/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
 * You can obtain one at http://mozilla.org/MPL/2.0/. */

/*
 * IPC Transaction protocol for the WebAuthn DOM API. This IPC protocol allows
 * the content process to call to the parent to access hardware for
 * authentication registration and challenges. All transactions start in the
 * child process, and the parent replies with a "Confirm*" message, or a
 * "Cancel" message if there was an error (no hardware available, no registered
 * keys, etc) or interruption (another transaction was started in another
 * content process). Similarly, the content process can also request a cancel,
 * either triggered explicitly by the user/script or due to UI events like
 * selecting a different tab.
 */

include protocol PWindowGlobal;

include "mozilla/dom/WebAuthnIPCUtils.h";

using mozilla::dom::MaybeDiscardedBrowsingContext from "mozilla/dom/BrowsingContext.h";
using mozilla::dom::CredentialProtectionPolicy from "mozilla/dom/WebAuthenticationBinding.h";

namespace mozilla {
namespace dom {

struct WebAuthnAuthenticatorSelection {
  nsString residentKey;
  nsString userVerificationRequirement;
  nsString? authenticatorAttachment;
};

struct WebAuthnScopedCredential {
  uint8_t[] id;
  uint8_t transports;
};

struct WebAuthnExtensionCredProtect {
  CredentialProtectionPolicy policy;
  bool required;
};

struct WebAuthnExtensionCredProps {
  bool credProps;
};

struct WebAuthnExtensionHmacSecret {
  bool hmacCreateSecret;
};

struct WebAuthnExtensionLargeBlob {
  bool? flag;      // In registrations this indicates whether large blob support is required.
                   // In authentications this indicates whether this is a request to read the
                   // a blob or whether it is a request to write one.
  uint8_t[] write; // Authentication only. The value to be written when `flag` is
                   // present and false.
};

struct WebAuthnExtensionMinPinLength {
  bool minPinLength;
};

struct WebAuthnExtensionPrf {
  WebAuthnExtensionPrfValues? eval;
  bool evalByCredentialMaybe;
  WebAuthnExtensionPrfEvalByCredentialEntry[] evalByCredential;
};

struct WebAuthnExtensionPrfValues {
    uint8_t[] first;
    bool secondMaybe;
    uint8_t[] second;
};

struct WebAuthnExtensionPrfEvalByCredentialEntry {
    uint8_t[] credentialId;
    WebAuthnExtensionPrfValues eval;
};

union WebAuthnExtension {
  WebAuthnExtensionCredProtect;
  WebAuthnExtensionCredProps;
  WebAuthnExtensionHmacSecret;
  WebAuthnExtensionLargeBlob;
  WebAuthnExtensionMinPinLength;
  WebAuthnExtensionPrf;
};

struct WebAuthnExtensionResultAppId {
  bool AppId;
};

struct WebAuthnExtensionResultCredProps {
  bool rk;
};

struct WebAuthnExtensionResultHmacSecret {
  bool hmacCreateSecret;
};

struct WebAuthnExtensionResultLargeBlob {
  bool flag;      // In registration this indicates support. In authentication
                  // it indicates whether this is a read return or a write return.
  uint8_t[] blob; // Authentication only. Read return.
  bool written;   // Authentication only. Write return
};

struct WebAuthnExtensionResultPrf {
  bool? enabled;
  WebAuthnExtensionPrfValues? results;
};

union WebAuthnExtensionResult {
  WebAuthnExtensionResultAppId;
  WebAuthnExtensionResultCredProps;
  WebAuthnExtensionResultHmacSecret;
  WebAuthnExtensionResultLargeBlob;
  WebAuthnExtensionResultPrf;
};

struct WebAuthnMakeCredentialRpInfo {
  nsString Name;
};

struct WebAuthnMakeCredentialUserInfo {
  uint8_t[] Id;
  nsString Name;
  nsString DisplayName;
};

struct CoseAlg {
  long alg;
};

struct WebAuthnMakeCredentialInfo {
  nsCString RpId;
  uint8_t[] Challenge;
  uint32_t TimeoutMS;
  WebAuthnScopedCredential[] ExcludeList;
  WebAuthnMakeCredentialRpInfo Rp;
  WebAuthnMakeCredentialUserInfo User;
  CoseAlg[] coseAlgs;
  WebAuthnExtension[] Extensions;
  WebAuthnAuthenticatorSelection AuthenticatorSelection;
  nsString attestationConveyancePreference;
};

struct WebAuthnMakeCredentialResult {
  nsCString ClientDataJSON;
  uint8_t[] AttestationObject;
  uint8_t[] KeyHandle;
  nsString[] Transports;
  WebAuthnExtensionResult[] Extensions;
  nsString? AuthenticatorAttachment;
};

union WebAuthnMakeCredentialResponse {
  nsresult;
  WebAuthnMakeCredentialResult;
};

struct WebAuthnGetAssertionInfo {
  nsCString RpId;
  nsCString? AppId;
  uint8_t[] Challenge;
  uint32_t TimeoutMS;
  WebAuthnScopedCredential[] AllowList;
  WebAuthnExtension[] Extensions;
  nsString userVerificationRequirement;
  bool ConditionallyMediated;
};

struct WebAuthnGetAssertionResult {
  nsCString ClientDataJSON;
  uint8_t[] KeyHandle;
  uint8_t[] Signature;
  uint8_t[] AuthenticatorData;
  WebAuthnExtensionResult[] Extensions;
  uint8_t[] UserHandle;
  nsString? AuthenticatorAttachment;
};

union WebAuthnGetAssertionResponse {
  nsresult;
  WebAuthnGetAssertionResult;
};

async protocol PWebAuthnTransaction {
  manager PWindowGlobal;

  parent:
    async RequestRegister(WebAuthnMakeCredentialInfo aTransactionInfo) returns (WebAuthnMakeCredentialResponse response);
    async RequestSign(WebAuthnGetAssertionInfo aTransactionInfo) returns (WebAuthnGetAssertionResponse response);
    async RequestIsUVPAA() returns (bool available);
    async RequestCancel();

  child:
    async __delete__();
};

}
}