diff options
Diffstat (limited to '')
-rw-r--r-- | dom/webauthn/U2FTokenManager.h | 135 |
1 files changed, 135 insertions, 0 deletions
diff --git a/dom/webauthn/U2FTokenManager.h b/dom/webauthn/U2FTokenManager.h new file mode 100644 index 0000000000..3f5314b226 --- /dev/null +++ b/dom/webauthn/U2FTokenManager.h @@ -0,0 +1,135 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_dom_U2FTokenManager_h +#define mozilla_dom_U2FTokenManager_h + +#include "nsIU2FTokenManager.h" +#include "mozilla/dom/U2FTokenTransport.h" +#include "mozilla/dom/PWebAuthnTransaction.h" +#include "mozilla/Tainting.h" + +/* + * Parent process manager for U2F and WebAuthn API transactions. Handles process + * transactions from all content processes, make sure only one transaction is + * live at any time. Manages access to hardware and software based key systems. + * + * U2FTokenManager is created on the first access to functions of either the U2F + * or WebAuthn APIs that require key registration or signing. It lives until the + * end of the browser process. + */ + +namespace mozilla::dom { + +class U2FSoftTokenManager; +class WebAuthnTransactionParent; + +class U2FTokenManager final : public nsIU2FTokenManager { + public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIU2FTOKENMANAGER + + static U2FTokenManager* Get(); + void Register(PWebAuthnTransactionParent* aTransactionParent, + const uint64_t& aTransactionId, + const WebAuthnMakeCredentialInfo& aTransactionInfo); + void Sign(PWebAuthnTransactionParent* aTransactionParent, + const uint64_t& aTransactionId, + const WebAuthnGetAssertionInfo& aTransactionInfo); + void Cancel(PWebAuthnTransactionParent* aTransactionParent, + const Tainted<uint64_t>& aTransactionId); + void MaybeClearTransaction(PWebAuthnTransactionParent* aParent); + static void Initialize(); + + Maybe<nsString> GetCurrentOrigin() { + if (mPendingRegisterInfo.isSome()) { + return Some(mPendingRegisterInfo.value().Origin()); + } + + if (mPendingSignInfo.isSome()) { + return Some(mPendingSignInfo.value().Origin()); + } + return Nothing(); + } + + Maybe<uint64_t> GetCurrentBrowsingCtxId() { + if (mPendingRegisterInfo.isSome()) { + return Some(mPendingRegisterInfo.value().BrowsingContextId()); + } + + if (mPendingSignInfo.isSome()) { + return Some(mPendingSignInfo.value().BrowsingContextId()); + } + return Nothing(); + } + + uint64_t GetCurrentTransactionId() { return mLastTransactionId; } + + bool CurrentTransactionIsRegister() { return mPendingRegisterInfo.isSome(); } + + bool CurrentTransactionIsSign() { return mPendingSignInfo.isSome(); } + + // Sends a "webauthn-prompt" observer notification with the given data. + template <typename... T> + void SendPromptNotification(const char16_t* aFormat, T... aArgs); + // The main thread runnable function for "SendPromptNotification". + void RunSendPromptNotification(const nsString& aJSON); + + struct StatusUpdateResFreePolicy { + void operator()(rust_ctap2_status_update_res* p); + }; + UniquePtr<rust_ctap2_status_update_res, + U2FTokenManager::StatusUpdateResFreePolicy> + status_update_result = nullptr; + + private: + U2FTokenManager(); + ~U2FTokenManager() = default; + RefPtr<U2FTokenTransport> GetTokenManagerImpl(); + void AbortTransaction(const uint64_t& aTransactionId, const nsresult& aError, + bool shouldCancelActiveDialog); + void AbortOngoingTransaction(); + void ClearTransaction(bool send_cancel); + // Step two of "Register", kicking off the actual transaction. + void DoRegister(const WebAuthnMakeCredentialInfo& aInfo, + bool aForceNoneAttestation); + void DoSign(const WebAuthnGetAssertionInfo& aTransactionInfo); + void MaybeConfirmRegister(const uint64_t& aTransactionId, + const WebAuthnMakeCredentialResult& aResult); + void MaybeAbortRegister(const uint64_t& aTransactionId, + const nsresult& aError, + bool shouldCancelActiveDialog); + void MaybeConfirmSign(const uint64_t& aTransactionId, + const WebAuthnGetAssertionResult& aResult); + void MaybeAbortSign(const uint64_t& aTransactionId, const nsresult& aError, + bool shouldCancelActiveDialog); + // The main thread runnable function for "nsIU2FTokenManager.ResumeRegister". + void RunResumeRegister(uint64_t aTransactionId, bool aForceNoneAttestation); + void RunResumeSign(uint64_t aTransactionId); + void RunResumeWithSelectedSignResult(uint64_t aTransactionId, uint64_t idx); + // The main thread runnable function for "nsIU2FTokenManager.Cancel". + void RunCancel(uint64_t aTransactionId); + // Using a raw pointer here, as the lifetime of the IPC object is managed by + // the PBackground protocol code. This means we cannot be left holding an + // invalid IPC protocol object after the transaction is finished. + PWebAuthnTransactionParent* mTransactionParent; + RefPtr<U2FTokenTransport> mTokenManagerImpl; + MozPromiseRequestHolder<U2FRegisterPromise> mRegisterPromise; + MozPromiseRequestHolder<U2FSignPromise> mSignPromise; + // The last transaction id, non-zero if there's an active transaction. This + // guards any cancel messages to ensure we don't cancel newer transactions + // due to a stale message. + uint64_t mLastTransactionId; + // Pending registration info while we wait for user input. + Maybe<WebAuthnMakeCredentialInfo> mPendingRegisterInfo; + // Pending registration info while we wait for user input. + Maybe<WebAuthnGetAssertionInfo> mPendingSignInfo; + nsTArray<WebAuthnGetAssertionResultWrapper> mPendingSignResults; +}; + +} // namespace mozilla::dom + +#endif // mozilla_dom_U2FTokenManager_h |