Apply patch. rdar://124405037

Identifier: 272448.844@safari-7618-branch

Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesForwardDeclarations.h

@@ -188,6 +188,12 @@ typedef NS_ENUM(NSInteger, ASPublicKeyCredentialClientDataCrossOriginValue) {
 
 @end
 
+@interface ASAuthorizationPlatformPublicKeyCredentialDescriptor : NSObject <ASAuthorizationPublicKeyCredentialDescriptor>
+
+- (instancetype)initWithCredentialID:(NSData *)credentialID NS_DESIGNATED_INITIALIZER;
+
+@end
+
 @protocol ASAuthorizationPublicKeyCredentialAssertionRequest <NSObject, NSSecureCoding, NSCopying>
 
 @property (nonatomic, copy) NSData *challenge;
@@ -200,10 +206,13 @@ typedef NS_ENUM(NSInteger, ASPublicKeyCredentialClientDataCrossOriginValue) {
 
 @end
 
-@interface ASAuthorizationPlatformPublicKeyCredentialDescriptor : NSObject <ASAuthorizationPublicKeyCredentialDescriptor>
-
-- (instancetype)initWithCredentialID:(NSData *)credentialID NS_DESIGNATED_INITIALIZER;
+@protocol ASAuthorizationWebBrowserPlatformPublicKeyCredentialRegistrationRequest
+@property (nonatomic, readonly, nullable) ASPublicKeyCredentialClientData *clientData;
+@property (nonatomic, nullable, copy) NSArray<ASAuthorizationPlatformPublicKeyCredentialDescriptor *> *excludedCredentials;
+@property (nonatomic) BOOL shouldShowHybridTransport;
+@end
 
+@interface ASAuthorizationPlatformPublicKeyCredentialRegistrationRequest () <ASAuthorizationWebBrowserPlatformPublicKeyCredentialRegistrationRequest>
 @end
 
 typedef NS_ENUM(NSInteger, ASAuthorizationPublicKeyCredentialLargeBlobAssertionOperation) {

Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm

@@ -106,6 +106,55 @@ - (void)authorizationController:(ASAuthorizationController *)controller didCompl
     return ArrayBuffer::create(reinterpret_cast<const uint8_t *>(data.bytes), data.length);
 }
 
+static inline ExceptionCode toExceptionCode(NSInteger nsErrorCode)
+{
+    ExceptionCode exceptionCode = (ExceptionCode)nsErrorCode;
+
+    switch (exceptionCode) {
+    case ExceptionCode::IndexSizeError:
+    case ExceptionCode::HierarchyRequestError:
+    case ExceptionCode::WrongDocumentError:
+    case ExceptionCode::InvalidCharacterError:
+    case ExceptionCode::NoModificationAllowedError:
+    case ExceptionCode::NotFoundError:
+    case ExceptionCode::NotSupportedError:
+    case ExceptionCode::InUseAttributeError:
+    case ExceptionCode::InvalidStateError:
+    case ExceptionCode::SyntaxError:
+    case ExceptionCode::InvalidModificationError:
+    case ExceptionCode::NamespaceError:
+    case ExceptionCode::InvalidAccessError:
+    case ExceptionCode::TypeMismatchError:
+    case ExceptionCode::SecurityError:
+    case ExceptionCode::NetworkError:
+    case ExceptionCode::AbortError:
+    case ExceptionCode::URLMismatchError:
+    case ExceptionCode::QuotaExceededError:
+    case ExceptionCode::TimeoutError:
+    case ExceptionCode::InvalidNodeTypeError:
+    case ExceptionCode::DataCloneError:
+    case ExceptionCode::EncodingError:
+    case ExceptionCode::NotReadableError:
+    case ExceptionCode::UnknownError:
+    case ExceptionCode::ConstraintError:
+    case ExceptionCode::DataError:
+    case ExceptionCode::TransactionInactiveError:
+    case ExceptionCode::ReadonlyError:
+    case ExceptionCode::VersionError:
+    case ExceptionCode::OperationError:
+    case ExceptionCode::NotAllowedError:
+    case ExceptionCode::RangeError:
+    case ExceptionCode::TypeError:
+    case ExceptionCode::JSSyntaxError:
+    case ExceptionCode::StackOverflowError:
+    case ExceptionCode::OutOfMemoryError:
+    case ExceptionCode::ExistingExceptionError:
+        return exceptionCode;
+    }
+
+    return ExceptionCode::NotAllowedError;
+}
+
 #if HAVE(WEB_AUTHN_AS_MODERN)
 
 static inline ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement toASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement(const String& requirement)
@@ -208,6 +257,22 @@ static inline ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement toAS
             }
         }
     }
+
+    RetainPtr<NSMutableArray<ASAuthorizationPlatformPublicKeyCredentialDescriptor *>> platformExcludedCredentials = adoptNS([[NSMutableArray alloc] init]);
+    RetainPtr<NSMutableArray<ASAuthorizationSecurityKeyPublicKeyCredentialDescriptor *>> crossPlatformExcludedCredentials = adoptNS([[NSMutableArray alloc] init]);
+    for (auto credential : options.excludeCredentials) {
+        if (credential.transports.contains(AuthenticatorTransport::Internal) || credential.transports.isEmpty())
+            [platformExcludedCredentials addObject:adoptNS([allocASAuthorizationPlatformPublicKeyCredentialDescriptorInstance() initWithCredentialID:toNSData(credential.id).get()]).get()];
+        if (credential.transports.isEmpty() || !credential.transports.contains(AuthenticatorTransport::Internal)) {
+            RetainPtr<NSMutableArray<ASAuthorizationSecurityKeyPublicKeyCredentialDescriptorTransport>> transports = adoptNS([[NSMutableArray alloc] init]);
+            for (auto transport : credential.transports) {
+                if (auto asTransport = toASAuthorizationSecurityKeyPublicKeyCredentialDescriptorTransport(transport))
+                    [transports addObject:asTransport.get()];
+            }
+            [crossPlatformExcludedCredentials addObject:adoptNS([allocASAuthorizationSecurityKeyPublicKeyCredentialDescriptorInstance() initWithCredentialID:toNSData(credential.id).get() transports:transports.get()]).get()];
+        }
+    }
+
     RetainPtr<ASPublicKeyCredentialClientData> clientData = adoptNS([allocASPublicKeyCredentialClientDataInstance() initWithChallenge:toNSData(options.challenge).get() origin:callerOrigin.toString()]);
     if (includePlatformRequest) {
         RetainPtr request = adoptNS([[allocASAuthorizationPlatformPublicKeyCredentialProviderInstance() initWithRelyingPartyIdentifier:*options.rp.id] createCredentialRegistrationRequestWithClientData:clientData.get() name:options.user.name userID:toNSData(options.user.id).get()]);
@@ -221,6 +286,7 @@ static inline ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement toAS
             ASSERT(!options.extensions->largeBlob->read && !options.extensions->largeBlob->write);
             request.get().largeBlob = adoptNS([allocASAuthorizationPublicKeyCredentialLargeBlobRegistrationInputInstance() initWithSupportRequirement:toASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement(options.extensions->largeBlob->support)]).get();
         }
+        request.get().excludedCredentials = platformExcludedCredentials.get();
         [requests addObject:request.leakRef()];
     }
     if (includeSecurityKeyRequest) {
@@ -239,6 +305,7 @@ static inline ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement toAS
             request.get().userVerificationPreference = toASUserVerificationPreference(options.authenticatorSelection->userVerification).get();
             request.get().residentKeyPreference = toASResidentKeyPreference(options.authenticatorSelection->residentKey, options.authenticatorSelection->requireResidentKey).get();
         }
+        request.get().excludedCredentials = crossPlatformExcludedCredentials.get();
         [requests addObject:request.leakRef()];
     }
 
@@ -371,13 +438,15 @@ static inline ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement toAS
     m_delegate = adoptNS([[_WKASDelegate alloc] initWithPage:WTFMove(requestData.page) completionHandler:makeBlockPtr([weakThis = WeakPtr { *this }](ASAuthorization *auth, NSError *error) mutable {
         if (!weakThis)
             return;
-        ensureOnMainRunLoop([weakThis = WTFMove(weakThis), auth = retainPtr(auth)]() {
+        ensureOnMainRunLoop([weakThis = WTFMove(weakThis), auth = retainPtr(auth), error = retainPtr(error)]() {
             if (!weakThis)
                 return;
             WebCore::AuthenticatorResponseData response = { };
             WebCore::ExceptionData exceptionData = { ExceptionCode::NotAllowedError, @"" };
             WebCore::AuthenticatorAttachment attachment = AuthenticatorAttachment::Platform;
-            if ([auth.get().credential isKindOfClass:getASAuthorizationPlatformPublicKeyCredentialRegistrationClass()]) {
+            if ([error.get().domain isEqualToString:WKErrorDomain])
+                exceptionData = { toExceptionCode(error.get().code), error.get().userInfo[NSLocalizedDescriptionKey] };
+            else if ([auth.get().credential isKindOfClass:getASAuthorizationPlatformPublicKeyCredentialRegistrationClass()]) {
                 response.isAuthenticatorAttestationResponse = true;
                 auto credential = retainPtr((ASAuthorizationPlatformPublicKeyCredentialRegistration *)auth.get().credential);
                 response.rawId = toArrayBuffer(credential.get().credentialID);
@@ -473,55 +542,6 @@ static inline ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement toAS
     return @"none";
 }
 
-static inline ExceptionCode toExceptionCode(NSInteger nsErrorCode)
-{
-    ExceptionCode exceptionCode = (ExceptionCode)nsErrorCode;
-
-    switch (exceptionCode) {
-    case ExceptionCode::IndexSizeError: FALLTHROUGH;
-    case ExceptionCode::HierarchyRequestError: FALLTHROUGH;
-    case ExceptionCode::WrongDocumentError: FALLTHROUGH;
-    case ExceptionCode::InvalidCharacterError: FALLTHROUGH;
-    case ExceptionCode::NoModificationAllowedError: FALLTHROUGH;
-    case ExceptionCode::NotFoundError: FALLTHROUGH;
-    case ExceptionCode::NotSupportedError: FALLTHROUGH;
-    case ExceptionCode::InUseAttributeError: FALLTHROUGH;
-    case ExceptionCode::InvalidStateError: FALLTHROUGH;
-    case ExceptionCode::SyntaxError: FALLTHROUGH;
-    case ExceptionCode::InvalidModificationError: FALLTHROUGH;
-    case ExceptionCode::NamespaceError: FALLTHROUGH;
-    case ExceptionCode::InvalidAccessError: FALLTHROUGH;
-    case ExceptionCode::TypeMismatchError: FALLTHROUGH;
-    case ExceptionCode::SecurityError: FALLTHROUGH;
-    case ExceptionCode::NetworkError: FALLTHROUGH;
-    case ExceptionCode::AbortError: FALLTHROUGH;
-    case ExceptionCode::URLMismatchError: FALLTHROUGH;
-    case ExceptionCode::QuotaExceededError: FALLTHROUGH;
-    case ExceptionCode::TimeoutError: FALLTHROUGH;
-    case ExceptionCode::InvalidNodeTypeError: FALLTHROUGH;
-    case ExceptionCode::DataCloneError: FALLTHROUGH;
-    case ExceptionCode::EncodingError: FALLTHROUGH;
-    case ExceptionCode::NotReadableError: FALLTHROUGH;
-    case ExceptionCode::UnknownError: FALLTHROUGH;
-    case ExceptionCode::ConstraintError: FALLTHROUGH;
-    case ExceptionCode::DataError: FALLTHROUGH;
-    case ExceptionCode::TransactionInactiveError: FALLTHROUGH;
-    case ExceptionCode::ReadonlyError: FALLTHROUGH;
-    case ExceptionCode::VersionError: FALLTHROUGH;
-    case ExceptionCode::OperationError: FALLTHROUGH;
-    case ExceptionCode::NotAllowedError: FALLTHROUGH;
-    case ExceptionCode::RangeError: FALLTHROUGH;
-    case ExceptionCode::TypeError: FALLTHROUGH;
-    case ExceptionCode::JSSyntaxError: FALLTHROUGH;
-    case ExceptionCode::StackOverflowError: FALLTHROUGH;
-    case ExceptionCode::OutOfMemoryError: FALLTHROUGH;
-    case ExceptionCode::ExistingExceptionError:
-        return exceptionCode;
-    }
-
-    return ExceptionCode::NotAllowedError;
-}
-
 static inline RetainPtr<ASCPublicKeyCredentialDescriptor> toASCDescriptor(PublicKeyCredentialDescriptor descriptor)
 {
     RetainPtr<NSMutableArray<NSString *>> transports;