[webkit-changes] [285965] trunk/Source/WebKit

Wed, 17 Nov 2021 16:10:48 -0800

Title: [285965] trunk/Source/WebKit
Revision
285965
Author
j_pas...@apple.com
Date
2021-11-17 16:10:02 -0800 (Wed, 17 Nov 2021)

Log Message

[WebAuthn] Add SPI for makeCredential / getAssertion using clientDataHash
https://bugs.webkit.org/show_bug.cgi?id=233216
<rdar://problem/85476386>

Reviewed by Brent Fulgham.

In order to avoid needing to make and coordinate changes to ASC to support new fields or changes
within ClientDataJSON and to maintain a single source of truth, calls to ASC from WebKit
will contain a precomputed ClientDataHash. This change creates new SPIs that will be called
from ASC using the ClientDataHash.

* UIProcess/API/Cocoa/_WKAuthenticatorResponse.h:
* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:
(-[_WKWebAuthenticationPanel makeCredentialWithClientDataHash:options:completionHandler:]):
(-[_WKWebAuthenticationPanel getAssertionWithClientDataHash:options:completionHandler:]):
New functions to take in ClientDataHash instead of the data needed to construct it.

Modified Paths

Diff

Modified: trunk/Source/WebKit/ChangeLog (285964 => 285965)


--- trunk/Source/WebKit/ChangeLog	2021-11-17 23:55:47 UTC (rev 285964)
+++ trunk/Source/WebKit/ChangeLog	2021-11-18 00:10:02 UTC (rev 285965)
@@ -1,3 +1,22 @@
+2021-11-17  J Pascoe  <j_pas...@apple.com>
+
+        [WebAuthn] Add SPI for makeCredential / getAssertion using clientDataHash
+        https://bugs.webkit.org/show_bug.cgi?id=233216
+        <rdar://problem/85476386>
+
+        Reviewed by Brent Fulgham.
+
+        In order to avoid needing to make and coordinate changes to ASC to support new fields or changes
+        within ClientDataJSON and to maintain a single source of truth, calls to ASC from WebKit
+        will contain a precomputed ClientDataHash. This change creates new SPIs that will be called
+        from ASC using the ClientDataHash.
+
+        * UIProcess/API/Cocoa/_WKAuthenticatorResponse.h:
+        * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:
+        (-[_WKWebAuthenticationPanel makeCredentialWithClientDataHash:options:completionHandler:]):
+        (-[_WKWebAuthenticationPanel getAssertionWithClientDataHash:options:completionHandler:]):
+        New functions to take in ClientDataHash instead of the data needed to construct it.
+
 2021-11-17  Per Arne Vollan  <pvol...@apple.com>
 
         [macOS] Add message filter guard in the GPU process' sandbox

Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponse.h (285964 => 285965)


--- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponse.h	2021-11-17 23:55:47 UTC (rev 285964)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponse.h	2021-11-18 00:10:02 UTC (rev 285965)
@@ -38,7 +38,7 @@
 @interface _WKAuthenticatorResponse : NSObject
 
 @property (nonatomic, readonly) _WKAuthenticatorAttachment attachment;
-@property (nonatomic, readonly) NSData *clientDataJSON;
+@property (nullable, nonatomic, readonly) NSData *clientDataJSON;
 @property (nonatomic, readonly) NSData *rawId;
 @property (nullable, nonatomic, readonly, strong) _WKAuthenticationExtensionsClientOutputs *extensions;

Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm (285964 => 285965)


--- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm	2021-11-17 23:55:47 UTC (rev 285964)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm	2021-11-18 00:10:02 UTC (rev 285965)
@@ -580,6 +580,20 @@
 #endif
 }
 
+- (void)makeCredentialWithClientDataHash:(NSData *)clientDataHash options:(_WKPublicKeyCredentialCreationOptions *)options completionHandler:(void (^)(_WKAuthenticatorAttestationResponse *, NSError *))handler
+{
+#if ENABLE(WEB_AUTHN)
+    auto callback = [handler = makeBlockPtr(handler)] (std::variant<Ref<WebCore::AuthenticatorResponse>, WebCore::ExceptionData>&& result) mutable {
+        WTF::switchOn(result, [&](const Ref<WebCore::AuthenticatorResponse>& response) {
+            handler(wkAuthenticatorAttestationResponse(response->data(), nullptr, response->attachment()).get(), nil);
+        }, [&](const WebCore::ExceptionData& exception) {
+            handler(nil, [NSError errorWithDomain:WKErrorDomain code:exception.code userInfo:@{ NSLocalizedDescriptionKey: exception.message }]);
+        });
+    };
+    _panel->handleRequest({ vectorFromNSData(clientDataHash), [_WKWebAuthenticationPanel convertToCoreCreationOptionsWithOptions:options], nullptr, WebKit::WebAuthenticationPanelResult::Unavailable, nullptr, std::nullopt, { }, true, String(), nullptr }, WTFMove(callback));
+#endif
+}
+
 + (WebCore::PublicKeyCredentialRequestOptions)convertToCoreRequestOptionsWithOptions:(_WKPublicKeyCredentialRequestOptions *)options
 {
     WebCore::PublicKeyCredentialRequestOptions result;
@@ -630,6 +644,20 @@
 #endif
 }
 
+- (void)getAssertionWithClientDataHash:(NSData *)clientDataHash options:(_WKPublicKeyCredentialRequestOptions *)options completionHandler:(void (^)(_WKAuthenticatorAssertionResponse *, NSError *))handler
+{
+#if ENABLE(WEB_AUTHN)
+    auto callback = [handler = makeBlockPtr(handler)] (std::variant<Ref<WebCore::AuthenticatorResponse>, WebCore::ExceptionData>&& result) mutable {
+        WTF::switchOn(result, [&](const Ref<WebCore::AuthenticatorResponse>& response) {
+            handler(wkAuthenticatorAssertionResponse(response->data(), nullptr, response->attachment()).get(), nil);
+        }, [&](const WebCore::ExceptionData& exception) {
+            handler(nil, [NSError errorWithDomain:WKErrorDomain code:WKErrorUnknown userInfo:nil]);
+        });
+    };
+    _panel->handleRequest({ vectorFromNSData(clientDataHash), [_WKWebAuthenticationPanel convertToCoreRequestOptionsWithOptions:options], nullptr, WebKit::WebAuthenticationPanelResult::Unavailable, nullptr, std::nullopt, { }, true, String(), nullptr }, WTFMove(callback));
+#endif
+}
+
 + (BOOL)isUserVerifyingPlatformAuthenticatorAvailable
 {
 #if ENABLE(WEB_AUTHN)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to