content/public/browser/authenticator_request_client_delegate.h - chromium/src - Git at Google

 // Copyright 2018 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CONTENT_PUBLIC_BROWSER_AUTHENTICATOR_REQUEST_CLIENT_DELEGATE_H_
 #define CONTENT_PUBLIC_BROWSER_AUTHENTICATOR_REQUEST_CLIENT_DELEGATE_H_

 #include <string>

 #include "base/callback_forward.h"
 #include "base/containers/span.h"
 #include "base/macros.h"
 #include "base/optional.h"
 #include "build/build_config.h"
 #include "content/common/content_export.h"
 #include "device/fido/authenticator_get_assertion_response.h"
 #include "device/fido/cable/cable_discovery_data.h"
 #include "device/fido/fido_request_handler_base.h"
 #include "device/fido/fido_transport_protocol.h"

 #if defined(OS_MAC)
 #include "device/fido/mac/authenticator_config.h"
 #endif

 namespace device {
 class FidoAuthenticator;
 class FidoDiscoveryFactory;
 }  // namespace device

 namespace url {
 class Origin;
 }

 namespace content {

 // Interface that the embedder should implement to provide the //content layer
 // with embedder-specific configuration for a single Web Authentication API [1]
 // request serviced in a given RenderFrame.
 //
 // [1]: See https://www.w3.org/TR/webauthn/.
 class CONTENT_EXPORT AuthenticatorRequestClientDelegate
     : public device::FidoRequestHandlerBase::Observer {
  public:
   // Failure reasons that might be of interest to the user, so the embedder may
   // decide to inform the user.
   enum class InterestingFailureReason {
     kTimeout,
     kKeyNotRegistered,
     kKeyAlreadyRegistered,
     kSoftPINBlock,
     kHardPINBlock,
     kAuthenticatorRemovedDuringPINEntry,
     kAuthenticatorMissingResidentKeys,
     kAuthenticatorMissingUserVerification,
     kNoCommonAlgorithms,
     // kStorageFull indicates that a resident credential could not be created
     // because the authenticator has insufficient storage.
     kStorageFull,
     kUserConsentDenied,
     // kWinUserCancelled means that the user clicked "Cancel" in the native
     // Windows UI.
     kWinUserCancelled,
   };

   AuthenticatorRequestClientDelegate();
   ~AuthenticatorRequestClientDelegate() override;

   // Permits the embedder to override normal relying party ID processing. Is
   // given the untrusted, claimed relying party ID from the WebAuthn call, as
   // well as the origin of the caller, and may return a relying party ID to
   // override normal validation.
   //
   // This is an access-control decision: RP IDs are used to control access to
   // credentials so thought is required before allowing an origin to assert an
   // RP ID. RP ID strings may be stored on authenticators and may later appear
   // in management UI.
   virtual base::Optional<std::string> MaybeGetRelyingPartyIdOverride(
       const std::string& claimed_relying_party_id,
       const url::Origin& caller_origin);

   // SetRelyingPartyId sets the RP ID for this request. This is called after
   // |MaybeGetRelyingPartyIdOverride| is given the opportunity to affect this
   // value. For typical origins, the RP ID is just a domain name, but
   // |MaybeGetRelyingPartyIdOverride| may return other forms of strings.
   virtual void SetRelyingPartyId(const std::string& rp_id);

   // Called when the request fails for the given |reason|.
   //
   // Embedders may return true if they want AuthenticatorImpl to hold off from
   // resolving the WebAuthn request with an error, e.g. because they want the
   // user to dismiss an error dialog first. In this case, embedders *must*
   // eventually invoke the FidoRequestHandlerBase::CancelCallback in order to
   // resolve the request. Returning false causes AuthenticatorImpl to resolve
   // the request with the error right away.
   virtual bool DoesBlockRequestOnFailure(InterestingFailureReason reason);

   // Supplies callbacks that the embedder can invoke to initiate certain
   // actions, namely: cancel the request, start the request over, initiate BLE
   // pairing process, cancel WebAuthN request, and dispatch request to connected
   // authenticators.
   virtual void RegisterActionCallbacks(
       base::OnceClosure cancel_callback,
       base::RepeatingClosure start_over_callback,
       device::FidoRequestHandlerBase::RequestCallback request_callback,
       base::RepeatingClosure bluetooth_adapter_power_on_callback);

   // Returns true if the given relying party ID is permitted to receive
   // individual attestation certificates. This:
   //  a) triggers a signal to the security key that returning individual
   //     attestation certificates is permitted, and
   //  b) skips any permission prompt for attestation.
   virtual bool ShouldPermitIndividualAttestation(
       const std::string& relying_party_id);

   // Invokes |callback| with |true| if the given relying party ID is permitted
   // to receive attestation certificates from the provided FidoAuthenticator.
   // Otherwise invokes |callback| with |false|.
   //
   // If |is_enterprise_attestation| is true then that authenticator has asserted
   // that |relying_party_id| is known to it and the attesation has no
   // expectations of privacy.
   //
   // Since these certificates may uniquely identify the authenticator, the
   // embedder may choose to show a permissions prompt to the user, and only
   // invoke |callback| afterwards. This may hairpin |callback|.
   virtual void ShouldReturnAttestation(
       const std::string& relying_party_id,
       const device::FidoAuthenticator* authenticator,
       bool is_enterprise_attestation,
       base::OnceCallback<void(bool)> callback);

   // SupportsResidentKeys returns true if this implementation of
   // |AuthenticatorRequestClientDelegate| supports resident keys. If false then
   // requests to create or get assertions will be immediately rejected and
   // |SelectAccount| will never be called.
   virtual bool SupportsResidentKeys();

   // SetMightCreateResidentCredential indicates whether activating an
   // authenticator may cause a resident credential to be created. A resident
   // credential may be discovered by someone with physical access to the
   // authenticator and thus has privacy implications.
   void SetMightCreateResidentCredential(bool v) override;

   // ConfigureCable optionally configures Cloud-assisted Bluetooth Low Energy
   // transports. |origin| is the origin of the calling site and
   // |pairings_from_extension| are caBLEv1 pairings that have been provided in
   // an extension to the WebAuthn get() call. If the embedder wishes, it may use
   // this to configure caBLE on the |FidoDiscoveryFactory| for use in this
   // request.
   virtual void ConfigureCable(
       const url::Origin& origin,
       base::span<const device::CableDiscoveryData> pairings_from_extension,
       device::FidoDiscoveryFactory* fido_discovery_factory);

   // SelectAccount is called to allow the embedder to select between one or more
   // accounts. This is triggered when the web page requests an unspecified
   // credential (by passing an empty allow-list). In this case, any accounts
   // will come from the authenticator's storage and the user should confirm the
   // use of any specific account before it is returned. The callback takes the
   // selected account, or else |cancel_callback| can be called.
   //
   // This is only called if |SupportsResidentKeys| returns true.
   virtual void SelectAccount(
       std::vector<device::AuthenticatorGetAssertionResponse> responses,
       base::OnceCallback<void(device::AuthenticatorGetAssertionResponse)>
           callback);

   // Returns whether the WebContents corresponding to |render_frame_host| is the
   // active tab in the focused window. We do not want to allow
   // authenticatorMakeCredential operations to be triggered by background tabs.
   //
   // Note that the default implementation of this function, and the
   // implementation in ChromeContentBrowserClient for Android, return |true| so
   // that testing is possible.
   virtual bool IsFocused();

 #if defined(OS_MAC)
   using TouchIdAuthenticatorConfig = device::fido::mac::AuthenticatorConfig;

   // Returns configuration data for the built-in Touch ID platform
   // authenticator. May return nullopt if the authenticator is not available in
   // the current context, in which case the Touch ID authenticator will be
   // unavailable.
   virtual base::Optional<TouchIdAuthenticatorConfig>
   GetTouchIdAuthenticatorConfig();
 #endif  // defined(OS_MAC)

   // Returns a bool if the result of the isUserVerifyingPlatformAuthenticator
   // API call should be overridden with that value, or base::nullopt otherwise.
   virtual base::Optional<bool>
   IsUserVerifyingPlatformAuthenticatorAvailableOverride();

   // Saves transport type the user used during WebAuthN API so that the
   // WebAuthN UI will default to the same transport type during next API call.
   virtual void UpdateLastTransportUsed(device::FidoTransportProtocol transport);

   // Disables the UI (needed in cases when called by other components, like
   // cryptotoken).
   virtual void DisableUI();

   virtual bool IsWebAuthnUIEnabled();

   // device::FidoRequestHandlerBase::Observer:
   void OnTransportAvailabilityEnumerated(
       device::FidoRequestHandlerBase::TransportAvailabilityInfo data) override;
   // If true, the request handler will defer dispatch of its request onto the
   // given authenticator to the embedder. The embedder needs to call
   // |StartAuthenticatorRequest| when it wants to initiate request dispatch.
   //
   // This method is invoked before |FidoAuthenticatorAdded|, and may be
   // invoked multiple times for the same authenticator. Depending on the
   // result, the request handler might decide not to make the authenticator
   // available, in which case it never gets passed to
   // |FidoAuthenticatorAdded|.
   bool EmbedderControlsAuthenticatorDispatch(
       const device::FidoAuthenticator& authenticator) override;
   void BluetoothAdapterPowerChanged(bool is_powered_on) override;
   void FidoAuthenticatorAdded(
       const device::FidoAuthenticator& authenticator) override;
   void FidoAuthenticatorRemoved(base::StringPiece device_id) override;
   bool SupportsPIN() const override;
   void CollectPIN(
       base::Optional<int> attempts,
       base::OnceCallback<void(std::string)> provide_pin_cb) override;
   void StartBioEnrollment(base::OnceClosure next_callback) override;
   void OnSampleCollected(int bio_samples_remaining) override;
   void FinishCollectToken() override;
   void OnRetryUserVerification(int attempts) override;
   void OnInternalUserVerificationLocked() override;

  private:
   DISALLOW_COPY_AND_ASSIGN(AuthenticatorRequestClientDelegate);
 };

 }  // namespace content

 #endif  // CONTENT_PUBLIC_BROWSER_AUTHENTICATOR_REQUEST_CLIENT_DELEGATE_H_
	// Copyright 2018 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CONTENT_PUBLIC_BROWSER_AUTHENTICATOR_REQUEST_CLIENT_DELEGATE_H_
	#define CONTENT_PUBLIC_BROWSER_AUTHENTICATOR_REQUEST_CLIENT_DELEGATE_H_

	#include <string>

	#include "base/callback_forward.h"
	#include "base/containers/span.h"
	#include "base/macros.h"
	#include "base/optional.h"
	#include "build/build_config.h"
	#include "content/common/content_export.h"
	#include "device/fido/authenticator_get_assertion_response.h"
	#include "device/fido/cable/cable_discovery_data.h"
	#include "device/fido/fido_request_handler_base.h"
	#include "device/fido/fido_transport_protocol.h"

	#if defined(OS_MAC)
	#include "device/fido/mac/authenticator_config.h"
	#endif

	namespace device {
	class FidoAuthenticator;
	class FidoDiscoveryFactory;
	} // namespace device

	namespace url {
	class Origin;
	}

	namespace content {

	// Interface that the embedder should implement to provide the //content layer
	// with embedder-specific configuration for a single Web Authentication API [1]
	// request serviced in a given RenderFrame.
	//
	// [1]: See https://www.w3.org/TR/webauthn/.
	class CONTENT_EXPORT AuthenticatorRequestClientDelegate
	: public device::FidoRequestHandlerBase::Observer {
	public:
	// Failure reasons that might be of interest to the user, so the embedder may
	// decide to inform the user.
	enum class InterestingFailureReason {
	kTimeout,
	kKeyNotRegistered,
	kKeyAlreadyRegistered,
	kSoftPINBlock,
	kHardPINBlock,
	kAuthenticatorRemovedDuringPINEntry,
	kAuthenticatorMissingResidentKeys,
	kAuthenticatorMissingUserVerification,
	kNoCommonAlgorithms,
	// kStorageFull indicates that a resident credential could not be created
	// because the authenticator has insufficient storage.
	kStorageFull,
	kUserConsentDenied,
	// kWinUserCancelled means that the user clicked "Cancel" in the native
	// Windows UI.
	kWinUserCancelled,
	};

	AuthenticatorRequestClientDelegate();
	~AuthenticatorRequestClientDelegate() override;

	// Permits the embedder to override normal relying party ID processing. Is
	// given the untrusted, claimed relying party ID from the WebAuthn call, as
	// well as the origin of the caller, and may return a relying party ID to
	// override normal validation.
	//
	// This is an access-control decision: RP IDs are used to control access to
	// credentials so thought is required before allowing an origin to assert an
	// RP ID. RP ID strings may be stored on authenticators and may later appear
	// in management UI.
	virtual base::Optional<std::string> MaybeGetRelyingPartyIdOverride(
	const std::string& claimed_relying_party_id,
	const url::Origin& caller_origin);

	// SetRelyingPartyId sets the RP ID for this request. This is called after
	// \|MaybeGetRelyingPartyIdOverride\| is given the opportunity to affect this
	// value. For typical origins, the RP ID is just a domain name, but
	// \|MaybeGetRelyingPartyIdOverride\| may return other forms of strings.
	virtual void SetRelyingPartyId(const std::string& rp_id);

	// Called when the request fails for the given \|reason\|.
	//
	// Embedders may return true if they want AuthenticatorImpl to hold off from
	// resolving the WebAuthn request with an error, e.g. because they want the
	// user to dismiss an error dialog first. In this case, embedders must
	// eventually invoke the FidoRequestHandlerBase::CancelCallback in order to
	// resolve the request. Returning false causes AuthenticatorImpl to resolve
	// the request with the error right away.
	virtual bool DoesBlockRequestOnFailure(InterestingFailureReason reason);

	// Supplies callbacks that the embedder can invoke to initiate certain
	// actions, namely: cancel the request, start the request over, initiate BLE
	// pairing process, cancel WebAuthN request, and dispatch request to connected
	// authenticators.
	virtual void RegisterActionCallbacks(
	base::OnceClosure cancel_callback,
	base::RepeatingClosure start_over_callback,
	device::FidoRequestHandlerBase::RequestCallback request_callback,
	base::RepeatingClosure bluetooth_adapter_power_on_callback);

	// Returns true if the given relying party ID is permitted to receive
	// individual attestation certificates. This:
	// a) triggers a signal to the security key that returning individual
	// attestation certificates is permitted, and
	// b) skips any permission prompt for attestation.
	virtual bool ShouldPermitIndividualAttestation(
	const std::string& relying_party_id);

	// Invokes \|callback\| with \|true\| if the given relying party ID is permitted
	// to receive attestation certificates from the provided FidoAuthenticator.
	// Otherwise invokes \|callback\| with \|false\|.
	//
	// If \|is_enterprise_attestation\| is true then that authenticator has asserted
	// that \|relying_party_id\| is known to it and the attesation has no
	// expectations of privacy.
	//
	// Since these certificates may uniquely identify the authenticator, the
	// embedder may choose to show a permissions prompt to the user, and only
	// invoke \|callback\| afterwards. This may hairpin \|callback\|.
	virtual void ShouldReturnAttestation(
	const std::string& relying_party_id,
	const device::FidoAuthenticator* authenticator,
	bool is_enterprise_attestation,
	base::OnceCallback<void(bool)> callback);

	// SupportsResidentKeys returns true if this implementation of
	// \|AuthenticatorRequestClientDelegate\| supports resident keys. If false then
	// requests to create or get assertions will be immediately rejected and
	// \|SelectAccount\| will never be called.
	virtual bool SupportsResidentKeys();

	// SetMightCreateResidentCredential indicates whether activating an
	// authenticator may cause a resident credential to be created. A resident
	// credential may be discovered by someone with physical access to the
	// authenticator and thus has privacy implications.
	void SetMightCreateResidentCredential(bool v) override;

	// ConfigureCable optionally configures Cloud-assisted Bluetooth Low Energy
	// transports. \|origin\| is the origin of the calling site and
	// \|pairings_from_extension\| are caBLEv1 pairings that have been provided in
	// an extension to the WebAuthn get() call. If the embedder wishes, it may use
	// this to configure caBLE on the \|FidoDiscoveryFactory\| for use in this
	// request.
	virtual void ConfigureCable(
	const url::Origin& origin,
	base::span<const device::CableDiscoveryData> pairings_from_extension,
	device::FidoDiscoveryFactory* fido_discovery_factory);

	// SelectAccount is called to allow the embedder to select between one or more
	// accounts. This is triggered when the web page requests an unspecified
	// credential (by passing an empty allow-list). In this case, any accounts
	// will come from the authenticator's storage and the user should confirm the
	// use of any specific account before it is returned. The callback takes the
	// selected account, or else \|cancel_callback\| can be called.
	//
	// This is only called if \|SupportsResidentKeys\| returns true.
	virtual void SelectAccount(
	std::vector<device::AuthenticatorGetAssertionResponse> responses,
	base::OnceCallback<void(device::AuthenticatorGetAssertionResponse)>
	callback);

	// Returns whether the WebContents corresponding to \|render_frame_host\| is the
	// active tab in the focused window. We do not want to allow
	// authenticatorMakeCredential operations to be triggered by background tabs.
	//
	// Note that the default implementation of this function, and the
	// implementation in ChromeContentBrowserClient for Android, return \|true\| so
	// that testing is possible.
	virtual bool IsFocused();

	#if defined(OS_MAC)
	using TouchIdAuthenticatorConfig = device::fido::mac::AuthenticatorConfig;

	// Returns configuration data for the built-in Touch ID platform
	// authenticator. May return nullopt if the authenticator is not available in
	// the current context, in which case the Touch ID authenticator will be
	// unavailable.
	virtual base::Optional<TouchIdAuthenticatorConfig>
	GetTouchIdAuthenticatorConfig();
	#endif // defined(OS_MAC)

	// Returns a bool if the result of the isUserVerifyingPlatformAuthenticator
	// API call should be overridden with that value, or base::nullopt otherwise.
	virtual base::Optional<bool>
	IsUserVerifyingPlatformAuthenticatorAvailableOverride();

	// Saves transport type the user used during WebAuthN API so that the
	// WebAuthN UI will default to the same transport type during next API call.
	virtual void UpdateLastTransportUsed(device::FidoTransportProtocol transport);

	// Disables the UI (needed in cases when called by other components, like
	// cryptotoken).
	virtual void DisableUI();

	virtual bool IsWebAuthnUIEnabled();

	// device::FidoRequestHandlerBase::Observer:
	void OnTransportAvailabilityEnumerated(
	device::FidoRequestHandlerBase::TransportAvailabilityInfo data) override;
	// If true, the request handler will defer dispatch of its request onto the
	// given authenticator to the embedder. The embedder needs to call
	// \|StartAuthenticatorRequest\| when it wants to initiate request dispatch.
	//
	// This method is invoked before \|FidoAuthenticatorAdded\|, and may be
	// invoked multiple times for the same authenticator. Depending on the
	// result, the request handler might decide not to make the authenticator
	// available, in which case it never gets passed to
	// \|FidoAuthenticatorAdded\|.
	bool EmbedderControlsAuthenticatorDispatch(
	const device::FidoAuthenticator& authenticator) override;
	void BluetoothAdapterPowerChanged(bool is_powered_on) override;
	void FidoAuthenticatorAdded(
	const device::FidoAuthenticator& authenticator) override;
	void FidoAuthenticatorRemoved(base::StringPiece device_id) override;
	bool SupportsPIN() const override;
	void CollectPIN(
	base::Optional<int> attempts,
	base::OnceCallback<void(std::string)> provide_pin_cb) override;
	void StartBioEnrollment(base::OnceClosure next_callback) override;
	void OnSampleCollected(int bio_samples_remaining) override;
	void FinishCollectToken() override;
	void OnRetryUserVerification(int attempts) override;
	void OnInternalUserVerificationLocked() override;

	private:
	DISALLOW_COPY_AND_ASSIGN(AuthenticatorRequestClientDelegate);
	};

	} // namespace content

	#endif // CONTENT_PUBLIC_BROWSER_AUTHENTICATOR_REQUEST_CLIENT_DELEGATE_H_