-
Adam Langley authored
In the latest CTAP 2.1 draft, an authenticator can have a default credProtect level other than one. Previously, Chromium couldn't distinguish level one from not-specified thus, first, this change adds that distinction. Then there are additional complexities because Chromium sets a default credProtect level of two for discoverable credentials, but we don't want to override an authenticator default of three. Therefore the credProtect level for a request becomes a property that can only be resolved in the context of the specific authenticator that will receive the request. We already have a property like this: the Android ClientDataJSON extension. Thus pull these meta-level request properties into a different structure so that MakeCredentialRequestHandler can craft per-authenticator requests from that when needed. This isn't perfectly clean because the Windows API acts as an authenticator, but is actually a front for many authenticators. So we have to stuff |cred_protect_enforce| in the request object, despite it being a meta-level property. BUG=1057126 Change-Id: Id1c02d4689492d597f5f29674166b97a8e720d2f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2130869Reviewed-by:
Martin Kreichgauer <martinkr@google.com> Commit-Queue: Adam Langley <agl@chromium.org> Cr-Commit-Position: refs/heads/master@{#756380}
6361e1e8
