commit 7aefb2369196f3ea778341db2fd36536c2ff977a
author shivanigithub <shivanisha@chromium.org> Thu Nov 18 19:26:59 2021
committer Chromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com> Thu Nov 18 19:26:59 2021
tree 2452942a6ab175841c52ee26163ae2e303b73967
parent 06b6e2ffa0c207b9923f9f960ced5adf460b8154

Fenced Frames: Add nonce to CookiePartitionKey

This is in preparation for consumers like fenced frames and anonymous
iframes that require a nonce based unique and transient cookie
partition.

Design doc:
https://docs.google.com/document/d/1APHYxQD5inFv0gpMCIF7ukkEWqAOwFSA3JZp3J8Do88/edit#heading=h.mhmmceq0bsxf

Bug: 1229638
Change-Id: I4b2e12dee27018675b1cf9fa5d97bfe1a6170b94
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3285244
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: Dylan Cutler <dylancutler@google.com>
Reviewed-by: Maksim Orlovich <morlovich@chromium.org>
Commit-Queue: Shivani Sharma <shivanisha@chromium.org>
Cr-Commit-Position: refs/heads/main@{#943198}

net/cookies/cookie_partition_key_unittest.cc

diff --git a/net/cookies/cookie_partition_key_unittest.cc b/net/cookies/cookie_partition_key_unittest.cc
index b3215de..83b6d33 100644
--- a/net/cookies/cookie_partition_key_unittest.cc
+++ b/net/cookies/cookie_partition_key_unittest.cc
@@ -33,6 +33,7 @@
                          testing::Bool());
 
 TEST_P(CookiePartitionKeyTest, Serialization) {
+  base::UnguessableToken nonce = base::UnguessableToken::Create();
   struct {
     absl::optional<CookiePartitionKey> input;
     bool expected_ret;
@@ -55,6 +56,11 @@
       // Opaque origin
       {absl::make_optional(CookiePartitionKey::FromURLForTesting(GURL())),
        false, ""},
+      // With nonce
+      {CookiePartitionKey::FromNetworkIsolationKey(NetworkIsolationKey(
+           SchemefulSite(GURL("https://toplevelsite.com")),
+           SchemefulSite(GURL("https://cookiesite.com")), &nonce)),
+       false, ""},
       // Invalid partition key
       {absl::make_optional(
            CookiePartitionKey::FromURLForTesting(GURL("abc123foobar!!"))),
@@ -127,9 +133,43 @@
   }
 }
 
+TEST_P(CookiePartitionKeyTest, FromNetworkIsolationKeyWithNonce) {
+  SchemefulSite top_level_site =
+      SchemefulSite(GURL("https://toplevelsite.com"));
+  base::UnguessableToken nonce = base::UnguessableToken::Create();
+  absl::optional<CookiePartitionKey> got =
+      CookiePartitionKey::FromNetworkIsolationKey(NetworkIsolationKey(
+          top_level_site, SchemefulSite(GURL("https://cookiesite.com")),
+          &nonce));
+  bool partitioned_cookies_enabled = PartitionedCookiesEnabled();
+  EXPECT_EQ(partitioned_cookies_enabled, got.has_value());
+  if (!partitioned_cookies_enabled)
+    return;
+
+  EXPECT_TRUE(got.has_value());
+  EXPECT_FALSE(got->from_script());
+  EXPECT_TRUE(got->nonce().has_value());
+  EXPECT_EQ(nonce, got->nonce().value());
+}
+
 TEST_P(CookiePartitionKeyTest, FromWire) {
   auto want = CookiePartitionKey::FromURLForTesting(GURL("https://foo.com"));
-  auto got = CookiePartitionKey::FromWire(want.site());
+  auto got = CookiePartitionKey::FromWire(want.site(), want.nonce());
+  EXPECT_EQ(want, got);
+  EXPECT_FALSE(got.from_script());
+}
+
+TEST_P(CookiePartitionKeyTest, FromWireWithNonce) {
+  SchemefulSite top_level_site =
+      SchemefulSite(GURL("https://toplevelsite.com"));
+  base::UnguessableToken nonce = base::UnguessableToken::Create();
+  auto want = CookiePartitionKey::FromNetworkIsolationKey(NetworkIsolationKey(
+      top_level_site, SchemefulSite(GURL("https://cookiesite.com")), &nonce));
+  bool partitioned_cookies_enabled = PartitionedCookiesEnabled();
+  EXPECT_EQ(partitioned_cookies_enabled, want.has_value());
+  if (!partitioned_cookies_enabled)
+    return;
+  auto got = CookiePartitionKey::FromWire(want->site(), want->nonce());
   EXPECT_EQ(want, got);
   EXPECT_FALSE(got.from_script());
 }
@@ -148,6 +188,30 @@
                                              .IsSerializeable());
 }
 
+TEST_P(CookiePartitionKeyTest, EqualityWithNonce) {
+  SchemefulSite top_level_site =
+      SchemefulSite(GURL("https://toplevelsite.com"));
+  SchemefulSite frame_site = SchemefulSite(GURL("https://cookiesite.com"));
+  base::UnguessableToken nonce1 = base::UnguessableToken::Create();
+  base::UnguessableToken nonce2 = base::UnguessableToken::Create();
+  EXPECT_NE(nonce1, nonce2);
+  auto key1 = CookiePartitionKey::FromNetworkIsolationKey(
+      NetworkIsolationKey(top_level_site, frame_site, &nonce1));
+  bool partitioned_cookies_enabled = PartitionedCookiesEnabled();
+  EXPECT_EQ(partitioned_cookies_enabled, key1.has_value());
+  if (!partitioned_cookies_enabled)
+    return;
+
+  auto key2 = CookiePartitionKey::FromNetworkIsolationKey(
+      NetworkIsolationKey(top_level_site, frame_site, &nonce2));
+  EXPECT_TRUE(key1.has_value() && key2.has_value());
+  EXPECT_NE(key1, key2);
+
+  auto key3 = CookiePartitionKey::FromNetworkIsolationKey(
+      NetworkIsolationKey(top_level_site, frame_site, &nonce1));
+  EXPECT_EQ(key1, key3);
+}
+
 }  // namespace net
 
 #endif  // NET_COOKIES_COOKIE_PARTITION_KEY_UNITTEST_H_