// Copyright 2018 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include <cstdint> #include <memory> #include <optional> #include <tuple> #include <utility> #include <vector> #include "base/containers/contains.h" #include "base/containers/flat_set.h" #include "base/containers/span.h" #include "base/functional/bind.h" #include "base/functional/callback.h" #include "base/location.h" #include "base/logging.h" #include "base/memory/raw_ptr.h" #include "base/memory/scoped_refptr.h" #include "base/numerics/safe_conversions.h" #include "base/run_loop.h" #include "base/task/single_thread_task_runner.h" #include "base/test/metrics/histogram_tester.h" #include "base/test/task_environment.h" #include "base/test/test_future.h" #include "base/time/time.h" #include "build/build_config.h" #include "build/chromeos_buildflags.h" #include "components/cbor/reader.h" #include "components/cbor/values.h" #include "device/bluetooth/bluetooth_adapter_factory.h" #include "device/bluetooth/test/mock_bluetooth_adapter.h" #include "device/fido/authenticator_get_info_response.h" #include "device/fido/authenticator_make_credential_response.h" #include "device/fido/authenticator_selection_criteria.h" #include "device/fido/authenticator_supported_options.h" #include "device/fido/ctap_make_credential_request.h" #include "device/fido/device_response_converter.h" #include "device/fido/fake_fido_discovery.h" #include "device/fido/fido_constants.h" #include "device/fido/fido_device.h" #include "device/fido/fido_device_authenticator.h" #include "device/fido/fido_discovery_base.h" #include "device/fido/fido_parsing_utils.h" #include "device/fido/fido_test_data.h" #include "device/fido/fido_transport_protocol.h" #include "device/fido/fido_types.h" #include "device/fido/make_credential_request_handler.h" #include "device/fido/make_credential_task.h" #include "device/fido/mock_fido_device.h" #include "device/fido/public_key_credential_params.h" #include "device/fido/public_key_credential_rp_entity.h" #include "device/fido/public_key_credential_user_entity.h" #include "device/fido/virtual_ctap2_device.h" #include "device/fido/virtual_fido_device.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" #if BUILDFLAG(IS_WIN) #include "device/fido/win/fake_webauthn_api.h" #endif // BUILDFLAG(IS_WIN) _; DoAll; Invoke; Return; WithoutArgs; namespace device { namespace { TestMakeCredentialRequestFuture; } // namespace constexpr char kResponseTransportHistogram[] = …; class FidoMakeCredentialHandlerTest : public ::testing::Test { … }; TEST_F(FidoMakeCredentialHandlerTest, TransportAvailabilityInfo) { … } TEST_F(FidoMakeCredentialHandlerTest, TransportAvailabilityInfoRk) { … } TEST_F(FidoMakeCredentialHandlerTest, TransportAvailabilityInfoIsInternalOnly) { … } TEST_F(FidoMakeCredentialHandlerTest, TestCtap2MakeCredential) { … } // Test a scenario where the connected authenticator is a U2F device. TEST_F(FidoMakeCredentialHandlerTest, TestU2fRegister) { … } TEST_F(FidoMakeCredentialHandlerTest, U2fRegisterWithUserVerificationRequired) { … } TEST_F(FidoMakeCredentialHandlerTest, U2fRegisterWithResidentKeyRequirement) { … } TEST_F(FidoMakeCredentialHandlerTest, UserVerificationRequirementNotMet) { … } TEST_F(FidoMakeCredentialHandlerTest, CrossPlatformAttachment) { … } TEST_F(FidoMakeCredentialHandlerTest, PlatformAttachment) { … } TEST_F(FidoMakeCredentialHandlerTest, ResidentKeyRequirementNotMet) { … } MATCHER(IsResidentKeyRequest, "") { … } // Matches a CTAP command that is: // * A valid make credential request, // * if |is_uv| is true, // * with an options map present, // * and options.uv present and true. // * if |is_uv_| is false, // * with an options map not present, // * or options.uv not present or false. MATCHER_P(IsUvRequest, is_uv, "") { … } ACTION_P(Reply, reply) { … } TEST_F(FidoMakeCredentialHandlerTest, ResidentKeyCancelOtherAuthenticator) { … } TEST_F(FidoMakeCredentialHandlerTest, ResidentKeyCancel) { … } TEST_F(FidoMakeCredentialHandlerTest, AuthenticatorSelectionCriteriaSatisfiedByCrossPlatformDevice) { … } TEST_F(FidoMakeCredentialHandlerTest, AuthenticatorSelectionCriteriaSatisfiedByPlatformDevice) { … } // A platform authenticator is ignored for cross-platform requests. TEST_F(FidoMakeCredentialHandlerTest, CrossPlatformAuthenticatorPretendingToBePlatform) { … } // A platform authenticator claiming to be a cross-platform authenticator as per // its GetInfo response is rejected. TEST_F(FidoMakeCredentialHandlerTest, PlatformAuthenticatorPretendingToBeCrossPlatform) { … } TEST_F(FidoMakeCredentialHandlerTest, SupportedTransportsAreOnlyNfc) { … } TEST_F(FidoMakeCredentialHandlerTest, IncorrectRpIdHash) { … } // Tests that only authenticators with resident key support will successfully // process MakeCredential request when the relying party requires using resident // keys in AuthenicatorSelectionCriteria. TEST_F(FidoMakeCredentialHandlerTest, SuccessfulMakeCredentialWithResidentKeyOption) { … } // Tests that MakeCredential request fails when asking to use resident keys with // authenticators that do not support resident key. TEST_F(FidoMakeCredentialHandlerTest, MakeCredentialFailsForIncompatibleResidentKeyOption) { … } // If a device with transport type kInternal returns a // CTAP2_ERR_OPERATION_DENIED error, the request should complete with // MakeCredentialStatus::kUserConsentDenied. TEST_F(FidoMakeCredentialHandlerTest, TestRequestWithOperationDeniedErrorPlatform) { … } // Like |TestRequestWithOperationDeniedErrorPlatform|, but with a // cross-platform device. TEST_F(FidoMakeCredentialHandlerTest, TestRequestWithOperationDeniedErrorCrossPlatform) { … } TEST_F(FidoMakeCredentialHandlerTest, TestCrossPlatformAuthenticatorsForceUVWhenSupported) { … } // If a device returns CTAP2_ERR_PIN_AUTH_INVALID, the request should complete // with MakeCredentialStatus::kUserConsentDenied. TEST_F(FidoMakeCredentialHandlerTest, TestRequestWithPinAuthInvalid) { … } MATCHER_P(IsCtap2Command, expected_command, "") { … } TEST_F(FidoMakeCredentialHandlerTest, DeviceFailsImmediately) { … } TEST_F(FidoMakeCredentialHandlerTest, PinUvAuthTokenPreTouchFailure) { … } TEST_F(FidoMakeCredentialHandlerTest, ReportTransportMetric) { … } #if BUILDFLAG(IS_WIN) TEST_F(FidoMakeCredentialHandlerTest, ReportTransportMetricWin) { FakeWinWebAuthnApi win_api; win_api.set_version(WEBAUTHN_API_VERSION_3); win_api.set_transport(WEBAUTHN_CTAP_TRANSPORT_BLE); WinWebAuthnApi::ScopedOverride win_webauthn_api_override(&win_api); base::HistogramTester histograms; fake_discovery_factory_->set_discover_win_webauthn_api_authenticator(true); auto request_handler = CreateMakeCredentialHandler(); EXPECT_TRUE(future().Wait()); EXPECT_EQ(MakeCredentialStatus::kSuccess, std::get<0>(future().Get())); histograms.ExpectUniqueSample(kResponseTransportHistogram, FidoTransportProtocol::kBluetoothLowEnergy, 1); } #endif // BUILDFLAG(IS_WIN) } // namespace device
Codebase Browser
chromium