From 846cdbdbf965fc50478bcc4c6436e3dc6a489f3f Mon Sep 17 00:00:00 2001 From: Chris Xiong Date: Thu, 14 Oct 2021 19:01:18 -0400 Subject: Initial commit. --- .../files/chromium-revert-e7963c4-78.patch | 335 +++++++++++++++++++++ 1 file changed, 335 insertions(+) create mode 100644 www-client/chromium/files/chromium-revert-e7963c4-78.patch (limited to 'www-client/chromium/files/chromium-revert-e7963c4-78.patch') diff --git a/www-client/chromium/files/chromium-revert-e7963c4-78.patch b/www-client/chromium/files/chromium-revert-e7963c4-78.patch new file mode 100644 index 0000000..fe7e1a6 --- /dev/null +++ b/www-client/chromium/files/chromium-revert-e7963c4-78.patch @@ -0,0 +1,335 @@ +diff --git a/chrome/test/chromedriver/client/chromedriver.py b/chrome/test/chromedriver/client/chromedriver.py +index 74b780e5f..8bd1cc004 100644 +--- a/chrome/test/chromedriver/client/chromedriver.py ++++ b/chrome/test/chromedriver/client/chromedriver.py +@@ -653,7 +653,3 @@ class ChromeDriver(object): + if signCount is not None: + options['signCount'] = signCount + return self.ExecuteCommand(Command.ADD_CREDENTIAL, options) +- +- def GetCredentials(self, authenticatorId): +- params = {'authenticatorId': authenticatorId} +- return self.ExecuteCommand(Command.GET_CREDENTIALS, params) +diff --git a/chrome/test/chromedriver/client/command_executor.py b/chrome/test/chromedriver/client/command_executor.py +index 2286d839f..de27e1a3c 100644 +--- a/chrome/test/chromedriver/client/command_executor.py ++++ b/chrome/test/chromedriver/client/command_executor.py +@@ -176,9 +176,6 @@ class Command(object): + ADD_CREDENTIAL = ( + _Method.POST, + '/session/:sessionId/webauthn/authenticator/:authenticatorId/credential') +- GET_CREDENTIALS = ( +- _Method.GET, +- '/session/:sessionId/webauthn/authenticator/:authenticatorId/credentials') + + # Custom Chrome commands. + IS_LOADING = (_Method.GET, '/session/:sessionId/is_loading') +diff --git a/chrome/test/chromedriver/server/http_handler.cc b/chrome/test/chromedriver/server/http_handler.cc +index 737e34dce..0c9a00119 100644 +--- a/chrome/test/chromedriver/server/http_handler.cc ++++ b/chrome/test/chromedriver/server/http_handler.cc +@@ -764,14 +764,6 @@ HttpHandler::HttpHandler( + "AddCredential", + base::BindRepeating(&ExecuteWebAuthnCommand, + base::BindRepeating(&ExecuteAddCredential)))), +- CommandMapping( +- kGet, +- "session/:sessionId/webauthn/authenticator/:authenticatorId/" +- "credentials", +- WrapToCommand("GetCredentials", +- base::BindRepeating( +- &ExecuteWebAuthnCommand, +- base::BindRepeating(&ExecuteGetCredentials)))), + + // + // Non-standard extension commands +diff --git a/chrome/test/chromedriver/test/run_py_tests.py b/chrome/test/chromedriver/test/run_py_tests.py +index 15e986899..d59650004 100755 +--- a/chrome/test/chromedriver/test/run_py_tests.py ++++ b/chrome/test/chromedriver/test/run_py_tests.py +@@ -226,7 +226,6 @@ _ANDROID_NEGATIVE_FILTER['chrome'] = ( + 'ChromeDriverSecureContextTest.testAddVirtualAuthenticator', + 'ChromeDriverSecureContextTest.testRemoveVirtualAuthenticator', + 'ChromeDriverSecureContextTest.testAddCredential', +- 'ChromeDriverSecureContextTest.testGetCredentials', + ] + ) + _ANDROID_NEGATIVE_FILTER['chrome_stable'] = ( +@@ -2018,11 +2017,6 @@ class ChromeDriverTest(ChromeDriverBaseTestWithWebServer): + + # Tests that require a secure context. + class ChromeDriverSecureContextTest(ChromeDriverBaseTest): +- # The example attestation private key from the U2F spec at +- # https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#registration-example +- # PKCS.8 encoded without encryption, as a base64url string. +- privateKey = "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg8_zMDQDYAxlU-Qhk1Dwkf0v18GZca1DMF3SaJ9HPdmShRANCAASNYX5lyVCOZLzFZzrIKmeZ2jwURmgsJYxGP__fWN_S-j5sN4tT15XEpN_7QZnt14YvI6uvAgO0uJEboFaZlOEB" +- + @staticmethod + def GlobalSetUp(): + cert_path = os.path.join(chrome_paths.GetTestData(), +@@ -2039,21 +2033,6 @@ class ChromeDriverSecureContextTest(ChromeDriverBaseTest): + return ChromeDriverSecureContextTest._https_server.GetUrl( + host) + file_path + +- # Encodes a string in URL-safe base64 with no padding. +- @staticmethod +- def URLSafeBase64Encode(string): +- encoded = base64.urlsafe_b64encode(string) +- while encoded[-1] == "=": +- encoded = encoded[0:-1] +- return encoded +- +- # Decodes a base64 string with no padding. +- @staticmethod +- def UrlSafeBase64Decode(string): +- string = string.encode("utf-8") +- string += "=" * (4 - len(string) % 4) +- return base64.urlsafe_b64decode(string) +- + def setUp(self): + self._driver = self.CreateDriver( + chrome_switches=['host-resolver-rules=MAP * 127.0.0.1']) +@@ -2101,6 +2080,10 @@ class ChromeDriverSecureContextTest(ChromeDriverBaseTest): + self._driver.RemoveVirtualAuthenticator, response['authenticatorId']) + + def testAddCredential(self): ++ # The example attestation private key from the U2F spec at ++ # https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#registration-example ++ # PKCS.8 encoded without encryption. ++ privateKey = "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg8/zMDQDYAxlU+Qhk1Dwkf0v18GZca1DMF3SaJ9HPdmShRANCAASNYX5lyVCOZLzFZzrIKmeZ2jwURmgsJYxGP//fWN/S+j5sN4tT15XEpN/7QZnt14YvI6uvAgO0uJEboFaZlOEB" + + script = """ + let done = arguments[0]; +@@ -2123,78 +2106,16 @@ class ChromeDriverSecureContextTest(ChromeDriverBaseTest): + # Register a credential and try authenticating with it. + self._driver.AddCredential( + authenticatorId = authenticatorId, +- credentialId = self.URLSafeBase64Encode("cred-1"), ++ credentialId = base64.b64encode("cred-1"), + isResidentCredential=False, + rpId="chromedriver.test", +- privateKey=self.privateKey, ++ privateKey=privateKey, + signCount=1, + ) + + result = self._driver.ExecuteAsyncScript(script) + self.assertEquals('OK', result['status']) + +- def testAddCredentialBase64Errors(self): +- # Test that AddCredential checks UrlBase64 parameteres. +- self._driver.Load(self.GetHttpsUrlForFile( +- '/chromedriver/webauthn_test.html', 'chromedriver.test')) +- +- authenticatorId = self._driver.AddVirtualAuthenticator( +- protocol = 'ctap2', +- transport = 'usb', +- hasResidentKey = False, +- hasUserVerification = False, +- )['authenticatorId'] +- +- # Try adding a credentialId that is encoded in vanilla base64. +- self.assertRaisesRegexp( +- chromedriver.InvalidArgument, +- 'credentialId must be a base64url encoded string', +- self._driver.AddCredential, authenticatorId, '_0n+wWqg=', +- False, "chromedriver.test", self.privateKey, None, 1, +- ) +- +- # Try adding a credentialId that is not a string. +- self.assertRaisesRegexp( +- chromedriver.InvalidArgument, +- 'credentialId must be a base64url encoded string', +- self._driver.AddCredential, authenticatorId, 1, +- False, "chromedriver.test", self.privateKey, None, 1, +- ) +- +- def testGetCredentials(self): +- script = """ +- let done = arguments[0]; +- registerCredential({ +- authenticatorSelection: { +- requireResidentKey: true, +- }, +- }).then(done); +- """ +- self._driver.Load(self.GetHttpsUrlForFile( +- '/chromedriver/webauthn_test.html', 'chromedriver.test')) +- authenticatorId = self._driver.AddVirtualAuthenticator( +- protocol = 'ctap2', +- transport = 'usb', +- hasResidentKey = True, +- hasUserVerification = True, +- )['authenticatorId'] +- +- # Register a credential via the webauthn API. +- result = self._driver.ExecuteAsyncScript(script) +- self.assertEquals('OK', result['status']) +- credentialId = result['credential']['id'] +- +- # GetCredentials should return the credential that was just created. +- credentials = self._driver.GetCredentials(authenticatorId)['credentials'] +- self.assertEquals(1, len(credentials)) +- self.assertEquals(credentialId, credentials[0]['credentialId']) +- self.assertEquals(True, credentials[0]['isResidentCredential']) +- self.assertEquals('chromedriver.test', credentials[0]['rpId']) +- self.assertEquals(chr(1), +- self.UrlSafeBase64Decode(credentials[0]['userHandle'])) +- self.assertEquals(1, credentials[0]['signCount']) +- self.assertTrue(credentials[0]['privateKey']) +- + # Tests in the following class are expected to be moved to ChromeDriverTest + # class when we no longer support the legacy mode. + class ChromeDriverW3cTest(ChromeDriverBaseTestWithWebServer): +diff --git a/chrome/test/chromedriver/webauthn_commands.cc b/chrome/test/chromedriver/webauthn_commands.cc +index b0d4d62bc..32c8a4a61 100644 +--- a/chrome/test/chromedriver/webauthn_commands.cc ++++ b/chrome/test/chromedriver/webauthn_commands.cc +@@ -6,8 +6,6 @@ + + #include + +-#include "base/base64.h" +-#include "base/base64url.h" + #include "base/callback.h" + #include "base/containers/flat_map.h" + #include "base/values.h" +@@ -17,8 +15,6 @@ + + namespace { + +-static constexpr char kBase64UrlError[] = " must be a base64url encoded string"; +- + // Creates a base::DictionaryValue by cloning the parameters specified by + // |mapping| from |params|. + base::DictionaryValue MapParams( +@@ -33,48 +29,6 @@ base::DictionaryValue MapParams( + return options; + } + +-// Converts the string |keys| in |params| from base64url to base64. Returns a +-// status error if conversion of one of the keys failed. +-Status ConvertBase64UrlToBase64(base::Value* params, +- const std::vector keys) { +- for (const std::string key : keys) { +- base::Value* maybe_value = params->FindKey(key); +- if (!maybe_value) +- continue; +- +- if (!maybe_value->is_string()) +- return Status(kInvalidArgument, key + kBase64UrlError); +- +- std::string& value = maybe_value->GetString(); +- std::string temp; +- if (!Base64UrlDecode(value, base::Base64UrlDecodePolicy::IGNORE_PADDING, +- &temp)) { +- return Status(kInvalidArgument, key + kBase64UrlError); +- } +- +- base::Base64Encode(temp, &value); +- } +- +- return Status(kOk); +-} +- +-// Converts the string |keys| in |params| from base64 to base64url. +-void ConvertBase64ToBase64Url(base::Value* params, +- const std::vector keys) { +- for (const std::string key : keys) { +- std::string* maybe_value = params->FindStringKey(key); +- if (!maybe_value) +- continue; +- +- std::string temp; +- bool result = base::Base64Decode(*maybe_value, &temp); +- DCHECK(result); +- +- base::Base64UrlEncode(temp, base::Base64UrlEncodePolicy::OMIT_PADDING, +- maybe_value); +- } +-} +- + } // namespace + + Status ExecuteWebAuthnCommand(const WebAuthnCommand& command, +@@ -125,40 +79,18 @@ Status ExecuteRemoveVirtualAuthenticator(WebView* web_view, + Status ExecuteAddCredential(WebView* web_view, + const base::Value& params, + std::unique_ptr* value) { +- base::DictionaryValue mapped_params = MapParams( +- { +- {"authenticatorId", "authenticatorId"}, +- {"credential.credentialId", "credentialId"}, +- {"credential.isResidentCredential", "isResidentCredential"}, +- {"credential.rpId", "rpId"}, +- {"credential.privateKey", "privateKey"}, +- {"credential.userHandle", "userHandle"}, +- {"credential.signCount", "signCount"}, +- }, +- params); +- Status status = +- ConvertBase64UrlToBase64(mapped_params.FindKey("credential"), +- {"credentialId", "privateKey", "userHandle"}); +- if (status.IsError()) +- return status; +- +- return web_view->SendCommandAndGetResult("WebAuthn.addCredential", +- std::move(mapped_params), value); +-} +- +-Status ExecuteGetCredentials(WebView* web_view, +- const base::Value& params, +- std::unique_ptr* value) { +- Status status = web_view->SendCommandAndGetResult( +- "WebAuthn.getCredentials", +- MapParams({{"authenticatorId", "authenticatorId"}}, params), value); +- if (status.IsError()) +- return status; +- +- for (base::Value& credential : (*value)->FindKey("credentials")->GetList()) { +- ConvertBase64ToBase64Url(&credential, +- {"credentialId", "privateKey", "userHandle"}); +- } +- +- return status; ++ return web_view->SendCommandAndGetResult( ++ "WebAuthn.addCredential", ++ MapParams( ++ { ++ {"authenticatorId", "authenticatorId"}, ++ {"credential.credentialId", "credentialId"}, ++ {"credential.isResidentCredential", "isResidentCredential"}, ++ {"credential.rpId", "rpId"}, ++ {"credential.privateKey", "privateKey"}, ++ {"credential.userHandle", "userHandle"}, ++ {"credential.signCount", "signCount"}, ++ }, ++ params), ++ value); + } +diff --git a/chrome/test/chromedriver/webauthn_commands.h b/chrome/test/chromedriver/webauthn_commands.h +index dcc278428..fd75ecfed 100644 +--- a/chrome/test/chromedriver/webauthn_commands.h ++++ b/chrome/test/chromedriver/webauthn_commands.h +@@ -44,9 +44,4 @@ Status ExecuteAddCredential(WebView* web_view, + const base::Value& params, + std::unique_ptr* value); + +-// Retrieve all the credentials stored in an authenticator. +-Status ExecuteGetCredentials(WebView* web_view, +- const base::Value& params, +- std::unique_ptr* value); +- + #endif // CHROME_TEST_CHROMEDRIVER_WEBAUTHN_COMMANDS_H_ +diff --git a/device/fido/virtual_ctap2_device.cc b/device/fido/virtual_ctap2_device.cc +index 672b61cb5..843bd0f4e 100644 +--- a/device/fido/virtual_ctap2_device.cc ++++ b/device/fido/virtual_ctap2_device.cc +@@ -864,7 +864,6 @@ base::Optional VirtualCtap2Device::OnMakeCredential( + + registration.is_resident = true; + registration.user = request.user; +- registration.rp = request.rp; + } + + if (request.cred_protect) { -- cgit v1.2.3