OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "content/browser/webauth/authenticator_impl.h" | |
6 | |
7 #include <memory> | |
8 | |
9 #include "base/json/json_writer.h" | |
10 #include "base/memory/ptr_util.h" | |
11 #include "content/public/browser/render_frame_host.h" | |
12 #include "content/public/browser/web_contents.h" | |
13 #include "crypto/sha2.h" | |
14 #include "mojo/public/cpp/bindings/strong_binding.h" | |
15 | |
16 namespace content { | |
17 | |
18 const char kGetAssertionType[] = "navigator.id.getAssertion"; | |
19 | |
20 // JSON key values | |
21 const char kTypeKey[] = "type"; | |
22 const char kChallengeKey[] = "challenge"; | |
23 const char kOriginKey[] = "origin"; | |
24 const char kCidPubkeyKey[] = "cid_pubkey"; | |
25 | |
26 // Serializes the |value| to a JSON string and returns the result. | |
27 std::string SerializeValueToJson(const base::Value& value) { | |
28 std::string json; | |
29 base::JSONWriter::Write(value, &json); | |
30 return json; | |
31 } | |
jochen (gone - plz use gerrit)
2017/06/28 07:38:30
the const values the this method should all go int
kpaulhamus
2017/06/28 08:48:15
Done.
| |
32 | |
33 // static | |
34 void AuthenticatorImpl::Create( | |
35 RenderFrameHost* render_frame_host, | |
36 const service_manager::BindSourceInfo& source_info, | |
37 webauth::mojom::AuthenticatorRequest request) { | |
38 auto authenticator_impl = | |
39 base::WrapUnique(new AuthenticatorImpl(render_frame_host)); | |
40 mojo::MakeStrongBinding(std::move(authenticator_impl), std::move(request)); | |
41 } | |
42 | |
43 AuthenticatorImpl::~AuthenticatorImpl() {} | |
44 | |
45 AuthenticatorImpl::AuthenticatorImpl(RenderFrameHost* render_frame_host) { | |
46 DCHECK(render_frame_host); | |
47 caller_origin_ = render_frame_host->GetLastCommittedOrigin(); | |
48 } | |
49 | |
50 // mojom:Authenticator | |
51 void AuthenticatorImpl::MakeCredential( | |
52 webauth::mojom::RelyingPartyAccountPtr account, | |
53 std::vector<webauth::mojom::ScopedCredentialParametersPtr> parameters, | |
54 const std::vector<uint8_t>& challenge, | |
55 webauth::mojom::ScopedCredentialOptionsPtr options, | |
56 MakeCredentialCallback callback) { | |
57 std::string effective_domain; | |
58 std::string relying_party_id; | |
59 std::string client_data_json; | |
60 base::DictionaryValue client_data; | |
61 | |
62 // Steps 6 & 7 of https://w3c.github.io/webauthn/#createCredential | |
63 // opaque origin | |
64 if (caller_origin_.unique()) { | |
65 std::move(callback).Run( | |
66 webauth::mojom::AuthenticatorStatus::NOT_ALLOWED_ERROR, NULL); | |
67 return; | |
68 } | |
69 | |
70 if (!options->relying_party_id) { | |
71 relying_party_id = caller_origin_.Serialize(); | |
72 } else { | |
73 effective_domain = caller_origin_.host(); | |
74 | |
75 DCHECK(!effective_domain.empty()); | |
76 // TODO(kpaulhamus): Check if relyingPartyId is a registrable domain | |
77 // suffix of and equal to effectiveDomain and set relyingPartyId | |
78 // appropriately. | |
79 relying_party_id = options->relying_party_id.value_or(std::string()); | |
80 } | |
81 | |
82 // TODO(kpaulhamus): Check ScopedCredentialParameter's type and | |
83 // algorithmIdentifier after algorithmIdentifier is added to mojom to | |
84 // make sure it is U2F_V2. | |
85 | |
86 client_data.SetString(kTypeKey, kGetAssertionType); | |
87 client_data.SetString( | |
88 kChallengeKey, | |
89 base::StringPiece(reinterpret_cast<const char*>(challenge.data()), | |
90 challenge.size())); | |
91 client_data.SetString(kOriginKey, relying_party_id); | |
92 // Channel ID is optional, and missing if the browser doesn't support it. | |
93 // It is present and set to the constant "unused" if the browser | |
94 // supports Channel ID but is not using it to talk to the origin. | |
95 // TODO(kpaulhamus): Fetch and add the Channel ID public key used to | |
96 // communicate with the origin. | |
97 client_data.SetString(kCidPubkeyKey, "unused"); | |
98 | |
99 // SHA-256 hash the JSON data structure | |
100 client_data_json = SerializeValueToJson(client_data); | |
101 std::string client_data_hash = crypto::SHA256HashString(client_data_json); | |
102 | |
103 std::move(callback).Run(webauth::mojom::AuthenticatorStatus::NOT_IMPLEMENTED, | |
104 NULL); | |
jochen (gone - plz use gerrit)
2017/06/28 07:38:30
use nullptr instead of NULL
kpaulhamus
2017/06/28 08:48:15
Done.
| |
105 } | |
106 | |
107 } // namespace content | |
OLD | NEW |