BlindSignAuth: Refactoring to support future Android BlindSignMessageInterface impl.
- Rename BlindSignHttpInterface to BlindSignMessageInterface
- Change BSA::GetTokens oauth_token parameter to std::optional<std::string>, since Android BSA callers will not have an OAuth token to pass in
- Change BlindSignMessageInterface::DoRequest authorization_header to std::optional<std::string>
- Stop setting oauth_token field in AuthAndSignRequest (field is unused for IP Protection and will be deprecated)
PiperOrigin-RevId: 614767846
diff --git a/build/source_list.bzl b/build/source_list.bzl
index c6e4873..cce928f 100644
--- a/build/source_list.bzl
+++ b/build/source_list.bzl
@@ -1612,8 +1612,8 @@
"blind_sign_auth/blind_sign_auth.h",
"blind_sign_auth/blind_sign_auth_interface.h",
"blind_sign_auth/blind_sign_auth_protos.h",
- "blind_sign_auth/blind_sign_http_interface.h",
"blind_sign_auth/blind_sign_http_response.h",
+ "blind_sign_auth/blind_sign_message_interface.h",
"blind_sign_auth/cached_blind_sign_auth.h",
"blind_sign_auth/test_tools/mock_blind_sign_auth_interface.h",
"blind_sign_auth/test_tools/mock_blind_sign_http_interface.h",
diff --git a/build/source_list.gni b/build/source_list.gni
index 72489d2..36d7c2d 100644
--- a/build/source_list.gni
+++ b/build/source_list.gni
@@ -1616,8 +1616,8 @@
"src/quiche/blind_sign_auth/blind_sign_auth.h",
"src/quiche/blind_sign_auth/blind_sign_auth_interface.h",
"src/quiche/blind_sign_auth/blind_sign_auth_protos.h",
- "src/quiche/blind_sign_auth/blind_sign_http_interface.h",
"src/quiche/blind_sign_auth/blind_sign_http_response.h",
+ "src/quiche/blind_sign_auth/blind_sign_message_interface.h",
"src/quiche/blind_sign_auth/cached_blind_sign_auth.h",
"src/quiche/blind_sign_auth/test_tools/mock_blind_sign_auth_interface.h",
"src/quiche/blind_sign_auth/test_tools/mock_blind_sign_http_interface.h",
diff --git a/build/source_list.json b/build/source_list.json
index 6bebbca..5c154ef 100644
--- a/build/source_list.json
+++ b/build/source_list.json
@@ -1615,8 +1615,8 @@
"quiche/blind_sign_auth/blind_sign_auth.h",
"quiche/blind_sign_auth/blind_sign_auth_interface.h",
"quiche/blind_sign_auth/blind_sign_auth_protos.h",
- "quiche/blind_sign_auth/blind_sign_http_interface.h",
"quiche/blind_sign_auth/blind_sign_http_response.h",
+ "quiche/blind_sign_auth/blind_sign_message_interface.h",
"quiche/blind_sign_auth/cached_blind_sign_auth.h",
"quiche/blind_sign_auth/test_tools/mock_blind_sign_auth_interface.h",
"quiche/blind_sign_auth/test_tools/mock_blind_sign_http_interface.h"
diff --git a/quiche/blind_sign_auth/blind_sign_auth.cc b/quiche/blind_sign_auth/blind_sign_auth.cc
index a9902cf..52a7bcb 100644
--- a/quiche/blind_sign_auth/blind_sign_auth.cc
+++ b/quiche/blind_sign_auth/blind_sign_auth.cc
@@ -8,6 +8,7 @@
#include <cstdint>
#include <cstring>
#include <memory>
+#include <optional>
#include <string>
#include <utility>
#include <vector>
@@ -27,8 +28,8 @@
#include "anonymous_tokens/cpp/shared/proto_utils.h"
#include "quiche/blind_sign_auth/blind_sign_auth_interface.h"
#include "quiche/blind_sign_auth/blind_sign_auth_protos.h"
-#include "quiche/blind_sign_auth/blind_sign_http_interface.h"
#include "quiche/blind_sign_auth/blind_sign_http_response.h"
+#include "quiche/blind_sign_auth/blind_sign_message_interface.h"
#include "quiche/common/platform/api/quiche_logging.h"
#include "quiche/common/quiche_endian.h"
#include "quiche/common/quiche_random.h"
@@ -46,8 +47,8 @@
} // namespace
-void BlindSignAuth::GetTokens(std::string oauth_token, int num_tokens,
- ProxyLayer proxy_layer,
+void BlindSignAuth::GetTokens(std::optional<std::string> oauth_token,
+ int num_tokens, ProxyLayer proxy_layer,
SignedTokenCallback callback) {
// Create GetInitialData RPC.
privacy::ppn::GetInitialDataRequest request;
@@ -69,8 +70,8 @@
}
void BlindSignAuth::GetInitialDataCallback(
- std::string oauth_token, int num_tokens, ProxyLayer proxy_layer,
- SignedTokenCallback callback,
+ std::optional<std::string> oauth_token, int num_tokens,
+ ProxyLayer proxy_layer, SignedTokenCallback callback,
absl::StatusOr<BlindSignHttpResponse> response) {
if (!response.ok()) {
QUICHE_LOG(WARNING) << "GetInitialDataRequest failed: "
@@ -125,8 +126,9 @@
void BlindSignAuth::GeneratePrivacyPassTokens(
privacy::ppn::GetInitialDataResponse initial_data_response,
- absl::Time public_metadata_expiry_time, std::string oauth_token,
- int num_tokens, ProxyLayer proxy_layer, SignedTokenCallback callback) {
+ absl::Time public_metadata_expiry_time,
+ std::optional<std::string> oauth_token, int num_tokens,
+ ProxyLayer proxy_layer, SignedTokenCallback callback) {
// Set up values used in the token generation loop.
anonymous_tokens::RSAPublicKey public_key_proto;
if (!public_key_proto.ParseFromString(
@@ -220,7 +222,6 @@
}
privacy::ppn::AuthAndSignRequest sign_request;
- sign_request.set_oauth_token(oauth_token);
sign_request.set_service_type("chromeipblinding");
sign_request.set_key_type(privacy::ppn::AT_PUBLIC_METADATA_KEY_TYPE);
sign_request.set_key_version(
@@ -256,8 +257,9 @@
void BlindSignAuth::GenerateRsaBssaTokens(
privacy::ppn::GetInitialDataResponse initial_data_response,
- absl::Time public_metadata_expiry_time, std::string oauth_token,
- int num_tokens, ProxyLayer proxy_layer, SignedTokenCallback callback) {
+ absl::Time public_metadata_expiry_time,
+ std::optional<std::string> oauth_token, int num_tokens,
+ ProxyLayer proxy_layer, SignedTokenCallback callback) {
// Create public metadata client.
auto bssa_client =
anonymous_tokens::AnonymousTokensRsaBssaClient::
@@ -311,7 +313,6 @@
// Create AuthAndSign RPC.
privacy::ppn::AuthAndSignRequest sign_request;
- sign_request.set_oauth_token(std::string(oauth_token));
sign_request.set_service_type("chromeipblinding");
sign_request.set_key_type(privacy::ppn::AT_PUBLIC_METADATA_KEY_TYPE);
sign_request.set_key_version(
@@ -332,8 +333,8 @@
&BlindSignAuth::AuthAndSignCallback, this, public_metadata_info,
public_metadata_expiry_time, *at_sign_request, *std::move(bssa_client),
std::move(callback));
- http_fetcher_->DoRequest(BlindSignHttpRequestType::kAuthAndSign,
- oauth_token.data(), sign_request.SerializeAsString(),
+ http_fetcher_->DoRequest(BlindSignHttpRequestType::kAuthAndSign, oauth_token,
+ sign_request.SerializeAsString(),
std::move(auth_and_sign_callback));
}
diff --git a/quiche/blind_sign_auth/blind_sign_auth.h b/quiche/blind_sign_auth/blind_sign_auth.h
index a725ece..009b085 100644
--- a/quiche/blind_sign_auth/blind_sign_auth.h
+++ b/quiche/blind_sign_auth/blind_sign_auth.h
@@ -6,6 +6,7 @@
#define QUICHE_BLIND_SIGN_AUTH_BLIND_SIGN_AUTH_H_
#include <memory>
+#include <optional>
#include <string>
#include "absl/status/status.h"
@@ -15,8 +16,8 @@
#include "anonymous_tokens/cpp/privacy_pass/rsa_bssa_public_metadata_client.h"
#include "quiche/blind_sign_auth/blind_sign_auth_interface.h"
#include "quiche/blind_sign_auth/blind_sign_auth_protos.h"
-#include "quiche/blind_sign_auth/blind_sign_http_interface.h"
#include "quiche/blind_sign_auth/blind_sign_http_response.h"
+#include "quiche/blind_sign_auth/blind_sign_message_interface.h"
#include "quiche/common/platform/api/quiche_export.h"
namespace quiche {
@@ -24,7 +25,7 @@
// BlindSignAuth provides signed, unblinded tokens to callers.
class QUICHE_EXPORT BlindSignAuth : public BlindSignAuthInterface {
public:
- explicit BlindSignAuth(BlindSignHttpInterface* http_fetcher,
+ explicit BlindSignAuth(BlindSignMessageInterface* http_fetcher,
privacy::ppn::BlindSignAuthOptions auth_options)
: http_fetcher_(http_fetcher), auth_options_(std::move(auth_options)) {}
@@ -33,24 +34,26 @@
// GetTokens starts asynchronous HTTP POST requests to a signer hostname
// specified by the caller, with path and query params given in the request.
// The GetTokens callback will run on the same thread as the
- // BlindSignHttpInterface callbacks.
+ // BlindSignMessageInterface callbacks.
// Callers can make multiple concurrent requests to GetTokens.
- void GetTokens(std::string oauth_token, int num_tokens,
+ void GetTokens(std::optional<std::string> oauth_token, int num_tokens,
ProxyLayer proxy_layer, SignedTokenCallback callback) override;
private:
- void GetInitialDataCallback(std::string oauth_token, int num_tokens,
- ProxyLayer proxy_layer,
+ void GetInitialDataCallback(std::optional<std::string> oauth_token,
+ int num_tokens, ProxyLayer proxy_layer,
SignedTokenCallback callback,
absl::StatusOr<BlindSignHttpResponse> response);
void GeneratePrivacyPassTokens(
privacy::ppn::GetInitialDataResponse initial_data_response,
- absl::Time public_metadata_expiry_time, std::string oauth_token,
- int num_tokens, ProxyLayer proxy_layer, SignedTokenCallback callback);
+ absl::Time public_metadata_expiry_time,
+ std::optional<std::string> oauth_token, int num_tokens,
+ ProxyLayer proxy_layer, SignedTokenCallback callback);
void GenerateRsaBssaTokens(
privacy::ppn::GetInitialDataResponse initial_data_response,
- absl::Time public_metadata_expiry_time, std::string oauth_token,
- int num_tokens, ProxyLayer proxy_layer, SignedTokenCallback callback);
+ absl::Time public_metadata_expiry_time,
+ std::optional<std::string> oauth_token, int num_tokens,
+ ProxyLayer proxy_layer, SignedTokenCallback callback);
void AuthAndSignCallback(
privacy::ppn::PublicMetadataInfo public_metadata_info,
absl::Time public_key_expiry_time,
@@ -75,7 +78,7 @@
privacy::ppn::ProxyLayer QuicheProxyLayerToPpnProxyLayer(
quiche::ProxyLayer proxy_layer);
- BlindSignHttpInterface* http_fetcher_ = nullptr;
+ BlindSignMessageInterface* http_fetcher_ = nullptr;
privacy::ppn::BlindSignAuthOptions auth_options_;
};
diff --git a/quiche/blind_sign_auth/blind_sign_auth_interface.h b/quiche/blind_sign_auth/blind_sign_auth_interface.h
index 81b2fd3..d0c36a3 100644
--- a/quiche/blind_sign_auth/blind_sign_auth_interface.h
+++ b/quiche/blind_sign_auth/blind_sign_auth_interface.h
@@ -5,6 +5,7 @@
#ifndef QUICHE_BLIND_SIGN_AUTH_BLIND_SIGN_AUTH_INTERFACE_H_
#define QUICHE_BLIND_SIGN_AUTH_BLIND_SIGN_AUTH_INTERFACE_H_
+#include <optional>
#include <string>
#include "absl/status/statusor.h"
@@ -38,7 +39,7 @@
virtual ~BlindSignAuthInterface() = default;
// Returns signed unblinded tokens in a callback. Tokens are single-use.
- virtual void GetTokens(std::string oauth_token, int num_tokens,
+ virtual void GetTokens(std::optional<std::string> oauth_token, int num_tokens,
ProxyLayer proxy_layer,
SignedTokenCallback callback) = 0;
};
diff --git a/quiche/blind_sign_auth/blind_sign_auth_test.cc b/quiche/blind_sign_auth/blind_sign_auth_test.cc
index 27883ce..3030992 100644
--- a/quiche/blind_sign_auth/blind_sign_auth_test.cc
+++ b/quiche/blind_sign_auth/blind_sign_auth_test.cc
@@ -21,8 +21,8 @@
#include "openssl/digest.h"
#include "quiche/blind_sign_auth/blind_sign_auth_interface.h"
#include "quiche/blind_sign_auth/blind_sign_auth_protos.h"
-#include "quiche/blind_sign_auth/blind_sign_http_interface.h"
#include "quiche/blind_sign_auth/blind_sign_http_response.h"
+#include "quiche/blind_sign_auth/blind_sign_message_interface.h"
#include "quiche/blind_sign_auth/test_tools/mock_blind_sign_http_interface.h"
#include "quiche/common/platform/api/quiche_mutex.h"
#include "quiche/common/platform/api/quiche_test.h"
@@ -186,7 +186,6 @@
ASSERT_TRUE(request.ParseFromString(body));
// Validate AuthAndSignRequest.
- EXPECT_EQ(request.oauth_token(), oauth_token_);
EXPECT_EQ(request.service_type(), "chromeipblinding");
// Phosphor does not need the public key hash if the KeyType is
// privacy::ppn::AT_PUBLIC_METADATA_KEY_TYPE.
diff --git a/quiche/blind_sign_auth/blind_sign_http_interface.h b/quiche/blind_sign_auth/blind_sign_message_interface.h
similarity index 77%
rename from quiche/blind_sign_auth/blind_sign_http_interface.h
rename to quiche/blind_sign_auth/blind_sign_message_interface.h
index 294ae7f..5edad7b 100644
--- a/quiche/blind_sign_auth/blind_sign_http_interface.h
+++ b/quiche/blind_sign_auth/blind_sign_message_interface.h
@@ -2,12 +2,14 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#ifndef QUICHE_BLIND_SIGN_AUTH_BLIND_SIGN_HTTP_INTERFACE_H_
-#define QUICHE_BLIND_SIGN_AUTH_BLIND_SIGN_HTTP_INTERFACE_H_
+#ifndef QUICHE_BLIND_SIGN_AUTH_BLIND_SIGN_MESSAGE_INTERFACE_H_
+#define QUICHE_BLIND_SIGN_AUTH_BLIND_SIGN_MESSAGE_INTERFACE_H_
+#include <optional>
#include <string>
#include "absl/status/statusor.h"
+#include "absl/strings/string_view.h"
#include "quiche/blind_sign_auth/blind_sign_http_response.h"
#include "quiche/common/platform/api/quiche_export.h"
#include "quiche/common/quiche_callbacks.h"
@@ -26,9 +28,9 @@
// Interface for async HTTP POST requests in BlindSignAuth.
// Implementers must send a request to a signer server's URL
// and call the provided callback when the request is complete.
-class QUICHE_EXPORT BlindSignHttpInterface {
+class QUICHE_EXPORT BlindSignMessageInterface {
public:
- virtual ~BlindSignHttpInterface() = default;
+ virtual ~BlindSignMessageInterface() = default;
// Non-HTTP errors (like failing to create a socket) must return an
// absl::Status.
// HTTP errors must set status_code and body in BlindSignHttpResponse.
@@ -39,11 +41,11 @@
// DoRequest is async. When the request completes, the implementer must call
// the provided callback.
virtual void DoRequest(BlindSignHttpRequestType request_type,
- const std::string& authorization_header,
+ std::optional<absl::string_view> authorization_header,
const std::string& body,
BlindSignHttpCallback callback) = 0;
};
} // namespace quiche
-#endif // QUICHE_BLIND_SIGN_AUTH_BLIND_SIGN_HTTP_INTERFACE_H_
+#endif // QUICHE_BLIND_SIGN_AUTH_BLIND_SIGN_MESSAGE_INTERFACE_H_
diff --git a/quiche/blind_sign_auth/cached_blind_sign_auth.cc b/quiche/blind_sign_auth/cached_blind_sign_auth.cc
index 638703e..157c103 100644
--- a/quiche/blind_sign_auth/cached_blind_sign_auth.cc
+++ b/quiche/blind_sign_auth/cached_blind_sign_auth.cc
@@ -4,6 +4,8 @@
#include "quiche/blind_sign_auth/cached_blind_sign_auth.h"
+#include <optional>
+#include <string>
#include <utility>
#include <vector>
@@ -22,8 +24,8 @@
constexpr absl::Duration kFreshnessConstant = absl::Minutes(5);
-void CachedBlindSignAuth::GetTokens(std::string oauth_token, int num_tokens,
- ProxyLayer proxy_layer,
+void CachedBlindSignAuth::GetTokens(std::optional<std::string> oauth_token,
+ int num_tokens, ProxyLayer proxy_layer,
SignedTokenCallback callback) {
if (num_tokens > max_tokens_per_request_) {
std::move(callback)(absl::InvalidArgumentError(
diff --git a/quiche/blind_sign_auth/cached_blind_sign_auth.h b/quiche/blind_sign_auth/cached_blind_sign_auth.h
index b453e55..72540b0 100644
--- a/quiche/blind_sign_auth/cached_blind_sign_auth.h
+++ b/quiche/blind_sign_auth/cached_blind_sign_auth.h
@@ -36,10 +36,10 @@
// Tokens are single-use. They will not be usable after the expiration time.
//
// The GetTokens callback may be called synchronously on the calling thread,
- // or asynchronously on BlindSignAuth's BlindSignHttpInterface thread.
+ // or asynchronously on BlindSignAuth's BlindSignMessageInterface thread.
// The GetTokens callback must not acquire any locks that the calling thread
// owns, otherwise the callback will deadlock.
- void GetTokens(std::string oauth_token, int num_tokens,
+ void GetTokens(std::optional<std::string> oauth_token, int num_tokens,
ProxyLayer proxy_layer, SignedTokenCallback callback) override;
// Removes all tokens in the cache.
diff --git a/quiche/blind_sign_auth/cached_blind_sign_auth_test.cc b/quiche/blind_sign_auth/cached_blind_sign_auth_test.cc
index 3f18938..8851560 100644
--- a/quiche/blind_sign_auth/cached_blind_sign_auth_test.cc
+++ b/quiche/blind_sign_auth/cached_blind_sign_auth_test.cc
@@ -5,6 +5,7 @@
#include "quiche/blind_sign_auth/cached_blind_sign_auth.h"
#include <memory>
+#include <optional>
#include <string>
#include <utility>
#include <vector>
@@ -63,7 +64,7 @@
MockBlindSignAuthInterface mock_blind_sign_auth_interface_;
std::unique_ptr<CachedBlindSignAuth> cached_blind_sign_auth_;
- std::string oauth_token_ = "oauth_token";
+ std::optional<std::string> oauth_token_ = "oauth_token";
std::vector<BlindSignToken> fake_tokens_;
};
diff --git a/quiche/blind_sign_auth/test_tools/mock_blind_sign_auth_interface.h b/quiche/blind_sign_auth/test_tools/mock_blind_sign_auth_interface.h
index d3af877..7b63fe4 100644
--- a/quiche/blind_sign_auth/test_tools/mock_blind_sign_auth_interface.h
+++ b/quiche/blind_sign_auth/test_tools/mock_blind_sign_auth_interface.h
@@ -5,6 +5,7 @@
#ifndef QUICHE_BLIND_SIGN_AUTH_TEST_TOOLS_MOCK_BLIND_SIGN_AUTH_INTERFACE_H_
#define QUICHE_BLIND_SIGN_AUTH_TEST_TOOLS_MOCK_BLIND_SIGN_AUTH_INTERFACE_H_
+#include <optional>
#include <string>
#include "quiche/blind_sign_auth/blind_sign_auth_interface.h"
@@ -17,8 +18,8 @@
: public BlindSignAuthInterface {
public:
MOCK_METHOD(void, GetTokens,
- (std::string oauth_token, int num_tokens, ProxyLayer proxy_layer,
- SignedTokenCallback callback),
+ (std::optional<std::string> oauth_token, int num_tokens,
+ ProxyLayer proxy_layer, SignedTokenCallback callback),
(override));
};
diff --git a/quiche/blind_sign_auth/test_tools/mock_blind_sign_http_interface.h b/quiche/blind_sign_auth/test_tools/mock_blind_sign_http_interface.h
index 6e86e58..ae2d2e0 100644
--- a/quiche/blind_sign_auth/test_tools/mock_blind_sign_http_interface.h
+++ b/quiche/blind_sign_auth/test_tools/mock_blind_sign_http_interface.h
@@ -5,21 +5,23 @@
#ifndef QUICHE_BLIND_SIGN_AUTH_TEST_TOOLS_MOCK_BLIND_SIGN_HTTP_INTERFACE_H_
#define QUICHE_BLIND_SIGN_AUTH_TEST_TOOLS_MOCK_BLIND_SIGN_HTTP_INTERFACE_H_
+#include <optional>
#include <string>
-#include "quiche/blind_sign_auth/blind_sign_http_interface.h"
+#include "absl/strings/string_view.h"
+#include "quiche/blind_sign_auth/blind_sign_message_interface.h"
#include "quiche/common/platform/api/quiche_export.h"
#include "quiche/common/platform/api/quiche_test.h"
namespace quiche::test {
class QUICHE_NO_EXPORT MockBlindSignHttpInterface
- : public BlindSignHttpInterface {
+ : public BlindSignMessageInterface {
public:
MOCK_METHOD(void, DoRequest,
(BlindSignHttpRequestType request_type,
- const std::string& authorization_header, const std::string& body,
- BlindSignHttpCallback callback),
+ std::optional<absl::string_view> authorization_header,
+ const std::string& body, BlindSignHttpCallback callback),
(override));
};