Log Message
Expose way to encode CTAP commands with only the hash of ClientDataJSON https://bugs.webkit.org/show_bug.cgi?id=235191 <rdar://problem/87557846>
Reviewed by Brent Fulgham. Source/WebKit: CTAP command encoding covered by existing tests (see CtapRequestTest) and the SPI in new API tests. * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (+[_WKWebAuthenticationPanel encodeMakeCredentialCommandWithClientDataHash:options:userVerificationAvailability:]): (+[_WKWebAuthenticationPanel encodeGetAssertionCommandWithClientDataHash:options:userVerificationAvailability:]): Tools: * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (TestWebKitAPI::TEST): Tests for new SPIs.
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (288009 => 288010)
--- trunk/Source/WebKit/ChangeLog 2022-01-14 07:51:35 UTC (rev 288009)
+++ trunk/Source/WebKit/ChangeLog 2022-01-14 08:02:17 UTC (rev 288010)
@@ -1,3 +1,19 @@
+2022-01-14 J Pascoe <j_pas...@apple.com>
+
+ Expose way to encode CTAP commands with only the hash of ClientDataJSON
+ https://bugs.webkit.org/show_bug.cgi?id=235191
+ <rdar://problem/87557846>
+
+ Reviewed by Brent Fulgham.
+
+ CTAP command encoding covered by existing tests (see CtapRequestTest) and the SPI
+ in new API tests.
+
+ * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:
+ * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:
+ (+[_WKWebAuthenticationPanel encodeMakeCredentialCommandWithClientDataHash:options:userVerificationAvailability:]):
+ (+[_WKWebAuthenticationPanel encodeGetAssertionCommandWithClientDataHash:options:userVerificationAvailability:]):
+
2022-01-13 Elliott Williams <e...@apple.com>
[XCBuild] Add "product dependencies" which influence workspace build order
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h (288009 => 288010)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h 2022-01-14 07:51:35 UTC (rev 288009)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h 2022-01-14 08:02:17 UTC (rev 288010)
@@ -123,6 +123,9 @@
+ (NSData *)encodeMakeCredentialCommandWithClientDataJSON:(NSData *)clientDataJSON options:(_WKPublicKeyCredentialCreationOptions *)options userVerificationAvailability:(_WKWebAuthenticationUserVerificationAvailability)userVerificationAvailability WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
+ (NSData *)encodeGetAssertionCommandWithClientDataJSON:(NSData *)clientDataJSON options:(_WKPublicKeyCredentialRequestOptions *)options userVerificationAvailability:(_WKWebAuthenticationUserVerificationAvailability)userVerificationAvailability WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
++ (NSData *)encodeMakeCredentialCommandWithClientDataHash:(NSData *)clientDataHash options:(_WKPublicKeyCredentialCreationOptions *)options userVerificationAvailability:(_WKWebAuthenticationUserVerificationAvailability)userVerificationAvailability WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
++ (NSData *)encodeGetAssertionCommandWithClientDataHash:(NSData *)clientDataHash options:(_WKPublicKeyCredentialRequestOptions *)options userVerificationAvailability:(_WKWebAuthenticationUserVerificationAvailability)userVerificationAvailability WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
+
- (instancetype)init;
// FIXME: <rdar://problem/71509485> Adds detailed NSError.
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm (288009 => 288010)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2022-01-14 07:51:35 UTC (rev 288009)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2022-01-14 08:02:17 UTC (rev 288010)
@@ -711,6 +711,29 @@
return encodedCommand.autorelease();
}
+
++ (NSData *)encodeMakeCredentialCommandWithClientDataHash:(NSData *)clientDataHash options:(_WKPublicKeyCredentialCreationOptions *)options userVerificationAvailability:(_WKWebAuthenticationUserVerificationAvailability)userVerificationAvailability
+{
+ RetainPtr<NSData> encodedCommand;
+#if ENABLE(WEB_AUTHN)
+ auto encodedVector = fido::encodeMakeCredenitalRequestAsCBOR(vectorFromNSData(clientDataHash), [_WKWebAuthenticationPanel convertToCoreCreationOptionsWithOptions:options], coreUserVerificationAvailability(userVerificationAvailability), std::nullopt);
+ encodedCommand = adoptNS([[NSData alloc] initWithBytes:encodedVector.data() length:encodedVector.size()]);
+#endif
+
+ return encodedCommand.autorelease();
+}
+
++ (NSData *)encodeGetAssertionCommandWithClientDataHash:(NSData *)clientDataHash options:(_WKPublicKeyCredentialRequestOptions *)options userVerificationAvailability:(_WKWebAuthenticationUserVerificationAvailability)userVerificationAvailability
+{
+ RetainPtr<NSData> encodedCommand;
+#if ENABLE(WEB_AUTHN)
+ auto encodedVector = fido::encodeGetAssertionRequestAsCBOR(vectorFromNSData(clientDataHash), [_WKWebAuthenticationPanel convertToCoreRequestOptionsWithOptions:options], coreUserVerificationAvailability(userVerificationAvailability), std::nullopt);
+ encodedCommand = adoptNS([[NSData alloc] initWithBytes:encodedVector.data() length:encodedVector.size()]);
+#endif
+
+ return encodedCommand.autorelease();
+}
+
- (void)setMockConfiguration:(NSDictionary *)configuration
{
#if ENABLE(WEB_AUTHN)
Modified: trunk/Tools/ChangeLog (288009 => 288010)
--- trunk/Tools/ChangeLog 2022-01-14 07:51:35 UTC (rev 288009)
+++ trunk/Tools/ChangeLog 2022-01-14 08:02:17 UTC (rev 288010)
@@ -1,3 +1,15 @@
+2022-01-14 J Pascoe <j_pas...@apple.com>
+
+ Expose way to encode CTAP commands with only the hash of ClientDataJSON
+ https://bugs.webkit.org/show_bug.cgi?id=235191
+ <rdar://problem/87557846>
+
+ Reviewed by Brent Fulgham.
+
+ * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:
+ (TestWebKitAPI::TEST):
+ Tests for new SPIs.
+
2022-01-13 Wenson Hsieh <wenson_hs...@apple.com>
Crash in Document::updateStyleIfNeeded() when removing a node containing the drag caret
Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm (288009 => 288010)
--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2022-01-14 07:51:35 UTC (rev 288009)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2022-01-14 08:02:17 UTC (rev 288010)
@@ -2168,6 +2168,40 @@
cleanUpKeychain("example.com");
}
+TEST(WebAuthenticationPanel, EncodeCTAPAssertion)
+{
+ uint8_t hash[] = { 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04 };
+ auto nsHash = adoptNS([[NSData alloc] initWithBytes:hash length:sizeof(hash)]);
+ auto options = adoptNS([[_WKPublicKeyCredentialRequestOptions alloc] init]);
+
+ auto *command = [_WKWebAuthenticationPanel encodeGetAssertionCommandWithClientDataHash:nsHash.get() options: options.get() userVerificationAvailability:_WKWebAuthenticationUserVerificationAvailabilityNotSupported];
+
+ // Base64 of the following CBOR:
+ // 2, {1: "", 2: h'0102030401020304010203040102030401020304010203040102030401020304', 5: {"up": true}}
+ EXPECT_WK_STREQ([command base64EncodedStringWithOptions:0], "AqMBYAJYIAECAwQBAgMEAQIDBAECAwQBAgMEAQIDBAECAwQBAgMEBaFidXD1");
+}
+
+TEST(WebAuthenticationPanel, EncodeCTAPCreation)
+{
+ uint8_t hash[] = { 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04 };
+ auto nsHash = adoptNS([[NSData alloc] initWithBytes:hash length:sizeof(hash)]);
+ uint8_t identifier[] = { 0x01, 0x02, 0x03, 0x04 };
+ NSData *nsIdentifier = [NSData dataWithBytes:identifier length:sizeof(identifier)];
+ auto parameters = adoptNS([[_WKPublicKeyCredentialParameters alloc] initWithAlgorithm:@-7]);
+
+ auto rp = adoptNS([[_WKPublicKeyCredentialRelyingPartyEntity alloc] initWithName:@"example.com"]);
+ auto user = adoptNS([[_WKPublicKeyCredentialUserEntity alloc] initWithName:@"japples...@example.com" identifier:nsIdentifier displayName:@"J Appleseed"]);
+ NSArray<_WKPublicKeyCredentialParameters *> *publicKeyCredentialParamaters = @[ parameters.get() ];
+
+ auto options = adoptNS([[_WKPublicKeyCredentialCreationOptions alloc] initWithRelyingParty:rp.get() user:user.get() publicKeyCredentialParamaters:publicKeyCredentialParamaters]);
+
+ auto *command = [_WKWebAuthenticationPanel encodeMakeCredentialCommandWithClientDataHash:nsHash.get() options: options.get() userVerificationAvailability:_WKWebAuthenticationUserVerificationAvailabilityNotSupported];
+
+ // Base64 of the following CBOR:
+ // 1, {1: h'0102030401020304010203040102030401020304010203040102030401020304', 2: {"name": "example.com"}, 3: {"id": h'01020304', "name": "japples...@example.com", "displayName": "J Appleseed"}, 4: [{"alg": -7, "type": "public-key"}]}
+ EXPECT_WK_STREQ([command base64EncodedStringWithOptions:0], "AaQBWCABAgMEAQIDBAECAwQBAgMEAQIDBAECAwQBAgMEAQIDBAKhZG5hbWVrZXhhbXBsZS5jb20Do2JpZEQBAgMEZG5hbWV2amFwcGxlc2VlZEBleGFtcGxlLmNvbWtkaXNwbGF5TmFtZWtKIEFwcGxlc2VlZASBomNhbGcmZHR5cGVqcHVibGljLWtleQ==");
+}
+
TEST(WebAuthenticationPanel, UpdateCredentialUsername)
{
reset();
_______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes