| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 /** |
| 6 * @fileoverview Implements a check whether an origin is allowed to assert an |
| 7 * app id based on whether they share the same effective TLD + 1. |
| 8 * |
| 9 */ |
| 10 'use strict'; |
| 11 |
| 12 /** |
| 13 * Implements half of the app id policy: whether an origin is allowed to claim |
| 14 * an app id. For checking whether the app id also lists the origin, |
| 15 * @see AppIdChecker. |
| 16 * @implements OriginChecker |
| 17 * @constructor |
| 18 */ |
| 19 function EtldOriginChecker() { |
| 20 // The instance of this class is managed by FactoryRegistry, which also |
| 21 // manages a TextFetcher on which EffectiveTldFetcher depends. Thus, we must |
| 22 // initialize the EffectiveTldFetcher lazily (see getFetcher). |
| 23 /** @private {EffectiveTldFetcher} */ |
| 24 this.etldFetcher_ = null; |
| 25 } |
| 26 |
| 27 /** |
| 28 * Gets an EffectiveTldFetcher instance, creating one if necessary. |
| 29 * @return {!EffectiveTldFetcher} |
| 30 */ |
| 31 EtldOriginChecker.prototype.getFetcher = function() { |
| 32 if (!this.etldFetcher_) { |
| 33 var fetcher = FACTORY_REGISTRY.getTextFetcher(); |
| 34 this.etldFetcher_ = new EffectiveTldFetcher(fetcher, true); |
| 35 } |
| 36 return this.etldFetcher_; |
| 37 }; |
| 38 |
| 39 /** |
| 40 * Checks whether the origin is allowed to claim the app ids. |
| 41 * @param {string} origin The origin claiming the app id. |
| 42 * @param {!Array.<string>} appIds The app ids being claimed. |
| 43 * @return {Promise.<boolean>} A promise for the result of the check. |
| 44 */ |
| 45 EtldOriginChecker.prototype.canClaimAppIds = function(origin, appIds) { |
| 46 // First make sure we know the origin's eTLD + 1, to know whether the origin |
| 47 // can assert the app ids. |
| 48 var p = this.getFetcher().getEffectiveTldPlusOne(origin); |
| 49 var self = this; |
| 50 return p.then(function(originEtldPlusOne) { |
| 51 if (!originEtldPlusOne) |
| 52 return Promise.resolve(false); |
| 53 var appIdChecks = appIds.map( |
| 54 self.checkAppId_.bind(self, origin, originEtldPlusOne)); |
| 55 return Promise.all(appIdChecks).then(function(results) { |
| 56 return results.every(function(result) { |
| 57 return result; |
| 58 }); |
| 59 }); |
| 60 }); |
| 61 }; |
| 62 |
| 63 /** |
| 64 * Checks if a single appId can be asserted by the given origin. |
| 65 * @param {string} origin The origin. |
| 66 * @param {string} originEtldPlusOne The origin's etld + 1. |
| 67 * @param {string} appId The appId to check |
| 68 * @return {Promise.<boolean>} A promise for the result of the check |
| 69 * @private |
| 70 */ |
| 71 EtldOriginChecker.prototype.checkAppId_ = |
| 72 function(origin, originEtldPlusOne, appId) { |
| 73 if (appId == origin) { |
| 74 // Trivially allowed |
| 75 return Promise.resolve(true); |
| 76 } |
| 77 var appIdOrigin = getOriginFromUrl(appId); |
| 78 if (!appIdOrigin) |
| 79 return Promise.resolve(false); |
| 80 var appIdOriginString = /** @type {string} */ (appIdOrigin); |
| 81 var p = this.getFetcher().getEffectiveTldPlusOne(appIdOriginString); |
| 82 return p.then(function(appIdEtldPlusOne) { |
| 83 if (originEtldPlusOne == appIdEtldPlusOne) |
| 84 return true; |
| 85 // As an exception, allow google.com to use gstatic.com appIds. These should |
| 86 // be implemented using the redirect mechanism described in the FIDO AppID |
| 87 // and Facet Specification, but Javascript doesn't allow us to implement it |
| 88 // correctly: the client can't ensure the presence of the |
| 89 // FIDO-AppID-Redirect-Authorized header prior to following the redirect. |
| 90 if (originEtldPlusOne == 'google.com') |
| 91 return appIdEtldPlusOne == 'gstatic.com'; |
| 92 return false; |
| 93 }); |
| 94 }; |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 799923007:
Enable 3rd party support for Security Keys. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master