tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

WebAuthnResult.cpp (8037B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 #include "WebAuthnResult.h"
      6 
      7 #include "AuthrsBridge_ffi.h"
      8 #include "nsCOMPtr.h"
      9 #include "nsIWebAuthnAttObj.h"
     10 #include "nsString.h"
     11 
     12 #ifdef MOZ_WIDGET_ANDROID
     13 
     14 #  include "mozilla/jni/Conversions.h"
     15 
     16 namespace mozilla::jni {
     17 
     18 template <>
     19 RefPtr<dom::WebAuthnRegisterResult> Java2Native(
     20    mozilla::jni::Object::Param aData, JNIEnv* aEnv) {
     21  MOZ_ASSERT(aData.IsInstanceOf<java::WebAuthnUtils::MakeCredentialResponse>());
     22  java::WebAuthnUtils::MakeCredentialResponse::LocalRef response(aData);
     23  RefPtr<dom::WebAuthnRegisterResult> result =
     24      new dom::WebAuthnRegisterResult(response);
     25  return result;
     26 }
     27 
     28 template <>
     29 RefPtr<dom::WebAuthnSignResult> Java2Native(mozilla::jni::Object::Param aData,
     30                                            JNIEnv* aEnv) {
     31  MOZ_ASSERT(aData.IsInstanceOf<java::WebAuthnUtils::GetAssertionResponse>());
     32  java::WebAuthnUtils::GetAssertionResponse::LocalRef response(aData);
     33  RefPtr<dom::WebAuthnSignResult> result =
     34      new dom::WebAuthnSignResult(response);
     35  return result;
     36 }
     37 
     38 }  // namespace mozilla::jni
     39 #endif
     40 
     41 namespace mozilla::dom {
     42 
     43 NS_IMPL_ISUPPORTS(WebAuthnRegisterResult, nsIWebAuthnRegisterResult)
     44 
     45 NS_IMETHODIMP
     46 WebAuthnRegisterResult::GetClientDataJSON(nsACString& aClientDataJSON) {
     47  if (mClientDataJSON.isSome()) {
     48    aClientDataJSON = *mClientDataJSON;
     49    return NS_OK;
     50  }
     51  return NS_ERROR_NOT_AVAILABLE;
     52 }
     53 
     54 NS_IMETHODIMP
     55 WebAuthnRegisterResult::GetAttestationObject(
     56    nsTArray<uint8_t>& aAttestationObject) {
     57  aAttestationObject.Assign(mAttestationObject);
     58  return NS_OK;
     59 }
     60 
     61 NS_IMETHODIMP
     62 WebAuthnRegisterResult::GetAttestationConsentPromptShown(
     63    bool* aAttestationConsentPromptShown) {
     64  *aAttestationConsentPromptShown = mAttestationConsentPromptShown;
     65  return NS_OK;
     66 }
     67 
     68 NS_IMETHODIMP
     69 WebAuthnRegisterResult::GetCredentialId(nsTArray<uint8_t>& aCredentialId) {
     70  aCredentialId.Assign(mCredentialId);
     71  return NS_OK;
     72 }
     73 
     74 NS_IMETHODIMP
     75 WebAuthnRegisterResult::GetTransports(nsTArray<nsString>& aTransports) {
     76  aTransports.Assign(mTransports);
     77  return NS_OK;
     78 }
     79 
     80 NS_IMETHODIMP
     81 WebAuthnRegisterResult::GetHmacCreateSecret(bool* aHmacCreateSecret) {
     82  if (mHmacCreateSecret.isSome()) {
     83    *aHmacCreateSecret = mHmacCreateSecret.ref();
     84    return NS_OK;
     85  }
     86  return NS_ERROR_NOT_AVAILABLE;
     87 }
     88 
     89 NS_IMETHODIMP
     90 WebAuthnRegisterResult::GetCredPropsRk(bool* aCredPropsRk) {
     91  if (mCredPropsRk.isSome()) {
     92    *aCredPropsRk = mCredPropsRk.ref();
     93    return NS_OK;
     94  }
     95  return NS_ERROR_NOT_AVAILABLE;
     96 }
     97 
     98 NS_IMETHODIMP
     99 WebAuthnRegisterResult::SetCredPropsRk(bool aCredPropsRk) {
    100  mCredPropsRk = Some(aCredPropsRk);
    101  return NS_OK;
    102 }
    103 
    104 NS_IMETHODIMP
    105 WebAuthnRegisterResult::GetLargeBlobSupported(bool* aLargeBlobSupported) {
    106  if (mLargeBlobSupported.isSome()) {
    107    *aLargeBlobSupported = mLargeBlobSupported.ref();
    108    return NS_OK;
    109  }
    110  return NS_ERROR_NOT_AVAILABLE;
    111 }
    112 
    113 NS_IMETHODIMP
    114 WebAuthnRegisterResult::GetPrfEnabled(bool* aPrfEnabled) {
    115  if (mPrfSupported.isSome()) {
    116    *aPrfEnabled = mPrfSupported.ref();
    117    return NS_OK;
    118  }
    119  return NS_ERROR_NOT_AVAILABLE;
    120 }
    121 
    122 NS_IMETHODIMP
    123 WebAuthnRegisterResult::GetPrfResultsFirst(
    124    nsTArray<uint8_t>& aPrfResultsFirst) {
    125  if (mPrfFirst.isSome()) {
    126    aPrfResultsFirst.Assign(mPrfFirst.ref());
    127    return NS_OK;
    128  }
    129  return NS_ERROR_NOT_AVAILABLE;
    130 }
    131 
    132 NS_IMETHODIMP
    133 WebAuthnRegisterResult::GetPrfResultsSecond(
    134    nsTArray<uint8_t>& aPrfResultsSecond) {
    135  if (mPrfSecond.isSome()) {
    136    aPrfResultsSecond.Assign(mPrfSecond.ref());
    137    return NS_OK;
    138  }
    139  return NS_ERROR_NOT_AVAILABLE;
    140 }
    141 
    142 NS_IMETHODIMP
    143 WebAuthnRegisterResult::GetAuthenticatorAttachment(
    144    nsAString& aAuthenticatorAttachment) {
    145  if (mAuthenticatorAttachment.isSome()) {
    146    aAuthenticatorAttachment = mAuthenticatorAttachment.ref();
    147    return NS_OK;
    148  }
    149  return NS_ERROR_NOT_AVAILABLE;
    150 }
    151 
    152 NS_IMETHODIMP
    153 WebAuthnRegisterResult::HasIdentifyingAttestation(
    154    bool* aHasIdentifyingAttestation) {
    155  // Assume the attestation statement is identifying in case the constructor or
    156  // the getter below fail.
    157  bool isIdentifying = true;
    158 
    159  nsCOMPtr<nsIWebAuthnAttObj> attObj;
    160  nsresult rv = authrs_webauthn_att_obj_constructor(mAttestationObject,
    161                                                    /* anonymize */ false,
    162                                                    getter_AddRefs(attObj));
    163  if (NS_SUCCEEDED(rv)) {
    164    (void)attObj->IsIdentifying(&isIdentifying);
    165  }
    166 
    167  *aHasIdentifyingAttestation = isIdentifying;
    168  return NS_OK;
    169 }
    170 
    171 NS_IMETHODIMP
    172 WebAuthnRegisterResult::Anonymize() {
    173  // The anonymize flag in the nsIWebAuthnAttObj constructor causes the
    174  // attestation statement to be removed during deserialization. It also
    175  // causes the AAGUID to be zeroed out. If we can't deserialize the
    176  // existing attestation, then we can't ensure that it is anonymized, so we
    177  // act as though the user denied consent and we return NotAllowed.
    178  nsCOMPtr<nsIWebAuthnAttObj> anonymizedAttObj;
    179  nsresult rv = authrs_webauthn_att_obj_constructor(
    180      mAttestationObject,
    181      /* anonymize */ true, getter_AddRefs(anonymizedAttObj));
    182  if (NS_FAILED(rv)) {
    183    return rv;
    184  }
    185  mAttestationObject.Clear();
    186  rv = anonymizedAttObj->GetAttestationObject(mAttestationObject);
    187  if (NS_FAILED(rv)) {
    188    return rv;
    189  }
    190  return NS_OK;
    191 }
    192 
    193 NS_IMPL_ISUPPORTS(WebAuthnSignResult, nsIWebAuthnSignResult)
    194 
    195 NS_IMETHODIMP
    196 WebAuthnSignResult::GetClientDataJSON(nsACString& aClientDataJSON) {
    197  if (mClientDataJSON.isSome()) {
    198    aClientDataJSON = *mClientDataJSON;
    199    return NS_OK;
    200  }
    201  return NS_ERROR_NOT_AVAILABLE;
    202 }
    203 
    204 NS_IMETHODIMP
    205 WebAuthnSignResult::GetAuthenticatorData(
    206    nsTArray<uint8_t>& aAuthenticatorData) {
    207  aAuthenticatorData.Assign(mAuthenticatorData);
    208  return NS_OK;
    209 }
    210 
    211 NS_IMETHODIMP
    212 WebAuthnSignResult::GetCredentialId(nsTArray<uint8_t>& aCredentialId) {
    213  aCredentialId.Assign(mCredentialId);
    214  return NS_OK;
    215 }
    216 
    217 NS_IMETHODIMP
    218 WebAuthnSignResult::GetSignature(nsTArray<uint8_t>& aSignature) {
    219  aSignature.Assign(mSignature);
    220  return NS_OK;
    221 }
    222 
    223 NS_IMETHODIMP
    224 WebAuthnSignResult::GetUserHandle(nsTArray<uint8_t>& aUserHandle) {
    225  aUserHandle.Assign(mUserHandle);
    226  return NS_OK;
    227 }
    228 
    229 NS_IMETHODIMP
    230 WebAuthnSignResult::GetUserName(nsACString& aUserName) {
    231  return NS_ERROR_NOT_AVAILABLE;
    232 }
    233 
    234 NS_IMETHODIMP
    235 WebAuthnSignResult::GetUsedAppId(bool* aUsedAppId) {
    236  if (mUsedAppId.isNothing()) {
    237    return NS_ERROR_NOT_AVAILABLE;
    238  }
    239  *aUsedAppId = mUsedAppId.ref();
    240  return NS_OK;
    241 }
    242 
    243 NS_IMETHODIMP
    244 WebAuthnSignResult::SetUsedAppId(bool aUsedAppId) {
    245  mUsedAppId = Some(aUsedAppId);
    246  return NS_OK;
    247 }
    248 
    249 NS_IMETHODIMP
    250 WebAuthnSignResult::GetLargeBlobValue(nsTArray<uint8_t>& aLargeBlobValue) {
    251  if (mLargeBlobValue.isSome()) {
    252    aLargeBlobValue.Assign(*mLargeBlobValue);
    253    return NS_OK;
    254  }
    255  return NS_ERROR_NOT_AVAILABLE;
    256 }
    257 
    258 NS_IMETHODIMP
    259 WebAuthnSignResult::GetLargeBlobWritten(bool* aLargeBlobWritten) {
    260  if (mLargeBlobWritten.isSome()) {
    261    *aLargeBlobWritten = mLargeBlobWritten.ref();
    262    return NS_OK;
    263  }
    264  return NS_ERROR_NOT_AVAILABLE;
    265 }
    266 
    267 NS_IMETHODIMP
    268 WebAuthnSignResult::GetPrfMaybe(bool* aPrfMaybe) {
    269  *aPrfMaybe = mPrfFirst.isSome();
    270  return NS_OK;
    271 }
    272 
    273 NS_IMETHODIMP
    274 WebAuthnSignResult::GetPrfResultsFirst(nsTArray<uint8_t>& aPrfResultsFirst) {
    275  if (mPrfFirst.isNothing()) {
    276    return NS_ERROR_NOT_AVAILABLE;
    277  }
    278  aPrfResultsFirst.Assign(*mPrfFirst);
    279  return NS_OK;
    280 }
    281 
    282 NS_IMETHODIMP
    283 WebAuthnSignResult::GetPrfResultsSecond(nsTArray<uint8_t>& aPrfResultsSecond) {
    284  if (mPrfSecond.isNothing()) {
    285    return NS_ERROR_NOT_AVAILABLE;
    286  }
    287  aPrfResultsSecond.Assign(*mPrfSecond);
    288  return NS_OK;
    289 }
    290 
    291 NS_IMETHODIMP
    292 WebAuthnSignResult::GetAuthenticatorAttachment(
    293    nsAString& aAuthenticatorAttachment) {
    294  if (mAuthenticatorAttachment.isSome()) {
    295    aAuthenticatorAttachment = mAuthenticatorAttachment.ref();
    296    return NS_OK;
    297  }
    298  return NS_ERROR_NOT_AVAILABLE;
    299 }
    300 
    301 }  // namespace mozilla::dom