// Copyright 2018 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "device/fido/make_credential_request_handler.h" #include <map> #include <set> #include <utility> #include "base/barrier_closure.h" #include "base/containers/contains.h" #include "base/feature_list.h" #include "base/functional/bind.h" #include "base/json/json_writer.h" #include "base/metrics/histogram_functions.h" #include "base/stl_util.h" #include "base/strings/string_number_conversions.h" #include "build/build_config.h" #include "build/chromeos_buildflags.h" #include "components/cbor/diagnostic_writer.h" #include "components/device_event_log/device_event_log.h" #include "device/fido/features.h" #include "device/fido/fido_authenticator.h" #include "device/fido/fido_constants.h" #include "device/fido/fido_discovery_factory.h" #include "device/fido/fido_parsing_utils.h" #include "device/fido/fido_transport_protocol.h" #include "device/fido/fido_types.h" #include "device/fido/filter.h" #include "device/fido/make_credential_task.h" #if BUILDFLAG(IS_WIN) #include "device/fido/win/authenticator.h" #include "device/fido/win/type_conversions.h" #include "third_party/microsoft_webauthn/webauthn.h" #endif #if BUILDFLAG(IS_CHROMEOS) #include "device/fido/cros/authenticator.h" #endif namespace device { PINUVDisposition; BioEnrollmentAvailability; namespace { // Permissions requested for PinUvAuthToken. GetAssertion is needed for silent // probing of credentials. const std::set<pin::Permissions> GetMakeCredentialRequestPermissions( FidoAuthenticator* authenticator) { … } // IsCandidateAuthenticatorPreTouch returns true if the given authenticator // should even blink for a request. bool IsCandidateAuthenticatorPreTouch( FidoAuthenticator* authenticator, AuthenticatorAttachment requested_attachment, bool allow_platform_authenticator_for_make_credential_request) { … } // IsCandidateAuthenticatorPostTouch returns a value other than |kSuccess| if // the given authenticator cannot handle a request. MakeCredentialStatus IsCandidateAuthenticatorPostTouch( const CtapMakeCredentialRequest& request, FidoAuthenticator* authenticator, const MakeCredentialOptions& options, const FidoRequestHandlerBase::Observer* observer) { … } base::flat_set<FidoTransportProtocol> GetTransportsAllowedByRP( AuthenticatorAttachment authenticator_attachment) { … } void ReportMakeCredentialResponseTransport( std::optional<FidoTransportProtocol> transport) { … } // CredProtectForAuthenticator translates a |CredProtectRequest| to a // |CredProtect| value given the capabilities of a specific authenticator. CredProtect CredProtectForAuthenticator( CredProtectRequest request, const FidoAuthenticator& authenticator) { … } // ValidateResponseExtensions returns true iff |extensions| is valid as a // response to |request| from an authenticator that reports that it supports // |options|. bool ValidateResponseExtensions( const CtapMakeCredentialRequest& request, const MakeCredentialOptions& options, const FidoAuthenticator& authenticator, const AuthenticatorMakeCredentialResponse& response, const cbor::Value& extensions) { … } // ResponseValid returns whether |response| is permissible for the given // |authenticator| and |request|. bool ResponseValid(const FidoAuthenticator& authenticator, const CtapMakeCredentialRequest& request, const AuthenticatorMakeCredentialResponse& response, const MakeCredentialOptions& options) { … } UserVerificationRequirement AtLeastUVPreferred(UserVerificationRequirement uv) { … } } // namespace MakeCredentialRequestHandler::MakeCredentialRequestHandler( FidoDiscoveryFactory* fido_discovery_factory, std::vector<std::unique_ptr<FidoDiscoveryBase>> additional_discoveries, const base::flat_set<FidoTransportProtocol>& supported_transports, CtapMakeCredentialRequest request, const MakeCredentialOptions& options, CompletionCallback completion_callback) : … { … } MakeCredentialRequestHandler::~MakeCredentialRequestHandler() = default; void MakeCredentialRequestHandler::DispatchRequest( FidoAuthenticator* authenticator) { … } void MakeCredentialRequestHandler::DispatchRequestAfterAppIdExclude( std::unique_ptr<CtapMakeCredentialRequest> request, FidoAuthenticator* authenticator, CtapDeviceResponseCode status, std::optional<bool> unused) { … } void MakeCredentialRequestHandler::AuthenticatorRemoved( FidoDiscoveryBase* discovery, FidoAuthenticator* authenticator) { … } bool MakeCredentialRequestHandler::AuthenticatorSelectedForPINUVAuthToken( FidoAuthenticator* authenticator) { … } void MakeCredentialRequestHandler::CollectPIN( pin::PINEntryReason reason, pin::PINEntryError error, uint32_t min_pin_length, int attempts, ProvidePINCallback provide_pin_cb) { … } void MakeCredentialRequestHandler::PromptForInternalUVRetry(int attempts) { … } void MakeCredentialRequestHandler::HavePINUVAuthTokenResultForAuthenticator( FidoAuthenticator* authenticator, AuthTokenRequester::Result result, std::optional<pin::TokenResponse> token_response) { … } void MakeCredentialRequestHandler::ObtainPINUVAuthToken( FidoAuthenticator* authenticator, bool skip_pin_touch, bool internal_uv_locked) { … } void MakeCredentialRequestHandler::HandleResponse( FidoAuthenticator* authenticator, std::unique_ptr<CtapMakeCredentialRequest> request, base::ElapsedTimer request_timer, MakeCredentialStatus status, std::optional<AuthenticatorMakeCredentialResponse> response) { … } void MakeCredentialRequestHandler::HandleExcludedAuthenticator( FidoAuthenticator* authenticator) { … } void MakeCredentialRequestHandler::HandleInapplicableAuthenticator( FidoAuthenticator* authenticator, MakeCredentialStatus status) { … } void MakeCredentialRequestHandler::OnSampleCollected( BioEnrollmentSampleStatus status, int samples_remaining) { … } void MakeCredentialRequestHandler::OnEnrollmentDone( std::optional<std::vector<uint8_t>> template_id) { … } void MakeCredentialRequestHandler::OnEnrollmentError( CtapDeviceResponseCode status) { … } void MakeCredentialRequestHandler::OnEnrollmentDismissed() { … } void MakeCredentialRequestHandler::OnEnrollmentComplete( std::unique_ptr<CtapMakeCredentialRequest> request) { … } void MakeCredentialRequestHandler::DispatchRequestWithToken( FidoAuthenticator* authenticator, std::unique_ptr<CtapMakeCredentialRequest> request, pin::TokenResponse token) { … } void MakeCredentialRequestHandler::SpecializeRequestForAuthenticator( CtapMakeCredentialRequest* request, const FidoAuthenticator* authenticator) { … } } // namespace device
Codebase Browser
chromium