1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
5 use origin_trial_token::{RawToken, Token, TokenValidationError, Usage};
10 // NOTE(emilio): 0 is reserved for WebIDL usage.
12 CoepCredentialless = 2,
18 fn from_str(s: &str) -> Option<Self> {
20 "TestTrial" => Self::TestTrial,
21 "CoepCredentialless" => Self::CoepCredentialless,
28 pub enum OriginTrialResult {
29 Ok { trial: OriginTrial },
31 MismatchedPayloadSize { expected: usize, actual: usize },
34 UnsupportedThirdPartyToken,
35 UnexpectedUsageInNonThirdPartyToken,
42 impl OriginTrialResult {
43 fn from_error(e: TokenValidationError) -> Self {
45 TokenValidationError::BufferTooSmall => OriginTrialResult::BufferTooSmall,
46 TokenValidationError::MismatchedPayloadSize { expected, actual } => {
47 OriginTrialResult::MismatchedPayloadSize { expected, actual }
49 TokenValidationError::InvalidSignature => OriginTrialResult::InvalidSignature,
50 TokenValidationError::UnknownVersion => OriginTrialResult::UnknownVersion,
51 TokenValidationError::UnsupportedThirdPartyToken => {
52 OriginTrialResult::UnsupportedThirdPartyToken
54 TokenValidationError::UnexpectedUsageInNonThirdPartyToken => {
55 OriginTrialResult::UnexpectedUsageInNonThirdPartyToken
57 TokenValidationError::MalformedPayload(..) => OriginTrialResult::MalformedPayload,
62 /// A struct that allows you to configure how validation on works, and pass
63 /// state to the signature verification.
65 pub struct OriginTrialValidationParams {
66 /// Verify a given signature against the signed data.
67 pub verify_signature: extern "C" fn(
72 user_data: *mut c_void,
75 /// Returns whether a given origin, which is passed as the first two
76 /// arguments, and guaranteed to be valid UTF-8, passes the validation for a
78 pub matches_origin: extern "C" fn(
83 is_usage_subset: bool,
84 user_data: *mut c_void,
87 /// A pointer with user-supplied data that will be passed down to the
88 /// other functions in this method.
89 pub user_data: *mut c_void,
93 pub unsafe extern "C" fn origin_trials_parse_and_validate_token(
96 params: &OriginTrialValidationParams,
97 ) -> OriginTrialResult {
98 let slice = std::slice::from_raw_parts(bytes, len);
99 let raw_token = match RawToken::from_buffer(slice) {
101 Err(e) => return OriginTrialResult::from_error(e),
104 // Verifying the token is usually more expensive than the early-outs here.
105 let token = match Token::from_raw_token_unverified(raw_token) {
107 Err(e) => return OriginTrialResult::from_error(e),
110 if token.is_expired() {
111 return OriginTrialResult::ExpiredToken;
114 let trial = match OriginTrial::from_str(token.feature()) {
116 None => return OriginTrialResult::UnknownTrial,
119 let is_usage_subset = match token.usage {
120 Usage::None => false,
121 Usage::Subset => true,
124 if !(params.matches_origin)(
125 token.origin.as_ptr(),
128 token.is_third_party,
132 return OriginTrialResult::OriginMismatch;
135 let valid_signature = raw_token.verify(|signature, data| {
136 (params.verify_signature)(
145 if !valid_signature {
146 return OriginTrialResult::InvalidSignature;
149 OriginTrialResult::Ok { trial }