diff --git a/chrome/test/chromedriver/client/chromedriver.py b/chrome/test/chromedriver/client/chromedriver.py index 74b780e5f..8bd1cc004 100644 --- a/chrome/test/chromedriver/client/chromedriver.py +++ b/chrome/test/chromedriver/client/chromedriver.py @@ -653,7 +653,3 @@ class ChromeDriver(object): if signCount is not None: options['signCount'] = signCount return self.ExecuteCommand(Command.ADD_CREDENTIAL, options) - - def GetCredentials(self, authenticatorId): - params = {'authenticatorId': authenticatorId} - return self.ExecuteCommand(Command.GET_CREDENTIALS, params) diff --git a/chrome/test/chromedriver/client/command_executor.py b/chrome/test/chromedriver/client/command_executor.py index 2286d839f..de27e1a3c 100644 --- a/chrome/test/chromedriver/client/command_executor.py +++ b/chrome/test/chromedriver/client/command_executor.py @@ -176,9 +176,6 @@ class Command(object): ADD_CREDENTIAL = ( _Method.POST, '/session/:sessionId/webauthn/authenticator/:authenticatorId/credential') - GET_CREDENTIALS = ( - _Method.GET, - '/session/:sessionId/webauthn/authenticator/:authenticatorId/credentials') # Custom Chrome commands. IS_LOADING = (_Method.GET, '/session/:sessionId/is_loading') diff --git a/chrome/test/chromedriver/server/http_handler.cc b/chrome/test/chromedriver/server/http_handler.cc index 737e34dce..0c9a00119 100644 --- a/chrome/test/chromedriver/server/http_handler.cc +++ b/chrome/test/chromedriver/server/http_handler.cc @@ -764,14 +764,6 @@ HttpHandler::HttpHandler( "AddCredential", base::BindRepeating(&ExecuteWebAuthnCommand, base::BindRepeating(&ExecuteAddCredential)))), - CommandMapping( - kGet, - "session/:sessionId/webauthn/authenticator/:authenticatorId/" - "credentials", - WrapToCommand("GetCredentials", - base::BindRepeating( - &ExecuteWebAuthnCommand, - base::BindRepeating(&ExecuteGetCredentials)))), // // Non-standard extension commands diff --git a/chrome/test/chromedriver/test/run_py_tests.py b/chrome/test/chromedriver/test/run_py_tests.py index 15e986899..d59650004 100755 --- a/chrome/test/chromedriver/test/run_py_tests.py +++ b/chrome/test/chromedriver/test/run_py_tests.py @@ -226,7 +226,6 @@ _ANDROID_NEGATIVE_FILTER['chrome'] = ( 'ChromeDriverSecureContextTest.testAddVirtualAuthenticator', 'ChromeDriverSecureContextTest.testRemoveVirtualAuthenticator', 'ChromeDriverSecureContextTest.testAddCredential', - 'ChromeDriverSecureContextTest.testGetCredentials', ] ) _ANDROID_NEGATIVE_FILTER['chrome_stable'] = ( @@ -2018,11 +2017,6 @@ class ChromeDriverTest(ChromeDriverBaseTestWithWebServer): # Tests that require a secure context. class ChromeDriverSecureContextTest(ChromeDriverBaseTest): - # The example attestation private key from the U2F spec at - # https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#registration-example - # PKCS.8 encoded without encryption, as a base64url string. - privateKey = "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg8_zMDQDYAxlU-Qhk1Dwkf0v18GZca1DMF3SaJ9HPdmShRANCAASNYX5lyVCOZLzFZzrIKmeZ2jwURmgsJYxGP__fWN_S-j5sN4tT15XEpN_7QZnt14YvI6uvAgO0uJEboFaZlOEB" - @staticmethod def GlobalSetUp(): cert_path = os.path.join(chrome_paths.GetTestData(), @@ -2039,21 +2033,6 @@ class ChromeDriverSecureContextTest(ChromeDriverBaseTest): return ChromeDriverSecureContextTest._https_server.GetUrl( host) + file_path - # Encodes a string in URL-safe base64 with no padding. - @staticmethod - def URLSafeBase64Encode(string): - encoded = base64.urlsafe_b64encode(string) - while encoded[-1] == "=": - encoded = encoded[0:-1] - return encoded - - # Decodes a base64 string with no padding. - @staticmethod - def UrlSafeBase64Decode(string): - string = string.encode("utf-8") - string += "=" * (4 - len(string) % 4) - return base64.urlsafe_b64decode(string) - def setUp(self): self._driver = self.CreateDriver( chrome_switches=['host-resolver-rules=MAP * 127.0.0.1']) @@ -2101,6 +2080,10 @@ class ChromeDriverSecureContextTest(ChromeDriverBaseTest): self._driver.RemoveVirtualAuthenticator, response['authenticatorId']) def testAddCredential(self): + # The example attestation private key from the U2F spec at + # https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#registration-example + # PKCS.8 encoded without encryption. + privateKey = "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg8/zMDQDYAxlU+Qhk1Dwkf0v18GZca1DMF3SaJ9HPdmShRANCAASNYX5lyVCOZLzFZzrIKmeZ2jwURmgsJYxGP//fWN/S+j5sN4tT15XEpN/7QZnt14YvI6uvAgO0uJEboFaZlOEB" script = """ let done = arguments[0]; @@ -2123,78 +2106,16 @@ class ChromeDriverSecureContextTest(ChromeDriverBaseTest): # Register a credential and try authenticating with it. self._driver.AddCredential( authenticatorId = authenticatorId, - credentialId = self.URLSafeBase64Encode("cred-1"), + credentialId = base64.b64encode("cred-1"), isResidentCredential=False, rpId="chromedriver.test", - privateKey=self.privateKey, + privateKey=privateKey, signCount=1, ) result = self._driver.ExecuteAsyncScript(script) self.assertEquals('OK', result['status']) - def testAddCredentialBase64Errors(self): - # Test that AddCredential checks UrlBase64 parameteres. - self._driver.Load(self.GetHttpsUrlForFile( - '/chromedriver/webauthn_test.html', 'chromedriver.test')) - - authenticatorId = self._driver.AddVirtualAuthenticator( - protocol = 'ctap2', - transport = 'usb', - hasResidentKey = False, - hasUserVerification = False, - )['authenticatorId'] - - # Try adding a credentialId that is encoded in vanilla base64. - self.assertRaisesRegexp( - chromedriver.InvalidArgument, - 'credentialId must be a base64url encoded string', - self._driver.AddCredential, authenticatorId, '_0n+wWqg=', - False, "chromedriver.test", self.privateKey, None, 1, - ) - - # Try adding a credentialId that is not a string. - self.assertRaisesRegexp( - chromedriver.InvalidArgument, - 'credentialId must be a base64url encoded string', - self._driver.AddCredential, authenticatorId, 1, - False, "chromedriver.test", self.privateKey, None, 1, - ) - - def testGetCredentials(self): - script = """ - let done = arguments[0]; - registerCredential({ - authenticatorSelection: { - requireResidentKey: true, - }, - }).then(done); - """ - self._driver.Load(self.GetHttpsUrlForFile( - '/chromedriver/webauthn_test.html', 'chromedriver.test')) - authenticatorId = self._driver.AddVirtualAuthenticator( - protocol = 'ctap2', - transport = 'usb', - hasResidentKey = True, - hasUserVerification = True, - )['authenticatorId'] - - # Register a credential via the webauthn API. - result = self._driver.ExecuteAsyncScript(script) - self.assertEquals('OK', result['status']) - credentialId = result['credential']['id'] - - # GetCredentials should return the credential that was just created. - credentials = self._driver.GetCredentials(authenticatorId)['credentials'] - self.assertEquals(1, len(credentials)) - self.assertEquals(credentialId, credentials[0]['credentialId']) - self.assertEquals(True, credentials[0]['isResidentCredential']) - self.assertEquals('chromedriver.test', credentials[0]['rpId']) - self.assertEquals(chr(1), - self.UrlSafeBase64Decode(credentials[0]['userHandle'])) - self.assertEquals(1, credentials[0]['signCount']) - self.assertTrue(credentials[0]['privateKey']) - # Tests in the following class are expected to be moved to ChromeDriverTest # class when we no longer support the legacy mode. class ChromeDriverW3cTest(ChromeDriverBaseTestWithWebServer): diff --git a/chrome/test/chromedriver/webauthn_commands.cc b/chrome/test/chromedriver/webauthn_commands.cc index b0d4d62bc..32c8a4a61 100644 --- a/chrome/test/chromedriver/webauthn_commands.cc +++ b/chrome/test/chromedriver/webauthn_commands.cc @@ -6,8 +6,6 @@ #include -#include "base/base64.h" -#include "base/base64url.h" #include "base/callback.h" #include "base/containers/flat_map.h" #include "base/values.h" @@ -17,8 +15,6 @@ namespace { -static constexpr char kBase64UrlError[] = " must be a base64url encoded string"; - // Creates a base::DictionaryValue by cloning the parameters specified by // |mapping| from |params|. base::DictionaryValue MapParams( @@ -33,48 +29,6 @@ base::DictionaryValue MapParams( return options; } -// Converts the string |keys| in |params| from base64url to base64. Returns a -// status error if conversion of one of the keys failed. -Status ConvertBase64UrlToBase64(base::Value* params, - const std::vector keys) { - for (const std::string key : keys) { - base::Value* maybe_value = params->FindKey(key); - if (!maybe_value) - continue; - - if (!maybe_value->is_string()) - return Status(kInvalidArgument, key + kBase64UrlError); - - std::string& value = maybe_value->GetString(); - std::string temp; - if (!Base64UrlDecode(value, base::Base64UrlDecodePolicy::IGNORE_PADDING, - &temp)) { - return Status(kInvalidArgument, key + kBase64UrlError); - } - - base::Base64Encode(temp, &value); - } - - return Status(kOk); -} - -// Converts the string |keys| in |params| from base64 to base64url. -void ConvertBase64ToBase64Url(base::Value* params, - const std::vector keys) { - for (const std::string key : keys) { - std::string* maybe_value = params->FindStringKey(key); - if (!maybe_value) - continue; - - std::string temp; - bool result = base::Base64Decode(*maybe_value, &temp); - DCHECK(result); - - base::Base64UrlEncode(temp, base::Base64UrlEncodePolicy::OMIT_PADDING, - maybe_value); - } -} - } // namespace Status ExecuteWebAuthnCommand(const WebAuthnCommand& command, @@ -125,40 +79,18 @@ Status ExecuteRemoveVirtualAuthenticator(WebView* web_view, Status ExecuteAddCredential(WebView* web_view, const base::Value& params, std::unique_ptr* value) { - base::DictionaryValue mapped_params = MapParams( - { - {"authenticatorId", "authenticatorId"}, - {"credential.credentialId", "credentialId"}, - {"credential.isResidentCredential", "isResidentCredential"}, - {"credential.rpId", "rpId"}, - {"credential.privateKey", "privateKey"}, - {"credential.userHandle", "userHandle"}, - {"credential.signCount", "signCount"}, - }, - params); - Status status = - ConvertBase64UrlToBase64(mapped_params.FindKey("credential"), - {"credentialId", "privateKey", "userHandle"}); - if (status.IsError()) - return status; - - return web_view->SendCommandAndGetResult("WebAuthn.addCredential", - std::move(mapped_params), value); -} - -Status ExecuteGetCredentials(WebView* web_view, - const base::Value& params, - std::unique_ptr* value) { - Status status = web_view->SendCommandAndGetResult( - "WebAuthn.getCredentials", - MapParams({{"authenticatorId", "authenticatorId"}}, params), value); - if (status.IsError()) - return status; - - for (base::Value& credential : (*value)->FindKey("credentials")->GetList()) { - ConvertBase64ToBase64Url(&credential, - {"credentialId", "privateKey", "userHandle"}); - } - - return status; + return web_view->SendCommandAndGetResult( + "WebAuthn.addCredential", + MapParams( + { + {"authenticatorId", "authenticatorId"}, + {"credential.credentialId", "credentialId"}, + {"credential.isResidentCredential", "isResidentCredential"}, + {"credential.rpId", "rpId"}, + {"credential.privateKey", "privateKey"}, + {"credential.userHandle", "userHandle"}, + {"credential.signCount", "signCount"}, + }, + params), + value); } diff --git a/chrome/test/chromedriver/webauthn_commands.h b/chrome/test/chromedriver/webauthn_commands.h index dcc278428..fd75ecfed 100644 --- a/chrome/test/chromedriver/webauthn_commands.h +++ b/chrome/test/chromedriver/webauthn_commands.h @@ -44,9 +44,4 @@ Status ExecuteAddCredential(WebView* web_view, const base::Value& params, std::unique_ptr* value); -// Retrieve all the credentials stored in an authenticator. -Status ExecuteGetCredentials(WebView* web_view, - const base::Value& params, - std::unique_ptr* value); - #endif // CHROME_TEST_CHROMEDRIVER_WEBAUTHN_COMMANDS_H_ diff --git a/device/fido/virtual_ctap2_device.cc b/device/fido/virtual_ctap2_device.cc index 672b61cb5..843bd0f4e 100644 --- a/device/fido/virtual_ctap2_device.cc +++ b/device/fido/virtual_ctap2_device.cc @@ -864,7 +864,6 @@ base::Optional VirtualCtap2Device::OnMakeCredential( registration.is_resident = true; registration.user = request.user; - registration.rp = request.rp; } if (request.cred_protect) {