Diff
Modified: trunk/Source/WebKit/ChangeLog (272693 => 272694)
--- trunk/Source/WebKit/ChangeLog 2021-02-10 23:47:56 UTC (rev 272693)
+++ trunk/Source/WebKit/ChangeLog 2021-02-10 23:50:37 UTC (rev 272694)
@@ -1,3 +1,43 @@
+2021-02-10 Jiewen Tan <jiewen_...@apple.com>
+
+ [WebAuthn] Produce ClientDataJSON in the SPI
+ https://bugs.webkit.org/show_bug.cgi?id=221623
+ <rdar://problem/71509394>
+
+ Reviewed by Brent Fulgham.
+
+ Instead of asking the clients of the SPI to pre-calculate the ClientDataJSON hash for us, we do
+ that in the SPI space ourselves.
+
+ Covered by API tests.
+
+ * UIProcess/API/Cocoa/_WKAuthenticatorAssertionResponse.mm:
+ (-[_WKAuthenticatorAssertionResponse initWithClientDataJSON:rawId:extensions:authenticatorData:signature:userHandle:]):
+ (-[_WKAuthenticatorAssertionResponse initWithRawId:extensions:authenticatorData:signature:userHandle:]): Deleted.
+ * UIProcess/API/Cocoa/_WKAuthenticatorAssertionResponseInternal.h:
+ * UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponse.mm:
+ (-[_WKAuthenticatorAttestationResponse initWithClientDataJSON:rawId:extensions:attestationObject:]):
+ (-[_WKAuthenticatorAttestationResponse initWithRawId:extensions:attestationObject:]): Deleted.
+ * UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponseInternal.h:
+ * UIProcess/API/Cocoa/_WKAuthenticatorResponse.h:
+ * UIProcess/API/Cocoa/_WKAuthenticatorResponse.mm:
+ (-[_WKAuthenticatorResponse initWithClientDataJSON:rawId:extensions:]):
+ (-[_WKAuthenticatorResponse initWithRawId:extensions:]): Deleted.
+ * UIProcess/API/Cocoa/_WKAuthenticatorResponseInternal.h:
+ Adds a field to return the JSON serialized bytes for the ClientDataJSON.
+
+ * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:
+ * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:
+ (produceClientDataJson):
+ (produceClientDataJsonHash):
+ (wkAuthenticatorAttestationResponse):
+ (-[_WKWebAuthenticationPanel makeCredentialWithChallenge:origin:options:completionHandler:]):
+ (wkAuthenticatorAssertionResponse):
+ (-[_WKWebAuthenticationPanel getAssertionWithChallenge:origin:options:completionHandler:]):
+ (-[_WKWebAuthenticationPanel makeCredentialWithHash:options:completionHandler:]): Deleted.
+ (-[_WKWebAuthenticationPanel getAssertionWithHash:options:completionHandler:]): Deleted.
+ Modifies the SPI to accept a challenge and an origin to calculate the ClientDataJSON.
+
2021-02-10 Don Olmstead <don.olmst...@sony.com>
Non-unified build fixes, early February 2021 edition
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAssertionResponse.mm (272693 => 272694)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAssertionResponse.mm 2021-02-10 23:47:56 UTC (rev 272693)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAssertionResponse.mm 2021-02-10 23:50:37 UTC (rev 272694)
@@ -32,9 +32,9 @@
@implementation _WKAuthenticatorAssertionResponse
-- (instancetype)initWithRawId:(NSData *)rawId extensions:(RetainPtr<_WKAuthenticationExtensionsClientOutputs>&&)extensions authenticatorData:(NSData *)authenticatorData signature:(NSData *)signature userHandle:(NSData *)userHandle
+- (instancetype)initWithClientDataJSON:(NSData *)clientDataJSON rawId:(NSData *)rawId extensions:(RetainPtr<_WKAuthenticationExtensionsClientOutputs>&&)extensions authenticatorData:(NSData *)authenticatorData signature:(NSData *)signature userHandle:(NSData *)userHandle
{
- if (!(self = [super initWithRawId:rawId extensions:WTFMove(extensions)]))
+ if (!(self = [super initWithClientDataJSON:clientDataJSON rawId:rawId extensions:WTFMove(extensions)]))
return nil;
_authenticatorData = authenticatorData;
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAssertionResponseInternal.h (272693 => 272694)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAssertionResponseInternal.h 2021-02-10 23:47:56 UTC (rev 272693)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAssertionResponseInternal.h 2021-02-10 23:50:37 UTC (rev 272694)
@@ -34,7 +34,7 @@
@interface _WKAuthenticatorAssertionResponse ()
-- (instancetype)initWithRawId:(NSData *)rawId extensions:(RetainPtr<_WKAuthenticationExtensionsClientOutputs>&&)extensions authenticatorData:(NSData *)authenticatorData signature:(NSData *)signature userHandle:(NSData *)userHandle;
+- (instancetype)initWithClientDataJSON:(NSData *)clientDataJSON rawId:(NSData *)rawId extensions:(RetainPtr<_WKAuthenticationExtensionsClientOutputs>&&)extensions authenticatorData:(NSData *)authenticatorData signature:(NSData *)signature userHandle:(NSData *)userHandle;
@end
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponse.mm (272693 => 272694)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponse.mm 2021-02-10 23:47:56 UTC (rev 272693)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponse.mm 2021-02-10 23:50:37 UTC (rev 272694)
@@ -32,9 +32,9 @@
@implementation _WKAuthenticatorAttestationResponse
-- (instancetype)initWithRawId:(NSData *)rawId extensions:(RetainPtr<_WKAuthenticationExtensionsClientOutputs>&&)extensions attestationObject:(NSData *)attestationObject
+- (instancetype)initWithClientDataJSON:(NSData *)clientDataJSON rawId:(NSData *)rawId extensions:(RetainPtr<_WKAuthenticationExtensionsClientOutputs>&&)extensions attestationObject:(NSData *)attestationObject
{
- if (!(self = [super initWithRawId:rawId extensions:WTFMove(extensions)]))
+ if (!(self = [super initWithClientDataJSON:clientDataJSON rawId:rawId extensions:WTFMove(extensions)]))
return nil;
_attestationObject = attestationObject;
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponseInternal.h (272693 => 272694)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponseInternal.h 2021-02-10 23:47:56 UTC (rev 272693)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponseInternal.h 2021-02-10 23:50:37 UTC (rev 272694)
@@ -34,7 +34,7 @@
@interface _WKAuthenticatorAttestationResponse ()
-- (instancetype)initWithRawId:(NSData *)rawId extensions:(RetainPtr<_WKAuthenticationExtensionsClientOutputs>&&)extensions attestationObject:(NSData *)attestationObject;
+- (instancetype)initWithClientDataJSON:(NSData *)clientDataJSON rawId:(NSData *)rawId extensions:(RetainPtr<_WKAuthenticationExtensionsClientOutputs>&&)extensions attestationObject:(NSData *)attestationObject;
@end
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponse.h (272693 => 272694)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponse.h 2021-02-10 23:47:56 UTC (rev 272693)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponse.h 2021-02-10 23:50:37 UTC (rev 272694)
@@ -36,6 +36,7 @@
WK_CLASS_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA))
@interface _WKAuthenticatorResponse : NSObject
+@property (nonatomic, readonly) NSData *clientDataJSON;
@property (nonatomic, readonly) NSData *rawId;
@property (nullable, nonatomic, readonly, strong) _WKAuthenticationExtensionsClientOutputs *extensions;
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponse.mm (272693 => 272694)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponse.mm 2021-02-10 23:47:56 UTC (rev 272693)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponse.mm 2021-02-10 23:50:37 UTC (rev 272694)
@@ -33,11 +33,12 @@
RetainPtr<_WKAuthenticationExtensionsClientOutputs> _extensions;
}
-- (instancetype)initWithRawId:(NSData *)rawId extensions:(RetainPtr<_WKAuthenticationExtensionsClientOutputs>&&)extensions
+- (instancetype)initWithClientDataJSON:(NSData *)clientDataJSON rawId:(NSData *)rawId extensions:(RetainPtr<_WKAuthenticationExtensionsClientOutputs>&&)extensions
{
if (!(self = [super init]))
return nil;
+ _clientDataJSON = clientDataJSON;
_rawId = rawId;
_extensions = extensions;
return self;
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponseInternal.h (272693 => 272694)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponseInternal.h 2021-02-10 23:47:56 UTC (rev 272693)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponseInternal.h 2021-02-10 23:50:37 UTC (rev 272694)
@@ -34,7 +34,7 @@
@interface _WKAuthenticatorResponse ()
-- (instancetype)initWithRawId:(NSData *)rawId extensions:(RetainPtr<_WKAuthenticationExtensionsClientOutputs>&&)extensions;
+- (instancetype)initWithClientDataJSON:(NSData *)clientDataJSON rawId:(NSData *)rawId extensions:(RetainPtr<_WKAuthenticationExtensionsClientOutputs>&&)extensions;
@end
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h (272693 => 272694)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h 2021-02-10 23:47:56 UTC (rev 272693)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h 2021-02-10 23:50:37 UTC (rev 272694)
@@ -85,7 +85,7 @@
- (void)panel:(_WKWebAuthenticationPanel *)panel updateWebAuthenticationPanel:(_WKWebAuthenticationPanelUpdate)update WK_API_AVAILABLE(macos(11.0), ios(14.0));
- (void)panel:(_WKWebAuthenticationPanel *)panel requestPINWithRemainingRetries:(NSUInteger)retries completionHandler:(void (^)(NSString *))completionHandler WK_API_AVAILABLE(macos(11.0), ios(14.0));
-- (void)panel:(_WKWebAuthenticationPanel *)panel selectAssertionResponse:(NSArray < _WKWebAuthenticationAssertionResponse *> *)responses source:(_WKWebAuthenticationSource)source completionHandler:(void (^)(_WKWebAuthenticationAssertionResponse *))completionHandler WK_API_AVAILABLE(macos(11.0), ios(14.0));
+- (void)panel:(_WKWebAuthenticationPanel *)panel selectAssertionResponse:(NSArray < _WKWebAuthenticationAssertionResponse *> *)responses source:(_WKWebAuthenticationSource)source completionHandler:(void (^)(_WKWebAuthenticationAssertionResponse * _Nullable))completionHandler WK_API_AVAILABLE(macos(11.0), ios(14.0));
- (void)panel:(_WKWebAuthenticationPanel *)panel requestLAContextForUserVerificationWithCompletionHandler:(void (^)(LAContext *context))completionHandler WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
// FIXME: <rdar://problem/71509848> Deprecate the following delegates.
@@ -103,10 +103,9 @@
- (instancetype)init;
-// FIXME: <rdar://problem/71509394> Adds ClientDataJSON.
// FIXME: <rdar://problem/71509485> Adds detailed NSError.
-- (void)makeCredentialWithHash:(NSData *)hash options:(_WKPublicKeyCredentialCreationOptions *)options completionHandler:(void (^)(_WKAuthenticatorAttestationResponse *, NSError *))handler WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
-- (void)getAssertionWithHash:(NSData *)hash options:(_WKPublicKeyCredentialRequestOptions *)options completionHandler:(void (^)(_WKAuthenticatorAssertionResponse *, NSError *))handler WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
+- (void)makeCredentialWithChallenge:(NSData *)challenge origin:(NSString *)origin options:(_WKPublicKeyCredentialCreationOptions *)options completionHandler:(void (^)(_WKAuthenticatorAttestationResponse *, NSError *))handler WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
+- (void)getAssertionWithChallenge:(NSData *)challenge origin:(NSString *)origin options:(_WKPublicKeyCredentialRequestOptions *)options completionHandler:(void (^)(_WKAuthenticatorAssertionResponse *, NSError *))handler WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
- (void)cancel;
// FIXME: <rdar://problem/71509848> Deprecate the following properties.
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm (272693 => 272694)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2021-02-10 23:47:56 UTC (rev 272693)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2021-02-10 23:50:37 UTC (rev 272694)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2019-2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -48,9 +48,37 @@
#import <WebCore/PublicKeyCredentialCreationOptions.h>
#import <WebCore/PublicKeyCredentialRequestOptions.h>
#import <WebCore/WebAuthenticationConstants.h>
+#import <pal/crypto/CryptoDigest.h>
#import <wtf/BlockPtr.h>
#import <wtf/RetainPtr.h>
+#import <wtf/text/Base64.h>
+#if ENABLE(WEB_AUTHN)
+static RetainPtr<NSData> produceClientDataJson(_WKWebAuthenticationType type, NSData *challenge, NSString *origin)
+{
+ auto dictionary = adoptNS([[NSMutableDictionary alloc] init]);
+ switch (type) {
+ case _WKWebAuthenticationTypeCreate:
+ [dictionary setObject:@"webauthn.create" forKey:@"type"];
+ break;
+ case _WKWebAuthenticationTypeGet:
+ [dictionary setObject:@"webauthn.get" forKey:@"type"];
+ break;
+ }
+ [dictionary setObject:WTF::base64URLEncode(challenge.bytes, challenge.length) forKey:@"challenge"];
+ [dictionary setObject:origin forKey:@"origin"];
+
+ return [NSJSONSerialization dataWithJSONObject:dictionary.get() options:NSJSONWritingSortedKeys error:nil];
+}
+
+static Vector<uint8_t> produceClientDataJsonHash(NSData *clientDataJson)
+{
+ auto crypto = PAL::CryptoDigest::create(PAL::CryptoDigest::Algorithm::SHA_256);
+ crypto->addBytes(clientDataJson.bytes, clientDataJson.length);
+ return crypto->computeHash();
+}
+#endif
+
@implementation _WKWebAuthenticationPanel {
#if ENABLE(WEB_AUTHN)
WeakPtr<WebKit::WebAuthenticationPanelClient> _client;
@@ -332,23 +360,25 @@
}
#if ENABLE(WEB_AUTHN)
-static RetainPtr<_WKAuthenticatorAttestationResponse> wkAuthenticatorAttestationResponse(const WebCore::AuthenticatorResponseData& data)
+static RetainPtr<_WKAuthenticatorAttestationResponse> wkAuthenticatorAttestationResponse(const WebCore::AuthenticatorResponseData& data, NSData *clientDataJSON)
{
- return adoptNS([[_WKAuthenticatorAttestationResponse alloc] initWithRawId:[NSData dataWithBytes:data.rawId->data() length:data.rawId->byteLength()] extensions:nil attestationObject:[NSData dataWithBytes:data.attestationObject->data() length:data.attestationObject->byteLength()]]);
+ return adoptNS([[_WKAuthenticatorAttestationResponse alloc] initWithClientDataJSON:clientDataJSON rawId:[NSData dataWithBytes:data.rawId->data() length:data.rawId->byteLength()] extensions:nil attestationObject:[NSData dataWithBytes:data.attestationObject->data() length:data.attestationObject->byteLength()]]);
}
#endif
-- (void)makeCredentialWithHash:(NSData *)hash options:(_WKPublicKeyCredentialCreationOptions *)options completionHandler:(void (^)(_WKAuthenticatorAttestationResponse *, NSError *))handler
+- (void)makeCredentialWithChallenge:(NSData *)challenge origin:(NSString *)origin options:(_WKPublicKeyCredentialCreationOptions *)options completionHandler:(void (^)(_WKAuthenticatorAttestationResponse *, NSError *))handler
{
#if ENABLE(WEB_AUTHN)
- auto callback = [handler = makeBlockPtr(handler)] (Variant<Ref<WebCore::AuthenticatorResponse>, WebCore::ExceptionData>&& result) mutable {
+ auto clientDataJSON = produceClientDataJson(_WKWebAuthenticationTypeCreate, challenge, origin);
+ auto hash = produceClientDataJsonHash(clientDataJSON.get());
+ auto callback = [handler = makeBlockPtr(handler), clientDataJSON = WTFMove(clientDataJSON)] (Variant<Ref<WebCore::AuthenticatorResponse>, WebCore::ExceptionData>&& result) mutable {
WTF::switchOn(result, [&](const Ref<WebCore::AuthenticatorResponse>& response) {
- handler(wkAuthenticatorAttestationResponse(response->data()).get(), nil);
+ handler(wkAuthenticatorAttestationResponse(response->data(), clientDataJSON.get()).get(), nil);
}, [&](const WebCore::ExceptionData& exception) {
handler(nil, [NSError errorWithDomain:WKErrorDomain code:WKErrorUnknown userInfo:nil]);
});
};
- _panel->handleRequest({ vectorFromNSData(hash), [_WKWebAuthenticationPanel convertToCoreCreationOptionsWithOptions:options], nullptr, WebKit::WebAuthenticationPanelResult::Unavailable, nullptr, WTF::nullopt, { }, true, String(), nullptr }, WTFMove(callback));
+ _panel->handleRequest({ WTFMove(hash), [_WKWebAuthenticationPanel convertToCoreCreationOptionsWithOptions:options], nullptr, WebKit::WebAuthenticationPanelResult::Unavailable, nullptr, WTF::nullopt, { }, true, String(), nullptr }, WTFMove(callback));
#endif
}
@@ -371,7 +401,7 @@
}
#if ENABLE(WEB_AUTHN)
-static RetainPtr<_WKAuthenticatorAssertionResponse> wkAuthenticatorAssertionResponse(const WebCore::AuthenticatorResponseData& data)
+static RetainPtr<_WKAuthenticatorAssertionResponse> wkAuthenticatorAssertionResponse(const WebCore::AuthenticatorResponseData& data, NSData *clientDataJSON)
{
RetainPtr<_WKAuthenticationExtensionsClientOutputs> extensions;
if (data.appid)
@@ -381,21 +411,23 @@
if (data.userHandle)
userHandle = [NSData dataWithBytes:data.userHandle->data() length:data.userHandle->byteLength()];
- return adoptNS([[_WKAuthenticatorAssertionResponse alloc] initWithRawId:[NSData dataWithBytes:data.rawId->data() length:data.rawId->byteLength()] extensions:WTFMove(extensions) authenticatorData:[NSData dataWithBytes:data.authenticatorData->data() length:data.authenticatorData->byteLength()] signature:[NSData dataWithBytes:data.signature->data() length:data.signature->byteLength()] userHandle:userHandle]);
+ return adoptNS([[_WKAuthenticatorAssertionResponse alloc] initWithClientDataJSON:clientDataJSON rawId:[NSData dataWithBytes:data.rawId->data() length:data.rawId->byteLength()] extensions:WTFMove(extensions) authenticatorData:[NSData dataWithBytes:data.authenticatorData->data() length:data.authenticatorData->byteLength()] signature:[NSData dataWithBytes:data.signature->data() length:data.signature->byteLength()] userHandle:userHandle]);
}
#endif
-- (void)getAssertionWithHash:(NSData *)hash options:(_WKPublicKeyCredentialRequestOptions *)options completionHandler:(void (^)(_WKAuthenticatorAssertionResponse *, NSError *))handler
+- (void)getAssertionWithChallenge:(NSData *)challenge origin:(NSString *)origin options:(_WKPublicKeyCredentialRequestOptions *)options completionHandler:(void (^)(_WKAuthenticatorAssertionResponse *, NSError *))handler
{
#if ENABLE(WEB_AUTHN)
- auto callback = [handler = makeBlockPtr(handler)] (Variant<Ref<WebCore::AuthenticatorResponse>, WebCore::ExceptionData>&& result) mutable {
+ auto clientDataJSON = produceClientDataJson(_WKWebAuthenticationTypeCreate, challenge, origin);
+ auto hash = produceClientDataJsonHash(clientDataJSON.get());
+ auto callback = [handler = makeBlockPtr(handler), clientDataJSON = WTFMove(clientDataJSON)] (Variant<Ref<WebCore::AuthenticatorResponse>, WebCore::ExceptionData>&& result) mutable {
WTF::switchOn(result, [&](const Ref<WebCore::AuthenticatorResponse>& response) {
- handler(wkAuthenticatorAssertionResponse(response->data()).get(), nil);
+ handler(wkAuthenticatorAssertionResponse(response->data(), clientDataJSON.get()).get(), nil);
}, [&](const WebCore::ExceptionData& exception) {
handler(nil, [NSError errorWithDomain:WKErrorDomain code:WKErrorUnknown userInfo:nil]);
});
};
- _panel->handleRequest({ vectorFromNSData(hash), [_WKWebAuthenticationPanel convertToCoreRequestOptionsWithOptions:options], nullptr, WebKit::WebAuthenticationPanelResult::Unavailable, nullptr, WTF::nullopt, { }, true, String(), nullptr }, WTFMove(callback));
+ _panel->handleRequest({ WTFMove(hash), [_WKWebAuthenticationPanel convertToCoreRequestOptionsWithOptions:options], nullptr, WebKit::WebAuthenticationPanelResult::Unavailable, nullptr, WTF::nullopt, { }, true, String(), nullptr }, WTFMove(callback));
#endif
}
Modified: trunk/Tools/ChangeLog (272693 => 272694)
--- trunk/Tools/ChangeLog 2021-02-10 23:47:56 UTC (rev 272693)
+++ trunk/Tools/ChangeLog 2021-02-10 23:50:37 UTC (rev 272694)
@@ -1,3 +1,14 @@
+2021-02-10 Jiewen Tan <jiewen_...@apple.com>
+
+ [WebAuthn] Produce ClientDataJSON in the SPI
+ https://bugs.webkit.org/show_bug.cgi?id=221623
+ <rdar://problem/71509394>
+
+ Reviewed by Brent Fulgham.
+
+ * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:
+ (TestWebKitAPI::TEST):
+
2021-02-10 Ruben Turcios <rubent...@apple.com>
Adding self to contributor.json file.
Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm (272693 => 272694)
--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2021-02-10 23:47:56 UTC (rev 272693)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2021-02-10 23:50:37 UTC (rev 272694)
@@ -1741,7 +1741,7 @@
[options setTimeout:@10];
auto panel = adoptNS([[_WKWebAuthenticationPanel alloc] init]);
- [panel makeCredentialWithHash:nsHash options:options.get() completionHandler:^(_WKAuthenticatorAttestationResponse *response, NSError *error) {
+ [panel makeCredentialWithChallenge:nsHash origin:@"" options:options.get() completionHandler:^(_WKAuthenticatorAttestationResponse *response, NSError *error) {
webAuthenticationPanelRan = true;
EXPECT_NULL(response);
@@ -1761,7 +1761,7 @@
uint8_t identifier[] = { 0x01, 0x02, 0x03, 0x04 };
uint8_t hash[] = { 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04 };
NSData *nsIdentifier = [NSData dataWithBytes:identifier length:sizeof(identifier)];
- NSData *nsHash = [NSData dataWithBytes:hash length:sizeof(hash)];
+ auto nsHash = adoptNS([[NSData alloc] initWithBytes:hash length:sizeof(hash)]);
auto parameters = adoptNS([[_WKPublicKeyCredentialParameters alloc] initWithAlgorithm:@-7]);
auto rp = adoptNS([[_WKPublicKeyCredentialRelyingPartyEntity alloc] initWithName:@"example.com"]);
@@ -1775,7 +1775,7 @@
auto delegate = adoptNS([[TestWebAuthenticationPanelDelegate alloc] init]);
[panel setDelegate:delegate.get()];
- [panel makeCredentialWithHash:nsHash options:options.get() completionHandler:^(_WKAuthenticatorAttestationResponse *response, NSError *error) {
+ [panel makeCredentialWithChallenge:nsHash.get() origin:@"example.com" options:options.get() completionHandler:^(_WKAuthenticatorAttestationResponse *response, NSError *error) {
webAuthenticationPanelRan = true;
cleanUpKeychain("example.com");
@@ -1783,6 +1783,7 @@
EXPECT_NULL(error);
EXPECT_NOT_NULL(response);
+ EXPECT_WK_STREQ([response.clientDataJSON base64EncodedStringWithOptions:0], "eyJjaGFsbGVuZ2UiOiJBUUlEQkFFQ0F3UUJBZ01FQVFJREJBRUNBd1FCQWdNRUFRSURCQUVDQXdRIiwib3JpZ2luIjoiZXhhbXBsZS5jb20iLCJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIn0=");
EXPECT_WK_STREQ([response.rawId base64EncodedStringWithOptions:0], "SMSXHngF7hEOsElA73C3RY+8bR4=");
EXPECT_NULL(response.extensions);
EXPECT_WK_STREQ([response.attestationObject base64EncodedStringWithOptions:0], "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViYo3mm9u6vuaVeN4wRgDTidR5oL6ufLTCrE9ISVYbOGUdFAAAAAAAAAAAAAAAAAAAAAAAAAAAAFEjElx54Be4RDrBJQO9wt0WPvG0epQECAyYgASFYIDj/zxSkzKgaBuS3cdWDF558of8AaIpgFpsjF/Qm1749IlggVBJPgqUIwfhWHJ91nb7UPH76c0+WFOzZKslPyyFse4g=");
@@ -1878,7 +1879,7 @@
[options setTimeout:@120];
auto panel = adoptNS([[_WKWebAuthenticationPanel alloc] init]);
- [panel getAssertionWithHash:nsHash options:options.get() completionHandler:^(_WKAuthenticatorAssertionResponse *response, NSError *error) {
+ [panel getAssertionWithChallenge:nsHash origin:@"" options:options.get() completionHandler:^(_WKAuthenticatorAssertionResponse *response, NSError *error) {
webAuthenticationPanelRan = true;
EXPECT_NULL(response);
@@ -1908,7 +1909,7 @@
auto delegate = adoptNS([[TestWebAuthenticationPanelDelegate alloc] init]);
[panel setDelegate:delegate.get()];
- [panel getAssertionWithHash:nsHash options:options.get() completionHandler:^(_WKAuthenticatorAssertionResponse *response, NSError *error) {
+ [panel getAssertionWithChallenge:nsHash origin:@"" options:options.get() completionHandler:^(_WKAuthenticatorAssertionResponse *response, NSError *error) {
webAuthenticationPanelRan = true;
cleanUpKeychain("");
@@ -1915,6 +1916,7 @@
EXPECT_NULL(error);
EXPECT_NOT_NULL(response);
+ EXPECT_WK_STREQ([response.clientDataJSON base64EncodedStringWithOptions:0], "eyJjaGFsbGVuZ2UiOiJBUUlEQkFFQ0F3UUJBZ01FQVFJREJBRUNBd1FCQWdNRUFRSURCQUVDQXdRIiwib3JpZ2luIjoiIiwidHlwZSI6IndlYmF1dGhuLmNyZWF0ZSJ9");
EXPECT_WK_STREQ([response.rawId base64EncodedStringWithOptions:0], "SMSXHngF7hEOsElA73C3RY+8bR4=");
EXPECT_NULL(response.extensions);
EXPECT_WK_STREQ([response.authenticatorData base64EncodedStringWithOptions:0], "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFUFAAAAAA==");