1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
|
// Copyright 2025 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/webauthn/chrome_web_authentication_delegate_base.h"
#include "base/command_line.h"
#include "base/feature_list.h"
#include "base/notimplemented.h"
#include "build/buildflag.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/browser/webauthn/webauthn_pref_names.h"
#include "chrome/browser/webauthn/webauthn_switches.h"
#include "chrome/common/pref_names.h"
#include "components/prefs/pref_service.h"
#include "device/fido/features.h"
namespace {
bool IsCmdlineAllowedOrigin(const url::Origin& caller_origin) {
if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
webauthn::switches::kRemoteProxiedRequestsAllowedAdditionalOrigin)) {
return false;
}
// Note that `cmdline_allowed_origin` will be opaque if the flag is not a
// valid URL, which won't match `caller_origin`.
const url::Origin cmdline_allowed_origin = url::Origin::Create(
GURL(base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
webauthn::switches::kRemoteProxiedRequestsAllowedAdditionalOrigin)));
return caller_origin == cmdline_allowed_origin;
}
#if !BUILDFLAG(IS_ANDROID)
bool IsGoogleCorpCrdOrigin(content::BrowserContext* browser_context,
const url::Origin& caller_origin) {
// This policy explicitly does not cover external instances of CRD. It
// must not be extended to other origins or be made configurable without going
// through security review.
const Profile* profile = Profile::FromBrowserContext(browser_context);
const PrefService* prefs = profile->GetPrefs();
const bool google_corp_remote_proxied_request_allowed =
prefs->GetBoolean(webauthn::pref_names::kRemoteProxiedRequestsAllowed);
if (!google_corp_remote_proxied_request_allowed) {
return false;
}
constexpr const char* const kGoogleCorpCrdOrigins[] = {
"https://remotedesktop.corp.google.com",
"https://remotedesktop-autopush.corp.google.com/",
"https://remotedesktop-daily-6.corp.google.com/",
};
for (const char* corp_crd_origin : kGoogleCorpCrdOrigins) {
if (caller_origin == url::Origin::Create(GURL(corp_crd_origin))) {
return true;
}
}
// An additional origin can be passed on the command line for testing.
return IsCmdlineAllowedOrigin(caller_origin);
}
#endif // !BUILDFLAG(IS_ANDROID)
bool IsAllowedByPlatformEnterprisePolicy(
content::BrowserContext* browser_context,
const url::Origin& caller_origin) {
const Profile* profile = Profile::FromBrowserContext(browser_context);
const PrefService* prefs = profile->GetPrefs();
const base::Value::List& allowed_origins =
prefs->GetList(webauthn::pref_names::kRemoteDesktopAllowedOrigins);
if (std::ranges::any_of(
allowed_origins, [&caller_origin](const base::Value& origin_value) {
return caller_origin ==
url::Origin::Create(GURL(origin_value.GetString()));
})) {
return true;
}
if (!allowed_origins.empty()) {
// An additional origin can be passed on the command line for testing, only
// when the list of origins set by policy is not empty.
return IsCmdlineAllowedOrigin(caller_origin);
}
return false;
}
} // namespace
ChromeWebAuthenticationDelegateBase::ChromeWebAuthenticationDelegateBase() =
default;
ChromeWebAuthenticationDelegateBase::~ChromeWebAuthenticationDelegateBase() =
default;
bool ChromeWebAuthenticationDelegateBase::
OriginMayUseRemoteDesktopClientOverride(
content::BrowserContext* browser_context,
const url::Origin& caller_origin) {
// Allow an origin access to the RemoteDesktopClientOverride extension and
// make WebAuthn requests on behalf of other origins, if a any of the
// following are true:
// - The origin is explicitly allowed by a device/platform-level enterprise
// policy.
// - The origin is a Google-internal Chrome Remote Desktop origin and is
// allowed by a corresponding enterprise policy.
// - Either policy is active, and the origin matches the one provided by
// the command-line flag
// `--webauthn-remote-proxied-requests-allowed-additional-origin`, which
// is intended for testing purposes.
// Check if the origin is explicitly allowed by (device/platform level)
// enterprise policy, (or allowed by the command-line flag for testing).
if (IsAllowedByPlatformEnterprisePolicy(browser_context, caller_origin)) {
// TODO(crbug.com/391132173): Record UMA to track how often this policy is
// used.
return true;
}
#if !BUILDFLAG(IS_ANDROID)
// Check if the origin is a Google Corp Chrome Remote Desktop origin and
// allowed by policy, (or allowed by the command-line flag for testing).
if (IsGoogleCorpCrdOrigin(browser_context, caller_origin)) {
return true;
}
#endif // BUILDFLAG(IS_ANDROID)
return false;
}
bool ChromeWebAuthenticationDelegateBase::
OverrideCallerOriginAndRelyingPartyIdValidation(
content::BrowserContext* browser_context,
const url::Origin& caller_origin,
const std::string& relying_party_id) {
NOTIMPLEMENTED();
return false;
}
std::optional<std::string>
ChromeWebAuthenticationDelegateBase::MaybeGetRelyingPartyIdOverride(
const std::string& claimed_relying_party_id,
const url::Origin& caller_origin) {
NOTIMPLEMENTED();
return std::nullopt;
}
bool ChromeWebAuthenticationDelegateBase::ShouldPermitIndividualAttestation(
content::BrowserContext* browser_context,
const url::Origin& caller_origin,
const std::string& relying_party_id) {
NOTIMPLEMENTED();
return false;
}
bool ChromeWebAuthenticationDelegateBase::SupportsResidentKeys(
content::RenderFrameHost* render_frame_host) {
NOTIMPLEMENTED();
return false;
}
bool ChromeWebAuthenticationDelegateBase::IsFocused(
content::WebContents* web_contents) {
NOTIMPLEMENTED();
return false;
}
void ChromeWebAuthenticationDelegateBase::
IsUserVerifyingPlatformAuthenticatorAvailableOverride(
content::RenderFrameHost* render_frame_host,
base::OnceCallback<void(std::optional<bool>)> callback) {
NOTIMPLEMENTED();
std::move(callback).Run(std::nullopt);
}
content::WebAuthenticationRequestProxy*
ChromeWebAuthenticationDelegateBase::MaybeGetRequestProxy(
content::BrowserContext* browser_context,
const url::Origin& caller_origin) {
NOTIMPLEMENTED();
return nullptr;
}
void ChromeWebAuthenticationDelegateBase::PasskeyUnrecognized(
content::WebContents* web_contents,
const url::Origin& origin,
const std::vector<uint8_t>& passkey_credential_id,
const std::string& relying_party_id) {
NOTIMPLEMENTED();
}
void ChromeWebAuthenticationDelegateBase::SignalAllAcceptedCredentials(
content::WebContents* web_contents,
const url::Origin& origin,
const std::string& relying_party_id,
const std::vector<uint8_t>& user_id,
const std::vector<std::vector<uint8_t>>& all_accepted_credentials_ids) {
NOTIMPLEMENTED();
}
void ChromeWebAuthenticationDelegateBase::UpdateUserPasskeys(
content::WebContents* web_contents,
const url::Origin& origin,
const std::string& relying_party_id,
std::vector<uint8_t>& user_id,
const std::string& name,
const std::string& display_name) {
NOTIMPLEMENTED();
}
void ChromeWebAuthenticationDelegateBase::BrowserProvidedPasskeysAvailable(
content::BrowserContext* browser_context,
base::OnceCallback<void(bool)> callback) {
NOTIMPLEMENTED();
std::move(callback).Run(false);
}
|
