Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-13 13:25:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1406456 - WebAuthn WebIDL Updates for WD-07 (part 2) r=qdot,ttaubert

Browse Source 
This covers these renames:

* In CollectedClientData, hashAlg => hashAlgorithm
* In CollectedClientData, tokenBinding => tokenBindingId
* In MakePublicKeyCredentialOptions, parameters => pubKeyCredParams
* In MakePublicKeyCredentialOptions, excludeList => excludeCredentials
* In PublicKeyCredentialRequestOptions, allowList => allowCredentials
* Transport (WebAuthnTransport in Gecko) => AuthenticatorTransport

MozReview-Commit-ID: 3FdRnkosy83

--HG--
extra : rebase_source : 22f124c781b03837ad0cd4be4edf34527e3b9d38
This commit is contained in:
J.C. Jones 2017-10-09 16:28:13 -07:00
parent 24696391df
commit 8622a9216c
8 changed files with 64 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
dom/webauthn/WebAuthnManager.cpp
View File

@ -90,7 +90,7 @@ AssembleClientData(const nsAString& aOrigin, const CryptoBuffer& aChallenge,
CollectedClientData clientDataObject;
clientDataObject.mChallenge.Assign(challengeBase64);
clientDataObject.mOrigin.Assign(aOrigin);
clientDataObject.mHashAlg.AssignLiteral(u"SHA-256");
clientDataObject.mHashAlgorithm.AssignLiteral(u"SHA-256");
nsAutoString temp;
if (NS_WARN_IF(!clientDataObject.ToJSON(temp))) {
@ -365,14 +365,14 @@ WebAuthnManager::MakeCredential(nsPIDOMWindowInner* aParent,
// Process each element of cryptoParameters using the following steps, to
// produce a new sequence normalizedParameters.
nsTArray<PublicKeyCredentialParameters> normalizedParams;
for (size_t a = 0; a < aOptions.mParameters.Length(); ++a) {
for (size_t a = 0; a < aOptions.mPubKeyCredParams.Length(); ++a) {
// Let current be the currently selected element of
// cryptoParameters.
// If current.type does not contain a PublicKeyCredentialType
// supported by this implementation, then stop processing current and move
// on to the next element in cryptoParameters.
if (aOptions.mParameters[a].mType != PublicKeyCredentialType::Public_key) {
if (aOptions.mPubKeyCredParams[a].mType != PublicKeyCredentialType::Public_key) {
continue;
}
@ -383,7 +383,7 @@ WebAuthnManager::MakeCredential(nsPIDOMWindowInner* aParent,
// element in cryptoParameters.
nsString algName;
if (NS_FAILED(GetAlgorithmName(aOptions.mParameters[a].mAlg,
if (NS_FAILED(GetAlgorithmName(aOptions.mPubKeyCredParams[a].mAlg,
algName))) {
continue;
}
@ -392,7 +392,7 @@ WebAuthnManager::MakeCredential(nsPIDOMWindowInner* aParent,
// normalizedParameters, with type set to current.type and algorithm set to
// normalizedAlgorithm.
PublicKeyCredentialParameters normalizedObj;
normalizedObj.mType = aOptions.mParameters[a].mType;
normalizedObj.mType = aOptions.mPubKeyCredParams[a].mType;
normalizedObj.mAlg.SetAsString().Assign(algName);
if (!normalizedParams.AppendElement(normalizedObj, mozilla::fallible)){
@ -404,7 +404,7 @@ WebAuthnManager::MakeCredential(nsPIDOMWindowInner* aParent,
// If normalizedAlgorithm is empty and cryptoParameters was not empty, cancel
// the timer started in step 2, reject promise with a DOMException whose name
// is "NotSupportedError", and terminate this algorithm.
if (normalizedParams.IsEmpty() && !aOptions.mParameters.IsEmpty()) {
if (normalizedParams.IsEmpty() && !aOptions.mPubKeyCredParams.IsEmpty()) {
promise->MaybeReject(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
return promise.forget();
}
@ -476,7 +476,7 @@ WebAuthnManager::MakeCredential(nsPIDOMWindowInner* aParent,
}
nsTArray<WebAuthnScopedCredentialDescriptor> excludeList;
for (const auto& s: aOptions.mExcludeList) {
for (const auto& s: aOptions.mExcludeCredentials) {
WebAuthnScopedCredentialDescriptor c;
CryptoBuffer cb;
cb.Assign(s.mId);
@ -636,13 +636,13 @@ WebAuthnManager::GetAssertion(nsPIDOMWindowInner* aParent,
// Note: we only support U2F-style authentication for now, so we effectively
// require an AllowList.
if (aOptions.mAllowList.Length() < 1) {
if (aOptions.mAllowCredentials.Length() < 1) {
promise->MaybeReject(NS_ERROR_DOM_NOT_ALLOWED_ERR);
return promise.forget();
}
nsTArray<WebAuthnScopedCredentialDescriptor> allowList;
for (const auto& s: aOptions.mAllowList) {
for (const auto& s: aOptions.mAllowCredentials) {
WebAuthnScopedCredentialDescriptor c;
CryptoBuffer cb;
cb.Assign(s.mId);

4
dom/webauthn/tests/browser/tab_webauthn_success.html
View File

@ -38,7 +38,7 @@ let makeCredentialOptions = {
user: {id: new Uint8Array(), name: "none", icon: "none", displayName: "none"},
challenge: gCredentialChallenge,
timeout: 5000, // the minimum timeout is actually 15 seconds
parameters: [{type: "public-key", alg: "ES256"}],
pubKeyCredParams: [{type: "public-key", alg: "ES256"}],
};
navigator.credentials.create({publicKey: makeCredentialOptions})
@ -61,7 +61,7 @@ navigator.credentials.create({publicKey: makeCredentialOptions})
challenge: gAssertionChallenge,
timeout: 5000, // the minimum timeout is actually 15 seconds
rpId: document.domain,
allowList: [newCredential]
allowCredentials: [newCredential]
};
// Make sure the RP ID hash matches what we calculate.

6
dom/webauthn/tests/test_webauthn_get_assertion.html
View File

@ -81,7 +81,7 @@
// Test with an invalid credential
let publicKeyCredentialRequestOptions = {
challenge: gAssertionChallenge,
allowList: [invalidCred]
allowCredentials: [invalidCred]
};
return credm.get({publicKey: publicKeyCredentialRequestOptions})
.then(arrivingHereIsBad)
@ -91,7 +91,7 @@
// Test with an unknown credential
let publicKeyCredentialRequestOptions = {
challenge: gAssertionChallenge,
allowList: [unknownCred]
allowCredentials: [unknownCred]
};
return credm.get({publicKey: publicKeyCredentialRequestOptions})
.then(arrivingHereIsBad)
@ -102,7 +102,7 @@
let publicKeyCredentialRequestOptions = {
challenge: gAssertionChallenge,
unknownValue: "hi",
allowList: [invalidCred]
allowCredentials: [invalidCred]
};
return credm.get({publicKey: publicKeyCredentialRequestOptions})
.then(arrivingHereIsBad)

12
dom/webauthn/tests/test_webauthn_loopback.html
View File

@ -64,7 +64,7 @@ function() {
let clientData = JSON.parse(buffer2string(aCredInfo.response.clientDataJSON));
is(clientData.challenge, bytesToBase64UrlSafe(gCredentialChallenge), "Challenge is correct");
is(clientData.origin, window.location.origin, "Origin is correct");
is(clientData.hashAlg, "SHA-256", "Hash algorithm is correct");
is(clientData.hashAlgorithm, "SHA-256", "Hash algorithm is correct");
return webAuthnDecodeCBORAttestation(aCredInfo.response.attestationObject)
.then(function(aAttestationObj) {
@ -114,7 +114,7 @@ function() {
let clientData = JSON.parse(buffer2string(aAssertion.response.clientDataJSON));
is(clientData.challenge, bytesToBase64UrlSafe(gAssertionChallenge), "Challenge is correct");
is(clientData.origin, window.location.origin, "Origin is correct");
is(clientData.hashAlg, "SHA-256", "Hash algorithm is correct");
is(clientData.hashAlgorithm, "SHA-256", "Hash algorithm is correct");
return webAuthnDecodeAuthDataArray(aAssertion.response.authenticatorData)
.then(function(aAttestation) {
@ -143,7 +143,7 @@ function() {
rp: rp,
user: user,
challenge: gCredentialChallenge,
parameters: [param]
pubKeyCredParams: [param]
};
credm.create({publicKey: makeCredentialOptions})
.then(decodeCreatedCredential)
@ -162,8 +162,8 @@ function() {
rp: rp,
user: user,
challenge: gCredentialChallenge,
parameters: [param],
excludeList: [{type: "public-key", id: new Uint8Array(aCredInfo.rawId),
pubKeyCredParams: [param],
excludeCredentials: [{type: "public-key", id: new Uint8Array(aCredInfo.rawId),
transports: ["usb"]}]
};
credm.create({publicKey: makeCredentialOptions})
@ -189,7 +189,7 @@ function() {
challenge: gAssertionChallenge,
timeout: 5000, // the minimum timeout is actually 15 seconds
rpId: document.domain,
allowList: [newCredential]
allowCredentials: [newCredential]
};
credm.get({publicKey: publicKeyCredentialRequestOptions})
.then(function(aAssertion) {

34
dom/webauthn/tests/test_webauthn_make_credential.html
View File

@ -70,7 +70,7 @@
// Test basic good call
function() {
let makeCredentialOptions = {
rp: rp, user: user, challenge: gCredentialChallenge, parameters: [param]
rp: rp, user: user, challenge: gCredentialChallenge, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsGood)
@ -80,7 +80,7 @@
// Test empty account
function() {
let makeCredentialOptions = {
challenge: gCredentialChallenge, parameters: [param]
challenge: gCredentialChallenge, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
@ -90,7 +90,7 @@
// Test without a parameter
function() {
let makeCredentialOptions = {
rp: rp, user: user, challenge: gCredentialChallenge, parameters: []
rp: rp, user: user, challenge: gCredentialChallenge, pubKeyCredParams: []
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
@ -110,7 +110,7 @@
// Test with an unsupported parameter
function() {
let makeCredentialOptions = {
rp: rp, user: user, challenge: gCredentialChallenge, parameters: [unsupportedParam]
rp: rp, user: user, challenge: gCredentialChallenge, pubKeyCredParams: [unsupportedParam]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
@ -121,7 +121,7 @@
function() {
let makeCredentialOptions = {
rp: rp, user: user, challenge: gCredentialChallenge,
parameters: [param, unsupportedParam]
pubKeyCredParams: [param, unsupportedParam]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsGood)
@ -131,7 +131,7 @@
// Test with a bad parameter
function() {
let makeCredentialOptions = {
rp: rp, user: user, challenge: gCredentialChallenge, parameters: [badParam]
rp: rp, user: user, challenge: gCredentialChallenge, pubKeyCredParams: [badParam]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
@ -142,7 +142,7 @@
function() {
let makeCredentialOptions = {
rp: rp, user: user, challenge: gCredentialChallenge,
parameters: [unsupportedParam, badParam]
pubKeyCredParams: [unsupportedParam, badParam]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
@ -154,7 +154,7 @@
function() {
let makeCredentialOptions = {
rp: rp, user: user, challenge: gCredentialChallenge,
parameters: [param, unsupportedParam, badParam]
pubKeyCredParams: [param, unsupportedParam, badParam]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
@ -164,7 +164,7 @@
// Test without a challenge
function() {
let makeCredentialOptions = {
rp: rp, user: user, parameters: [param]
rp: rp, user: user, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
@ -175,18 +175,18 @@
function() {
let makeCredentialOptions = {
rp: rp, user: user, challenge: "begone, thou ill-fitting moist glove!",
parameters: [unsupportedParam]
pubKeyCredParams: [unsupportedParam]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
.catch(expectTypeError);
},
// Test with duplicate parameters
// Test with duplicate pubKeyCredParams
function() {
let makeCredentialOptions = {
rp: rp, user: user, challenge: gCredentialChallenge,
parameters: [param, param, param]
pubKeyCredParams: [param, param, param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsGood)
@ -196,7 +196,7 @@
// Test with missing rp
function() {
let makeCredentialOptions = {
user: user, challenge: gCredentialChallenge, parameters: [param]
user: user, challenge: gCredentialChallenge, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
@ -208,7 +208,7 @@
let invalidType = user;
invalidType.id = "a string, which is not a buffer";
let makeCredentialOptions = {
user: invalidType, challenge: gCredentialChallenge, parameters: [param]
user: invalidType, challenge: gCredentialChallenge, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
@ -218,7 +218,7 @@
// Test with missing user
function() {
let makeCredentialOptions = {
rp: rp, challenge: gCredentialChallenge, parameters: [param]
rp: rp, challenge: gCredentialChallenge, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
@ -235,7 +235,7 @@
displayName: "Foxxy V"};
let makeCredentialOptions = {
rp: completeRP, user: completeUser, challenge: gCredentialChallenge,
parameters: [param]
pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsGood)
@ -250,7 +250,7 @@
displayName: "Foxxy V"};
let makeCredentialOptions = {
rp: rp, user: hugeUser, challenge: gCredentialChallenge,
parameters: [param]
pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)

4
dom/webauthn/tests/test_webauthn_no_token.html
View File

@ -47,7 +47,7 @@ function() {
let user = {name: "none", icon: "none", displayName: "none"};
let param = {type: "public-key", alg: "es256"};
let makeCredentialOptions = {
rp: rp, user: user, challenge: credentialChallenge, parameters: [param]
rp: rp, user: user, challenge: credentialChallenge, pubKeyCredParams: [param]
};
credm.create({publicKey: makeCredentialOptions})
.then(function(aResult) {
@ -70,7 +70,7 @@ function() {
challenge: assertionChallenge,
timeout: 5000, // the minimum timeout is actually 15 seconds
rpId: document.domain,
allowList: [newCredential]
allowCredentials: [newCredential]
};
credm.get({publicKey: publicKeyCredentialRequestOptions})
.then(function(aResult) {

36
dom/webauthn/tests/test_webauthn_sameorigin.html
View File

@ -68,7 +68,7 @@
// Test basic good call
let rp = {id: document.domain};
let makeCredentialOptions = {
rp: rp, user: user, challenge: chall, parameters: [param]
rp: rp, user: user, challenge: chall, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(keepThisPublicKeyCredential("basic"))
@ -78,7 +78,7 @@
function() {
// Test rp.id being unset
let makeCredentialOptions = {
rp: {}, user: user, challenge: chall, parameters: [param]
rp: {}, user: user, challenge: chall, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsGood)
@ -88,7 +88,7 @@
// Test this origin with optional fields
let rp = {id: "user:pass@" + document.domain + ":8888"};
let makeCredentialOptions = {
rp: rp, user: user, challenge: chall, parameters: [param]
rp: rp, user: user, challenge: chall, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
@ -98,7 +98,7 @@
// Test blank rp.id
let rp = {id: ""};
let makeCredentialOptions = {
rp: rp, user: user, challenge: chall, parameters: [param]
rp: rp, user: user, challenge: chall, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
@ -108,7 +108,7 @@
// Test subdomain of this origin
let rp = {id: "subdomain." + document.domain};
let makeCredentialOptions = {
rp: rp, user: user, challenge: chall, parameters: [param]
rp: rp, user: user, challenge: chall, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
@ -118,7 +118,7 @@
// Test the same origin
let rp = {id: "example.com"};
let makeCredentialOptions = {
rp: rp, user: user, challenge: chall, parameters: [param]
rp: rp, user: user, challenge: chall, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsGood)
@ -128,7 +128,7 @@
// Test the eTLD
let rp = {id: "com"};
let makeCredentialOptions = {
rp: rp, user: user, challenge: chall, parameters: [param]
rp: rp, user: user, challenge: chall, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
@ -138,7 +138,7 @@
// Test a different domain within the same TLD
let rp = {id: "alt.test"};
let makeCredentialOptions = {
rp: rp, user: user, challenge: chall, parameters: [param]
rp: rp, user: user, challenge: chall, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
@ -149,7 +149,7 @@
let publicKeyCredentialRequestOptions = {
challenge: chall,
rpId: document.domain,
allowList: [gTrackedCredential["basic"]]
allowCredentials: [gTrackedCredential["basic"]]
};
return credm.get({publicKey: publicKeyCredentialRequestOptions})
.then(arrivingHereIsGood)
@ -159,7 +159,7 @@
// Test rpId being unset
let publicKeyCredentialRequestOptions = {
challenge: chall,
allowList: [gTrackedCredential["basic"]]
allowCredentials: [gTrackedCredential["basic"]]
};
return credm.get({publicKey: publicKeyCredentialRequestOptions})
.then(arrivingHereIsGood)
@ -170,7 +170,7 @@
let publicKeyCredentialRequestOptions = {
challenge: chall,
rpId: "user:pass@" + document.origin + ":8888",
allowList: [gTrackedCredential["basic"]]
allowCredentials: [gTrackedCredential["basic"]]
};
return credm.get({publicKey: publicKeyCredentialRequestOptions})
.then(arrivingHereIsBad)
@ -181,7 +181,7 @@
let publicKeyCredentialRequestOptions = {
challenge: chall,
rpId: "",
allowList: [gTrackedCredential["basic"]]
allowCredentials: [gTrackedCredential["basic"]]
};
return credm.get({publicKey: publicKeyCredentialRequestOptions})
.then(arrivingHereIsBad)
@ -192,7 +192,7 @@
let publicKeyCredentialRequestOptions = {
challenge: chall,
rpId: "subdomain." + document.domain,
allowList: [gTrackedCredential["basic"]]
allowCredentials: [gTrackedCredential["basic"]]
};
return credm.get({publicKey: publicKeyCredentialRequestOptions})
.then(arrivingHereIsBad)
@ -203,7 +203,7 @@
let publicKeyCredentialRequestOptions = {
challenge: chall,
rpId: "example.com",
allowList: [gTrackedCredential["basic"]]
allowCredentials: [gTrackedCredential["basic"]]
};
return credm.get({publicKey: publicKeyCredentialRequestOptions})
.then(arrivingHereIsGood)
@ -214,7 +214,7 @@
let publicKeyCredentialRequestOptions = {
challenge: chall,
rpId: "com",
allowList: [gTrackedCredential["basic"]]
allowCredentials: [gTrackedCredential["basic"]]
};
return credm.get({publicKey: publicKeyCredentialRequestOptions})
.then(arrivingHereIsBad)
@ -225,7 +225,7 @@
let publicKeyCredentialRequestOptions = {
challenge: chall,
rpId: "alt.test",
allowList: [gTrackedCredential["basic"]]
allowCredentials: [gTrackedCredential["basic"]]
};
return credm.get({publicKey: publicKeyCredentialRequestOptions})
.then(arrivingHereIsBad)
@ -235,7 +235,7 @@
// Test basic good Create call but using an origin (Bug 1380421)
let rp = {id: window.origin};
let makeCredentialOptions = {
rp: rp, user: user, challenge: chall, parameters: [param]
rp: rp, user: user, challenge: chall, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
@ -246,7 +246,7 @@
let publicKeyCredentialRequestOptions = {
challenge: chall,
rpId: window.origin,
allowList: [gTrackedCredential["basic"]]
allowCredentials: [gTrackedCredential["basic"]]
};
return credm.get({publicKey: publicKeyCredentialRequestOptions})
.then(arrivingHereIsBad)

15
dom/webidl/WebAuthentication.webidl
View File

@ -47,10 +47,10 @@ dictionary MakePublicKeyCredentialOptions {
required PublicKeyCredentialUserEntity user;
required BufferSource challenge;
required sequence<PublicKeyCredentialParameters> parameters;
required sequence<PublicKeyCredentialParameters> pubKeyCredParams;
unsigned long timeout;
sequence<PublicKeyCredentialDescriptor> excludeList = [];
sequence<PublicKeyCredentialDescriptor> excludeCredentials = [];
AuthenticatorSelectionCriteria authenticatorSelection;
// Extensions are not supported yet.
// AuthenticationExtensions extensions; // Add in Bug 1406458
@ -80,7 +80,7 @@ dictionary PublicKeyCredentialRequestOptions {
required BufferSource challenge;
unsigned long timeout;
USVString rpId;
sequence<PublicKeyCredentialDescriptor> allowList = [];
sequence<PublicKeyCredentialDescriptor> allowCredentials = [];
// Extensions are not supported yet.
// AuthenticationExtensions extensions; // Add in Bug 1406458
};
@ -90,8 +90,8 @@ typedef record<DOMString, any> AuthenticationExtensions;
dictionary CollectedClientData {
required DOMString challenge;
required DOMString origin;
required DOMString hashAlg;
DOMString tokenBinding;
required DOMString hashAlgorithm;
DOMString tokenBindingId;
// Extensions are not supported yet.
// AuthenticationExtensions clientExtensions; // Add in Bug 1406458
// AuthenticationExtensions authenticatorExtensions; // Add in Bug 1406458
@ -104,7 +104,7 @@ enum PublicKeyCredentialType {
dictionary PublicKeyCredentialDescriptor {
required PublicKeyCredentialType type;
required BufferSource id;
sequence<WebAuthnTransport> transports;
sequence<AuthenticatorTransport> transports;
};
typedef (boolean or DOMString) WebAuthnAlgorithmID; // Switch to COSE in Bug 1381190
@ -116,8 +116,7 @@ interface AuthenticatorAssertionResponse : AuthenticatorResponse {
readonly attribute DOMString userId;
};
// Renamed from "Transport" to avoid a collision with U2F
enum WebAuthnTransport {
enum AuthenticatorTransport {
"usb",
"nfc",
"ble"