device/fido/fido_request_handler_base.h - chromium/src - Git at Google

 // Copyright 2018 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef DEVICE_FIDO_FIDO_REQUEST_HANDLER_BASE_H_
 #define DEVICE_FIDO_FIDO_REQUEST_HANDLER_BASE_H_

 #include <functional>
 #include <map>
 #include <memory>
 #include <set>
 #include <string>
 #include <vector>

 #include "base/callback.h"
 #include "base/component_export.h"
 #include "base/containers/flat_set.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/weak_ptr.h"
 #include "base/strings/string_piece_forward.h"
 #include "device/fido/fido_device_authenticator.h"
 #include "device/fido/fido_discovery.h"
 #include "device/fido/fido_transport_protocol.h"

 namespace service_manager {
 class Connector;
 };  // namespace service_manager

 namespace device {

 class BleAdapterPowerManager;
 class FidoAuthenticator;
 class FidoDevice;
 class FidoTask;

 struct COMPONENT_EXPORT(DEVICE_FIDO) PlatformAuthenticatorInfo {
   PlatformAuthenticatorInfo(std::unique_ptr<FidoAuthenticator> authenticator,
                             bool has_recognized_mac_touch_id_credential);
   PlatformAuthenticatorInfo(PlatformAuthenticatorInfo&&);
   PlatformAuthenticatorInfo& operator=(PlatformAuthenticatorInfo&& other);
   ~PlatformAuthenticatorInfo();

   std::unique_ptr<FidoAuthenticator> authenticator;
   bool has_recognized_mac_touch_id_credential;
 };

 // Base class that handles device discovery/removal. Each FidoRequestHandlerBase
 // is owned by FidoRequestManager and its lifetime is equivalent to that of a
 // single WebAuthn request. For each authenticator, the per-device work is
 // carried out by one FidoTask instance, which is constructed on DeviceAdded(),
 // and destroyed either on DeviceRemoved() or CancelOutgoingTaks().
 class COMPONENT_EXPORT(DEVICE_FIDO) FidoRequestHandlerBase
     : public FidoDiscovery::Observer {
  public:
   using AuthenticatorMap =
       std::map<std::string, std::unique_ptr<FidoAuthenticator>, std::less<>>;
   using RequestCallback = base::RepeatingCallback<void(const std::string&)>;

   enum class RequestType { kMakeCredential, kGetAssertion };

   // Encapsulates data required to initiate WebAuthN UX dialog. Once all
   // components of TransportAvailabilityInfo is set,
   // AuthenticatorRequestClientDelegate should be notified.
   // TODO(hongjunchoi): Add async calls to notify embedder when Bluetooth is
   // powered on/off.
   struct COMPONENT_EXPORT(DEVICE_FIDO) TransportAvailabilityInfo {
     TransportAvailabilityInfo();
     TransportAvailabilityInfo(const TransportAvailabilityInfo& other);
     TransportAvailabilityInfo& operator=(
         const TransportAvailabilityInfo& other);
     ~TransportAvailabilityInfo();

     // TODO(hongjunchoi): Factor |rp_id| and |request_type| from
     // TransportAvailabilityInfo.
     // See: https://crbug.com/875011
     std::string rp_id;
     RequestType request_type = RequestType::kMakeCredential;

     // The intersection of transports supported by the client and allowed by the
     // relying party.
     base::flat_set<FidoTransportProtocol> available_transports;

     bool has_recognized_mac_touch_id_credential = false;
     bool is_ble_powered = false;
     bool can_power_on_ble_adapter = false;
   };

   class COMPONENT_EXPORT(DEVICE_FIDO) TransportAvailabilityObserver {
    public:
     virtual ~TransportAvailabilityObserver();

     // This method will not be invoked until the observer is set.
     virtual void OnTransportAvailabilityEnumerated(
         TransportAvailabilityInfo data) = 0;

     // If true, the request handler will defer dispatch of its request onto the
     // given authenticator to the embedder. The embedder needs to call
     // |StartAuthenticatorRequest| when it wants to initiate request dispatch.
     //
     // This method is invoked before |FidoAuthenticatorAdded|, and may be
     // invoked multiple times for the same authenticator. Depending on the
     // result, the request handler might decide not to make the authenticator
     // available, in which case it never gets passed to
     // |FidoAuthenticatorAdded|.
     virtual bool EmbedderControlsAuthenticatorDispatch(
         const FidoAuthenticator& authenticator) = 0;

     virtual void BluetoothAdapterPowerChanged(bool is_powered_on) = 0;
     virtual void FidoAuthenticatorAdded(
         const FidoAuthenticator& authenticator) = 0;
     virtual void FidoAuthenticatorRemoved(base::StringPiece device_id) = 0;
   };

   // TODO(https://crbug.com/769631): Remove the dependency on Connector once
   // device/fido is servicified. The |available_transports| should be the
   // intersection of transports supported by the client and allowed by the
   // relying party.
   FidoRequestHandlerBase(
       service_manager::Connector* connector,
       const base::flat_set<FidoTransportProtocol>& available_transports);
   ~FidoRequestHandlerBase() override;

   // Triggers DispatchRequest() if |active_authenticators_| hold
   // FidoAuthenticator with given |authenticator_id|.
   void StartAuthenticatorRequest(const std::string& authenticator_id);

   // Triggers cancellation of all per-device FidoTasks, except for the device
   // with |exclude_device_id|, if one is provided. Cancelled tasks are
   // immediately removed from |ongoing_tasks_|.
   //
   // This function is invoked either when:
   //  (a) the entire WebAuthn API request is canceled or,
   //  (b) a successful response or "invalid state error" is received from the
   //  any one of the connected authenticators, in which case all other
   //  per-device tasks are cancelled.
   // https://w3c.github.io/webauthn/#iface-pkcredential
   void CancelOngoingTasks(base::StringPiece exclude_device_id = nullptr);
   void OnBluetoothAdapterEnumerated(bool is_present,
                                     bool is_powered_on,
                                     bool can_power_on);
   void OnBluetoothAdapterPowerChanged(bool is_powered_on);
   void PowerOnBluetoothAdapter();

   base::WeakPtr<FidoRequestHandlerBase> GetWeakPtr();

   void set_observer(TransportAvailabilityObserver* observer) {
     DCHECK(!observer_) << "Only one observer is supported.";
     observer_ = observer;

     DCHECK(notify_observer_callback_);
     notify_observer_callback_.Run();
   }

   // Set the platform authenticator for this request, if one is available.
   // |AuthenticatorImpl| must call this method after invoking |set_oberver| even
   // if no platform authenticator is available, in which case it passes nullptr.
   virtual void SetPlatformAuthenticatorOrMarkUnavailable(
       base::Optional<PlatformAuthenticatorInfo> platform_authenticator_info);

   TransportAvailabilityInfo& transport_availability_info() {
     return transport_availability_info_;
   }

  protected:
   // Subclasses implement this method to dispatch their request onto the given
   // FidoAuthenticator. The FidoAuthenticator is owned by this
   // FidoRequestHandler and stored in active_authenticators().
   virtual void DispatchRequest(FidoAuthenticator*) = 0;

   void Start();

   // Testing seam to allow unit tests to inject a fake authenticator.
   virtual std::unique_ptr<FidoDeviceAuthenticator>
   CreateAuthenticatorFromDevice(FidoDevice* device);

   AuthenticatorMap& active_authenticators() { return active_authenticators_; }
   std::vector<std::unique_ptr<FidoDiscovery>>& discoveries() {
     return discoveries_;
   }
   TransportAvailabilityObserver* observer() const { return observer_; }

  private:
   // FidoDiscovery::Observer
   void DeviceAdded(FidoDiscovery* discovery, FidoDevice* device) final;
   void DeviceRemoved(FidoDiscovery* discovery, FidoDevice* device) final;

   void AddAuthenticator(std::unique_ptr<FidoAuthenticator> authenticator);
   void NotifyObserverTransportAvailability();

   // Invokes FidoAuthenticator::InitializeAuthenticator(), followed by
   // DispatchRequest(). InitializeAuthenticator() sends a GetInfo command
   // to FidoDeviceAuthenticator instances in order to determine their protocol
   // versions before a request can be dispatched.
   void InitializeAuthenticatorAndDispatchRequest(FidoAuthenticator*);
   void ConstructBleAdapterPowerManager();

   AuthenticatorMap active_authenticators_;
   std::vector<std::unique_ptr<FidoDiscovery>> discoveries_;
   TransportAvailabilityObserver* observer_ = nullptr;
   TransportAvailabilityInfo transport_availability_info_;
   base::RepeatingClosure notify_observer_callback_;
   std::unique_ptr<BleAdapterPowerManager> bluetooth_power_manager_;

   base::WeakPtrFactory<FidoRequestHandlerBase> weak_factory_;
   DISALLOW_COPY_AND_ASSIGN(FidoRequestHandlerBase);
 };

 }  // namespace device

 #endif  // DEVICE_FIDO_FIDO_REQUEST_HANDLER_BASE_H_
	// Copyright 2018 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef DEVICE_FIDO_FIDO_REQUEST_HANDLER_BASE_H_
	#define DEVICE_FIDO_FIDO_REQUEST_HANDLER_BASE_H_

	#include <functional>
	#include <map>
	#include <memory>
	#include <set>
	#include <string>
	#include <vector>

	#include "base/callback.h"
	#include "base/component_export.h"
	#include "base/containers/flat_set.h"
	#include "base/logging.h"
	#include "base/macros.h"
	#include "base/memory/weak_ptr.h"
	#include "base/strings/string_piece_forward.h"
	#include "device/fido/fido_device_authenticator.h"
	#include "device/fido/fido_discovery.h"
	#include "device/fido/fido_transport_protocol.h"

	namespace service_manager {
	class Connector;
	}; // namespace service_manager

	namespace device {

	class BleAdapterPowerManager;
	class FidoAuthenticator;
	class FidoDevice;
	class FidoTask;

	struct COMPONENT_EXPORT(DEVICE_FIDO) PlatformAuthenticatorInfo {
	PlatformAuthenticatorInfo(std::unique_ptr<FidoAuthenticator> authenticator,
	bool has_recognized_mac_touch_id_credential);
	PlatformAuthenticatorInfo(PlatformAuthenticatorInfo&&);
	PlatformAuthenticatorInfo& operator=(PlatformAuthenticatorInfo&& other);
	~PlatformAuthenticatorInfo();

	std::unique_ptr<FidoAuthenticator> authenticator;
	bool has_recognized_mac_touch_id_credential;
	};

	// Base class that handles device discovery/removal. Each FidoRequestHandlerBase
	// is owned by FidoRequestManager and its lifetime is equivalent to that of a
	// single WebAuthn request. For each authenticator, the per-device work is
	// carried out by one FidoTask instance, which is constructed on DeviceAdded(),
	// and destroyed either on DeviceRemoved() or CancelOutgoingTaks().
	class COMPONENT_EXPORT(DEVICE_FIDO) FidoRequestHandlerBase
	: public FidoDiscovery::Observer {
	public:
	using AuthenticatorMap =
	std::map<std::string, std::unique_ptr<FidoAuthenticator>, std::less<>>;
	using RequestCallback = base::RepeatingCallback<void(const std::string&)>;

	enum class RequestType { kMakeCredential, kGetAssertion };

	// Encapsulates data required to initiate WebAuthN UX dialog. Once all
	// components of TransportAvailabilityInfo is set,
	// AuthenticatorRequestClientDelegate should be notified.
	// TODO(hongjunchoi): Add async calls to notify embedder when Bluetooth is
	// powered on/off.
	struct COMPONENT_EXPORT(DEVICE_FIDO) TransportAvailabilityInfo {
	TransportAvailabilityInfo();
	TransportAvailabilityInfo(const TransportAvailabilityInfo& other);
	TransportAvailabilityInfo& operator=(
	const TransportAvailabilityInfo& other);
	~TransportAvailabilityInfo();

	// TODO(hongjunchoi): Factor \|rp_id\| and \|request_type\| from
	// TransportAvailabilityInfo.
	// See: https://crbug.com/875011
	std::string rp_id;
	RequestType request_type = RequestType::kMakeCredential;

	// The intersection of transports supported by the client and allowed by the
	// relying party.
	base::flat_set<FidoTransportProtocol> available_transports;

	bool has_recognized_mac_touch_id_credential = false;
	bool is_ble_powered = false;
	bool can_power_on_ble_adapter = false;
	};

	class COMPONENT_EXPORT(DEVICE_FIDO) TransportAvailabilityObserver {
	public:
	virtual ~TransportAvailabilityObserver();

	// This method will not be invoked until the observer is set.
	virtual void OnTransportAvailabilityEnumerated(
	TransportAvailabilityInfo data) = 0;

	// If true, the request handler will defer dispatch of its request onto the
	// given authenticator to the embedder. The embedder needs to call
	// \|StartAuthenticatorRequest\| when it wants to initiate request dispatch.
	//
	// This method is invoked before \|FidoAuthenticatorAdded\|, and may be
	// invoked multiple times for the same authenticator. Depending on the
	// result, the request handler might decide not to make the authenticator
	// available, in which case it never gets passed to
	// \|FidoAuthenticatorAdded\|.
	virtual bool EmbedderControlsAuthenticatorDispatch(
	const FidoAuthenticator& authenticator) = 0;

	virtual void BluetoothAdapterPowerChanged(bool is_powered_on) = 0;
	virtual void FidoAuthenticatorAdded(
	const FidoAuthenticator& authenticator) = 0;
	virtual void FidoAuthenticatorRemoved(base::StringPiece device_id) = 0;
	};

	// TODO(https://crbug.com/769631): Remove the dependency on Connector once
	// device/fido is servicified. The \|available_transports\| should be the
	// intersection of transports supported by the client and allowed by the
	// relying party.
	FidoRequestHandlerBase(
	service_manager::Connector* connector,
	const base::flat_set<FidoTransportProtocol>& available_transports);
	~FidoRequestHandlerBase() override;

	// Triggers DispatchRequest() if \|active_authenticators_\| hold
	// FidoAuthenticator with given \|authenticator_id\|.
	void StartAuthenticatorRequest(const std::string& authenticator_id);

	// Triggers cancellation of all per-device FidoTasks, except for the device
	// with \|exclude_device_id\|, if one is provided. Cancelled tasks are
	// immediately removed from \|ongoing_tasks_\|.
	//
	// This function is invoked either when:
	// (a) the entire WebAuthn API request is canceled or,
	// (b) a successful response or "invalid state error" is received from the
	// any one of the connected authenticators, in which case all other
	// per-device tasks are cancelled.
	// https://w3c.github.io/webauthn/#iface-pkcredential
	void CancelOngoingTasks(base::StringPiece exclude_device_id = nullptr);
	void OnBluetoothAdapterEnumerated(bool is_present,
	bool is_powered_on,
	bool can_power_on);
	void OnBluetoothAdapterPowerChanged(bool is_powered_on);
	void PowerOnBluetoothAdapter();

	base::WeakPtr<FidoRequestHandlerBase> GetWeakPtr();

	void set_observer(TransportAvailabilityObserver* observer) {
	DCHECK(!observer_) << "Only one observer is supported.";
	observer_ = observer;

	DCHECK(notify_observer_callback_);
	notify_observer_callback_.Run();
	}

	// Set the platform authenticator for this request, if one is available.
	// \|AuthenticatorImpl\| must call this method after invoking \|set_oberver\| even
	// if no platform authenticator is available, in which case it passes nullptr.
	virtual void SetPlatformAuthenticatorOrMarkUnavailable(
	base::Optional<PlatformAuthenticatorInfo> platform_authenticator_info);

	TransportAvailabilityInfo& transport_availability_info() {
	return transport_availability_info_;
	}

	protected:
	// Subclasses implement this method to dispatch their request onto the given
	// FidoAuthenticator. The FidoAuthenticator is owned by this
	// FidoRequestHandler and stored in active_authenticators().
	virtual void DispatchRequest(FidoAuthenticator*) = 0;

	void Start();

	// Testing seam to allow unit tests to inject a fake authenticator.
	virtual std::unique_ptr<FidoDeviceAuthenticator>
	CreateAuthenticatorFromDevice(FidoDevice* device);

	AuthenticatorMap& active_authenticators() { return active_authenticators_; }
	std::vector<std::unique_ptr<FidoDiscovery>>& discoveries() {
	return discoveries_;
	}
	TransportAvailabilityObserver* observer() const { return observer_; }

	private:
	// FidoDiscovery::Observer
	void DeviceAdded(FidoDiscovery* discovery, FidoDevice* device) final;
	void DeviceRemoved(FidoDiscovery* discovery, FidoDevice* device) final;

	void AddAuthenticator(std::unique_ptr<FidoAuthenticator> authenticator);
	void NotifyObserverTransportAvailability();

	// Invokes FidoAuthenticator::InitializeAuthenticator(), followed by
	// DispatchRequest(). InitializeAuthenticator() sends a GetInfo command
	// to FidoDeviceAuthenticator instances in order to determine their protocol
	// versions before a request can be dispatched.
	void InitializeAuthenticatorAndDispatchRequest(FidoAuthenticator*);
	void ConstructBleAdapterPowerManager();

	AuthenticatorMap active_authenticators_;
	std::vector<std::unique_ptr<FidoDiscovery>> discoveries_;
	TransportAvailabilityObserver* observer_ = nullptr;
	TransportAvailabilityInfo transport_availability_info_;
	base::RepeatingClosure notify_observer_callback_;
	std::unique_ptr<BleAdapterPowerManager> bluetooth_power_manager_;

	base::WeakPtrFactory<FidoRequestHandlerBase> weak_factory_;
	DISALLOW_COPY_AND_ASSIGN(FidoRequestHandlerBase);
	};

	} // namespace device

	#endif // DEVICE_FIDO_FIDO_REQUEST_HANDLER_BASE_H_