blob: a725ececb5489b110c7c861688fdfee015f544b0 [file] [log] [blame]
// Copyright (c) 2023 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef QUICHE_BLIND_SIGN_AUTH_BLIND_SIGN_AUTH_H_
#define QUICHE_BLIND_SIGN_AUTH_BLIND_SIGN_AUTH_H_
#include <memory>
#include <string>
#include "absl/status/status.h"
#include "absl/status/statusor.h"
#include "absl/time/time.h"
#include "anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client.h"
#include "anonymous_tokens/cpp/privacy_pass/rsa_bssa_public_metadata_client.h"
#include "quiche/blind_sign_auth/blind_sign_auth_interface.h"
#include "quiche/blind_sign_auth/blind_sign_auth_protos.h"
#include "quiche/blind_sign_auth/blind_sign_http_interface.h"
#include "quiche/blind_sign_auth/blind_sign_http_response.h"
#include "quiche/common/platform/api/quiche_export.h"
namespace quiche {
// BlindSignAuth provides signed, unblinded tokens to callers.
class QUICHE_EXPORT BlindSignAuth : public BlindSignAuthInterface {
public:
explicit BlindSignAuth(BlindSignHttpInterface* http_fetcher,
privacy::ppn::BlindSignAuthOptions auth_options)
: http_fetcher_(http_fetcher), auth_options_(std::move(auth_options)) {}
// Returns signed unblinded tokens and their expiration time in a callback.
// Tokens are single-use.
// GetTokens starts asynchronous HTTP POST requests to a signer hostname
// specified by the caller, with path and query params given in the request.
// The GetTokens callback will run on the same thread as the
// BlindSignHttpInterface callbacks.
// Callers can make multiple concurrent requests to GetTokens.
void GetTokens(std::string oauth_token, int num_tokens,
ProxyLayer proxy_layer, SignedTokenCallback callback) override;
private:
void GetInitialDataCallback(std::string oauth_token, int num_tokens,
ProxyLayer proxy_layer,
SignedTokenCallback callback,
absl::StatusOr<BlindSignHttpResponse> response);
void GeneratePrivacyPassTokens(
privacy::ppn::GetInitialDataResponse initial_data_response,
absl::Time public_metadata_expiry_time, std::string oauth_token,
int num_tokens, ProxyLayer proxy_layer, SignedTokenCallback callback);
void GenerateRsaBssaTokens(
privacy::ppn::GetInitialDataResponse initial_data_response,
absl::Time public_metadata_expiry_time, std::string oauth_token,
int num_tokens, ProxyLayer proxy_layer, SignedTokenCallback callback);
void AuthAndSignCallback(
privacy::ppn::PublicMetadataInfo public_metadata_info,
absl::Time public_key_expiry_time,
anonymous_tokens::AnonymousTokensSignRequest
at_sign_request,
std::unique_ptr<
anonymous_tokens::AnonymousTokensRsaBssaClient>
bssa_client,
SignedTokenCallback callback,
absl::StatusOr<BlindSignHttpResponse> response);
void PrivacyPassAuthAndSignCallback(
std::string encoded_extensions, absl::Time public_key_expiry_time,
anonymous_tokens::AnonymousTokensUseCase use_case,
std::vector<std::unique_ptr<anonymous_tokens::
PrivacyPassRsaBssaPublicMetadataClient>>
privacy_pass_clients,
SignedTokenCallback callback,
absl::StatusOr<BlindSignHttpResponse> response);
absl::Status FingerprintPublicMetadata(
const privacy::ppn::PublicMetadata& metadata, uint64_t* fingerprint);
absl::StatusCode HttpCodeToStatusCode(int http_code);
privacy::ppn::ProxyLayer QuicheProxyLayerToPpnProxyLayer(
quiche::ProxyLayer proxy_layer);
BlindSignHttpInterface* http_fetcher_ = nullptr;
privacy::ppn::BlindSignAuthOptions auth_options_;
};
} // namespace quiche
#endif // QUICHE_BLIND_SIGN_AUTH_BLIND_SIGN_AUTH_H_