Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Brave Services Key V2 (uplift to 1.62.x) #21688

Merged
merged 1 commit into from
Jan 23, 2024
Merged

Add support for Brave Services Key V2 (uplift to 1.62.x) #21688

merged 1 commit into from
Jan 23, 2024

Conversation

nvonpentz
Copy link
Member

Uplift of #21542
Resolves brave/brave-browser#35152

Submitter Checklist:

  • I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
  • There is a ticket for my issue
  • Used Github auto-closing keywords in the PR description above
  • Wrote a good PR/commit description
  • Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
  • Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • Checked the PR locally:
    • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
    • npm run lint, npm run presubmit wiki, npm run gn_check, npm run tslint
  • Ran git rebase master (if needed)

Reviewer Checklist:

  • A security review is not needed, or a link to one is included in the PR description
  • New files have MPL-2.0 license header
  • Adequate test coverage exists to prevent regressions
  • Major classes, functions and non-trivial code blocks are well-commented
  • Changes in component dependencies are properly reflected in gn
  • Code follows the style guide
  • Test plan is specified in PR before merging

After-merge Checklist:

Test Plan:

@nvonpentz
Add support for Brave Services Key V2 (#21542)
3bcb88e 
* Add support for Brave Services Key V2

And use for AI chat

* Refactor

* Move logic to brave_service_keys

* Generalize logic such that callers can sign over multiple headers

* Separate digest header generation

* Rename AI_CHAT_SERVICE_KEY -> SERVICE_KEY_AI_CHAT

* Separate SERVICE_KEY_AI_CHAT from signing logic

* * Switch from base::span<> to const std::vector<>&

* Move unused header to .cc file

* Break apart functions and add more unit tests

* Update GetAuthorizationHeaders

* Pass the URL, HTTP method, full list of headers, and a list of headers
  to actually be signed to GetAuthorizationHeaders

* Instead of using std::vector<std::pair<std::string, std::string>> for
  the list of headers, instead use base::flat_map<std::string,
  std::string> since that matches the headers passed to the
  APIRequestHelper

* Enforce header ordering specified by headers_to_sign

* Generate (request-target) header if supplied, and add test from spec

* Pass url and  method to CreateSignatureString

This way, (request-target) can be generated inside there and thus be
unit tested.

Adjust unit tests.

* Add VLOG(1) when header to sign does not exist

Also DCHECK(false) for good measure.

* Add SERVICE_KEY_AI_CHAT and KEY_ID to config.js

This way they can be sourced from .env.

* Update tests

* Link to specific section test vectors are from

* Remove the "(created)" header from headers_to_sign (it's not included
  in the test vector)

* Use //crypto instad of //crypto:crypto in components/brave_service_keys/BUILD.gn

* Use constexpr for http method constant

* Don't use a reference to the digest header

* Use NOTREACHED_NORETURN() instead of DCHECK and VLOG(1)

* Use CHECK for url in GetAuthorizationHeader

Brave Server URLs should always be defined

* Uncomment base/flat_map.h include in unittest

* Add comment explaining KEY_ID

* Add comments explaining functions in service_key_utils

* Add is_official_build check for service_key_ai_chat

* Update header constants

* Use existing constants for kDigest and kAuthorization

* Change kRequestTarget to kRequestTargetHeader

* Rename service_key_utils.* -> brave_service_key_utils.*

* nit: use base::StrCat and .append()

* Make headers a const& in  CreateSignatureString

* Rename KEY_ID -> BRAVE_SERVICES_KEY_ID

* Fix formatting of string

* Rename SERVICE_KEY_AI_CHAT-> SERVICE_KEY_AICHAT

* Apply Jenkinsfile patch

* Revert "Apply Jenkinsfile patch"

This reverts commit 513bfda.
@nvonpentz nvonpentz requested a review from a team as a code owner January 22, 2024 19:14
@nvonpentz nvonpentz changed the title Add support for Brave Services Key V2 (uplift to 1.63.x) Add support for Brave Services Key V2 (uplift to 1.62.x) Jan 22, 2024
@kjozwiak kjozwiak added this to the 1.62.x - Release milestone Jan 23, 2024
kjozwiak
kjozwiak approved these changes Jan 23, 2024
View reviewed changes
Copy link
Member

@kjozwiak kjozwiak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Uplift into 1.62.x approved 👍 QA has verified the PR on Nightly via 1.64.x as per #21542 (comment).

@kjozwiak kjozwiak merged commit 436d8c7 into 1.62.x Jan 23, 2024
15 checks passed
@kjozwiak kjozwiak deleted the brave-services-key-v2-1.62.x branch January 23, 2024 05:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kjozwiak kjozwiak kjozwiak approved these changes

Assignees

@nvonpentz nvonpentz

Labels
None yet
Projects
None yet
Milestone
1.62.x - Release
Development

Successfully merging this pull request may close these issues.
2 participants
@nvonpentz @kjozwiak