blob: a64a5906c14bcdbdf96ca51addbba6e91a8c1ea2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef DEVICE_FIDO_ATTESTATION_STATEMENT_H_
#define DEVICE_FIDO_ATTESTATION_STATEMENT_H_
#include <string>
#include "base/component_export.h"
#include "base/containers/span.h"
#include "base/macros.h"
#include "base/optional.h"
#include "components/cbor/values.h"
namespace device {
// A signed data object containing statements about a credential itself and
// the authenticator that created it.
// Each attestation statement format is defined by the following attributes:
// - The attestation statement format identifier.
// - The set of attestation types supported by the format.
// - The syntax of an attestation statement produced in this format.
// https://www.w3.org/TR/2017/WD-webauthn-20170505/#cred-attestation.
class COMPONENT_EXPORT(DEVICE_FIDO) AttestationStatement {
public:
virtual ~AttestationStatement();
// The CBOR map data to be added to the attestation object, structured
// in a way that is specified by its particular attestation format:
// https://www.w3.org/TR/2017/WD-webauthn-20170505/#defined-attestation-formats
// This is not a CBOR-encoded byte array, but the map that will be
// nested within another CBOR object and encoded then.
virtual cbor::Value AsCBOR() const = 0;
// Returns true if the attestation is a "self" attestation, i.e. is just the
// private key signing itself to show that it is fresh.
virtual bool IsSelfAttestation() const = 0;
// Returns true if the attestation is known to be inappropriately identifying.
// Some tokens return unique attestation certificates even when the bit to
// request that is not set. (Normal attestation certificates are not
// indended to be trackable.)
virtual bool IsAttestationCertificateInappropriatelyIdentifying() const = 0;
// Return the DER bytes of the leaf X.509 certificate, if any.
virtual base::Optional<base::span<const uint8_t>> GetLeafCertificate()
const = 0;
const std::string& format_name() const { return format_; }
protected:
explicit AttestationStatement(std::string format);
const std::string format_;
private:
DISALLOW_COPY_AND_ASSIGN(AttestationStatement);
};
// NoneAttestationStatement represents a “none” attestation, which is used when
// attestation information will not be returned. See
// https://w3c.github.io/webauthn/#none-attestation
class COMPONENT_EXPORT(DEVICE_FIDO) NoneAttestationStatement
: public AttestationStatement {
public:
NoneAttestationStatement();
~NoneAttestationStatement() override;
cbor::Value AsCBOR() const override;
bool IsSelfAttestation() const override;
bool IsAttestationCertificateInappropriatelyIdentifying() const override;
base::Optional<base::span<const uint8_t>> GetLeafCertificate() const override;
private:
DISALLOW_COPY_AND_ASSIGN(NoneAttestationStatement);
};
COMPONENT_EXPORT(DEVICE_FIDO)
cbor::Value AsCBOR(const AttestationStatement&);
} // namespace device
#endif // DEVICE_FIDO_ATTESTATION_STATEMENT_H_
|
