Add the Mojo implementation of authenticator.mojom's MakeCredential.

components/webauth/authenticator_impl.cc

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/webauth/authenticator_impl.h"
+
+#include <memory>
+
+#include "base/json/json_writer.h"
+#include "base/memory/ptr_util.h"
+#include "content/public/browser/render_frame_host.h"
+#include "content/public/browser/web_contents.h"
+#include "crypto/sha2.h"
+#include "mojo/public/cpp/bindings/strong_binding.h"
+
+using content::RenderFrameHost;
+using content::WebContents;
+
+namespace webauth {
+
+const char kGetAssertionType[] = "navigator.id.getAssertion";
+
+// JSON key values
+const char kTypeKey[] = "type";
+const char kChallengeKey[] = "challenge";
+const char kOriginKey[] = "origin";
+const char kCidPubkeyKey[] = "cid_pubkey";
+
+// Serializes the |value| to a JSON string and returns the result.
+std::string SerializeValueToJson(const base::Value& value) {
+  std::string json;
+  base::JSONWriter::Write(value, &json);
+  return json;
+}
+
+// static
+void AuthenticatorImpl::Create(RenderFrameHost* render_frame_host,
+                               mojom::AuthenticatorRequest request) {
+  auto authenticator_impl =
+      base::WrapUnique(new AuthenticatorImpl(render_frame_host));
+  mojo::MakeStrongBinding(std::move(authenticator_impl), std::move(request));
+}
+
+AuthenticatorImpl::~AuthenticatorImpl() {
+  if (!connection_error_handler_.is_null())
+    connection_error_handler_.Run();
+}
+
+AuthenticatorImpl::AuthenticatorImpl(RenderFrameHost* render_frame_host) {
+  DCHECK(render_frame_host);
+  set_connection_error_handler(base::Bind(
+      &AuthenticatorImpl::OnConnectionTerminated, base::Unretained(this)));
+  caller_origin_ = render_frame_host->GetLastCommittedOrigin();
+}
+
+// mojom:Authenticator
+void AuthenticatorImpl::MakeCredential(
+    mojom::RelyingPartyAccountPtr account,
+    std::vector<mojom::ScopedCredentialParametersPtr> parameters,
+    const std::vector<uint8_t>& challenge,
+    mojom::ScopedCredentialOptionsPtr options,
+    MakeCredentialCallback callback) {
+  std::string effective_domain;
+  std::string relying_party_id;
+  std::string client_data_json;
+  base::DictionaryValue client_data;
+
+  // Steps 3 & 4 of https://w3c.github.io/webauthn/#makeCredential
+  // opaque origin
+  if (caller_origin_.unique()) {
+    std::move(callback).Run(mojom::AuthenticatorStatus::NOT_ALLOWED_ERROR,
+                            NULL);
+    return;
+  }
+
+  if (!options->relying_party_id) {
+    relying_party_id = caller_origin_.Serialize();
+  } else {
+    effective_domain = caller_origin_.host();
+
+    if (effective_domain.empty()) {
+      std::move(callback).Run(mojom::AuthenticatorStatus::SECURITY_ERROR, NULL);
+      return;
+    }
+    // TODO(kpaulhamus): Check if relyingPartyId is a registrable domain
+    // suffix of and equal to effectiveDomain and set relyingPartyId
+    // appropriately.
+    relying_party_id = options->relying_party_id.value_or(std::string());
+  }
+
+  // TODO(kpaulhamus): Check ScopedCredentialParameter's type and
+  // algorithmIdentifier after algorithmIdentifier is added to mojom to
+  // make sure it is U2F_V2.
+
+  client_data.SetString(kTypeKey, kGetAssertionType);
+  client_data.SetString(
+      kChallengeKey,
+      base::StringPiece(reinterpret_cast<const char*>(challenge.data()),
+                        challenge.size()));
+  client_data.SetString(kOriginKey, relying_party_id);
+  // Channel ID is optional, and missing if the browser doesn't support it.
+  // It is present and set to the constant "unused" if the browser
+  // supports Channel ID but is not using it to talk to the origin.
+  // TODO(kpaulhamus): Fetch and add the Channel ID public key used to
+  // communicate with the origin.
+  client_data.SetString(kCidPubkeyKey, "unused");
+
+  // SHA-256 hash the JSON data structure
+  client_data_json = SerializeValueToJson(client_data);
+  std::string client_data_hash = crypto::SHA256HashString(client_data_json);
+
+  auto copyable_callback = base::AdaptCallbackForRepeating(std::move(callback));
+
+  // Step 16 of https://w3c.github.io/webauthn/#makeCredential
+  timeout_callback_.Reset(base::Bind(&AuthenticatorImpl::OnTimeout,
+                                     base::Unretained(this),
+                                     copyable_callback));
+
+  base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
+      FROM_HERE, timeout_callback_.callback(),
+      base::TimeDelta::FromSecondsD(options->adjusted_timeout));
+
+  timeout_callback_.Cancel();
+  std::move(callback).Run(mojom::AuthenticatorStatus::NOT_ALLOWED_ERROR, NULL);
+}
+
+// Callback to handle the async response from a U2fDevice.
+void AuthenticatorImpl::OnRegister(MakeCredentialCallback callback,
+                                   std::string& client_data_json,
+                                   uint8_t status_code,
+                                   std::vector<uint8_t> data) {
+  timeout_callback_.Cancel();
+  std::move(callback).Run(mojom::AuthenticatorStatus::NOT_ALLOWED_ERROR, NULL);
+}
+
+// Runs when timer expires and cancels all issued requests to a U2fDevice.
+void AuthenticatorImpl::OnTimeout(MakeCredentialCallback callback) {
+  std::move(callback).Run(mojom::AuthenticatorStatus::NOT_ALLOWED_ERROR, NULL);
+}
+
+void AuthenticatorImpl::OnConnectionTerminated() {
+  // Closures and cleanup due to either a browser-side error or
+  // as a result of the connection_error_handler, which can mean
+  // that the renderer has decided to close the pipe for various
+  // reasons.
+}
+}  // namespace webauth