diff --git a/components/web_discovery/browser/credential_manager.cc b/components/web_discovery/browser/credential_manager.cc index d7ca2b4373b6..e4877039237c 100644 --- a/components/web_discovery/browser/credential_manager.cc +++ b/components/web_discovery/browser/credential_manager.cc @@ -87,10 +87,25 @@ std::optional FinishJoin( std::vector group_pub_key, std::vector gsk, std::vector join_resp_bytes) { - auto finish_res = anonymous_credential_manager->finish_join( - rust::Slice(group_pub_key.data(), group_pub_key.size()), - rust::Slice(gsk.data(), gsk.size()), + auto pub_key_result = anonymous_credentials::load_group_public_key( + rust::Slice(group_pub_key.data(), group_pub_key.size())); + auto gsk_result = anonymous_credentials::load_credential_big( + rust::Slice(gsk.data(), gsk.size())); + auto join_resp_result = anonymous_credentials::load_join_response( rust::Slice(join_resp_bytes.data(), join_resp_bytes.size())); + if (!pub_key_result.error_message.empty() || + !gsk_result.error_message.empty() || + !join_resp_result.error_message.empty()) { + VLOG(1) << "Failed to finish credential join due to deserialization error " + "with group pub key, gsk, or join response: " + << pub_key_result.error_message.c_str() + << gsk_result.error_message.c_str() + << join_resp_result.error_message.c_str(); + return std::nullopt; + } + auto finish_res = anonymous_credential_manager->finish_join( + *pub_key_result.value, *gsk_result.value, + std::move(join_resp_result.value)); if (!finish_res.error_message.empty()) { VLOG(1) << "Failed to finish credential join for " << date << ": " << finish_res.error_message.c_str(); @@ -106,16 +121,22 @@ std::optional> PerformSign( std::optional> gsk_bytes, std::optional> credential_bytes) { if (gsk_bytes && credential_bytes) { - auto set_res = anonymous_credential_manager->set_gsk_and_credentials( + auto gsk_result = anonymous_credentials::load_credential_big( rust::Slice(reinterpret_cast(gsk_bytes->data()), - gsk_bytes->size()), + gsk_bytes->size())); + auto credential_result = anonymous_credentials::load_user_credentials( rust::Slice(reinterpret_cast(credential_bytes->data()), credential_bytes->size())); - if (!set_res.error_message.empty()) { - VLOG(1) << "Failed to sign due to credential set failure: " - << set_res.error_message.c_str(); + if (!gsk_result.error_message.empty() || + !credential_result.error_message.empty()) { + VLOG(1) << "Failed to sign due to deserialization error with gsk, or " + "user credential: " + << gsk_result.error_message.c_str() + << credential_result.error_message.c_str(); return std::nullopt; } + anonymous_credential_manager->set_gsk_and_credentials( + std::move(gsk_result.value), std::move(credential_result.value)); } auto sig_res = anonymous_credential_manager->sign( rust::Slice(msg.data(), msg.size()), diff --git a/components/web_discovery/browser/document_extractor/rs/src/lib.rs b/components/web_discovery/browser/document_extractor/rs/src/lib.rs index 17ce268b19e2..4db51614a395 100644 --- a/components/web_discovery/browser/document_extractor/rs/src/lib.rs +++ b/components/web_discovery/browser/document_extractor/rs/src/lib.rs @@ -13,7 +13,6 @@ use kuchikiki::{ traits::TendrilSink, }; -#[allow(unsafe_op_in_unsafe_fn)] #[cxx::bridge(namespace = "rust_document_extractor")] mod ffi { pub struct SelectAttributeRequest { diff --git a/components/web_discovery/browser/double_fetcher.cc b/components/web_discovery/browser/double_fetcher.cc index ab04b56c6e6b..fbf8697b0010 100644 --- a/components/web_discovery/browser/double_fetcher.cc +++ b/components/web_discovery/browser/double_fetcher.cc @@ -34,7 +34,7 @@ constexpr net::NetworkTrafficAnnotationTag kFetchNetworkTrafficAnnotation = semantics { sender: "Brave Web Discovery Double Fetch" description: - "Retrieves a page of interest without session cookies for + "Retrieves a page of interest without cookies for scraping and reporting via Web Discovery." trigger: "Requests are sent minutes after the original diff --git a/components/web_discovery/browser/pref_names.h b/components/web_discovery/browser/pref_names.h index ba9ac515e4a3..5c957a40b6f4 100644 --- a/components/web_discovery/browser/pref_names.h +++ b/components/web_discovery/browser/pref_names.h @@ -11,12 +11,18 @@ namespace web_discovery { // Profile prefs inline constexpr char kWebDiscoveryNativeEnabled[] = "brave.web_discovery.wdp_native_enabled"; + +// The following pref values are used for generating +// anonymous signatures for user submissions. +// Since they are not used for encrypting sensitive data, +// they do not require secure storage. inline constexpr char kCredentialRSAPrivateKey[] = "brave.web_discovery.rsa_priv_key"; inline constexpr char kCredentialRSAPublicKey[] = "brave.web_discovery.rsa_pub_key"; inline constexpr char kAnonymousCredentialsDict[] = "brave.web_discovery.anon_creds"; + inline constexpr char kScheduledDoubleFetches[] = "brave.web_discovery.scheduled_double_fetches"; inline constexpr char kScheduledReports[] = diff --git a/components/web_discovery/browser/server_config_loader.cc b/components/web_discovery/browser/server_config_loader.cc index 39fb722ea6dc..d1e73f8acd8c 100644 --- a/components/web_discovery/browser/server_config_loader.cc +++ b/components/web_discovery/browser/server_config_loader.cc @@ -76,9 +76,9 @@ constexpr char kPatternsFilename[] = "wdp_patterns.json"; constexpr char kOmittedLocationValue[] = "--"; constexpr auto kAllowedReportLocations = base::MakeFixedFlatSet( - {"de", "at", "ch", "es", "us", "fr", "nl", "gb", "it", "be", - "se", "dk", "fi", "cz", "gr", "hu", "ro", "no", "ca", "au", - "ru", "ua", "in", "pl", "jp", "br", "mx", "cn", "ar"}); + {"ar", "at", "au", "be", "br", "ca", "ch", "cn", "cz", "de", + "dk", "es", "fi", "fr", "gb", "gr", "hu", "in", "it", "jp", + "mx", "nl", "no", "pl", "ro", "ru", "se", "ua", "us"}); KeyMap ParseKeys(const base::Value::Dict& encoded_keys) { KeyMap map; diff --git a/components/web_discovery/browser/wdp_service.cc b/components/web_discovery/browser/wdp_service.cc index a5c31e29d303..3df1c42fe1df 100644 --- a/components/web_discovery/browser/wdp_service.cc +++ b/components/web_discovery/browser/wdp_service.cc @@ -109,6 +109,15 @@ void WDPService::Stop() { content_scraper_ = nullptr; server_config_loader_ = nullptr; credential_manager_ = nullptr; + + profile_prefs_->ClearPref(kWebDiscoveryNativeEnabled); + profile_prefs_->ClearPref(kAnonymousCredentialsDict); + profile_prefs_->ClearPref(kCredentialRSAPrivateKey); + profile_prefs_->ClearPref(kCredentialRSAPublicKey); + profile_prefs_->ClearPref(kScheduledDoubleFetches); + profile_prefs_->ClearPref(kScheduledReports); + profile_prefs_->ClearPref(kUsedBasenameCounts); + profile_prefs_->ClearPref(kPageCounts); } void WDPService::OnEnabledChange() {