Bug 1718228 - Make CollectedClientData follow the spec r=dveditz,baku

R. Martinho Fernandes · R. Martinho Fernandes · commit b688465bb0a8 · 2022-06-30T12:28:45.000Z
Differential Revision: https://phabricator.services.mozilla.com/D136881
diff --git a/dom/webauthn/WebAuthnManager.cpp b/dom/webauthn/WebAuthnManager.cpp
@@ -75,8 +75,6 @@ static nsresult AssembleClientData(
   clientDataObject.mType.Assign(aType);
   clientDataObject.mChallenge.Assign(challengeBase64);
   clientDataObject.mOrigin.Assign(aOrigin);
-  clientDataObject.mHashAlgorithm.AssignLiteral(u"SHA-256");
-  clientDataObject.mClientExtensions = aExtensions;
 
   nsAutoString temp;
   if (NS_WARN_IF(!clientDataObject.ToJSON(temp))) {
diff --git a/dom/webauthn/tests/browser/browser_fido_appid_extension.js b/dom/webauthn/tests/browser/browser_fido_appid_extension.js
@@ -96,9 +96,6 @@ add_task(async function test_appid() {
       // Check that the correct rpIdHash is returned.
       let rpIdHashSign = authenticatorData.slice(0, 32);
       ok(memcmp(rpIdHash, rpIdHashSign), "rpIdHash is correct");
-
-      let clientData = JSON.parse(buffer2string(clientDataJSON));
-      is(clientData.clientExtensions.appid, appid, "appid extension sent");
     }
   );
 
@@ -127,14 +124,6 @@ add_task(async function test_appid_unused() {
     extensions,
   } = await promiseWebAuthnGetAssertion(tab, rawId, { appid });
 
-  // Check the we can parse clientDataJSON.
-  let clientData = JSON.parse(buffer2string(clientDataJSON));
-  ok(
-    "appid" in clientData.clientExtensions,
-    `since it was passed, appid field should appear in the client data, but ` +
-      `saw: ${JSON.stringify(clientData.clientExtensions)}`
-  );
-
   ok(
     "appid" in extensions,
     `appid should be populated in the extensions data, but saw: ` +
diff --git a/dom/webauthn/tests/test_webauthn_loopback.html b/dom/webauthn/tests/test_webauthn_loopback.html
@@ -50,7 +50,6 @@ <h1>Full-run test for MakeCredential/GetAssertion for W3C Web Authentication</h1
        - response : AuthenticatorAttestationResponse : AuthenticatorResponse
          - attestationObject: CBOR object
          - clientDataJSON: serialized JSON
-       - clientExtensionResults: (not yet supported)
     */
 
     is(aCredInfo.type, "public-key", "Credential type must be public-key")
@@ -66,13 +65,8 @@ <h1>Full-run test for MakeCredential/GetAssertion for W3C Web Authentication</h1
     let clientData = JSON.parse(buffer2string(aCredInfo.response.clientDataJSON));
     is(clientData.challenge, bytesToBase64UrlSafe(gCredentialChallenge), "Challenge is correct");
     is(clientData.origin, window.location.origin, "Origin is correct");
-    is(clientData.hashAlgorithm, "SHA-256", "Hash algorithm is correct");
     is(clientData.type, "webauthn.create", "Type is correct");
 
-    let extensions = aCredInfo.getClientExtensionResults();
-    is(extensions.appid, undefined, "appid extension wasn't used");
-    is(clientData.clientExtensions.appid, undefined, "appid extension wasn't sent");
-
     return webAuthnDecodeCBORAttestation(aCredInfo.response.attestationObject)
     .then(function(aAttestationObj) {
       // Make sure the RP ID hash matches what we calculate.
@@ -118,13 +112,11 @@ <h1>Full-run test for MakeCredential/GetAssertion for W3C Web Authentication</h1
     ok(aAssertion.response.signature === aAssertion.response.signature, "AuthenticatorAssertionResponse.Signature is SameObject");
     ok(aAssertion.response.signature instanceof ArrayBuffer, "AuthenticatorAssertionResponse.Signature is an ArrayBuffer");
     ok(aAssertion.response.userHandle === null, "AuthenticatorAssertionResponse.UserHandle is null for u2f authenticators");
-    isDeeply(aAssertion.getClientExtensionResults(), {}, "No extensions should be reported");
 
     ok(aAssertion.response.authenticatorData.byteLength > 0, "Authenticator data exists");
     let clientData = JSON.parse(buffer2string(aAssertion.response.clientDataJSON));
     is(clientData.challenge, bytesToBase64UrlSafe(gAssertionChallenge), "Challenge is correct");
     is(clientData.origin, window.location.origin, "Origin is correct");
-    is(clientData.hashAlgorithm, "SHA-256", "Hash algorithm is correct");
     is(clientData.type, "webauthn.get", "Type is correct");
 
     return webAuthnDecodeAuthDataArray(aAssertion.response.authenticatorData)
diff --git a/dom/webidl/WebAuthentication.webidl b/dom/webidl/WebAuthentication.webidl
@@ -140,13 +140,16 @@ dictionary CollectedClientData {
     required DOMString           type;
     required DOMString           challenge;
     required DOMString           origin;
-    required DOMString           hashAlgorithm;
-    DOMString                    tokenBindingId;
-    // FIXME: bug 1493860: should this "= {}" be here?
-    AuthenticationExtensionsClientInputs clientExtensions = {};
-    AuthenticationExtensionsAuthenticatorInputs authenticatorExtensions;
+    TokenBinding                 tokenBinding;
+};
+
+dictionary TokenBinding {
+    required DOMString status;
+    DOMString id;
 };
 
+enum TokenBindingStatus { "present", "supported" };
+
 enum PublicKeyCredentialType {
     "public-key"
 };
