diff options
Diffstat (limited to 'dom/webauthn/WebAuthnResult.h')
-rw-r--r-- | dom/webauthn/WebAuthnResult.h | 229 |
1 files changed, 229 insertions, 0 deletions
diff --git a/dom/webauthn/WebAuthnResult.h b/dom/webauthn/WebAuthnResult.h new file mode 100644 index 0000000000..f7653fd4b0 --- /dev/null +++ b/dom/webauthn/WebAuthnResult.h @@ -0,0 +1,229 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_dom_WebAuthnResult_h_ +#define mozilla_dom_WebAuthnResult_h_ + +#include "nsIWebAuthnResult.h" +#include "nsString.h" +#include "nsTArray.h" + +#include "mozilla/Maybe.h" +#include "nsString.h" + +#ifdef MOZ_WIDGET_ANDROID +# include "mozilla/java/WebAuthnTokenManagerNatives.h" +#endif + +#ifdef XP_WIN +# include <windows.h> +# include "mozilla/dom/PWebAuthnTransactionParent.h" +# include "winwebauthn/webauthn.h" +#endif + +namespace mozilla::dom { + +class WebAuthnRegisterResult final : public nsIWebAuthnRegisterResult { + public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIWEBAUTHNREGISTERRESULT + + WebAuthnRegisterResult(const nsTArray<uint8_t>& aAttestationObject, + const Maybe<nsCString>& aClientDataJSON, + const nsTArray<uint8_t>& aCredentialId, + const nsTArray<nsString>& aTransports, + const Maybe<nsString>& aAuthenticatorAttachment) + : mClientDataJSON(aClientDataJSON), + mCredPropsRk(Nothing()), + mAuthenticatorAttachment(aAuthenticatorAttachment) { + mAttestationObject.AppendElements(aAttestationObject); + mCredentialId.AppendElements(aCredentialId); + mTransports.AppendElements(aTransports); + } + +#ifdef MOZ_WIDGET_ANDROID + explicit WebAuthnRegisterResult( + const java::WebAuthnTokenManager::MakeCredentialResponse::LocalRef& + aResponse) { + mAttestationObject.AppendElements( + reinterpret_cast<uint8_t*>( + aResponse->AttestationObject()->GetElements().Elements()), + aResponse->AttestationObject()->Length()); + mClientDataJSON = Some(nsAutoCString( + reinterpret_cast<const char*>( + aResponse->ClientDataJson()->GetElements().Elements()), + aResponse->ClientDataJson()->Length())); + mCredentialId.AppendElements( + reinterpret_cast<uint8_t*>( + aResponse->KeyHandle()->GetElements().Elements()), + aResponse->KeyHandle()->Length()); + auto transports = aResponse->Transports(); + for (size_t i = 0; i < transports->Length(); i++) { + mTransports.AppendElement( + jni::String::LocalRef(transports->GetElement(i))->ToString()); + } + // authenticator attachment is not available on Android + mAuthenticatorAttachment = Nothing(); + } +#endif + +#ifdef XP_WIN + WebAuthnRegisterResult(nsCString& aClientDataJSON, + PCWEBAUTHN_CREDENTIAL_ATTESTATION aResponse) + : mClientDataJSON(Some(aClientDataJSON)) { + mCredentialId.AppendElements(aResponse->pbCredentialId, + aResponse->cbCredentialId); + + mAttestationObject.AppendElements(aResponse->pbAttestationObject, + aResponse->cbAttestationObject); + + nsTArray<WebAuthnExtensionResult> extensions; + if (aResponse->dwVersion >= WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_2) { + PCWEBAUTHN_EXTENSIONS pExtensionList = &aResponse->Extensions; + if (pExtensionList->cExtensions != 0 && + pExtensionList->pExtensions != NULL) { + for (DWORD dwIndex = 0; dwIndex < pExtensionList->cExtensions; + dwIndex++) { + PWEBAUTHN_EXTENSION pExtension = + &pExtensionList->pExtensions[dwIndex]; + if (pExtension->pwszExtensionIdentifier && + (0 == _wcsicmp(pExtension->pwszExtensionIdentifier, + WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET)) && + pExtension->cbExtension == sizeof(BOOL)) { + BOOL* pCredentialCreatedWithHmacSecret = + (BOOL*)pExtension->pvExtension; + if (*pCredentialCreatedWithHmacSecret) { + mHmacCreateSecret = Some(true); + } + } + } + } + } + + if (aResponse->dwVersion >= WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_3) { + if (aResponse->dwUsedTransport & WEBAUTHN_CTAP_TRANSPORT_USB) { + mTransports.AppendElement(u"usb"_ns); + } + if (aResponse->dwUsedTransport & WEBAUTHN_CTAP_TRANSPORT_NFC) { + mTransports.AppendElement(u"nfc"_ns); + } + if (aResponse->dwUsedTransport & WEBAUTHN_CTAP_TRANSPORT_BLE) { + mTransports.AppendElement(u"ble"_ns); + } + if (aResponse->dwUsedTransport & WEBAUTHN_CTAP_TRANSPORT_INTERNAL) { + mTransports.AppendElement(u"internal"_ns); + } + } + // WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_5 corresponds to + // WEBAUTHN_API_VERSION_6 which is where WEBAUTHN_CTAP_TRANSPORT_HYBRID was + // defined. + if (aResponse->dwVersion >= WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_5) { + if (aResponse->dwUsedTransport & WEBAUTHN_CTAP_TRANSPORT_HYBRID) { + mTransports.AppendElement(u"hybrid"_ns); + } + } + + if (aResponse->dwVersion >= WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_3) { + if (aResponse->dwUsedTransport & WEBAUTHN_CTAP_TRANSPORT_INTERNAL) { + mAuthenticatorAttachment = Some(u"platform"_ns); + } else { + mAuthenticatorAttachment = Some(u"cross-platform"_ns); + } + } + } +#endif + + nsresult Anonymize(); + + private: + ~WebAuthnRegisterResult() = default; + + nsTArray<uint8_t> mAttestationObject; + nsTArray<uint8_t> mCredentialId; + nsTArray<nsString> mTransports; + Maybe<nsCString> mClientDataJSON; + Maybe<bool> mCredPropsRk; + Maybe<bool> mHmacCreateSecret; + Maybe<nsString> mAuthenticatorAttachment; +}; + +class WebAuthnSignResult final : public nsIWebAuthnSignResult { + public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIWEBAUTHNSIGNRESULT + + WebAuthnSignResult(const nsTArray<uint8_t>& aAuthenticatorData, + const Maybe<nsCString>& aClientDataJSON, + const nsTArray<uint8_t>& aCredentialId, + const nsTArray<uint8_t>& aSignature, + const nsTArray<uint8_t>& aUserHandle, + const Maybe<nsString>& aAuthenticatorAttachment) + : mClientDataJSON(aClientDataJSON), + mAuthenticatorAttachment(aAuthenticatorAttachment) { + mAuthenticatorData.AppendElements(aAuthenticatorData); + mCredentialId.AppendElements(aCredentialId); + mSignature.AppendElements(aSignature); + mUserHandle.AppendElements(aUserHandle); + } + +#ifdef MOZ_WIDGET_ANDROID + explicit WebAuthnSignResult( + const java::WebAuthnTokenManager::GetAssertionResponse::LocalRef& + aResponse) { + mAuthenticatorData.AppendElements( + reinterpret_cast<uint8_t*>( + aResponse->AuthData()->GetElements().Elements()), + aResponse->AuthData()->Length()); + mClientDataJSON = Some(nsAutoCString( + reinterpret_cast<const char*>( + aResponse->ClientDataJson()->GetElements().Elements()), + aResponse->ClientDataJson()->Length())); + mCredentialId.AppendElements( + reinterpret_cast<uint8_t*>( + aResponse->KeyHandle()->GetElements().Elements()), + aResponse->KeyHandle()->Length()); + mSignature.AppendElements( + reinterpret_cast<uint8_t*>( + aResponse->Signature()->GetElements().Elements()), + aResponse->Signature()->Length()); + mUserHandle.AppendElements( + reinterpret_cast<uint8_t*>( + aResponse->UserHandle()->GetElements().Elements()), + aResponse->UserHandle()->Length()); + // authenticator attachment is not available on Android + mAuthenticatorAttachment = Nothing(); + } +#endif + +#ifdef XP_WIN + WebAuthnSignResult(nsCString& aClientDataJSON, PCWEBAUTHN_ASSERTION aResponse) + : mClientDataJSON(Some(aClientDataJSON)) { + mSignature.AppendElements(aResponse->pbSignature, aResponse->cbSignature); + + mCredentialId.AppendElements(aResponse->Credential.pbId, + aResponse->Credential.cbId); + + mUserHandle.AppendElements(aResponse->pbUserId, aResponse->cbUserId); + + mAuthenticatorData.AppendElements(aResponse->pbAuthenticatorData, + aResponse->cbAuthenticatorData); + + mAuthenticatorAttachment = Nothing(); // not available + } +#endif + + private: + ~WebAuthnSignResult() = default; + + nsTArray<uint8_t> mAuthenticatorData; + Maybe<nsCString> mClientDataJSON; + nsTArray<uint8_t> mCredentialId; + nsTArray<uint8_t> mSignature; + nsTArray<uint8_t> mUserHandle; + Maybe<nsString> mAuthenticatorAttachment; + Maybe<bool> mUsedAppId; +}; + +} // namespace mozilla::dom +#endif // mozilla_dom_WebAuthnResult_h |