[webkit-changes] [295702] trunk/Source/WebKit/UIProcess/API/Cocoa/ _WKWebAuthenticationPanel.mm
Title: [295702] trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm Revision 295702 Author j_pas...@apple.com Date 2022-06-21 16:51:24 -0700 (Tue, 21 Jun 2022) Log Message [WebAuthn] Fix crash when making assertions https://bugs.webkit.org/show_bug.cgi?id=241814 rdar://95618710 Reviewed by Brent Fulgham. We return an NSData inside _WKAuthenticatorAssertionResponse with ref count 0. To fix this, we use autorelease as we do in the _WKAuthenticatorAttestationResponse case. * Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (wkAuthenticatorAssertionResponse): Canonical link: https://commits.webkit.org/251707@main Modified Paths trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm (295701 => 295702) --- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2022-06-21 23:28:41 UTC (rev 295701) +++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2022-06-21 23:51:24 UTC (rev 295702) @@ -929,7 +929,7 @@ if (data.userHandle) userHandle = [NSData dataWithBytes:data.userHandle->data() length:data.userHandle->byteLength()]; -return adoptNS([[_WKAuthenticatorAssertionResponse alloc] initWithClientDataJSON:clientDataJSON rawId:[NSData dataWithBytes:data.rawId->data() length:data.rawId->byteLength()] extensionOutputsCBOR:toNSData(data.extensionOutputs->toCBOR()).get() authenticatorData:[NSData dataWithBytes:data.authenticatorData->data() length:data.authenticatorData->byteLength()] signature:[NSData dataWithBytes:data.signature->data() length:data.signature->byteLength()] userHandle:userHandle attachment:authenticatorAttachmentToWKAuthenticatorAttachment(attachment)]); +return adoptNS([[_WKAuthenticatorAssertionResponse alloc] initWithClientDataJSON:clientDataJSON rawId:[NSData dataWithBytes:data.rawId->data() length:data.rawId->byteLength()] extensionOutputsCBOR:toNSData(data.extensionOutputs->toCBOR()).autorelease() authenticatorData:[NSData dataWithBytes:data.authenticatorData->data() length:data.authenticatorData->byteLength()] signature:[NSData dataWithBytes:data.signature->data() length:data.signature->byteLength()] userHandle:userHandle attachment:authenticatorAttachmentToWKAuthenticatorAttachment(attachment)]); } #endif ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [295695] trunk/Source/WebKit/UIProcess/WebPageProxy.cpp
Title: [295695] trunk/Source/WebKit/UIProcess/WebPageProxy.cpp Revision 295695 Author j_pas...@apple.com Date 2022-06-21 15:34:05 -0700 (Tue, 21 Jun 2022) Log Message Only support downloading previews in captive portal mode https://bugs.webkit.org/show_bug.cgi?id=241741 Reviewed by Brent Fulgham. * Source/WebKit/UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::decidePolicyForResponseShared): Set policy for previews to download Canonical link: https://commits.webkit.org/251700@main Modified Paths trunk/Source/WebKit/UIProcess/WebPageProxy.cpp Diff Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.cpp (295694 => 295695) --- trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2022-06-21 22:11:33 UTC (rev 295694) +++ trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2022-06-21 22:34:05 UTC (rev 295695) @@ -320,6 +320,10 @@ #import #endif +#if USE(QUICK_LOOK) +#include +#endif + #define MESSAGE_CHECK(process, assertion) MESSAGE_CHECK_BASE(assertion, process->connection()) #define MESSAGE_CHECK_URL(process, url) MESSAGE_CHECK_BASE(checkURLReceivedFromCurrentOrPreviousWebProcess(process, url), process->connection()) #define MESSAGE_CHECK_COMPLETION(process, assertion, completion) MESSAGE_CHECK_COMPLETION_BASE(assertion, process->connection(), completion) @@ -5833,9 +5837,10 @@ #endif ), webPageID); }); -if (process->captivePortalMode() == WebProcessProxy::CaptivePortalMode::Enabled && MIMETypeRegistry::isPDFOrPostScriptMIMEType(navigationResponse->response().mimeType())) +#if USE(QUICK_LOOK) +if (process->captivePortalMode() == WebProcessProxy::CaptivePortalMode::Enabled && (MIMETypeRegistry::isPDFOrPostScriptMIMEType(navigationResponse->response().mimeType()) || PreviewConverter::supportsMIMEType(navigationResponse->response().mimeType( policyAction = PolicyAction::Download; - +#endif receivedPolicyDecision(policyAction, navigation.get(), nullptr, WTFMove(navigationResponse), WTFMove(sender)); }, ShouldExpectSafeBrowsingResult::No, ShouldExpectAppBoundDomainResult::No); ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [295694] trunk
Title: [295694] trunk Revision 295694 Author j_pas...@apple.com Date 2022-06-21 15:11:33 -0700 (Tue, 21 Jun 2022) Log Message NotificationEventEnabled should be enabled macOS Ventura+ https://bugs.webkit.org/show_bug.cgi?id=241605 rdar://94441142 Reviewed by Alex Christensen. * Source/WTF/wtf/PlatformEnable.h: This API should only be enabled on macOS 13 and later. * LayoutTests/TestExpectations: * LayoutTests/platform/mac-wk2/TestExpectations: * Tools/TestWebKitAPI/Tests/WebKitCocoa/PushAPI.mm: * Tools/TestWebKitAPI/Tests/WebKitCocoa/WebPushDaemon.mm: Update test expectations to account for these being macOS Ventura+ Canonical link: https://commits.webkit.org/251699@main Modified Paths trunk/LayoutTests/TestExpectations trunk/LayoutTests/platform/mac-wk2/TestExpectations trunk/Source/WTF/wtf/PlatformEnable.h trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/PushAPI.mm trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WebPushDaemon.mm Diff Modified: trunk/LayoutTests/TestExpectations (295693 => 295694) --- trunk/LayoutTests/TestExpectations 2022-06-21 22:08:27 UTC (rev 295693) +++ trunk/LayoutTests/TestExpectations 2022-06-21 22:11:33 UTC (rev 295694) @@ -1145,6 +1145,17 @@ webanimations/frame-rate [ Skip ] +# NOTIFICATION_EVENT is Ventura+ +http/tests/workers/service/shownotification-allowed-document.html [ Skip ] +http/tests/workers/service/shownotification-allowed.html [ Skip ] +http/tests/workers/service/shownotification-invalid-data.html [ Skip ] +http/wpt/push-api/pushEvent.any.serviceworker.html [ Skip ] +imported/w3c/web-platform-tests/notifications/idlharness.https.any.html [ Skip ] +imported/w3c/web-platform-tests/notifications/idlharness.https.any.serviceworker.html [ Skip ] +imported/w3c/web-platform-tests/notifications/idlharness.https.any.worker.html [ Skip ] +http/tests/workers/service/getnotifications-stop.html [ Skip ] +http/tests/workers/service/getnotifications.html [ Skip ] + #// # End platform-specific tests. #// Modified: trunk/LayoutTests/platform/mac-wk2/TestExpectations (295693 => 295694) --- trunk/LayoutTests/platform/mac-wk2/TestExpectations 2022-06-21 22:08:27 UTC (rev 295693) +++ trunk/LayoutTests/platform/mac-wk2/TestExpectations 2022-06-21 22:11:33 UTC (rev 295694) @@ -1717,3 +1717,14 @@ webkit.org/b/241265 [ Debug ] imported/w3c/web-platform-tests/html/rendering/replaced-elements/svg-embedded-sizing/svg-in-object-percentage.html [ Pass Crash ] webkit.org/b/241283 fast/animation/request-animation-frame-throttling-detached-iframe.html [ Pass Failure ] + +# NOTIFICATION_EVENT is Ventura+ +[ Ventura+ ] http/tests/workers/service/shownotification-allowed-document.html [ Pass ] +[ Ventura+ ] http/tests/workers/service/shownotification-allowed.html [ Pass ] +[ Ventura+ ] http/tests/workers/service/shownotification-invalid-data.html [ Pass ] +[ Ventura+ ] http/wpt/push-api/pushEvent.any.serviceworker.html [ Pass ] +[ Ventura+ ] imported/w3c/web-platform-tests/notifications/idlharness.https.any.html [ Pass ] +[ Ventura+ ] imported/w3c/web-platform-tests/notifications/idlharness.https.any.serviceworker.html [ Pass ] +[ Ventura+ ] imported/w3c/web-platform-tests/notifications/idlharness.https.any.worker.html [ Pass ] +[ Ventura+ ] http/tests/workers/service/getnotifications-stop.html [ Pass ] +[ Ventura+ ] http/tests/workers/service/getnotifications.html [ Pass ] Modified: trunk/Source/WTF/wtf/PlatformEnable.h (295693 => 295694) --- trunk/Source/WTF/wtf/PlatformEnable.h 2022-06-21 22:08:27 UTC (rev 295693) +++ trunk/Source/WTF/wtf/PlatformEnable.h 2022-06-21 22:11:33 UTC (rev 295694) @@ -956,7 +956,8 @@ #error "ENABLE(WEBXR_HANDS) requires ENABLE(WEBXR)" #endif -#if ENABLE(SERVICE_WORKER) && ENABLE(NOTIFICATIONS) +#if ENABLE(SERVICE_WORKER) && ENABLE(NOTIFICATIONS) \ +&& PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 13 #if !defined(ENABLE_NOTIFICATION_EVENT) #define ENABLE_NOTIFICATION_EVENT 1 #endif Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/PushAPI.mm (295693 => 295694) --- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/PushAPI.mm 2022-06-21 22:08:27 UTC (rev 295693) +++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/PushAPI.mm 2022-06-21 22:11:33 UTC (rev 295694) @@ -25,7 +25,7 @@ #import "config.h" -#if ENABLE(NOTIFICATIONS) +#if ENABLE(NOTIFICATIONS) && ENABLE(NOTIFICATION_EVENT) #import "DeprecatedGlobalValues.h" #import "HTTPServer.h" @@ -729,4 +729,4 @@ #endif // WK_HAVE_C_SPI -#endif // ENABLE(NOTIFICATIONS) +#endif // ENABLE(NOTIFICATIONS) && ENABLE(NOTIFICATION_EVENT) Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WebPushDaemon.mm (295693 => 295694) --- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WebPushDaemon.mm 2022-06-21 22:08:27 UTC (rev 295693) +++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WebPushDaemon.mm 2022-06-21
[webkit-changes] [295691] trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp
Title: [295691] trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp Revision 295691 Author j_pas...@apple.com Date 2022-06-21 14:50:42 -0700 (Tue, 21 Jun 2022) Log Message Disable system preview in captive portal mode https://bugs.webkit.org/show_bug.cgi?id=241739 rdar://90563679 Reviewed by Brent Fulgham. * Source/WebKit/WebProcess/WebPage/WebPage.cpp: (WebKit::adjustSettingsForCaptivePortal): Disable system preview when in captive portal mode. Canonical link: https://commits.webkit.org/251696@main Modified Paths trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp Diff Modified: trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp (295690 => 295691) --- trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2022-06-21 21:35:26 UTC (rev 295690) +++ trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2022-06-21 21:50:42 UTC (rev 295691) @@ -4141,6 +4141,9 @@ #if ENABLE(PDFJS) settings.setPdfJSViewerEnabled(true); #endif +#if USE(SYSTEM_PREVIEW) +settings.setSystemPreviewEnabled(false); +#endif settings.setAllowedMediaContainerTypes(store.getStringValueForKey(WebPreferencesKey::mediaContainerTypesAllowedInCaptivePortalModeKey())); settings.setAllowedMediaCodecTypes(store.getStringValueForKey(WebPreferencesKey::mediaCodecTypesAllowedInCaptivePortalModeKey())); ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [295690] trunk/Source/WebKit/UIProcess/API/C/WKPage.cpp
Title: [295690] trunk/Source/WebKit/UIProcess/API/C/WKPage.cpp Revision 295690 Author j_pas...@apple.com Date 2022-06-21 14:35:26 -0700 (Tue, 21 Jun 2022) Log Message Use PageIdentifier, not WebPageProxy's identifier for WKPageGetIdentifier https://bugs.webkit.org/show_bug.cgi?id=241701 rdar://problem/95332001 Reviewed by Chris Dumez. * Source/WebKit/UIProcess/API/C/WKPage.cpp: (WKPageGetIdentifier): Use webPageID, not identifier. Canonical link: https://commits.webkit.org/251695@main Modified Paths trunk/Source/WebKit/UIProcess/API/C/WKPage.cpp Diff Modified: trunk/Source/WebKit/UIProcess/API/C/WKPage.cpp (295689 => 295690) --- trunk/Source/WebKit/UIProcess/API/C/WKPage.cpp 2022-06-21 21:27:16 UTC (rev 295689) +++ trunk/Source/WebKit/UIProcess/API/C/WKPage.cpp 2022-06-21 21:35:26 UTC (rev 295690) @@ -3191,5 +3191,5 @@ uint64_t WKPageGetIdentifier(WKPageRef pageRef) { -return toImpl(pageRef)->identifier().toUInt64(); +return toImpl(pageRef)->webPageID().toUInt64(); } ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [295641] trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/ LocalAuthenticator.mm
Title: [295641] trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm Revision 295641 Author j_pas...@apple.com Date 2022-06-17 11:57:08 -0700 (Fri, 17 Jun 2022) Log Message [WebAuthn] Upgrading a legacy platform credential to a passkey does not delete the legacy credential https://bugs.webkit.org/show_bug.cgi?id=241608 rdar://95059952 Reviewed by Brent Fulgham. * Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: (WebKit::LocalAuthenticator::deleteDuplicateCredential const): Query credentials by user handle, regardless of sync status to properly remove legacy credentials. Canonical link: https://commits.webkit.org/251646@main Modified Paths trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm Diff Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm (295640 => 295641) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2022-06-17 18:03:22 UTC (rev 295640) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2022-06-17 18:57:08 UTC (rev 295641) @@ -670,15 +670,14 @@ if (memcmp(userHandle->data(), creationOptions.user.id.data(), userHandle->byteLength())) return false; -auto query = adoptNS([[NSMutableDictionary alloc] init]); -[query setDictionary:@{ +NSDictionary *query = @{ (id)kSecClass: (id)kSecClassKey, (id)kSecAttrApplicationLabel: toNSData(credential->rawId()).get(), +(id)kSecAttrSynchronizable: (id)kSecAttrSynchronizableAny, (id)kSecUseDataProtectionKeychain: @YES -}]; -updateQueryIfNecessary(query.get()); +}; -OSStatus status = SecItemDelete((__bridge CFDictionaryRef)query.get()); +OSStatus status = SecItemDelete((__bridge CFDictionaryRef)query); if (status && status != errSecItemNotFound) LOG_ERROR(makeString("Couldn't delete older credential: "_s, status).utf8().data()); return true; ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [295617] trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/ LocalAuthenticator.mm
Title: [295617] trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm Revision 295617 Author j_pas...@apple.com Date 2022-06-16 16:52:58 -0700 (Thu, 16 Jun 2022) Log Message [WebAuthn] Stop using decidePolicyForLocalAuthenticator https://bugs.webkit.org/show_bug.cgi?id=241614 rdar://95066808 Reviewed by Brent Fulgham. * Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: (WebKit::LocalAuthenticator::makeCredential): Previously, in the browser ui delegate based flow, consent would be given for the platform authenticator after selecting it. In the new flow you must consent to the platform authenticator before getting here, so decidePolicyForLocalAuthenticator is no longer needed. Canonical link: https://commits.webkit.org/251622@main Modified Paths trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm Diff Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm (295616 => 295617) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2022-06-16 23:37:37 UTC (rev 295616) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2022-06-16 23:52:58 UTC (rev 295617) @@ -262,19 +262,7 @@ ASSERT(rawId); return excludeCredentialIds.contains(base64EncodeToString(rawId->data(), rawId->byteLength())); })) { -// Obtain consent per Step 3.1 -auto callback = [weakThis = WeakPtr { *this }] (LocalAuthenticatorPolicy policy) { -RELEASE_ASSERT(RunLoop::isMain()); -if (!weakThis) -return; - -if (policy == LocalAuthenticatorPolicy::Allow) -weakThis->receiveException({ InvalidStateError, "At least one credential matches an entry of the excludeCredentials list in the platform attached authenticator."_s }, WebAuthenticationStatus::LAExcludeCredentialsMatched); -else -weakThis->receiveException({ NotAllowedError, "This request has been cancelled by the user."_s }); -}; -// Similar to below, consent has already been given. -observer()->decidePolicyForLocalAuthenticator(WTFMove(callback)); +receiveException({ InvalidStateError, "At least one credential matches an entry of the excludeCredentials list in the platform attached authenticator."_s }, WebAuthenticationStatus::LAExcludeCredentialsMatched); return; } } ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [295616] trunk/Source
Title: [295616] trunk/Source Revision 295616 Author j_pas...@apple.com Date 2022-06-16 16:37:37 -0700 (Thu, 16 Jun 2022) Log Message [WebAuthn] Rename cable transport to hybrid https://bugs.webkit.org/show_bug.cgi?id=241691 rdar://problem/95312126 Reviewed by Brent Fulgham. This transport got renamed in https://github.com/fido-alliance/fido-2-specs/issues/1332 Hybrid is the name that should be used in AuthenticatorTransport, we continue to recgnize the old string. * Source/WebCore/Modules/webauthn/AuthenticatorTransport.h: * Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp: (fido::toString): * Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp: (fido::convertStringToAuthenticatorTransport): * Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: (WebKit::LocalAuthenticatorInternal::transports): * Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: (WebKit::toASCDescriptor): Canonical link: https://commits.webkit.org/251621@main Modified Paths trunk/Source/WebCore/Modules/webauthn/AuthenticatorTransport.h trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h trunk/Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp trunk/Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm Diff Modified: trunk/Source/WebCore/Modules/webauthn/AuthenticatorTransport.h (295615 => 295616) --- trunk/Source/WebCore/Modules/webauthn/AuthenticatorTransport.h 2022-06-16 23:23:20 UTC (rev 295615) +++ trunk/Source/WebCore/Modules/webauthn/AuthenticatorTransport.h 2022-06-16 23:37:37 UTC (rev 295616) @@ -36,7 +36,8 @@ Nfc, Ble, Internal, -Cable +Cable, +Hybrid }; } // namespace WebCore @@ -50,7 +51,8 @@ WebCore::AuthenticatorTransport::Nfc, WebCore::AuthenticatorTransport::Ble, WebCore::AuthenticatorTransport::Internal, -WebCore::AuthenticatorTransport::Cable +WebCore::AuthenticatorTransport::Cable, +WebCore::AuthenticatorTransport::Hybrid >; }; Modified: trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h (295615 => 295616) --- trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h 2022-06-16 23:23:20 UTC (rev 295615) +++ trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h 2022-06-16 23:37:37 UTC (rev 295616) @@ -95,6 +95,7 @@ constexpr auto authenticatorTransportBle = "ble"_s; constexpr auto authenticatorTransportInternal = "internal"_s; constexpr auto authenticatorTransportCable = "cable"_s; +constexpr auto authenticatorTransportHybrid = "hybrid"_s; } // namespace WebCore Modified: trunk/Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp (295615 => 295616) --- trunk/Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp 2022-06-16 23:23:20 UTC (rev 295615) +++ trunk/Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp 2022-06-16 23:37:37 UTC (rev 295616) @@ -100,6 +100,8 @@ break; case WebCore::AuthenticatorTransport::Cable: return WebCore::authenticatorTransportCable; +case WebCore::AuthenticatorTransport::Hybrid: +return WebCore::authenticatorTransportHybrid; default: break; } Modified: trunk/Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp (295615 => 295616) --- trunk/Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp 2022-06-16 23:23:20 UTC (rev 295615) +++ trunk/Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp 2022-06-16 23:37:37 UTC (rev 295616) @@ -66,6 +66,8 @@ return AuthenticatorTransport::Internal; if (transport == authenticatorTransportCable) return AuthenticatorTransport::Cable; +if (transport == authenticatorTransportHybrid) +return AuthenticatorTransport::Hybrid; return std::nullopt; } Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm (295615 => 295616) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2022-06-16 23:23:20 UTC (rev 295615) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2022-06-16 23:37:37 UTC (rev 295616) @@ -200,7 +200,7 @@ { Vector transports = { WebCore::AuthenticatorTransport::Internal }; if (shouldUpdateQuery()) -transports.append(WebCore::AuthenticatorTransport::Cable); +transports.append(WebCore::AuthenticatorTransport::Hybrid); return transports; } Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm (295615 => 295616) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-06-16 23:23:20 UTC (rev 295615) +++ trunk/Source
[webkit-changes] [295506] trunk/Source
Title: [295506] trunk/Source Revision 295506 Author j_pas...@apple.com Date 2022-06-13 17:21:10 -0700 (Mon, 13 Jun 2022) Log Message [WebAuthn] CTAP2_ERR_USER_ACTION_TIMEOUT isn't handled properly https://bugs.webkit.org/show_bug.cgi?id=241565 rdar://95040155 Reviewed by Brent Fulgham. Authenticators will time out operations after so many seconds of waiting for user interaction, returning an error of CTAP2_ERR_USER_ACTION_TIMEOUT. This patch handles that error by reissuing the request, instead of letting it go to U2F fallback and failing there with "no credentials found." Tested with a Yubikey 5c. * Source/WebCore/Modules/webauthn/fido/FidoConstants.cpp: (fido::isCtapDeviceResponseCode): * Source/WebCore/Modules/webauthn/fido/FidoConstants.h: * Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp: (WebKit::CtapAuthenticator::continueMakeCredentialAfterResponseReceived): (WebKit::CtapAuthenticator::continueGetAssertionAfterResponseReceived): Canonical link: https://commits.webkit.org/251511@main Modified Paths trunk/Source/WebCore/Modules/webauthn/fido/FidoConstants.cpp trunk/Source/WebCore/Modules/webauthn/fido/FidoConstants.h trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp Diff Modified: trunk/Source/WebCore/Modules/webauthn/fido/FidoConstants.cpp (295505 => 295506) --- trunk/Source/WebCore/Modules/webauthn/fido/FidoConstants.cpp 2022-06-13 23:42:46 UTC (rev 295505) +++ trunk/Source/WebCore/Modules/webauthn/fido/FidoConstants.cpp 2022-06-14 00:21:10 UTC (rev 295506) @@ -82,6 +82,7 @@ case CtapDeviceResponseCode::kCtap2ErrPinPolicyViolation: case CtapDeviceResponseCode::kCtap2ErrPinTokenExpired: case CtapDeviceResponseCode::kCtap2ErrRequestTooLarge: +case CtapDeviceResponseCode::kCtap2ErrActionTimeout: case CtapDeviceResponseCode::kCtap2ErrOther: case CtapDeviceResponseCode::kCtap2ErrSpecLast: case CtapDeviceResponseCode::kCtap2ErrExtensionFirst: Modified: trunk/Source/WebCore/Modules/webauthn/fido/FidoConstants.h (295505 => 295506) --- trunk/Source/WebCore/Modules/webauthn/fido/FidoConstants.h 2022-06-13 23:42:46 UTC (rev 295505) +++ trunk/Source/WebCore/Modules/webauthn/fido/FidoConstants.h 2022-06-14 00:21:10 UTC (rev 295506) @@ -98,6 +98,7 @@ kCtap2ErrPinPolicyViolation = 0x37, kCtap2ErrPinTokenExpired = 0x38, kCtap2ErrRequestTooLarge = 0x39, +kCtap2ErrActionTimeout = 0x3A, kCtap2ErrOther = 0x7F, kCtap2ErrSpecLast = 0xDF, kCtap2ErrExtensionFirst = 0xE0, Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp (295505 => 295506) --- trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp 2022-06-13 23:42:46 UTC (rev 295505) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp 2022-06-14 00:21:10 UTC (rev 295506) @@ -119,6 +119,11 @@ if (!response) { auto error = getResponseCode(data); +if (error == CtapDeviceResponseCode::kCtap2ErrActionTimeout) { +makeCredential(); +return; +} + if (error == CtapDeviceResponseCode::kCtap2ErrCredentialExcluded) { receiveRespond(ExceptionData { InvalidStateError, "At least one credential matches an entry of the excludeCredentials list in the authenticator."_s }); return; @@ -173,6 +178,11 @@ if (!response) { auto error = getResponseCode(data); +if (error == CtapDeviceResponseCode::kCtap2ErrActionTimeout) { +getAssertion(); +return; +} + if (!isPinError(error) && tryDowngrade()) return; ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [295407] trunk/Source
Title: [295407] trunk/Source Revision 295407 Author j_pas...@apple.com Date 2022-06-08 17:55:13 -0700 (Wed, 08 Jun 2022) Log Message [WebAuthn] Support credProps extension and refactor extension handling https://bugs.webkit.org/show_bug.cgi?id=241199 rdar://90281799 Reviewed by Brent Fulgham. This patch implements the credProps Web Authentication extension specified here: https://www.w3.org/TR/webauthn-2/#sctn-authenticator-credential-properties-extension This extension provides information about the created credential to the relying party, at this time this is only the resident key credential property. This is useful information for RPs to enable passwordless flows. The patch also refactors how we ferry extension inputs/outputs between WebKit and Authentication Services. We now passthrough inputs and outputs as a cbor serialized blob. This is well specified as described here: https://www.w3.org/TR/webauthn-2/#sctn-extensions-inputs-outputs This extension is covered by the web platform test webauthn/createcredential-resident-key.https.html. * Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.cpp: Added. (WebCore::AuthenticationExtensionsClientInputs::fromCBOR): (WebCore::AuthenticationExtensionsClientInputs::toCBOR const): * Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.h: * Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.idl: * Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.cpp: Added. (WebCore::AuthenticationExtensionsClientOutputs::fromCBOR): (WebCore::AuthenticationExtensionsClientOutputs::toCBOR const): * Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.h: (WebCore::AuthenticationExtensionsClientOutputs::encode const): (WebCore::AuthenticationExtensionsClientOutputs::decode): (WebCore::AuthenticationExtensionsClientOutputs::CredentialPropertiesOutput::encode const): (WebCore::AuthenticationExtensionsClientOutputs::CredentialPropertiesOutput::decode): * Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.idl: * Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp: (WebCore::AuthenticatorCoordinator::create const): * Source/WebCore/Modules/webauthn/AuthenticatorResponse.cpp: (WebCore::AuthenticatorResponse::tryCreate): (WebCore::AuthenticatorResponse::data const): * Source/WebCore/Modules/webauthn/AuthenticatorResponse.h: * Source/WebCore/Modules/webauthn/AuthenticatorResponseData.h: (WebCore::AuthenticatorResponseData::encode const): (WebCore::AuthenticatorResponseData::decode): * Source/WebCore/WebCore.xcodeproj/project.pbxproj: * Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h: * Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAssertionResponse.mm: (-[_WKAuthenticatorAssertionResponse initWithClientDataJSON:rawId:extensionOutputsCBOR:authenticatorData:signature:userHandle:attachment:]): * Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAssertionResponseInternal.h: * Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponse.mm: (-[_WKAuthenticatorAttestationResponse initWithClientDataJSON:rawId:extensionOutputsCBOR:attestationObject:attachment:transports:]): * Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponseInternal.h: * Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponse.h: * Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponse.mm: (-[_WKAuthenticatorResponse initWithClientDataJSON:rawId:extensionOutputsCBOR:attachment:]): * Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponseInternal.h: * Source/WebKit/UIProcess/API/Cocoa/_WKPublicKeyCredentialCreationOptions.h: * Source/WebKit/UIProcess/API/Cocoa/_WKPublicKeyCredentialCreationOptions.mm: (-[_WKPublicKeyCredentialCreationOptions dealloc]): * Source/WebKit/UIProcess/API/Cocoa/_WKPublicKeyCredentialRequestOptions.h: * Source/WebKit/UIProcess/API/Cocoa/_WKPublicKeyCredentialRequestOptions.mm: (-[_WKPublicKeyCredentialRequestOptions dealloc]): * Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (toNSData): (+[_WKWebAuthenticationPanel convertToCoreCreationOptionsWithOptions:]): (wkAuthenticatorAttestationResponse): (wkAuthenticatorAssertionResponse): (wkExtensionsClientOutputs): Deleted. * Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.h: * Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: (WebKit::LocalAuthenticator::processClientExtensions): (WebKit::LocalAuthenticator::continueMakeCredentialAfterUserVerification): (WebKit::LocalAuthenticator::continueMakeCredentialAfterAttested): (WebKit::LocalAuthenticator::continueGetAssertionAfterUserVerification): * Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: (WebKit::configureRegistrationRequestContext): (WebKit::configureAssertionOptions): (WebKit::toExtensionOutputs): (WebKit::continueAfterRequest): * Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp: (WebKit::CtapAuthenticator::
[webkit-changes] [295070] trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/ WebAuthenticatorCoordinatorProxy.mm
Title: [295070] trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm Revision 295070 Author j_pas...@apple.com Date 2022-05-31 15:24:11 -0700 (Tue, 31 May 2022) Log Message [WebAuthn][ios] weakThis not checked before clearing ASCProxy https://bugs.webkit.org/show_bug.cgi?id=241029 rdar://93932684 Reviewed by Brent Fulgham. This issue causes crashes after cancelling some types of requests. This change has been tested on device to verify it fixes the crash. * Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: Canonical link: https://commits.webkit.org/251165@main Modified Paths trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm Diff Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm (295069 => 295070) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-05-31 22:22:07 UTC (rev 295069) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-05-31 22:24:11 UTC (rev 295070) @@ -446,7 +446,8 @@ return; } continueAfterRequest(credential, error, WTFMove(handler)); -weakThis->m_proxy.clear(); +if (weakThis->m_proxy) +weakThis->m_proxy.clear(); }); }).get()]; return; @@ -462,7 +463,7 @@ if (!weakThis || !daemonEndpoint) { LOG_ERROR("Could not connect to authorization daemon: %@\n", error.get()); handler({ }, (AuthenticatorAttachment)0, ExceptionData { NotAllowedError, "Operation failed."_s }); -if (weakThis) +if (weakThis && weakThis->m_proxy) weakThis->m_proxy.clear(); return; } @@ -473,7 +474,8 @@ auto error = retainPtr(errorNotRetain); #endif continueAfterRequest(credential, error, WTFMove(handler)); -weakThis->m_proxy.clear(); +if (weakThis && weakThis->m_proxy) +weakThis->m_proxy.clear(); #if PLATFORM(MAC) }).get()]; #endif ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [294975] trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/ TestSOAuthorization.mm
Title: [294975] trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm Revision 294975 Author j_pas...@apple.com Date 2022-05-27 18:46:33 -0700 (Fri, 27 May 2022) Log Message [ iOS ] TestWebKitAPI.SOAuthorizationSubFrame.InterceptionErrorWithReferrer is a flaky timeout https://bugs.webkit.org/show_bug.cgi?id=239311 Reviewed by Brent Fulgham. There is a race condition when using waitForMessage that we hit here, causing flaky tests on some bots. This patch avoids this by specifying the messages waited for before loading the request. * Tools/TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm: (-[TestSOAuthorizationScriptMessageHandler initWithExpectation:]): (-[TestSOAuthorizationScriptMessageHandler userContentController:didReceiveScriptMessage:]): (TestWebKitAPI::TEST): Canonical link: https://commits.webkit.org/251079@main Modified Paths trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm Diff Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm (294974 => 294975) --- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm 2022-05-28 01:23:18 UTC (rev 294974) +++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm 2022-05-28 01:46:33 UTC (rev 294975) @@ -250,28 +250,24 @@ @implementation TestSOAuthorizationScriptMessageHandler { RetainPtr _messages; +RetainPtr _expectedMessages; } +- (instancetype)initWithExpectation:(NSArray *)expectedMessages +{ +_messages = adoptNS([[NSMutableArray alloc] init]); +_expectedMessages = expectedMessages; +return self; +} + - (void)userContentController:(WKUserContentController *)userContentController didReceiveScriptMessage:(WKScriptMessage *)message { -if (!_messages) -_messages = adoptNS([[NSMutableArray alloc] init]); +auto curIndex = [_messages count]; [_messages addObject:message.body]; - -if ([message.body isEqual:@""]) { +if ([_messages count] == [_expectedMessages count]) allMessagesReceived = true; -EXPECT_EQ([_messages count], 5u); -EXPECT_WK_STREQ("SOAuthorizationDidStart", [_messages objectAtIndex:1]); -EXPECT_WK_STREQ("SOAuthorizationDidCancel", [_messages objectAtIndex:3]); -EXPECT_WK_STREQ("", [_messages objectAtIndex:4]); -} - -if ([message.body isEqual:@"Hello."]) { -allMessagesReceived = true; -EXPECT_EQ([_messages count], 4u); -EXPECT_WK_STREQ("SOAuthorizationDidStart", [_messages objectAtIndex:1]); -EXPECT_WK_STREQ("Hello.", [_messages objectAtIndex:3]); -} +if (curIndex < [_expectedMessages count] && [_expectedMessages objectAtIndex:curIndex] != [NSNull null]) +EXPECT_WK_STREQ([_expectedMessages objectAtIndex:curIndex], [_messages objectAtIndex:curIndex]); } @end @@ -2635,7 +2631,7 @@ } // FIXME: https://bugs.webkit.org/show_bug.cgi?id=239311 -TEST(SOAuthorizationSubFrame, DISABLED_InterceptionErrorWithReferrer) +TEST(SOAuthorizationSubFrame, InterceptionErrorWithReferrer) { resetState(); ClassMethodSwizzler swizzler1(PAL::getSOAuthorizationClass(), @selector(canPerformAuthorizationWithURL:responseCode:), reinterpret_cast(overrideCanPerformAuthorizationWithURL)); @@ -2668,21 +2664,22 @@ }); }); }); +auto configuration = adoptNS([[WKWebViewConfiguration alloc] init]); +auto origin = makeString("http://127.0.0.1:", server.port()); -auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]); +auto messageHandler = adoptNS([[TestSOAuthorizationScriptMessageHandler alloc] initWithExpectation:@[origin, @"SOAuthorizationDidStart", origin, @"SOAuthorizationDidCancel", origin, @"Hello.", origin, makeString("Referrer: ", origin, "/")]]); +[[configuration userContentController] addScriptMessageHandler:messageHandler.get() name:@"testHandler"]; +auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500) configuration:configuration.get()]); auto delegate = adoptNS([[TestSOAuthorizationDelegate alloc] init]); configureSOAuthorizationWebView(webView.get(), delegate.get()); -auto origin = makeString("http://127.0.0.1:", server.port()); [webView _loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:(id)origin]] shouldOpenExternalURLs:NO]; -[webView waitForMessage:(id)origin]; -[webView waitForMessage:@"SOAuthorizationDidStart"]; + +Util::run(&authorizationPerformed); EXPECT_TRUE(policyForAppSSOPerformed); [gDelegate authorization:gAuthorization didCompleteWithError:adoptNS([[NSError alloc] initWithDomain:NSCocoaErrorDomain code:0 userInfo:nil]).get()]; -[webView waitForMessage:(id)origin]; -[webView waitForMessage:@"SOAuthorizationDidCancel"]; -[webView waitForMessage:(id)makeString("Referrer: ", origin, "/")]; // Referrer policy requires '/' after origin. +Util::run(&allMessagesReceived); } TEST(SOAuthorizationSub
[webkit-changes] [294950] trunk/Source
Title: [294950] trunk/Source Revision 294950 Author j_pas...@apple.com Date 2022-05-27 13:14:24 -0700 (Fri, 27 May 2022) Log Message [WebAuthn] Forward declare ASC SPI for internal needs. https://bugs.webkit.org/show_bug.cgi?id=240928 rdar://problem/93930713 Reviewed by Brent Fulgham. This fixes the build after an internal change for older macOS. * Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h: * Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: Remove unused import that isn't present in older macOS sdk. Canonical link: https://commits.webkit.org/251058@main Modified Paths trunk/Source/WTF/wtf/PlatformHave.h trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm Diff Modified: trunk/Source/WTF/wtf/PlatformHave.h (294949 => 294950) --- trunk/Source/WTF/wtf/PlatformHave.h 2022-05-27 19:54:52 UTC (rev 294949) +++ trunk/Source/WTF/wtf/PlatformHave.h 2022-05-27 20:14:24 UTC (rev 294950) @@ -830,6 +830,11 @@ #define HAVE_ASC_AUTH_UI 1 #endif +#if PLATFORM(IOS) \ +|| (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 12) +#define HAVE_ASC_WEBKIT_SPI 1 +#endif + #if PLATFORM(MAC) #if !defined(HAVE_MT_PLUGIN_FORMAT_READER) #define HAVE_MT_PLUGIN_FORMAT_READER 1 Modified: trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h (294949 => 294950) --- trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h 2022-05-27 19:54:52 UTC (rev 294949) +++ trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h 2022-05-27 20:14:24 UTC (rev 294950) @@ -27,7 +27,7 @@ #if HAVE(ASC_AUTH_UI) || HAVE(UNIFIED_ASC_AUTH_UI) -#if USE(APPLE_INTERNAL_SDK) +#if USE(APPLE_INTERNAL_SDK) && HAVE(ASC_WEBKIT_SPI) #import #else @interface ASCWebKitSPISupport : NSObject Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm (294949 => 294950) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-05-27 19:54:52 UTC (rev 294949) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-05-27 20:14:24 UTC (rev 294950) @@ -32,7 +32,6 @@ #import "WKError.h" #import "WebAuthenticationRequestData.h" #import "WebPageProxy.h" -#import #import #import #import ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [294812] trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/ _WKWebAuthenticationPanel.mm
Title: [294812] trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Revision 294812 Author j_pas...@apple.com Date 2022-05-25 11:33:57 -0700 (Wed, 25 May 2022) Log Message REGRESSION (r294434): [ iOS ] TestWebKitAPI.WebAuthenticationPanel.ExportImportDuplicateCredential is a consistent failure https://bugs.webkit.org/show_bug.cgi?id=240686 Reviewed by Brent Fulgham. The sync flag may differ at runtime due to internal reasons. This patch modifies the test to support either value of the flag. * Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (TestWebKitAPI::TEST): Canonical link: https://commits.webkit.org/250966@main Modified Paths trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm (294811 => 294812) --- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2022-05-25 18:13:09 UTC (rev 294811) +++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2022-05-25 18:33:57 UTC (rev 294812) @@ -2285,7 +2285,7 @@ reset(); cleanUpKeychain(emptyString()); -addKeyToKeychain(testES256PrivateKeyBase64, "example.com"_s, testUserEntityBundleBase64, true /* synchronized */); +addKeyToKeychain(testES256PrivateKeyBase64, "example.com"_s, testUserEntityBundleBase64); auto *credentials = [_WKWebAuthenticationPanel getAllLocalAuthenticatorCredentialsWithAccessGroup:testWebKitAPIAccessGroup]; EXPECT_NOT_NULL(credentials); @@ -2294,8 +2294,16 @@ EXPECT_NOT_NULL([credentials firstObject]); NSError *error = nil; auto exportedKey = [_WKWebAuthenticationPanel exportLocalAuthenticatorCredentialWithID:[credentials firstObject][_WKLocalAuthenticatorCredentialIDKey] error:&error]; +cleanUpKeychain("example.com"_s); auto credentialId = [_WKWebAuthenticationPanel importLocalAuthenticatorWithAccessGroup:testWebKitAPIAccessGroup credential:exportedKey error:&error]; + +credentials = [_WKWebAuthenticationPanel getAllLocalAuthenticatorCredentialsWithAccessGroup:testWebKitAPIAccessGroup]; +EXPECT_NOT_NULL(credentials); +EXPECT_EQ([credentials count], 1lu); +addKeyToKeychain(testES256PrivateKeyBase64, "example.com"_s, testUserEntityBundleBase64, [credentials firstObject][_WKLocalAuthenticatorCredentialSynchronizableKey]); + +credentialId = [_WKWebAuthenticationPanel importLocalAuthenticatorWithAccessGroup:testWebKitAPIAccessGroup credential:exportedKey error:&error]; EXPECT_EQ(credentialId, nil); EXPECT_EQ(error.code, WKErrorDuplicateCredential); ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [294434] trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/ _WKWebAuthenticationPanel.mm
Title: [294434] trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Revision 294434 Author j_pas...@apple.com Date 2022-05-18 14:28:09 -0700 (Wed, 18 May 2022) Log Message REGRESSION (442fcb1ea6f?): TestWebKitAPI.WebAuthenticationPanel.ExportImportDuplicateCredential is failing https://bugs.webkit.org/show_bug.cgi?id=240534 rdar://93267243 Reviewed by Brent Fulgham. The default for a flag relevant to syncing has changed in test infrastructure. This change fixes this test by using the sync=1 flag as set by default when importing credentials. * Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (TestWebKitAPI::TEST): Canonical link: https://commits.webkit.org/250713@main Modified Paths trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm (294433 => 294434) --- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2022-05-18 21:27:14 UTC (rev 294433) +++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2022-05-18 21:28:09 UTC (rev 294434) @@ -2388,7 +2388,7 @@ reset(); cleanUpKeychain(emptyString()); -addKeyToKeychain(testES256PrivateKeyBase64, "example.com"_s, testUserEntityBundleBase64); +addKeyToKeychain(testES256PrivateKeyBase64, "example.com"_s, testUserEntityBundleBase64, true /* synchronized */); auto *credentials = [_WKWebAuthenticationPanel getAllLocalAuthenticatorCredentialsWithAccessGroup:testWebKitAPIAccessGroup]; EXPECT_NOT_NULL(credentials); ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [294332] trunk
Title: [294332] trunk Revision 294332 Author j_pas...@apple.com Date 2022-05-17 12:09:56 -0700 (Tue, 17 May 2022) Log Message [WebAuthn] Add SPI to update platform credential's displayName https://bugs.webkit.org/show_bug.cgi?id=240471 Reviewed by Brent Fulgham. * Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (TestWebKitAPI::TEST): Updated API test. * Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: * Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (+[_WKWebAuthenticationPanel setUsernameForLocalCredentialWithGroupAndID:credential:username:]): (+[_WKWebAuthenticationPanel setDisplayNameForLocalCredentialWithGroupAndID:credential:displayName:]): This change introduces setDisplayNameForLocalCredentialWithGroupAndID, which will supercede the existing setUsernameForLocalCredentialWithGroupAndID once all callers are updated. Canonical link: https://commits.webkit.org/250652@main Modified Paths trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h (294331 => 294332) --- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h 2022-05-17 19:02:27 UTC (rev 294331) +++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h 2022-05-17 19:09:56 UTC (rev 294332) @@ -128,6 +128,7 @@ + (void)clearAllLocalAuthenticatorCredentials WK_API_AVAILABLE(macos(12.0), ios(15.0)); + (void)setUsernameForLocalCredentialWithID:(NSData *)credentialID username: (NSString *)username WK_API_AVAILABLE(macos(12.0), ios(15.0)); + (void)setUsernameForLocalCredentialWithGroupAndID:(NSString * _Nullable)group credential:(NSData *)credentialID username: (NSString *)username WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); ++ (void)setDisplayNameForLocalCredentialWithGroupAndID:(NSString * _Nullable)group credential:(NSData *)credentialID displayName: (NSString *)displayName WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); + (NSData *)exportLocalAuthenticatorCredentialWithID:(NSData *)credentialID error:(NSError **)error WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); + (NSData *)exportLocalAuthenticatorCredentialWithGroupAndID:(NSString * _Nullable)group credential:(NSData *)credentialID error:(NSError **)error WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm (294331 => 294332) --- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2022-05-17 19:02:27 UTC (rev 294331) +++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2022-05-17 19:09:56 UTC (rev 294332) @@ -363,6 +363,7 @@ [self setUsernameForLocalCredentialWithGroupAndID:nil credential:credentialID username:username]; } +// rdar://93366441 - Remove this method once callers updated + (void)setUsernameForLocalCredentialWithGroupAndID:(NSString *)group credential:(NSData *)credentialID username: (NSString *)username { #if ENABLE(WEB_AUTHN) @@ -428,7 +429,71 @@ #endif } ++ (void)setDisplayNameForLocalCredentialWithGroupAndID:(NSString *)group credential:(NSData *)credentialID displayName: (NSString *)displayName +{ #if ENABLE(WEB_AUTHN) +auto query = adoptNS([[NSMutableDictionary alloc] init]); +[query setDictionary:@{ +(__bridge id)kSecClass: bridge_id_cast(kSecClassKey), +(__bridge id)kSecReturnAttributes: @YES, +(__bridge id)kSecAttrApplicationLabel: credentialID, +(__bridge id)kSecReturnPersistentRef : bridge_id_cast(kCFBooleanTrue), +(__bridge id)kSecAttrSynchronizable: (id)kSecAttrSynchronizableAny, +(__bridge id)kSecUseDataProtectionKeychain: @YES +}]; +updateQueryForGroupIfNecessary(query.get(), group); + +CFTypeRef attributesArrayRef = nullptr; +OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query.get(), &attributesArrayRef); +if (status && status != errSecItemNotFound) { +ASSERT_NOT_REACHED(); +return; +} +NSDictionary *attributes = (__bridge NSDictionary *)attributesArrayRef; +auto decodedResponse = cbor::CBORReader::read(vectorFromNSData(attributes[bridge_id_cast(kSecAttrApplicationTag)])); +if (!decodedResponse || !decodedResponse->isMap()) { +ASSERT_NOT_REACHED(); +return; +} +auto& previousUserMap = decodedResponse->getMap(); + +bool nameSet = false; +cbor::CBORValue::MapValue updatedUserMap; +for (auto it = previousUserMap.begin(); it != previousUserMap.end(); ++it) { +if (it->first.isString() && it->first.getString() == fido::kDisplayNameMapKey) { +if (displayName) +updatedUserMap[it->first.clone()] = cbor::CBORValue(String(displayName)); +nameSet = true; +} else +
[webkit-changes] [294331] trunk
Title: [294331] trunk Revision 294331 Author j_pas...@apple.com Date 2022-05-17 12:02:27 -0700 (Tue, 17 May 2022) Log Message [WebAuthn] Set displayName in AuthenticatorAssertionResponse for platform authenticator https://bugs.webkit.org/show_bug.cgi?id=240459 Reviewed by Brent Fulgham. * Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (-[TestWebAuthenticationPanelDelegate panel:selectAssertionResponse:source:completionHandler:]): (TestWebKitAPI::TEST): Updated API test to account for displayName. * Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: (WebKit::LocalAuthenticatorInternal::getExistingCredentials): Canonical link: https://commits.webkit.org/250651@main Modified Paths trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm (294330 => 294331) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2022-05-17 17:53:44 UTC (rev 294330) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2022-05-17 19:02:27 UTC (rev 294331) @@ -187,6 +187,9 @@ response->setGroup(group); if ([[attributes allKeys] containsObject:bridge_cast(kSecAttrSynchronizable)]) response->setSynchronizable([attributes[(id)kSecAttrSynchronizable] isEqual:@YES]); +it = responseMap.find(CBOR(fido::kDisplayNameMapKey)); +if (it != responseMap.end() && it->second.isString()) +response->setDisplayName(it->second.getString()); result.uncheckedAppend(WTFMove(response)); } Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm (294330 => 294331) --- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2022-05-17 17:53:44 UTC (rev 294330) +++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2022-05-17 19:02:27 UTC (rev 294331) @@ -83,6 +83,7 @@ static String testUserEntityBundleBase64 = "omJpZEoAAQIDBAUGBwgJZG5hbWVkSm9obg=="_s; // { "id": h'00010203040506070809', "name": "John" } static String testUserEntityBundleNoUserHandleBase64 = "oWRuYW1lbE1DIE5vLUhhbmRsZQ=="_s; // {"name": "MC No-Handle"} static String webAuthenticationPanelSelectedCredentialName; +static String webAuthenticationPanelSelectedCredentialDisplayName; static String testWebKitAPIAccessGroup = "com.apple.TestWebKitAPI"_s; static String testWebKitAPIAlternateAccessGroup = "com.apple.TestWebKitAPIAlternate"_s; static bool laContextRequested = false; @@ -174,6 +175,7 @@ [object setLAContext:laContext.get()]; webAuthenticationPanelSelectedCredentialName = object.name; +webAuthenticationPanelSelectedCredentialDisplayName = object.displayName; completionHandler(object); return; } @@ -1510,7 +1512,7 @@ [webView focus]; ASSERT_TRUE(addKeyToKeychain(testES256PrivateKeyBase64, emptyString(), testUserEntityBundleBase64)); -ASSERT_TRUE(addKeyToKeychain("BBRoi2JbR0IXTeJmvXUp1YIuM4sph/Lu3eGf75F7n+HojHKG70a4R0rB2PQce5/SJle6T7OO5Cqet/LJZVM6NQ8yDDxWvayf71GTDp2yUtuIbqJLFVbpWymlj9WRizgX3A=="_s, emptyString(), "omJpZEoAAQIDBAUGBwgJZG5hbWVkSmFuZQ=="_s/* { "id": h'00010203040506070809', "name": "Jane" } */, true /* synchronizable */)); +ASSERT_TRUE(addKeyToKeychain("BBRoi2JbR0IXTeJmvXUp1YIuM4sph/Lu3eGf75F7n+HojHKG70a4R0rB2PQce5/SJle6T7OO5Cqet/LJZVM6NQ8yDDxWvayf71GTDp2yUtuIbqJLFVbpWymlj9WRizgX3A=="_s, emptyString(), "o2JpZEoAAQIDBAUGBwgJZG5hbWVkSmFuZWtkaXNwbGF5TmFtZWpKYW5lIFNtaXRo"_s/* { "id": h'00010203040506070809', "name": "Jane", "displayName": "Jane Smith" } */, true /* synchronizable */)); [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]]; [webView waitForMessage:@"Succeeded!"]; @@ -1519,6 +1521,7 @@ [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]]; [webView waitForMessage:@"Succeeded!"]; EXPECT_WK_STREQ(webAuthenticationPanelSelectedCredentialName, "Jane"); +EXPECT_WK_STREQ(webAuthenticationPanelSelectedCredentialDisplayName, "Jane Smith"); cleanUpKeychain(emptyString()); } ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [294242] trunk/Tools
Title: [294242] trunk/Tools Revision 294242 Author j_pas...@apple.com Date 2022-05-16 10:48:17 -0700 (Mon, 16 May 2022) Log Message (REGRESSION(r287957)[ Mac ] TestWebKitAPI.WebAuthenticationPanel.LAGetAssertionNoMockNoUserGesture is a constant timeout) https://bugs.webkit.org/show_bug.cgi?id=240403 rdar://93271671 Reviewed by Brent Fulgham. Whenever HAVE(UNIFIED_ASC_AUTH_UI), unmocked calls are passed to ASA, which does not support calls from TWAPI. * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (TestWebKitAPI::TEST): Modified Paths trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Tools/ChangeLog (294241 => 294242) --- trunk/Tools/ChangeLog 2022-05-16 17:43:08 UTC (rev 294241) +++ trunk/Tools/ChangeLog 2022-05-16 17:48:17 UTC (rev 294242) @@ -1,3 +1,17 @@ +2022-05-16 J Pascoe + +(REGRESSION(r287957)[ Mac ] TestWebKitAPI.WebAuthenticationPanel.LAGetAssertionNoMockNoUserGesture is a constant timeout) +https://bugs.webkit.org/show_bug.cgi?id=240403 +rdar://93271671 + +Reviewed by Brent Fulgham. + +Whenever HAVE(UNIFIED_ASC_AUTH_UI), unmocked calls are passed to ASA, which does not +support calls from TWAPI. + +* TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: +(TestWebKitAPI::TEST): + 2022-05-16 Youenn Fablet Make sure calling showNotification will extend the service worker lifetime Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm (294241 => 294242) --- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2022-05-16 17:43:08 UTC (rev 294241) +++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2022-05-16 17:48:17 UTC (rev 294242) @@ -1538,7 +1538,11 @@ [webView focus]; [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]]; +#if HAVE(UNIFIED_ASC_AUTH_UI) +[webView waitForMessage:@"Operation failed."]; +#else [webView waitForMessage:@"This request has been cancelled by the user."]; +#endif } TEST(WebAuthenticationPanel, LAGetAssertionMultipleOrder) ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [294241] trunk/Source/WebKit
Title: [294241] trunk/Source/WebKit Revision 294241 Author j_pas...@apple.com Date 2022-05-16 10:43:08 -0700 (Mon, 16 May 2022) Log Message REGRESSION (250501@main): [ Mac ] 2 TestWebKitAPI.WebAuthenticationPanel.GetAssertionLA tests failing https://bugs.webkit.org/show_bug.cgi?id=240406 rdar://93267082 Reviewed by Brent Fulgham. Using the the truthiness of BOOL from attributes doesn't work here, instead compare it to @YES. * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: (WebKit::LocalAuthenticatorInternal::getExistingCredentials): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm Diff Modified: trunk/Source/WebKit/ChangeLog (294240 => 294241) --- trunk/Source/WebKit/ChangeLog 2022-05-16 17:35:40 UTC (rev 294240) +++ trunk/Source/WebKit/ChangeLog 2022-05-16 17:43:08 UTC (rev 294241) @@ -1,3 +1,16 @@ +2022-05-16 J Pascoe + +REGRESSION (250501@main): [ Mac ] 2 TestWebKitAPI.WebAuthenticationPanel.GetAssertionLA tests failing +https://bugs.webkit.org/show_bug.cgi?id=240406 +rdar://93267082 + +Reviewed by Brent Fulgham. + +Using the the truthiness of BOOL from attributes doesn't work here, instead compare it to @YES. + +* UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: +(WebKit::LocalAuthenticatorInternal::getExistingCredentials): + 2022-05-16 Alex Christensen Use _adoptEffectiveConfiguration instead of a separate NSURLSession without credentials Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm (294240 => 294241) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2022-05-16 17:35:40 UTC (rev 294240) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2022-05-16 17:43:08 UTC (rev 294241) @@ -186,7 +186,7 @@ if (!group.isNull()) response->setGroup(group); if ([[attributes allKeys] containsObject:bridge_cast(kSecAttrSynchronizable)]) -response->setSynchronizable(attributes[(id)kSecAttrSynchronizable]); +response->setSynchronizable([attributes[(id)kSecAttrSynchronizable] isEqual:@YES]); result.uncheckedAppend(WTFMove(response)); } ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [294135] trunk/Source/WebCore
Title: [294135] trunk/Source/WebCore Revision 294135 Author j_pas...@apple.com Date 2022-05-12 18:02:49 -0700 (Thu, 12 May 2022) Log Message [WebAuthn] Remove document focus requirement for conditional mediation requests https://bugs.webkit.org/show_bug.cgi?id=240361 rdar://problem/93201070 Reviewed by Brent Fulgham. This is necessary so conditional mediation requests work when you open a page in a new tab. Conditional mediation requests do not support security keys and the request will be aborted if conditional mediation is not available. * Modules/credentialmanagement/CredentialsContainer.cpp: (WebCore::CredentialsContainer::get): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp Diff Modified: trunk/Source/WebCore/ChangeLog (294134 => 294135) --- trunk/Source/WebCore/ChangeLog 2022-05-13 00:55:25 UTC (rev 294134) +++ trunk/Source/WebCore/ChangeLog 2022-05-13 01:02:49 UTC (rev 294135) @@ -1,3 +1,18 @@ +2022-05-12 J Pascoe + +[WebAuthn] Remove document focus requirement for conditional mediation requests +https://bugs.webkit.org/show_bug.cgi?id=240361 +rdar://problem/93201070 + +Reviewed by Brent Fulgham. + +This is necessary so conditional mediation requests work when you open a page in +a new tab. Conditional mediation requests do not support security keys and the +request will be aborted if conditional mediation is not available. + +* Modules/credentialmanagement/CredentialsContainer.cpp: +(WebCore::CredentialsContainer::get): + 2022-05-12 Alan Bujtas TextBoxPainter::paintForeground: painting text with no marking/decoration should be simple Modified: trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp (294134 => 294135) --- trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp 2022-05-13 00:55:25 UTC (rev 294134) +++ trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp 2022-05-13 01:02:49 UTC (rev 294135) @@ -92,8 +92,8 @@ return; } -// Extra. -if (!m_document->hasFocus()) { +// The request will be aborted in WebAuthenticatorCoordinatorProxy if conditional mediation is not available. +if (options.mediation != CredentialRequestOptions::MediationRequirement::Conditional && !m_document->hasFocus()) { promise.reject(Exception { NotAllowedError, "The document is not focused."_s }); return; } ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [294122] trunk/Source
Title: [294122] trunk/Source Revision 294122 Author j_pas...@apple.com Date 2022-05-12 14:51:58 -0700 (Thu, 12 May 2022) Log Message [WebAuthn] Include backup state in authenticatorData https://bugs.webkit.org/show_bug.cgi?id=240353 rdar://problem/93191958 Reviewed by Brent Fulgham. Source/WebCore: Add flags for credential backup state: https://github.com/w3c/webauthn/pull/1695 * Modules/webauthn/WebAuthenticationConstants.h: Source/WebKit: This patch adds support for backup state flags, which will be added to the Web Authentication spec soon via https://github.com/w3c/webauthn/pull/1695 These flags are set whenever a credential is "backup eligible" and "backed up" hinting to RPs that the credential is "durable" and may persist through device restores. This is useful for RPs that may choose to offer to remove the user password if a credental is in this state. * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: (WebKit::LocalAuthenticatorInternal::authDataFlags): (WebKit::LocalAuthenticator::continueMakeCredentialAfterUserVerification): (WebKit::LocalAuthenticator::continueGetAssertionAfterUserVerification): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm Diff Modified: trunk/Source/WebCore/ChangeLog (294121 => 294122) --- trunk/Source/WebCore/ChangeLog 2022-05-12 21:30:42 UTC (rev 294121) +++ trunk/Source/WebCore/ChangeLog 2022-05-12 21:51:58 UTC (rev 294122) @@ -1,3 +1,15 @@ +2022-05-12 J Pascoe + +[WebAuthn] Include backup state in authenticatorData +https://bugs.webkit.org/show_bug.cgi?id=240353 +rdar://problem/93191958 + +Reviewed by Brent Fulgham. + +Add flags for credential backup state: https://github.com/w3c/webauthn/pull/1695 + +* Modules/webauthn/WebAuthenticationConstants.h: + 2022-05-12 Brent Fulgham REGRESSION (r281791): [iOS] WKWebView cannot load local .log file Modified: trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h (294121 => 294122) --- trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h 2022-05-12 21:30:42 UTC (rev 294121) +++ trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h 2022-05-12 21:51:58 UTC (rev 294122) @@ -110,5 +110,8 @@ constexpr uint8_t userPresenceFlag = 0b0001; constexpr uint8_t userVerifiedFlag = 0b0100; constexpr uint8_t attestedCredentialDataIncludedFlag = 0b0100; +// https://github.com/w3c/webauthn/pull/1695 +constexpr uint8_t backupEligibilityFlag = 0b1000; +constexpr uint8_t backupStateFlag = 0b0001; } // namespace WebAuthn Modified: trunk/Source/WebKit/ChangeLog (294121 => 294122) --- trunk/Source/WebKit/ChangeLog 2022-05-12 21:30:42 UTC (rev 294121) +++ trunk/Source/WebKit/ChangeLog 2022-05-12 21:51:58 UTC (rev 294122) @@ -1,3 +1,24 @@ +2022-05-12 J Pascoe + +[WebAuthn] Include backup state in authenticatorData +https://bugs.webkit.org/show_bug.cgi?id=240353 +rdar://problem/93191958 + +Reviewed by Brent Fulgham. + +This patch adds support for backup state flags, which will be added to +the Web Authentication spec soon via https://github.com/w3c/webauthn/pull/1695 + +These flags are set whenever a credential is "backup eligible" and "backed up" +hinting to RPs that the credential is "durable" and may persist through device +restores. This is useful for RPs that may choose to offer to remove the user +password if a credental is in this state. + +* UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: +(WebKit::LocalAuthenticatorInternal::authDataFlags): +(WebKit::LocalAuthenticator::continueMakeCredentialAfterUserVerification): +(WebKit::LocalAuthenticator::continueGetAssertionAfterUserVerification): + 2022-05-12 Tim Horton Don't install WebKit feature flags plist on macOS Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm (294121 => 294122) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2022-05-12 21:30:42 UTC (rev 294121) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2022-05-12 21:51:58 UTC (rev 294122) @@ -75,11 +75,6 @@ namespace LocalAuthenticatorInternal { -// See https://www.w3.org/TR/webauthn/#flags. -const uint8_t makeCredentialFlags = userPresenceFlag | userVerifiedFlag | attestedCredentialDataIncludedFlag; // UP, UV and AT are set. -const uint8_t otherMakeCredentialFlags = userPresenceFlag | attestedCredentialDataIncludedFlag; // UP and AT are set. -const uint8_t getAssertionFlags = userPresenceFlag | userVerifiedFlag; // UP and UV are set. -const uint8_t otherGetAssertionFlags = userPresenceFlag; // UP is set. // Credential ID is currently SHA-1 of the corresponding p
[webkit-changes] [293907] trunk/Source/WebKit
Title: [293907] trunk/Source/WebKit Revision 293907 Author j_pas...@apple.com Date 2022-05-06 10:59:21 -0700 (Fri, 06 May 2022) Log Message [WebAuthn] Get rid of ASCAgentProxy instance after success/error/cancel https://bugs.webkit.org/show_bug.cgi?id=240143 rdar://problem/92825715 Reviewed by Brent Fulgham. For internal reasons, the ASCAgentProxy instance cannot be reused, so we should clear it after a request or cancellation. * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm Diff Modified: trunk/Source/WebKit/ChangeLog (293906 => 293907) --- trunk/Source/WebKit/ChangeLog 2022-05-06 17:56:17 UTC (rev 293906) +++ trunk/Source/WebKit/ChangeLog 2022-05-06 17:59:21 UTC (rev 293907) @@ -1,3 +1,16 @@ +2022-05-06 J Pascoe + +[WebAuthn] Get rid of ASCAgentProxy instance after success/error/cancel +https://bugs.webkit.org/show_bug.cgi?id=240143 +rdar://problem/92825715 + +Reviewed by Brent Fulgham. + +For internal reasons, the ASCAgentProxy instance cannot be reused, so we +should clear it after a request or cancellation. + +* UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: + 2022-05-06 Brent Fulgham Remove the viewportFitEnabled WKPreference now that it is always on Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm (293906 => 293907) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-05-06 17:56:17 UTC (rev 293906) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-05-06 17:59:21 UTC (rev 293907) @@ -447,6 +447,7 @@ return; } continueAfterRequest(credential, error, WTFMove(handler)); +weakThis->m_proxy.clear(); }); }).get()]; return; @@ -453,8 +454,8 @@ } #endif // PLATFORM(MAC) || PLATFORM(MACCATALYST) #if PLATFORM(IOS) -[m_proxy performAuthorizationRequestsForContext:requestContext.get() withCompletionHandler:makeBlockPtr([handler = WTFMove(handler)](id credential, NSError *error) mutable { -callOnMainRunLoop([handler = WTFMove(handler), credential = retainPtr(credential), error = retainPtr(error)] () mutable { +[m_proxy performAuthorizationRequestsForContext:requestContext.get() withCompletionHandler:makeBlockPtr([weakThis = WeakPtr { *this }, handler = WTFMove(handler)](id credential, NSError *error) mutable { +callOnMainRunLoop([weakThis, handler = WTFMove(handler), credential = retainPtr(credential), error = retainPtr(error)] () mutable { #elif PLATFORM(MAC) RetainPtr window = m_webPageProxy.platformWindow(); [m_proxy performAuthorizationRequestsForContext:requestContext.get() withClearanceHandler:makeBlockPtr([weakThis = WeakPtr { *this }, handler = WTFMove(handler), window = WTFMove(window)](NSXPCListenerEndpoint *daemonEndpoint, NSError *error) mutable { @@ -462,15 +463,18 @@ if (!weakThis || !daemonEndpoint) { LOG_ERROR("Could not connect to authorization daemon: %@\n", error.get()); handler({ }, (AuthenticatorAttachment)0, ExceptionData { NotAllowedError, "Operation failed."_s }); +if (weakThis) +weakThis->m_proxy.clear(); return; } weakThis->m_presenter = adoptNS([allocASCAuthorizationRemotePresenterInstance() init]); -[weakThis->m_presenter presentWithWindow:window.get() daemonEndpoint:daemonEndpoint.get() completionHandler:makeBlockPtr([handler = WTFMove(handler)](id credentialNotRetain, NSError *errorNotRetain) mutable { +[weakThis->m_presenter presentWithWindow:window.get() daemonEndpoint:daemonEndpoint.get() completionHandler:makeBlockPtr([weakThis, handler = WTFMove(handler)](id credentialNotRetain, NSError *errorNotRetain) mutable { auto credential = retainPtr(credentialNotRetain); auto error = retainPtr(errorNotRetain); #endif continueAfterRequest(credential, error, WTFMove(handler)); +weakThis->m_proxy.clear(); #if PLATFORM(MAC) }).get()]; #endif @@ -495,8 +499,10 @@ void WebAuthenticatorCoordinatorProxy::cancel() { -if (m_proxy) +if (m_proxy) { [m_proxy cancelCurrentRequest]; +m_proxy.clear(); +} } } // namespace WebKit ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [293786] trunk/Source/WebKit
Title: [293786] trunk/Source/WebKit Revision 293786 Author j_pas...@apple.com Date 2022-05-04 13:28:40 -0700 (Wed, 04 May 2022) Log Message [WebAuthn] Remove user gesture requirement for mediation=conditional assertions https://bugs.webkit.org/show_bug.cgi?id=240038 rdar://92137603 Reviewed by Brent Fulgham. Conditional assertions are non-modal and already require a gesture to complete via a different mechanism. Tested manually on device. * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: (WebKit::configurationAssertionRequestContext): * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp: (WebKit::WebAuthenticatorCoordinatorProxy::handleRequest): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp Diff Modified: trunk/Source/WebKit/ChangeLog (293785 => 293786) --- trunk/Source/WebKit/ChangeLog 2022-05-04 20:22:05 UTC (rev 293785) +++ trunk/Source/WebKit/ChangeLog 2022-05-04 20:28:40 UTC (rev 293786) @@ -1,3 +1,21 @@ +2022-05-04 J Pascoe + +[WebAuthn] Remove user gesture requirement for mediation=conditional assertions +https://bugs.webkit.org/show_bug.cgi?id=240038 +rdar://92137603 + +Reviewed by Brent Fulgham. + +Conditional assertions are non-modal and already require a gesture to complete via +a different mechanism. + +Tested manually on device. + +* UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: +(WebKit::configurationAssertionRequestContext): +* UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp: +(WebKit::WebAuthenticatorCoordinatorProxy::handleRequest): + 2022-05-04 Brent Fulgham Remove deprecated 'JavaEnabled' feature flag and related code Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm (293785 => 293786) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-05-04 20:22:05 UTC (rev 293785) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-05-04 20:28:40 UTC (rev 293786) @@ -321,8 +321,11 @@ auto requestContext = adoptNS([allocASCCredentialRequestContextInstance() initWithRequestTypes:requestTypes]); [requestContext setRelyingPartyIdentifier:options.rpId]; -if (mediation == MediationRequirement::Conditional && [requestContext respondsToSelector:@selector(setRequestStyle:)]) +if (mediation == MediationRequirement::Conditional) { +if (![requestContext respondsToSelector:@selector(setRequestStyle:)]) +return nil; requestContext.get().requestStyle = ASCredentialRequestStyleAutoFill; +} setGlobalFrameIDForContext(requestContext, globalFrameID); if (requestTypes & ASCCredentialRequestTypePlatformPublicKeyAssertion) { Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp (293785 => 293786) --- trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp 2022-05-04 20:22:05 UTC (rev 293785) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp 2022-05-04 20:28:40 UTC (rev 293786) @@ -107,7 +107,7 @@ handler({ }, (AuthenticatorAttachment)0, ExceptionData { NotAllowedError, "This request has been cancelled by the user."_s }); }; -if (!data.processingUserGesture && !m_webPageProxy.websiteDataStore().authenticatorManager().isVirtual()) +if (!data.processingUserGesture && data.mediation != MediationRequirement::Conditional && !m_webPageProxy.websiteDataStore().authenticatorManager().isVirtual()) m_webPageProxy.uiClient().requestWebAuthenticationNoGesture(origin, WTFMove(afterConsent)); else afterConsent(true); ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [293433] trunk/Source/WebKit
Title: [293433] trunk/Source/WebKit Revision 293433 Author j_pas...@apple.com Date 2022-04-26 11:16:52 -0700 (Tue, 26 Apr 2022) Log Message [WebAuthn] Do not pass ASCCredentialRequestTypePlatform... if LocalService unavailable https://bugs.webkit.org/show_bug.cgi?id=239746 rdar://91981865 Reviewed by Brent Fulgham. Passing platform in requestTypes breaks the UI in registerations with the syncing platform authenticator off and local service is unavailable. This patch stops passing it in this case. * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: (WebKit::configureRegistrationRequestContext): (WebKit::WebAuthenticatorCoordinatorProxy::performRequest): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm Diff Modified: trunk/Source/WebKit/ChangeLog (293432 => 293433) --- trunk/Source/WebKit/ChangeLog 2022-04-26 18:09:57 UTC (rev 293432) +++ trunk/Source/WebKit/ChangeLog 2022-04-26 18:16:52 UTC (rev 293433) @@ -1,3 +1,18 @@ +2022-04-26 J Pascoe + +[WebAuthn] Do not pass ASCCredentialRequestTypePlatform... if LocalService unavailable +https://bugs.webkit.org/show_bug.cgi?id=239746 +rdar://91981865 + +Reviewed by Brent Fulgham. + +Passing platform in requestTypes breaks the UI in registerations with the syncing platform +authenticator off and local service is unavailable. This patch stops passing it in this case. + +* UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: +(WebKit::configureRegistrationRequestContext): +(WebKit::WebAuthenticatorCoordinatorProxy::performRequest): + 2022-04-26 Simon Fraser Fix crashes under RemoteLayerBackingStore::applyBackingStoreToLayer() Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm (293432 => 293433) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-04-26 18:09:57 UTC (rev 293432) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-04-26 18:16:52 UTC (rev 293433) @@ -221,6 +221,8 @@ shouldRequireResidentKey = authenticatorSelection->requireResidentKey; residentKeyRequirement = authenticatorSelection->residentKey; } +if (!LocalService::isAvailable()) +requestTypes &= ~ASCCredentialRequestTypePlatformPublicKeyRegistration; auto requestContext = adoptNS([allocASCCredentialRequestContextInstance() initWithRequestTypes:requestTypes]); [requestContext setRelyingPartyIdentifier:options.rp.id]; @@ -428,6 +430,10 @@ void WebAuthenticatorCoordinatorProxy::performRequest(RetainPtr requestContext, RequestCompletionHandler&& handler) { +if (requestContext.get().requestTypes == ASCCredentialRequestTypeNone) { +handler({ }, (AuthenticatorAttachment)0, ExceptionData { NotAllowedError, "This request has been cancelled by the user."_s }); +return; +} m_proxy = adoptNS([allocASCAgentProxyInstance() init]); #if PLATFORM(MAC) || PLATFORM(MACCATALYST) if ([requestContext respondsToSelector:@selector(requestStyle)] && requestContext.get().requestStyle == ASCredentialRequestStyleAutoFill) { ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [293432] trunk/Source/WebCore
Title: [293432] trunk/Source/WebCore Revision 293432 Author j_pas...@apple.com Date 2022-04-26 11:09:57 -0700 (Tue, 26 Apr 2022) Log Message [WebAuthn] Remove misspelled constant "LocalAuthenticatiorAccessGroup" https://bugs.webkit.org/show_bug.cgi?id=235894 rdar://88104045 Reviewed by Brent Fulgham. This change removes a constant with a misspelled variable name after all downstream usage is removed. * Modules/webauthn/WebAuthenticationConstants.h: Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h Diff Modified: trunk/Source/WebCore/ChangeLog (293431 => 293432) --- trunk/Source/WebCore/ChangeLog 2022-04-26 18:01:40 UTC (rev 293431) +++ trunk/Source/WebCore/ChangeLog 2022-04-26 18:09:57 UTC (rev 293432) @@ -1,3 +1,16 @@ +2022-04-26 J Pascoe + +[WebAuthn] Remove misspelled constant "LocalAuthenticatiorAccessGroup" +https://bugs.webkit.org/show_bug.cgi?id=235894 +rdar://88104045 + +Reviewed by Brent Fulgham. + +This change removes a constant with a misspelled variable name after all +downstream usage is removed. + +* Modules/webauthn/WebAuthenticationConstants.h: + 2022-04-26 Kate Cheney Remove WebArchiveDebugMode Modified: trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h (293431 => 293432) --- trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h 2022-04-26 18:01:40 UTC (rev 293431) +++ trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h 2022-04-26 18:09:57 UTC (rev 293432) @@ -78,9 +78,6 @@ Get }; -// rdar://88104045 - Remove once staged change completed -const char LocalAuthenticatiorAccessGroup[] = "com.apple.webkit.webauthn"; - constexpr const char LocalAuthenticatorAccessGroup[] = "com.apple.webkit.webauthn"; // User entity extension ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [292913] trunk
Title: [292913] trunk Revision 292913 Author j_pas...@apple.com Date 2022-04-15 10:38:42 -0700 (Fri, 15 Apr 2022) Log Message Source/WebCore: [WebAuthn] Implement getTransports() and getAuthenticatorData() on AuthenticatorAttestationResponse https://bugs.webkit.org/show_bug.cgi?id=238966 rdar://problem/91449906 This change implements the getTransports() and getAuthenticatorData() functions on AuthenticatorAttestationResponse. For security keys, the supported transports of the key are parsed from authenticatorGetInfo. For the local authenticator, the supported transports are specified according to which features are available. getAuthenticatorData() is a convenience method for RPs who want to avoid parsing CBOR. Reviewed by Brent Fulgham. * Modules/webauthn/AuthenticatorAttestationResponse.cpp: (WebCore::AuthenticatorAttestationResponse::create): (WebCore::AuthenticatorAttestationResponse::AuthenticatorAttestationResponse): (WebCore::AuthenticatorAttestationResponse::data const): (WebCore::AuthenticatorAttestationResponse::getTransports const): (WebCore::AuthenticatorAttestationResponse::getAuthenticatorData const): * Modules/webauthn/AuthenticatorAttestationResponse.h: * Modules/webauthn/AuthenticatorAttestationResponse.idl: * Modules/webauthn/AuthenticatorResponse.cpp: (WebCore::AuthenticatorResponse::tryCreate): * Modules/webauthn/AuthenticatorResponse.h: * Modules/webauthn/AuthenticatorResponseData.h: (WebCore::AuthenticatorResponseData::encode const): (WebCore::AuthenticatorResponseData::decode): * Modules/webauthn/AuthenticatorTransport.h: * Modules/webauthn/AuthenticatorTransport.idl: * Modules/webauthn/WebAuthenticationConstants.h: * Modules/webauthn/WebAuthenticationUtils.cpp: (WebCore::convertArrayBufferToVector): * Modules/webauthn/WebAuthenticationUtils.h: * Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp: (fido::AuthenticatorGetInfoResponse::setTransports): (fido::toStringVector): (fido::encodeAsCBOR): * Modules/webauthn/fido/AuthenticatorGetInfoResponse.h: * Modules/webauthn/fido/DeviceResponseConverter.cpp: (fido::convertStringToAuthenticatorTransport): (fido::readCTAPMakeCredentialResponse): (fido::readCTAPGetInfoResponse): * Modules/webauthn/fido/DeviceResponseConverter.h: * Modules/webauthn/fido/U2fResponseConverter.cpp: (fido::readU2fRegisterResponse): * Modules/webauthn/fido/U2fResponseConverter.h: (fido::readU2fRegisterResponse): Source/WebKit: [WebAuthn] Implement getTransports() and getAuthenticatorData() on AuthenticatorAttestationResponse https://bugs.webkit.org/show_bug.cgi?id=238966 rdar://problem/91449906 This change implements the getTransports() and getAuthenticatorData() functions on AuthenticatorAttestationResponse. For security keys, the supported transports of the key are parsed from authenticatorGetInfo. For the local authenticator, the supported transports are specified according to which features are available. getAuthenticatorData() is a convenience method for RPs who want to avoid parsing CBOR. Reviewed by Brent Fulgham. * Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h: * UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponse.h: * UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponse.mm: (-[_WKAuthenticatorAttestationResponse initWithClientDataJSON:rawId:extensions:attestationObject:attachment:transports:]): (-[_WKAuthenticatorAttestationResponse initWithClientDataJSON:rawId:extensions:attestationObject:attachment:]): Deleted. * UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponseInternal.h: * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (wkExtensionsClientOutputs): (wkAuthenticatorAttestationResponse): (wkAuthenticatorAssertionResponse): * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: (WebKit::LocalAuthenticatorInternal::transports): (WebKit::LocalAuthenticator::continueMakeCredentialAfterUserVerification): (WebKit::LocalAuthenticator::continueMakeCredentialAfterAttested): * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: (WebKit::toASCDescriptor): (WebKit::toAuthenticatorTransports): (WebKit::continueAfterRequest): * UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp: (WebKit::CtapAuthenticator::continueMakeCredentialAfterResponseReceived): (WebKit::CtapAuthenticator::transports): * UIProcess/WebAuthentication/fido/CtapAuthenticator.h: * UIProcess/WebAuthentication/fido/CtapDriver.h: (WebKit::CtapDriver::transport const): (WebKit::CtapDriver::protocol const): (WebKit::CtapDriver::CtapDriver): * UIProcess/WebAuthentication/fido/CtapHidDriver.cpp: (WebKit::CtapHidDriver::CtapHidDriver): * UIProcess/WebAuthentication/fido/CtapNfcDriver.cpp: (WebKit::CtapNfcDriver::CtapNfcDriver): * UIProcess/WebAuthentication/fido/U2fAuthenticator.cpp: (WebKit::U2fAuthenticator::continueRegisterCommandAfterResponseReceived): Tools: [WebAuthn] Implement getTransports() and getAuthenticatorData() on AuthenticatorAttestationResponse https://bugs.webkit.org/show_bug.cgi?id=238966 rdar://problem/91449906 Reviewed
[webkit-changes] [292710] trunk/Source/WebKit
Title: [292710] trunk/Source/WebKit Revision 292710 Author j_pas...@apple.com Date 2022-04-11 09:18:54 -0700 (Mon, 11 Apr 2022) Log Message [WebAuthn] Ensure requestPin callback on main thread https://bugs.webkit.org/show_bug.cgi?id=238962 rdar://problem/91446051 Reviewed by Brent Fulgham. This callback gets called by a non-main thread when making calls via ASA. This patch uses ensureOnMainThread to ensure the completion handler is called on the main thread. It also upgrades the callback asserts to RELEASE_ASSERTs to avoid this issue in the future. * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: (WebKit::LocalAuthenticator::getAssertion): * UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.mm: (WebKit::WebAuthenticationPanelClient::requestPin const): * UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp: (WebKit::CtapAuthenticator::continueGetNextAssertionAfterResponseReceived): (WebKit::CtapAuthenticator::continueRequestPinAfterGetKeyAgreement): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.mm trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp Diff Modified: trunk/Source/WebKit/ChangeLog (292709 => 292710) --- trunk/Source/WebKit/ChangeLog 2022-04-11 16:13:37 UTC (rev 292709) +++ trunk/Source/WebKit/ChangeLog 2022-04-11 16:18:54 UTC (rev 292710) @@ -1,3 +1,24 @@ +2022-04-11 J Pascoe + +[WebAuthn] Ensure requestPin callback on main thread +https://bugs.webkit.org/show_bug.cgi?id=238962 +rdar://problem/91446051 + +Reviewed by Brent Fulgham. + +This callback gets called by a non-main thread when making calls via +ASA. This patch uses ensureOnMainThread to ensure the completion handler +is called on the main thread. It also upgrades the callback asserts to +RELEASE_ASSERTs to avoid this issue in the future. + +* UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: +(WebKit::LocalAuthenticator::getAssertion): +* UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.mm: +(WebKit::WebAuthenticationPanelClient::requestPin const): +* UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp: +(WebKit::CtapAuthenticator::continueGetNextAssertionAfterResponseReceived): +(WebKit::CtapAuthenticator::continueRequestPinAfterGetKeyAgreement): + 2022-04-10 Chris Dumez Unreviewed Windows build fix after r292696. Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm (292709 => 292710) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2022-04-11 16:13:37 UTC (rev 292709) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2022-04-11 16:18:54 UTC (rev 292710) @@ -544,7 +544,7 @@ if (auto* observer = this->observer()) { auto callback = [this, weakThis = WeakPtr { *this }] (AuthenticatorAssertionResponse* response) { -ASSERT(RunLoop::isMain()); +RELEASE_ASSERT(RunLoop::isMain()); if (!weakThis) return; Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.mm (292709 => 292710) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.mm 2022-04-11 16:13:37 UTC (rev 292709) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.mm 2022-04-11 16:18:54 UTC (rev 292710) @@ -131,10 +131,12 @@ auto checker = CompletionHandlerCallChecker::create(delegate.get(), @selector(panel:requestPINWithRemainingRetries:completionHandler:)); [delegate panel:m_panel requestPINWithRemainingRetries:retries completionHandler:makeBlockPtr([completionHandler = WTFMove(completionHandler), checker = WTFMove(checker)](NSString *pin) mutable { -if (checker->completionHandlerHasBeenCalled()) -return; -checker->didCallCompletionHandler(); -completionHandler(pin); +ensureOnMainThread([completionHandler = WTFMove(completionHandler), checker = WTFMove(checker), pin = retainPtr(pin)] () mutable { +if (checker->completionHandlerHasBeenCalled()) +return; +checker->didCallCompletionHandler(); +completionHandler(pin.get()); +}); }).get()]; } Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp (292709 => 292710) --- trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp 2022-04-11 16:13:37 UTC (rev 292709) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp 2022-04-11 16:18:54 UTC (rev 292710) @@ -210,7 +210,7 @@ if (!m_remainingAssertionResponses) { if (auto* observer = this->observer()) { observer->sele
[webkit-changes] [292593] trunk/Source/WebKit
Title: [292593] trunk/Source/WebKit Revision 292593 Author j_pas...@apple.com Date 2022-04-07 22:40:06 -0700 (Thu, 07 Apr 2022) Log Message [WebAuthn] Support all CTAP transports and remove gesture requirement for virtual authenticators https://bugs.webkit.org/show_bug.cgi?id=238814 rdar://problem/91300515 Reviewed by Brent Fulgham. This patch adds support for the other CTAP virtual authenticator transports and removes the user gesture requirement when using virtual authenticators. These changes are needed to run the webauthn web-platform-tests. * UIProcess/WebAuthentication/AuthenticatorManager.cpp: (WebKit::WebCore::collectTransports): (WebKit::AuthenticatorManager::filterTransports const): * UIProcess/WebAuthentication/Mock/MockAuthenticatorManager.cpp: (WebKit::MockAuthenticatorManager::filterTransports const): * UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.cpp: (WebKit::VirtualAuthenticatorManager::createAuthenticator): * UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.h: * UIProcess/WebAuthentication/Virtual/VirtualLocalConnection.mm: (WebKit::VirtualLocalConnection::verifyUser): * UIProcess/WebAuthentication/Virtual/VirtualService.mm: (WebKit::VirtualService::startDiscoveryInternal): * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp: (WebKit::WebAuthenticatorCoordinatorProxy::handleRequest): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp trunk/Source/WebKit/UIProcess/WebAuthentication/Mock/MockAuthenticatorManager.cpp trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.cpp trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.h trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualLocalConnection.mm trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualService.mm trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp Diff Modified: trunk/Source/WebKit/ChangeLog (292592 => 292593) --- trunk/Source/WebKit/ChangeLog 2022-04-08 04:59:16 UTC (rev 292592) +++ trunk/Source/WebKit/ChangeLog 2022-04-08 05:40:06 UTC (rev 292593) @@ -1,3 +1,30 @@ +2022-04-07 J Pascoe + +[WebAuthn] Support all CTAP transports and remove gesture requirement for virtual authenticators +https://bugs.webkit.org/show_bug.cgi?id=238814 +rdar://problem/91300515 + +Reviewed by Brent Fulgham. + +This patch adds support for the other CTAP virtual authenticator transports and removes +the user gesture requirement when using virtual authenticators. These changes are needed +to run the webauthn web-platform-tests. + +* UIProcess/WebAuthentication/AuthenticatorManager.cpp: +(WebKit::WebCore::collectTransports): +(WebKit::AuthenticatorManager::filterTransports const): +* UIProcess/WebAuthentication/Mock/MockAuthenticatorManager.cpp: +(WebKit::MockAuthenticatorManager::filterTransports const): +* UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.cpp: +(WebKit::VirtualAuthenticatorManager::createAuthenticator): +* UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.h: +* UIProcess/WebAuthentication/Virtual/VirtualLocalConnection.mm: +(WebKit::VirtualLocalConnection::verifyUser): +* UIProcess/WebAuthentication/Virtual/VirtualService.mm: +(WebKit::VirtualService::startDiscoveryInternal): +* UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp: +(WebKit::WebAuthenticatorCoordinatorProxy::handleRequest): + 2022-04-07 Elliott Williams [XCBuild] Enable dependency validation by default Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp (292592 => 292593) --- trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp 2022-04-08 04:59:16 UTC (rev 292592) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp 2022-04-08 05:40:06 UTC (rev 292593) @@ -63,6 +63,8 @@ ASSERT_UNUSED(addResult, addResult.isNewEntry); addResult = result.add(AuthenticatorTransport::Nfc); ASSERT_UNUSED(addResult, addResult.isNewEntry); +addResult = result.add(AuthenticatorTransport::Ble); +ASSERT_UNUSED(addResult, addResult.isNewEntry); return result; } @@ -76,6 +78,8 @@ ASSERT_UNUSED(addResult, addResult.isNewEntry); addResult = result.add(AuthenticatorTransport::Nfc); ASSERT_UNUSED(addResult, addResult.isNewEntry); +addResult = result.add(AuthenticatorTransport::Ble); +ASSERT_UNUSED(addResult, addResult.isNewEntry); return result; } @@ -98,6 +102,8 @@ ASSERT_UNUSED(addResult, addResult.isNewEntry); addResult = result.add(AuthenticatorTransport::Nfc); ASSERT_UNUSED(addResult, addResult.isNewEntry);
[webkit-changes] [292508] trunk
Title: [292508] trunk Revision 292508 Author j_pas...@apple.com Date 2022-04-06 14:57:52 -0700 (Wed, 06 Apr 2022) Log Message Fix expected, actual links for variant-based imported wpt tests https://bugs.webkit.org/show_bug.cgi?id=238832 rdar://problem/91313891 Reviewed by Brent Fulgham. Tools: Ensure that the workaround involving "len(fs.splitext(output_basename)[1]) - 1 > 5" does not affect imported templated wpt tests that may match that condition, such as ".../pbkdf2.https.any.worker.html." * Scripts/webkitpy/layout_tests/controllers/test_result_writer.py: (TestResultWriter.output_filename): * Scripts/webkitpy/layout_tests/controllers/test_result_writer_unittest.py: (TestResultWriterTest.test_output_filename): (TestResultWriterTest): (TestResultWriterTest.test_output_filename_variant): LayoutTests: The changes to LayoutTests/fast/harness/results.html were wiped when preparing https://bugs.webkit.org/show_bug.cgi?id=231544, causing the links not to match. This patch fixes it. * fast/harness/results.html: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/fast/harness/results.html trunk/Tools/ChangeLog trunk/Tools/Scripts/webkitpy/layout_tests/controllers/test_result_writer.py trunk/Tools/Scripts/webkitpy/layout_tests/controllers/test_result_writer_unittest.py Diff Modified: trunk/LayoutTests/ChangeLog (292507 => 292508) --- trunk/LayoutTests/ChangeLog 2022-04-06 21:49:12 UTC (rev 292507) +++ trunk/LayoutTests/ChangeLog 2022-04-06 21:57:52 UTC (rev 292508) @@ -1,3 +1,17 @@ +2022-04-06 J Pascoe + +Fix expected, actual links for variant-based imported wpt tests +https://bugs.webkit.org/show_bug.cgi?id=238832 +rdar://problem/91313891 + +Reviewed by Brent Fulgham. + +The changes to LayoutTests/fast/harness/results.html were wiped when +preparing https://bugs.webkit.org/show_bug.cgi?id=231544, causing the +links not to match. This patch fixes it. + +* fast/harness/results.html: + 2022-04-06 Matteo Flores [ Mac , iOS Debug ] imported/w3c/web-platform-tests/html/cross-origin-opener-policy/resource-popup.https.html is a flaky failure. Modified: trunk/LayoutTests/fast/harness/results.html (292507 => 292508) --- trunk/LayoutTests/fast/harness/results.html 2022-04-06 21:49:12 UTC (rev 292507) +++ trunk/LayoutTests/fast/harness/results.html 2022-04-06 21:57:52 UTC (rev 292508) @@ -280,13 +280,19 @@ return null; } -static stripExtension(testName) +static testPrefix(testName) { // Temporary fix, also in Tools/Scripts/webkitpy/layout_tests/constrollers/test_result_writer.py, line 95. // FIXME: Refactor to avoid confusing reference to both test and process names. -if (Utils.splitExtension(testName)[1].length > 5) +let parts = Utils.splitExtension(testName); +let prefix = parts[0]; +if (parts[1].includes('?')) +prefix += '_' + parts[1].split('?')[1] +else if (parts[1].includes('#')) +prefix += '_' + parts[1].split('#')[1] +else if (Utils.splitExtension(parts[0])[1].length > 5) return testName; -return Utils.splitExtension(testName)[0]; +return prefix; } static splitExtension(testName) @@ -1168,7 +1174,7 @@ TestResultsController._getResultContainer(node).remove(); else if (url.match('-actual.png$')) { let name = Utils.parentOfType(node, 'tbody').querySelector('.test-link').textContent; -TestResultsController._getResultContainer(node).outerHTML = togglingImageFunction(Utils.stripExtension(name)); +TestResultsController._getResultContainer(node).outerHTML = togglingImageFunction(Utils.testPrefix(name)); } } } @@ -1344,7 +1350,7 @@ let actualTokens = testResult.info.actual.split(/\s+/); -let testPrefix = Utils.stripExtension(testResult.name); +let testPrefix = Utils.testPrefix(testResult.name); let imageResults = this.imageResultLinks(testResult, testPrefix, actualTokens[0]); if (!imageResults && actualTokens.length > 1) imageResults = this.imageResultLinks(testResult, 'retries/' + testPrefix, actualTokens[1]); @@ -1374,12 +1380,12 @@ appendTextFailureLinks(testResult, cell) { -cell.innerHTML += this._resultsController.textResultLinks(Utils.stripExtension(testResult.name)); +cell.innerHTML += this._resultsController.textResultLinks(Utils.testPrefix(testResult.name)); } appendAudioFailureLinks(testResult, cell) { -let prefix = Utils.stripExtension(testResult.name); +let prefix = Utils.testPrefix(testResult.name); cell.innerHTML += TestResultsController.resultLink(prefix, '-expected.wav', 'expected audio') + TestResultsController.resultLink(prefix, '-actual.wav', 'actual audio') + TestResults
[webkit-changes] [292495] trunk/LayoutTests
Title: [292495] trunk/LayoutTests Revision 292495 Author j_pas...@apple.com Date 2022-04-06 12:44:10 -0700 (Wed, 06 Apr 2022) Log Message pbkdf2.https.any.worker.html fails on WPE, GTK2 ports https://bugs.webkit.org/show_bug.cgi?id=238885 Unreviewed test gardening. * platform/gtk/TestExpectations: * platform/wpe/TestExpectations: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/platform/gtk/TestExpectations trunk/LayoutTests/platform/wpe/TestExpectations Diff Modified: trunk/LayoutTests/ChangeLog (292494 => 292495) --- trunk/LayoutTests/ChangeLog 2022-04-06 19:40:27 UTC (rev 292494) +++ trunk/LayoutTests/ChangeLog 2022-04-06 19:44:10 UTC (rev 292495) @@ -1,3 +1,13 @@ +2022-04-06 J Pascoe + +pbkdf2.https.any.worker.html fails on WPE, GTK2 ports +https://bugs.webkit.org/show_bug.cgi?id=238885 + +Unreviewed test gardening. + +* platform/gtk/TestExpectations: +* platform/wpe/TestExpectations: + 2022-04-06 Robert Jenner [ Monterey wk2 Release ] imported/w3c/web-platform-tests/css/css-text/white-space/pre-wrap-012.html is a flaky image failure Modified: trunk/LayoutTests/platform/gtk/TestExpectations (292494 => 292495) --- trunk/LayoutTests/platform/gtk/TestExpectations 2022-04-06 19:40:27 UTC (rev 292494) +++ trunk/LayoutTests/platform/gtk/TestExpectations 2022-04-06 19:44:10 UTC (rev 292495) @@ -1891,3 +1891,20 @@ # Ftp code is disabled in gtk port http/tests/misc/ftp-eplf-directory.py [ Skip ] + +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.html?1001-2000 [ Failure Timeout ] +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.html?2001-3000 [ Failure Timeout ] +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.html?3001-4000 [ Failure Timeout ] +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.html?4001-5000 [ Failure Timeout ] +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.html?5001-6000 [ Failure Timeout ] +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.html?6001-7000 [ Failure Timeout ] +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.html?7001-8000 [ Failure Timeout ] +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.html?8001-last [ Failure Timeout ] +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.worker.html?1001-2000 [ Failure Timeout ] +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.worker.html?2001-3000 [ Failure Timeout ] +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.worker.html?3001-4000 [ Failure Timeout ] +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.worker.html?4001-5000 [ Failure Timeout ] +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.worker.html?5001-6000 [ Failure Timeout ] +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.worker.html?6001-7000 [ Failure Timeout ] +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.worker.html?7001-8000 [ Failure Timeout ] +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.worker.html?8001-last [ Failure Timeout ] Modified: trunk/LayoutTests/platform/wpe/TestExpectations (292494 => 292495) --- trunk/LayoutTests/platform/wpe/TestExpectations 2022-04-06 19:40:27 UTC (rev 292494) +++ trunk/LayoutTests/platform/wpe/TestExpectations 2022-04-06 19:44:10 UTC (rev 292495) @@ -1355,3 +1355,20 @@ # # These tests require platform support. + +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.html?1001-2000 [ Failure Timeout ] +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.html?2001-3000 [ Failure Timeout ] +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.html?3001-4000 [ Failure Timeout ] +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.html?4001-5000 [ Failure Timeout ] +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.html?5001-6000 [ Failure Timeout ] +webkit.org/b/238885 imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.html?6001-7000 [ Failure Timeout ] +webkit.org/b/238885 imported/w3c/web-plat
[webkit-changes] [291988] trunk/Source/WebKit
Title: [291988] trunk/Source/WebKit Revision 291988 Author j_pas...@apple.com Date 2022-03-28 13:58:18 -0700 (Mon, 28 Mar 2022) Log Message Adopt ASCPublicKeyCredentialCreationOptions's residentKeyPreference https://bugs.webkit.org/show_bug.cgi?id=238387 rdar://problem/90845393 Reviewed by Brent Fulgham. This patch passes along the residentKeyPreference to ASA, so it can be passed back via _WKAuthenticatorSelectionCriteria.residentKey. * Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h: * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: (WebKit::toASCResidentKeyPreference): (WebKit::configureRegistrationRequestContext): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm Diff Modified: trunk/Source/WebKit/ChangeLog (291987 => 291988) --- trunk/Source/WebKit/ChangeLog 2022-03-28 20:43:02 UTC (rev 291987) +++ trunk/Source/WebKit/ChangeLog 2022-03-28 20:58:18 UTC (rev 291988) @@ -1,3 +1,19 @@ +2022-03-28 J Pascoe + +Adopt ASCPublicKeyCredentialCreationOptions's residentKeyPreference +https://bugs.webkit.org/show_bug.cgi?id=238387 +rdar://problem/90845393 + +Reviewed by Brent Fulgham. + +This patch passes along the residentKeyPreference to ASA, so it can be passed +back via _WKAuthenticatorSelectionCriteria.residentKey. + +* Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h: +* UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: +(WebKit::toASCResidentKeyPreference): +(WebKit::configureRegistrationRequestContext): + 2022-03-28 Per Arne Vollan [iOS] Fix sandbox violation related to Network content filtering Modified: trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h (291987 => 291988) --- trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h 2022-03-28 20:43:02 UTC (rev 291987) +++ trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h 2022-03-28 20:58:18 UTC (rev 291988) @@ -183,6 +183,13 @@ ASCCredentialRequestTypeSecurityKeyPublicKeyAssertion = 1 << 5, }; +typedef NS_ENUM(NSInteger, ASPublicKeyCredentialResidentKeyPreference) { +ASPublicKeyCredentialResidentKeyPreferenceNotPresent, +ASPublicKeyCredentialResidentKeyPreferenceDiscouraged, +ASPublicKeyCredentialResidentKeyPreferencePreferred, +ASPublicKeyCredentialResidentKeyPreferenceRequired, +}; + @interface ASCPublicKeyCredentialCreationOptions : NSObject @property (nonatomic, nullable, copy) NSData *challenge; @@ -198,6 +205,7 @@ @property (nonatomic, nullable, copy) NSNumber *timeout; @property (nonatomic) BOOL shouldRequireResidentKey; +@property (nonatomic) ASPublicKeyCredentialResidentKeyPreference residentKeyPreference; @property (nonatomic, copy) NSArray *excludedCredentials; @end Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm (291987 => 291988) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-03-28 20:43:02 UTC (rev 291987) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-03-28 20:58:18 UTC (rev 291988) @@ -182,6 +182,22 @@ } } +static inline ASPublicKeyCredentialResidentKeyPreference toASCResidentKeyPreference(std::optional requirement, bool requireResidentKey) +{ +if (!requirement) +return requireResidentKey ? ASPublicKeyCredentialResidentKeyPreferenceRequired : ASPublicKeyCredentialResidentKeyPreferenceNotPresent; +switch (*requirement) { +case ResidentKeyRequirement::Discouraged: +return ASPublicKeyCredentialResidentKeyPreferenceDiscouraged; +case ResidentKeyRequirement::Preferred: +return ASPublicKeyCredentialResidentKeyPreferencePreferred; +case ResidentKeyRequirement::Required: +return ASPublicKeyCredentialResidentKeyPreferenceRequired; +} +ASSERT_NOT_REACHED(); +return ASPublicKeyCredentialResidentKeyPreferenceNotPresent; +} + static RetainPtr configureRegistrationRequestContext(const PublicKeyCredentialCreationOptions& options, const Vector& hash, std::optional globalFrameID) { ASCCredentialRequestTypes requestTypes = ASCCredentialRequestTypePlatformPublicKeyRegistration | ASCCredentialRequestTypeSecurityKeyPublicKeyRegistration; @@ -188,6 +204,7 @@ RetainPtr userVerification; bool shouldRequireResidentKey = false; +std::optional residentKeyRequirement; std::optional authenticatorSelection = options.authenticatorSelection; if (authenticatorSelection) { std::optional attachment = authenticatorSelection->authenticatorAttachment; @@ -199,6 +216,7 @@ userVerification = toNSString(authenticatorSelection->userVerification); shouldRequireResidentKey = authe
[webkit-changes] [291882] trunk
Title: [291882] trunk Revision 291882 Author j_pas...@apple.com Date 2022-03-25 13:16:29 -0700 (Fri, 25 Mar 2022) Log Message [WebAuthn] Maintain last modification time separate from last used time for platform credentials https://bugs.webkit.org/show_bug.cgi?id=238293 rdar://90655676 Reviewed by Brent Fulgham. This patch splits a key returned from [_WKWebAuthenticationPanel getAllLocalAuthenticatorCredentials...], _WKLocalAuthenticatorCredentialLastModificationDateKey, which previously signified the last time a credential was modified or used in an assertion, to just the last time the credential was modified. A new key, _WKLocalAuthenticatorCredentialLastUsedDateKey represents the old definition, the last time a key was used or modified. Source/WebCore: * Modules/webauthn/WebAuthenticationConstants.h: Source/WebKit: * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (getAllLocalAuthenticatorCredentialsImpl): (+[_WKWebAuthenticationPanel setUsernameForLocalCredentialWithGroupAndID:credential:username:]): * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: (WebKit::LocalAuthenticator::continueMakeCredentialAfterUserVerification): Tools: Updated API test to verify differences between _WKLocalAuthenticatorCredentialLastModificationDateKey and _WKLocalAuthenticatorCredentialLastModificationDateKey. * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (TestWebKitAPI::TEST): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Source/WebCore/ChangeLog (291881 => 291882) --- trunk/Source/WebCore/ChangeLog 2022-03-25 20:07:32 UTC (rev 291881) +++ trunk/Source/WebCore/ChangeLog 2022-03-25 20:16:29 UTC (rev 291882) @@ -1,3 +1,20 @@ +2022-03-25 J Pascoe + +[WebAuthn] Maintain last modification time separate from last used time for platform credentials +https://bugs.webkit.org/show_bug.cgi?id=238293 +rdar://90655676 + +Reviewed by Brent Fulgham. + +This patch splits a key returned from [_WKWebAuthenticationPanel getAllLocalAuthenticatorCredentials...], +_WKLocalAuthenticatorCredentialLastModificationDateKey, which previously signified the last time a +credential was modified or used in an assertion, to just the last time the credential was modified. + +A new key, _WKLocalAuthenticatorCredentialLastUsedDateKey represents the old definition, the last +time a key was used or modified. + +* Modules/webauthn/WebAuthenticationConstants.h: + 2022-03-25 Zan Dobersek [TextureMapper] Implement GraphicsContextGLTextureMapperANGLE::prepareForDisplay() Modified: trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h (291881 => 291882) --- trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h 2022-03-25 20:07:32 UTC (rev 291881) +++ trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h 2022-03-25 20:16:29 UTC (rev 291882) @@ -83,6 +83,9 @@ constexpr const char LocalAuthenticatorAccessGroup[] = "com.apple.webkit.webauthn"; +// User entity extension +constexpr const char userEntityLastModifiedKey[] = "last_modified"; + // Credential serialization constexpr const char privateKeyKey[] = "priv"; constexpr const char keyTypeKey[] = "key_type"; Modified: trunk/Source/WebKit/ChangeLog (291881 => 291882) --- trunk/Source/WebKit/ChangeLog 2022-03-25 20:07:32 UTC (rev 291881) +++ trunk/Source/WebKit/ChangeLog 2022-03-25 20:16:29 UTC (rev 291882) @@ -1,3 +1,24 @@ +2022-03-25 J Pascoe +[WebAuthn] Maintain last modification time separate from last used time for platform credentials +https://bugs.webkit.org/show_bug.cgi?id=238293 +rdar://90655676 + +Reviewed by Brent Fulgham. + +This patch splits a key returned from [_WKWebAuthenticationPanel getAllLocalAuthenticatorCredentials...], +_WKLocalAuthenticatorCredentialLastModificationDateKey, which previously signified the last time a +credential was modified or used in an assertion, to just the last time the credential was modified. + +A new key, _WKLocalAuthenticatorCredentialLastUsedDateKey represents the old definition, the last +time a key was used or modified. + +* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: +* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: +(getAllLocalAuthenticatorCredentialsImpl): +(+[_WKWebAuthenticationPanel setUsernameForLocalCredentialWithGroupAndID:credential:username:]): +* UIProcess/WebAuthent
[webkit-changes] [291761] trunk/Source/WebKit
Title: [291761] trunk/Source/WebKit Revision 291761 Author j_pas...@apple.com Date 2022-03-23 12:24:00 -0700 (Wed, 23 Mar 2022) Log Message [WebAuthn] Specify correct ASCPublicKeyCredentialKind in configureAssertionOptions https://bugs.webkit.org/show_bug.cgi?id=238272 rdar://problem/90710080 Reviewed by Brent Fulgham. There was a typo when refactoring code into this method. The kind passed to the function should be used, instead of always ASCPublicKeyCredentialKindPlatform. * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: (WebKit::configureAssertionOptions): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm Diff Modified: trunk/Source/WebKit/ChangeLog (291760 => 291761) --- trunk/Source/WebKit/ChangeLog 2022-03-23 19:22:04 UTC (rev 291760) +++ trunk/Source/WebKit/ChangeLog 2022-03-23 19:24:00 UTC (rev 291761) @@ -1,3 +1,17 @@ +2022-03-23 J Pascoe + +[WebAuthn] Specify correct ASCPublicKeyCredentialKind in configureAssertionOptions +https://bugs.webkit.org/show_bug.cgi?id=238272 +rdar://problem/90710080 + +Reviewed by Brent Fulgham. + +There was a typo when refactoring code into this method. The kind passed to the function +should be used, instead of always ASCPublicKeyCredentialKindPlatform. + +* UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: +(WebKit::configureAssertionOptions): + 2022-03-23 Kimmo Kinnunen After losing context due to too many contexts, getError() does not return CONTEXT_LOST_WEBGL Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm (291760 => 291761) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-03-23 19:22:04 UTC (rev 291760) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-03-23 19:24:00 UTC (rev 291761) @@ -255,10 +255,10 @@ auto assertionOptions = adoptNS(allocASCPublicKeyCredentialAssertionOptionsInstance()); if ([assertionOptions respondsToSelector:@selector(initWithKind:relyingPartyIdentifier:clientDataHash:userVerificationPreference:allowedCredentials:)]) { auto nsHash = toNSData(hash); -[assertionOptions initWithKind:ASCPublicKeyCredentialKindPlatform relyingPartyIdentifier:options.rpId clientDataHash:nsHash.get() userVerificationPreference:userVerification.get() allowedCredentials:allowedCredentials.get()]; +[assertionOptions initWithKind:kind relyingPartyIdentifier:options.rpId clientDataHash:nsHash.get() userVerificationPreference:userVerification.get() allowedCredentials:allowedCredentials.get()]; } else { auto challenge = WebCore::toNSData(options.challenge); -[assertionOptions initWithKind:ASCPublicKeyCredentialKindPlatform relyingPartyIdentifier:options.rpId challenge:challenge.get() userVerificationPreference:userVerification.get() allowedCredentials:allowedCredentials.get()]; +[assertionOptions initWithKind:kind relyingPartyIdentifier:options.rpId challenge:challenge.get() userVerificationPreference:userVerification.get() allowedCredentials:allowedCredentials.get()]; } if (options.extensions) [assertionOptions setExtensions:toASCExtensions(*options.extensions).get()]; ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [291625] trunk
Title: [291625] trunk Revision 291625 Author j_pas...@apple.com Date 2022-03-22 10:12:15 -0700 (Tue, 22 Mar 2022) Log Message [WebAuthn] Pass along timeout to ASA and ignore timeout for conditional mediation requests https://bugs.webkit.org/show_bug.cgi?id=238147 rdar://90509464 Reviewed by Brent Fulgham. Source/WebKit: Currently we don't pass the timeout from the rp into ASA, so the default timeout is always used. This patch starts passing along the timeout to ASA, and creates a place for ASA to specify the mediation of the request, so we can ignore the timeout for requests using conditional mediation. Modified API test. * Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h: * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (toWebCore): (-[_WKWebAuthenticationPanel makeCredentialWithMediationRequirement:clientDataHash:options:completionHandler:]): (-[_WKWebAuthenticationPanel makeCredentialWithClientDataHash:options:completionHandler:]): (-[_WKWebAuthenticationPanel getAssertionWithMediationRequirement:clientDataHash:options:completionHandler:]): (-[_WKWebAuthenticationPanel getAssertionWithClientDataHash:options:completionHandler:]): * UIProcess/WebAuthentication/AuthenticatorManager.cpp: (WebKit::AuthenticatorManager::respondReceived): (WebKit::AuthenticatorManager::initTimeOutTimer): * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: (WebKit::configureRegistrationRequestContext): (WebKit::configureAssertionOptions): Tools: Modify API test to use new SPI. * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (TestWebKitAPI::TEST): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Source/WebKit/ChangeLog (291624 => 291625) --- trunk/Source/WebKit/ChangeLog 2022-03-22 16:14:25 UTC (rev 291624) +++ trunk/Source/WebKit/ChangeLog 2022-03-22 17:12:15 UTC (rev 291625) @@ -1,5 +1,34 @@ 2022-03-22 J Pascoe +[WebAuthn] Pass along timeout to ASA and ignore timeout for conditional mediation requests +https://bugs.webkit.org/show_bug.cgi?id=238147 +rdar://90509464 + +Reviewed by Brent Fulgham. + +Currently we don't pass the timeout from the rp into ASA, so the default timeout is always used. +This patch starts passing along the timeout to ASA, and creates a place for ASA to specify the +mediation of the request, so we can ignore the timeout for requests using conditional mediation. + +Modified API test. + +* Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h: +* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: +* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: +(toWebCore): +(-[_WKWebAuthenticationPanel makeCredentialWithMediationRequirement:clientDataHash:options:completionHandler:]): +(-[_WKWebAuthenticationPanel makeCredentialWithClientDataHash:options:completionHandler:]): +(-[_WKWebAuthenticationPanel getAssertionWithMediationRequirement:clientDataHash:options:completionHandler:]): +(-[_WKWebAuthenticationPanel getAssertionWithClientDataHash:options:completionHandler:]): +* UIProcess/WebAuthentication/AuthenticatorManager.cpp: +(WebKit::AuthenticatorManager::respondReceived): +(WebKit::AuthenticatorManager::initTimeOutTimer): +* UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: +(WebKit::configureRegistrationRequestContext): +(WebKit::configureAssertionOptions): + +2022-03-22 J Pascoe + [WebAuthn] Support getAssertion for virtual HID authenticators https://bugs.webkit.org/show_bug.cgi?id=238154 rdar://problem/90593150 Modified: trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h (291624 => 291625) --- trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h 2022-03-22 16:14:25 UTC (rev 291624) +++ trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h 2022-03-22 17:12:15 UTC (rev 291625) @@ -164,6 +164,7 @@ @property (nonatomic, nullable, copy) NSData *clientDataHash; @property (nonatomic, nullable, readonly, copy) NSString *userVerificationPreference; @property (nonatomic, nullable, copy) ASCWebAuthenticationExtensionsClientInputs *extensions; +@property (nonatomic, nullable, copy) NSNumber *timeout; @property (nonatomic, nullable, readonly, copy) NSArray *allowedCredentials; @@ -194,6 +195,7 @@ @property (nonatomic, nullable, copy) NSStri
[webkit-changes] [291624] trunk/Source
Title: [291624] trunk/Source Revision 291624 Author j_pas...@apple.com Date 2022-03-22 09:14:25 -0700 (Tue, 22 Mar 2022) Log Message [WebAuthn] Support getAssertion for virtual HID authenticators https://bugs.webkit.org/show_bug.cgi?id=238154 rdar://problem/90593150 Reviewed by Brent Fulgham. Source/WebCore: Virtual authenticators for WebAuthn support different transprots: nfc, usb, internal, and ble. Currently, we only fully support the internal transport and makeCredential for usb-transport. The default transport for web-platform-tests is usb. This patch implements getAssertion for hid-based virtual authneticators. * Modules/webauthn/WebAuthenticationUtils.cpp: (WebCore::buildUserEntityMap): (WebCore::buildCredentialDescriptor): * Modules/webauthn/WebAuthenticationUtils.h: * Modules/webauthn/fido/FidoConstants.h: Source/WebKit: Virtual authenticators for WebAuthn support different transports: nfc, usb, internal, and ble. Currently, we only fully support the internal transport and makeCredential for usb-transport. The default transport for web-platform-tests is usb. This patch implements getAssertion for hid-based virtual authneticators. Tested via manually creating virtual authenticator and performing create / get. * UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.cpp: (WebKit::VirtualAuthenticatorManager::addCredential): (WebKit::VirtualAuthenticatorManager::credentialsMatchingList): * UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.h: * UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorUtils.h: * UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorUtils.mm: (WebKit::privateKeyFromBase64): (WebKit::signatureForPrivateKey): * UIProcess/WebAuthentication/Virtual/VirtualHidConnection.cpp: (WebKit::VirtualHidConnection::parseRequest): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h trunk/Source/WebCore/Modules/webauthn/fido/FidoConstants.h trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.cpp trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.h trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorUtils.h trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorUtils.mm trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualHidConnection.cpp Diff Modified: trunk/Source/WebCore/ChangeLog (291623 => 291624) --- trunk/Source/WebCore/ChangeLog 2022-03-22 16:01:26 UTC (rev 291623) +++ trunk/Source/WebCore/ChangeLog 2022-03-22 16:14:25 UTC (rev 291624) @@ -1,3 +1,22 @@ +2022-03-22 J Pascoe + +[WebAuthn] Support getAssertion for virtual HID authenticators +https://bugs.webkit.org/show_bug.cgi?id=238154 +rdar://problem/90593150 + +Reviewed by Brent Fulgham. + +Virtual authenticators for WebAuthn support different transprots: nfc, usb, internal, +and ble. Currently, we only fully support the internal transport and makeCredential for +usb-transport. The default transport for web-platform-tests is usb. This patch implements +getAssertion for hid-based virtual authneticators. + +* Modules/webauthn/WebAuthenticationUtils.cpp: +(WebCore::buildUserEntityMap): +(WebCore::buildCredentialDescriptor): +* Modules/webauthn/WebAuthenticationUtils.h: +* Modules/webauthn/fido/FidoConstants.h: + 2022-03-22 Ricky Mondello It should be possible to copy text out of "AutoFilledAndViewable" password fields Modified: trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp (291623 => 291624) --- trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp 2022-03-22 16:01:26 UTC (rev 291623) +++ trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp 2022-03-22 16:14:25 UTC (rev 291624) @@ -29,6 +29,7 @@ #if ENABLE(WEB_AUTHN) #include "CBORWriter.h" +#include "FidoConstants.h" #include "WebAuthenticationConstants.h" #include #include @@ -87,6 +88,22 @@ return attestedCredentialData; } +cbor::CBORValue::MapValue buildUserEntityMap(const Vector& userId, const String& name, const String& displayName) +{ +cbor::CBORValue::MapValue userEntityMap; +userEntityMap[cbor::CBORValue(fido::kEntityIdMapKey)] = cbor::CBORValue(userId); +userEntityMap[cbor::CBORValue(fido::kEntityNameMapKey)] = cbor::CBORValue(name); +userEntityMap[cbor::CBORValue(fido::kDisplayNameMapKey)] = cbor::CBORValue(displayName); +return userEntityMap; +} + +cbor::CBORValue::MapValue buildCredentialDescriptor(const Vector& credentialId) +{ +cbor::CBORValue::MapValue credential; +credential[cbor::CBORValue("id")] = cbor::CBORValue(credentialId); +return credential; +} + Vector buildAuthData(const String& rpId, const uint8_t flags, const uint32_t counte
[webkit-changes] [291491] trunk
Title: [291491] trunk Revision 291491 Author j_pas...@apple.com Date 2022-03-18 12:11:11 -0700 (Fri, 18 Mar 2022) Log Message Trigger PDF download in captive portal mode instead of using PDF viewer https://bugs.webkit.org/show_bug.cgi?id=237245 rdar://problem/89525531 Reviewed by Chris Dumez. Source/WebKit: This is a stopgap solution since PDF.js needs more cycles to polish. Added API test WKDownload.CaptivePortalPDF. * UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::decidePolicyForResponseShared): * WebProcess/WebPage/WebPage.cpp: (WebKit::WebPage::updatePreferences): Tools: Add API test for captive portal pdf behavior. * TestWebKitAPI/Tests/WebKitCocoa/Download.mm: (tempPDFThatDoesNotExist): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebPageProxy.cpp trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Download.mm Diff Modified: trunk/Source/WebKit/ChangeLog (291490 => 291491) --- trunk/Source/WebKit/ChangeLog 2022-03-18 18:48:50 UTC (rev 291490) +++ trunk/Source/WebKit/ChangeLog 2022-03-18 19:11:11 UTC (rev 291491) @@ -1,3 +1,20 @@ +2022-03-18 J Pascoe + +Trigger PDF download in captive portal mode instead of using PDF viewer +https://bugs.webkit.org/show_bug.cgi?id=237245 +rdar://problem/89525531 + +Reviewed by Chris Dumez. + +This is a stopgap solution since PDF.js needs more cycles to polish. + +Added API test WKDownload.CaptivePortalPDF. + +* UIProcess/WebPageProxy.cpp: +(WebKit::WebPageProxy::decidePolicyForResponseShared): +* WebProcess/WebPage/WebPage.cpp: +(WebKit::WebPage::updatePreferences): + 2022-03-18 Kimmo Kinnunen Recycling a webgl context when it has been lost and restored causes a crash Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.cpp (291490 => 291491) --- trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2022-03-18 18:48:50 UTC (rev 291490) +++ trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2022-03-18 19:11:11 UTC (rev 291491) @@ -5731,6 +5731,8 @@ auto sender = PolicyDecisionSender::create(identifier, [webPageID, frameID, listenerID, process] (const auto& policyDecision) { process->send(Messages::WebPage::DidReceivePolicyDecision(frameID, listenerID, policyDecision, createNetworkExtensionsSandboxExtensions(process)), webPageID); }); +if (process->captivePortalMode() == WebProcessProxy::CaptivePortalMode::Enabled && MIMETypeRegistry::isPDFOrPostScriptMIMEType(navigationResponse->response().mimeType())) +policyAction = PolicyAction::Download; receivedPolicyDecision(policyAction, navigation.get(), nullptr, WTFMove(navigationResponse), WTFMove(sender)); }, ShouldExpectSafeBrowsingResult::No, ShouldExpectAppBoundDomainResult::No); Modified: trunk/Tools/ChangeLog (291490 => 291491) --- trunk/Tools/ChangeLog 2022-03-18 18:48:50 UTC (rev 291490) +++ trunk/Tools/ChangeLog 2022-03-18 19:11:11 UTC (rev 291491) @@ -1,3 +1,16 @@ +2022-03-18 J Pascoe + +Trigger PDF download in captive portal mode instead of using PDF viewer +https://bugs.webkit.org/show_bug.cgi?id=237245 +rdar://problem/89525531 + +Reviewed by Chris Dumez. + +Add API test for captive portal pdf behavior. + +* TestWebKitAPI/Tests/WebKitCocoa/Download.mm: +(tempPDFThatDoesNotExist): + 2022-03-18 Jonathan Bedard [git-webkit] Make radar conditional on authentication Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Download.mm (291490 => 291491) --- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Download.mm 2022-03-18 18:48:50 UTC (rev 291490) +++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Download.mm 2022-03-18 19:11:11 UTC (rev 291491) @@ -45,6 +45,8 @@ #import #import #import +#import +#import #import #import #import @@ -1264,6 +1266,15 @@ return file; } +static NSURL *tempPDFThatDoesNotExist() +{ +NSURL *tempDir = [NSURL fileURLWithPath:[NSTemporaryDirectory() stringByAppendingPathComponent:@"DownloadTest"] isDirectory:YES]; +[[NSFileManager defaultManager] createDirectoryAtURL:tempDir withIntermediateDirectories:YES attributes:nil error:nil]; +NSURL *file = [tempDir URLByAppendingPathComponent:@"example.pdf"]; +[[NSFileManager defaultManager] removeItemAtURL:file error:nil]; +return file; +} + TEST(_WKDownload, Resume) { using namespace TestWebKitAPI; @@ -2617,4 +2628,53 @@ }); } + +static TestWebKitAPI::HTTPServer simplePDFTestServer() +{ +return { [](TestWebKitAPI::Connection connection) { +connection.receiveHTTPRequest([connection](Vector&&) { +connection.send(makeString( +"HTTP/1.1 200 OK\r\n" +"content-type: application/pdf\r\n" +"Content-Length: 5000\r\n" +"\r\n", longString<5000>('a') +)); +}); +} }; } + +TEST(WKDownload, Cap
[webkit-changes] [291423] trunk/Source
Title: [291423] trunk/Source Revision 291423 Author j_pas...@apple.com Date 2022-03-17 11:28:13 -0700 (Thu, 17 Mar 2022) Log Message [WebAuthn] Support makeCredential for virtual HID authenticators https://bugs.webkit.org/show_bug.cgi?id=237984 rdar://problem/90393676 Reviewed by Brent Fulgham. Virtual authenticators for WebAuthn supports different transports: nfc,usb,internal,ble. Currently, we support the internal transport, but the default transport used in web platform tests is usb. This patch implements makeCredential for hid-based virtual authenticators. Virtual credential information is stored in the VirtualCredential struct as suggested by the spec. Source/WebCore: * Modules/webauthn/WebAuthenticationUtils.cpp: (WebCore::buildAttestationMap): (WebCore::buildAttestationObject): * Modules/webauthn/WebAuthenticationUtils.h: * Modules/webauthn/fido/FidoConstants.h: Source/WebKit: Tested manually via creating virtual authenticator and performing create and via wpt tests. * UIProcess/WebAuthentication/Mock/MockHidConnection.cpp: (WebKit::MockHidConnection::parseRequest): (WebKit::MockHidConnection::feedReports): * UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.cpp: (WebKit::VirtualAuthenticatorManager::createAuthenticator): (WebKit::VirtualAuthenticatorManager::addCredential): (WebKit::VirtualAuthenticatorManager::createService const): * UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.h: * UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorUtils.h: Copied from Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualService.h. * UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorUtils.mm: Added. (WebKit::flagsForConfig): (WebKit::createPrivateKey): (WebKit::credentialIdAndCosePubKeyForPrivateKey): (WebKit::base64PrivateKey): * UIProcess/WebAuthentication/Virtual/VirtualCredential.h: Copied from Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualService.h. * UIProcess/WebAuthentication/Virtual/VirtualHidConnection.cpp: Added. (WebKit::VirtualHidConnection::VirtualHidConnection): (WebKit::VirtualHidConnection::initialize): (WebKit::VirtualHidConnection::terminate): (WebKit::VirtualHidConnection::sendSync): (WebKit::VirtualHidConnection::send): (WebKit::VirtualHidConnection::assembleRequest): (WebKit::VirtualHidConnection::receiveHidMessage): (WebKit::VirtualHidConnection::recieveResponseCode): (WebKit::VirtualHidConnection::parseRequest): * UIProcess/WebAuthentication/Virtual/VirtualHidConnection.h: Copied from Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.h. * UIProcess/WebAuthentication/Virtual/VirtualService.h: * UIProcess/WebAuthentication/Virtual/VirtualService.mm: (WebKit::VirtualService::VirtualService): (WebKit::VirtualService::createVirtual): (WebKit::authenticatorInfoForConfig): (WebKit::VirtualService::startDiscoveryInternal): * WebKit.xcodeproj/project.pbxproj: Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h trunk/Source/WebCore/Modules/webauthn/fido/FidoConstants.h trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm trunk/Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.cpp trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.h trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualService.h trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualService.mm trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj Added Paths trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorUtils.h trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorUtils.mm trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualCredential.h trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualHidConnection.cpp trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualHidConnection.h Diff Modified: trunk/Source/WebCore/ChangeLog (291422 => 291423) --- trunk/Source/WebCore/ChangeLog 2022-03-17 18:15:38 UTC (rev 291422) +++ trunk/Source/WebCore/ChangeLog 2022-03-17 18:28:13 UTC (rev 291423) @@ -1,3 +1,22 @@ +2022-03-17 J Pascoe + +[WebAuthn] Support makeCredential for virtual HID authenticators +https://bugs.webkit.org/show_bug.cgi?id=237984 +rdar://problem/90393676 + +Reviewed by Brent Fulgham. + +Virtual authenticators for WebAuthn supports different transports: nfc,usb,internal,ble. +Currently, we support the internal transport, but the default transport used in web platform +tests is usb. This patch implements makeCredential for hid-based virtual authenticators. Virtual +credential information i
[webkit-changes] [291321] trunk/Source/WebKit
Title: [291321] trunk/Source/WebKit Revision 291321 Author j_pas...@apple.com Date 2022-03-15 16:23:54 -0700 (Tue, 15 Mar 2022) Log Message [WebAuthn] Mock UI interactions whenever virtual authenticators are in use. https://bugs.webkit.org/show_bug.cgi?id=237856 rdar://problem/90274854 Reviewed by Brent Fulgham. Tested by wpt's webauthn tests. * UIProcess/WebAuthentication/AuthenticatorManager.h: * UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.cpp: (WebKit::VirtualAuthenticatorManager::runPanel): (WebKit::VirtualAuthenticatorManager::selectAssertionResponse): (WebKit::VirtualAuthenticatorManager::decidePolicyForLocalAuthenticator): * UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.h: Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.h trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.cpp trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.h Diff Modified: trunk/Source/WebKit/ChangeLog (291320 => 291321) --- trunk/Source/WebKit/ChangeLog 2022-03-15 23:16:02 UTC (rev 291320) +++ trunk/Source/WebKit/ChangeLog 2022-03-15 23:23:54 UTC (rev 291321) @@ -1,3 +1,20 @@ +2022-03-15 J Pascoe + +[WebAuthn] Mock UI interactions whenever virtual authenticators are in use. +https://bugs.webkit.org/show_bug.cgi?id=237856 +rdar://problem/90274854 + +Reviewed by Brent Fulgham. + +Tested by wpt's webauthn tests. + +* UIProcess/WebAuthentication/AuthenticatorManager.h: +* UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.cpp: +(WebKit::VirtualAuthenticatorManager::runPanel): +(WebKit::VirtualAuthenticatorManager::selectAssertionResponse): +(WebKit::VirtualAuthenticatorManager::decidePolicyForLocalAuthenticator): +* UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.h: + 2022-03-15 Chris Dumez Make it clearer in the loading logging when it is for the main frame or not Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.h (291320 => 291321) --- trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.h 2022-03-15 23:16:02 UTC (rev 291320) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.h 2022-03-15 23:23:54 UTC (rev 291321) @@ -80,6 +80,12 @@ void clearState(); void invokePendingCompletionHandler(Respond&&); +void decidePolicyForLocalAuthenticator(CompletionHandler&&); +TransportSet getTransports() const; +virtual void runPanel(); +void selectAssertionResponse(Vector>&&, WebAuthenticationSource, CompletionHandler&&); +void startDiscovery(const TransportSet&); + private: enum class Mode { Compatible, @@ -96,8 +102,6 @@ void downgrade(Authenticator* id, Ref&& downgradedAuthenticator) final; void authenticatorStatusUpdated(WebAuthenticationStatus) final; void requestPin(uint64_t retries, CompletionHandler&&) final; -void selectAssertionResponse(Vector>&&, WebAuthenticationSource, CompletionHandler&&) final; -void decidePolicyForLocalAuthenticator(CompletionHandler&&) final; void requestLAContextForUserVerification(CompletionHandler&&) final; void cancelRequest() final; @@ -108,13 +112,10 @@ virtual void filterTransports(TransportSet&) const; virtual void runPresenterInternal(const TransportSet&); -void startDiscovery(const TransportSet&); void initTimeOutTimer(); void timeOutTimerFired(); -void runPanel(); void runPresenter(); void restartDiscovery(); -TransportSet getTransports() const; void dispatchPanelClientCall(Function&&) const; // Request: We only allow one request per time. A new request will cancel any pending ones. Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.cpp (291320 => 291321) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.cpp 2022-03-15 23:16:02 UTC (rev 291320) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.cpp 2022-03-15 23:23:54 UTC (rev 291321) @@ -63,6 +63,27 @@ return VirtualService::createVirtual(transport, observer, configs); } +void VirtualAuthenticatorManager::runPanel() +{ +auto transports = getTransports(); +if (transports.isEmpty()) { +cancel(); +return; +} + +startDiscovery(transports); +} + +void VirtualAuthenticatorManager::selectAssertionResponse(Vector>&& responses, WebAuthenticationSource source, CompletionHandler&& completionHandler) +{ +completionHandler(responses[0].ptr()); +} + +void VirtualAuthenticatorManager::decidePolicyForLocalAuthenticator(CompletionHandler&& completionHandler) +{ +completionHandler(LocalAuthenticatorPolicy::Allow); +} + } // namespace WebKit #endif // ENABLE(WEB_AUTHN) Mod
[webkit-changes] [291196] trunk/Source/WebKit
Title: [291196] trunk/Source/WebKit Revision 291196 Author j_pas...@apple.com Date 2022-03-11 15:30:11 -0800 (Fri, 11 Mar 2022) Log Message [WebAuthn] Unreviewed build fix after r291177 https://bugs.webkit.org/show_bug.cgi?id=237797 rdar://problem/90183881 Remove unused move that is breaking iOS build * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm Diff Modified: trunk/Source/WebKit/ChangeLog (291195 => 291196) --- trunk/Source/WebKit/ChangeLog 2022-03-11 23:25:11 UTC (rev 291195) +++ trunk/Source/WebKit/ChangeLog 2022-03-11 23:30:11 UTC (rev 291196) @@ -1,3 +1,13 @@ +2022-03-11 J Pascoe + +[WebAuthn] Unreviewed build fix after r291177 +https://bugs.webkit.org/show_bug.cgi?id=237797 +rdar://problem/90183881 + +Remove unused move that is breaking iOS build + +* UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: + 2022-03-11 Simon Fraser Do buffer swapping on all RemoteLayerBackingStores before painting all of them Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm (291195 => 291196) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-03-11 23:25:11 UTC (rev 291195) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-03-11 23:30:11 UTC (rev 291196) @@ -401,7 +401,7 @@ #endif // PLATFORM(MAC) || PLATFORM(MACCATALYST) #if PLATFORM(IOS) [m_proxy performAuthorizationRequestsForContext:requestContext.get() withCompletionHandler:makeBlockPtr([handler = WTFMove(handler)](id credential, NSError *error) mutable { -callOnMainRunLoop([handler = WTFMove(handler), proxy = WTFMove(proxy), credential = retainPtr(credential), error = retainPtr(error)] () mutable { +callOnMainRunLoop([handler = WTFMove(handler), credential = retainPtr(credential), error = retainPtr(error)] () mutable { #elif PLATFORM(MAC) RetainPtr window = m_webPageProxy.platformWindow(); [m_proxy performAuthorizationRequestsForContext:requestContext.get() withClearanceHandler:makeBlockPtr([weakThis = WeakPtr { *this }, handler = WTFMove(handler), window = WTFMove(window)](NSXPCListenerEndpoint *daemonEndpoint, NSError *error) mutable { ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [291177] trunk/Source/WebKit
Title: [291177] trunk/Source/WebKit Revision 291177 Author j_pas...@apple.com Date 2022-03-11 10:25:39 -0800 (Fri, 11 Mar 2022) Log Message [WebAuthn] Cancel running operations in ASA on navigation https://bugs.webkit.org/show_bug.cgi?id=237452 rdar://problem/89781990 Reviewed by Brent Fulgham. Pre-ASA WebAuthn calls cancel requests on navigation via calling authenticatorManager.cancelRequest in WebPageProxy. In WebAuthn calls that go through ASA, the authenticatorManager lives in the ASA process, so calls won't be cancelled on navigation. This patch attempts to cancel ongoing operations whenever a WebAuthenticatorCoordinatorProxy that uses ASA is destroyed, effectively cancelling requests on reload or navigation. * Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h: * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp: (WebKit::WebAuthenticatorCoordinatorProxy::~WebAuthenticatorCoordinatorProxy): * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h: Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h Diff Modified: trunk/Source/WebKit/ChangeLog (291176 => 291177) --- trunk/Source/WebKit/ChangeLog 2022-03-11 17:49:14 UTC (rev 291176) +++ trunk/Source/WebKit/ChangeLog 2022-03-11 18:25:39 UTC (rev 291177) @@ -1,5 +1,26 @@ 2022-03-11 J Pascoe +[WebAuthn] Cancel running operations in ASA on navigation +https://bugs.webkit.org/show_bug.cgi?id=237452 +rdar://problem/89781990 + +Reviewed by Brent Fulgham. + +Pre-ASA WebAuthn calls cancel requests on navigation via calling authenticatorManager.cancelRequest +in WebPageProxy. In WebAuthn calls that go through ASA, the authenticatorManager lives in the ASA +process, so calls won't be cancelled on navigation. + +This patch attempts to cancel ongoing operations whenever a WebAuthenticatorCoordinatorProxy that +uses ASA is destroyed, effectively cancelling requests on reload or navigation. + +* Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h: +* UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: +* UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp: +(WebKit::WebAuthenticatorCoordinatorProxy::~WebAuthenticatorCoordinatorProxy): +* UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h: + +2022-03-11 J Pascoe + [WebAuthn] Support authenticatorSelection.residentKey ResidentKeyRequirement https://bugs.webkit.org/show_bug.cgi?id=237567 rdar://89788378 Modified: trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h (291176 => 291177) --- trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h 2022-03-11 17:49:14 UTC (rev 291176) +++ trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h 2022-03-11 18:25:39 UTC (rev 291177) @@ -341,6 +341,8 @@ - (void)performAutoFillAuthorizationRequestsForContext:(ASCCredentialRequestContext *)context withCompletionHandler:(void (^)(id _Nullable credential, NSError * _Nullable error))completionHandler; #endif +- (void)cancelCurrentRequest; + @end @interface ASCAgentProxy : NSObject Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm (291176 => 291177) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-03-11 17:49:14 UTC (rev 291176) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-03-11 18:25:39 UTC (rev 291177) @@ -384,11 +384,11 @@ void WebAuthenticatorCoordinatorProxy::performRequest(RetainPtr requestContext, RequestCompletionHandler&& handler) { -auto proxy = adoptNS([allocASCAgentProxyInstance() init]); +m_proxy = adoptNS([allocASCAgentProxyInstance() init]); #if PLATFORM(MAC) || PLATFORM(MACCATALYST) if ([requestContext respondsToSelector:@selector(requestStyle)] && requestContext.get().requestStyle == ASCredentialRequestStyleAutoFill) { -[proxy performAutoFillAuthorizationRequestsForContext:requestContext.get() withCompletionHandler:makeBlockPtr([weakThis = WeakPtr { *this }, proxy = WTFMove(proxy), handler = WTFMove(handler)](id credential, NSError *error) mutable { -ensureOnMainRunLoop([weakThis, handler = WTFMove(handler), proxy = WTFMove(proxy), credential = retainPtr(credential), error = retainPtr(error)] () mutable { +[m_proxy performAutoFillAuthorizationRequestsForContext:requestContext.get() withCompletionHandler:makeBlockPtr([weakThis = WeakPtr { *t
[webkit-changes] [291176] trunk
Title: [291176] trunk Revision 291176 Author j_pas...@apple.com Date 2022-03-11 09:49:14 -0800 (Fri, 11 Mar 2022) Log Message [WebAuthn] Support authenticatorSelection.residentKey ResidentKeyRequirement https://bugs.webkit.org/show_bug.cgi?id=237567 rdar://89788378 Reviewed by Brent Fulgham and Chris Dumez. Source/WebCore: In Web Authentication level one, relying parties can specify authenticatorSelection.residentKeyRequired, to signify they require a client-side discoverable credential. However, if the authenticator does not support client-side discoverable credentials, the rp has no way to clarify they want a client-side discoverable credential only if available. This patch implements authenticatorSelection.residentKeyRequired introduced in level 2, which has three values 'Preferred', 'Required', and 'Discouraged'. This allows RPs to create a client-side discoverable credential if possible. * CMakeLists.txt: * DerivedSources-input.xcfilelist: * DerivedSources-output.xcfilelist: * DerivedSources.make: * Modules/webauthn/PublicKeyCredentialCreationOptions.h: (WebCore::PublicKeyCredentialCreationOptions::AuthenticatorSelectionCriteria::encode const): (WebCore::PublicKeyCredentialCreationOptions::AuthenticatorSelectionCriteria::decode): * Modules/webauthn/PublicKeyCredentialCreationOptions.idl: * Modules/webauthn/ResidentKeyRequirement.h: Copied from Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorSelectionCriteria.mm. * Modules/webauthn/ResidentKeyRequirement.idl: Copied from Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorSelectionCriteria.mm. * Modules/webauthn/fido/AuthenticatorSupportedOptions.cpp: (fido::AuthenticatorSupportedOptions::setResidentKeyAvailability): (fido::convertToCBOR): (fido::AuthenticatorSupportedOptions::setSupportsResidentKey): Deleted. * Modules/webauthn/fido/AuthenticatorSupportedOptions.h: * Modules/webauthn/fido/DeviceRequestConverter.cpp: (fido::encodeMakeCredenitalRequestAsCBOR): * Modules/webauthn/fido/DeviceRequestConverter.h: * Modules/webauthn/fido/DeviceResponseConverter.cpp: (fido::readCTAPGetInfoResponse): * Sources.txt: * WebCore.xcodeproj/project.pbxproj: Source/WebKit: In Web Authentication level one, relying parties can specify authenticatorSelection.residentKeyRequired, to signify they require a client-side discoverable credential. However, if the authenticator does not support client-side discoverable credentials, the rp has no way to clarify they want a client-side discoverable credential only if available. This patch implements authenticatorSelection.residentKeyRequired introduced in level 2, which has three values 'Preferred', 'Required', and 'Discouraged'. This allows RPs to create a client-side discoverable credential if possible. * UIProcess/API/Cocoa/_WKAuthenticatorSelectionCriteria.h: * UIProcess/API/Cocoa/_WKAuthenticatorSelectionCriteria.mm: (-[_WKAuthenticatorSelectionCriteria init]): * UIProcess/API/Cocoa/_WKResidentKeyRequirement.h: Copied from Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorSelectionCriteria.mm. * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (residentKey): (authenticatorSelectionCriteria): (+[_WKWebAuthenticationPanel encodeMakeCredentialCommandWithClientDataJSON:options:userVerificationAvailability:]): (+[_WKWebAuthenticationPanel encodeMakeCredentialCommandWithClientDataHash:options:userVerificationAvailability:]): * UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp: (WebKit::CtapAuthenticator::makeCredential): * WebKit.xcodeproj/project.pbxproj: Tools: Add API tests for authenticatorSelection.residentKey. * TestWebKitAPI/Tests/WebCore/CtapRequestTest.cpp: (TestWebKitAPI::TEST): * TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp: (TestWebKitAPI::TEST): LayoutTests: Add layout tests using residentKey field. * http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt: * http/wpt/webauthn/public-key-credential-create-failure-hid.https.html: * http/wpt/webauthn/public-key-credential-create-success-hid.https-expected.txt: * http/wpt/webauthn/public-key-credential-create-success-hid.https.html: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https.html trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https-expected.txt trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html trunk/Source/WebCore/CMakeLists.txt trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/DerivedSources-input.xcfilelist trunk/Source/WebCore/DerivedSources-output.xcfilelist trunk/Source/WebCore/DerivedSources.make trunk/Source/WebCore/Modules/webauthn/PublicKeyCredentialCreationOptions.h trunk/Source/WebCore/Modules/webauthn/PublicKeyCredentialCreationOptions.idl trunk/Source/WebCore/Modules/webauthn/fido/AuthenticatorSupportedOptions.cpp trunk/Source/WebCore/Modules/webauthn/fido
[webkit-changes] [291018] trunk
Title: [291018] trunk Revision 291018 Author j_pas...@apple.com Date 2022-03-08 15:51:45 -0800 (Tue, 08 Mar 2022) Log Message [WebAuthn] Using WebAuthn within cross-origin iframe elements https://bugs.webkit.org/show_bug.cgi?id=40 rdar://problem/74830748 Reviewed by Brent Fulgham. Source/WebCore: This patch relaxes the requirement to perform a Web Authentication assertion inside an i-frame with the "publickey-credentials-get" feature policy from 'same-site' to 'cross-origin with consent'. There is an additional requirement that there is only a single cross-origin parent to present to the user in the prompt. If we can't display the updated prompt, then cross-origin assertions are not allowed. Test: http/wpt/webauthn/public-key-credential-cross-origin.https.html * Modules/credentialmanagement/CredentialsContainer.cpp: (WebCore::CredentialsContainer::scopeAndSingleParent): (WebCore::CredentialsContainer::get): (WebCore::CredentialsContainer::isCreate): (WebCore::CredentialsContainer::scope): Deleted. * Modules/credentialmanagement/CredentialsContainer.h: * Modules/webauthn/AuthenticatorCoordinator.cpp: (WebCore::AuthenticatorCoordinator::discoverFromExternalSource const): * Modules/webauthn/AuthenticatorCoordinator.h: * Modules/webauthn/AuthenticatorCoordinatorClient.h: Source/WebKit: This patch relaxes the requirement to perform a Web Authentication assertion inside an i-frame with the "publickey-credentials-get" feature policy from 'same-site' to 'cross-origin with consent'. There is an additional requirement that there is only a single cross-origin parent to present to the user in the prompt. If we can't display the updated prompt, then cross-origin assertions are not allowed. * Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h: * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: (WebKit::configureAssertionOptions): (WebKit::configurationAssertionRequestContext): (WebKit::WebAuthenticatorCoordinatorProxy::contextForRequest): * UIProcess/WebAuthentication/WebAuthenticationRequestData.h: * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp: (WebKit::WebAuthenticatorCoordinatorProxy::makeCredential): (WebKit::WebAuthenticatorCoordinatorProxy::getAssertion): (WebKit::WebAuthenticatorCoordinatorProxy::handleRequest): * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h: * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.messages.in: * WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp: (WebKit::WebAuthenticatorCoordinator::getAssertion): * WebProcess/WebAuthentication/WebAuthenticatorCoordinator.h: LayoutTests: Update existing tests and create new test for cross-origin, non same-site i-frames. * http/wpt/webauthn/public-key-credential-cross-origin.https-expected.txt: Added. * http/wpt/webauthn/public-key-credential-cross-origin.https.html: Added. * http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https-expected.txt: * http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html: * http/wpt/webauthn/resources/public-key-credential-cross-origin.https.html: Added. Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https-expected.txt trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.h trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.h trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinatorClient.h trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationRequestData.h trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.messages.in trunk/Source/WebKit/WebAuthnProcess/WebAuthnConnectionToWebProcess.cpp trunk/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp trunk/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.h Added Paths trunk/LayoutTests/http/wpt/webauthn/public-key-credential-cross-origin.https-expected.txt trunk/LayoutTests/http/wpt/webauthn/public-key-credential-cross-origin.https.html trunk/LayoutTests/http/wpt/webauthn/resources/public-key-credential-cross-origin.https.html Diff Modified: trunk/LayoutTests/ChangeLog (291017 => 291018) --- trunk/LayoutTests/ChangeLog 2022-03-08 23:27:30
[webkit-changes] [290991] trunk/LayoutTests
Title: [290991] trunk/LayoutTests Revision 290991 Author j_pas...@apple.com Date 2022-03-08 08:17:13 -0800 (Tue, 08 Mar 2022) Log Message [ iOS ] 2X http/wpt/webauthn/public-key-credential-create-failure-local (layout-tests) are constant text failures https://bugs.webkit.org/show_bug.cgi?id=237548 rdar://problem/89923849 Unreviewed test gardening. These console messages differing is causing test failures, fixing expectations. * http/wpt/webauthn/public-key-credential-create-failure-local-silent.https-expected.txt: * http/wpt/webauthn/public-key-credential-create-failure-local.https-expected.txt: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local-silent.https-expected.txt trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local.https-expected.txt Diff Modified: trunk/LayoutTests/ChangeLog (290990 => 290991) --- trunk/LayoutTests/ChangeLog 2022-03-08 15:37:17 UTC (rev 290990) +++ trunk/LayoutTests/ChangeLog 2022-03-08 16:17:13 UTC (rev 290991) @@ -1,3 +1,16 @@ +2022-03-08 J Pascoe + +[ iOS ] 2X http/wpt/webauthn/public-key-credential-create-failure-local (layout-tests) are constant text failures +https://bugs.webkit.org/show_bug.cgi?id=237548 +rdar://problem/89923849 + +Unreviewed test gardening. + +These console messages differing is causing test failures, fixing expectations. + +* http/wpt/webauthn/public-key-credential-create-failure-local-silent.https-expected.txt: +* http/wpt/webauthn/public-key-credential-create-failure-local.https-expected.txt: + 2022-03-08 Youenn Fablet Add a preference to mute video capture in case audio capture gets interrupted Modified: trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local-silent.https-expected.txt (290990 => 290991) --- trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local-silent.https-expected.txt 2022-03-08 15:37:17 UTC (rev 290990) +++ trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local-silent.https-expected.txt 2022-03-08 16:17:13 UTC (rev 290991) @@ -2,7 +2,6 @@ CONSOLE MESSAGE: User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' or 'navigator.credentials.get' within user activated events. CONSOLE MESSAGE: User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' or 'navigator.credentials.get' within user activated events. CONSOLE MESSAGE: User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' or 'navigator.credentials.get' within user activated events. -CONSOLE MESSAGE: User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' or 'navigator.credentials.get' within user activated events. PASS PublicKeyCredential's [[create]] with unsupported public key credential parameters in a mock local authenticator. PASS PublicKeyCredential's [[create]] with matched exclude credentials in a mock local authenticator. Modified: trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local.https-expected.txt (290990 => 290991) --- trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local.https-expected.txt 2022-03-08 15:37:17 UTC (rev 290990) +++ trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local.https-expected.txt 2022-03-08 16:17:13 UTC (rev 290991) @@ -5,7 +5,6 @@ CONSOLE MESSAGE: User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' or 'navigator.credentials.get' within user activated events. CONSOLE MESSAGE: User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' or 'navigator.credentials.get' within user activated events. CONSOLE MESSAGE: User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' or 'navigator.credentials.get' within user activated events. -CONSOLE MESSAGE: User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' or 'navigator.credentials.get' within user activated events. PASS PublicKeyCredential's [[create]] with unsupported public key credential parameters in a mock local authenticator. PASS PublicKeyCredential's [[create]] with matched exclude credentials in a mock local authenticator. ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [290893] trunk/Source/WebKit
Title: [290893] trunk/Source/WebKit Revision 290893 Author j_pas...@apple.com Date 2022-03-07 09:37:04 -0800 (Mon, 07 Mar 2022) Log Message [WebAuthn] Provide global frame identifier to ASCAgent SPI https://bugs.webkit.org/show_bug.cgi?id=237454 rdar://problem/89782147 Reviewed by Brent Fulgham. For purposes related to conditional mediation, the ASCAgent SPI need to know what frame requested the assertion. This patch starts passing that along. * Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h: * UIProcess/WebAuthentication/AuthenticatorManager.cpp: (WebKit::AuthenticatorManager::cancelRequest): (WebKit::AuthenticatorManager::runPanel): * UIProcess/WebAuthentication/Cocoa/AuthenticationServicesCoreSoftLink.h: * UIProcess/WebAuthentication/Cocoa/AuthenticationServicesCoreSoftLink.mm: * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: (WebKit::configurationAssertionRequestContext): (WebKit::WebAuthenticatorCoordinatorProxy::contextForRequest): * UIProcess/WebAuthentication/WebAuthenticationRequestData.h: Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesCoreSoftLink.h trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesCoreSoftLink.mm trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationRequestData.h Diff Modified: trunk/Source/WebKit/ChangeLog (290892 => 290893) --- trunk/Source/WebKit/ChangeLog 2022-03-07 17:29:22 UTC (rev 290892) +++ trunk/Source/WebKit/ChangeLog 2022-03-07 17:37:04 UTC (rev 290893) @@ -1,3 +1,26 @@ +2022-03-07 J Pascoe + +[WebAuthn] Provide global frame identifier to ASCAgent SPI +https://bugs.webkit.org/show_bug.cgi?id=237454 +rdar://problem/89782147 + +Reviewed by Brent Fulgham. + +For purposes related to conditional mediation, the ASCAgent SPI +need to know what frame requested the assertion. This patch starts +passing that along. + +* Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h: +* UIProcess/WebAuthentication/AuthenticatorManager.cpp: +(WebKit::AuthenticatorManager::cancelRequest): +(WebKit::AuthenticatorManager::runPanel): +* UIProcess/WebAuthentication/Cocoa/AuthenticationServicesCoreSoftLink.h: +* UIProcess/WebAuthentication/Cocoa/AuthenticationServicesCoreSoftLink.mm: +* UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: +(WebKit::configurationAssertionRequestContext): +(WebKit::WebAuthenticatorCoordinatorProxy::contextForRequest): +* UIProcess/WebAuthentication/WebAuthenticationRequestData.h: + 2022-03-07 Peng Liu Small cleanups of media code Modified: trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h (290892 => 290893) --- trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h 2022-03-07 17:29:22 UTC (rev 290892) +++ trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h 2022-03-07 17:37:04 UTC (rev 290893) @@ -234,6 +234,13 @@ ASCredentialRequestStyleAutoFill, }; +@class ASCGlobalFrameIdentifier; + +@interface ASCGlobalFrameIdentifier : NSObject +@property (nonatomic, copy) NSNumber *webPageID; +@property (nonatomic, copy) NSNumber *webFrameID; +@end + @interface ASCCredentialRequestContext : NSObject - (instancetype)init NS_UNAVAILABLE; @@ -252,6 +259,7 @@ @property (nonatomic) ASCredentialRequestStyle requestStyle; +@property (nonatomic, nullable, copy) ASCGlobalFrameIdentifier *globalFrameID; @end @protocol ASCCredentialProtocol Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp (290892 => 290893) --- trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp 2022-03-07 17:29:22 UTC (rev 290892) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp 2022-03-07 17:37:04 UTC (rev 290893) @@ -198,7 +198,7 @@ { if (!m_pendingCompletionHandler) return; -if (auto pendingFrameID = m_pendingRequestData.frameID) { +if (auto pendingFrameID = m_pendingRequestData.globalFrameID) { if (pendingFrameID->pageID != pageID) return; if (frameID && frameID != pendingFrameID->frameID) @@ -447,8 +447,8 @@ auto* page = m_pendingRequestData.page.get(); if (!page) return; -ASSERT(m_pendingRequestData.frameID && page->webPageID() == m_pendingRequestData.frameID->pageID); -auto* frame = page->process().webFrame(m_pendingRequestData.frameID->frameID); +ASSERT(m_pendingRequestData.globalFrameID && page->webPageID() == m_pendingRequestData.globalFrameID->pageID); +auto* frame = page->process().webFrame(m_pending
[webkit-changes] [290840] trunk/Source/WebKit
Title: [290840] trunk/Source/WebKit Revision 290840 Author j_pas...@apple.com Date 2022-03-04 12:33:12 -0800 (Fri, 04 Mar 2022) Log Message [WebAuthn] Don't use decidePolicyForLocalAuthenticator for Web Authentication Modern https://bugs.webkit.org/show_bug.cgi?id=225646 rdar://78147681 Reviewed by Brent Fulgham. decidePolicyForLocalAuthenticator is not implemented for the _WKWebAuthenticationPanelDelegate used for modern because the prompt to allow Touch/FaceID comes earlier in the process. * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: (WebKit::LocalAuthenticator::makeCredential): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm Diff Modified: trunk/Source/WebKit/ChangeLog (290839 => 290840) --- trunk/Source/WebKit/ChangeLog 2022-03-04 19:40:31 UTC (rev 290839) +++ trunk/Source/WebKit/ChangeLog 2022-03-04 20:33:12 UTC (rev 290840) @@ -1,3 +1,17 @@ +2022-03-04 J Pascoe + +[WebAuthn] Don't use decidePolicyForLocalAuthenticator for Web Authentication Modern +https://bugs.webkit.org/show_bug.cgi?id=225646 +rdar://78147681 + +Reviewed by Brent Fulgham. + +decidePolicyForLocalAuthenticator is not implemented for the _WKWebAuthenticationPanelDelegate +used for modern because the prompt to allow Touch/FaceID comes earlier in the process. + +* UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: +(WebKit::LocalAuthenticator::makeCredential): + 2022-03-04 Per Arne Vollan [iOS] Hard link AVPictureInPictureController Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm (290839 => 290840) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2022-03-04 19:40:31 UTC (rev 290839) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2022-03-04 20:33:12 UTC (rev 290840) @@ -249,7 +249,11 @@ else weakThis->receiveException({ NotAllowedError, "This request has been cancelled by the user."_s }); }; -observer()->decidePolicyForLocalAuthenticator(WTFMove(callback)); +// Similar to below, consent has already been given. +if (webAuthenticationModernEnabled()) +callback(LocalAuthenticatorPolicy::Allow); +else +observer()->decidePolicyForLocalAuthenticator(WTFMove(callback)); return; } } ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [290751] trunk/LayoutTests
Title: [290751] trunk/LayoutTests Revision 290751 Author j_pas...@apple.com Date 2022-03-02 13:04:20 -0800 (Wed, 02 Mar 2022) Log Message [WebAuthn] Remove obsolete failed attestation tests https://bugs.webkit.org/show_bug.cgi?id=237346 rdar://problem/89647260 Reviewed by Brent Fulgham. The removed items tested that creation fails whenever attestation fails, however we've changed behavior such that creation succeeds with 'none' attestation in this case, making these failure tests obsolete. * http/wpt/webauthn/public-key-credential-create-failure-local-silent.https-expected.txt: * http/wpt/webauthn/public-key-credential-create-failure-local-silent.https.html: * http/wpt/webauthn/public-key-credential-create-failure-local.https-expected.txt: * http/wpt/webauthn/public-key-credential-create-failure-local.https.html: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local-silent.https-expected.txt trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local-silent.https.html trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local.https-expected.txt trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local.https.html Diff Modified: trunk/LayoutTests/ChangeLog (290750 => 290751) --- trunk/LayoutTests/ChangeLog 2022-03-02 20:59:53 UTC (rev 290750) +++ trunk/LayoutTests/ChangeLog 2022-03-02 21:04:20 UTC (rev 290751) @@ -1,3 +1,20 @@ +2022-03-02 J Pascoe + +[WebAuthn] Remove obsolete failed attestation tests +https://bugs.webkit.org/show_bug.cgi?id=237346 +rdar://problem/89647260 + +Reviewed by Brent Fulgham. + +The removed items tested that creation fails whenever attestation fails, however +we've changed behavior such that creation succeeds with 'none' attestation in this +case, making these failure tests obsolete. + +* http/wpt/webauthn/public-key-credential-create-failure-local-silent.https-expected.txt: +* http/wpt/webauthn/public-key-credential-create-failure-local-silent.https.html: +* http/wpt/webauthn/public-key-credential-create-failure-local.https-expected.txt: +* http/wpt/webauthn/public-key-credential-create-failure-local.https.html: + 2022-03-02 Matteo Flores [ iOS Debug ] editing/async-clipboard/* 20 tests are flaky timeouts on iOS. Modified: trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local-silent.https-expected.txt (290750 => 290751) --- trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local-silent.https-expected.txt 2022-03-02 20:59:53 UTC (rev 290750) +++ trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local-silent.https-expected.txt 2022-03-02 21:04:20 UTC (rev 290751) @@ -9,5 +9,4 @@ PASS PublicKeyCredential's [[create]] with matched exclude credentials in a mock local authenticator. 2nd PASS PublicKeyCredential's [[create]] without user consent in a mock local authenticator. PASS PublicKeyCredential's [[create]] without private keys in a mock local authenticator. -PASS PublicKeyCredential's [[create]] without attestation in a mock local authenticator. Modified: trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local-silent.https.html (290750 => 290751) --- trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local-silent.https.html 2022-03-02 20:59:53 UTC (rev 290750) +++ trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local-silent.https.html 2022-03-02 21:04:20 UTC (rev 290751) @@ -129,33 +129,4 @@ internals.setMockWebAuthenticationConfiguration({ silentFailure: true, local: { userVerification: "yes", acceptAttestation: false } }); return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Operation timed out."); }, "PublicKeyCredential's [[create]] without private keys in a mock local authenticator."); - -promise_test(async t => { -const privateKeyBase64 = await generatePrivateKeyBase64(); -const credentialID = await calculateCredentialID(privateKeyBase64); -const credentialIDBase64 = base64encode(credentialID); - -const options = { -publicKey: { -rp: { -name: "example.com" -}, -user: { -name: "John Appleseed", -id: Base64URL.parse(testUserhandleBase64), -displayName: "John", -}, -challenge: asciiToUint8Array("123456"), -pubKeyCredParams: [{ type: "public-key", alg: -7 }], -attestation: "direct", -timeout: 10 -} -}; -if (window.internals) -internals.setMockWebAuthenticationConfiguration({ silentFailure: true, local: { userVerification: "yes", acc
[webkit-changes] [290744] trunk/Source/WebKit
Title: [290744] trunk/Source/WebKit Revision 290744 Author j_pas...@apple.com Date 2022-03-02 11:47:21 -0800 (Wed, 02 Mar 2022) Log Message [WebAuthn] Ensure presenter gets dismissed on iOS https://bugs.webkit.org/show_bug.cgi?id=237336 rdar://81609371 Reviewed by Brent Fulgham. Always call [m_presenter dismissWithError] to ensure presenter gets dismissed. * UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.mm: (WebKit::AuthenticatorPresenterCoordinator::dimissPresenter): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.mm Diff Modified: trunk/Source/WebKit/ChangeLog (290743 => 290744) --- trunk/Source/WebKit/ChangeLog 2022-03-02 19:39:49 UTC (rev 290743) +++ trunk/Source/WebKit/ChangeLog 2022-03-02 19:47:21 UTC (rev 290744) @@ -1,3 +1,16 @@ +2022-03-02 J Pascoe + +[WebAuthn] Ensure presenter gets dismissed on iOS +https://bugs.webkit.org/show_bug.cgi?id=237336 +rdar://81609371 + +Reviewed by Brent Fulgham. + +Always call [m_presenter dismissWithError] to ensure presenter gets dismissed. + +* UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.mm: +(WebKit::AuthenticatorPresenterCoordinator::dimissPresenter): + 2022-03-02 Chris Dumez Mousemove events double-firing in Safari Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.mm (290743 => 290744) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.mm 2022-03-02 19:39:49 UTC (rev 290743) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.mm 2022-03-02 19:47:21 UTC (rev 290744) @@ -244,7 +244,6 @@ // FIXME(219767): Replace the ASCAppleIDCredential with the upcoming WebAuthn credentials one. // This is just a place holder to tell the UI that the ceremony succeeds. m_credentialRequestHandler(adoptNS([WebKit::allocASCAppleIDCredentialInstance() initWithUser:@"" identityToken:adoptNS([[NSData alloc] init]).get() state:nil]).get(), nil); -return; } [m_presenter dismissWithError:nil]; ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [290652] trunk/Tools
Title: [290652] trunk/Tools Revision 290652 Author j_pas...@apple.com Date 2022-03-01 09:40:35 -0800 (Tue, 01 Mar 2022) Log Message REGRESSION(r290539-r290538): [ iOS ] 3 TestWebKitAPI.WebAuthenticationPanel.* tests are constantly failing/crashing. https://bugs.webkit.org/show_bug.cgi?id=237285 rdar://problem/89579460 Reviewed by Brent Fulgham. Remove obsolete API test and ensure another has clean state. * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (TestWebKitAPI::TEST): Modified Paths trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Tools/ChangeLog (290651 => 290652) --- trunk/Tools/ChangeLog 2022-03-01 17:17:45 UTC (rev 290651) +++ trunk/Tools/ChangeLog 2022-03-01 17:40:35 UTC (rev 290652) @@ -1,3 +1,16 @@ +2022-03-01 J Pascoe + +REGRESSION(r290539-r290538): [ iOS ] 3 TestWebKitAPI.WebAuthenticationPanel.* tests are constantly failing/crashing. +https://bugs.webkit.org/show_bug.cgi?id=237285 +rdar://problem/89579460 + +Reviewed by Brent Fulgham. + +Remove obsolete API test and ensure another has clean state. + +* TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: +(TestWebKitAPI::TEST): + 2022-03-01 Commit Queue Unreviewed, reverting r290325. Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm (290651 => 290652) --- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2022-03-01 17:17:45 UTC (rev 290651) +++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2022-03-01 17:40:35 UTC (rev 290652) @@ -1384,6 +1384,9 @@ TEST(WebAuthenticationPanel, LANoCredential) { reset(); +// In case this wasn't cleaned up by another test. +cleanUpKeychain(""); + RetainPtr testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-get-assertion-la" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]; auto *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES]; @@ -1471,33 +1474,6 @@ [webView waitForMessage:@"This request has been cancelled by the user."]; } -TEST(WebAuthenticationPanel, LAMakeCredentialRollBackCredential) -{ -reset(); -RetainPtr testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-make-credential-la-no-attestation" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]; - -auto *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES]; -[[configuration preferences] _setEnabled:NO forExperimentalFeature:webAuthenticationModernExperimentalFeature()]; - -auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSZeroRect configuration:configuration]); -auto delegate = adoptNS([[TestWebAuthenticationPanelUIDelegate alloc] init]); -[webView setUIDelegate:delegate.get()]; -[webView focus]; - -localAuthenticatorPolicy = _WKLocalAuthenticatorPolicyAllow; -[webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]]; -[webView waitForMessage:@"Couldn't attest: The operation couldn't complete."]; - -NSDictionary *query = @{ -(id)kSecClass: (id)kSecClassKey, -(id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate, -(id)kSecAttrLabel: @"", -(id)kSecUseDataProtectionKeychain: @YES -}; -OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, nullptr); -EXPECT_EQ(status, errSecItemNotFound); -} - #if PLATFORM(MAC) TEST(WebAuthenticationPanel, LAGetAssertion) ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [290539] trunk
Title: [290539] trunk Revision 290539 Author j_pas...@apple.com Date 2022-02-25 17:47:04 -0800 (Fri, 25 Feb 2022) Log Message [WebAuthn] Fallback to attestation=none whenever attestation fails https://bugs.webkit.org/show_bug.cgi?id=237223 rdar://88767812 Reviewed by Brent Fulgham. Source/WebKit: Whenever attestation is requested by a RP and it fails to complete, we previously errored out of the registration. The more correct platform behavior in this case is to provide attestation=none. Created API test for this behavior. * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: (WebKit::LocalAuthenticator::continueMakeCredentialAfterAttested): Tools: Add test for local authenticator attestation fallback behavior. * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (TestWebKitAPI::TEST): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Source/WebKit/ChangeLog (290538 => 290539) --- trunk/Source/WebKit/ChangeLog 2022-02-26 01:19:30 UTC (rev 290538) +++ trunk/Source/WebKit/ChangeLog 2022-02-26 01:47:04 UTC (rev 290539) @@ -1,3 +1,20 @@ +2022-02-25 J Pascoe + +[WebAuthn] Fallback to attestation=none whenever attestation fails +https://bugs.webkit.org/show_bug.cgi?id=237223 +rdar://88767812 + +Reviewed by Brent Fulgham. + +Whenever attestation is requested by a RP and it fails to complete, +we previously errored out of the registration. The more correct platform +behavior in this case is to provide attestation=none. + +Created API test for this behavior. + +* UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: +(WebKit::LocalAuthenticator::continueMakeCredentialAfterAttested): + 2022-02-25 Per Arne Vollan [macOS] Add access to required mach service in the Network process Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm (290538 => 290539) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2022-02-26 01:19:30 UTC (rev 290538) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2022-02-26 01:47:04 UTC (rev 290539) @@ -465,7 +465,9 @@ auto& creationOptions = std::get(requestData().options); if (error) { -receiveException({ UnknownError, makeString("Couldn't attest: ", String(error.localizedDescription)) }); +LOG_ERROR("Couldn't attest: %s", String(error.localizedDescription).utf8().data()); +auto attestationObject = buildAttestationObject(WTFMove(authData), "", { }, AttestationConveyancePreference::None); +receiveRespond(AuthenticatorAttestationResponse::create(credentialId, attestationObject, AuthenticatorAttachment::Platform)); return; } // Attestation Certificate and Attestation Issuing CA Modified: trunk/Tools/ChangeLog (290538 => 290539) --- trunk/Tools/ChangeLog 2022-02-26 01:19:30 UTC (rev 290538) +++ trunk/Tools/ChangeLog 2022-02-26 01:47:04 UTC (rev 290539) @@ -1,3 +1,16 @@ +2022-02-25 J Pascoe + +[WebAuthn] Fallback to attestation=none whenever attestation fails +https://bugs.webkit.org/show_bug.cgi?id=237223 +rdar://88767812 + +Reviewed by Brent Fulgham. + +Add test for local authenticator attestation fallback behavior. + +* TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: +(TestWebKitAPI::TEST): + 2022-02-25 Brent Fulgham WebKit continues to render PDF images in Captive Portal mode Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm (290538 => 290539) --- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2022-02-26 01:19:30 UTC (rev 290538) +++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2022-02-26 01:47:04 UTC (rev 290539) @@ -1928,6 +1928,39 @@ }]; Util::run(&webAuthenticationPanelRan); } + +TEST(WebAuthenticationPanel, MakeCredentialLAAttestationFalback) +{ +reset(); + +uint8_t identifier[] = { 0x01, 0x02, 0x03, 0x04 }; +uint8_t hash[] = { 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04 }; +NSData *nsIdentifier = [NSData dataWithBytes:identifier length:sizeof(identifier)]; +auto nsHash = adoptNS([[NSData alloc] initWithBytes:hash length:sizeof(hash)]); +auto parameters = adoptNS([[_WKPublicKeyCredentialParameters alloc] initWithAlgorithm:@-7]); + +auto rp = adoptNS([[_WKPublicKeyCredentialRelyingPartyEntity alloc] initWithName:@"example.com"]); +[rp setIdentifier:@"example.com"]; +auto user = adoptNS([[_WKPublicKeyCredentialUserEntity alloc] initWithName:@"ja
[webkit-changes] [290515] trunk
Title: [290515] trunk Revision 290515 Author j_pas...@apple.com Date 2022-02-25 10:44:20 -0800 (Fri, 25 Feb 2022) Log Message [WebAuthn] Use default pubKeyCredParams if empty in makeCredential https://bugs.webkit.org/show_bug.cgi?id=237109 rdar://problem/89376484 Reviewed by Brent Fulgham. Source/WebCore: The Web Authentication level 2 spec was updated to clarify that a set of default pubKeyCredParams should be used if the list supplied by the RP is empty. This patch starts using the default and updates associated tests. * Modules/webauthn/AuthenticatorCoordinator.cpp: (WebCore::AuthenticatorCoordinator::create const): * Modules/webauthn/PublicKeyCredentialCreationOptions.h: * Modules/webauthn/WebAuthenticationConstants.h: LayoutTests: Update tests to take in account using default pubKeyCredParams. * http/wpt/webauthn/public-key-credential-create-failure.https-expected.txt: * http/wpt/webauthn/public-key-credential-create-failure.https.html: * http/wpt/webauthn/public-key-credential-create-success-hid.https-expected.txt: * http/wpt/webauthn/public-key-credential-create-success-hid.https.html: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure.https-expected.txt trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure.https.html trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https-expected.txt trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp trunk/Source/WebCore/Modules/webauthn/PublicKeyCredentialCreationOptions.h trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h Diff Modified: trunk/LayoutTests/ChangeLog (290514 => 290515) --- trunk/LayoutTests/ChangeLog 2022-02-25 17:23:52 UTC (rev 290514) +++ trunk/LayoutTests/ChangeLog 2022-02-25 18:44:20 UTC (rev 290515) @@ -1,3 +1,18 @@ +2022-02-25 J Pascoe + +[WebAuthn] Use default pubKeyCredParams if empty in makeCredential +https://bugs.webkit.org/show_bug.cgi?id=237109 +rdar://problem/89376484 + +Reviewed by Brent Fulgham. + +Update tests to take in account using default pubKeyCredParams. + +* http/wpt/webauthn/public-key-credential-create-failure.https-expected.txt: +* http/wpt/webauthn/public-key-credential-create-failure.https.html: +* http/wpt/webauthn/public-key-credential-create-success-hid.https-expected.txt: +* http/wpt/webauthn/public-key-credential-create-success-hid.https.html: + 2022-02-25 Alan Bujtas [Tables] Incorrect table sizing when colgroup comes after tbody Modified: trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure.https-expected.txt (290514 => 290515) --- trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure.https-expected.txt 2022-02-25 17:23:52 UTC (rev 290514) +++ trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure.https-expected.txt 2022-02-25 18:44:20 UTC (rev 290515) @@ -7,7 +7,6 @@ PASS PublicKeyCredential's [[create]] with timeout PASS PublicKeyCredential's [[create]] with a mismatched RP ID -PASS PublicKeyCredential's [[create]] with an empty pubKeyCredParams PASS PublicKeyCredential's [[create]] with two consecutive requests PASS PublicKeyCredential's [[create]] with two consecutive requests (2) PASS PublicKeyCredential's [[create]] with new requests in a new page Modified: trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure.https.html (290514 => 290515) --- trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure.https.html 2022-02-25 17:23:52 UTC (rev 290514) +++ trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure.https.html 2022-02-25 18:44:20 UTC (rev 290515) @@ -54,27 +54,6 @@ const options = { publicKey: { rp: { -name: "localhost", -id: "localhost" -}, -user: { -name: "John Appleseed", -id: asciiToUint8Array("123456"), -displayName: "Appleseed", -}, -challenge: asciiToUint8Array("123456"), -pubKeyCredParams: [ ], -} -}; - -return promiseRejects(t, "NotSupportedError", -navigator.credentials.create(options), "Unable to create credential because options.pubKeyCredParams is empty."); -}, "PublicKeyCredential's [[create]] with an empty pubKeyCredParams"); - -promise_test(function(t) { -const options = { -publicKey: { -rp: { name: "example.com" }, user: { Modified: trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https-expected.txt (290514 => 2905
[webkit-changes] [290441] trunk/Tools
Title: [290441] trunk/Tools Revision 290441 Author j_pas...@apple.com Date 2022-02-24 10:02:18 -0800 (Thu, 24 Feb 2022) Log Message Add myself (John Pascoe) to watchlist for authentication and WebCrypto https://bugs.webkit.org/show_bug.cgi?id=237121 rdar://problem/89385797 Reviewed by Alexey Proskuryakov. * Scripts/webkitpy/common/config/watchlist: Modified Paths trunk/Tools/ChangeLog trunk/Tools/Scripts/webkitpy/common/config/watchlist Diff Modified: trunk/Tools/ChangeLog (290440 => 290441) --- trunk/Tools/ChangeLog 2022-02-24 17:55:51 UTC (rev 290440) +++ trunk/Tools/ChangeLog 2022-02-24 18:02:18 UTC (rev 290441) @@ -1,3 +1,13 @@ +2022-02-24 J Pascoe + +Add myself (John Pascoe) to watchlist for authentication and WebCrypto +https://bugs.webkit.org/show_bug.cgi?id=237121 +rdar://problem/89385797 + +Reviewed by Alexey Proskuryakov. + +* Scripts/webkitpy/common/config/watchlist: + 2022-02-22 Jonathan Bedard [run-webkit-tests] Use Python 3 (Part 2) Modified: trunk/Tools/Scripts/webkitpy/common/config/watchlist (290440 => 290441) --- trunk/Tools/Scripts/webkitpy/common/config/watchlist 2022-02-24 17:55:51 UTC (rev 290440) +++ trunk/Tools/Scripts/webkitpy/common/config/watchlist 2022-02-24 18:02:18 UTC (rev 290441) @@ -476,9 +476,9 @@ "WebSocket": [ "yu...@chromium.org", "toyos...@chromium.org" ], "webkitperl": [ "jbed...@apple.com" ], "webkitpy": [ "gl...@skynav.com", "jbed...@apple.com" ], -"AppSSO": [ "jiewen_...@apple.com" ], -"WebAuthenticationAPI": [ "jiewen_...@apple.com" ], -"WebCryptoAPI": [ "jiewen_...@apple.com" ], +"AppSSO": [ "j_pas...@apple.com" ], +"WebAuthenticationAPI": [ "j_pas...@apple.com" ], +"WebCryptoAPI": [ "j_pas...@apple.com" ], "WebGPU": [ "mmaxfi...@apple.com", "changs...@webkit.org" ], "WebRTC": [ "eric.carl...@apple.com" ], "WHLSL": [ "mmaxfi...@apple.com" ], ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [290392] trunk
Title: [290392] trunk Revision 290392 Author j_pas...@apple.com Date 2022-02-23 14:33:42 -0800 (Wed, 23 Feb 2022) Log Message [WebAuthn] Improve error message for missing pubKeyCredParams https://bugs.webkit.org/show_bug.cgi?id=235421 rdar://87884875 Reviewed by Brent Fulgham. Source/WebCore: We have seen confusion from library authors around the language used in this error not indicating enough information about what the problem is. This patch adds additional information, useful to developers seeing this error. * Modules/webauthn/AuthenticatorCoordinator.cpp: (WebCore::AuthenticatorCoordinator::create const): LayoutTests: Update test to reflect new error message. * http/wpt/webauthn/public-key-credential-create-failure.https.html: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure.https.html trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp Diff Modified: trunk/LayoutTests/ChangeLog (290391 => 290392) --- trunk/LayoutTests/ChangeLog 2022-02-23 21:40:10 UTC (rev 290391) +++ trunk/LayoutTests/ChangeLog 2022-02-23 22:33:42 UTC (rev 290392) @@ -1,3 +1,15 @@ +2022-02-23 J Pascoe + +[WebAuthn] Improve error message for missing pubKeyCredParams +https://bugs.webkit.org/show_bug.cgi?id=235421 +rdar://87884875 + +Reviewed by Brent Fulgham. + +Update test to reflect new error message. + +* http/wpt/webauthn/public-key-credential-create-failure.https.html: + 2022-02-23 Alan Bujtas [Subpixel] imported/w3c/web-platform-tests/css/css-flexbox/auto-margins-001.html fails at certain font sizes Modified: trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure.https.html (290391 => 290392) --- trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure.https.html 2022-02-23 21:40:10 UTC (rev 290391) +++ trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure.https.html 2022-02-23 22:33:42 UTC (rev 290392) @@ -68,7 +68,7 @@ }; return promiseRejects(t, "NotSupportedError", -navigator.credentials.create(options), "No desired properties of the to be created credential are provided."); +navigator.credentials.create(options), "Unable to create credential because options.pubKeyCredParams is empty."); }, "PublicKeyCredential's [[create]] with an empty pubKeyCredParams"); promise_test(function(t) { Modified: trunk/Source/WebCore/ChangeLog (290391 => 290392) --- trunk/Source/WebCore/ChangeLog 2022-02-23 21:40:10 UTC (rev 290391) +++ trunk/Source/WebCore/ChangeLog 2022-02-23 22:33:42 UTC (rev 290392) @@ -1,3 +1,19 @@ +2022-02-23 J Pascoe + +[WebAuthn] Improve error message for missing pubKeyCredParams +https://bugs.webkit.org/show_bug.cgi?id=235421 +rdar://87884875 + +Reviewed by Brent Fulgham. + +We have seen confusion from library authors around the language +used in this error not indicating enough information about what +the problem is. This patch adds additional information, useful +to developers seeing this error. + +* Modules/webauthn/AuthenticatorCoordinator.cpp: +(WebCore::AuthenticatorCoordinator::create const): + 2022-02-23 Alan Bujtas [IFC][Integration] LineLayout::firstLinePhysicalBaseline/lastLineLogicalBaseline should flip box baseline value for vertical-lr Modified: trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp (290391 => 290392) --- trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp 2022-02-23 21:40:10 UTC (rev 290391) +++ trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp 2022-02-23 22:33:42 UTC (rev 290392) @@ -141,7 +141,7 @@ // Most of the jobs are done by bindings. However, we can't know if the JSValue of options.pubKeyCredParams // is empty or not. Return NotSupportedError as long as it is empty. if (options.pubKeyCredParams.isEmpty()) { -promise.reject(Exception { NotSupportedError, "No desired properties of the to be created credential are provided."_s }); +promise.reject(Exception { NotSupportedError, "Unable to create credential because options.pubKeyCredParams is empty."_s }); return; } ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [290384] trunk/Source
Title: [290384] trunk/Source Revision 290384 Author j_pas...@apple.com Date 2022-02-23 11:02:54 -0800 (Wed, 23 Feb 2022) Log Message Prevent use of PDFKit when using PDF.js https://bugs.webkit.org/show_bug.cgi?id=237052 rdar://89251696 Reviewed by Tim Horton. Source/WebCore: Add WEBCORE_EXPORT in order to use isPDFMIMEType. * platform/MIMETypeRegistry.h: Source/WebKit: PDFKit was still being used by embeds, this patch fixes that issue by treating pdf embeds as frames if PDF.js is enabled and also prevents the loading of the PDFKit plugin entirely by modifying shouldUsePDFPlugin. * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp: (WebKit::WebFrameLoaderClient::objectContentType): * WebProcess/WebPage/mac/WebPageMac.mm: (WebKit::WebPage::shouldUsePDFPlugin const): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/platform/MIMETypeRegistry.h trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp trunk/Source/WebKit/WebProcess/WebPage/mac/WebPageMac.mm Diff Modified: trunk/Source/WebCore/ChangeLog (290383 => 290384) --- trunk/Source/WebCore/ChangeLog 2022-02-23 18:36:23 UTC (rev 290383) +++ trunk/Source/WebCore/ChangeLog 2022-02-23 19:02:54 UTC (rev 290384) @@ -1,3 +1,15 @@ +2022-02-23 J Pascoe + +Prevent use of PDFKit when using PDF.js +https://bugs.webkit.org/show_bug.cgi?id=237052 +rdar://89251696 + +Reviewed by Tim Horton. + +Add WEBCORE_EXPORT in order to use isPDFMIMEType. + +* platform/MIMETypeRegistry.h: + 2022-02-23 Alan Bujtas [IFC][Integration] LineLayout::firstInlineBoxRect should flip the rect coordinates for vertical-rl Modified: trunk/Source/WebCore/platform/MIMETypeRegistry.h (290383 => 290384) --- trunk/Source/WebCore/platform/MIMETypeRegistry.h 2022-02-23 18:36:23 UTC (rev 290383) +++ trunk/Source/WebCore/platform/MIMETypeRegistry.h 2022-02-23 19:02:54 UTC (rev 290384) @@ -105,7 +105,7 @@ static bool isApplicationPluginMIMEType(const String& mimeType); // Check to see if a MIME type is one of the common PDF/PS types. -static bool isPDFMIMEType(const String& mimeType); +WEBCORE_EXPORT static bool isPDFMIMEType(const String& mimeType); static bool isPostScriptMIMEType(const String& mimeType); WEBCORE_EXPORT static bool isPDFOrPostScriptMIMEType(const String& mimeType); Modified: trunk/Source/WebKit/ChangeLog (290383 => 290384) --- trunk/Source/WebKit/ChangeLog 2022-02-23 18:36:23 UTC (rev 290383) +++ trunk/Source/WebKit/ChangeLog 2022-02-23 19:02:54 UTC (rev 290384) @@ -1,5 +1,22 @@ 2022-02-23 J Pascoe +Prevent use of PDFKit when using PDF.js +https://bugs.webkit.org/show_bug.cgi?id=237052 +rdar://89251696 + +Reviewed by Tim Horton. + +PDFKit was still being used by embeds, this patch fixes that issue by treating +pdf embeds as frames if PDF.js is enabled and also prevents the loading of +the PDFKit plugin entirely by modifying shouldUsePDFPlugin. + +* WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp: +(WebKit::WebFrameLoaderClient::objectContentType): +* WebProcess/WebPage/mac/WebPageMac.mm: +(WebKit::WebPage::shouldUsePDFPlugin const): + +2022-02-23 J Pascoe + [WebAuthn] userHandle not marked nullable in _WKWebAuthenticationAssertionResponse https://bugs.webkit.org/show_bug.cgi?id=237043 rdar://89317740 Modified: trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp (290383 => 290384) --- trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp 2022-02-23 18:36:23 UTC (rev 290383) +++ trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp 2022-02-23 19:02:54 UTC (rev 290384) @@ -1704,6 +1704,10 @@ return ObjectContentType::Frame; } } +if (auto* webPage = m_frame->page()) { +if (webPage->corePage()->settings().pdfJSViewerEnabled() && MIMETypeRegistry::isPDFMIMEType(mimeType)) +return ObjectContentType::Frame; +} if (MIMETypeRegistry::isSupportedImageMIMEType(mimeType)) return ObjectContentType::Image; Modified: trunk/Source/WebKit/WebProcess/WebPage/mac/WebPageMac.mm (290383 => 290384) --- trunk/Source/WebKit/WebProcess/WebPage/mac/WebPageMac.mm 2022-02-23 18:36:23 UTC (rev 290383) +++ trunk/Source/WebKit/WebProcess/WebPage/mac/WebPageMac.mm 2022-02-23 19:02:54 UTC (rev 290384) @@ -206,6 +206,7 @@ bool WebPage::shouldUsePDFPlugin(const String& contentType, StringView path) const { return pdfPluginEnabled() +&& !corePage()->settings().pdfJSViewerEnabled() && getPDFLayerControllerClass() && (MIMETypeRegistry::isPDFOrPostScriptMIMEType(contentType) || (contentType.isEmpty() ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mail
[webkit-changes] [290381] trunk
Title: [290381] trunk Revision 290381 Author j_pas...@apple.com Date 2022-02-23 10:19:54 -0800 (Wed, 23 Feb 2022) Log Message [WebAuthn] userHandle not marked nullable in _WKWebAuthenticationAssertionResponse https://bugs.webkit.org/show_bug.cgi?id=237043 rdar://89317740 Reviewed by Brent Fulgham. Source/WebCore: The userHandle is a nullable field on UserEntity. This patch changes various API/SPI to allow passing null userHandle. * Modules/webauthn/AuthenticatorAssertionResponse.cpp: (WebCore::AuthenticatorAssertionResponse::create): (WebCore::AuthenticatorAssertionResponse::AuthenticatorAssertionResponse): * Modules/webauthn/AuthenticatorAssertionResponse.h: Source/WebKit: The userHandle is a nullable field on UserEntity. This patch changes various API/SPI to allow passing null userHandle. * Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h: Update forward declared SPI, reflecting userHandle as nullable. * UIProcess/API/Cocoa/_WKAuthenticatorAssertionResponseInternal.h: * UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.h: Update userHandle property to null. * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (getAllLocalAuthenticatorCredentialsImpl): * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: (WebKit::LocalAuthenticatorInternal::getExistingCredentials): Tools: Create tests to check for null userHandle. * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (TestWebKitAPI::TEST): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.cpp trunk/Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.h trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAssertionResponseInternal.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Source/WebCore/ChangeLog (290380 => 290381) --- trunk/Source/WebCore/ChangeLog 2022-02-23 18:14:59 UTC (rev 290380) +++ trunk/Source/WebCore/ChangeLog 2022-02-23 18:19:54 UTC (rev 290381) @@ -1,3 +1,19 @@ +2022-02-23 J Pascoe + +[WebAuthn] userHandle not marked nullable in _WKWebAuthenticationAssertionResponse +https://bugs.webkit.org/show_bug.cgi?id=237043 +rdar://89317740 + +Reviewed by Brent Fulgham. + +The userHandle is a nullable field on UserEntity. This patch changes +various API/SPI to allow passing null userHandle. + +* Modules/webauthn/AuthenticatorAssertionResponse.cpp: +(WebCore::AuthenticatorAssertionResponse::create): +(WebCore::AuthenticatorAssertionResponse::AuthenticatorAssertionResponse): +* Modules/webauthn/AuthenticatorAssertionResponse.h: + 2022-02-23 Antti Koivisto [CSS Container Queries] offsetWidth/Height and similar should update layout for container queries Modified: trunk/Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.cpp (290380 => 290381) --- trunk/Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.cpp 2022-02-23 18:14:59 UTC (rev 290380) +++ trunk/Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.cpp 2022-02-23 18:19:54 UTC (rev 290381) @@ -48,7 +48,7 @@ return create(ArrayBuffer::create(rawId.data(), rawId.size()), ArrayBuffer::create(authenticatorData.data(), authenticatorData.size()), ArrayBuffer::create(signature.data(), signature.size()), WTFMove(userhandleBuffer), std::nullopt, attachment); } -Ref AuthenticatorAssertionResponse::create(Ref&& rawId, Ref&& userHandle, String&& name, SecAccessControlRef accessControl, AuthenticatorAttachment attachment) +Ref AuthenticatorAssertionResponse::create(Ref&& rawId, RefPtr&& userHandle, String&& name, SecAccessControlRef accessControl, AuthenticatorAttachment attachment) { return adoptRef(*new AuthenticatorAssertionResponse(WTFMove(rawId), WTFMove(userHandle), WTFMove(name), accessControl, attachment)); } @@ -66,7 +66,7 @@ { } -AuthenticatorAssertionResponse::AuthenticatorAssertionResponse(Ref&& rawId, Ref&& userHandle, String&& name, SecAccessControlRef accessControl, AuthenticatorAttachment attachment) +AuthenticatorAssertionResponse::AuthenticatorAssertionResponse(Ref&& rawId, RefPtr&& userHandle, String&& name, SecAccessControlRef accessControl, AuthenticatorAttachment attachment) : AuthenticatorResponse(WTFMove(rawId), attachment) , m_userHandle(WTFMove(userHandle)) , m_name(WTFMove(name)) Modified: trunk/Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.h (290380 => 290381) --- trunk/Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.h 2022-02-23 18:14:59 UTC (rev 290380) +++ trunk/So
[webkit-changes] [290317] trunk/Source/WebKit
Title: [290317] trunk/Source/WebKit Revision 290317 Author j_pas...@apple.com Date 2022-02-22 10:21:24 -0800 (Tue, 22 Feb 2022) Log Message [WebAuthn] Fix lifetime issue on iOS https://bugs.webkit.org/show_bug.cgi?id=237018 rdar://89206950 Reviewed by Brent Fulgham. Lifetime issues introduced in a recent refactor of performRequest were causing replies from WebAuthenticatorCoordinatorProxy_MakeCredentialReply not to make it back to the web content process. This patch fixes these, allowing requests to proceed. * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: (WebKit::continueAfterRequest): (WebKit::WebAuthenticatorCoordinatorProxy::performRequest): Deleted. (WebKit::WebAuthenticatorCoordinatorProxy::isConditionalMediationAvailable): Deleted. (WebKit::WebAuthenticatorCoordinatorProxy::isUserVerifyingPlatformAuthenticatorAvailable): Deleted. * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h: Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h Diff Modified: trunk/Source/WebKit/ChangeLog (290316 => 290317) --- trunk/Source/WebKit/ChangeLog 2022-02-22 17:55:54 UTC (rev 290316) +++ trunk/Source/WebKit/ChangeLog 2022-02-22 18:21:24 UTC (rev 290317) @@ -1,3 +1,22 @@ +2022-02-22 J Pascoe + +[WebAuthn] Fix lifetime issue on iOS +https://bugs.webkit.org/show_bug.cgi?id=237018 +rdar://89206950 + +Reviewed by Brent Fulgham. + +Lifetime issues introduced in a recent refactor of performRequest were causing +replies from WebAuthenticatorCoordinatorProxy_MakeCredentialReply not to make it +back to the web content process. This patch fixes these, allowing requests to proceed. + +* UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: +(WebKit::continueAfterRequest): +(WebKit::WebAuthenticatorCoordinatorProxy::performRequest): Deleted. +(WebKit::WebAuthenticatorCoordinatorProxy::isConditionalMediationAvailable): Deleted. +(WebKit::WebAuthenticatorCoordinatorProxy::isUserVerifyingPlatformAuthenticatorAvailable): Deleted. +* UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h: + 2022-02-22 Brent Fulgham Remove an unneeded IOKit property Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm (290316 => 290317) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-02-22 17:55:54 UTC (rev 290316) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-02-22 18:21:24 UTC (rev 290317) @@ -307,101 +307,107 @@ return result; } -void WebAuthenticatorCoordinatorProxy::performRequest(RetainPtr requestContext, RequestCompletionHandler&& handler) +static inline void continueAfterRequest(RetainPtr> credential, RetainPtr error, RequestCompletionHandler&& handler) { -auto proxy = adoptNS([allocASCAgentProxyInstance() init]); +AuthenticatorResponseData response = { }; +AuthenticatorAttachment attachment; +ExceptionData exceptionData = { }; -auto completionHandler = makeBlockPtr([handler = WTFMove(handler)](id credential, NSError *error) mutable { -ensureOnMainRunLoop([handler = WTFMove(handler), credential = retainPtr(credential), error = retainPtr(error)] () mutable { -AuthenticatorResponseData response; -AuthenticatorAttachment attachment; -ExceptionData exceptionData; +if ([credential isKindOfClass:getASCPlatformPublicKeyCredentialRegistrationClass()]) { +attachment = AuthenticatorAttachment::Platform; +response.isAuthenticatorAttestationResponse = true; -if ([credential isKindOfClass:getASCPlatformPublicKeyCredentialRegistrationClass()]) { -attachment = AuthenticatorAttachment::Platform; -response.isAuthenticatorAttestationResponse = true; +ASCPlatformPublicKeyCredentialRegistration *registrationCredential = credential.get(); +response.rawId = toArrayBuffer(registrationCredential.credentialID); +response.attestationObject = toArrayBuffer(registrationCredential.attestationObject); +} else if ([credential isKindOfClass:getASCSecurityKeyPublicKeyCredentialRegistrationClass()]) { +attachment = AuthenticatorAttachment::CrossPlatform; +response.isAuthenticatorAttestationResponse = true; -ASCPlatformPublicKeyCredentialRegistration *registrationCredential = credential.get(); -response.rawId = toArrayBuffer(registrationCredential.credentialID); -response.attestationObject = toArrayBuffer(registrationCredential.attestationObject); -} else if ([credential isKindOfClass:getASCSecurityKeyPublicKeyCredential
[webkit-changes] [290184] trunk/Source
Title: [290184] trunk/Source Revision 290184 Author j_pas...@apple.com Date 2022-02-18 16:28:13 -0800 (Fri, 18 Feb 2022) Log Message [WebAuthn] Support for conditional mediation https://bugs.webkit.org/show_bug.cgi?id=236820 rdar://84821947 Reviewed by Brent Fulgham and Chris Dumez. This patch adds support for conditional mediation, as defined in the credentials management spec: https://w3c.github.io/webappsec-credential-management/#dom-credentialmediationrequirement-conditional Source/WebCore: * Modules/credentialmanagement/BasicCredential.cpp: (WebCore::BasicCredential::isConditionalMediationAvailable): * Modules/credentialmanagement/BasicCredential.h: * Modules/credentialmanagement/BasicCredential.idl: * Modules/credentialmanagement/CredentialRequestOptions.h: * Modules/credentialmanagement/CredentialRequestOptions.idl: * Modules/credentialmanagement/CredentialsContainer.cpp: (WebCore::CredentialsContainer::get): * Modules/webauthn/AuthenticatorCoordinator.cpp: (WebCore::AuthenticatorCoordinator::discoverFromExternalSource const): (WebCore::AuthenticatorCoordinator::isConditionalMediationAvailable const): * Modules/webauthn/AuthenticatorCoordinator.h: * Modules/webauthn/AuthenticatorCoordinatorClient.h: * WebCore.xcodeproj/project.pbxproj: Source/WebKit: * Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h: * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: (WebKit::configurationAssertionRequestContext): (WebKit::WebAuthenticatorCoordinatorProxy::contextForRequest): (WebKit::WebAuthenticatorCoordinatorProxy::performRequest): (WebKit::WebAuthenticatorCoordinatorProxy::isConditionalMediationAvailable): * UIProcess/WebAuthentication/WebAuthenticationRequestData.h: * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp: (WebKit::WebAuthenticatorCoordinatorProxy::makeCredential): (WebKit::WebAuthenticatorCoordinatorProxy::getAssertion): (WebKit::WebAuthenticatorCoordinatorProxy::isConditionalMediationAvailable): * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h: * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.messages.in: * WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp: (WebKit::WebAuthenticatorCoordinator::getAssertion): * WebProcess/WebAuthentication/WebAuthenticatorCoordinator.h: Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/credentialmanagement/BasicCredential.cpp trunk/Source/WebCore/Modules/credentialmanagement/BasicCredential.h trunk/Source/WebCore/Modules/credentialmanagement/BasicCredential.idl trunk/Source/WebCore/Modules/credentialmanagement/CredentialRequestOptions.h trunk/Source/WebCore/Modules/credentialmanagement/CredentialRequestOptions.idl trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.h trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinatorClient.h trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationRequestData.h trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.messages.in trunk/Source/WebKit/WebAuthnProcess/WebAuthnConnectionToWebProcess.cpp trunk/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp trunk/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.h Diff Modified: trunk/Source/WebCore/ChangeLog (290183 => 290184) --- trunk/Source/WebCore/ChangeLog 2022-02-19 00:27:04 UTC (rev 290183) +++ trunk/Source/WebCore/ChangeLog 2022-02-19 00:28:13 UTC (rev 290184) @@ -1,3 +1,29 @@ +2022-02-18 J Pascoe + +[WebAuthn] Support for conditional mediation +https://bugs.webkit.org/show_bug.cgi?id=236820 +rdar://84821947 + +Reviewed by Brent Fulgham and Chris Dumez. + +This patch adds support for conditional mediation, as defined in the +credentials management spec: https://w3c.github.io/webappsec-credential-management/#dom-credentialmediationrequirement-conditional + +* Modules/credentialmanagement/BasicCredential.cpp: +(WebCore::BasicCredential::isConditionalMediationAvailable): +* Modules/credentialmanagement/BasicCredential.h: +* Modules/credentialmanagement/BasicCredential.idl: +* Modules/credentialmanagement/CredentialRequestOptions.h: +* Modules/credentialmanagement/CredentialRequestOptions.idl: +* Modules/credentialmanagement/Credential
[webkit-changes] [290154] trunk
Title: [290154] trunk Revision 290154 Author j_pas...@apple.com Date 2022-02-18 12:37:00 -0800 (Fri, 18 Feb 2022) Log Message [WebAuthn] Add credentialID to _WKWebAuthenticationAssertionResponse and userHandle in getAllLocalAuthenticatorCredentials https://bugs.webkit.org/show_bug.cgi?id=236657 rdar://problem/88979279 Reviewed by Brent Fulgham. Source/WebKit: Modified API tests to verify new fields present and populated. * UIProcess/API/APIWebAuthenticationAssertionResponse.cpp: (API::WebAuthenticationAssertionResponse::credentialID const): * UIProcess/API/APIWebAuthenticationAssertionResponse.h: * UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.h: * UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.mm: (-[_WKWebAuthenticationAssertionResponse credentialID]): * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (getAllLocalAuthenticatorCredentialsImpl): Tools: Adjusted existing API tests, GetAllCredential and MultipleAccounts, to test for new fields being returned and that they match the values expected. These values stem from testUserEntityBundleBase64 and testAssertionMessageLongBase64. * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (-[TestWebAuthenticationPanelDelegate panel:selectAssertionResponse:source:completionHandler:]): (TestWebKitAPI::TEST): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/API/APIWebAuthenticationAssertionResponse.cpp trunk/Source/WebKit/UIProcess/API/APIWebAuthenticationAssertionResponse.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.mm trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Source/WebKit/ChangeLog (290153 => 290154) --- trunk/Source/WebKit/ChangeLog 2022-02-18 20:30:09 UTC (rev 290153) +++ trunk/Source/WebKit/ChangeLog 2022-02-18 20:37:00 UTC (rev 290154) @@ -1,3 +1,23 @@ +2022-02-18 J Pascoe + +[WebAuthn] Add credentialID to _WKWebAuthenticationAssertionResponse and userHandle in getAllLocalAuthenticatorCredentials +https://bugs.webkit.org/show_bug.cgi?id=236657 +rdar://problem/88979279 + +Reviewed by Brent Fulgham. + +Modified API tests to verify new fields present and populated. + +* UIProcess/API/APIWebAuthenticationAssertionResponse.cpp: +(API::WebAuthenticationAssertionResponse::credentialID const): +* UIProcess/API/APIWebAuthenticationAssertionResponse.h: +* UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.h: +* UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.mm: +(-[_WKWebAuthenticationAssertionResponse credentialID]): +* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: +* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: +(getAllLocalAuthenticatorCredentialsImpl): + 2022-02-18 Tim Horton Client-set minimum effective device width is not respected if AllowViewportShrinkToFitContent is enabled Modified: trunk/Source/WebKit/UIProcess/API/APIWebAuthenticationAssertionResponse.cpp (290153 => 290154) --- trunk/Source/WebKit/UIProcess/API/APIWebAuthenticationAssertionResponse.cpp 2022-02-18 20:30:09 UTC (rev 290153) +++ trunk/Source/WebKit/UIProcess/API/APIWebAuthenticationAssertionResponse.cpp 2022-02-18 20:37:00 UTC (rev 290154) @@ -58,6 +58,18 @@ return data; } +RefPtr WebAuthenticationAssertionResponse::credentialID() const +{ +RefPtr data; +if (auto* rawId = m_response->rawId()) { +rawId->ref(); +data = "" char*>(rawId->data()), rawId->byteLength(), [] (unsigned char*, const void* data) { +static_cast(const_cast(data))->deref(); +}, rawId); +} +return data; +} + } // namespace API #endif // ENABLE(WEB_AUTHN) Modified: trunk/Source/WebKit/UIProcess/API/APIWebAuthenticationAssertionResponse.h (290153 => 290154) --- trunk/Source/WebKit/UIProcess/API/APIWebAuthenticationAssertionResponse.h 2022-02-18 20:30:09 UTC (rev 290153) +++ trunk/Source/WebKit/UIProcess/API/APIWebAuthenticationAssertionResponse.h 2022-02-18 20:37:00 UTC (rev 290154) @@ -44,6 +44,7 @@ RefPtr userHandle() const; bool synchronizable() const { return m_response->synchronizable(); } const WTF::String& group() const { return m_response->group(); } +RefPtr credentialID() const; void setLAContext(LAContext *context) { m_response->setLAContext(context); } Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.h (290153 => 290154) --- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.h 2022-02-18 20:30:09 UTC (rev 290153) +++ trunk/Source/WebKit/UIProce
[webkit-changes] [290089] trunk/Source/WebCore
Title: [290089] trunk/Source/WebCore Revision 290089 Author j_pas...@apple.com Date 2022-02-17 16:27:59 -0800 (Thu, 17 Feb 2022) Log Message PDF.js viewer should work for all kinds of URLs https://bugs.webkit.org/show_bug.cgi?id=236525 rdar://problem/88832961 Reviewed by Tim Nguyen. This patch starts loading the pdf as an array buffer after it's recieved by calling the PDFJS viewer's open function through the content script's wrapper. More work is needed to potentially present the data as a PDFDataRangeTransport. * Modules/pdfjs-extras/content-script.js: (const.PDFJSContentScript.init): (const.PDFJSContentScript.open): * html/PDFDocument.cpp: (WebCore::PDFDocumentEventListener::handleEvent): (WebCore::PDFDocument::createDocumentStructure): (WebCore::PDFDocument::updateDuringParsing): (WebCore::PDFDocument::finishedParsing): (WebCore::PDFDocument::sendPDFArrayBuffer): (WebCore::PDFDocument::injectContentScript): * html/PDFDocument.h: (WebCore::PDFDocumentEventListener::handleEvent): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/pdfjs-extras/content-script.js trunk/Source/WebCore/html/PDFDocument.cpp trunk/Source/WebCore/html/PDFDocument.h Diff Modified: trunk/Source/WebCore/ChangeLog (290088 => 290089) --- trunk/Source/WebCore/ChangeLog 2022-02-18 00:14:59 UTC (rev 290088) +++ trunk/Source/WebCore/ChangeLog 2022-02-18 00:27:59 UTC (rev 290089) @@ -1,3 +1,29 @@ +2022-02-17 J Pascoe + +PDF.js viewer should work for all kinds of URLs +https://bugs.webkit.org/show_bug.cgi?id=236525 +rdar://problem/88832961 + +Reviewed by Tim Nguyen. + +This patch starts loading the pdf as an array buffer after it's recieved +by calling the PDFJS viewer's open function through the content script's +wrapper. More work is needed to potentially present the data as a +PDFDataRangeTransport. + +* Modules/pdfjs-extras/content-script.js: +(const.PDFJSContentScript.init): +(const.PDFJSContentScript.open): +* html/PDFDocument.cpp: +(WebCore::PDFDocumentEventListener::handleEvent): +(WebCore::PDFDocument::createDocumentStructure): +(WebCore::PDFDocument::updateDuringParsing): +(WebCore::PDFDocument::finishedParsing): +(WebCore::PDFDocument::sendPDFArrayBuffer): +(WebCore::PDFDocument::injectContentScript): +* html/PDFDocument.h: +(WebCore::PDFDocumentEventListener::handleEvent): + 2022-02-17 Chris Dumez Pass registrable domain to CoreLocation API Modified: trunk/Source/WebCore/Modules/pdfjs-extras/content-script.js (290088 => 290089) --- trunk/Source/WebCore/Modules/pdfjs-extras/content-script.js 2022-02-18 00:14:59 UTC (rev 290088) +++ trunk/Source/WebCore/Modules/pdfjs-extras/content-script.js 2022-02-18 00:27:59 UTC (rev 290089) @@ -31,6 +31,9 @@ }, init() { this.injectStyle(); +}, +open(data) { +PDFViewerApplication.open(data); } }; Modified: trunk/Source/WebCore/html/PDFDocument.cpp (290088 => 290089) --- trunk/Source/WebCore/html/PDFDocument.cpp 2022-02-18 00:14:59 UTC (rev 290088) +++ trunk/Source/WebCore/html/PDFDocument.cpp 2022-02-18 00:27:59 UTC (rev 290089) @@ -107,12 +107,14 @@ void PDFDocumentEventListener::handleEvent(ScriptExecutionContext&, Event& event) { -auto* iframe = dynamicDowncast(event.target()); -ASSERT(iframe, "Should have event target"); - -if (event.type() == eventNames().loadEvent) { -m_document->injectContentScript(*iframe->contentDocument()); -} +if (is(event.target()) && event.type() == eventNames().loadEvent) { +m_document->injectContentScript(); +} else if (is(event.target()) && event.type() == eventNames().loadEvent) { +m_document->setContentScriptLoaded(true); +if (m_document->isFinishedParsing()) +m_document->sendPDFArrayBuffer(); +} else +ASSERT_NOT_REACHED(); } bool PDFDocumentEventListener::operator==(const EventListener& other) const @@ -135,6 +137,7 @@ void PDFDocument::createDocumentStructure() { +// The empty file parameter prevents default pdf from loading. auto viewerURL = "webkit-pdfjs-viewer://pdfjs/web/viewer.html?file="; auto rootElement = HTMLHtmlElement::create(*this); appendChild(rootElement); @@ -146,35 +149,68 @@ body->setAttribute(styleAttr, AtomString("margin: 0px;height: 100vh;", AtomString::ConstructFromLiteral)); rootElement->appendChild(body); -auto iframe = HTMLIFrameElement::create(HTMLNames::iframeTag, *this); -iframe->setAttribute(srcAttr, makeString(viewerURL, encodeWithURLEscapeSequences(url().string(; -iframe->setAttribute(styleAttr, AtomString("width: 100%; height: 100%; border: 0; display: block;", AtomString::ConstructFromLiteral)); -body->appendChild(iframe); +m_iframe = HTMLIFrameElement::create(HTMLNames::iframeTag, *this); +m_iframe->setAttribu
[webkit-changes] [289817] trunk/Source/WebKit
Title: [289817] trunk/Source/WebKit Revision 289817 Author j_pas...@apple.com Date 2022-02-15 09:03:54 -0800 (Tue, 15 Feb 2022) Log Message Modify getAllLocalAuthenticatorCredentials according to internal requirements https://bugs.webkit.org/show_bug.cgi?id=236364 rdar://88585418 Reviewed by Brent Fulgham. This patch modifies the getAllLocalAuthenticatorCredentials SPI to return additional fields according to internal needs. * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (updateCredentialIfNessesary): (getAllLocalAuthenticatorCredentialsImpl): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Source/WebKit/ChangeLog (289816 => 289817) --- trunk/Source/WebKit/ChangeLog 2022-02-15 16:03:16 UTC (rev 289816) +++ trunk/Source/WebKit/ChangeLog 2022-02-15 17:03:54 UTC (rev 289817) @@ -1,3 +1,19 @@ +2022-02-15 J Pascoe + +Modify getAllLocalAuthenticatorCredentials according to internal requirements +https://bugs.webkit.org/show_bug.cgi?id=236364 +rdar://88585418 + +Reviewed by Brent Fulgham. + +This patch modifies the getAllLocalAuthenticatorCredentials SPI to return additional +fields according to internal needs. + +* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: +* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: +(updateCredentialIfNessesary): +(getAllLocalAuthenticatorCredentialsImpl): + 2022-02-15 Carlos Garcia Campos [GTK][WPE] Move WebPage::platformInitialize and WebPage::platformDetach() to WebPageGLib.cpp Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h (289816 => 289817) --- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h 2022-02-15 16:03:16 UTC (rev 289816) +++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h 2022-02-15 17:03:54 UTC (rev 289817) @@ -92,6 +92,8 @@ WK_EXPORT extern NSString * const _WKLocalAuthenticatorCredentialRelyingPartyIDKey; WK_EXPORT extern NSString * const _WKLocalAuthenticatorCredentialLastModificationDateKey; WK_EXPORT extern NSString * const _WKLocalAuthenticatorCredentialCreationDateKey; +WK_EXPORT extern NSString * const _WKLocalAuthenticatorCredentialGroupKey; +WK_EXPORT extern NSString * const _WKLocalAuthenticatorCredentialSynchronizableKey; @protocol _WKWebAuthenticationPanelDelegate @@ -114,10 +116,13 @@ + (NSArray *)getAllLocalAuthenticatorCredentials WK_API_AVAILABLE(macos(12.0), ios(15.0)); + (void)deleteLocalAuthenticatorCredentialWithID:(NSData *)credentialID WK_API_AVAILABLE(macos(12.0), ios(15.0)); ++ (void)deleteLocalAuthenticatorCredentialWithGroupAndID:(NSString * _Nullable)group credential:(NSData *)credentialID WK_API_AVAILABLE(macos(12.0), ios(15.0)); + (void)clearAllLocalAuthenticatorCredentials WK_API_AVAILABLE(macos(12.0), ios(15.0)); + (void)setUsernameForLocalCredentialWithID:(NSData *)credentialID username: (NSString *)username WK_API_AVAILABLE(macos(12.0), ios(15.0)); ++ (void)setUsernameForLocalCredentialWithGroupAndID:(NSString * _Nullable)group credential:(NSData *)credentialID username: (NSString *)username WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); + (NSData *)exportLocalAuthenticatorCredentialWithID:(NSData *)credentialID error:(NSError **)error WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); ++ (NSData *)exportLocalAuthenticatorCredentialWithGroupAndID:(NSString * _Nullable)group credential:(NSData *)credentialID error:(NSError **)error WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); + (NSData *)importLocalAuthenticatorCredential:(NSData *)credentialBlob error:(NSError **)error WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); + (NSData *)importLocalAuthenticatorWithAccessGroup:(NSString *)accessGroup credential:(NSData *)credentialBlob error:(NSError **)error WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm (289816 => 289817) --- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2022-02-15 16:03:16 UTC (rev 289816) +++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2022-02-15 17:03:54 UTC (rev 289817) @@ -71,6 +71,12 @@ static void updateQueryIfNecessary(NSMutableDictionary *) { } +static inline void updateCredentialIfNecessary(NSMutableDictionary *credential, NSDictionary *attributes) +{ +} +static inline void updateQueryForGroupIfNecessary(NSMutableDictionary *dictionary, NSString *group) +{ +} #endif static RetainPtr produceClientDataJson(_WKWebAuthenticationType type, NSData *challenge, NSString *origin) @@ -105,6 +111,8 @@ NSString * const _WKLocalAuthenticatorCredentialRelyingPartyIDKey = @"_WKLocalAuthenticatorCredentialRelyingPartyIDKey"; NSString * const _W
[webkit-changes] [289760] trunk
Title: [289760] trunk Revision 289760 Author j_pas...@apple.com Date 2022-02-14 13:10:50 -0800 (Mon, 14 Feb 2022) Log Message [WebAuthn] Access group not set in add query for importLocalAuthenticatorCredential https://bugs.webkit.org/show_bug.cgi?id=236469 rdar://problem/88783447 Reviewed by Brent Fulgham. Source/WebKit: In Bug 236311 we added support setting accessGroup, but did not properly set it on the addQuery. This patch fixes that. Updated API test to use non-standard accessGroup. * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (+[_WKWebAuthenticationPanel importLocalAuthenticatorWithAccessGroup:credential:error:]): Tools: Updated API test to use non-standard access group. * TestWebKitAPI/Configurations/TestWebKitAPI-iOS.entitlements: * TestWebKitAPI/Configurations/TestWebKitAPI-macOS-internal.entitlements: * TestWebKitAPI/Configurations/TestWebKitAPI-macOS.entitlements: * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (TestWebKitAPI::TEST): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Configurations/TestWebKitAPI-iOS.entitlements trunk/Tools/TestWebKitAPI/Configurations/TestWebKitAPI-macOS-internal.entitlements trunk/Tools/TestWebKitAPI/Configurations/TestWebKitAPI-macOS.entitlements trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Source/WebKit/ChangeLog (289759 => 289760) --- trunk/Source/WebKit/ChangeLog 2022-02-14 21:09:48 UTC (rev 289759) +++ trunk/Source/WebKit/ChangeLog 2022-02-14 21:10:50 UTC (rev 289760) @@ -1,5 +1,21 @@ 2022-02-14 J Pascoe +[WebAuthn] Access group not set in add query for importLocalAuthenticatorCredential +https://bugs.webkit.org/show_bug.cgi?id=236469 +rdar://problem/88783447 + +Reviewed by Brent Fulgham. + +In Bug 236311 we added support setting accessGroup, but did not properly set it +on the addQuery. This patch fixes that. + +Updated API test to use non-standard accessGroup. + +* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: +(+[_WKWebAuthenticationPanel importLocalAuthenticatorWithAccessGroup:credential:error:]): + +2022-02-14 J Pascoe + [WebAuthn] Modify _WKWebAuthenticationAssertionResponse according to internal needs https://bugs.webkit.org/show_bug.cgi?id=236369 rdar://88585811 Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm (289759 => 289760) --- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2022-02-14 21:09:48 UTC (rev 289759) +++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2022-02-14 21:10:50 UTC (rev 289760) @@ -510,7 +510,7 @@ updateQueryIfNecessary(addQuery.get()); if (accessGroup != nil) -[query setObject:accessGroup forKey:(__bridge id)kSecAttrAccessGroup]; +[addQuery setObject:accessGroup forKey:(__bridge id)kSecAttrAccessGroup]; status = SecItemAdd(bridge_cast(addQuery.get()), NULL); if (status) { Modified: trunk/Tools/ChangeLog (289759 => 289760) --- trunk/Tools/ChangeLog 2022-02-14 21:09:48 UTC (rev 289759) +++ trunk/Tools/ChangeLog 2022-02-14 21:10:50 UTC (rev 289760) @@ -1,3 +1,19 @@ +2022-02-14 J Pascoe + +[WebAuthn] Access group not set in add query for importLocalAuthenticatorCredential +https://bugs.webkit.org/show_bug.cgi?id=236469 +rdar://problem/88783447 + +Reviewed by Brent Fulgham. + +Updated API test to use non-standard access group. + +* TestWebKitAPI/Configurations/TestWebKitAPI-iOS.entitlements: +* TestWebKitAPI/Configurations/TestWebKitAPI-macOS-internal.entitlements: +* TestWebKitAPI/Configurations/TestWebKitAPI-macOS.entitlements: +* TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: +(TestWebKitAPI::TEST): + 2022-02-14 Jonathan Bedard [EWS] Rebase PRs on tip of branch (Follow-up fix) Modified: trunk/Tools/TestWebKitAPI/Configurations/TestWebKitAPI-iOS.entitlements (289759 => 289760) --- trunk/Tools/TestWebKitAPI/Configurations/TestWebKitAPI-iOS.entitlements 2022-02-14 21:09:48 UTC (rev 289759) +++ trunk/Tools/TestWebKitAPI/Configurations/TestWebKitAPI-iOS.entitlements 2022-02-14 21:10:50 UTC (rev 289760) @@ -4,6 +4,7 @@ keychain-access-groups + com.apple.TestWebKitAPIAlternate com.apple.TestWebKitAPI com.apple.developer.WebKit.ServiceWorkers Modified: trunk/Tools/TestWebKitAPI/Configurations/TestWebKitAPI-macOS-internal.entitlements (289759 => 289760) --- trunk/Tools/TestWebKitAPI/Configurations/TestWebKitAPI-macOS-internal.entitlements 2022-02-14 21:09:48 UTC (rev 289759) +++ trunk/Tools/TestWebKitAPI/Configurations/TestWebKitAPI-macOS-internal.entitlements 2022-02-14 21:10:50 UTC (rev 289760) @@ -14,6 +14,7 @@ keychain-access-groups + com.apple.Tes
[webkit-changes] [289739] trunk/Source
Title: [289739] trunk/Source Revision 289739 Author j_pas...@apple.com Date 2022-02-14 09:58:13 -0800 (Mon, 14 Feb 2022) Log Message [WebAuthn] Modify _WKWebAuthenticationAssertionResponse according to internal needs https://bugs.webkit.org/show_bug.cgi?id=236369 rdar://88585811 Reviewed by Brent Fulgham. Source/WebCore: This patch modifies AuthenticatorAssertionResponse with additional fields and populates them according to internal needs. * Modules/webauthn/AuthenticatorAssertionResponse.h: (WebCore::AuthenticatorAssertionResponse::group const): (WebCore::AuthenticatorAssertionResponse::synchronizable const): (WebCore::AuthenticatorAssertionResponse::setGroup): (WebCore::AuthenticatorAssertionResponse::setSynchronizable): Source/WebKit: This patch modifies the _WKWebAuthenticationAssertionResponse API object with additional fields and populates them according to internal needs. * UIProcess/API/APIWebAuthenticationAssertionResponse.h: * UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.h: * UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.mm: (-[_WKWebAuthenticationAssertionResponse synchronizable]): (-[_WKWebAuthenticationAssertionResponse group]): * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: (groupForAttributes): (WebKit::LocalAuthenticatorInternal::getExistingCredentials): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.h trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/API/APIWebAuthenticationAssertionResponse.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.mm trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm Diff Modified: trunk/Source/WebCore/ChangeLog (289738 => 289739) --- trunk/Source/WebCore/ChangeLog 2022-02-14 17:07:17 UTC (rev 289738) +++ trunk/Source/WebCore/ChangeLog 2022-02-14 17:58:13 UTC (rev 289739) @@ -1,3 +1,20 @@ +2022-02-14 J Pascoe + +[WebAuthn] Modify _WKWebAuthenticationAssertionResponse according to internal needs +https://bugs.webkit.org/show_bug.cgi?id=236369 +rdar://88585811 + +Reviewed by Brent Fulgham. + +This patch modifies AuthenticatorAssertionResponse with additional +fields and populates them according to internal needs. + +* Modules/webauthn/AuthenticatorAssertionResponse.h: +(WebCore::AuthenticatorAssertionResponse::group const): +(WebCore::AuthenticatorAssertionResponse::synchronizable const): +(WebCore::AuthenticatorAssertionResponse::setGroup): +(WebCore::AuthenticatorAssertionResponse::setSynchronizable): + 2022-02-14 Frédéric Wang Nullptr crash in CompositeEditCommand::splitTreeToNode via InsertParagraphSeparatorCommand::doApply Modified: trunk/Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.h (289738 => 289739) --- trunk/Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.h 2022-02-14 17:07:17 UTC (rev 289738) +++ trunk/Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.h 2022-02-14 17:58:13 UTC (rev 289739) @@ -49,6 +49,8 @@ const String& displayName() const { return m_displayName; } size_t numberOfCredentials() const { return m_numberOfCredentials; } SecAccessControlRef accessControl() const { return m_accessControl.get(); } +const String& group() const { return m_group; } +bool synchronizable() const { return m_synchronizable; } LAContext * laContext() const { return m_laContext.get(); } WEBCORE_EXPORT void setAuthenticatorData(Vector&&); @@ -56,6 +58,8 @@ void setName(const String& name) { m_name = name; } void setDisplayName(const String& displayName) { m_displayName = displayName; } void setNumberOfCredentials(size_t numberOfCredentials) { m_numberOfCredentials = numberOfCredentials; } +void setGroup(const String& group) { m_group = group; } +void setSynchronizable(bool synchronizable) { m_synchronizable = synchronizable; } void setLAContext(LAContext *context) { m_laContext = context; } private: @@ -71,6 +75,8 @@ String m_name; String m_displayName; +String m_group; +bool m_synchronizable; size_t m_numberOfCredentials { 0 }; RetainPtr m_accessControl; RetainPtr m_laContext; Modified: trunk/Source/WebKit/ChangeLog (289738 => 289739) --- trunk/Source/WebKit/ChangeLog 2022-02-14 17:07:17 UTC (rev 289738) +++ trunk/Source/WebKit/ChangeLog 2022-02-14 17:58:13 UTC (rev 289739) @@ -1,3 +1,23 @@ +2022-02-14 J Pascoe + +[WebAuthn] Modify _WKWebAuthenticationAssertionResponse according to internal needs +https://bugs.webkit.org/show_bug.cgi?id=236369 +rdar://88585811 + +Reviewed by Brent Fulgham. + +This patch modifies the _WKWebAuthenticationAssertionResponse API object with additional +fields and po
[webkit-changes] [289482] trunk
Title: [289482] trunk Revision 289482 Author j_pas...@apple.com Date 2022-02-09 10:17:43 -0800 (Wed, 09 Feb 2022) Log Message [WebAuthn] Specify LocalAuthenticatorAccessGroup when importing credentials https://bugs.webkit.org/show_bug.cgi?id=236311 rdar://88394179 Reviewed by Brent Fulgham. Source/WebKit: Tested on device and added check for accessGroup in API test. * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (+[_WKWebAuthenticationPanel importLocalAuthenticatorCredential:error:]): (+[_WKWebAuthenticationPanel importLocalAuthenticatorWithAccessGroup:credential:error:]): Tools: Added check for accessGroup to API test. * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (TestWebKitAPI::WebCore::addKeyToKeychain): (TestWebKitAPI::TEST): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Source/WebKit/ChangeLog (289481 => 289482) --- trunk/Source/WebKit/ChangeLog 2022-02-09 18:16:32 UTC (rev 289481) +++ trunk/Source/WebKit/ChangeLog 2022-02-09 18:17:43 UTC (rev 289482) @@ -1,3 +1,18 @@ +2022-02-09 J Pascoe + +[WebAuthn] Specify LocalAuthenticatorAccessGroup when importing credentials +https://bugs.webkit.org/show_bug.cgi?id=236311 +rdar://88394179 + +Reviewed by Brent Fulgham. + +Tested on device and added check for accessGroup in API test. + +* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: +* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: +(+[_WKWebAuthenticationPanel importLocalAuthenticatorCredential:error:]): +(+[_WKWebAuthenticationPanel importLocalAuthenticatorWithAccessGroup:credential:error:]): + 2022-02-09 Sihui Liu Manage IndexedDB storage by origin Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h (289481 => 289482) --- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h 2022-02-09 18:16:32 UTC (rev 289481) +++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h 2022-02-09 18:17:43 UTC (rev 289482) @@ -119,6 +119,7 @@ + (NSData *)exportLocalAuthenticatorCredentialWithID:(NSData *)credentialID error:(NSError **)error WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); + (NSData *)importLocalAuthenticatorCredential:(NSData *)credentialBlob error:(NSError **)error WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); ++ (NSData *)importLocalAuthenticatorWithAccessGroup:(NSString *)accessGroup credential:(NSData *)credentialBlob error:(NSError **)error WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); + (BOOL)isUserVerifyingPlatformAuthenticatorAvailable WK_API_AVAILABLE(macos(12.0), ios(15.0)); Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm (289481 => 289482) --- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2022-02-09 18:16:32 UTC (rev 289481) +++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2022-02-09 18:17:43 UTC (rev 289482) @@ -398,6 +398,11 @@ + (NSData *)importLocalAuthenticatorCredential:(NSData *)credentialBlob error:(NSError **)error { +return [self importLocalAuthenticatorWithAccessGroup:@(WebCore::LocalAuthenticatorAccessGroup) credential:credentialBlob error:error]; +} + ++ (NSData *)importLocalAuthenticatorWithAccessGroup:(NSString *)accessGroup credential:(NSData *)credentialBlob error:(NSError **)error +{ #if ENABLE(WEB_AUTHN) auto credential = cbor::CBORReader::read(vectorFromNSData(credentialBlob)); if (!credential || !credential->isMap()) { @@ -481,6 +486,9 @@ ]); updateQueryIfNecessary(query.get()); +if (accessGroup != nil) +[query setObject:accessGroup forKey:(__bridge id)kSecAttrAccessGroup]; + OSStatus status = SecItemCopyMatching(bridge_cast(query.get()), nullptr); if (!status) { // Credential with same id already exists, duplicate key. @@ -489,15 +497,22 @@ } auto secAttrApplicationTag = adoptNS([[NSData alloc] initWithBytes:keyTag->data() length:keyTag->size()]); -NSDictionary *addQuery = @{ -(id)kSecValueRef: (id)key.get(), -(id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate, -(id)kSecAttrLabel: rp, -(id)kSecAttrApplicationTag: secAttrApplicationTag.get(), -(id)kSecUseDataProtectionKeychain: @YES, -(id)kSecAttrAccessible: (id)kSecAttrAccessibleAfterFirstUnlock -}; -status = SecItemAdd(bridge_cast(addQuery), NULL); + +auto addQuery = adoptNS([[NSMutableDictionary alloc] initWithObjectsAndKeys: +(id)key.get(), (id)kSecValueRef, +(id)kSecAttrKeyClassPrivate, (id)kSecAttrKeyClass, +(id)rp, (id)kSecAttrLabel, +secAttrApplicatio
[webkit-changes] [289436] trunk/Source/WebKit
Title: [289436] trunk/Source/WebKit Revision 289436 Author j_pas...@apple.com Date 2022-02-08 14:43:55 -0800 (Tue, 08 Feb 2022) Log Message [WebAuthn] Use AuthenticationServicesAgent for WebAuthn calls on iOS https://bugs.webkit.org/show_bug.cgi?id=236151 rdar://87908259 Reviewed by Brent Fulgham. This patch starts using the ASC apis to make WebAuthn calls on iOS the same way they are made on macOS. Some cleanup work will be needed to deprecate the WebAuthn process after this change is made. * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: (WebKit::WebAuthenticatorCoordinatorProxy::performRequest): Deleted. (WebKit::WebAuthenticatorCoordinatorProxy::isUserVerifyingPlatformAuthenticatorAvailable): Deleted. Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm Diff Modified: trunk/Source/WebKit/ChangeLog (289435 => 289436) --- trunk/Source/WebKit/ChangeLog 2022-02-08 22:35:37 UTC (rev 289435) +++ trunk/Source/WebKit/ChangeLog 2022-02-08 22:43:55 UTC (rev 289436) @@ -1,3 +1,19 @@ +2022-02-08 J Pascoe + +[WebAuthn] Use AuthenticationServicesAgent for WebAuthn calls on iOS +https://bugs.webkit.org/show_bug.cgi?id=236151 +rdar://87908259 + +Reviewed by Brent Fulgham. + +This patch starts using the ASC apis to make WebAuthn calls on iOS the +same way they are made on macOS. Some cleanup work will be needed to +deprecate the WebAuthn process after this change is made. + +* UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: +(WebKit::WebAuthenticatorCoordinatorProxy::performRequest): Deleted. +(WebKit::WebAuthenticatorCoordinatorProxy::isUserVerifyingPlatformAuthenticatorAvailable): Deleted. + 2022-02-08 Chris Dumez http/tests/cache-storage/cache-origins.https.html is flaky Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm (289435 => 289436) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-02-08 22:35:37 UTC (rev 289435) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2022-02-08 22:43:55 UTC (rev 289436) @@ -309,6 +309,10 @@ { auto proxy = adoptNS([allocASCAgentProxyInstance() init]); +#if PLATFORM(IOS) +[proxy performAuthorizationRequestsForContext:requestContext.get() withCompletionHandler:makeBlockPtr([handler = WTFMove(handler), proxy = WTFMove(proxy)](id credential, NSError *error) mutable { +callOnMainRunLoop([handler = WTFMove(handler), proxy = WTFMove(proxy), credential = retainPtr(credential), error = retainPtr(error)] () mutable { +#elif PLATFORM(MAC) RetainPtr window = m_webPageProxy.platformWindow(); [proxy performAuthorizationRequestsForContext:requestContext.get() withClearanceHandler:makeBlockPtr([weakThis = WeakPtr { *this }, handler = WTFMove(handler), window = WTFMove(window), proxy = WTFMove(proxy)](NSXPCListenerEndpoint *daemonEndpoint, NSError *error) mutable { callOnMainRunLoop([weakThis, handler = WTFMove(handler), window = WTFMove(window), proxy = WTFMove(proxy), daemonEndpoint = retainPtr(daemonEndpoint), error = retainPtr(error)] () mutable { @@ -319,7 +323,10 @@ } weakThis->m_presenter = adoptNS([allocASCAuthorizationRemotePresenterInstance() init]); -[weakThis->m_presenter presentWithWindow:window.get() daemonEndpoint:daemonEndpoint.get() completionHandler:makeBlockPtr([handler = WTFMove(handler), proxy = WTFMove(proxy)](id credential, NSError *error) mutable { +[weakThis->m_presenter presentWithWindow:window.get() daemonEndpoint:daemonEndpoint.get() completionHandler:makeBlockPtr([handler = WTFMove(handler), proxy = WTFMove(proxy)](id credentialNotRetain, NSError *errorNotRetain) mutable { +auto credential = retainPtr(credentialNotRetain); +auto error = retainPtr(errorNotRetain); +#endif AuthenticatorResponseData response = { }; AuthenticatorAttachment attachment; ExceptionData exceptionData = { }; @@ -328,7 +335,7 @@ attachment = AuthenticatorAttachment::Platform; response.isAuthenticatorAttestationResponse = true; -ASCPlatformPublicKeyCredentialRegistration *registrationCredential = credential; +ASCPlatformPublicKeyCredentialRegistration *registrationCredential = credential.get(); response.rawId = toArrayBuffer(registrationCredential.credentialID); response.attestationObject = toArrayBuffer(registrationCredential.attestationObject); } else if ([credential isKindOfClass:getASCSecurityKeyPublicKeyCredentialRegistrationClass()]) { @@ -335,7 +342,7 @@ attachment = Auth
[webkit-changes] [289096] trunk/Source/WebCore
Title: [289096] trunk/Source/WebCore Revision 289096 Author j_pas...@apple.com Date 2022-02-03 18:09:58 -0800 (Thu, 03 Feb 2022) Log Message [WebAuthn] Remove misspelled constant "LocalAuthenticatiorAccessGroup" https://bugs.webkit.org/show_bug.cgi?id=235894 rdar://88104045 Reviewed by Darin Adler. This change removes a constant with a misspelled variable name after all downstream usage is removed. * Modules/webauthn/WebAuthenticationConstants.h: Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h Diff Modified: trunk/Source/WebCore/ChangeLog (289095 => 289096) --- trunk/Source/WebCore/ChangeLog 2022-02-04 01:41:57 UTC (rev 289095) +++ trunk/Source/WebCore/ChangeLog 2022-02-04 02:09:58 UTC (rev 289096) @@ -1,3 +1,16 @@ +2022-02-03 J Pascoe + +[WebAuthn] Remove misspelled constant "LocalAuthenticatiorAccessGroup" +https://bugs.webkit.org/show_bug.cgi?id=235894 +rdar://88104045 + +Reviewed by Darin Adler. + +This change removes a constant with a misspelled variable name after all +downstream usage is removed. + +* Modules/webauthn/WebAuthenticationConstants.h: + 2022-02-03 Michael Saboff WebKit projects have incorrect install name for the frameworks for Catalyst builds with the system content path Modified: trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h (289095 => 289096) --- trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h 2022-02-04 01:41:57 UTC (rev 289095) +++ trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h 2022-02-04 02:09:58 UTC (rev 289096) @@ -77,9 +77,6 @@ Get }; -// rdar://88104045 - Remove once staged change completed -const char LocalAuthenticatiorAccessGroup[] = "com.apple.webkit.webauthn"; - constexpr const char LocalAuthenticatorAccessGroup[] = "com.apple.webkit.webauthn"; // Credential serialization ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [289059] trunk
Title: [289059] trunk Revision 289059 Author j_pas...@apple.com Date 2022-02-03 10:01:45 -0800 (Thu, 03 Feb 2022) Log Message [WebAuthn] Allow use of hardware-fixed credentials while using alternate store https://bugs.webkit.org/show_bug.cgi?id=235923 rdar://88102108 Reviewed by Brent Fulgham. Source/WebKit: This patch allows use of credentials created before a user started using the alternate credential store by searching regardless of status when querying credentials. Added API test + tested manually. * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: (WebKit::LocalAuthenticatorInternal::getExistingCredentials): (WebKit::LocalAuthenticator::continueGetAssertionAfterUserVerification): Tools: Add new test for querying credentials created both before and after enabling alternative credential store. * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (TestWebKitAPI::WebCore::addKeyToKeychain): (TestWebKitAPI::WebCore::cleanUpKeychain): (TestWebKitAPI::TEST): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Source/WebKit/ChangeLog (289058 => 289059) --- trunk/Source/WebKit/ChangeLog 2022-02-03 17:58:13 UTC (rev 289058) +++ trunk/Source/WebKit/ChangeLog 2022-02-03 18:01:45 UTC (rev 289059) @@ -1,3 +1,21 @@ +2022-02-03 J Pascoe + +[WebAuthn] Allow use of hardware-fixed credentials while using alternate store +https://bugs.webkit.org/show_bug.cgi?id=235923 +rdar://88102108 + +Reviewed by Brent Fulgham. + +This patch allows use of credentials created before a user started using +the alternate credential store by searching regardless of status when +querying credentials. + +Added API test + tested manually. + +* UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: +(WebKit::LocalAuthenticatorInternal::getExistingCredentials): +(WebKit::LocalAuthenticator::continueGetAssertionAfterUserVerification): + 2022-02-03 Per Arne Vollan [iOS][WP] Add file-ioctl telemetry Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm (289058 => 289059) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2022-02-03 17:58:13 UTC (rev 289058) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2022-02-03 18:01:45 UTC (rev 289059) @@ -120,19 +120,18 @@ static std::optional>> getExistingCredentials(const String& rpId) { // Search Keychain for existing credential matched the RP ID. -auto query = adoptNS([[NSMutableDictionary alloc] init]); -[query setDictionary:@{ +NSDictionary *query = @{ (id)kSecClass: (id)kSecClassKey, (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate, +(id)kSecAttrSynchronizable: (id)kSecAttrSynchronizableAny, (id)kSecAttrLabel: rpId, (id)kSecReturnAttributes: @YES, (id)kSecMatchLimit: (id)kSecMatchLimitAll, (id)kSecUseDataProtectionKeychain: @YES -}]; -updateQueryIfNecessary(query.get()); +}; CFTypeRef attributesArrayRef = nullptr; -OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query.get(), &attributesArrayRef); +OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &attributesArrayRef); if (status && status != errSecItemNotFound) return std::nullopt; auto retainAttributesArray = adoptCF(attributesArrayRef); @@ -599,6 +598,7 @@ NSMutableDictionary *queryDictionary = [@{ (id)kSecClass: (id)kSecClassKey, (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate, +(id)kSecAttrSynchronizable: (id)kSecAttrSynchronizableAny, (id)kSecAttrApplicationLabel: nsCredentialId.get(), (id)kSecReturnRef: @YES, (id)kSecUseDataProtectionKeychain: @YES @@ -608,7 +608,6 @@ queryDictionary[(id)kSecUseAuthenticationContext] = context; auto query = adoptNS(queryDictionary); -updateQueryIfNecessary(query.get()); CFTypeRef privateKeyRef = nullptr; OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query.get(), &privateKeyRef); @@ -633,19 +632,18 @@ // Extra step: update the Keychain item with the same value to update its modification date such that LRU can be used // for selectAssertionResponse -auto query = adoptNS([[NSMutableDictionary alloc] init]); -[query setDictionary:@{ +NSDictionary *query = @{ (id)kSecClass: (id)kSecClassKey, (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate, +(id)kSecAttrSynchronizable: (id)kSecAttrSynchronizableAny, (id)kSecAttrApplicationLabel: nsCredentialId.get(), (id)kSecUseDataProtectionKeychain: @YES -}]; -up
[webkit-changes] [288816] trunk
Title: [288816] trunk Revision 288816 Author j_pas...@apple.com Date 2022-01-31 08:55:49 -0800 (Mon, 31 Jan 2022) Log Message [WebAuthn] Provide SPI to export/import local credentials https://bugs.webkit.org/show_bug.cgi?id=234112 rdar://84822000 Reviewed by Brent Fulgham. Source/WebCore: This change adds SPI to _WKWebAuthenticationPanel to provide the ability to import / export local credentials. Constants are used during serialization as keys. * Modules/webauthn/WebAuthenticationConstants.h: constants for credential serialization Source/WebKit: Covered by new API tests. This patch adds new SPI to _WKWebAuthenticationPanel.h to import and export local webauthn credentials. CBOR is used for serialization. WKErrors are used to differentiate between malformed vs duplicate keys during import. * UIProcess/API/Cocoa/WKError.h: * UIProcess/API/Cocoa/WKError.mm: (localizedDescriptionForErrorCode): * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (+[_WKWebAuthenticationPanel importLocalAuthenticatorCredential:error:]): (+[_WKWebAuthenticationPanel exportLocalAuthenticatorCredentialWithID:error:]): Tools: Add tests for SPI to import / export local webauthn credentials. * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (TestWebKitAPI::TEST): New tests for import/export Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/API/Cocoa/WKError.h trunk/Source/WebKit/UIProcess/API/Cocoa/WKError.mm trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Source/WebCore/ChangeLog (288815 => 288816) --- trunk/Source/WebCore/ChangeLog 2022-01-31 16:05:31 UTC (rev 288815) +++ trunk/Source/WebCore/ChangeLog 2022-01-31 16:55:49 UTC (rev 288816) @@ -1,3 +1,17 @@ +2022-01-31 J Pascoe + +[WebAuthn] Provide SPI to export/import local credentials +https://bugs.webkit.org/show_bug.cgi?id=234112 +rdar://84822000 + +Reviewed by Brent Fulgham. + +This change adds SPI to _WKWebAuthenticationPanel to provide the ability +to import / export local credentials. Constants are used during serialization +as keys. + +* Modules/webauthn/WebAuthenticationConstants.h: constants for credential serialization + 2022-01-31 Antti Koivisto [CSS Container Queries] Check for query containers when matching rules Modified: trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h (288815 => 288816) --- trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h 2022-01-31 16:05:31 UTC (rev 288815) +++ trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h 2022-01-31 16:55:49 UTC (rev 288816) @@ -77,8 +77,18 @@ Get }; +// rdar://88104045 - Remove once staged change completed const char LocalAuthenticatiorAccessGroup[] = "com.apple.webkit.webauthn"; +constexpr const char LocalAuthenticatorAccessGroup[] = "com.apple.webkit.webauthn"; + +// Credential serialization +constexpr const char privateKeyKey[] = "priv"; +constexpr const char keyTypeKey[] = "key_type"; +constexpr const char keySizeKey[] = "key_size"; +constexpr const char relyingPartyKey[] = "rp"; +constexpr const char applicationTagKey[] = "tag"; + } // namespace WebCore namespace WebAuthn { Modified: trunk/Source/WebKit/ChangeLog (288815 => 288816) --- trunk/Source/WebKit/ChangeLog 2022-01-31 16:05:31 UTC (rev 288815) +++ trunk/Source/WebKit/ChangeLog 2022-01-31 16:55:49 UTC (rev 288816) @@ -1,3 +1,25 @@ +2022-01-31 J Pascoe + +[WebAuthn] Provide SPI to export/import local credentials +https://bugs.webkit.org/show_bug.cgi?id=234112 +rdar://84822000 + +Reviewed by Brent Fulgham. + +Covered by new API tests. + +This patch adds new SPI to _WKWebAuthenticationPanel.h to import and export local +webauthn credentials. CBOR is used for serialization. WKErrors are used to differentiate +between malformed vs duplicate keys during import. + +* UIProcess/API/Cocoa/WKError.h: +* UIProcess/API/Cocoa/WKError.mm: +(localizedDescriptionForErrorCode): +* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: +* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: +(+[_WKWebAuthenticationPanel importLocalAuthenticatorCredential:error:]): +(+[_WKWebAuthenticationPanel exportLocalAuthenticatorCredentialWithID:error:]): + 2022-01-31 Alexander Mikhaylenko REGRESSION(r288644): [GTK4] Criticals when using pinch zoom Mod
[webkit-changes] [288652] trunk/Source/WebKit
Title: [288652] trunk/Source/WebKit Revision 288652 Author j_pas...@apple.com Date 2022-01-26 16:03:15 -0800 (Wed, 26 Jan 2022) Log Message [WebAuthn] We should pass extensions to ASC if possible https://bugs.webkit.org/show_bug.cgi?id=235533 rdar://87169406 Reviewed by Brent Fulgham. This patch starts passing WebAuthn extensions to ASC if possible, in order to support the googleLegacyAppidSupport extension, which is required to register security keys on google.com. It also starts passing the attestationPreference option, which was not being passed before. Tested manually. Previous version of patch contained TestWebKitAPI.WebAuthenticationPanel.PublicKeyCredentialRequestOptionsASC and TestWebKitAPI.WebAuthenticationPanel.PublicKeyCredentialCreationOptionsASC, but were removed due to difficulty softlinking from tests. * Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h: * UIProcess/API/Cocoa/_WKAuthenticationExtensionsClientInputs.h: * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (authenticationExtensionsClientInputs): * UIProcess/WebAuthentication/Cocoa/AuthenticationServicesCoreSoftLink.h: * UIProcess/WebAuthentication/Cocoa/AuthenticationServicesCoreSoftLink.mm: * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: (WebKit::toNSString): (WebKit::toASCExtensions): (WebKit::configureRegistrationRequestContext): (WebKit::configurationAssertionRequestContext): * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h: * WebKit.xcodeproj/project.pbxproj: Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticationExtensionsClientInputs.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesCoreSoftLink.h trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesCoreSoftLink.mm trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h Diff Modified: trunk/Source/WebKit/ChangeLog (288651 => 288652) --- trunk/Source/WebKit/ChangeLog 2022-01-26 23:56:19 UTC (rev 288651) +++ trunk/Source/WebKit/ChangeLog 2022-01-27 00:03:15 UTC (rev 288652) @@ -1,3 +1,35 @@ +2022-01-26 J Pascoe + +[WebAuthn] We should pass extensions to ASC if possible +https://bugs.webkit.org/show_bug.cgi?id=235533 +rdar://87169406 + +Reviewed by Brent Fulgham. + +This patch starts passing WebAuthn extensions to ASC if possible, +in order to support the googleLegacyAppidSupport extension, which +is required to register security keys on google.com. It also starts +passing the attestationPreference option, which was not being passed before. + +Tested manually. Previous version of patch contained +TestWebKitAPI.WebAuthenticationPanel.PublicKeyCredentialRequestOptionsASC +and TestWebKitAPI.WebAuthenticationPanel.PublicKeyCredentialCreationOptionsASC, +but were removed due to difficulty softlinking from tests. + +* Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h: +* UIProcess/API/Cocoa/_WKAuthenticationExtensionsClientInputs.h: +* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: +(authenticationExtensionsClientInputs): +* UIProcess/WebAuthentication/Cocoa/AuthenticationServicesCoreSoftLink.h: +* UIProcess/WebAuthentication/Cocoa/AuthenticationServicesCoreSoftLink.mm: +* UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: +(WebKit::toNSString): +(WebKit::toASCExtensions): +(WebKit::configureRegistrationRequestContext): +(WebKit::configurationAssertionRequestContext): +* UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h: +* WebKit.xcodeproj/project.pbxproj: + 2022-01-26 Alexander Mikhaylenko [GTK3] Pinch zooming from a link activates it Modified: trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h (288651 => 288652) --- trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h 2022-01-26 23:56:19 UTC (rev 288651) +++ trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h 2022-01-27 00:03:15 UTC (rev 288652) @@ -133,6 +133,17 @@ @end +@class ASCWebAuthenticationExtensionsClientInputs; + +@interface ASCWebAuthenticationExtensionsClientInputs : NSObject + +- (instancetype)initWithAppID:(NSString * _Nullable)appID isGoogleLegacyAppIDSupport:(BOOL)isGoogleLegacyAppIDSupport NS_DESIGNATED_INITIALIZER; + +@property (nonatomic, nullable, copy) NSString *appID; +@property (nonatomic) BOOL isGoogleLegacyAppIDSupport; + +@end + @class ASCPublicKeyCredentialDescriptor; typedef NS_ENUM(NSUInteger, ASCPublicKeyCredentialKind) { @@ -152,6 +163,7 @@ // If clientDataHash is n
[webkit-changes] [288622] trunk
Title: [288622] trunk Revision 288622 Author j_pas...@apple.com Date 2022-01-26 08:59:14 -0800 (Wed, 26 Jan 2022) Log Message [WebAuthn] Add authenticator attachment used during authentication to credential payload https://bugs.webkit.org/show_bug.cgi?id=235621 rdar://86538235 Reviewed by Dean Jackson. Source/WebCore: This patch adds the authenticator attachment used to the credential response in get/create webauthn calls as described in the merged PR to the spec: https://github.com/w3c/webauthn/pull/1668/files Modified layout tests to check for authenticator attachment = (cross-platform/platform) where appropriate and verified response in manual calls. * Modules/webauthn/PublicKeyCredential.cpp: (WebCore::PublicKeyCredential::authenticatorAttachment const): * Modules/webauthn/PublicKeyCredential.h: * Modules/webauthn/PublicKeyCredential.idl: LayoutTests: Modify webauthn layout tests to check for new authenticatorAttachment field. * http/wpt/webauthn/public-key-credential-get-success-local.https.html: * http/wpt/webauthn/resources/util.js: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https.html trunk/LayoutTests/http/wpt/webauthn/resources/util.js trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/webauthn/PublicKeyCredential.cpp trunk/Source/WebCore/Modules/webauthn/PublicKeyCredential.h trunk/Source/WebCore/Modules/webauthn/PublicKeyCredential.idl Diff Modified: trunk/LayoutTests/ChangeLog (288621 => 288622) --- trunk/LayoutTests/ChangeLog 2022-01-26 16:49:09 UTC (rev 288621) +++ trunk/LayoutTests/ChangeLog 2022-01-26 16:59:14 UTC (rev 288622) @@ -1,3 +1,15 @@ +2022-01-26 J Pascoe + +[WebAuthn] Add authenticator attachment used during authentication to credential payload +https://bugs.webkit.org/show_bug.cgi?id=235621 +rdar://86538235 + +Reviewed by Dean Jackson. + +Modify webauthn layout tests to check for new authenticatorAttachment field. +* http/wpt/webauthn/public-key-credential-get-success-local.https.html: +* http/wpt/webauthn/resources/util.js: + 2022-01-26 Wenson Hsieh Data detectors sometimes show up in the wrong place when resizing images with Live Text Modified: trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https.html (288621 => 288622) --- trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https.html 2022-01-26 16:49:09 UTC (rev 288621) +++ trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https.html 2022-01-26 16:59:14 UTC (rev 288622) @@ -16,6 +16,7 @@ assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.get","challenge":"MTIzNDU2","origin":"https://localhost:9443"}'); assert_array_equals(new Uint8Array(credential.response.userHandle), Base64URL.parse(testUserhandleBase64)); assert_not_own_property(credential.getClientExtensionResults(), "appid"); +assert_equals(credential.authenticatorAttachment, 'platform'); // Check authData const authData = decodeAuthData(new Uint8Array(credential.response.authenticatorData)); Modified: trunk/LayoutTests/http/wpt/webauthn/resources/util.js (288621 => 288622) --- trunk/LayoutTests/http/wpt/webauthn/resources/util.js 2022-01-26 16:49:09 UTC (rev 288621) +++ trunk/LayoutTests/http/wpt/webauthn/resources/util.js 2022-01-26 16:59:14 UTC (rev 288622) @@ -425,6 +425,7 @@ // Check respond assert_array_equals(Base64URL.parse(credential.id), Base64URL.parse(testHidCredentialIdBase64)); assert_equals(credential.type, 'public-key'); +assert_equals(credential.authenticatorAttachment, 'cross-platform') assert_array_equals(new Uint8Array(credential.rawId), Base64URL.parse(testHidCredentialIdBase64)); assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.get","challenge":"MTIzNDU2","origin":"https://localhost:9443"}'); if (userHandleBase64 == null) Modified: trunk/Source/WebCore/ChangeLog (288621 => 288622) --- trunk/Source/WebCore/ChangeLog 2022-01-26 16:49:09 UTC (rev 288621) +++ trunk/Source/WebCore/ChangeLog 2022-01-26 16:59:14 UTC (rev 288622) @@ -1,3 +1,22 @@ +2022-01-26 J Pascoe + +[WebAuthn] Add authenticator attachment used during authentication to credential payload +https://bugs.webkit.org/show_bug.cgi?id=235621 +rdar://86538235 + +Reviewed by Dean Jackson. + +This patch adds the authenticator attachment used to the credential response in get/create +webauthn calls as described in the merged PR to the spec: https://github.com/w3c/webauthn/pull/1668/files + +Modified layout tests to check for authenticator attachment = (cross-platform/platform) where appropriate +and verified response in manual calls. + +* Modules/webauthn/PublicKeyCredential.cpp: +
[webkit-changes] [288333] trunk/Source/WebKit
Title: [288333] trunk/Source/WebKit Revision 288333 Author j_pas...@apple.com Date 2022-01-20 16:34:40 -0800 (Thu, 20 Jan 2022) Log Message [WebAuthn] Support all valid FIDO NFC tag types https://bugs.webkit.org/show_bug.cgi?id=234616 rdar://85871173 Reviewed by Darin Adler. This patch modifies a check when looking for FIDO nfc tags to support all valid FIDO tag types. Tested using physical NFC tags provided for this bug. * Platform/spi/Cocoa/NearFieldSPI.h: * UIProcess/WebAuthentication/Cocoa/NfcConnection.mm: (WebKit::NfcConnection::didDetectTags): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/Platform/spi/Cocoa/NearFieldSPI.h trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/NfcConnection.mm Diff Modified: trunk/Source/WebKit/ChangeLog (288332 => 288333) --- trunk/Source/WebKit/ChangeLog 2022-01-21 00:17:44 UTC (rev 288332) +++ trunk/Source/WebKit/ChangeLog 2022-01-21 00:34:40 UTC (rev 288333) @@ -1,3 +1,20 @@ +2022-01-20 J Pascoe + +[WebAuthn] Support all valid FIDO NFC tag types +https://bugs.webkit.org/show_bug.cgi?id=234616 +rdar://85871173 + +Reviewed by Darin Adler. + +This patch modifies a check when looking for FIDO nfc tags +to support all valid FIDO tag types. + +Tested using physical NFC tags provided for this bug. + +* Platform/spi/Cocoa/NearFieldSPI.h: +* UIProcess/WebAuthentication/Cocoa/NfcConnection.mm: +(WebKit::NfcConnection::didDetectTags): + 2022-01-20 Kimmo Kinnunen Implement WebGL GPU buffer texture upload path for Cocoa getUserMedia camera streams Modified: trunk/Source/WebKit/Platform/spi/Cocoa/NearFieldSPI.h (288332 => 288333) --- trunk/Source/WebKit/Platform/spi/Cocoa/NearFieldSPI.h 2022-01-21 00:17:44 UTC (rev 288332) +++ trunk/Source/WebKit/Platform/spi/Cocoa/NearFieldSPI.h 2022-01-21 00:34:40 UTC (rev 288333) @@ -36,8 +36,10 @@ }; typedef NS_ENUM(uint32_t, NFTagType) { -NFTagTypeUnknown= 0, -NFTagTypeGeneric4A = 3, +NFTagTypeUnknown= 0, +NFTagTypeGeneric4A = 3, +NFTagTypeGeneric4B = 6, +NFTagTypeMiFareDESFire = 16, }; typedef NS_OPTIONS(uint32_t, NFTechnology) { Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/NfcConnection.mm (288332 => 288333) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/NfcConnection.mm 2022-01-21 00:17:44 UTC (rev 288332) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/NfcConnection.mm 2022-01-21 00:34:40 UTC (rev 288333) @@ -119,10 +119,10 @@ return; } -// FIXME(203234): Tell users to switch to a different tag if the tag is not of type NFTagTypeGeneric4A -// or can't speak U2F/FIDO2. +// FIXME(203234): Tell users to switch to a different tag if the tag is not supported or can't speak U2F/FIDO2. for (NFTag *tag : tags) { -if (tag.type != NFTagTypeGeneric4A || ![m_session connectTag:tag]) +// FIDO tag is ISO-DEP which can be Tag4A, Tag4B, and DESFIRE (Tag4A). +if ((tag.type != NFTagTypeGeneric4A && tag.type != NFTagTypeGeneric4B && tag.type != NFTagTypeMiFareDESFire) || ![m_session connectTag:tag]) continue; if (!trySelectFidoApplet(m_session.get())) { ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [288010] trunk
Title: [288010] trunk Revision 288010 Author j_pas...@apple.com Date 2022-01-14 00:02:17 -0800 (Fri, 14 Jan 2022) Log Message Expose way to encode CTAP commands with only the hash of ClientDataJSON https://bugs.webkit.org/show_bug.cgi?id=235191 Reviewed by Brent Fulgham. Source/WebKit: CTAP command encoding covered by existing tests (see CtapRequestTest) and the SPI in new API tests. * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (+[_WKWebAuthenticationPanel encodeMakeCredentialCommandWithClientDataHash:options:userVerificationAvailability:]): (+[_WKWebAuthenticationPanel encodeGetAssertionCommandWithClientDataHash:options:userVerificationAvailability:]): Tools: * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (TestWebKitAPI::TEST): Tests for new SPIs. Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Source/WebKit/ChangeLog (288009 => 288010) --- trunk/Source/WebKit/ChangeLog 2022-01-14 07:51:35 UTC (rev 288009) +++ trunk/Source/WebKit/ChangeLog 2022-01-14 08:02:17 UTC (rev 288010) @@ -1,3 +1,19 @@ +2022-01-14 J Pascoe + +Expose way to encode CTAP commands with only the hash of ClientDataJSON +https://bugs.webkit.org/show_bug.cgi?id=235191 + + +Reviewed by Brent Fulgham. + +CTAP command encoding covered by existing tests (see CtapRequestTest) and the SPI +in new API tests. + +* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: +* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: +(+[_WKWebAuthenticationPanel encodeMakeCredentialCommandWithClientDataHash:options:userVerificationAvailability:]): +(+[_WKWebAuthenticationPanel encodeGetAssertionCommandWithClientDataHash:options:userVerificationAvailability:]): + 2022-01-13 Elliott Williams [XCBuild] Add "product dependencies" which influence workspace build order Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h (288009 => 288010) --- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h 2022-01-14 07:51:35 UTC (rev 288009) +++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h 2022-01-14 08:02:17 UTC (rev 288010) @@ -123,6 +123,9 @@ + (NSData *)encodeMakeCredentialCommandWithClientDataJSON:(NSData *)clientDataJSON options:(_WKPublicKeyCredentialCreationOptions *)options userVerificationAvailability:(_WKWebAuthenticationUserVerificationAvailability)userVerificationAvailability WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); + (NSData *)encodeGetAssertionCommandWithClientDataJSON:(NSData *)clientDataJSON options:(_WKPublicKeyCredentialRequestOptions *)options userVerificationAvailability:(_WKWebAuthenticationUserVerificationAvailability)userVerificationAvailability WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); ++ (NSData *)encodeMakeCredentialCommandWithClientDataHash:(NSData *)clientDataHash options:(_WKPublicKeyCredentialCreationOptions *)options userVerificationAvailability:(_WKWebAuthenticationUserVerificationAvailability)userVerificationAvailability WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); ++ (NSData *)encodeGetAssertionCommandWithClientDataHash:(NSData *)clientDataHash options:(_WKPublicKeyCredentialRequestOptions *)options userVerificationAvailability:(_WKWebAuthenticationUserVerificationAvailability)userVerificationAvailability WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); + - (instancetype)init; // FIXME: Adds detailed NSError. Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm (288009 => 288010) --- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2022-01-14 07:51:35 UTC (rev 288009) +++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2022-01-14 08:02:17 UTC (rev 288010) @@ -711,6 +711,29 @@ return encodedCommand.autorelease(); } + ++ (NSData *)encodeMakeCredentialCommandWithClientDataHash:(NSData *)clientDataHash options:(_WKPublicKeyCredentialCreationOptions *)options userVerificationAvailability:(_WKWebAuthenticationUserVerificationAvailability)userVerificationAvailability +{ +RetainPtr encodedCommand; +#if ENABLE(WEB_AUTHN) +auto encodedVector = fido::encodeMakeCredenitalRequestAsCBOR(vectorFromNSData(clientDataHash), [_WKWebAuthenticationPanel convertToCoreCreationOptionsWithOptions:options], coreUserVerificationAvailability(userVerificationAvailability), std::nullopt); +encodedCommand = adoptNS([[NSData alloc] initWithBytes:encodedVector.data() length:encodedVector.size()]); +#endif + +return encodedCommand.autorelease(); +} + ++ (NSData *)encodeGetAssertionCommandWithClientDataHash:(NSData *)clientDataHash optio
[webkit-changes] [287957] trunk
Title: [287957] trunk Revision 287957 Author j_pas...@apple.com Date 2022-01-12 15:45:51 -0800 (Wed, 12 Jan 2022) Log Message [WebAuthn] Fix freebie call without user gesture not being given https://bugs.webkit.org/show_bug.cgi?id=235078 rdar://87327557 Reviewed by Brent Fulgham. Source/WebKit: This logic was previously always requiring a user gesture. The desired behavior of giving pages a single "freebie" webauthn call without gesture was lost in a refactor. Tested manually on iOS device with webauthn.me. * WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp: (WebKit::WebAuthenticatorCoordinator::processingUserGesture): Tools: Updated API test to reflect user gesture freebie. * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html: Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html Diff Modified: trunk/Source/WebKit/ChangeLog (287956 => 287957) --- trunk/Source/WebKit/ChangeLog 2022-01-12 23:36:57 UTC (rev 287956) +++ trunk/Source/WebKit/ChangeLog 2022-01-12 23:45:51 UTC (rev 287957) @@ -1,3 +1,20 @@ +2022-01-12 J Pascoe + +[WebAuthn] Fix freebie call without user gesture not being given +https://bugs.webkit.org/show_bug.cgi?id=235078 +rdar://87327557 + +Reviewed by Brent Fulgham. + +This logic was previously always requiring a user gesture. The desired +behavior of giving pages a single "freebie" webauthn call without gesture +was lost in a refactor. + +Tested manually on iOS device with webauthn.me. + +* WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp: +(WebKit::WebAuthenticatorCoordinator::processingUserGesture): + 2022-01-12 Brandon Stewart [macOS] Add required system call Modified: trunk/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp (287956 => 287957) --- trunk/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp 2022-01-12 23:36:57 UTC (rev 287956) +++ trunk/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp 2022-01-12 23:45:51 UTC (rev 287957) @@ -126,13 +126,15 @@ bool WebAuthenticatorCoordinator::processingUserGesture(const Frame& frame, const FrameIdentifier& frameID) { auto processingUserGesture = UserGestureIndicator::processingUserGestureForMedia(); -if (!processingUserGesture && m_requireUserGesture) +bool processingUserGestureOrFreebie = processingUserGesture || !m_requireUserGesture; +if (!processingUserGestureOrFreebie) m_webPage.addConsoleMessage(frameID, MessageSource::Other, MessageLevel::Warning, "User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' or 'navigator.credentials.get' within user activated events."_s); + if (processingUserGesture && m_requireUserGesture) m_requireUserGesture = false; -else +else if (!processingUserGesture) m_requireUserGesture = true; -return processingUserGesture || !m_requireUserGesture; +return processingUserGestureOrFreebie; } } // namespace WebKit Modified: trunk/Tools/ChangeLog (287956 => 287957) --- trunk/Tools/ChangeLog 2022-01-12 23:36:57 UTC (rev 287956) +++ trunk/Tools/ChangeLog 2022-01-12 23:45:51 UTC (rev 287957) @@ -1,3 +1,15 @@ +2022-01-12 J Pascoe + +[WebAuthn] Fix freebie call without user gesture not being given +https://bugs.webkit.org/show_bug.cgi?id=235078 +rdar://87327557 + +Reviewed by Brent Fulgham. + +Updated API test to reflect user gesture freebie. + +* TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html: + 2022-01-12 Elliott Williams [Xcode] Configure each project for the legacy build system Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html (287956 => 287957) --- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html 2022-01-12 23:36:57 UTC (rev 287956) +++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html 2022-01-12 23:45:51 UTC (rev 287957) @@ -20,10 +20,14 @@ }; navigator.credentials.create(options).then(credential => { -// console.log("Succeeded!"); window.webkit.messageHandlers.testHandler.postMessage("Succeeded!"); }, error => { -// console.log(error.message); +// The first call will consume the freebie, the second will give the no user gesture error. +navigator.credentials.create(options).then(credential => { +window.webkit.messageHandlers.testHandler.postMessage("Succeeded!"); +}, error => { +window.webkit.messageHandlers.testHandler.postMessage(erro
[webkit-changes] [287360] trunk
Title: [287360] trunk Revision 287360 Author j_pas...@apple.com Date 2021-12-22 09:59:28 -0800 (Wed, 22 Dec 2021) Log Message [WebAuthn] Set Web Authentication experimental feature flag as default true https://bugs.webkit.org/show_bug.cgi?id=234533 Reviewed by Brent Fulgham. Source/WTF: The Web Authentication feature has been shipping for a while. Default value for experimental feature flag should be true. * Scripts/Preferences/WebPreferencesExperimental.yaml: Tools: The Web Authentication feature has been shipping for a while. Default value for experimental feature flag should be true. * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (TestWebKitAPI::TEST): (TestWebKitAPI::WebCore::webAuthenticationExperimentalFeature): Deleted. Modified Paths trunk/Source/WTF/ChangeLog trunk/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Source/WTF/ChangeLog (287359 => 287360) --- trunk/Source/WTF/ChangeLog 2021-12-22 17:41:42 UTC (rev 287359) +++ trunk/Source/WTF/ChangeLog 2021-12-22 17:59:28 UTC (rev 287360) @@ -1,3 +1,16 @@ +2021-12-22 J Pascoe + +[WebAuthn] Set Web Authentication experimental feature flag as default true +https://bugs.webkit.org/show_bug.cgi?id=234533 + + +Reviewed by Brent Fulgham. + +The Web Authentication feature has been shipping for a while. Default value +for experimental feature flag should be true. + +* Scripts/Preferences/WebPreferencesExperimental.yaml: + 2021-12-21 Brady Eidson Make Notification identifiers be a UUID string instead of a uint64_t Modified: trunk/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml (287359 => 287360) --- trunk/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml 2021-12-22 17:41:42 UTC (rev 287359) +++ trunk/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml 2021-12-22 17:59:28 UTC (rev 287360) @@ -1555,9 +1555,9 @@ WebKitLegacy: default: false WebKit: - default: false + default: true WebCore: - default: false + default: true # FIXME: Is this implemented for WebKitLegacy? If not, this should be excluded from WebKitLegacy entirely. WebAuthenticationModernEnabled: Modified: trunk/Tools/ChangeLog (287359 => 287360) --- trunk/Tools/ChangeLog 2021-12-22 17:41:42 UTC (rev 287359) +++ trunk/Tools/ChangeLog 2021-12-22 17:59:28 UTC (rev 287360) @@ -1,3 +1,18 @@ +2021-12-22 J Pascoe + +[WebAuthn] Set Web Authentication experimental feature flag as default true +https://bugs.webkit.org/show_bug.cgi?id=234533 + + +Reviewed by Brent Fulgham. + +The Web Authentication feature has been shipping for a while. Default value for +experimental feature flag should be true. + +* TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: +(TestWebKitAPI::TEST): +(TestWebKitAPI::WebCore::webAuthenticationExperimentalFeature): Deleted. + 2021-12-22 Alex Christensen Re-enable PrivateClickMeasurement.EphemeralWithAttributedBundleIdentifier API test Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm (287359 => 287360) --- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2021-12-22 17:41:42 UTC (rev 287359) +++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2021-12-22 17:59:28 UTC (rev 287360) @@ -297,22 +297,6 @@ "" ""; -static _WKExperimentalFeature *webAuthenticationExperimentalFeature() -{ -static RetainPtr<_WKExperimentalFeature> theFeature; -if (theFeature) -return theFeature.get(); - -NSArray *features = [WKPreferences _experimentalFeatures]; -for (_WKExperimentalFeature *feature in features) { -if ([feature.key isEqual:@"WebAuthenticationEnabled"]) { -theFeature = feature; -break; -} -} -return theFeature.get(); -} - static _WKExperimentalFeature *webAuthenticationModernExperimentalFeature() { static RetainPtr<_WKExperimentalFeature> theFeature; @@ -430,7 +414,6 @@ RetainPtr testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-get-assertion-nfc" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]; auto *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES]; -[[configuration preferences] _setEnabled:YES forExperimentalFeature:webAuthenticationExperimentalFeature()]; auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSZeroRect configuration:configuration]); [webView focus]; @@ -445,7 +428,6 @@ RetainPtr testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-get-assertion-hid" withExtension:@"html" subdirectory:@"TestWebKitAPI.reso
[webkit-changes] [287315] trunk
Title: [287315] trunk Revision 287315 Author j_pas...@apple.com Date 2021-12-21 08:09:07 -0800 (Tue, 21 Dec 2021) Log Message [WebAuthn] Authenticator is not falling back to clientPIN after internal verification fails and is blocked. https://bugs.webkit.org/show_bug.cgi?id=232501 Reviewed by Darin Adler. Whenever internal uv gets blocked, the user agent should fall back to using a pin for user verification. This Source/WebKit: patch starts doing that by going into the pin flow whenever the authenticator returns the pin required error code. Added API test for fallback. * UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp: (WebKit::CtapAuthenticator::makeCredential): (WebKit::CtapAuthenticator::getAssertion): (WebKit::CtapAuthenticator::tryRestartPin): Tools: adds an API test to verify this behavior. * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (TestWebKitAPI::TEST): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Added Paths trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-hid-internal-uv-pin-fallback.html Diff Modified: trunk/Source/WebKit/ChangeLog (287314 => 287315) --- trunk/Source/WebKit/ChangeLog 2021-12-21 16:01:13 UTC (rev 287314) +++ trunk/Source/WebKit/ChangeLog 2021-12-21 16:09:07 UTC (rev 287315) @@ -1,3 +1,22 @@ +2021-12-21 J Pascoe + +[WebAuthn] Authenticator is not falling back to clientPIN after internal verification fails and is blocked. +https://bugs.webkit.org/show_bug.cgi?id=232501 + + +Reviewed by Darin Adler. + +Whenever internal uv gets blocked, the user agent should fall back to using a pin for user verification. This +patch starts doing that by going into the pin flow whenever the authenticator returns the pin required error +code. + +Added API test for fallback. + +* UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp: +(WebKit::CtapAuthenticator::makeCredential): +(WebKit::CtapAuthenticator::getAssertion): +(WebKit::CtapAuthenticator::tryRestartPin): + 2021-12-21 Kimmo Kinnunen IPC streams should not accept 0-length stream buffers Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp (287314 => 287315) --- trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp 2021-12-21 16:01:13 UTC (rev 287314) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp 2021-12-21 16:09:07 UTC (rev 287315) @@ -73,6 +73,7 @@ case CtapDeviceResponseCode::kCtap2ErrPinAuthBlocked: case CtapDeviceResponseCode::kCtap2ErrPinInvalid: case CtapDeviceResponseCode::kCtap2ErrPinBlocked: +case CtapDeviceResponseCode::kCtap2ErrPinRequired: return true; default: return false; @@ -96,7 +97,7 @@ auto& options = std::get(requestData().options); auto internalUVAvailability = m_info.options().userVerificationAvailability(); // If UV is required, then either built-in uv or a pin will work. -if (internalUVAvailability == UVAvailability::kSupportedAndConfigured && (!options.authenticatorSelection || options.authenticatorSelection->userVerification != UserVerificationRequirement::Discouraged)) +if (internalUVAvailability == UVAvailability::kSupportedAndConfigured && (!options.authenticatorSelection || options.authenticatorSelection->userVerification != UserVerificationRequirement::Discouraged) && m_pinAuth.isEmpty()) cborCmd = encodeMakeCredenitalRequestAsCBOR(requestData().hash, options, internalUVAvailability); else if (m_info.options().clientPinAvailability() == AuthenticatorSupportedOptions::ClientPinAvailability::kSupportedAndPinSet) cborCmd = encodeMakeCredenitalRequestAsCBOR(requestData().hash, options, internalUVAvailability, PinParameters { pin::kProtocolVersion, m_pinAuth }); @@ -141,7 +142,7 @@ auto& options = std::get(requestData().options); auto internalUVAvailability = m_info.options().userVerificationAvailability(); // If UV is required, then either built-in uv or a pin will work. -if (internalUVAvailability == UVAvailability::kSupportedAndConfigured && options.userVerification != UserVerificationRequirement::Discouraged) +if (internalUVAvailability == UVAvailability::kSupportedAndConfigured && options.userVerification != UserVerificationRequirement::Discouraged && m_pinAuth.isEmpty()) cborCmd = encodeGetAssertionRequestAsCBOR(requestData().hash, options, internalUVAvailability); else if (m_info.options().clientPinAvailability() == AuthenticatorSupportedOptions::ClientPinAvailability::kSupportedAndPinSet && options.userVerification
[webkit-changes] [287278] trunk/Tools
Title: [287278] trunk/Tools Revision 287278 Author j_pas...@apple.com Date 2021-12-20 14:11:53 -0800 (Mon, 20 Dec 2021) Log Message [WebAuthn] Add option to change requestWebAuthenticationNoGesture delegate for api tests. https://bugs.webkit.org/show_bug.cgi?id=23 rdar://86644642 Reviewed by Brent Fulgham. These test a lack of user gesture in local authenticator. Recently we made a change to change user gesture behavior, causing these tests to call out to an agent that cannot be called from TWAPI. To restore test behavior, we add an option to change the return value of the requestWebAuthenticationNoGesture delegate in tests. * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (-[TestWebAuthenticationPanelUIDelegate _webView:requestWebAuthenticationNoGestureForOrigin:completionHandler:]): (TestWebKitAPI::WebCore::reset): (TestWebKitAPI::TEST): Modified Paths trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Tools/ChangeLog (287277 => 287278) --- trunk/Tools/ChangeLog 2021-12-20 22:09:35 UTC (rev 287277) +++ trunk/Tools/ChangeLog 2021-12-20 22:11:53 UTC (rev 287278) @@ -1,5 +1,23 @@ 2021-12-20 J Pascoe +[WebAuthn] Add option to change requestWebAuthenticationNoGesture delegate for api tests. +https://bugs.webkit.org/show_bug.cgi?id=23 +rdar://86644642 + +Reviewed by Brent Fulgham. + +These test a lack of user gesture in local authenticator. Recently we made a change to +change user gesture behavior, causing these tests to call out to an agent that cannot be called +from TWAPI. To restore test behavior, we add an option to change the return value of the +requestWebAuthenticationNoGesture delegate in tests. + +* TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: +(-[TestWebAuthenticationPanelUIDelegate _webView:requestWebAuthenticationNoGestureForOrigin:completionHandler:]): +(TestWebKitAPI::WebCore::reset): +(TestWebKitAPI::TEST): + +2021-12-20 J Pascoe + [WebAuthn] Only run WebAuthn test process on platform it is used https://bugs.webkit.org/show_bug.cgi?id=234445 rdar://86646638 Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm (287277 => 287278) --- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2021-12-20 22:09:35 UTC (rev 287277) +++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2021-12-20 22:11:53 UTC (rev 287278) @@ -72,6 +72,7 @@ static bool webAuthenticationPanelUpdateLAExcludeCredentialsMatched = false; static bool webAuthenticationPanelUpdateLANoCredential = false; static bool webAuthenticationPanelCancelImmediately = false; +static bool webAuthenticationPanelRequestNoGesture = true; static _WKLocalAuthenticatorPolicy localAuthenticatorPolicy = _WKLocalAuthenticatorPolicyDisallow; static String webAuthenticationPanelPin; static BOOL webAuthenticationPanelNullUserHandle = NO; @@ -233,7 +234,7 @@ - (void)_webView:(WKWebView *)webView requestWebAuthenticationNoGestureForOrigin:(WKSecurityOrigin *)orgin completionHandler:(void (^)(BOOL))completionHandler { -completionHandler(true); +completionHandler(webAuthenticationPanelRequestNoGesture); } - (void)_webView:(WKWebView *)webView runWebAuthenticationPanel:(_WKWebAuthenticationPanel *)panel initiatedByFrame:(WKFrameInfo *)frame completionHandler:(void (^)(_WKWebAuthenticationPanelResult))completionHandler @@ -342,6 +343,7 @@ webAuthenticationPanelUpdateLAExcludeCredentialsMatched = false; webAuthenticationPanelUpdateLANoCredential = false; webAuthenticationPanelCancelImmediately = false; +webAuthenticationPanelRequestNoGesture = true; webAuthenticationPanelPin = emptyString(); webAuthenticationPanelNullUserHandle = NO; localAuthenticatorPolicy = _WKLocalAuthenticatorPolicyDisallow; @@ -1493,6 +1495,7 @@ TEST(WebAuthenticationPanel, LAMakeCredentialNoMockNoUserGesture) { reset(); +webAuthenticationPanelRequestNoGesture = false; RetainPtr testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-make-credential-la-no-mock" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]; auto *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES]; @@ -1562,6 +1565,7 @@ TEST(WebAuthenticationPanel, LAGetAssertionNoMockNoUserGesture) { reset(); +webAuthenticationPanelRequestNoGesture = false; RetainPtr testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-get-assertion-la-no-mock" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]; auto *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES]; ___
[webkit-changes] [287277] trunk/Tools
Title: [287277] trunk/Tools Revision 287277 Author j_pas...@apple.com Date 2021-12-20 14:09:35 -0800 (Mon, 20 Dec 2021) Log Message [WebAuthn] Only run WebAuthn test process on platform it is used https://bugs.webkit.org/show_bug.cgi?id=234445 rdar://86646638 Reviewed by Brent Fulgham. Add PLATFORM(IOS) macro around webauthn process test. * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: Modified Paths trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Tools/ChangeLog (287276 => 287277) --- trunk/Tools/ChangeLog 2021-12-20 22:04:20 UTC (rev 287276) +++ trunk/Tools/ChangeLog 2021-12-20 22:09:35 UTC (rev 287277) @@ -1,3 +1,15 @@ +2021-12-20 J Pascoe + +[WebAuthn] Only run WebAuthn test process on platform it is used +https://bugs.webkit.org/show_bug.cgi?id=234445 +rdar://86646638 + +Reviewed by Brent Fulgham. + +Add PLATFORM(IOS) macro around webauthn process test. + +* TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: + 2021-12-20 Alex Christensen Prevent test functionality in AdAttributionDaemon when not running tests Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm (287276 => 287277) --- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2021-12-20 22:04:20 UTC (rev 287276) +++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2021-12-20 22:09:35 UTC (rev 287277) @@ -2258,6 +2258,7 @@ } #endif // USE(APPLE_INTERNAL_SDK) || PLATFORM(IOS) +#if PLATFORM(IOS) TEST(WebAuthenticationPanel, RecoverAfterAuthNProcessCrash) { TestWebKitAPI::HTTPServer server({ @@ -2308,6 +2309,7 @@ Util::run(&gotMessage); } +#endif // PLATFORM(IOS) } // namespace TestWebKitAPI ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [287116] trunk
Title: [287116] trunk Revision 287116 Author j_pas...@apple.com Date 2021-12-15 16:52:57 -0800 (Wed, 15 Dec 2021) Log Message [WebAuthn] Allow same-site, cross-origin iframe get() https://bugs.webkit.org/show_bug.cgi?id=234309 rdar://problem/86486313 Reviewed by Brent Fulgham. Source/WebCore: The Web Authentication level 2 specifies a feature policy to allow get calls in cross-origin i-frames. This patch implements this feature policy partially. Only same-site, cross-origin i-frames are supported instead. This is for tracking prevention purposes. https://w3c.github.io/webauthn/#sctn-iframe-guidance This patch also starts passing ClientDataJSON hashes to ASC to avoid the situation where WebKit includes crossOrigin or other fields in ClientDataJSON that ASC is unaware of when generating ClientDataJSON. Added layout test cases for same-site, cross-origin get calls. * Modules/webauthn/AuthenticatorCoordinator.cpp: (WebCore::AuthenticatorCoordinator::create const): (WebCore::doesHaveSameSiteAsAncestors): (WebCore::AuthenticatorCoordinator::discoverFromExternalSource const): * Modules/webauthn/WebAuthenticationUtils.cpp: (WebCore::buildClientDataJson): * Modules/webauthn/WebAuthenticationUtils.h: * html/FeaturePolicy.cpp: (WebCore::policyTypeName): (WebCore::FeaturePolicy::parse): (WebCore::FeaturePolicy::allows const): * html/FeaturePolicy.h: Source/WebKit: The Web Authentication level 2 specifies a feature policy to allow get calls in cross-origin i-frames. This patch implements this feature policy partially. Only same-site, cross-origin i-frames are supported instead. This is for tracking prevention purposes. https://w3c.github.io/webauthn/#sctn-iframe-guidance This patch also starts passing ClientDataJSON hashes to ASC to avoid the situation where WebKit includes crossOrigin or other fields in ClientDataJSON that ASC is unaware of when generating ClientDataJSON. Added layout test cases for same-site, cross-origin get calls. * Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h: * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (produceClientDataJson): * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: (WebKit::configureRegistrationRequestContext): (WebKit::configurationAssertionRequestContext): (WebKit::WebAuthenticatorCoordinatorProxy::contextForRequest): LayoutTests: Add layout test for WebAuthn get assertions on cross-site, same-sites i-frames with publickey-credentials-get feature policy. * http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https-expected.txt: * http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html: * http/wpt/webauthn/resources/util.js: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https-expected.txt trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html trunk/LayoutTests/http/wpt/webauthn/resources/util.js trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.h trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.h trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h trunk/Source/WebCore/html/FeaturePolicy.cpp trunk/Source/WebCore/html/FeaturePolicy.h trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm Added Paths trunk/LayoutTests/http/wpt/webauthn/resources/samesite-iframe.html Diff Modified: trunk/LayoutTests/ChangeLog (287115 => 287116) --- trunk/LayoutTests/ChangeLog 2021-12-16 00:51:44 UTC (rev 287115) +++ trunk/LayoutTests/ChangeLog 2021-12-16 00:52:57 UTC (rev 287116) @@ -1,3 +1,18 @@ +2021-12-15 J Pascoe + +[WebAuthn] Allow same-site, cross-origin iframe get() +https://bugs.webkit.org/show_bug.cgi?id=234309 +rdar://problem/86486313 + +Reviewed by Brent Fulgham. + +Add layout test for WebAuthn get assertions on cross-site, same-sites i-frames with +publickey-credentials-get feature policy. + +* http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https-expected.txt: +* http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html: +* http/wpt/webauthn/resources/util.js: + 2021-12-15 Ryan Haddad PCM: Remove old DB update and migration code, and add a unit test for destination token DB columns Modified: trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https-expected.tx
[webkit-changes] [287002] trunk
Title: [287002] trunk Revision 287002 Author j_pas...@apple.com Date 2021-12-13 18:42:38 -0800 (Mon, 13 Dec 2021) Log Message Unreviewed, reverting r286993. https://bugs.webkit.org/show_bug.cgi?id=234283 Reverted changeset: "[WebAuthn] Allow same-site, cross-origin iframe get()" https://bugs.webkit.org/show_bug.cgi?id=234180 https://commits.webkit.org/r286993 Patch by Commit Queue on 2021-12-13 Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https-expected.txt trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html trunk/LayoutTests/http/wpt/webauthn/resources/util.js trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.h trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.h trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h trunk/Source/WebCore/html/FeaturePolicy.cpp trunk/Source/WebCore/html/FeaturePolicy.h trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm Removed Paths trunk/LayoutTests/http/wpt/webauthn/resources/samesite-iframe.html Diff Modified: trunk/LayoutTests/ChangeLog (287001 => 287002) --- trunk/LayoutTests/ChangeLog 2021-12-14 02:20:20 UTC (rev 287001) +++ trunk/LayoutTests/ChangeLog 2021-12-14 02:42:38 UTC (rev 287002) @@ -1,3 +1,15 @@ +2021-12-13 Commit Queue + +Unreviewed, reverting r286993. +https://bugs.webkit.org/show_bug.cgi?id=234283 + + +Reverted changeset: + +"[WebAuthn] Allow same-site, cross-origin iframe get()" +https://bugs.webkit.org/show_bug.cgi?id=234180 +https://commits.webkit.org/r286993 + 2021-12-13 Christopher Reid [Curl] Improve curl's cookie conformance in WPT Modified: trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https-expected.txt (287001 => 287002) --- trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https-expected.txt 2021-12-14 02:20:20 UTC (rev 287001) +++ trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https-expected.txt 2021-12-14 02:42:38 UTC (rev 287002) @@ -2,7 +2,4 @@ PASS Tests that a frame that doesn't share the same origin with all its ancestors could not access the API. PASS Tests that a frame that doesn't share the same origin with all its ancestors could not access the API. 2 -PASS Tests that a frame that is same-site, cross-origin without publickey-credentials-get feature policy cannot use get(). -PASS Tests that a frame that is same-site, cross-origin with publickey-credentials-get feature policy can use get(). -PASS Tests that a frame that is cross-origin, NOT same-site with publickey-credentials-get feature policy cannot use get(). Modified: trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html (287001 => 287002) --- trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html 2021-12-14 02:20:20 UTC (rev 287001) +++ trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html 2021-12-14 02:42:38 UTC (rev 287002) @@ -22,24 +22,6 @@ assert_equals(message.data, "PASS."); }); }, "Tests that a frame that doesn't share the same origin with all its ancestors could not access the API. 2"); - -promise_test(t => { -return withSameSiteIframe("samesite-iframe.html").then((message) => { -assert_equals(message.data, "Throw NotAllowedError: The origin of the document is not the same as its ancestors."); -}); -}, "Tests that a frame that is same-site, cross-origin without publickey-credentials-get feature policy cannot use get()."); - -promise_test(t => { -return withSameSiteIframe("samesite-iframe.html", "publickey-credentials-get").then((message) => { -assert_equals(message.data, "PASS!"); -}); -}, "Tests that a frame that is same-site, cross-origin with publickey-credentials-get feature policy can use get()."); - -promise_test(t => { -return withCrossOriginIframe("samesite-iframe.html", "publickey-credentials-get").then((message) => { -assert_equals(message.data, "Throw NotAllowedError: The origin of the document is not the same as its ancestors."); -}); -}, "Tests that a
[webkit-changes] [286993] trunk
Title: [286993] trunk Revision 286993 Author j_pas...@apple.com Date 2021-12-13 15:58:25 -0800 (Mon, 13 Dec 2021) Log Message [WebAuthn] Allow same-site, cross-origin iframe get() https://bugs.webkit.org/show_bug.cgi?id=234180 rdar://85161142 Reviewed by Brent Fulgham. Source/WebCore: The Web Authentication level 2 specifies a feature policy to allow get calls in cross-origin i-frames. This patch implements this feature policy partially. Only same-site, cross-origin i-frames are supported instead. This is for tracking prevention purposes. https://w3c.github.io/webauthn/#sctn-iframe-guidance This patch also starts passing ClientDataJSON hashes to ASC to avoid the situation where WebKit includes crossOrigin or other fields in ClientDataJSON that ASC is unaware of when generating ClientDataJSON. Added layout test cases for same-site, cross-origin get calls. * Modules/webauthn/AuthenticatorCoordinator.cpp: (WebCore::AuthenticatorCoordinator::create const): (WebCore::doesHaveSameSiteAsAncestors): (WebCore::AuthenticatorCoordinator::discoverFromExternalSource const): * Modules/webauthn/WebAuthenticationUtils.cpp: (WebCore::buildClientDataJson): * Modules/webauthn/WebAuthenticationUtils.h: * html/FeaturePolicy.cpp: (WebCore::policyTypeName): (WebCore::FeaturePolicy::parse): (WebCore::FeaturePolicy::allows const): * html/FeaturePolicy.h: Source/WebKit: The Web Authentication level 2 specifies a feature policy to allow get calls in cross-origin i-frames. This patch implements this feature policy partially. Only same-site, cross-origin i-frames are supported instead. This is for tracking prevention purposes. https://w3c.github.io/webauthn/#sctn-iframe-guidance This patch also starts passing ClientDataJSON hashes to ASC to avoid the situation where WebKit includes crossOrigin or other fields in ClientDataJSON that ASC is unaware of when generating ClientDataJSON. Added layout test cases for same-site, cross-origin get calls. * Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h: * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (produceClientDataJson): * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: (WebKit::configureRegistrationRequestContext): (WebKit::configurationAssertionRequestContext): (WebKit::WebAuthenticatorCoordinatorProxy::contextForRequest): LayoutTests: Add layout test for WebAuthn get assertions on cross-site, same-sites i-frames with publickey-credentials-get feature policy. * http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https-expected.txt: * http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html: * http/wpt/webauthn/resources/util.js: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https-expected.txt trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html trunk/LayoutTests/http/wpt/webauthn/resources/util.js trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.h trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.h trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h trunk/Source/WebCore/html/FeaturePolicy.cpp trunk/Source/WebCore/html/FeaturePolicy.h trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm Added Paths trunk/LayoutTests/http/wpt/webauthn/resources/samesite-iframe.html Diff Modified: trunk/LayoutTests/ChangeLog (286992 => 286993) --- trunk/LayoutTests/ChangeLog 2021-12-13 23:56:13 UTC (rev 286992) +++ trunk/LayoutTests/ChangeLog 2021-12-13 23:58:25 UTC (rev 286993) @@ -1,3 +1,18 @@ +2021-12-13 J Pascoe + +[WebAuthn] Allow same-site, cross-origin iframe get() +https://bugs.webkit.org/show_bug.cgi?id=234180 +rdar://85161142 + +Reviewed by Brent Fulgham. + +Add layout test for WebAuthn get assertions on cross-site, same-sites i-frames with +publickey-credentials-get feature policy. + +* http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https-expected.txt: +* http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html: +* http/wpt/webauthn/resources/util.js: + 2021-12-13 Ryan Haddad Unreviewed test gardening for rdar://80334322, rebaseline tests for Monterey. Modified: trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https-expected.txt (286992 => 286993) --- trunk/Layou
[webkit-changes] [286785] trunk
Title: [286785] trunk Revision 286785 Author j_pas...@apple.com Date 2021-12-09 09:53:22 -0800 (Thu, 09 Dec 2021) Log Message [WebAuthn] Remove user gesture requirement for using platform authenticator on the web https://bugs.webkit.org/show_bug.cgi?id=230893 Reviewed by Brent Fulgham. Source/WebCore: Remove web authentication user gesture bypass quirk as it's no longer used. * page/Quirks.cpp: (WebCore::Quirks::shouldBypassUserGestureRequirementForWebAuthn const): Deleted. * page/Quirks.h: Source/WebKit: This patch loosens the user gesture requirement around using WebAuthn with respect to user gestures by removing the Quirks.h allowlist of sites that get a freebie. Instead the new behavior is all sites get one freebie, then on subsequent attempts they show a non-modal consent dialog. * UIProcess/API/APIUIClient.h: (API::UIClient::requestWebAuthenticationNoGesture): * UIProcess/API/C/WKPage.cpp: (WKPageSetPageUIClient): * UIProcess/API/C/WKPageUIClient.h: * UIProcess/API/Cocoa/WKUIDelegatePrivate.h: * UIProcess/Cocoa/UIDelegate.h: * UIProcess/Cocoa/UIDelegate.mm: (WebKit::UIDelegate::setDelegate): (WebKit::UIDelegate::UIClient::requestWebAuthenticationNoGesture): * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp: (WebKit::WebAuthenticatorCoordinatorProxy::handleRequest): * WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp: (WebKit::WebAuthenticatorCoordinator::processingUserGesture): Tools: This patch removes the Quirks allowlist of the freebie web authentication use without a gesture and replaces it with one freebie, then a consent sheet. * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (-[TestWebAuthenticationPanelUIDelegate _webView:requestWebAuthenticationNoGestureForOrigin:completionHandler:]): Test delegate LayoutTests: Modify layout tests to reflect new WebAuthn user gesture console message. * http/wpt/credential-management/credentialscontainer-store-basics.https-expected.txt: * http/wpt/webauthn/ctap-hid-failure.https-expected.txt: * http/wpt/webauthn/ctap-hid-success.https-expected.txt: * http/wpt/webauthn/ctap-nfc-failure.https-expected.txt: * http/wpt/webauthn/idl.https-expected.txt: * http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https-expected.txt: * http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt: * http/wpt/webauthn/public-key-credential-create-failure-local-silent.https-expected.txt: * http/wpt/webauthn/public-key-credential-create-failure-local.https-expected.txt: * http/wpt/webauthn/public-key-credential-create-failure-nfc.https-expected.txt: * http/wpt/webauthn/public-key-credential-create-failure-u2f-silent.https-expected.txt: * http/wpt/webauthn/public-key-credential-create-failure-u2f.https-expected.txt: * http/wpt/webauthn/public-key-credential-create-failure.https-expected.txt: * http/wpt/webauthn/public-key-credential-create-success-hid.https-expected.txt: * http/wpt/webauthn/public-key-credential-create-success-local.https-expected.txt: * http/wpt/webauthn/public-key-credential-create-success-nfc.https-expected.txt: * http/wpt/webauthn/public-key-credential-create-success-u2f.https-expected.txt: * http/wpt/webauthn/public-key-credential-get-failure-hid-silent.https-expected.txt: * http/wpt/webauthn/public-key-credential-get-failure-hid.https-expected.txt: * http/wpt/webauthn/public-key-credential-get-failure-local-silent.https-expected.txt: * http/wpt/webauthn/public-key-credential-get-failure-local.https-expected.txt: * http/wpt/webauthn/public-key-credential-get-failure-nfc.https-expected.txt: * http/wpt/webauthn/public-key-credential-get-failure-u2f-silent.https-expected.txt: * http/wpt/webauthn/public-key-credential-get-failure-u2f.https-expected.txt: * http/wpt/webauthn/public-key-credential-get-failure.https-expected.txt: * http/wpt/webauthn/public-key-credential-get-success-hid.https-expected.txt: * http/wpt/webauthn/public-key-credential-get-success-local.https-expected.txt: * http/wpt/webauthn/public-key-credential-get-success-nfc.https-expected.txt: * http/wpt/webauthn/public-key-credential-get-success-u2f.https-expected.txt: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/http/wpt/credential-management/credentialscontainer-store-basics.https-expected.txt trunk/LayoutTests/http/wpt/webauthn/ctap-hid-failure.https-expected.txt trunk/LayoutTests/http/wpt/webauthn/ctap-hid-success.https-expected.txt trunk/LayoutTests/http/wpt/webauthn/ctap-nfc-failure.https-expected.txt trunk/LayoutTests/http/wpt/webauthn/idl.https-expected.txt trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https-expected.txt trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local-silent.https-expected.txt trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local.https-expected.txt trunk/LayoutTests/http
[webkit-changes] [286746] trunk
Title: [286746] trunk Revision 286746 Author j_pas...@apple.com Date 2021-12-08 15:49:16 -0800 (Wed, 08 Dec 2021) Log Message [WebAuthn] Consider support for the displayName for FIDO authenticator https://bugs.webkit.org/show_bug.cgi?id=233389 rdar://84938707 Reviewed by Brent Fulgham. Source/WebKit: Start storing the displayName field with the platform authenticator and add them to the getAllLocalAuthenticatorCredentials SPI. The displayName is part of the WebAuthn level 2 spec: https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialuserentity-displayname * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (getAllLocalAuthenticatorCredentialsImpl): * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: (WebKit::LocalAuthenticator::continueMakeCredentialAfterUserVerification): Tools: Add test for new field stored with platform authenticator: displayName * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (TestWebKitAPI::TEST): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Source/WebKit/ChangeLog (286745 => 286746) --- trunk/Source/WebKit/ChangeLog 2021-12-08 23:27:48 UTC (rev 286745) +++ trunk/Source/WebKit/ChangeLog 2021-12-08 23:49:16 UTC (rev 286746) @@ -1,3 +1,23 @@ +2021-12-08 J Pascoe + +[WebAuthn] Consider support for the displayName for FIDO authenticator +https://bugs.webkit.org/show_bug.cgi?id=233389 +rdar://84938707 + +Reviewed by Brent Fulgham. + +Start storing the displayName field with the platform authenticator +and add them to the getAllLocalAuthenticatorCredentials SPI. + +The displayName is part of the WebAuthn level 2 spec: +https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialuserentity-displayname + +* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: +* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: +(getAllLocalAuthenticatorCredentialsImpl): +* UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: +(WebKit::LocalAuthenticator::continueMakeCredentialAfterUserVerification): + 2021-12-08 Truitt Savell Unreviewed, reverting r286596. Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h (286745 => 286746) --- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h 2021-12-08 23:27:48 UTC (rev 286745) +++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h 2021-12-08 23:49:16 UTC (rev 286746) @@ -87,6 +87,7 @@ } WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); WK_EXPORT extern NSString * const _WKLocalAuthenticatorCredentialNameKey; +WK_EXPORT extern NSString * const _WKLocalAuthenticatorCredentialDisplayNameKey; WK_EXPORT extern NSString * const _WKLocalAuthenticatorCredentialIDKey; WK_EXPORT extern NSString * const _WKLocalAuthenticatorCredentialRelyingPartyIDKey; WK_EXPORT extern NSString * const _WKLocalAuthenticatorCredentialLastModificationDateKey; Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm (286745 => 286746) --- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2021-12-08 23:27:48 UTC (rev 286745) +++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2021-12-08 23:49:16 UTC (rev 286746) @@ -100,6 +100,7 @@ #endif NSString * const _WKLocalAuthenticatorCredentialNameKey = @"_WKLocalAuthenticatorCredentialNameKey"; +NSString * const _WKLocalAuthenticatorCredentialDisplayNameKey = @"_WKLocalAuthenticatorCredentialDisplayNameKey"; NSString * const _WKLocalAuthenticatorCredentialIDKey = @"_WKLocalAuthenticatorCredentialIDKey"; NSString * const _WKLocalAuthenticatorCredentialRelyingPartyIDKey = @"_WKLocalAuthenticatorCredentialRelyingPartyIDKey"; NSString * const _WKLocalAuthenticatorCredentialLastModificationDateKey = @"_WKLocalAuthenticatorCredentialLastModificationDateKey"; @@ -265,14 +266,20 @@ return nullptr; } auto& username = it->second.getString(); +auto credential = adoptNS([[NSMutableDictionary alloc] initWithObjectsAndKeys: +username, _WKLocalAuthenticatorCredentialNameKey, +attributes[bridge_cast(kSecAttrApplicationLabel)], _WKLocalAuthenticatorCredentialIDKey, +attributes[bridge_cast(kSecAttrLabel)], _WKLocalAuthenticatorCredentialRelyingPartyIDKey, +attributes[bridge_cast(kSecAttrModificationDate)], _WKLocalAuthenticatorCredentialLastModificationDateKey, +attributes[bridge_cast(kSecAttrCreationDate)], _WKLocalAuthenticatorCredentialCreationDateKey, +nil +]); -
[webkit-changes] [286370] trunk/Source/WTF
Title: [286370] trunk/Source/WTF Revision 286370 Author j_pas...@apple.com Date 2021-12-01 11:01:35 -0800 (Wed, 01 Dec 2021) Log Message Fix NEAR_FIELD macro to support iOS devices again https://bugs.webkit.org/show_bug.cgi?id=233671 rdar://85318070 In a previous change, https://bugs.webkit.org/show_bug.cgi?id=231085, the definition for the NEAR_FIELD macro removed support for iOS. This change adds it back, fixing NFC webauthn support. Reviewed by Brent Fulgham. Tested manually on an iPhone. * wtf/PlatformHave.h: Modified Paths trunk/Source/WTF/ChangeLog trunk/Source/WTF/wtf/PlatformHave.h Diff Modified: trunk/Source/WTF/ChangeLog (286369 => 286370) --- trunk/Source/WTF/ChangeLog 2021-12-01 18:36:08 UTC (rev 286369) +++ trunk/Source/WTF/ChangeLog 2021-12-01 19:01:35 UTC (rev 286370) @@ -1,3 +1,19 @@ +2021-12-01 J Pascoe + +Fix NEAR_FIELD macro to support iOS devices again +https://bugs.webkit.org/show_bug.cgi?id=233671 +rdar://85318070 + +In a previous change, https://bugs.webkit.org/show_bug.cgi?id=231085, the definition for +the NEAR_FIELD macro removed support for iOS. This change adds it back, fixing +NFC webauthn support. + +Reviewed by Brent Fulgham. + +Tested manually on an iPhone. + +* wtf/PlatformHave.h: + 2021-12-01 Philippe Normand [GStreamer] requestVideoFrameCallback support Modified: trunk/Source/WTF/wtf/PlatformHave.h (286369 => 286370) --- trunk/Source/WTF/wtf/PlatformHave.h 2021-12-01 18:36:08 UTC (rev 286369) +++ trunk/Source/WTF/wtf/PlatformHave.h 2021-12-01 19:01:35 UTC (rev 286370) @@ -537,7 +537,7 @@ #define HAVE_COOKIE_CHANGE_LISTENER_API 1 #endif -#if PLATFORM(MAC) && !PLATFORM(IOS_FAMILY_SIMULATOR) +#if PLATFORM(MAC) || (PLATFORM(IOS_FAMILY) && !PLATFORM(IOS_FAMILY_SIMULATOR)) #define HAVE_NEAR_FIELD 1 #endif ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [286078] trunk
Title: [286078] trunk Revision 286078 Author j_pas...@apple.com Date 2021-11-19 14:19:52 -0800 (Fri, 19 Nov 2021) Log Message [WebAuthn] Add headers for [_WKWebAuthenticationPanel makeCredentialWithClientDataHash] and [_WKWebAuthenticationPanel getAssertionWithClientDataHash] https://bugs.webkit.org/show_bug.cgi?id=233371 Source/WebKit: Reviewed by Brent Fulgham. These SPIs were added in https://bugs.webkit.org/show_bug.cgi?id=233216, but were not added to the header file _WKWebAuthenticationPanel.h, this change adds them. * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: Tools: Reviewed by Brent Fulgham. Add tests for [_WKWebAuthenticationPanel makeCredentialWithClientDataHash] and [_WKWebAuthenticationPanel getAssertionWithClientDataHash]. * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (TestWebKitAPI::TEST): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Source/WebKit/ChangeLog (286077 => 286078) --- trunk/Source/WebKit/ChangeLog 2021-11-19 22:05:29 UTC (rev 286077) +++ trunk/Source/WebKit/ChangeLog 2021-11-19 22:19:52 UTC (rev 286078) @@ -1,3 +1,16 @@ +2021-11-19 J Pascoe + +[WebAuthn] Add headers for [_WKWebAuthenticationPanel makeCredentialWithClientDataHash] and [_WKWebAuthenticationPanel getAssertionWithClientDataHash] +https://bugs.webkit.org/show_bug.cgi?id=233371 + + +Reviewed by Brent Fulgham. + +These SPIs were added in https://bugs.webkit.org/show_bug.cgi?id=233216, but were not added to the header +file _WKWebAuthenticationPanel.h, this change adds them. + +* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: + 2021-11-19 Myles C. Maxfield [WebGPU] Add converters from serializable descriptors to interface descriptors Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h (286077 => 286078) --- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h 2021-11-19 22:05:29 UTC (rev 286077) +++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h 2021-11-19 22:19:52 UTC (rev 286078) @@ -126,7 +126,9 @@ // FIXME: Adds detailed NSError. - (void)makeCredentialWithChallenge:(NSData *)challenge origin:(NSString *)origin options:(_WKPublicKeyCredentialCreationOptions *)options completionHandler:(void (^)(_WKAuthenticatorAttestationResponse *, NSError *))handler WK_API_AVAILABLE(macos(12.0), ios(15.0)); +- (void)makeCredentialWithClientDataHash:(NSData *)clientDataHash options:(_WKPublicKeyCredentialCreationOptions *)options completionHandler:(void (^)(_WKAuthenticatorAttestationResponse *, NSError *))handler WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); - (void)getAssertionWithChallenge:(NSData *)challenge origin:(NSString *)origin options:(_WKPublicKeyCredentialRequestOptions *)options completionHandler:(void (^)(_WKAuthenticatorAssertionResponse *, NSError *))handler WK_API_AVAILABLE(macos(12.0), ios(15.0)); +- (void)getAssertionWithClientDataHash:(NSData *)clientDataHash options:(_WKPublicKeyCredentialRequestOptions *)options completionHandler:(void (^)(_WKAuthenticatorAssertionResponse *, NSError *))handler WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); - (void)cancel; // FIXME: Deprecate the following properties. Modified: trunk/Tools/ChangeLog (286077 => 286078) --- trunk/Tools/ChangeLog 2021-11-19 22:05:29 UTC (rev 286077) +++ trunk/Tools/ChangeLog 2021-11-19 22:19:52 UTC (rev 286078) @@ -1,3 +1,17 @@ +2021-11-19 J Pascoe + +[WebAuthn] Add headers for [_WKWebAuthenticationPanel makeCredentialWithClientDataHash] and [_WKWebAuthenticationPanel getAssertionWithClientDataHash] +https://bugs.webkit.org/show_bug.cgi?id=233371 + + +Reviewed by Brent Fulgham. + +Add tests for [_WKWebAuthenticationPanel makeCredentialWithClientDataHash] and +[_WKWebAuthenticationPanel getAssertionWithClientDataHash]. + +* TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: +(TestWebKitAPI::TEST): + 2021-11-18 Jonathan Bedard [webkitcorepy] Indicate to user the default option Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm (286077 => 286078) --- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2021-11-19 22:05:29 UTC (rev 286077) +++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2021-11-19 22:19:52 UTC (rev 286078) @@ -1898,6 +1898,44 @@ }]; Util::run(&webAuthenticationPanelRan); } + +TEST(WebAuthenticationPanel, MakeCredentialLAClientDataHash) +{ +reset(); + +uint8_t identifier[] = { 0x01, 0x02, 0x03, 0x04 }; +uint8_t hash[] = { 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03,
[webkit-changes] [285965] trunk/Source/WebKit
Title: [285965] trunk/Source/WebKit Revision 285965 Author j_pas...@apple.com Date 2021-11-17 16:10:02 -0800 (Wed, 17 Nov 2021) Log Message [WebAuthn] Add SPI for makeCredential / getAssertion using clientDataHash https://bugs.webkit.org/show_bug.cgi?id=233216 Reviewed by Brent Fulgham. In order to avoid needing to make and coordinate changes to ASC to support new fields or changes within ClientDataJSON and to maintain a single source of truth, calls to ASC from WebKit will contain a precomputed ClientDataHash. This change creates new SPIs that will be called from ASC using the ClientDataHash. * UIProcess/API/Cocoa/_WKAuthenticatorResponse.h: * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (-[_WKWebAuthenticationPanel makeCredentialWithClientDataHash:options:completionHandler:]): (-[_WKWebAuthenticationPanel getAssertionWithClientDataHash:options:completionHandler:]): New functions to take in ClientDataHash instead of the data needed to construct it. Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponse.h trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Source/WebKit/ChangeLog (285964 => 285965) --- trunk/Source/WebKit/ChangeLog 2021-11-17 23:55:47 UTC (rev 285964) +++ trunk/Source/WebKit/ChangeLog 2021-11-18 00:10:02 UTC (rev 285965) @@ -1,3 +1,22 @@ +2021-11-17 J Pascoe + +[WebAuthn] Add SPI for makeCredential / getAssertion using clientDataHash +https://bugs.webkit.org/show_bug.cgi?id=233216 + + +Reviewed by Brent Fulgham. + +In order to avoid needing to make and coordinate changes to ASC to support new fields or changes +within ClientDataJSON and to maintain a single source of truth, calls to ASC from WebKit +will contain a precomputed ClientDataHash. This change creates new SPIs that will be called +from ASC using the ClientDataHash. + +* UIProcess/API/Cocoa/_WKAuthenticatorResponse.h: +* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: +(-[_WKWebAuthenticationPanel makeCredentialWithClientDataHash:options:completionHandler:]): +(-[_WKWebAuthenticationPanel getAssertionWithClientDataHash:options:completionHandler:]): +New functions to take in ClientDataHash instead of the data needed to construct it. + 2021-11-17 Per Arne Vollan [macOS] Add message filter guard in the GPU process' sandbox Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponse.h (285964 => 285965) --- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponse.h 2021-11-17 23:55:47 UTC (rev 285964) +++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponse.h 2021-11-18 00:10:02 UTC (rev 285965) @@ -38,7 +38,7 @@ @interface _WKAuthenticatorResponse : NSObject @property (nonatomic, readonly) _WKAuthenticatorAttachment attachment; -@property (nonatomic, readonly) NSData *clientDataJSON; +@property (nullable, nonatomic, readonly) NSData *clientDataJSON; @property (nonatomic, readonly) NSData *rawId; @property (nullable, nonatomic, readonly, strong) _WKAuthenticationExtensionsClientOutputs *extensions; Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm (285964 => 285965) --- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2021-11-17 23:55:47 UTC (rev 285964) +++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2021-11-18 00:10:02 UTC (rev 285965) @@ -580,6 +580,20 @@ #endif } +- (void)makeCredentialWithClientDataHash:(NSData *)clientDataHash options:(_WKPublicKeyCredentialCreationOptions *)options completionHandler:(void (^)(_WKAuthenticatorAttestationResponse *, NSError *))handler +{ +#if ENABLE(WEB_AUTHN) +auto callback = [handler = makeBlockPtr(handler)] (std::variant, WebCore::ExceptionData>&& result) mutable { +WTF::switchOn(result, [&](const Ref& response) { +handler(wkAuthenticatorAttestationResponse(response->data(), nullptr, response->attachment()).get(), nil); +}, [&](const WebCore::ExceptionData& exception) { +handler(nil, [NSError errorWithDomain:WKErrorDomain code:exception.code userInfo:@{ NSLocalizedDescriptionKey: exception.message }]); +}); +}; +_panel->handleRequest({ vectorFromNSData(clientDataHash), [_WKWebAuthenticationPanel convertToCoreCreationOptionsWithOptions:options], nullptr, WebKit::WebAuthenticationPanelResult::Unavailable, nullptr, std::nullopt, { }, true, String(), nullptr }, WTFMove(callback)); +#endif +} + + (WebCore::PublicKeyCredentialRequestOptions)convertToCoreRequestOptionsWithOptions:(_WKPublicKeyCredentialRequestOptions *)options { WebCore::PublicKeyCredentialRequestOptions result; @@ -630,6 +644,20 @@ #endif } +- (void)getAssertionWithClientDataHash:(NSData *)clientDataHash options:(_WKPublicKeyCredentialRequestOptions *)options completionHandler:(void (^)(_WKAuthentic
[webkit-changes] [285864] trunk/Source/WebKit
Title: [285864] trunk/Source/WebKit Revision 285864 Author j_pas...@apple.com Date 2021-11-16 08:47:40 -0800 (Tue, 16 Nov 2021) Log Message [WebAuthn] WebKitTestRunner/TWAPI lacks an entitlement and bundle identifier to use required [ASCAgent performAuthorizationRequestsForContext] https://bugs.webkit.org/show_bug.cgi?id=232846 rdar://problem/85170633 Reviewed by Brent Fulgham. Covered by existing tests. Calling to ASC requires converting WebAuthenticationRequestData to ASCCredentialRequestContext and then making a call to _WKAuthenticatorAssertionResponse, while also requiring entitlements currently unavailable in OpenSource. This change avoids calling out to ASC in tests using mock / virtual authenticators to avoid this problem, the serialization to and from ASCAgent can be tested seperately. * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: Refactor creation of ASCCredentialRequestContext. (WebKit::WebAuthenticatorCoordinatorProxy::isUserVerifyingPlatformAuthenticatorAvailable): * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp: (WebKit::WebAuthenticatorCoordinatorProxy::handleRequest): Refactor use of ASC and add clarifying comment about flow. Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h Diff Modified: trunk/Source/WebKit/ChangeLog (285863 => 285864) --- trunk/Source/WebKit/ChangeLog 2021-11-16 16:38:52 UTC (rev 285863) +++ trunk/Source/WebKit/ChangeLog 2021-11-16 16:47:40 UTC (rev 285864) @@ -1,3 +1,25 @@ +2021-11-16 J Pascoe + +[WebAuthn] WebKitTestRunner/TWAPI lacks an entitlement and bundle identifier to use required [ASCAgent performAuthorizationRequestsForContext] +https://bugs.webkit.org/show_bug.cgi?id=232846 +rdar://problem/85170633 + +Reviewed by Brent Fulgham. + +Covered by existing tests. + +Calling to ASC requires converting WebAuthenticationRequestData to ASCCredentialRequestContext and then making +a call to _WKAuthenticatorAssertionResponse, while also requiring entitlements currently unavailable in OpenSource. +This change avoids calling out to ASC in tests using mock / virtual authenticators to avoid this problem, the +serialization to and from ASCAgent can be tested seperately. + +* UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: +Refactor creation of ASCCredentialRequestContext. +(WebKit::WebAuthenticatorCoordinatorProxy::isUserVerifyingPlatformAuthenticatorAvailable): +* UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp: +(WebKit::WebAuthenticatorCoordinatorProxy::handleRequest): +Refactor use of ASC and add clarifying comment about flow. + 2021-11-16 Kimmo Kinnunen RemoteGraphicsContextGLCocoa::m_swapChain is unused Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm (285863 => 285864) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2021-11-16 16:38:52 UTC (rev 285863) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2021-11-16 16:47:40 UTC (rev 285864) @@ -238,18 +238,17 @@ return requestContext; } -void WebAuthenticatorCoordinatorProxy::makeCredential(FrameIdentifier frameId, FrameInfoData&& frameInfo, Vector&& hash, PublicKeyCredentialCreationOptions&& options, bool processingUserGesture, RequestCompletionHandler&& handler) +RetainPtr WebAuthenticatorCoordinatorProxy::contextForRequest(WebAuthenticationRequestData&& requestData) { -auto requestContext = configureRegistrationRequestContext(options); -performRequest(requestContext, WTFMove(handler)); +RetainPtr result; +WTF::switchOn(requestData.options, [&](const PublicKeyCredentialCreationOptions& options) { +result = configureRegistrationRequestContext(options); +}, [&](const PublicKeyCredentialRequestOptions& options) { +result = configurationAssertionRequestContext(options); +}); +return result; } -void WebAuthenticatorCoordinatorProxy::getAssertion(FrameIdentifier frameId, FrameInfoData&& frameInfo, Vector&& hash, PublicKeyCredentialRequestOptions&& options, bool processingUserGesture, RequestCompletionHandler&& handler) -{ -auto requestContext = configurationAssertionRequestContext(options); -performRequest(requestContext, WTFMove(handler)); -} - void WebAuthenticatorCoordinatorProxy::performRequest(RetainPtr requestContext, RequestCompletionHandler&& handler) { auto proxy = adoptNS([allocASCAgentProxyInstance() init]); Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp (285863 => 2
[webkit-changes] [285617] trunk
Title: [285617] trunk Revision 285617 Author j_pas...@apple.com Date 2021-11-10 18:52:01 -0800 (Wed, 10 Nov 2021) Log Message [WebAuthn] Unify _WKWebAuthenticationPanel SPI and AuthenticatorCoordinator's ClientDataJson generation https://bugs.webkit.org/show_bug.cgi?id=232965 Reviewed by Brent Fulgham. Source/WebCore: The _WKWebAuthenticationPanel SPI and AuthenticatorCoordinator use different methods of generating clientDataJson, which results in strings with the keys in a different order. This change abstracts the clientDataJson generation out of AuthenticatorCoordinator and into WebAuthenticationUtils. * Modules/webauthn/AuthenticatorCoordinator.cpp: (WebCore::AuthenticatorCoordinator::create const): (WebCore::AuthenticatorCoordinator::discoverFromExternalSource const): (WebCore::AuthenticatorCoordinatorInternal::produceClientDataJson): Deleted. (WebCore::AuthenticatorCoordinatorInternal::produceClientDataJsonHash): Deleted. * Modules/webauthn/WebAuthenticationUtils.cpp: (WebCore::buildClientDataJson): (WebCore::buildClientDataJsonHash): * Modules/webauthn/WebAuthenticationUtils.h: Source/WebKit: The _WKWebAuthenticationPanel SPI and AuthenticatorCoordinator use different methods of generating clientDataJson, which results in strings with the keys in a different order. This causes problems because when generating asserts via ASC ui, the hash signed and the client data json used to generate that hash are different from the client data json returned to js. * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (produceClientDataJson): Tools: Update api tests to reflect different clientDataJson format from WebAuthenticationUtils * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (TestWebKitAPI::TEST): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm Diff Modified: trunk/Source/WebCore/ChangeLog (285616 => 285617) --- trunk/Source/WebCore/ChangeLog 2021-11-11 02:20:02 UTC (rev 285616) +++ trunk/Source/WebCore/ChangeLog 2021-11-11 02:52:01 UTC (rev 285617) @@ -1,3 +1,25 @@ +2021-11-10 J Pascoe + +[WebAuthn] Unify _WKWebAuthenticationPanel SPI and AuthenticatorCoordinator's ClientDataJson generation +https://bugs.webkit.org/show_bug.cgi?id=232965 + + +Reviewed by Brent Fulgham. + +The _WKWebAuthenticationPanel SPI and AuthenticatorCoordinator use different methods of generating +clientDataJson, which results in strings with the keys in a different order. This change abstracts +the clientDataJson generation out of AuthenticatorCoordinator and into WebAuthenticationUtils. + +* Modules/webauthn/AuthenticatorCoordinator.cpp: +(WebCore::AuthenticatorCoordinator::create const): +(WebCore::AuthenticatorCoordinator::discoverFromExternalSource const): +(WebCore::AuthenticatorCoordinatorInternal::produceClientDataJson): Deleted. +(WebCore::AuthenticatorCoordinatorInternal::produceClientDataJsonHash): Deleted. +* Modules/webauthn/WebAuthenticationUtils.cpp: +(WebCore::buildClientDataJson): +(WebCore::buildClientDataJsonHash): +* Modules/webauthn/WebAuthenticationUtils.h: + 2021-11-10 Tim Nguyen Remove non-standard -webkit-border-fit CSS property Modified: trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp (285616 => 285617) --- trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp 2021-11-11 02:20:02 UTC (rev 285616) +++ trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp 2021-11-11 02:52:01 UTC (rev 285617) @@ -41,43 +41,15 @@ #include "PublicKeyCredentialRequestOptions.h" #include "RegistrableDomain.h" #include "LegacySchemeRegistry.h" -#include "SecurityOrigin.h" #include "WebAuthenticationConstants.h" +#include "WebAuthenticationUtils.h" #include -#include #include -#include namespace WebCore { namespace AuthenticatorCoordinatorInternal { -// FIXME(181948): Add token binding ID. -static Ref produceClientDataJson(ClientDataType type, const BufferSource& challenge, const SecurityOrigin& origin) -{ -auto object = JSON::Object::create(); -switch (type) { -case ClientDataType::Create: -object->setString("type"_s, "webauthn.create"_s); -break; -case ClientDataType::Get: -object->setString("type"_s, "webauthn.get"_s); -break; -} -object->setString("challenge"_s, base64URLEncodeToString(challenge.data(), challenge.length())); -object->setString("origin"_s, origin.toRawString()); - -auto utf8JSONString = object->toJSONString().utf8(); -
[webkit-changes] [285537] trunk/Source/WebKit
Title: [285537] trunk/Source/WebKit Revision 285537 Author j_pas...@apple.com Date 2021-11-09 15:02:32 -0800 (Tue, 09 Nov 2021) Log Message [WebAuthn] User handle is not saved on create via ASC https://bugs.webkit.org/show_bug.cgi?id=232900 rdar://85216105 Reviewed by Brent Fulgham. This value is required to be stored along the credential on create calls such that it can be returned via get calls. Currently, it is always read as empty because user.id is empty after ipc, while the id is decoded to idVector. * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: (WebKit::configureRegistrationRequestContext): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm Diff Modified: trunk/Source/WebKit/ChangeLog (285536 => 285537) --- trunk/Source/WebKit/ChangeLog 2021-11-09 22:58:40 UTC (rev 285536) +++ trunk/Source/WebKit/ChangeLog 2021-11-09 23:02:32 UTC (rev 285537) @@ -1,3 +1,19 @@ +2021-11-09 J Pascoe + +[WebAuthn] User handle is not saved on create via ASC +https://bugs.webkit.org/show_bug.cgi?id=232900 +rdar://85216105 + +Reviewed by Brent Fulgham. + +This value is required to be stored along the credential on create calls +such that it can be returned via get calls. Currently, it is always read +as empty because user.id is empty after ipc, while the id is decoded to +idVector. + +* UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: +(WebKit::configureRegistrationRequestContext): + 2021-10-28 Darin Adler [CF] Reduce duplication and unneeded buffer allocations and copying in URL code, also remove unused methods and functions Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm (285536 => 285537) --- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2021-11-09 22:58:40 UTC (rev 285536) +++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2021-11-09 23:02:32 UTC (rev 285537) @@ -181,7 +181,7 @@ [credentialCreationOptions setChallenge:toNSData(options.challengeVector).get()]; [credentialCreationOptions setRelyingPartyIdentifier:options.rp.id]; [credentialCreationOptions setUserName:options.user.name]; -[credentialCreationOptions setUserIdentifier:toNSData(options.user.id).get()]; +[credentialCreationOptions setUserIdentifier:toNSData(options.user.idVector).get()]; [credentialCreationOptions setUserDisplayName:options.user.displayName]; [credentialCreationOptions setUserVerificationPreference:userVerification.get()]; [credentialCreationOptions setShouldRequireResidentKey:shouldRequireResidentKey]; ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [285535] trunk
Title: [285535] trunk Revision 285535 Author j_pas...@apple.com Date 2021-11-09 14:25:51 -0800 (Tue, 09 Nov 2021) Log Message Add j_pascoe to contributors.json https://bugs.webkit.org/show_bug.cgi?id=232904 Unreviewed. * metadata/contributors.json: Modified Paths trunk/ChangeLog trunk/metadata/contributors.json Diff Modified: trunk/ChangeLog (285534 => 285535) --- trunk/ChangeLog 2021-11-09 22:19:54 UTC (rev 285534) +++ trunk/ChangeLog 2021-11-09 22:25:51 UTC (rev 285535) @@ -1,3 +1,13 @@ +2021-11-09 J Pascoe + +Add j_pascoe to contributors.json +https://bugs.webkit.org/show_bug.cgi?id=232904 + + +Unreviewed. + +* metadata/contributors.json: + 2021-11-08 Myles C. Maxfield Make WebGPU.xcodeproj and WebGPU.framework Modified: trunk/metadata/contributors.json (285534 => 285535) --- trunk/metadata/contributors.json 2021-11-09 22:19:54 UTC (rev 285534) +++ trunk/metadata/contributors.json 2021-11-09 22:25:51 UTC (rev 285535) @@ -2976,6 +2976,17 @@ }, { "emails" : [ + "j_pas...@apple.com" + ], + "github" : "pascoej", + "name" : "J Pascoe", + "nicks" : [ + "j_pascoe" + ], + "status" : "committer" + }, + { + "emails" : [ "jfbast...@apple.com", "j...@chromium.org" ], ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [285475] trunk
Title: [285475] trunk Revision 285475 Author j_pas...@apple.com Date 2021-11-08 17:37:58 -0800 (Mon, 08 Nov 2021) Log Message [WebAuthn] challenge does not get passed to -[_WKWebAuthenticationPanel getAssertionWithChallenge:origin:options:completionHandler:] https://bugs.webkit.org/show_bug.cgi?id=232836 rdar://85163927 Reviewed by Brent Fulgham. -[_WKWebAuthenticationPanel getAssertionWithChallenge:origin:options:completionHandler:] receives Source/WebCore: an empty challenge, causing _WKWebAuthenticationPanel to immediately close when using the new UNIFIED_ASC_AUTH_UI. This change encodes/decodes challenge in PublicKeyCredentialRequestOptions. Before this field was not used after xpc, but with the new UNIFIED_ASC_AUTH_UI it is. * Modules/webauthn/PublicKeyCredentialCreationOptions.h: (WebCore::PublicKeyCredentialCreationOptions::encode const): (WebCore::PublicKeyCredentialCreationOptions::decode): * Modules/webauthn/PublicKeyCredentialRequestOptions.h: (WebCore::PublicKeyCredentialRequestOptions::encode const): (WebCore::PublicKeyCredentialRequestOptions::decode): Add new challengeVector field to both options structs and include it in decoding / encoding. Source/WebKit: an empty challenge, causing _WKWebAuthenticationPanel to immediately close when using the new UNIFIED_ASC_AUTH_UI. This change encodes/decodes challenge in PublicKeyCredentialRequestOptions. Before this field was not used after xpc, but with the new UNIFIED_ASC_AUTH_UI it is. * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: (WebKit::configureRegistrationRequestContext): (WebKit::configurationAssertionRequestContext): Use challengeVector instead of challenge as it's available after being passed via xpc. Tools: an empty challenge, causing _WKWebAuthenticationPanel to immediately close when using the new UNIFIED_ASC_AUTH_UI. This change encodes/decodes challenge in PublicKeyCredentialRequestOptions. Before this field was not used after xpc, but with the new UNIFIED_ASC_AUTH_UI it is. This change also adds an empty value for tests. * TestWebKitAPI/Tests/WebCore/CtapRequestTest.cpp: (TestWebKitAPI::TEST): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/webauthn/PublicKeyCredentialCreationOptions.h trunk/Source/WebCore/Modules/webauthn/PublicKeyCredentialRequestOptions.h trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebCore/CtapRequestTest.cpp Diff Modified: trunk/Source/WebCore/ChangeLog (285474 => 285475) --- trunk/Source/WebCore/ChangeLog 2021-11-09 01:29:21 UTC (rev 285474) +++ trunk/Source/WebCore/ChangeLog 2021-11-09 01:37:58 UTC (rev 285475) @@ -1,3 +1,26 @@ +2021-11-08 J Pascoe + +[WebAuthn] challenge does not get passed to -[_WKWebAuthenticationPanel getAssertionWithChallenge:origin:options:completionHandler:] +https://bugs.webkit.org/show_bug.cgi?id=232836 +rdar://85163927 + +Reviewed by Brent Fulgham. + +-[_WKWebAuthenticationPanel getAssertionWithChallenge:origin:options:completionHandler:] receives +an empty challenge, causing _WKWebAuthenticationPanel to immediately close when using the new UNIFIED_ASC_AUTH_UI. + +This change encodes/decodes challenge in PublicKeyCredentialRequestOptions. Before this +field was not used after xpc, but with the new UNIFIED_ASC_AUTH_UI it is. + +* Modules/webauthn/PublicKeyCredentialCreationOptions.h: +(WebCore::PublicKeyCredentialCreationOptions::encode const): +(WebCore::PublicKeyCredentialCreationOptions::decode): +* Modules/webauthn/PublicKeyCredentialRequestOptions.h: +(WebCore::PublicKeyCredentialRequestOptions::encode const): +(WebCore::PublicKeyCredentialRequestOptions::decode): +Add new challengeVector field to both options structs and include it +in decoding / encoding. + 2021-11-08 Chris Dumez REGRESSION (r283935): [ macOS wk1 ] imported/w3c/web-platform-tests/html/semantics/interactive-elements/the-dialog-element/dialog-autofocus-multiple-times.html is a flaky failure Modified: trunk/Source/WebCore/Modules/webauthn/PublicKeyCredentialCreationOptions.h (285474 => 285475) --- trunk/Source/WebCore/Modules/webauthn/PublicKeyCredentialCreationOptions.h 2021-11-09 01:29:21 UTC (rev 285474) +++ trunk/Source/WebCore/Modules/webauthn/PublicKeyCredentialCreationOptions.h 2021-11-09 01:37:58 UTC (rev 285475) @@ -76,7 +76,7 @@ RpEntity rp; UserEntity user; -BufferSource challenge; +BufferSource challenge; // challenge becomes challengeVector once it is passed to UIProcess. Vector pubKeyCredParams; std::optional timeout; @@ -85,6 +85,8 @@ AttestationConveyancePreference attestation; mutable std::optional extensions; +Vector challengeVector; + template void encode(Encoder&) const; template st