blob: e55193dd807e587a1b2cefc8273a958ef6754e20 [file] [log] [blame]
// Copyright 2018 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <stdint.h>
#include <array>
#include <vector>
#include "base/component_export.h"
#include "base/containers/span.h"
#include "base/macros.h"
#include "base/optional.h"
#include "device/fido/attestation_object.h"
#include "device/fido/fido_constants.h"
#include "device/fido/fido_transport_protocol.h"
#include "device/fido/response_data.h"
namespace device {
// Attestation object which includes attestation format, authentication
// data, and attestation statement returned by the authenticator as a response
// to MakeCredential request.
class COMPONENT_EXPORT(DEVICE_FIDO) AuthenticatorMakeCredentialResponse
: public ResponseData {
static base::Optional<AuthenticatorMakeCredentialResponse>
base::Optional<FidoTransportProtocol> transport_used,
base::span<const uint8_t, kRpIdHashLength> relying_party_id_hash,
base::span<const uint8_t> u2f_data);
base::Optional<FidoTransportProtocol> transport_used,
AttestationObject attestation_object);
AuthenticatorMakeCredentialResponse&& that);
AuthenticatorMakeCredentialResponse& operator=(
AuthenticatorMakeCredentialResponse&& other);
~AuthenticatorMakeCredentialResponse() override;
std::vector<uint8_t> GetCBOREncodedAttestationObject() const;
// Replaces the attestation statement with a “none” attestation, and removes
// AAGUID from authenticator data section unless |preserve_aaguid| is true.
void EraseAttestationStatement(AttestationObject::AAGUID erase_aaguid);
// Returns true if the attestation is a "self" attestation, i.e. is just the
// private key signing itself to show that it is fresh and the AAGUID is zero.
bool IsSelfAttestation();
// Returns true if the attestation certificate is known to be inappropriately
// identifying. Some tokens return unique attestation certificates even when
// the bit to request that is not set. (Normal attestation certificates are
// not intended to be trackable.)
bool IsAttestationCertificateInappropriatelyIdentifying();
// ResponseData:
const std::array<uint8_t, kRpIdHashLength>& GetRpIdHash() const override;
const AttestationObject& attestation_object() const {
return attestation_object_;
base::Optional<FidoTransportProtocol> transport_used() const {
return transport_used_;
AttestationObject attestation_object_;
// Contains the transport used to register the credential in this case. It is
// nullopt for cases where we cannot determine the transport (Windows).
base::Optional<FidoTransportProtocol> transport_used_;
std::vector<uint8_t> GetSerializedCtapDeviceResponse(
const AuthenticatorMakeCredentialResponse& response);
} // namespace device