Skip to content
Permalink
Browse files
[WebAuthn] WebKitTestRunner/TWAPI lacks an entitlement and bundle ide…
…ntifier to use required [ASCAgent performAuthorizationRequestsForContext]

https://bugs.webkit.org/show_bug.cgi?id=232846
rdar://problem/85170633

Reviewed by Brent Fulgham.

Covered by existing tests.

Calling to ASC requires converting WebAuthenticationRequestData to ASCCredentialRequestContext and then making
a call to _WKAuthenticatorAssertionResponse, while also requiring entitlements currently unavailable in OpenSource.
This change avoids calling out to ASC in tests using mock / virtual authenticators to avoid this problem, the
serialization to and from ASCAgent can be tested seperately.

* UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm:
Refactor creation of ASCCredentialRequestContext.
(WebKit::WebAuthenticatorCoordinatorProxy::isUserVerifyingPlatformAuthenticatorAvailable):
* UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp:
(WebKit::WebAuthenticatorCoordinatorProxy::handleRequest):
Refactor use of ASC and add clarifying comment about flow.



Canonical link: https://commits.webkit.org/244290@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@285864 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
pascoej committed Nov 16, 2021
1 parent 7bf620f commit 1a2d7de80b713a5317264974d4bb5ed143f3e941
Showing 4 changed files with 45 additions and 13 deletions.
@@ -1,3 +1,25 @@
2021-11-16 J Pascoe <j_pascoe@apple.com>

[WebAuthn] WebKitTestRunner/TWAPI lacks an entitlement and bundle identifier to use required [ASCAgent performAuthorizationRequestsForContext]
https://bugs.webkit.org/show_bug.cgi?id=232846
rdar://problem/85170633

Reviewed by Brent Fulgham.

Covered by existing tests.

Calling to ASC requires converting WebAuthenticationRequestData to ASCCredentialRequestContext and then making
a call to _WKAuthenticatorAssertionResponse, while also requiring entitlements currently unavailable in OpenSource.
This change avoids calling out to ASC in tests using mock / virtual authenticators to avoid this problem, the
serialization to and from ASCAgent can be tested seperately.

* UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm:
Refactor creation of ASCCredentialRequestContext.
(WebKit::WebAuthenticatorCoordinatorProxy::isUserVerifyingPlatformAuthenticatorAvailable):
* UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp:
(WebKit::WebAuthenticatorCoordinatorProxy::handleRequest):
Refactor use of ASC and add clarifying comment about flow.

2021-11-16 Kimmo Kinnunen <kkinnunen@apple.com>

RemoteGraphicsContextGLCocoa::m_swapChain is unused
@@ -238,16 +238,15 @@ static inline ExceptionCode toExceptionCode(NSInteger nsErrorCode)
return requestContext;
}

void WebAuthenticatorCoordinatorProxy::makeCredential(FrameIdentifier frameId, FrameInfoData&& frameInfo, Vector<uint8_t>&& hash, PublicKeyCredentialCreationOptions&& options, bool processingUserGesture, RequestCompletionHandler&& handler)
RetainPtr<ASCCredentialRequestContext> WebAuthenticatorCoordinatorProxy::contextForRequest(WebAuthenticationRequestData&& requestData)
{
auto requestContext = configureRegistrationRequestContext(options);
performRequest(requestContext, WTFMove(handler));
}

void WebAuthenticatorCoordinatorProxy::getAssertion(FrameIdentifier frameId, FrameInfoData&& frameInfo, Vector<uint8_t>&& hash, PublicKeyCredentialRequestOptions&& options, bool processingUserGesture, RequestCompletionHandler&& handler)
{
auto requestContext = configurationAssertionRequestContext(options);
performRequest(requestContext, WTFMove(handler));
RetainPtr<ASCCredentialRequestContext> result;
WTF::switchOn(requestData.options, [&](const PublicKeyCredentialCreationOptions& options) {
result = configureRegistrationRequestContext(options);
}, [&](const PublicKeyCredentialRequestOptions& options) {
result = configurationAssertionRequestContext(options);
});
return result;
}

void WebAuthenticatorCoordinatorProxy::performRequest(RetainPtr<ASCCredentialRequestContext> requestContext, RequestCompletionHandler&& handler)
@@ -55,7 +55,6 @@ WebAuthenticatorCoordinatorProxy::~WebAuthenticatorCoordinatorProxy()
m_webPageProxy.process().removeMessageReceiver(Messages::WebAuthenticatorCoordinatorProxy::messageReceiverName(), m_webPageProxy.webPageID());
}

#if !HAVE(UNIFIED_ASC_AUTH_UI)
void WebAuthenticatorCoordinatorProxy::makeCredential(FrameIdentifier frameId, FrameInfoData&& frameInfo, Vector<uint8_t>&& hash, PublicKeyCredentialCreationOptions&& options, bool processingUserGesture, RequestCompletionHandler&& handler)
{
handleRequest({ WTFMove(hash), WTFMove(options), m_webPageProxy, WebAuthenticationPanelResult::Unavailable, nullptr, GlobalFrameIdentifier { m_webPageProxy.webPageID(), frameId }, WTFMove(frameInfo), processingUserGesture, String(), nullptr }, WTFMove(handler));
@@ -65,10 +64,21 @@ void WebAuthenticatorCoordinatorProxy::getAssertion(FrameIdentifier frameId, Fra
{
handleRequest({ WTFMove(hash), WTFMove(options), m_webPageProxy, WebAuthenticationPanelResult::Unavailable, nullptr, GlobalFrameIdentifier { m_webPageProxy.webPageID(), frameId }, WTFMove(frameInfo), processingUserGesture, String(), nullptr }, WTFMove(handler));
}
#endif

void WebAuthenticatorCoordinatorProxy::handleRequest(WebAuthenticationRequestData&& data, RequestCompletionHandler&& handler)
{
auto& authenticatorManager = m_webPageProxy.websiteDataStore().authenticatorManager();

#if HAVE(UNIFIED_ASC_AUTH_UI)
if (!authenticatorManager.isMock() && !authenticatorManager.isVirtual()) {
auto context = contextForRequest(WTFMove(data));
// performRequest calls out to ASCAgent which will then call [_WKWebAuthenticationPanel makeCredential/getAssertionWithChallenge]
// which calls authenticatorManager.handleRequest(..)
performRequest(context, WTFMove(handler));
return;
}
#endif // HAVE(UNIFIED_ASC_AUTH_UI)

auto callback = [handler = WTFMove(handler)] (std::variant<Ref<AuthenticatorResponse>, ExceptionData>&& result) mutable {
ASSERT(RunLoop::isMain());
WTF::switchOn(result, [&](const Ref<AuthenticatorResponse>& response) {
@@ -77,15 +87,15 @@ void WebAuthenticatorCoordinatorProxy::handleRequest(WebAuthenticationRequestDat
handler({ }, (AuthenticatorAttachment)0, exception);
});
};
m_webPageProxy.websiteDataStore().authenticatorManager().handleRequest(WTFMove(data), WTFMove(callback));
authenticatorManager.handleRequest(WTFMove(data), WTFMove(callback));
}

#if !HAVE(UNIFIED_ASC_AUTH_UI)
void WebAuthenticatorCoordinatorProxy::isUserVerifyingPlatformAuthenticatorAvailable(QueryCompletionHandler&& handler)
{
handler(LocalService::isAvailable());
}
#endif
#endif // !HAVE(UNIFIED_ASC_AUTH_UI)

} // namespace WebKit

@@ -77,6 +77,7 @@ class WebAuthenticatorCoordinatorProxy : public IPC::MessageReceiver {
WebPageProxy& m_webPageProxy;

#if HAVE(UNIFIED_ASC_AUTH_UI)
RetainPtr<ASCCredentialRequestContext> contextForRequest(WebAuthenticationRequestData&&);
void performRequest(RetainPtr<ASCCredentialRequestContext>, RequestCompletionHandler&&);
RetainPtr<ASCAuthorizationRemotePresenter> m_presenter;
#endif

0 comments on commit 1a2d7de

Please sign in to comment.