1 // Copyright 2017 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef DEVICE_FIDO_ATTESTATION_STATEMENT_H_ 6 #define DEVICE_FIDO_ATTESTATION_STATEMENT_H_ 7 8 #include <string> 9 10 #include "base/component_export.h" 11 #include "base/containers/span.h" 12 #include "base/macros.h" 13 #include "base/optional.h" 14 #include "components/cbor/values.h" 15 16 namespace device { 17 18 // A signed data object containing statements about a credential itself and 19 // the authenticator that created it. 20 // Each attestation statement format is defined by the following attributes: 21 // - The attestation statement format identifier. 22 // - The set of attestation types supported by the format. 23 // - The syntax of an attestation statement produced in this format. 24 // https://www.w3.org/TR/2017/WD-webauthn-20170505/#cred-attestation. COMPONENT_EXPORT(DEVICE_FIDO)25class COMPONENT_EXPORT(DEVICE_FIDO) AttestationStatement { 26 public: 27 virtual ~AttestationStatement(); 28 29 // The CBOR map data to be added to the attestation object, structured 30 // in a way that is specified by its particular attestation format: 31 // https://www.w3.org/TR/2017/WD-webauthn-20170505/#defined-attestation-formats 32 // This is not a CBOR-encoded byte array, but the map that will be 33 // nested within another CBOR object and encoded then. 34 virtual cbor::Value AsCBOR() const = 0; 35 36 // Returns true if the attestation is a "self" attestation, i.e. is just the 37 // private key signing itself to show that it is fresh. 38 virtual bool IsSelfAttestation() = 0; 39 40 // Returns true if the attestation is known to be inappropriately identifying. 41 // Some tokens return unique attestation certificates even when the bit to 42 // request that is not set. (Normal attestation certificates are not 43 // indended to be trackable.) 44 virtual bool IsAttestationCertificateInappropriatelyIdentifying() = 0; 45 46 // Return the DER bytes of the leaf X.509 certificate, if any. 47 virtual base::Optional<base::span<const uint8_t>> GetLeafCertificate() 48 const = 0; 49 50 const std::string& format_name() const { return format_; } 51 52 protected: 53 explicit AttestationStatement(std::string format); 54 const std::string format_; 55 56 private: 57 DISALLOW_COPY_AND_ASSIGN(AttestationStatement); 58 }; 59 60 // NoneAttestationStatement represents a “none” attestation, which is used when 61 // attestation information will not be returned. See 62 // https://w3c.github.io/webauthn/#none-attestation COMPONENT_EXPORT(DEVICE_FIDO)63class COMPONENT_EXPORT(DEVICE_FIDO) NoneAttestationStatement 64 : public AttestationStatement { 65 public: 66 NoneAttestationStatement(); 67 ~NoneAttestationStatement() override; 68 69 cbor::Value AsCBOR() const override; 70 bool IsSelfAttestation() override; 71 bool IsAttestationCertificateInappropriatelyIdentifying() override; 72 base::Optional<base::span<const uint8_t>> GetLeafCertificate() const override; 73 74 private: 75 DISALLOW_COPY_AND_ASSIGN(NoneAttestationStatement); 76 }; 77 78 COMPONENT_EXPORT(DEVICE_FIDO) 79 cbor::Value AsCBOR(const AttestationStatement&); 80 81 } // namespace device 82 83 #endif // DEVICE_FIDO_ATTESTATION_STATEMENT_H_ 84