Portal backend api

credentialsd-common/src/client.rs

@@ -3,8 +3,8 @@ use std::pin::Pin;
 use futures_lite::Stream;
 
 use crate::{
-    model::Device,
-    server::{BackgroundEvent, RequestId},
+    model::{Device, RequestId},
+    server::BackgroundEvent,
 };
 
 /// Used for communication from trusted UI to credential service

credentialsd-common/src/model.rs

@@ -40,8 +40,17 @@ pub struct Device {
 
 #[derive(Clone, Debug, Serialize, Deserialize, Type)]
 pub enum Operation {
-    Create,
-    Get,
+    PublicKeyCreate,
+    PublicKeyGet,
+}
+
+#[derive(Clone, Debug, PartialEq, Serialize, Deserialize, Type)]
+pub struct PortalBackendOptions {
+    /// Top-level origin of the request if different from the origin.
+    pub top_origin: Optional<String>,
+
+    /// RP ID of the request. Required for WebAuthn/PublicKey requests.
+    pub rp_id: Optional<String>,
 }
 
 #[derive(Clone, Debug, PartialEq, Serialize, Deserialize, Type)]
@@ -122,6 +131,9 @@ pub struct RequestingParty {
     pub origin: String,
 }
 
+/// Identifier for a request to be used for cancellation.
+pub type RequestId = u32;
+
 // TODO: Move to credentialsd-ui
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub enum ViewUpdate {
@@ -254,6 +266,41 @@ pub enum NfcState {
     Failed(Error),
 }
 
+pub enum BackendRequest {
+    /// Start Hybrid discovery
+    StartHybridDiscovery,
+
+    /// Start NFC discovery
+    StartNfcDiscovery,
+
+    /// Start USB discovery
+    StartUsbDiscovery,
+
+    /// Send client PIN
+    EnterClientPin(String),
+
+    /// Select a credential by credential ID
+    SelectCredential(String),
+
+    CancelRequest,
+}
+
+impl std::fmt::Debug for BackendRequest {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            Self::StartHybridDiscovery => write!(f, "StartHybridDiscovery"),
+            Self::StartNfcDiscovery => write!(f, "StartNfcDiscovery"),
+            Self::StartUsbDiscovery => write!(f, "StartUsbDiscovery"),
+            Self::EnterClientPin(_) => f
+                .debug_tuple("EnterClientPin")
+                .field(&"******".to_string())
+                .finish(),
+            Self::SelectCredential(arg0) => f.debug_tuple("SelectCredential").field(arg0).finish(),
+            Self::CancelRequest => write!(f, "CancelRequest"),
+        }
+    }
+}
+
 #[derive(Debug, Clone)]
 pub enum Error {
     /// Some unknown error with the authenticator occurred.

credentialsd-common/src/server.rs

@@ -8,10 +8,10 @@ use serde::{
 };
 use zvariant::{
     self, Array, DeserializeDict, DynamicDeserialize, NoneValue, Optional, OwnedValue,
-    SerializeDict, Signature, Structure, StructureBuilder, Type, Value, signature::Fields,
+    SerializeDict, Signature, Str, Structure, StructureBuilder, Type, Value, signature::Fields,
 };
 
-use crate::model::{Device, Operation, RequestingApplication};
+use crate::model::{BackendRequest, Device, Operation, RequestId, RequestingApplication};
 
 const TAG_VALUE_SIGNATURE: &Signature = &Signature::Structure(Fields::Static {
     fields: &[&Signature::U32, &Signature::Variant],
@@ -49,6 +49,13 @@ const BACKGROUND_EVENT_ERROR_CREDENTIAL_EXCLUDED: u32 = 0x80000006;
 const BACKGROUND_EVENT_ERROR_PIN_ATTEMPTS_EXHAUSTED: u32 = 0x80000007;
 const BACKGROUND_EVENT_ERROR_PIN_NOT_SET: u32 = 0x80000008;
 
+const BACKEND_REQUEST_START_HYBRID_DISCOVERY: u32 = 0x01;
+const BACKEND_REQUEST_START_USB_DISCOVERY: u32 = 0x02;
+const BACKEND_REQUEST_START_NFC_DISCOVERY: u32 = 0x03;
+const BACKEND_REQUEST_ENTER_CLIENT_PIN: u32 = 0x04;
+const BACKEND_REQUEST_SELECT_CREDENTIAL: u32 = 0x05;
+const BACKEND_REQUEST_CANCEL_REQUEST: u32 = 0x06;
+
 /// Flattened enum BackgroundEvent for sending across D-Bus.
 #[derive(Debug, Clone, PartialEq)]
 pub enum BackgroundEvent {
@@ -267,6 +274,94 @@ impl<'de> Deserialize<'de> for BackgroundEvent {
     }
 }
 
+impl Type for BackendRequest {
+    const SIGNATURE: &'static Signature = TAG_VALUE_SIGNATURE;
+}
+
+impl From<&BackendRequest> for Structure<'_> {
+    fn from(value: &BackendRequest) -> Self {
+        match value {
+            BackendRequest::StartHybridDiscovery => tag_value_to_struct(0x01, None),
+            BackendRequest::StartNfcDiscovery => tag_value_to_struct(0x02, None),
+            BackendRequest::StartUsbDiscovery => tag_value_to_struct(0x03, None),
+            BackendRequest::EnterClientPin(pin) => {
+                tag_value_to_struct(0x04, Some(Value::Str(pin.into())))
+            }
+            BackendRequest::SelectCredential(credential_id) => {
+                tag_value_to_struct(0x05, Some(Value::Str(credential_id.into())))
+            }
+            BackendRequest::CancelRequest => tag_value_to_struct(0x06, None),
+        }
+    }
+}
+
+impl TryFrom<&Structure<'_>> for BackendRequest {
+    type Error = zvariant::Error;
+
+    fn try_from(value: &Structure<'_>) -> Result<Self, Self::Error> {
+        let (tag, value) = parse_tag_value_struct(value)?;
+
+        match tag {
+            0x01 => Ok(BackendRequest::StartHybridDiscovery),
+            0x02 => Ok(BackendRequest::StartNfcDiscovery),
+            0x03 => Ok(BackendRequest::StartUsbDiscovery),
+            0x04 => {
+                let s: Str = value.downcast_ref()?;
+                if s.is_empty() {
+                    return Err(zvariant::Error::invalid_length(
+                        s.len(),
+                        &"a non-empty string",
+                    ));
+                }
+                Ok(BackendRequest::EnterClientPin(s.as_str().to_string()))
+            }
+            0x05 => {
+                let s: Str = value.downcast_ref()?;
+                if s.is_empty() {
+                    return Err(zvariant::Error::invalid_length(
+                        s.len(),
+                        &"a non-empty string",
+                    ));
+                }
+                Ok(BackendRequest::SelectCredential(s.as_str().to_string()))
+            }
+            0x06 => Ok(BackendRequest::CancelRequest),
+            _ => Err(zvariant::Error::Message(format!(
+                "Unknown BackendRequest tag : {tag}"
+            ))),
+        }
+    }
+}
+
+impl Serialize for BackendRequest {
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: serde::Serializer,
+    {
+        let structure: Structure = self.into();
+        structure.serialize(serializer)
+    }
+}
+
+impl<'de> Deserialize<'de> for BackendRequest {
+    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+    where
+        D: serde::Deserializer<'de>,
+    {
+        let d = Structure::deserializer_for_signature(TAG_VALUE_SIGNATURE).map_err(|err| {
+            D::Error::custom(format!(
+                "could not create deserializer for tag-value struct: {err}"
+            ))
+        })?;
+        let structure = d.deserialize(deserializer)?;
+        (&structure).try_into().map_err(|err| {
+            D::Error::custom(format!(
+                "could not deserialize structure into BackendRequest: {err}"
+            ))
+        })
+    }
+}
+
 #[derive(Clone, Debug, DeserializeDict, Type)]
 #[zvariant(signature = "dict")]
 pub struct CreateCredentialRequest {
@@ -412,10 +507,7 @@ impl From<GetPublicKeyCredentialResponse> for GetCredentialResponse {
     }
 }
 
-/// Identifier for a request to be used for cancellation.
-pub type RequestId = u32;
-
-#[derive(Serialize, Deserialize, Type)]
+#[derive(Clone, Debug, Serialize, Deserialize, Type)]
 pub struct ViewRequest {
     pub operation: Operation,
 
@@ -435,7 +527,7 @@ pub struct ViewRequest {
     pub window_handle: Optional<WindowHandle>,
 }
 
-#[derive(Type, PartialEq, Debug)]
+#[derive(Clone, Debug, PartialEq, Type)]
 #[zvariant(signature = "s")]
 pub enum WindowHandle {
     Wayland(String),

credentialsd-ui/src/client.rs

@@ -1,5 +1,13 @@
-use async_std::stream::Stream;
-use credentialsd_common::{client::FlowController, server::RequestId};
+use async_std::{
+    channel::{Receiver, Sender},
+    stream::Stream,
+    sync::Mutex as AsyncMutex,
+};
+use credentialsd_common::{
+    client::FlowController,
+    model::{BackendRequest, RequestId},
+    server::BackgroundEvent,
+};
 use futures_lite::StreamExt;
 use zbus::Connection;
 
@@ -118,3 +126,51 @@ impl FlowController for DbusCredentialClient {
         Ok(())
     }
 }
+
+#[derive(Debug)]
+pub struct FlowControlClient {
+    pub tx: Sender<BackendRequest>,
+    pub rx: AsyncMutex<Option<Receiver<BackgroundEvent>>>,
+}
+
+impl FlowControlClient {
+    pub async fn discover_hybrid_authenticators(&self) -> Result<(), ()> {
+        self.send(BackendRequest::StartHybridDiscovery).await
+    }
+
+    pub async fn discover_nfc_authenticators(&mut self) -> Result<(), ()> {
+        self.send(BackendRequest::StartNfcDiscovery).await
+    }
+
+    pub async fn discover_usb_authenticators(&mut self) -> Result<(), ()> {
+        self.send(BackendRequest::StartUsbDiscovery).await
+    }
+
+    pub async fn enter_client_pin(&mut self, pin: String) -> Result<(), ()> {
+        self.send(BackendRequest::EnterClientPin(pin)).await
+    }
+
+    pub async fn select_credential(&self, credential_id: String) -> Result<(), ()> {
+        self.send(BackendRequest::SelectCredential(credential_id))
+            .await
+    }
+
+    pub async fn cancel_request(&self) -> Result<(), ()> {
+        self.send(BackendRequest::CancelRequest).await
+    }
+
+    /// Returns a channel for background events.
+    /// Can only be called once; returns an error if the subscription has already been taken.
+    pub async fn subscribe(&mut self) -> Result<Receiver<BackgroundEvent>, ()> {
+        self.rx.lock().await.take().ok_or_else(|| {
+            tracing::error!("Subscribe has already been called.");
+        })
+    }
+
+    async fn send(&self, request: BackendRequest) -> Result<(), ()> {
+        match self.tx.send(request).await {
+            Ok(_) => Ok(()),
+            Err(_) => Err(()),
+        }
+    }
+}