4e003f0103
WebAuthn is allowed in secure contexts, but the specification adds a further restriction that on the web "this only includes [secure contexts] accessed via a secure transport (e.g., TLS) established without errors." We had previously allowed WebAuthn when a certificate error override was used in establishing the channel. This patch disallows WebAuthn when an untrusted issuer or domain override is used. We continue to allow WebAuthn when a validity period override is used. Differential Revision: https://phabricator.services.mozilla.com/D241705
36 lines
1.2 KiB
C++
36 lines
1.2 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef mozilla_dom_WebAuthnUtil_h
|
|
#define mozilla_dom_WebAuthnUtil_h
|
|
|
|
#include "mozilla/dom/WebAuthenticationBinding.h"
|
|
#include "ipc/IPCMessageUtils.h"
|
|
|
|
namespace mozilla::dom {
|
|
|
|
bool IsValidAppId(const nsCOMPtr<nsIPrincipal>& aPrincipal,
|
|
const nsCString& aAppId);
|
|
|
|
bool IsWebAuthnAllowedInDocument(const nsCOMPtr<Document>& aDoc);
|
|
|
|
bool IsWebAuthnAllowedForPrincipal(const nsCOMPtr<nsIPrincipal>& aPrincipal);
|
|
|
|
bool IsWebAuthnAllowedForTransportSecurityInfo(
|
|
nsITransportSecurityInfo* aSecurityInfo);
|
|
|
|
nsresult DefaultRpId(const nsCOMPtr<nsIPrincipal>& aPrincipal,
|
|
/* out */ nsACString& aRpId);
|
|
|
|
bool IsValidRpId(const nsCOMPtr<nsIPrincipal>& aPrincipal,
|
|
const nsACString& aRpId);
|
|
|
|
nsresult HashCString(const nsACString& aIn, /* out */ nsTArray<uint8_t>& aOut);
|
|
|
|
} // namespace mozilla::dom
|
|
|
|
#endif // mozilla_dom_WebAuthnUtil_h
|