Skip to content
Permalink
Browse files
WebAuthn authenticatorAttachment is always "platform" over hybrid
https://bugs.webkit.org/show_bug.cgi?id=248800
rdar://102608692

Reviewed by J Pascoe.

At the time this was written, the type of credential implied the attachment. Now
all of the credential types have an attachment property to use instead.

Canonical link: https://commits.webkit.org/257576@main
  • Loading branch information
g-davidson authored and pascoej committed Dec 8, 2022
1 parent 5e92b79 commit f1464f7963f4f9e7af500b80138f919596f5ab21
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 6 deletions.
@@ -295,6 +295,7 @@ typedef NS_ENUM(NSInteger, ASCredentialRequestStyle) {
@property (nonatomic, copy, readonly) NSData *rawClientDataJSON;
@property (nonatomic, copy) NSArray<NSNumber *> *transports;
@property (nonatomic, copy, nullable) NSData *extensionOutputsCBOR;
@property (nonatomic, copy, readonly) NSString *attachment;

+ (instancetype)new NS_UNAVAILABLE;
- (instancetype)init NS_UNAVAILABLE;
@@ -311,6 +312,7 @@ typedef NS_ENUM(NSInteger, ASCredentialRequestStyle) {
@property (nonatomic, copy, readonly) NSData *attestationObject;
@property (nonatomic, copy) NSArray<NSNumber *> *transports;
@property (nonatomic, copy, readonly, nullable) NSData *extensionOutputsCBOR;
@property (nonatomic, copy, readonly) NSString *attachment;

@end

@@ -327,6 +329,7 @@ typedef NS_ENUM(NSInteger, ASCredentialRequestStyle) {
@property (nonatomic, copy, readonly) NSData *signature;
@property (nonatomic, copy, readonly, nullable) NSData *userHandle;
@property (nonatomic, copy, readonly, nullable) NSData *extensionOutputsCBOR;
@property (nonatomic, copy, readonly) NSString *attachment;

@end

@@ -341,6 +344,7 @@ typedef NS_ENUM(NSInteger, ASCredentialRequestStyle) {
@property (nonatomic, copy, readonly, nullable) NSData *userHandle;
@property (nonatomic, copy, readonly) NSData *rawClientDataJSON;
@property (nonatomic, copy, readonly, nullable) NSData *extensionOutputsCBOR;
@property (nonatomic, copy, readonly) NSString *attachment;

@end

@@ -391,55 +391,54 @@ static inline ASPublicKeyCredentialResidentKeyPreference toASCResidentKeyPrefere
static inline void continueAfterRequest(RetainPtr<id <ASCCredentialProtocol>> credential, RetainPtr<NSError> error, RequestCompletionHandler&& handler)
{
AuthenticatorResponseData response = { };
AuthenticatorAttachment attachment;
ExceptionData exceptionData = { };
NSString *rawAttachment = nil;

if ([credential isKindOfClass:getASCPlatformPublicKeyCredentialRegistrationClass()]) {
attachment = AuthenticatorAttachment::Platform;
response.isAuthenticatorAttestationResponse = true;

ASCPlatformPublicKeyCredentialRegistration *registrationCredential = credential.get();
response.rawId = toArrayBuffer(registrationCredential.credentialID);
response.attestationObject = toArrayBuffer(registrationCredential.attestationObject);
rawAttachment = registrationCredential.attachment;
if ([registrationCredential respondsToSelector:@selector(transports)])
response.transports = toAuthenticatorTransports(registrationCredential.transports);
if ([registrationCredential respondsToSelector:@selector(extensionOutputsCBOR)])
response.extensionOutputs = toExtensionOutputs(registrationCredential.extensionOutputsCBOR);
} else if ([credential isKindOfClass:getASCSecurityKeyPublicKeyCredentialRegistrationClass()]) {
attachment = AuthenticatorAttachment::CrossPlatform;
response.isAuthenticatorAttestationResponse = true;

ASCSecurityKeyPublicKeyCredentialRegistration *registrationCredential = credential.get();
response.rawId = toArrayBuffer(registrationCredential.credentialID);
response.attestationObject = toArrayBuffer(registrationCredential.attestationObject);
rawAttachment = registrationCredential.attachment;
if ([registrationCredential respondsToSelector:@selector(transports)])
response.transports = toAuthenticatorTransports(registrationCredential.transports);
if ([registrationCredential respondsToSelector:@selector(extensionOutputsCBOR)])
response.extensionOutputs = toExtensionOutputs(registrationCredential.extensionOutputsCBOR);
} else if ([credential isKindOfClass:getASCPlatformPublicKeyCredentialAssertionClass()]) {
attachment = AuthenticatorAttachment::Platform;
response.isAuthenticatorAttestationResponse = false;

ASCPlatformPublicKeyCredentialAssertion *assertionCredential = credential.get();
response.rawId = toArrayBuffer(assertionCredential.credentialID);
response.authenticatorData = toArrayBuffer(assertionCredential.authenticatorData);
response.signature = toArrayBuffer(assertionCredential.signature);
response.userHandle = toArrayBuffer(assertionCredential.userHandle);
rawAttachment = assertionCredential.attachment;
if ([assertionCredential respondsToSelector:@selector(extensionOutputsCBOR)])
response.extensionOutputs = toExtensionOutputs(assertionCredential.extensionOutputsCBOR);
} else if ([credential isKindOfClass:getASCSecurityKeyPublicKeyCredentialAssertionClass()]) {
attachment = AuthenticatorAttachment::CrossPlatform;
response.isAuthenticatorAttestationResponse = false;

ASCSecurityKeyPublicKeyCredentialAssertion *assertionCredential = credential.get();
response.rawId = toArrayBuffer(assertionCredential.credentialID);
response.authenticatorData = toArrayBuffer(assertionCredential.authenticatorData);
response.signature = toArrayBuffer(assertionCredential.signature);
response.userHandle = toArrayBuffer(assertionCredential.userHandle);
rawAttachment = assertionCredential.attachment;
if ([assertionCredential respondsToSelector:@selector(extensionOutputsCBOR)])
response.extensionOutputs = toExtensionOutputs(assertionCredential.extensionOutputsCBOR);
} else {
attachment = (AuthenticatorAttachment) 0;
ExceptionCode exceptionCode;
NSString *errorMessage = nil;
if ([error.get().domain isEqualToString:WKErrorDomain]) {
@@ -459,6 +458,14 @@ static inline void continueAfterRequest(RetainPtr<id <ASCCredentialProtocol>> cr

exceptionData = { exceptionCode, errorMessage };
}

AuthenticatorAttachment attachment;
if ([rawAttachment isEqualToString:@"platform"])
attachment = AuthenticatorAttachment::Platform;
else {
ASSERT([rawAttachment isEqualToString:@"cross-platform"]);
attachment = AuthenticatorAttachment::CrossPlatform;
}

handler(response, attachment, exceptionData);
}

0 comments on commit f1464f7

Please sign in to comment.