Modified: trunk/Source/WebKit/ChangeLog (285964 => 285965)
--- trunk/Source/WebKit/ChangeLog 2021-11-17 23:55:47 UTC (rev 285964)
+++ trunk/Source/WebKit/ChangeLog 2021-11-18 00:10:02 UTC (rev 285965)
@@ -1,3 +1,22 @@
+2021-11-17 J Pascoe <j_pas...@apple.com>
+
+ [WebAuthn] Add SPI for makeCredential / getAssertion using clientDataHash
+ https://bugs.webkit.org/show_bug.cgi?id=233216
+ <rdar://problem/85476386>
+
+ Reviewed by Brent Fulgham.
+
+ In order to avoid needing to make and coordinate changes to ASC to support new fields or changes
+ within ClientDataJSON and to maintain a single source of truth, calls to ASC from WebKit
+ will contain a precomputed ClientDataHash. This change creates new SPIs that will be called
+ from ASC using the ClientDataHash.
+
+ * UIProcess/API/Cocoa/_WKAuthenticatorResponse.h:
+ * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:
+ (-[_WKWebAuthenticationPanel makeCredentialWithClientDataHash:options:completionHandler:]):
+ (-[_WKWebAuthenticationPanel getAssertionWithClientDataHash:options:completionHandler:]):
+ New functions to take in ClientDataHash instead of the data needed to construct it.
+
2021-11-17 Per Arne Vollan <pvol...@apple.com>
[macOS] Add message filter guard in the GPU process' sandbox
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponse.h (285964 => 285965)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponse.h 2021-11-17 23:55:47 UTC (rev 285964)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponse.h 2021-11-18 00:10:02 UTC (rev 285965)
@@ -38,7 +38,7 @@
@interface _WKAuthenticatorResponse : NSObject
@property (nonatomic, readonly) _WKAuthenticatorAttachment attachment;
-@property (nonatomic, readonly) NSData *clientDataJSON;
+@property (nullable, nonatomic, readonly) NSData *clientDataJSON;
@property (nonatomic, readonly) NSData *rawId;
@property (nullable, nonatomic, readonly, strong) _WKAuthenticationExtensionsClientOutputs *extensions;
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm (285964 => 285965)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2021-11-17 23:55:47 UTC (rev 285964)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2021-11-18 00:10:02 UTC (rev 285965)
@@ -580,6 +580,20 @@
#endif
}
+- (void)makeCredentialWithClientDataHash:(NSData *)clientDataHash options:(_WKPublicKeyCredentialCreationOptions *)options completionHandler:(void (^)(_WKAuthenticatorAttestationResponse *, NSError *))handler
+{
+#if ENABLE(WEB_AUTHN)
+ auto callback = [handler = makeBlockPtr(handler)] (std::variant<Ref<WebCore::AuthenticatorResponse>, WebCore::ExceptionData>&& result) mutable {
+ WTF::switchOn(result, [&](const Ref<WebCore::AuthenticatorResponse>& response) {
+ handler(wkAuthenticatorAttestationResponse(response->data(), nullptr, response->attachment()).get(), nil);
+ }, [&](const WebCore::ExceptionData& exception) {
+ handler(nil, [NSError errorWithDomain:WKErrorDomain code:exception.code userInfo:@{ NSLocalizedDescriptionKey: exception.message }]);
+ });
+ };
+ _panel->handleRequest({ vectorFromNSData(clientDataHash), [_WKWebAuthenticationPanel convertToCoreCreationOptionsWithOptions:options], nullptr, WebKit::WebAuthenticationPanelResult::Unavailable, nullptr, std::nullopt, { }, true, String(), nullptr }, WTFMove(callback));
+#endif
+}
+
+ (WebCore::PublicKeyCredentialRequestOptions)convertToCoreRequestOptionsWithOptions:(_WKPublicKeyCredentialRequestOptions *)options
{
WebCore::PublicKeyCredentialRequestOptions result;
@@ -630,6 +644,20 @@
#endif
}
+- (void)getAssertionWithClientDataHash:(NSData *)clientDataHash options:(_WKPublicKeyCredentialRequestOptions *)options completionHandler:(void (^)(_WKAuthenticatorAssertionResponse *, NSError *))handler
+{
+#if ENABLE(WEB_AUTHN)
+ auto callback = [handler = makeBlockPtr(handler)] (std::variant<Ref<WebCore::AuthenticatorResponse>, WebCore::ExceptionData>&& result) mutable {
+ WTF::switchOn(result, [&](const Ref<WebCore::AuthenticatorResponse>& response) {
+ handler(wkAuthenticatorAssertionResponse(response->data(), nullptr, response->attachment()).get(), nil);
+ }, [&](const WebCore::ExceptionData& exception) {
+ handler(nil, [NSError errorWithDomain:WKErrorDomain code:WKErrorUnknown userInfo:nil]);
+ });
+ };
+ _panel->handleRequest({ vectorFromNSData(clientDataHash), [_WKWebAuthenticationPanel convertToCoreRequestOptionsWithOptions:options], nullptr, WebKit::WebAuthenticationPanelResult::Unavailable, nullptr, std::nullopt, { }, true, String(), nullptr }, WTFMove(callback));
+#endif
+}
+
+ (BOOL)isUserVerifyingPlatformAuthenticatorAvailable
{
#if ENABLE(WEB_AUTHN)