Update Trusted Signals KVv2 Helper

1. Remove unused trusted_signals_url_
2. Move public key from Build() to constructor
3. Add alias name MaybeTrustedSignalsResultMapOrError

Bug: 337917489
Change-Id: Ic9c514212dbc7f70a45a086beaf5772de8fc902d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5839551
Commit-Queue: Tianyang Xu <xtlsheep@google.com>
Reviewed-by: mmenke <mmenke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1351725}

content/services/auction_worklet/trusted_signals_kvv2_helper.cc

@@ -34,8 +34,7 @@
 #include "components/cbor/writer.h"
 #include "content/common/features.h"
 #include "content/services/auction_worklet/auction_v8_helper.h"
-#include "content/services/auction_worklet/trusted_signals.h"
+#include "content/services/auction_worklet/public/mojom/auction_worklet_service.mojom.h"
-#include "content/services/auction_worklet/trusted_signals_request_manager.h"
 #include "third_party/zlib/google/compression_utils.h"
 #include "url/origin.h"
 
@@ -65,7 +64,7 @@ void AddPostRequestConstants(cbor::Value::MapValue& request_map_value) {
 }
 
 quiche::ObliviousHttpRequest CreateOHttpRequest(
-    mojom::TrustedSignalsPublicKeyPtr public_key,
+    const mojom::TrustedSignalsPublicKey& public_key,
     cbor::Value::MapValue request_map_value) {
   cbor::Value cbor_value(request_map_value);
   std::optional<std::vector<uint8_t>> maybe_cbor_bytes =
@@ -96,13 +95,13 @@ quiche::ObliviousHttpRequest CreateOHttpRequest(
 
   // Add encryption for request body.
   auto maybe_key_config = quiche::ObliviousHttpHeaderKeyConfig::Create(
-      public_key->id, EVP_HPKE_DHKEM_X25519_HKDF_SHA256, EVP_HPKE_HKDF_SHA256,
+      public_key.id, EVP_HPKE_DHKEM_X25519_HKDF_SHA256, EVP_HPKE_HKDF_SHA256,
       EVP_HPKE_AES_256_GCM);
   CHECK(maybe_key_config.ok()) << maybe_key_config.status();
 
   auto maybe_request =
       quiche::ObliviousHttpRequest::CreateClientObliviousRequest(
-          std::move(request_body), public_key->key, maybe_key_config.value(),
+          std::move(request_body), public_key.key, maybe_key_config.value(),
           kTrustedSignalsKVv2EncryptionRequestMediaType);
   CHECK(maybe_request.ok()) << maybe_request.status();
 
@@ -561,15 +560,14 @@ TrustedSignalsKVv2RequestHelperBuilder ::
 
 TrustedSignalsKVv2RequestHelperBuilder::TrustedSignalsKVv2RequestHelperBuilder(
     std::string hostname,
-    GURL trusted_signals_url,
+    std::optional<int> experiment_group_id,
-    std::optional<int> experiment_group_id)
+    mojom::TrustedSignalsPublicKeyPtr public_key)
     : hostname_(std::move(hostname)),
-      trusted_signals_url_(std::move(trusted_signals_url)),
+      experiment_group_id_(experiment_group_id),
-      experiment_group_id_(experiment_group_id) {}
+      public_key_(std::move(public_key)) {}
 
 std::unique_ptr<TrustedSignalsKVv2RequestHelper>
-TrustedSignalsKVv2RequestHelperBuilder::Build(
+TrustedSignalsKVv2RequestHelperBuilder::Build() {
-    mojom::TrustedSignalsPublicKeyPtr public_key) {
   cbor::Value::MapValue request_map_value;
   AddPostRequestConstants(request_map_value);
 
@@ -590,8 +588,7 @@ TrustedSignalsKVv2RequestHelperBuilder::Build(
   request_map_value.try_emplace(cbor::Value("partitions"),
                                 cbor::Value(std::move(partition_array)));
   quiche::ObliviousHttpRequest request =
-      CreateOHttpRequest(std::move(public_key), std::move(request_map_value));
+      CreateOHttpRequest(public_key(), std::move(request_map_value));
-
   std::string encrypted_request = request.EncapsulateAndSerialize();
   return std::make_unique<TrustedSignalsKVv2RequestHelper>(
       std::move(encrypted_request), std::move(request).ReleaseContext());
@@ -646,12 +643,12 @@ TrustedSignalsKVv2RequestHelperBuilder::Partition::operator=(Partition&&) =
 TrustedBiddingSignalsKVv2RequestHelperBuilder::
     TrustedBiddingSignalsKVv2RequestHelperBuilder(
         const std::string& hostname,
-        const GURL& trusted_signals_url,
         std::optional<int> experiment_group_id,
+        mojom::TrustedSignalsPublicKeyPtr public_key,
         const std::string& trusted_bidding_signals_slot_size_param)
     : TrustedSignalsKVv2RequestHelperBuilder(hostname,
-                                             trusted_signals_url,
+                                             experiment_group_id,
-                                             experiment_group_id) {
+                                             std::move(public_key)) {
   // Parse trusted bidding signals slot size parameter to a pair, which
   // parameter key is first and value is second.
   if (!trusted_bidding_signals_slot_size_param.empty()) {
@@ -772,12 +769,11 @@ TrustedBiddingSignalsKVv2RequestHelperBuilder::BuildMapForPartition(
 TrustedScoringSignalsKVv2RequestHelperBuilder::
     TrustedScoringSignalsKVv2RequestHelperBuilder(
         const std::string& hostname,
-        const GURL& trusted_signals_url,
+        std::optional<int> experiment_group_id,
-        std::optional<int> experiment_group_id)
+        mojom::TrustedSignalsPublicKeyPtr public_key)
     : TrustedSignalsKVv2RequestHelperBuilder(hostname,
-                                             trusted_signals_url,
+                                             experiment_group_id,
-                                             experiment_group_id) {}
+                                             std::move(public_key)) {}
-
 TrustedScoringSignalsKVv2RequestHelperBuilder::
     ~TrustedScoringSignalsKVv2RequestHelperBuilder() = default;
 
@@ -947,7 +943,7 @@ TrustedSignalsKVv2ResponseParser::ParseResponseToSignalsFetchResult(
   return result_map;
 }
 
-TrustedSignalsKVv2ResponseParser::TrustedSignalsResultMap
+TrustedSignalsKVv2ResponseParser::TrustedSignalsResultMapOrError
 TrustedSignalsKVv2ResponseParser::ParseBiddingSignalsFetchResultToResultMap(
     AuctionV8Helper* v8_helper,
     const std::set<std::string>& interest_group_names,
@@ -1056,7 +1052,7 @@ TrustedSignalsKVv2ResponseParser::ParseBiddingSignalsFetchResultToResultMap(
               std::move(per_interest_group_data_map),
               std::move(maybe_key_data_map).value(), data_version);
       if (!result_map
-               ->try_emplace(
+               .try_emplace(
                    TrustedSignalsKVv2RequestHelperBuilder::IsolationIndex(
                        group.first, id),
                    result)
@@ -1071,7 +1067,7 @@ TrustedSignalsKVv2ResponseParser::ParseBiddingSignalsFetchResultToResultMap(
   return result_map;
 }
 
-TrustedSignalsKVv2ResponseParser::TrustedSignalsResultMap
+TrustedSignalsKVv2ResponseParser::TrustedSignalsResultMapOrError
 TrustedSignalsKVv2ResponseParser::ParseScoringSignalsFetchResultToResultMap(
     AuctionV8Helper* v8_helper,
     const std::set<std::string>& render_urls,
@@ -1126,7 +1122,7 @@ TrustedSignalsKVv2ResponseParser::ParseScoringSignalsFetchResultToResultMap(
               std::move(maybe_render_urls_data_map).value(),
               std::move(maybe_ad_component_data_map).value(), data_version);
       if (!result_map
-               ->try_emplace(
+               .try_emplace(
                    TrustedSignalsKVv2RequestHelperBuilder::IsolationIndex(
                        group.first, id),
                    result)

content/services/auction_worklet/trusted_signals_kvv2_helper.h

@@ -21,7 +21,7 @@
 #include "base/types/optional_ref.h"
 #include "components/cbor/values.h"
 #include "content/common/content_export.h"
-#include "content/services/auction_worklet/public/mojom/auction_worklet_service.mojom-forward.h"
+#include "content/services/auction_worklet/public/mojom/auction_worklet_service.mojom.h"
 #include "content/services/auction_worklet/public/mojom/trusted_signals_cache.mojom-shared.h"
 #include "content/services/auction_worklet/trusted_signals.h"
 #include "net/third_party/quiche/src/quiche/oblivious_http/oblivious_http_client.h"
@@ -99,14 +99,13 @@ class CONTENT_EXPORT TrustedSignalsKVv2RequestHelperBuilder {
   // Build the request helper using the helper builder to construct the POST
   // body string, noting that the partition IDs will not be sequential for
   // bidding signals.
-  std::unique_ptr<TrustedSignalsKVv2RequestHelper> Build(
+  std::unique_ptr<TrustedSignalsKVv2RequestHelper> Build();
-      mojom::TrustedSignalsPublicKeyPtr public_key);
 
  protected:
   TrustedSignalsKVv2RequestHelperBuilder(
       std::string hostname,
-      GURL trusted_signals_url,
+      std::optional<int> experiment_group_id,
-      std::optional<int> experiment_group_id);
+      mojom::TrustedSignalsPublicKeyPtr public_key);
 
   // All the data needed to request a particular bidding or scoring signals
   // partition.
@@ -158,12 +157,12 @@ class CONTENT_EXPORT TrustedSignalsKVv2RequestHelperBuilder {
 
   const std::string& hostname() const { return hostname_; }
 
-  const GURL& trusted_signals_url() const { return trusted_signals_url_; }
-
   const std::optional<int>& experiment_group_id() const {
     return experiment_group_id_;
   }
 
+  const mojom::TrustedSignalsPublicKey& public_key() { return *public_key_; }
+
   // Return next compression group id and increase it by 1.
   int next_compression_group_id() { return next_compression_group_id_++; }
 
@@ -181,8 +180,8 @@ class CONTENT_EXPORT TrustedSignalsKVv2RequestHelperBuilder {
   std::map<int, CompressionGroup> compression_groups_;
 
   const std::string hostname_;
-  const GURL trusted_signals_url_;
   const std::optional<int> experiment_group_id_;
+  mojom::TrustedSignalsPublicKeyPtr public_key_;
 
   // Initial id for compression groups.
   int next_compression_group_id_ = 0;
@@ -193,8 +192,8 @@ class CONTENT_EXPORT TrustedBiddingSignalsKVv2RequestHelperBuilder
  public:
   TrustedBiddingSignalsKVv2RequestHelperBuilder(
       const std::string& hostname,
-      const GURL& trusted_signals_url,
       std::optional<int> experiment_group_id,
+      mojom::TrustedSignalsPublicKeyPtr public_key,
       const std::string& trusted_bidding_signals_slot_size_param);
 
   TrustedBiddingSignalsKVv2RequestHelperBuilder(
@@ -247,8 +246,8 @@ class CONTENT_EXPORT TrustedScoringSignalsKVv2RequestHelperBuilder
  public:
   TrustedScoringSignalsKVv2RequestHelperBuilder(
       const std::string& hostname,
-      const GURL& trusted_signals_url,
+      std::optional<int> experiment_group_id,
-      std::optional<int> experiment_group_id);
+      mojom::TrustedSignalsPublicKeyPtr public_key);
 
   TrustedScoringSignalsKVv2RequestHelperBuilder(
       const TrustedScoringSignalsKVv2RequestHelperBuilder&) = delete;
@@ -325,12 +324,13 @@ class CONTENT_EXPORT TrustedSignalsKVv2ResponseParser {
       base::expected<CompressionGroupResultMap, ErrorInfo>;
 
   // Result map for response parser. The key is an `IsolationIndex` indicates
-  // compression group id and partition id. Return ErrorInfo if there is any
+  // compression group ID and partition ID.
-  // failure during parsing.
+  using TrustedSignalsResultMap =
-  using TrustedSignalsResultMap = base::expected<
+      std::map<TrustedBiddingSignalsKVv2RequestHelperBuilder::IsolationIndex,
-      std::map<TrustedSignalsKVv2RequestHelperBuilder::IsolationIndex,
+               scoped_refptr<TrustedSignals::Result>>;
-               scoped_refptr<TrustedSignals::Result>>,
+
-      ErrorInfo>;
+  using TrustedSignalsResultMapOrError =
+      base::expected<TrustedSignalsResultMap, ErrorInfo>;
 
   // Parse response body to `SignalsFetchResult` for integration with cache call
   // flow in browser process.
@@ -345,7 +345,8 @@ class CONTENT_EXPORT TrustedSignalsKVv2ResponseParser {
   // where the key is the isolation index and the value is a set of strings.
   // This allows searching for each string within a specific compression group
   // and partition.
-  static TrustedSignalsResultMap ParseBiddingSignalsFetchResultToResultMap(
+  static TrustedSignalsResultMapOrError
+  ParseBiddingSignalsFetchResultToResultMap(
       AuctionV8Helper* v8_helper,
       const std::set<std::string>& interest_group_names,
       const std::set<std::string>& keys,
@@ -358,7 +359,8 @@ class CONTENT_EXPORT TrustedSignalsKVv2ResponseParser {
   // `ad_component_render_urls`, where the key is the isolation index and the
   // value is a set of strings. This allows searching for each string within a
   // specific compression group and partition.
-  static TrustedSignalsResultMap ParseScoringSignalsFetchResultToResultMap(
+  static TrustedSignalsResultMapOrError
+  ParseScoringSignalsFetchResultToResultMap(
       AuctionV8Helper* v8_helper,
       const std::set<std::string>& render_urls,
       const std::set<std::string>& ad_component_render_urls,

content/services/auction_worklet/trusted_signals_kvv2_helper_unittest.cc

@@ -29,8 +29,6 @@
 #include "components/cbor/values.h"
 #include "components/cbor/writer.h"
 #include "content/services/auction_worklet/public/mojom/auction_worklet_service.mojom.h"
-#include "content/services/auction_worklet/trusted_signals.h"
-#include "content/services/auction_worklet/trusted_signals_request_manager.h"
 #include "net/third_party/quiche/src/quiche/oblivious_http/oblivious_http_gateway.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "third_party/blink/public/common/features.h"
@@ -48,7 +46,6 @@ const int kExperimentGroupId = 12345;
 const char kTrustedBiddingSignalsSlotSizeParam[] = "slotSize=100,200";
 const size_t kFramingHeaderSize = 5;  // bytes
 const size_t kOhttpHeaderSize = 55;   // bytes
-const char kTrustedSignalsUrl[] = "https://url.test/";
 const char kOriginFooUrl[] = "https://foo.test/";
 const char kOriginFoosubUrl[] = "https://foosub.test/";
 const char kOriginBarUrl[] = "https://bar.test/";
@@ -58,23 +55,33 @@ const char kOwnerOriginB[] = "https://owner-b.test/";
 const char kJoiningOriginA[] = "https://joining-a.test/";
 const char kJoiningOriginB[] = "https://joining-b.test/";
 
+const uint8_t kKeyId = 0xff;
+
 // These keys were randomly generated as follows:
 // EVP_HPKE_KEY keys;
 // EVP_HPKE_KEY_generate(&keys, EVP_hpke_x25519_hkdf_sha256());
 // and then EVP_HPKE_KEY_public_key and EVP_HPKE_KEY_private_key were used to
 // extract the keys.
-const std::array<uint8_t, 32> kTestPrivateKey = {
+const uint8_t kTestPrivateKey[] = {
     0xff, 0x1f, 0x47, 0xb1, 0x68, 0xb6, 0xb9, 0xea, 0x65, 0xf7, 0x97,
     0x4f, 0xf2, 0x2e, 0xf2, 0x36, 0x94, 0xe2, 0xf6, 0xb6, 0x8d, 0x66,
     0xf3, 0xa7, 0x64, 0x14, 0x28, 0xd4, 0x45, 0x35, 0x01, 0x8f,
 };
 
-const std::array<const unsigned char, 32> kTestPublicKey = {
+const uint8_t kTestPublicKey[] = {
     0xa1, 0x5f, 0x40, 0x65, 0x86, 0xfa, 0xc4, 0x7b, 0x99, 0x59, 0x70,
     0xf1, 0x85, 0xd9, 0xd8, 0x91, 0xc7, 0x4d, 0xcf, 0x1e, 0xb9, 0x1a,
     0x7d, 0x50, 0xa5, 0x8b, 0x01, 0x68, 0x3e, 0x60, 0x05, 0x2d,
 };
 
+// Return a public key pointer which is created by kTestPublicKey and kKeyId.
+mojom::TrustedSignalsPublicKeyPtr CreatePublicKey() {
+  return mojom::TrustedSignalsPublicKey::New(
+      std::string(reinterpret_cast<const char*>(&kTestPublicKey[0]),
+                  sizeof(kTestPublicKey)),
+      kKeyId);
+}
+
 // Helper to decrypt request body.
 std::vector<uint8_t> DecryptRequestBody(const std::string& request_body,
                                         int public_key_id) {
@@ -140,8 +147,8 @@ void CheckBiddingResult(
         priority_vector_map,
     const std::string& bidding_signals,
     std::optional<uint32_t> data_version) {
-  ASSERT_TRUE(result_map->contains(index));
+  ASSERT_TRUE(result_map.contains(index));
-  TrustedSignals::Result* result = result_map->at(index).get();
+  TrustedSignals::Result* result = result_map.at(index).get();
 
   for (const auto& name : interest_group_names) {
     std::optional<TrustedSignals::Result::PriorityVector>
@@ -178,8 +185,8 @@ void CheckScoringResult(
     const std::vector<std::string>& ad_component_render_urls,
     const std::string& expected_signals,
     std::optional<uint32_t> data_version) {
-  ASSERT_TRUE(result_map->contains(index));
+  ASSERT_TRUE(result_map.contains(index));
-  TrustedSignals::Result* result = result_map->at(index).get();
+  TrustedSignals::Result* result = result_map.at(index).get();
 
   AuctionV8Helper::FullIsolateScope isolate_scope(v8_helper);
   v8::Isolate* isolate = v8_helper->isolate();
@@ -231,12 +238,11 @@ std::string BuildResponseBody(const std::string& hex_string,
 std::pair<std::string, quiche::ObliviousHttpRequest::Context>
 EncryptResponseBodyHelper(const std::string& response_body) {
   // Fake a encrypted request.
-  int key_id = 0x00;
   std::string public_key =
       std::string(reinterpret_cast<const char*>(&kTestPublicKey[0]),
                   sizeof(kTestPublicKey));
   auto request_key_config = quiche::ObliviousHttpHeaderKeyConfig::Create(
-      key_id, EVP_HPKE_DHKEM_X25519_HKDF_SHA256, EVP_HPKE_HKDF_SHA256,
+      kKeyId, EVP_HPKE_DHKEM_X25519_HKDF_SHA256, EVP_HPKE_HKDF_SHA256,
       EVP_HPKE_AES_256_GCM);
   EXPECT_TRUE(request_key_config.ok()) << request_key_config.status();
 
@@ -250,7 +256,7 @@ EncryptResponseBodyHelper(const std::string& response_body) {
 
   // Decrypt the request and get the context.
   auto response_key_config = quiche::ObliviousHttpHeaderKeyConfig::Create(
-      key_id, EVP_HPKE_DHKEM_X25519_HKDF_SHA256, EVP_HPKE_HKDF_SHA256,
+      kKeyId, EVP_HPKE_DHKEM_X25519_HKDF_SHA256, EVP_HPKE_HKDF_SHA256,
       EVP_HPKE_AES_256_GCM);
   EXPECT_TRUE(response_key_config.ok()) << response_key_config.status();
 
@@ -298,11 +304,8 @@ std::string GetErrorMessageFromParseBiddingSignalsFetchResultToResultMap(
     const std::set<std::string>& keys,
     const TrustedSignalsKVv2ResponseParser::CompressionGroupResultMap&
         compression_group_result_map) {
-  base::expected<
+  TrustedSignalsKVv2ResponseParser::TrustedSignalsResultMapOrError result =
-      std::map<TrustedSignalsKVv2RequestHelperBuilder::IsolationIndex,
+      TrustedSignalsKVv2ResponseParser::
-               scoped_refptr<TrustedSignals::Result>>,
-      TrustedSignalsKVv2ResponseParser::ErrorInfo>
-      result = TrustedSignalsKVv2ResponseParser::
           ParseBiddingSignalsFetchResultToResultMap(
               v8_helper.get(), interest_group_names, keys,
               compression_group_result_map);
@@ -317,11 +320,8 @@ std::string GetErrorMessageFromParseScoringSignalsFetchResultToResultMap(
     const std::set<std::string>& ad_component_render_urls,
     const TrustedSignalsKVv2ResponseParser::CompressionGroupResultMap&
         compression_group_result_map) {
-  base::expected<
+  TrustedSignalsKVv2ResponseParser::TrustedSignalsResultMapOrError result =
-      std::map<TrustedSignalsKVv2RequestHelperBuilder::IsolationIndex,
+      TrustedSignalsKVv2ResponseParser::
-               scoped_refptr<TrustedSignals::Result>>,
-      TrustedSignalsKVv2ResponseParser::ErrorInfo>
-      result = TrustedSignalsKVv2ResponseParser::
           ParseScoringSignalsFetchResultToResultMap(
               v8_helper.get(), render_urls, ad_component_render_urls,
               compression_group_result_map);
@@ -332,29 +332,24 @@ std::string GetErrorMessageFromParseScoringSignalsFetchResultToResultMap(
 
 }  // namespace
 
-class TrustedSignalsKVv2ResponseParserTest : public testing::Test {
+class TrustedSignalsKVv2RequestHelperTest : public testing::Test {
  public:
-  explicit TrustedSignalsKVv2ResponseParserTest() {
+  explicit TrustedSignalsKVv2RequestHelperTest() {
-    helper_ = AuctionV8Helper::Create(
+    public_key_ = CreatePublicKey();
-        base::SingleThreadTaskRunner::GetCurrentDefault());
-    base::RunLoop().RunUntilIdle();
-    v8_scope_ =
-        std::make_unique<AuctionV8Helper::FullIsolateScope>(helper_.get());
   }
-  ~TrustedSignalsKVv2ResponseParserTest() override = default;
+  ~TrustedSignalsKVv2RequestHelperTest() override = default;
 
  protected:
   base::test::TaskEnvironment task_environment_;
-  scoped_refptr<AuctionV8Helper> helper_;
+  mojom::TrustedSignalsPublicKeyPtr public_key_;
-  std::unique_ptr<AuctionV8Helper::FullIsolateScope> v8_scope_;
 };
 
-TEST(TrustedSignalsKVv2RequestHelperTest,
+TEST_F(TrustedSignalsKVv2RequestHelperTest,
-     TrustedBiddingSignalsRequestEncoding) {
+       TrustedBiddingSignalsRequestEncoding) {
   std::unique_ptr<TrustedBiddingSignalsKVv2RequestHelperBuilder>
       helper_builder =
           std::make_unique<TrustedBiddingSignalsKVv2RequestHelperBuilder>(
-              kHostName, GURL(kTrustedSignalsUrl), kExperimentGroupId,
+              kHostName, kExperimentGroupId, std::move(public_key_),
               kTrustedBiddingSignalsSlotSizeParam);
 
   helper_builder->AddTrustedSignalsRequest(
@@ -393,20 +388,11 @@ TEST(TrustedSignalsKVv2RequestHelperTest,
       url::Origin::Create(GURL(kOriginBarUrl)),
       blink::mojom::InterestGroup::ExecutionMode::kGroupedByOriginMode);
 
-  // Generate public key.
-  const int kPublicKeyId = 0x00;
-  mojom::TrustedSignalsPublicKeyPtr public_key =
-      mojom::TrustedSignalsPublicKey::New(
-          std::string(reinterpret_cast<const char*>(&kTestPublicKey[0]),
-                      sizeof(kTestPublicKey)),
-          kPublicKeyId);
-
   std::unique_ptr<TrustedSignalsKVv2RequestHelper> helper =
-      helper_builder->Build(std::move(public_key));
+      helper_builder->Build();
 
   std::string request_body = helper->TakePostRequestBody();
-  std::vector<uint8_t> body_bytes =
+  std::vector<uint8_t> body_bytes = DecryptRequestBody(request_body, kKeyId);
-      DecryptRequestBody(request_body, kPublicKeyId);
 
   // Test if body_bytes size is padded.
   size_t request_length = kOhttpHeaderSize + body_bytes.size();
@@ -576,11 +562,12 @@ TEST(TrustedSignalsKVv2RequestHelperTest,
 //    partition 2: G
 //    partition 3: H
 //    partition 4: I
-TEST(TrustedSignalsKVv2RequestHelperTest, TrustedBiddingSignalsIsolationIndex) {
+TEST_F(TrustedSignalsKVv2RequestHelperTest,
+       TrustedBiddingSignalsIsolationIndex) {
   std::unique_ptr<TrustedBiddingSignalsKVv2RequestHelperBuilder>
       helper_builder =
           std::make_unique<TrustedBiddingSignalsKVv2RequestHelperBuilder>(
-              kHostName, GURL(kTrustedSignalsUrl), kExperimentGroupId,
+              kHostName, kExperimentGroupId, std::move(public_key_),
               kTrustedBiddingSignalsSlotSizeParam);
 
   EXPECT_EQ(
@@ -639,12 +626,12 @@ TEST(TrustedSignalsKVv2RequestHelperTest, TrustedBiddingSignalsIsolationIndex) {
           blink::mojom::InterestGroup::ExecutionMode::kCompatibilityMode));
 }
 
-TEST(TrustedSignalsKVv2RequestHelperTest,
+TEST_F(TrustedSignalsKVv2RequestHelperTest,
-     TrustedScoringSignalsRequestEncoding) {
+       TrustedScoringSignalsRequestEncoding) {
   std::unique_ptr<TrustedScoringSignalsKVv2RequestHelperBuilder>
       helper_builder =
           std::make_unique<TrustedScoringSignalsKVv2RequestHelperBuilder>(
-              kHostName, GURL(kTrustedSignalsUrl), kExperimentGroupId);
+              kHostName, kExperimentGroupId, std::move(public_key_));
 
   helper_builder->AddTrustedSignalsRequest(
       GURL(kOriginFooUrl), std::set<std::string>{kOriginFoosubUrl},
@@ -659,20 +646,11 @@ TEST(TrustedSignalsKVv2RequestHelperTest,
       url::Origin::Create(GURL(kOwnerOriginB)),
       url::Origin::Create(GURL(kJoiningOriginB)));
 
-  // Generate public key.
-  const int kPublicKeyId = 0xFF;
-  mojom::TrustedSignalsPublicKeyPtr public_key =
-      mojom::TrustedSignalsPublicKey::New(
-          std::string(reinterpret_cast<const char*>(&kTestPublicKey[0]),
-                      sizeof(kTestPublicKey)),
-          kPublicKeyId);
-
   std::unique_ptr<TrustedSignalsKVv2RequestHelper> helper =
-      helper_builder->Build(std::move(public_key));
+      helper_builder->Build();
 
   std::string request_body = helper->TakePostRequestBody();
-  std::vector<uint8_t> body_bytes =
+  std::vector<uint8_t> body_bytes = DecryptRequestBody(request_body, kKeyId);
-      DecryptRequestBody(request_body, kPublicKeyId);
 
   // Test if body_bytes size is padded.
   size_t request_length = kOhttpHeaderSize + body_bytes.size();
@@ -842,11 +820,12 @@ TEST(TrustedSignalsKVv2RequestHelperTest,
 //    partition 0: G
 // Compression: 3 -
 //    partition 0: H
-TEST(TrustedSignalsKVv2RequestHelperTest, TrustedScoringSignalsIsolationIndex) {
+TEST_F(TrustedSignalsKVv2RequestHelperTest,
+       TrustedScoringSignalsIsolationIndex) {
   std::unique_ptr<TrustedScoringSignalsKVv2RequestHelperBuilder>
       helper_builder =
           std::make_unique<TrustedScoringSignalsKVv2RequestHelperBuilder>(
-              kHostName, GURL(kTrustedSignalsUrl), kExperimentGroupId);
+              kHostName, kExperimentGroupId, std::move(public_key_));
 
   EXPECT_EQ(TrustedSignalsKVv2RequestHelperBuilder::IsolationIndex(0, 0),
             helper_builder->AddTrustedSignalsRequest(
@@ -890,6 +869,24 @@ TEST(TrustedSignalsKVv2RequestHelperTest, TrustedScoringSignalsIsolationIndex) {
                 url::Origin::Create(GURL(kJoiningOriginB))));
 }
 
+class TrustedSignalsKVv2ResponseParserTest : public testing::Test {
+ public:
+  explicit TrustedSignalsKVv2ResponseParserTest() {
+    helper_ = AuctionV8Helper::Create(
+        base::SingleThreadTaskRunner::GetCurrentDefault());
+    base::RunLoop().RunUntilIdle();
+    v8_scope_ =
+        std::make_unique<AuctionV8Helper::FullIsolateScope>(helper_.get());
+  }
+
+  ~TrustedSignalsKVv2ResponseParserTest() override = default;
+
+ protected:
+  base::test::TaskEnvironment task_environment_;
+  scoped_refptr<AuctionV8Helper> helper_;
+  std::unique_ptr<AuctionV8Helper::FullIsolateScope> v8_scope_;
+};
+
 // Test trusted bidding signals response parsing with gzip compressed cbor
 // bytes.
 TEST_F(TrustedSignalsKVv2ResponseParserTest,
@@ -1086,14 +1083,14 @@ TEST_F(TrustedSignalsKVv2ResponseParserTest,
                                                      "groupC", "groupD"};
   const std::set<std::string> kKeys = {"keyA", "keyB", "keyC", "keyD"};
 
-  TrustedSignalsKVv2ResponseParser::TrustedSignalsResultMap maybe_result_map =
+  TrustedSignalsKVv2ResponseParser::TrustedSignalsResultMapOrError
-      TrustedSignalsKVv2ResponseParser::
+      maybe_result_map = TrustedSignalsKVv2ResponseParser::
           ParseBiddingSignalsFetchResultToResultMap(
               helper_.get(), kInterestGroupNames, kKeys, fetch_result);
   EXPECT_TRUE(maybe_result_map.has_value());
   TrustedSignalsKVv2ResponseParser::TrustedSignalsResultMap result_map =
       maybe_result_map.value();
-  EXPECT_EQ(result_map->size(), 3u);
+  EXPECT_EQ(result_map.size(), 3u);
 
   std::vector<std::string> expected_names = {"groupA", "groupB"};
   std::vector<std::string> expected_keys = {"keyA", "keyB"};
@@ -1326,14 +1323,14 @@ TEST_F(TrustedSignalsKVv2ResponseParserTest,
       "https://foosub.test/", "https://barsub.test/", "https://bazsub.test/",
       "https://quxsub.test/"};
 
-  TrustedSignalsKVv2ResponseParser::TrustedSignalsResultMap maybe_result_map =
+  TrustedSignalsKVv2ResponseParser::TrustedSignalsResultMapOrError
-      TrustedSignalsKVv2ResponseParser::
+      maybe_result_map = TrustedSignalsKVv2ResponseParser::
           ParseScoringSignalsFetchResultToResultMap(
               helper_.get(), kRenderUrls, kAdComponentRenderUrls, fetch_result);
   EXPECT_TRUE(maybe_result_map.has_value());
   TrustedSignalsKVv2ResponseParser::TrustedSignalsResultMap result_map =
       maybe_result_map.value();
-  EXPECT_EQ(result_map->size(), 3u);
+  EXPECT_EQ(result_map.size(), 3u);
 
   GURL render_url = GURL("https://foo.test/");
   std::vector<std::string> ad_component_render_urls = {"https://foosub.test/",
@@ -1377,12 +1374,11 @@ TEST_F(TrustedSignalsKVv2ResponseParserTest, ResponseDecryptionFailure) {
   // Failed to decrypt response body
   // Use a different ID to obtain a public key that differs from the one used in
   // `EncryptResponseBodyHelper()`.
-  int key_id = 0x01;
   std::string public_key =
       std::string(reinterpret_cast<const char*>(&kTestPublicKey[0]),
                   sizeof(kTestPublicKey));
   auto config = quiche::ObliviousHttpHeaderKeyConfig::Create(
-                    key_id, EVP_HPKE_DHKEM_X25519_HKDF_SHA256,
+                    kKeyId, EVP_HPKE_DHKEM_X25519_HKDF_SHA256,
                     EVP_HPKE_HKDF_SHA256, EVP_HPKE_AES_256_GCM)
                     .value();