xref: /aosp_15_r20/external/cronet/net/third_party/quiche/src/quiche/blind_sign_auth/blind_sign_auth.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright (c) 2023 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef QUICHE_BLIND_SIGN_AUTH_BLIND_SIGN_AUTH_H_
6 #define QUICHE_BLIND_SIGN_AUTH_BLIND_SIGN_AUTH_H_
7 
8 #include <memory>
9 #include <optional>
10 #include <string>
11 
12 #include "absl/status/status.h"
13 #include "absl/status/statusor.h"
14 #include "absl/time/time.h"
15 #include "anonymous_tokens/cpp/privacy_pass/rsa_bssa_public_metadata_client.h"
16 #include "quiche/blind_sign_auth/blind_sign_auth_interface.h"
17 #include "quiche/blind_sign_auth/blind_sign_auth_protos.h"
18 #include "quiche/blind_sign_auth/blind_sign_http_response.h"
19 #include "quiche/blind_sign_auth/blind_sign_message_interface.h"
20 #include "quiche/common/platform/api/quiche_export.h"
21 
22 namespace quiche {
23 
24 // BlindSignAuth provides signed, unblinded tokens to callers.
25 class QUICHE_EXPORT BlindSignAuth : public BlindSignAuthInterface {
26  public:
BlindSignAuth(BlindSignMessageInterface * http_fetcher,privacy::ppn::BlindSignAuthOptions auth_options)27   explicit BlindSignAuth(BlindSignMessageInterface* http_fetcher,
28                          privacy::ppn::BlindSignAuthOptions auth_options)
29       : http_fetcher_(http_fetcher), auth_options_(std::move(auth_options)) {}
30 
31   // Returns signed unblinded tokens and their expiration time in a callback.
32   // Tokens are single-use.
33   // GetTokens starts asynchronous HTTP POST requests to a signer hostname
34   // specified by the caller, with path and query params given in the request.
35   // The GetTokens callback will run on the same thread as the
36   // BlindSignMessageInterface callbacks.
37   // Callers can make multiple concurrent requests to GetTokens.
38   void GetTokens(std::optional<std::string> oauth_token, int num_tokens,
39                  ProxyLayer proxy_layer, SignedTokenCallback callback) override;
40 
41  private:
42   void GetInitialDataCallback(std::optional<std::string> oauth_token,
43                               int num_tokens, ProxyLayer proxy_layer,
44                               SignedTokenCallback callback,
45                               absl::StatusOr<BlindSignHttpResponse> response);
46   void GeneratePrivacyPassTokens(
47       privacy::ppn::GetInitialDataResponse initial_data_response,
48       std::optional<std::string> oauth_token, int num_tokens,
49       ProxyLayer proxy_layer, SignedTokenCallback callback);
50   void PrivacyPassAuthAndSignCallback(
51       std::string encoded_extensions, absl::Time public_key_expiry_time,
52       anonymous_tokens::AnonymousTokensUseCase use_case,
53       std::vector<std::unique_ptr<anonymous_tokens::
54                                       PrivacyPassRsaBssaPublicMetadataClient>>
55           privacy_pass_clients,
56       SignedTokenCallback callback,
57       absl::StatusOr<BlindSignHttpResponse> response);
58   absl::StatusCode HttpCodeToStatusCode(int http_code);
59   privacy::ppn::ProxyLayer QuicheProxyLayerToPpnProxyLayer(
60       quiche::ProxyLayer proxy_layer);
61 
62   BlindSignMessageInterface* http_fetcher_ = nullptr;
63   privacy::ppn::BlindSignAuthOptions auth_options_;
64 };
65 
66 }  // namespace quiche
67 
68 #endif  // QUICHE_BLIND_SIGN_AUTH_BLIND_SIGN_AUTH_H_
69