Bug 1718228 - Make CollectedClientData follow the spec r=dveditz,baku

Differential Revision: https://phabricator.services.mozilla.com/D136881
2022-06-30 12:28:45 +00:00 · 2022-06-30 12:28:45 +00:00 · b688465bb0
commit b688465bb0
parent 7ad40f6883
4 changed files with 8 additions and 26 deletions
--- a/dom/webauthn/WebAuthnManager.cpp
+++ b/dom/webauthn/WebAuthnManager.cpp
@ -75,8 +75,6 @@ static nsresult AssembleClientData(
  clientDataObject.mType.Assign(aType);
  clientDataObject.mChallenge.Assign(challengeBase64);
  clientDataObject.mOrigin.Assign(aOrigin);
-  clientDataObject.mHashAlgorithm.AssignLiteral(u"SHA-256");
-  clientDataObject.mClientExtensions = aExtensions;

  nsAutoString temp;
  if (NS_WARN_IF(!clientDataObject.ToJSON(temp))) {
--- a/dom/webauthn/tests/browser/browser_fido_appid_extension.js
+++ b/dom/webauthn/tests/browser/browser_fido_appid_extension.js
@ -96,9 +96,6 @@ add_task(async function test_appid() {
      // Check that the correct rpIdHash is returned.
      let rpIdHashSign = authenticatorData.slice(0, 32);
      ok(memcmp(rpIdHash, rpIdHashSign), "rpIdHash is correct");
-
-      let clientData = JSON.parse(buffer2string(clientDataJSON));
-      is(clientData.clientExtensions.appid, appid, "appid extension sent");
    }
  );

@ -127,14 +124,6 @@ add_task(async function test_appid_unused() {
    extensions,
  } = await promiseWebAuthnGetAssertion(tab, rawId, { appid });

-  // Check the we can parse clientDataJSON.
-  let clientData = JSON.parse(buffer2string(clientDataJSON));
-  ok(
-    "appid" in clientData.clientExtensions,
-    `since it was passed, appid field should appear in the client data, but ` +
-      `saw: ${JSON.stringify(clientData.clientExtensions)}`
-  );
-
  ok(
    "appid" in extensions,
    `appid should be populated in the extensions data, but saw: ` +
--- a/dom/webauthn/tests/test_webauthn_loopback.html
+++ b/dom/webauthn/tests/test_webauthn_loopback.html
@ -50,7 +50,6 @@ function() {
       - response : AuthenticatorAttestationResponse : AuthenticatorResponse
         - attestationObject: CBOR object
         - clientDataJSON: serialized JSON
-       - clientExtensionResults: (not yet supported)
    */

    is(aCredInfo.type, "public-key", "Credential type must be public-key")
@ -66,13 +65,8 @@ function() {
    let clientData = JSON.parse(buffer2string(aCredInfo.response.clientDataJSON));
    is(clientData.challenge, bytesToBase64UrlSafe(gCredentialChallenge), "Challenge is correct");
    is(clientData.origin, window.location.origin, "Origin is correct");
-    is(clientData.hashAlgorithm, "SHA-256", "Hash algorithm is correct");
    is(clientData.type, "webauthn.create", "Type is correct");

-    let extensions = aCredInfo.getClientExtensionResults();
-    is(extensions.appid, undefined, "appid extension wasn't used");
-    is(clientData.clientExtensions.appid, undefined, "appid extension wasn't sent");
-
    return webAuthnDecodeCBORAttestation(aCredInfo.response.attestationObject)
    .then(function(aAttestationObj) {
      // Make sure the RP ID hash matches what we calculate.
@ -118,13 +112,11 @@ function() {
    ok(aAssertion.response.signature === aAssertion.response.signature, "AuthenticatorAssertionResponse.Signature is SameObject");
    ok(aAssertion.response.signature instanceof ArrayBuffer, "AuthenticatorAssertionResponse.Signature is an ArrayBuffer");
    ok(aAssertion.response.userHandle === null, "AuthenticatorAssertionResponse.UserHandle is null for u2f authenticators");
-    isDeeply(aAssertion.getClientExtensionResults(), {}, "No extensions should be reported");

    ok(aAssertion.response.authenticatorData.byteLength > 0, "Authenticator data exists");
    let clientData = JSON.parse(buffer2string(aAssertion.response.clientDataJSON));
    is(clientData.challenge, bytesToBase64UrlSafe(gAssertionChallenge), "Challenge is correct");
    is(clientData.origin, window.location.origin, "Origin is correct");
-    is(clientData.hashAlgorithm, "SHA-256", "Hash algorithm is correct");
    is(clientData.type, "webauthn.get", "Type is correct");

    return webAuthnDecodeAuthDataArray(aAssertion.response.authenticatorData)
--- a/dom/webidl/WebAuthentication.webidl
+++ b/dom/webidl/WebAuthentication.webidl
@ -140,13 +140,16 @@ dictionary CollectedClientData {
    required DOMString           type;
    required DOMString           challenge;
    required DOMString           origin;
-    required DOMString           hashAlgorithm;
-    DOMString                    tokenBindingId;
-    // FIXME: bug 1493860: should this "= {}" be here?
-    AuthenticationExtensionsClientInputs clientExtensions = {};
-    AuthenticationExtensionsAuthenticatorInputs authenticatorExtensions;
+    TokenBinding                 tokenBinding;
 };

+dictionary TokenBinding {
+    required DOMString status;
+    DOMString id;
+};
+
+enum TokenBindingStatus { "present", "supported" };
+
 enum PublicKeyCredentialType {
    "public-key"
 };