1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
// Copyright 2022 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_WEBAUTHN_LOCAL_CREDENTIAL_MANAGEMENT_H_
#define CHROME_BROWSER_WEBAUTHN_LOCAL_CREDENTIAL_MANAGEMENT_H_
#include <vector>
#include "base/functional/callback.h"
#include "chrome/browser/profiles/profile_observer.h"
#include "device/fido/discoverable_credential_metadata.h"
#include "third_party/icu/source/i18n/unicode/coll.h"
class Profile;
// CredentialComparator compares two credentials based on their RP ID's eTLD +
// 1, then on the label-reversed RP ID, then on user.name, and finally on
// credential ID if the previous values are equal.
class CredentialComparator {
public:
CredentialComparator();
~CredentialComparator();
bool operator()(const device::DiscoverableCredentialMetadata& a,
const device::DiscoverableCredentialMetadata& b);
private:
static std::u16string ETLDPlus1(const std::string& rp_id);
static std::u16string LabelReverse(const std::string& rp_id);
std::unique_ptr<icu::Collator> collator_;
};
// LocalCredentialManagement provides functions for managing local WebAuthn
// credentials, i.e. those kept in a platform authenticator like Windows Hello
// or Chrome's TouchId authenticator. This is in contrast to the classes in
// //device/fido/credential_management.h that aid in managing credentials on
// security keys.
class LocalCredentialManagement {
public:
virtual ~LocalCredentialManagement() = default;
// Returns an instance of LocalCredentialManagement depending on the
// underlying operating system. It is incorrect to call this on an unsupported
// OS.
static std::unique_ptr<LocalCredentialManagement> Create(Profile* profile);
// HasCredentials resolves whether a non-zero number of credentials exists on
// the platform authenticator. This may be significantly more efficient than
// calling `Enumerate`. The callback will never be invoked before the
// function returns.
virtual void HasCredentials(base::OnceCallback<void(bool)> callback) = 0;
// Enumerate returns the metadata for all credentials on the platform. The
// callback will never be invoked before the function returns.
//
// If enumeration isn't supported on this version of Windows the callback will
// be run with `std::nullopt`.
virtual void Enumerate(
base::OnceCallback<void(
std::optional<std::vector<device::DiscoverableCredentialMetadata>>)>
callback) = 0;
// Delete removes a credentail from the platform authenticator. The
// callback will never be invoked before the function returns. It is run with
// the value `true` if the deletion was successful.
virtual void Delete(base::span<const uint8_t> credential_id,
base::OnceCallback<void(bool)> callback) = 0;
// Edit credential metadata's username field. The callback returns false if
// the credential was not updated to |new_username| in the mac keychain. The
// callback will never be invoked before the function returns.
virtual void Edit(base::span<uint8_t> credential_id,
std::string new_username,
base::OnceCallback<void(bool)> callback) = 0;
};
#endif // CHROME_BROWSER_WEBAUTHN_LOCAL_CREDENTIAL_MANAGEMENT_H_
|
