatusOr<std::string> serialized_extensions =
         anonymous_tokens::EncodeExtensions(extensions_);
     QUICHE_EXPECT_OK(serialized_extensions);