1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef DEVICE_FIDO_ATTESTATION_STATEMENT_H_
6 #define DEVICE_FIDO_ATTESTATION_STATEMENT_H_
7 
8 #include <string>
9 
10 #include "base/component_export.h"
11 #include "base/containers/span.h"
12 #include "base/macros.h"
13 #include "base/optional.h"
14 #include "components/cbor/values.h"
15 
16 namespace device {
17 
18 // A signed data object containing statements about a credential itself and
19 // the authenticator that created it.
20 // Each attestation statement format is defined by the following attributes:
21 // - The attestation statement format identifier.
22 // - The set of attestation types supported by the format.
23 // - The syntax of an attestation statement produced in this format.
24 // https://www.w3.org/TR/2017/WD-webauthn-20170505/#cred-attestation.
COMPONENT_EXPORT(DEVICE_FIDO)25 class COMPONENT_EXPORT(DEVICE_FIDO) AttestationStatement {
26  public:
27   virtual ~AttestationStatement();
28 
29   // The CBOR map data to be added to the attestation object, structured
30   // in a way that is specified by its particular attestation format:
31   // https://www.w3.org/TR/2017/WD-webauthn-20170505/#defined-attestation-formats
32   // This is not a CBOR-encoded byte array, but the map that will be
33   // nested within another CBOR object and encoded then.
34   virtual cbor::Value AsCBOR() const = 0;
35 
36   // Returns true if the attestation is a "self" attestation, i.e. is just the
37   // private key signing itself to show that it is fresh.
38   virtual bool IsSelfAttestation() = 0;
39 
40   // Returns true if the attestation is known to be inappropriately identifying.
41   // Some tokens return unique attestation certificates even when the bit to
42   // request that is not set. (Normal attestation certificates are not
43   // indended to be trackable.)
44   virtual bool IsAttestationCertificateInappropriatelyIdentifying() = 0;
45 
46   // Return the DER bytes of the leaf X.509 certificate, if any.
47   virtual base::Optional<base::span<const uint8_t>> GetLeafCertificate()
48       const = 0;
49 
50   const std::string& format_name() const { return format_; }
51 
52  protected:
53   explicit AttestationStatement(std::string format);
54   const std::string format_;
55 
56  private:
57   DISALLOW_COPY_AND_ASSIGN(AttestationStatement);
58 };
59 
60 // NoneAttestationStatement represents a “none” attestation, which is used when
61 // attestation information will not be returned. See
62 // https://w3c.github.io/webauthn/#none-attestation
COMPONENT_EXPORT(DEVICE_FIDO)63 class COMPONENT_EXPORT(DEVICE_FIDO) NoneAttestationStatement
64     : public AttestationStatement {
65  public:
66   NoneAttestationStatement();
67   ~NoneAttestationStatement() override;
68 
69   cbor::Value AsCBOR() const override;
70   bool IsSelfAttestation() override;
71   bool IsAttestationCertificateInappropriatelyIdentifying() override;
72   base::Optional<base::span<const uint8_t>> GetLeafCertificate() const override;
73 
74  private:
75   DISALLOW_COPY_AND_ASSIGN(NoneAttestationStatement);
76 };
77 
78 COMPONENT_EXPORT(DEVICE_FIDO)
79 cbor::Value AsCBOR(const AttestationStatement&);
80 
81 }  // namespace device
82 
83 #endif  // DEVICE_FIDO_ATTESTATION_STATEMENT_H_
84