// Copyright 2024 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
module network.mojom;
import "mojo/public/mojom/base/time.mojom";
import "sandbox/policy/mojom/context.mojom";
import "services/network/public/mojom/clear_data_filter.mojom";
import "services/network/public/mojom/cookie_manager.mojom";
import "services/network/public/mojom/schemeful_site.mojom";
import "url/mojom/url.mojom";
// LINT.IfChange
struct DeviceBoundSessionKey {
// The site the session is scoped to.
SchemefulSite site;
// The site-scoped identifier for the session.
string id;
};
// LINT.ThenChange(//net/device_bound_sessions/session_key.h)
// LINT.IfChange
enum DeviceBoundSessionAccessType {
kCreation = 0,
kUpdate = 1,
kTermination = 2,
};
struct DeviceBoundSessionAccess {
// Type of access
DeviceBoundSessionAccessType access_type;
// Key of accessed session
DeviceBoundSessionKey session_key;
// Bound cookie names. Only populated when `access_type` is `kTermination`.
array<string> cookies;
};
// LINT.ThenChange(//net/device_bound_sessions/session_access.h)
// LINT.IfChange
enum DeviceBoundSessionUsage {
kUnknown = 0,
kNoUsage = 1,
kInScopeNotDeferred = 2,
kDeferred = 3,
};
// LINT.ThenChange(//net/device_bound_sessions/session_usage.h)
// LINT.IfChange(DeviceBoundSessionDeletionReason)
enum DeviceBoundSessionDeletionReason {
kExpired = 0, // Session was not used for too long.
kFailedToRestoreKey = 1, // Could not restore key from disk.
kFailedToUnwrapKey = 2, // Could not unwrap a key loaded from disk.
kStoragePartitionCleared = 3, // Site data is being cleared due to the Clear-Site-Data header.
kClearBrowsingData = 4, // Site data is being cleared by the user on chrome://settings/clearBrowsingData.
kServerRequested = 5, // Server explicitly requested termination.
kInvalidSessionParams = 6, // Refresh provided invalid params.
kRefreshFatalError = 7, // Fatal error during refresh.
};
// LINT.ThenChange(//net/device_bound_sessions/deletion_reason.h:DeletionReason)
// LINT.IfChange(DeviceBoundSessionParams)
// The following provides Mojo bindings over the DBSC JSON registration
// payload. See the spec for details about their intended semantics:
// https://w3c.github.io/webappsec-dbsc/#format-session-instructions
enum DeviceBoundSessionScopeSpecificationType {
kExclude,
kInclude,
};
struct DeviceBoundSessionScopeSpecification {
DeviceBoundSessionScopeSpecificationType type;
string domain;
string path;
};
struct DeviceBoundSessionScope {
bool include_site;
array<DeviceBoundSessionScopeSpecification> specifications;
string origin;
};
struct DeviceBoundSessionCredential {
string name;
string attributes;
};
struct DeviceBoundSessionParams {
string session_id;
url.mojom.Url fetcher_url;
string refresh_url;
DeviceBoundSessionScope scope;
array<DeviceBoundSessionCredential> credentials;
array<string> allowed_refresh_initiators;
};
// LINT.ThenChange(//net/device_bound_sessions/session_params.h:SessionParams)
// LINT.IfChange(DeviceBoundSessionError)
enum DeviceBoundSessionError {
kSuccess = 0, // Only used for metrics, a session error will never have
// this error type.
kKeyError = 1,
kSigningError = 2,
// Deprecated: kNetError = 3,
// Deprecated: kHttpError = 4,
kServerRequestedTermination = 5,
// Deprecated: kInvalidConfigJson = 6,
kInvalidSessionId = 7,
// Deprecated: kInvalidCredentials = 8,
kInvalidChallenge = 9,
kTooManyChallenges = 10,
kInvalidFetcherUrl = 11,
kInvalidRefreshUrl = 12,
kTransientHttpError = 13,
// Deprecated: kPersistentHttpError = 14,
kScopeOriginSameSiteMismatch = 15,
kRefreshUrlSameSiteMismatch = 16,
// Deprecated: kInvalidScopeOrigin = 17,
kMismatchedSessionId = 18,
// Deprecated: kInvalidRefreshInitiators = 19,
// Deprecated: kInvalidScopeRule = 20,
kMissingScope = 21,
kNoCredentials = 22,
// Deprecated: kInvalidScopeIncludeSite = 23,
kSubdomainRegistrationWellKnownUnavailable = 24,
kSubdomainRegistrationUnauthorized = 25,
kSubdomainRegistrationWellKnownMalformed = 26,
// Deprecated: kFederatedNotAuthorized = 27,
kSessionProviderWellKnownUnavailable = 28,
// Deprecated: kSessionProviderWellKnownMalformed = 29,
kRelyingPartyWellKnownUnavailable = 30,
// Deprecated: kRelyingPartyWellKnownMalformed = 31,
kFederatedKeyThumbprintMismatch = 32,
kInvalidFederatedSessionUrl = 33,
// Deprecated: kInvalidFederatedSession = 34,
kInvalidFederatedKey = 35,
kTooManyRelyingOriginLabels = 36,
kBoundCookieSetForbidden = 37,
kNetError = 38,
kProxyError = 39,
// Deprecated: kInvalidConfigJson = 40,
kEmptySessionConfig = 41,
kInvalidCredentialsConfig = 42,
kInvalidCredentialsType = 43,
kInvalidCredentialsEmptyName = 44,
kInvalidCredentialsCookie = 45,
kPersistentHttpError = 46,
kRegistrationAttemptedChallenge = 47,
kInvalidScopeOrigin = 48,
kScopeOriginContainsPath = 49,
kRefreshInitiatorNotString = 50,
kRefreshInitiatorInvalidHostPattern = 51,
kInvalidScopeSpecification = 52,
kMissingScopeSpecificationType = 53,
kEmptyScopeSpecificationDomain = 54,
kEmptyScopeSpecificationPath = 55,
kInvalidScopeSpecificationType = 56,
kInvalidScopeIncludeSite = 57,
kMissingScopeIncludeSite = 58,
kFederatedNotAuthorizedByProvider = 59,
kFederatedNotAuthorizedByRelyingParty = 60,
kSessionProviderWellKnownMalformed = 61,
kSessionProviderWellKnownHasProviderOrigin = 62,
kRelyingPartyWellKnownMalformed = 63,
kRelyingPartyWellKnownHasRelyingOrigins = 64,
kInvalidFederatedSessionProviderSessionMissing = 65,
kInvalidFederatedSessionWrongProviderOrigin = 66,
kInvalidCredentialsCookieCreationTime = 67,
kInvalidCredentialsCookieName = 68,
kInvalidCredentialsCookieParsing = 69,
kInvalidCredentialsCookieUnpermittedAttribute = 70,
kInvalidCredentialsCookieInvalidDomain = 71,
kInvalidCredentialsCookiePrefix = 72,
kInvalidScopeRulePath = 73,
kInvalidScopeRuleHostPattern = 74,
kScopeRuleOriginScopedHostPatternMismatch = 75,
kScopeRuleSiteScopedHostPatternMismatch = 76,
kSigningQuotaExceeded = 77,
kInvalidConfigJson = 78,
kInvalidFederatedSessionProviderFailedToRestoreKey = 79,
kFailedToUnwrapKey = 80,
};
// LINT.ThenChange(//net/device_bound_sessions/session_error.h:DeviceBoundSessionError)
// DeviceBoundSessionManager is a privileged interface that should only
// be used in trusted processes.
[RequireContext=sandbox.mojom.Context.kBrowser]
interface DeviceBoundSessionManager {
// Asynchronously fetch all sessions currently registered.
GetAllSessions() => (array<DeviceBoundSessionKey> sessions);
// Delete a session by key.
DeleteSession(
DeviceBoundSessionDeletionReason reason, DeviceBoundSessionKey session);
// Delete all sessions matching the filter logic. Conditions are AND'ed
// together and providing no arguments at all will delete all sessions.
// - If present, sessions must be created after `created_after_time`.
// - If present, sessions must be created before `created_before_time`.
// - If present, sessions must match `filter` (see clear_data_filter.mojom).
DeleteAllSessions(DeviceBoundSessionDeletionReason reason,
mojo_base.mojom.Time? created_after_time,
mojo_base.mojom.Time? created_before_time,
ClearDataFilter? filter) => ();
// Add an observer for accesses to sessions including `url`.
AddObserver(url.mojom.Url url,
pending_remote<DeviceBoundSessionAccessObserver> observer);
// Creates a session for each param in `params`, and sets each cookie in
// `cookies_to_set`. This combined functionality allows callers to
// prevent sessions from applying to stale cookies and to ensure that
// sessions always apply to the new cookies. Returns the results of creating
// each session and setting each cookie.
CreateBoundSessions(array<DeviceBoundSessionParams> params,
array<uint8> wrapped_key,
array<CanonicalCookie> cookies_to_set,
CookieOptions cookie_options)
=> (array<DeviceBoundSessionError> session_results,
array<CookieInclusionStatus> cookie_results);
};
// Observer that is notified on use of a device bound session.
interface DeviceBoundSessionAccessObserver {
// Called when a device bound session is used. This includes:
// - Newly registered sessions
// - Sessions deferring requests
// - Session deletion
OnDeviceBoundSessionAccessed(DeviceBoundSessionAccess access);
// Called to create a copy of this observer. (e.g. when cloning observers
// from ResourceRequest).
Clone(pending_receiver<DeviceBoundSessionAccessObserver> observer);
};
