Loading play-services-fido-api/src/main/java/com/google/android/gms/fido/fido2/api/common/AuthenticatorSelectionCriteria.java +6 −0 Original line number Diff line number Diff line Loading @@ -8,6 +8,7 @@ package com.google.android.gms.fido.fido2.api.common; import org.microg.gms.common.PublicApi; import org.microg.gms.utils.ToStringHelper; import org.microg.safeparcel.AutoSafeParcelable; Loading Loading @@ -40,6 +41,11 @@ public class AuthenticatorSelectionCriteria extends AutoSafeParcelable { return requireResidentKey; } @PublicApi(exclude = true) public UserVerificationRequirement getRequireUserVerification() { return requireUserVerification; } @Override public boolean equals(Object o) { if (this == o) return true; Loading play-services-fido-api/src/main/java/com/google/android/gms/fido/fido2/api/common/PublicKeyCredentialRequestOptions.java +9 −4 Original line number Diff line number Diff line Loading @@ -33,7 +33,7 @@ public class PublicKeyCredentialRequestOptions extends RequestOptions { @Field(7) private TokenBinding tokenBinding; @Field(8) private UserVerificationRequirement userVerificationRequirement; private UserVerificationRequirement requireUserVerification; @Field(9) private AuthenticationExtensions authenticationExtensions; Loading @@ -46,6 +46,11 @@ public class PublicKeyCredentialRequestOptions extends RequestOptions { return authenticationExtensions; } @PublicApi(exclude = true) public UserVerificationRequirement getRequireUserVerification() { return requireUserVerification; } @Override public byte[] getChallenge() { return challenge; Loading Loading @@ -84,13 +89,13 @@ public class PublicKeyCredentialRequestOptions extends RequestOptions { if (allowList != null ? !allowList.equals(that.allowList) : that.allowList != null) return false; if (requestId != null ? !requestId.equals(that.requestId) : that.requestId != null) return false; if (tokenBinding != null ? !tokenBinding.equals(that.tokenBinding) : that.tokenBinding != null) return false; if (userVerificationRequirement != that.userVerificationRequirement) return false; if (requireUserVerification != that.requireUserVerification) return false; return authenticationExtensions != null ? authenticationExtensions.equals(that.authenticationExtensions) : that.authenticationExtensions == null; } @Override public int hashCode() { return Arrays.hashCode(new Object[]{Arrays.hashCode(challenge), timeoutSeconds, rpId, allowList, requestId, tokenBinding, userVerificationRequirement, authenticationExtensions}); return Arrays.hashCode(new Object[]{Arrays.hashCode(challenge), timeoutSeconds, rpId, allowList, requestId, tokenBinding, requireUserVerification, authenticationExtensions}); } @Override Loading @@ -102,7 +107,7 @@ public class PublicKeyCredentialRequestOptions extends RequestOptions { .field("allowList", allowList) .field("requestId", requestId) .field("tokenBinding", tokenBinding) .field("userVerificationRequirement", userVerificationRequirement) .field("userVerificationRequirement", requireUserVerification) .field("authenticationExtensions", authenticationExtensions) .end(); } Loading play-services-fido-core/build.gradle +1 −0 Original line number Diff line number Diff line Loading @@ -29,6 +29,7 @@ dependencies { implementation "androidx.navigation:navigation-ui-ktx:$navigationVersion" implementation 'com.upokecenter:cbor:4.5.2' implementation 'com.google.guava:guava:31.1-android' } android { Loading play-services-fido-core/src/main/kotlin/org/microg/gms/fido/core/RequestHandling.kt +16 −0 Original line number Diff line number Diff line Loading @@ -6,10 +6,13 @@ package org.microg.gms.fido.core import android.content.Context import android.net.Uri import android.util.Base64 import com.google.android.gms.fido.fido2.api.common.* import com.google.android.gms.fido.fido2.api.common.ErrorCode.* import com.google.common.net.InternetDomainName import com.upokecenter.cbor.CBORObject import kotlinx.coroutines.runBlocking import org.json.JSONObject import org.microg.gms.fido.core.RequestOptionsType.REGISTER import org.microg.gms.fido.core.RequestOptionsType.SIGN Loading Loading @@ -75,6 +78,19 @@ fun RequestOptions.checkIsValid(context: Context) { throw RequestHandlingException(NOT_ALLOWED_ERR, "Request doesn't have a valid list of allowed credentials.") } } if (authenticationExtensions?.fidoAppIdExtension?.appId != null) { val appId = authenticationExtensions.fidoAppIdExtension.appId if (!appId.startsWith("https://")) { throw RequestHandlingException(NOT_ALLOWED_ERR, "FIDO AppId must start with https://") } val uri = Uri.parse(appId) if (uri.host.isNullOrEmpty()) { throw RequestHandlingException(NOT_ALLOWED_ERR, "FIDO AppId must have a valid hostname") } if (InternetDomainName.from(uri.host).topDomainUnderRegistrySuffix() != InternetDomainName.from(rpId).topDomainUnderRegistrySuffix()) { throw RequestHandlingException(NOT_ALLOWED_ERR, "FIDO AppId must be same TLD+1") } } } fun RequestOptions.getWebAuthnClientData(callingPackage: String, origin: String): ByteArray { Loading play-services-fido-core/src/main/kotlin/org/microg/gms/fido/core/protocol/AndroidSafetyNetAttestationObject.kt +1 −1 Original line number Diff line number Diff line Loading @@ -8,7 +8,7 @@ package org.microg.gms.fido.core.protocol import com.upokecenter.cbor.CBORObject class AndroidSafetyNetAttestationObject(authData: AuthenticatorData, val ver: String, val response: ByteArray) : AttestationObject(authData) { AttestationObject(authData.encode()) { override val fmt: String get() = "android-safetynet" override val attStmt: CBORObject Loading Loading
play-services-fido-api/src/main/java/com/google/android/gms/fido/fido2/api/common/AuthenticatorSelectionCriteria.java +6 −0 Original line number Diff line number Diff line Loading @@ -8,6 +8,7 @@ package com.google.android.gms.fido.fido2.api.common; import org.microg.gms.common.PublicApi; import org.microg.gms.utils.ToStringHelper; import org.microg.safeparcel.AutoSafeParcelable; Loading Loading @@ -40,6 +41,11 @@ public class AuthenticatorSelectionCriteria extends AutoSafeParcelable { return requireResidentKey; } @PublicApi(exclude = true) public UserVerificationRequirement getRequireUserVerification() { return requireUserVerification; } @Override public boolean equals(Object o) { if (this == o) return true; Loading
play-services-fido-api/src/main/java/com/google/android/gms/fido/fido2/api/common/PublicKeyCredentialRequestOptions.java +9 −4 Original line number Diff line number Diff line Loading @@ -33,7 +33,7 @@ public class PublicKeyCredentialRequestOptions extends RequestOptions { @Field(7) private TokenBinding tokenBinding; @Field(8) private UserVerificationRequirement userVerificationRequirement; private UserVerificationRequirement requireUserVerification; @Field(9) private AuthenticationExtensions authenticationExtensions; Loading @@ -46,6 +46,11 @@ public class PublicKeyCredentialRequestOptions extends RequestOptions { return authenticationExtensions; } @PublicApi(exclude = true) public UserVerificationRequirement getRequireUserVerification() { return requireUserVerification; } @Override public byte[] getChallenge() { return challenge; Loading Loading @@ -84,13 +89,13 @@ public class PublicKeyCredentialRequestOptions extends RequestOptions { if (allowList != null ? !allowList.equals(that.allowList) : that.allowList != null) return false; if (requestId != null ? !requestId.equals(that.requestId) : that.requestId != null) return false; if (tokenBinding != null ? !tokenBinding.equals(that.tokenBinding) : that.tokenBinding != null) return false; if (userVerificationRequirement != that.userVerificationRequirement) return false; if (requireUserVerification != that.requireUserVerification) return false; return authenticationExtensions != null ? authenticationExtensions.equals(that.authenticationExtensions) : that.authenticationExtensions == null; } @Override public int hashCode() { return Arrays.hashCode(new Object[]{Arrays.hashCode(challenge), timeoutSeconds, rpId, allowList, requestId, tokenBinding, userVerificationRequirement, authenticationExtensions}); return Arrays.hashCode(new Object[]{Arrays.hashCode(challenge), timeoutSeconds, rpId, allowList, requestId, tokenBinding, requireUserVerification, authenticationExtensions}); } @Override Loading @@ -102,7 +107,7 @@ public class PublicKeyCredentialRequestOptions extends RequestOptions { .field("allowList", allowList) .field("requestId", requestId) .field("tokenBinding", tokenBinding) .field("userVerificationRequirement", userVerificationRequirement) .field("userVerificationRequirement", requireUserVerification) .field("authenticationExtensions", authenticationExtensions) .end(); } Loading
play-services-fido-core/build.gradle +1 −0 Original line number Diff line number Diff line Loading @@ -29,6 +29,7 @@ dependencies { implementation "androidx.navigation:navigation-ui-ktx:$navigationVersion" implementation 'com.upokecenter:cbor:4.5.2' implementation 'com.google.guava:guava:31.1-android' } android { Loading
play-services-fido-core/src/main/kotlin/org/microg/gms/fido/core/RequestHandling.kt +16 −0 Original line number Diff line number Diff line Loading @@ -6,10 +6,13 @@ package org.microg.gms.fido.core import android.content.Context import android.net.Uri import android.util.Base64 import com.google.android.gms.fido.fido2.api.common.* import com.google.android.gms.fido.fido2.api.common.ErrorCode.* import com.google.common.net.InternetDomainName import com.upokecenter.cbor.CBORObject import kotlinx.coroutines.runBlocking import org.json.JSONObject import org.microg.gms.fido.core.RequestOptionsType.REGISTER import org.microg.gms.fido.core.RequestOptionsType.SIGN Loading Loading @@ -75,6 +78,19 @@ fun RequestOptions.checkIsValid(context: Context) { throw RequestHandlingException(NOT_ALLOWED_ERR, "Request doesn't have a valid list of allowed credentials.") } } if (authenticationExtensions?.fidoAppIdExtension?.appId != null) { val appId = authenticationExtensions.fidoAppIdExtension.appId if (!appId.startsWith("https://")) { throw RequestHandlingException(NOT_ALLOWED_ERR, "FIDO AppId must start with https://") } val uri = Uri.parse(appId) if (uri.host.isNullOrEmpty()) { throw RequestHandlingException(NOT_ALLOWED_ERR, "FIDO AppId must have a valid hostname") } if (InternetDomainName.from(uri.host).topDomainUnderRegistrySuffix() != InternetDomainName.from(rpId).topDomainUnderRegistrySuffix()) { throw RequestHandlingException(NOT_ALLOWED_ERR, "FIDO AppId must be same TLD+1") } } } fun RequestOptions.getWebAuthnClientData(callingPackage: String, origin: String): ByteArray { Loading
play-services-fido-core/src/main/kotlin/org/microg/gms/fido/core/protocol/AndroidSafetyNetAttestationObject.kt +1 −1 Original line number Diff line number Diff line Loading @@ -8,7 +8,7 @@ package org.microg.gms.fido.core.protocol import com.upokecenter.cbor.CBORObject class AndroidSafetyNetAttestationObject(authData: AuthenticatorData, val ver: String, val response: ByteArray) : AttestationObject(authData) { AttestationObject(authData.encode()) { override val fmt: String get() = "android-safetynet" override val attStmt: CBORObject Loading
