1
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2025-02-22 16:49:13 +03:00

Use Origin.Web when request came from browser

This commit is contained in:
Álison Fernandes 2025-01-17 13:53:17 +00:00
parent 412649ed9e
commit 1095b391df
No known key found for this signature in database
GPG key ID: B8CE98903DFC87BC

View file

@ -48,7 +48,8 @@ class Fido2CredentialManagerImpl(
fido2CreateCredentialRequest: Fido2CreateCredentialRequest,
selectedCipherView: CipherView,
): Fido2RegisterCredentialResult {
val clientData = if (fido2CreateCredentialRequest.callingAppInfo.isOriginPopulated()) {
val requestedFromBrowser = fido2CreateCredentialRequest.callingAppInfo.isOriginPopulated()
val clientData = if (requestedFromBrowser) {
fido2CreateCredentialRequest
.callingAppInfo
.getAppSigningSignatureFingerprint()
@ -61,23 +62,41 @@ class Fido2CredentialManagerImpl(
.packageName,
)
}
val assetLinkUrl = fido2CreateCredentialRequest
val requestJsonOrigin = fido2CreateCredentialRequest
.origin
?: getOriginUrlFromAttestationOptionsOrNull(fido2CreateCredentialRequest.requestJson)
?: return Fido2RegisterCredentialResult.Error
// val relyingPartyId = json
// .decodeFromStringOrNull<PasskeyAssertionOptions>(fido2CreateCredentialRequest.requestJson)
// ?.relyingPartyId
// ?: return Fido2RegisterCredentialResult.Error
//
// val validateOriginResult = validateOrigin(
// callingAppInfo = fido2CreateCredentialRequest.callingAppInfo,
// relyingPartyId = relyingPartyId,
// )
//
// if(validateOriginResult is Fido2ValidateOriginResult.Error)
// {
// return Fido2RegisterCredentialResult.Error
// }
val origin = if (requestedFromBrowser) {
Origin.Web(requestJsonOrigin)
} else {
Origin.Android(
UnverifiedAssetLink(
packageName = fido2CreateCredentialRequest.packageName,
sha256CertFingerprint = fido2CreateCredentialRequest
.callingAppInfo
.getSignatureFingerprintAsHexString()
?: return Fido2RegisterCredentialResult.Error,
host = requestJsonOrigin,
assetLinkUrl = null // will be generated
),
)
}
val origin = Origin.Android(
UnverifiedAssetLink(
packageName = fido2CreateCredentialRequest.packageName,
sha256CertFingerprint = fido2CreateCredentialRequest
.callingAppInfo
.getSignatureFingerprintAsHexString()
?: return Fido2RegisterCredentialResult.Error,
host = assetLinkUrl.toHostOrPathOrNull()
?: return Fido2RegisterCredentialResult.Error,
assetLinkUrl = assetLinkUrl,
),
)
return vaultSdkSource
.registerFido2Credential(
request = RegisterFido2CredentialRequest(