Chromium Code Reviews Chromium Code Reviews
Issue 2966523002:
Blink-layer update to match WebAuthN spec (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/webauth/authenticator_impl.h" | 5 #include "content/browser/webauth/authenticator_impl.h" |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 | 8 |
| 9 #include "base/json/json_writer.h" | 9 #include "base/json/json_writer.h" |
| 10 #include "base/memory/ptr_util.h" | 10 #include "base/memory/ptr_util.h" |
| 11 #include "content/public/browser/render_frame_host.h" | 11 #include "content/public/browser/render_frame_host.h" |
| 12 #include "content/public/browser/web_contents.h" | 12 #include "content/public/browser/web_contents.h" |
| 13 #include "crypto/sha2.h" | 13 #include "crypto/sha2.h" |
| 14 #include "mojo/public/cpp/bindings/strong_binding.h" | 14 #include "mojo/public/cpp/bindings/strong_binding.h" |
| 15 | 15 |
| 16 namespace content { | 16 namespace content { |
| 17 | 17 |
| 18 namespace { | 18 namespace { |
| 19 | 19 |
| 20 const char kGetAssertionType[] = "navigator.id.getAssertion"; | 20 const char kMakeCredentialType[] = "navigator.id.makeCredential"; |
|
vasilii
2017/07/05 14:36:12
The new trend is 'constexpr' wherever possible.
kpaulhamus
2017/07/12 21:21:45
Done.
| |
| 21 | 21 |
| 22 // JSON key values | 22 // JSON key values |
| 23 const char kTypeKey[] = "type"; | 23 const char kTypeKey[] = "type"; |
| 24 const char kChallengeKey[] = "challenge"; | 24 const char kChallengeKey[] = "challenge"; |
| 25 const char kOriginKey[] = "origin"; | 25 const char kOriginKey[] = "origin"; |
| 26 const char kCidPubkeyKey[] = "cid_pubkey"; | 26 const char kCidPubkeyKey[] = "cid_pubkey"; |
| 27 | 27 |
| 28 } // namespace | 28 } // namespace |
| 29 | 29 |
| 30 // Serializes the |value| to a JSON string and returns the result. | 30 // Serializes the |value| to a JSON string and returns the result. |
| (...skipping 15 matching lines...) Expand all Loading... | |
| 46 | 46 |
| 47 AuthenticatorImpl::~AuthenticatorImpl() {} | 47 AuthenticatorImpl::~AuthenticatorImpl() {} |
| 48 | 48 |
| 49 AuthenticatorImpl::AuthenticatorImpl(RenderFrameHost* render_frame_host) { | 49 AuthenticatorImpl::AuthenticatorImpl(RenderFrameHost* render_frame_host) { |
| 50 DCHECK(render_frame_host); | 50 DCHECK(render_frame_host); |
| 51 caller_origin_ = render_frame_host->GetLastCommittedOrigin(); | 51 caller_origin_ = render_frame_host->GetLastCommittedOrigin(); |
| 52 } | 52 } |
| 53 | 53 |
| 54 // mojom:Authenticator | 54 // mojom:Authenticator |
| 55 void AuthenticatorImpl::MakeCredential( | 55 void AuthenticatorImpl::MakeCredential( |
| 56 webauth::mojom::RelyingPartyAccountPtr account, | 56 webauth::mojom::MakeCredentialOptionsPtr options, |
| 57 std::vector<webauth::mojom::ScopedCredentialParametersPtr> parameters, | |
| 58 const std::vector<uint8_t>& challenge, | |
| 59 webauth::mojom::ScopedCredentialOptionsPtr options, | |
| 60 MakeCredentialCallback callback) { | 57 MakeCredentialCallback callback) { |
| 61 std::string effective_domain; | 58 std::string effective_domain; |
| 62 std::string relying_party_id; | 59 std::string relying_party_id; |
| 63 std::string client_data_json; | 60 std::string client_data_json; |
| 64 base::DictionaryValue client_data; | 61 base::DictionaryValue client_data; |
| 65 | 62 |
| 66 // Steps 6 & 7 of https://w3c.github.io/webauthn/#createCredential | 63 // Steps 6 & 7 of https://w3c.github.io/webauthn/#createCredential |
| 67 // opaque origin | 64 // opaque origin |
| 68 if (caller_origin_.unique()) { | 65 if (caller_origin_.unique()) { |
| 69 std::move(callback).Run( | 66 std::move(callback).Run( |
| 70 webauth::mojom::AuthenticatorStatus::NOT_ALLOWED_ERROR, NULL); | 67 webauth::mojom::AuthenticatorStatus::NOT_ALLOWED_ERROR, NULL); |
| 71 return; | 68 return; |
| 72 } | 69 } |
| 73 | 70 |
| 74 if (!options->relying_party_id) { | 71 if (options->relying_party->id.empty()) { |
| 75 relying_party_id = caller_origin_.Serialize(); | 72 relying_party_id = caller_origin_.Serialize(); |
| 76 } else { | 73 } else { |
| 77 effective_domain = caller_origin_.host(); | 74 effective_domain = caller_origin_.host(); |
| 78 | 75 |
| 79 DCHECK(!effective_domain.empty()); | 76 DCHECK(!effective_domain.empty()); |
| 80 // TODO(kpaulhamus): Check if relyingPartyId is a registrable domain | 77 // TODO(kpaulhamus): Check if relyingPartyId is a registrable domain |
| 81 // suffix of and equal to effectiveDomain and set relyingPartyId | 78 // suffix of and equal to effectiveDomain and set relyingPartyId |
| 82 // appropriately. | 79 // appropriately. |
| 83 relying_party_id = options->relying_party_id.value_or(std::string()); | 80 relying_party_id = options->relying_party->id; |
| 84 } | 81 } |
| 85 | 82 |
| 86 // TODO(kpaulhamus): Check ScopedCredentialParameter's type and | 83 // TODO(kpaulhamus): Check ScopedCredentialParameter's type and |
| 87 // algorithmIdentifier after algorithmIdentifier is added to mojom to | 84 // algorithmIdentifier after algorithmIdentifier is added to mojom to |
| 88 // make sure it is U2F_V2. | 85 // make sure it is U2F_V2. |
| 89 | 86 |
| 90 client_data.SetString(kTypeKey, kGetAssertionType); | 87 client_data.SetString(kTypeKey, kMakeCredentialType); |
| 91 client_data.SetString( | 88 client_data.SetString(kChallengeKey, |
| 92 kChallengeKey, | 89 base::StringPiece(reinterpret_cast<const char*>( |
| 93 base::StringPiece(reinterpret_cast<const char*>(challenge.data()), | 90 options->challenge.data()), |
| 94 challenge.size())); | 91 options->challenge.size())); |
| 95 client_data.SetString(kOriginKey, relying_party_id); | 92 client_data.SetString(kOriginKey, relying_party_id); |
| 96 // Channel ID is optional, and missing if the browser doesn't support it. | 93 // Channel ID is optional, and missing if the browser doesn't support it. |
| 97 // It is present and set to the constant "unused" if the browser | 94 // It is present and set to the constant "unused" if the browser |
| 98 // supports Channel ID but is not using it to talk to the origin. | 95 // supports Channel ID but is not using it to talk to the origin. |
| 99 // TODO(kpaulhamus): Fetch and add the Channel ID public key used to | 96 // TODO(kpaulhamus): Fetch and add the Channel ID public key used to |
| 100 // communicate with the origin. | 97 // communicate with the origin. |
| 101 client_data.SetString(kCidPubkeyKey, "unused"); | 98 client_data.SetString(kCidPubkeyKey, "unused"); |
| 102 | 99 |
| 103 // SHA-256 hash the JSON data structure | 100 // SHA-256 hash the JSON data structure |
| 104 client_data_json = SerializeValueToJson(client_data); | 101 client_data_json = SerializeValueToJson(client_data); |
| 105 std::string client_data_hash = crypto::SHA256HashString(client_data_json); | 102 std::string client_data_hash = crypto::SHA256HashString(client_data_json); |
| 106 | 103 |
| 107 std::move(callback).Run(webauth::mojom::AuthenticatorStatus::NOT_IMPLEMENTED, | 104 std::move(callback).Run(webauth::mojom::AuthenticatorStatus::NOT_IMPLEMENTED, |
| 108 nullptr); | 105 nullptr); |
| 109 } | 106 } |
| 110 | 107 |
| 111 } // namespace content | 108 } // namespace content |
| OLD | NEW |
