// Copyright 2014 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "third_party/blink/renderer/modules/credentialmanagement/authentication_credentials_container.h" #include <memory> #include <optional> #include <utility> #include "base/metrics/histogram_functions.h" #include "base/notreached.h" #include "build/build_config.h" #include "services/network/public/cpp/is_potentially_trustworthy.h" #include "third_party/blink/public/common/sms/webotp_constants.h" #include "third_party/blink/public/mojom/credentialmanagement/credential_manager.mojom-blink.h" #include "third_party/blink/public/mojom/payments/payment_credential.mojom-blink.h" #include "third_party/blink/public/mojom/sms/webotp_service.mojom-blink.h" #include "third_party/blink/renderer/bindings/core/v8/script_promise.h" #include "third_party/blink/renderer/bindings/core/v8/script_promise_resolver.h" #include "third_party/blink/renderer/bindings/core/v8/v8_union_arraybuffer_arraybufferview.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_all_accepted_credentials_options.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_authentication_extensions_client_inputs.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_authentication_extensions_client_outputs.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_authentication_extensions_large_blob_inputs.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_authentication_extensions_large_blob_outputs.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_authentication_extensions_payment_inputs.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_authentication_extensions_prf_inputs.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_authentication_extensions_prf_outputs.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_authentication_extensions_prf_values.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_authentication_extensions_supplemental_pub_keys_inputs.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_authentication_extensions_supplemental_pub_keys_outputs.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_authenticator_selection_criteria.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_credential_creation_options.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_credential_properties_output.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_credential_request_options.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_current_user_details_options.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_federated_credential_request_options.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_identity_credential_request_options.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_identity_provider_config.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_identity_provider_request_options.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_otp_credential_request_options.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_public_key_credential_creation_options.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_public_key_credential_descriptor.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_public_key_credential_parameters.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_public_key_credential_request_options.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_public_key_credential_rp_entity.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_public_key_credential_user_entity.h" #include "third_party/blink/renderer/bindings/modules/v8/v8_union_htmlformelement_passwordcredentialdata.h" #include "third_party/blink/renderer/core/dom/abort_signal.h" #include "third_party/blink/renderer/core/dom/dom_exception.h" #include "third_party/blink/renderer/core/dom/scoped_abort_state.h" #include "third_party/blink/renderer/core/execution_context/execution_context.h" #include "third_party/blink/renderer/core/frame/csp/content_security_policy.h" #include "third_party/blink/renderer/core/frame/frame.h" #include "third_party/blink/renderer/core/frame/local_frame.h" #include "third_party/blink/renderer/core/frame/navigator.h" #include "third_party/blink/renderer/core/frame/web_feature.h" #include "third_party/blink/renderer/core/inspector/console_message.h" #include "third_party/blink/renderer/core/page/frame_tree.h" #include "third_party/blink/renderer/core/typed_arrays/dom_array_buffer.h" #include "third_party/blink/renderer/core/typed_arrays/dom_array_piece.h" #include "third_party/blink/renderer/modules/credentialmanagement/authenticator_assertion_response.h" #include "third_party/blink/renderer/modules/credentialmanagement/authenticator_attestation_response.h" #include "third_party/blink/renderer/modules/credentialmanagement/credential.h" #include "third_party/blink/renderer/modules/credentialmanagement/credential_manager_proxy.h" #include "third_party/blink/renderer/modules/credentialmanagement/credential_manager_type_converters.h" // IWYU pragma: keep #include "third_party/blink/renderer/modules/credentialmanagement/credential_utils.h" #include "third_party/blink/renderer/modules/credentialmanagement/federated_credential.h" #include "third_party/blink/renderer/modules/credentialmanagement/identity_credential.h" #include "third_party/blink/renderer/modules/credentialmanagement/identity_credential_error.h" #include "third_party/blink/renderer/modules/credentialmanagement/otp_credential.h" #include "third_party/blink/renderer/modules/credentialmanagement/password_credential.h" #include "third_party/blink/renderer/modules/credentialmanagement/public_key_credential.h" #include "third_party/blink/renderer/modules/credentialmanagement/scoped_promise_resolver.h" #include "third_party/blink/renderer/platform/bindings/exception_code.h" #include "third_party/blink/renderer/platform/bindings/exception_state.h" #include "third_party/blink/renderer/platform/heap/garbage_collected.h" #include "third_party/blink/renderer/platform/instrumentation/use_counter.h" #include "third_party/blink/renderer/platform/runtime_enabled_features.h" #include "third_party/blink/renderer/platform/weborigin/security_origin.h" #include "third_party/blink/renderer/platform/wtf/functional.h" #include "third_party/blink/renderer/platform/wtf/text/base64.h" #include "third_party/blink/renderer/platform/wtf/text/wtf_string.h" #include "third_party/blink/renderer/platform/wtf/wtf_size_t.h" #if BUILDFLAG(IS_ANDROID) #include "third_party/blink/renderer/bindings/modules/v8/v8_public_key_credential_rp_entity.h" #endif namespace blink { namespace { AttestationConveyancePreference; AuthenticationExtensionsClientOutputsPtr; AuthenticatorAttachment; AuthenticatorStatus; CredentialInfo; CredentialInfoPtr; CredentialManagerError; CredentialMediationRequirement; PaymentCredentialInstrument; WebAuthnDOMExceptionDetailsPtr; MojoPublicKeyCredentialCreationOptions; MakeCredentialAuthenticatorResponsePtr; MojoPublicKeyCredentialRequestOptions; GetAssertionAuthenticatorResponsePtr; RequestTokenStatus; PaymentCredentialStorageStatus; constexpr size_t kMaxLargeBlobSize = …; // 2kb. // RequiredOriginType enumerates the requirements on the environment to perform // an operation. enum class RequiredOriginType { … }; // Returns whether the number of unique origins in the ancestor chain, including // the current origin are less or equal to |max_unique_origins|. // // Examples: // A.com = 1 unique origin // A.com -> A.com = 1 unique origin // A.com -> A.com -> B.com = 2 unique origins // A.com -> B.com -> B.com = 2 unique origins // A.com -> B.com -> A.com = 3 unique origins bool AreUniqueOriginsLessOrEqualTo(const Frame* frame, int max_unique_origins) { … } const SecurityOrigin* GetSecurityOrigin(const Frame* frame) { … } bool IsSameSecurityOriginWithAncestors(const Frame* frame) { … } bool IsAncestorChainValidForWebOTP(const Frame* frame) { … } bool CheckSecurityRequirementsBeforeRequest( ScriptPromiseResolverBase* resolver, RequiredOriginType required_origin_type) { … } void AssertSecurityRequirementsBeforeResponse( ScriptPromiseResolverBase* resolver, RequiredOriginType require_origin) { … } // Checks if the icon URL is an a-priori authenticated URL. // https://w3c.github.io/webappsec-credential-management/#dom-credentialuserdata-iconurl bool IsIconURLNullOrSecure(const KURL& url) { … } // Checks if the size of the supplied ArrayBuffer or ArrayBufferView is at most // the maximum size allowed. bool IsArrayBufferOrViewBelowSizeLimit( const V8UnionArrayBufferOrArrayBufferView* buffer_or_view) { … } bool IsCredentialDescriptorListBelowSizeLimit( const HeapVector<Member<PublicKeyCredentialDescriptor>>& list) { … } DOMException* CredentialManagerErrorToDOMException( CredentialManagerError reason) { … } // Abort an ongoing IdentityCredential request. This will only be called before // the request finishes due to `scoped_abort_state`. void AbortIdentityCredentialRequest(ScriptState* script_state) { … } void OnRequestToken(std::unique_ptr<ScopedPromiseResolver> scoped_resolver, std::unique_ptr<ScopedAbortState> scoped_abort_state, const CredentialRequestOptions* options, RequestTokenStatus status, const std::optional<KURL>& selected_idp_config_url, const WTF::String& token, mojom::blink::TokenErrorPtr error, bool is_auto_selected) { … } void OnStoreComplete(std::unique_ptr<ScopedPromiseResolver> scoped_resolver) { … } void OnPreventSilentAccessComplete( std::unique_ptr<ScopedPromiseResolver> scoped_resolver) { … } void OnGetComplete(std::unique_ptr<ScopedPromiseResolver> scoped_resolver, RequiredOriginType required_origin_type, CredentialManagerError error, CredentialInfoPtr credential_info) { … } DOMArrayBuffer* VectorToDOMArrayBuffer(const Vector<uint8_t> buffer) { … } AuthenticationExtensionsPRFValues* GetPRFExtensionResults( const mojom::blink::PRFValuesPtr& prf_results) { … } void OnMakePublicKeyCredentialComplete( std::unique_ptr<ScopedPromiseResolver> scoped_resolver, std::unique_ptr<ScopedAbortState> scoped_abort_state, RequiredOriginType required_origin_type, bool is_rk_required, AuthenticatorStatus status, MakeCredentialAuthenticatorResponsePtr credential, WebAuthnDOMExceptionDetailsPtr dom_exception_details) { … } bool IsForPayment(const CredentialCreationOptions* options, ExecutionContext* context) { … } void OnSaveCredentialIdForPaymentExtension( std::unique_ptr<ScopedPromiseResolver> scoped_resolver, std::unique_ptr<ScopedAbortState> scoped_abort_state, MakeCredentialAuthenticatorResponsePtr credential, PaymentCredentialStorageStatus storage_status) { … } void OnMakePublicKeyCredentialWithPaymentExtensionComplete( std::unique_ptr<ScopedPromiseResolver> scoped_resolver, std::unique_ptr<ScopedAbortState> scoped_abort_state, const String& rp_id_for_payment_extension, const WTF::Vector<uint8_t>& user_id_for_payment_extension, AuthenticatorStatus status, MakeCredentialAuthenticatorResponsePtr credential, WebAuthnDOMExceptionDetailsPtr dom_exception_details) { … } void OnGetAssertionComplete( std::unique_ptr<ScopedPromiseResolver> scoped_resolver, std::unique_ptr<ScopedAbortState> scoped_abort_state, bool is_conditional_ui_request, AuthenticatorStatus status, GetAssertionAuthenticatorResponsePtr credential, WebAuthnDOMExceptionDetailsPtr dom_exception_details) { … } void OnSmsReceive(ScriptPromiseResolver<IDLNullable<Credential>>* resolver, std::unique_ptr<ScopedAbortState> scoped_abort_state, base::TimeTicks start_time, mojom::blink::SmsStatus status, const String& otp) { … } // Validates the "payment" extension for public key credential creation. The // function rejects the promise before returning in this case. bool IsPaymentExtensionValid(const CredentialCreationOptions* options, ScriptPromiseResolverBase* resolver) { … } const char* validatePRFInputs( const blink::AuthenticationExtensionsPRFValues& values) { … } const char* validateCreatePublicKeyCredentialPRFExtension( const AuthenticationExtensionsPRFInputs& prf) { … } const char* validateGetPublicKeyCredentialPRFExtension( const AuthenticationExtensionsPRFInputs& prf, const HeapVector<Member<PublicKeyCredentialDescriptor>>& allow_credentials) { … } } // namespace const char AuthenticationCredentialsContainer::kSupplementName[] = …; DOMException* AuthenticatorStatusToDOMException( AuthenticatorStatus status, const WebAuthnDOMExceptionDetailsPtr& dom_exception_details) { … } class AuthenticationCredentialsContainer::OtpRequestAbortAlgorithm final : public AbortSignal::Algorithm { … }; class AuthenticationCredentialsContainer::PublicKeyRequestAbortAlgorithm final : public AbortSignal::Algorithm { … }; CredentialsContainer* AuthenticationCredentialsContainer::credentials( Navigator& navigator) { … } AuthenticationCredentialsContainer::AuthenticationCredentialsContainer( Navigator& navigator) : … { … } ScriptPromise<IDLNullable<Credential>> AuthenticationCredentialsContainer::get( ScriptState* script_state, const CredentialRequestOptions* options, ExceptionState& exception_state) { … } ScriptPromise<Credential> AuthenticationCredentialsContainer::store( ScriptState* script_state, Credential* credential, ExceptionState& exception_state) { … } ScriptPromise<IDLNullable<Credential>> AuthenticationCredentialsContainer::create( ScriptState* script_state, const CredentialCreationOptions* options, ExceptionState& exception_state) { … } ScriptPromise<IDLUndefined> AuthenticationCredentialsContainer::preventSilentAccess( ScriptState* script_state) { … } void AuthenticationCredentialsContainer::Trace(Visitor* visitor) const { … } void AuthenticationCredentialsContainer::GetForIdentity( ScriptState* script_state, ScriptPromiseResolver<IDLNullable<Credential>>* resolver, const CredentialRequestOptions& options, const IdentityCredentialRequestOptions& identity_options) { … } } // namespace blink
Codebase Browser
chromium