forked from chromium/chromium
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
webauthn: prompt for attestation permission when needed.
This change implements a user consent prompt before returning attestation information from a device. (Thus making webauthn act like U2F currently does.) Unlike U2F, however, it is a fatal error if a user denies consent, as required by the spec. The attestation behavior is also affected by the SecurityKeyPermitAttestation[1] enterprise policy. This list can contain either U2F AppIDs (which are full URLs) or webauthn RP IDs (which are domains). Its affect on attestation is detailed in the following table: "attestation" value | RP ID not listed in policy | RP ID listed --------------------+----------------------------+--------------------- "none" / not given | Empty, "none" attestation | Empty, "none" | returned. | attesation returned. --------------------+----------------------------+--------------------- "indirect"/"direct" | User prompted for consent. | Attestation from | If granted, attestation | device is returned. | from device is returned. | | Otherwise a permission | | error is generated. | (The behavior of "indirect" attestation in webauthn may change in the future but, for now, it is identical to "direct".) [1] https://www.chromium.org/administrators/policy-list-3#SecurityKeyPermitAttestation Bug: 803829,793985 Change-Id: I4e1d15a93ebc067869df7656016990b29fe12b59 Reviewed-on: https://chromium-review.googlesource.com/900452 Reviewed-by: Timothy Loh <timloh@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Balazs Engedy <engedy@chromium.org> Reviewed-by: Kim Paulhamus <kpaulhamus@chromium.org> Commit-Queue: Adam Langley <agl@chromium.org> Cr-Commit-Position: refs/heads/master@{#536206}
- Loading branch information
Adam Langley
authored and
Commit Bot
committed
Feb 12, 2018
1 parent
103883f
commit 85339f6
Showing
10 changed files
with
223 additions
and
68 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
66 changes: 66 additions & 0 deletions
66
chrome/browser/permissions/attestation_permission_request.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
// Copyright 2018 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#include "chrome/browser/permissions/attestation_permission_request.h" | ||
|
||
#include "base/callback.h" | ||
#include "chrome/app/vector_icons/vector_icons.h" | ||
#include "chrome/browser/permissions/permission_request.h" | ||
#include "chrome/grit/generated_resources.h" | ||
#include "ui/base/l10n/l10n_util.h" | ||
#include "url/origin.h" | ||
|
||
// AttestationPermissionRequest is a delegate class that provides information | ||
// and callbacks to the PermissionRequestManager. | ||
// | ||
// PermissionRequestManager has a reference to this object and so this object | ||
// must outlive it. Since attestation requests are never canceled, | ||
// PermissionRequestManager guarentees that |RequestFinished| will always, | ||
// eventually, be called. This object uses that fact to delete itself during | ||
// |RequestFinished| and thus owns itself. | ||
class AttestationPermissionRequest : public PermissionRequest { | ||
public: | ||
AttestationPermissionRequest(const url::Origin& origin, | ||
base::OnceCallback<void(bool)> callback) | ||
: origin_(origin), callback_(std::move(callback)) {} | ||
|
||
PermissionRequest::IconId GetIconId() const override { | ||
return kUsbSecurityKeyIcon; | ||
} | ||
|
||
base::string16 GetMessageTextFragment() const override { | ||
return l10n_util::GetStringUTF16( | ||
IDS_SECURITY_KEY_ATTESTATION_PERMISSION_FRAGMENT); | ||
} | ||
GURL GetOrigin() const override { return origin_.GetURL(); } | ||
void PermissionGranted() override { std::move(callback_).Run(true); } | ||
void PermissionDenied() override { std::move(callback_).Run(false); } | ||
void Cancelled() override { std::move(callback_).Run(false); } | ||
|
||
void RequestFinished() override { | ||
// callback_ may not have run if the prompt was ignored. (I.e. the tab was | ||
// closed while the prompt was displayed.) | ||
if (callback_) | ||
std::move(callback_).Run(false); | ||
delete this; | ||
} | ||
|
||
PermissionRequestType GetPermissionRequestType() const override { | ||
return PermissionRequestType::PERMISSION_SECURITY_KEY_ATTESTATION; | ||
} | ||
|
||
private: | ||
~AttestationPermissionRequest() override = default; | ||
|
||
const url::Origin origin_; | ||
base::OnceCallback<void(bool)> callback_; | ||
|
||
DISALLOW_COPY_AND_ASSIGN(AttestationPermissionRequest); | ||
}; | ||
|
||
PermissionRequest* NewAttestationPermissionRequest( | ||
const url::Origin& origin, | ||
base::OnceCallback<void(bool)> callback) { | ||
return new AttestationPermissionRequest(origin, std::move(callback)); | ||
} |
26 changes: 26 additions & 0 deletions
26
chrome/browser/permissions/attestation_permission_request.h
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
// Copyright 2018 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#ifndef CHROME_BROWSER_PERMISSIONS_ATTESTATION_PERMISSION_REQUEST_H_ | ||
#define CHROME_BROWSER_PERMISSIONS_ATTESTATION_PERMISSION_REQUEST_H_ | ||
|
||
#include "base/callback_forward.h" | ||
|
||
class PermissionRequest; | ||
|
||
namespace url { | ||
class Origin; | ||
} | ||
|
||
// Returns a |PermissionRequest| that asks the user to consent to sending | ||
// identifying information about their security key. The |origin| argument is | ||
// used to identify the origin that is requesting the permission, and only the | ||
// authority part of the URL is used. The caller takes ownership of the returned | ||
// object because the standard pattern for PermissionRequests is that they | ||
// delete themselves once complete. | ||
PermissionRequest* NewAttestationPermissionRequest( | ||
const url::Origin& origin, | ||
base::OnceCallback<void(bool)> callback); | ||
|
||
#endif // CHROME_BROWSER_PERMISSIONS_ATTESTATION_PERMISSION_REQUEST_H_ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.