Bug 1844437 - support WebAuthn credProps extension. r=keeler,webidl,s…

…aschanaz Differential Revision: https://phabricator.services.mozilla.com/D188159 UltraBlame original commit: 321bb8fe2658c412f44b3f173ff6acff8edea65e
marco-c · Sep 21, 2023 · b1e8912 · b1e8912
1 parent 3dca4e6
commit b1e8912
Show file tree

Hide file tree

Showing 19 changed files with 1,325 additions and 372 deletions.
diff --git a/dom/webauthn/AndroidWebAuthnTokenManager.cpp b/dom/webauthn/AndroidWebAuthnTokenManager.cpp
@@ -1052,6 +1052,97 @@ AuthenticatorSelection
 ;
 /
 /
+Get
+extensions
+bool
+requestedCredProps
+=
+false
+;
+for
+(
+const
+WebAuthnExtension
+&
+ext
+:
+aInfo
+.
+Extensions
+(
+)
+)
+{
+if
+(
+ext
+.
+type
+(
+)
+=
+=
+WebAuthnExtension
+:
+:
+TWebAuthnExtensionCredProps
+)
+{
+requestedCredProps
+=
+ext
+.
+get_WebAuthnExtensionCredProps
+(
+)
+.
+credProps
+(
+)
+;
+}
+if
+(
+ext
+.
+type
+(
+)
+=
+=
+WebAuthnExtension
+:
+:
+TWebAuthnExtensionAppId
+)
+{
+GECKOBUNDLE_PUT
+(
+extensionsBundle
+"
+fidoAppId
+"
+jni
+:
+:
+StringParam
+(
+ext
+.
+get_WebAuthnExtensionAppId
+(
+)
+.
+appIdentifier
+(
+)
+)
+)
+;
+}
+}
+/
+/
 Unfortunately
 GMS
 '
@@ -1119,6 +1210,70 @@ residentKey
 )
 )
 ;
+if
+(
+requestedCredProps
+)
+{
+/
+/
+In
+WebAuthnTokenManager
+.
+java
+we
+set
+the
+"
+requireResidentKey
+"
+/
+/
+parameter
+to
+true
+if
+and
+only
+if
+"
+residentKey
+"
+here
+is
+/
+/
+"
+required
+"
+.
+This
+determines
+the
+credProps
+extension
+output
+.
+self
+-
+>
+mRegisterCredPropsRk
+.
+emplace
+(
+sel
+.
+residentKey
+(
+)
+.
+EqualsLiteral
+(
+MOZ_WEBAUTHN_RESIDENT_KEY_REQUIREMENT_REQUIRED
+)
+)
+;
+}
 }
 if
 (
@@ -1250,64 +1405,6 @@ ValueOf
 ;
 }
 }
-/
-/
-Get
-extensions
-for
-(
-const
-WebAuthnExtension
-&
-ext
-:
-aInfo
-.
-Extensions
-(
-)
-)
-{
-if
-(
-ext
-.
-type
-(
-)
-=
-=
-WebAuthnExtension
-:
-:
-TWebAuthnExtensionAppId
-)
-{
-GECKOBUNDLE_PUT
-(
-extensionsBundle
-"
-fidoAppId
-"
-jni
-:
-:
-StringParam
-(
-ext
-.
-get_WebAuthnExtensionAppId
-(
-)
-.
-appIdentifier
-(
-)
-)
-)
-;
-}
-}
 uidBuf
 .
 Assign
@@ -1841,6 +1938,36 @@ WebAuthnExtensionResult
 >
 extensions
 ;
+if
+(
+self
+-
+>
+mRegisterCredPropsRk
+.
+isSome
+(
+)
+)
+{
+extensions
+.
+AppendElement
+(
+WebAuthnExtensionResultCredProps
+(
+self
+-
+>
+mRegisterCredPropsRk
+.
+value
+(
+)
+)
+)
+;
+}
 WebAuthnMakeCredentialResult
 result
 (

diff --git a/dom/webauthn/AndroidWebAuthnTokenManager.h b/dom/webauthn/AndroidWebAuthnTokenManager.h
@@ -827,6 +827,12 @@ NS_ERROR_DOM_UNKNOWN_ERR
 __func__
 )
 ;
+mRegisterCredPropsRk
+=
+Nothing
+(
+)
+;
 }
 void
 AssertIsOnOwningThread
@@ -846,6 +852,56 @@ U2FSignPromise
 >
 mSignPromise
 ;
+/
+/
+The
+Android
+FIDO2
+API
+doesn
+'
+t
+accept
+the
+credProps
+extension
+.
+However
+the
+/
+/
+appropriate
+value
+for
+CredentialPropertiesOutput
+.
+rk
+can
+be
+determined
+/
+/
+entirely
+from
+the
+input
+so
+we
+cache
+it
+here
+until
+mRegisterPromise
+/
+/
+resolves
+.
+Maybe
+<
+bool
+>
+mRegisterCredPropsRk
+;
 }
 ;
 }