Changeset 249949 in webkit
- Timestamp:
- Sep 17, 2019 1:17:17 AM (5 years ago)
- Location:
- trunk/Source
- Files:
-
- 13 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r249946 r249949 1 2019-09-17 Jiewen Tan <jiewen_tan@apple.com> 2 3 [WebAuthn] Use WebPreferences instead of RuntimeEnabledFeatures in UIProcess 4 https://bugs.webkit.org/show_bug.cgi?id=198176 5 <rdar://problem/55285709> 6 7 Reviewed by Youenn Fablet. 8 9 No changes of behavior. 10 11 * Modules/webauthn/PublicKeyCredential.cpp: 12 (WebCore::PublicKeyCredential::isUserVerifyingPlatformAuthenticatorAvailable): 13 Resolves the promise with false immediately when the feature flag is false. 14 1 15 2019-09-17 Rob Buis <rbuis@igalia.com> 2 16 -
trunk/Source/WebCore/Modules/webauthn/PublicKeyCredential.cpp
r243193 r249949 37 37 #include "Page.h" 38 38 #include "PublicKeyCredentialData.h" 39 #include "RuntimeEnabledFeatures.h" 39 40 #include <wtf/text/Base64.h> 40 41 … … 74 75 void PublicKeyCredential::isUserVerifyingPlatformAuthenticatorAvailable(Document& document, DOMPromiseDeferred<IDLBoolean>&& promise) 75 76 { 77 if (!RuntimeEnabledFeatures::sharedFeatures().webAuthenticationLocalAuthenticatorEnabled()) { 78 promise.resolve(false); 79 return; 80 } 76 81 document.page()->authenticatorCoordinator().isUserVerifyingPlatformAuthenticatorAvailable(WTFMove(promise)); 77 82 } -
trunk/Source/WebKit/ChangeLog
r249948 r249949 1 2019-09-17 Jiewen Tan <jiewen_tan@apple.com> 2 3 [WebAuthn] Use WebPreferences instead of RuntimeEnabledFeatures in UIProcess 4 https://bugs.webkit.org/show_bug.cgi?id=198176 5 <rdar://problem/55285709> 6 7 Reviewed by Youenn Fablet. 8 9 This patch does the following two things: 10 1) It merges WebAuthenticationRequestData::creationOptions and requestOptions into a variant, and therefore 11 merges code paths that involve WebAuthenticationRequestData. 12 2) It teaches WebAuthenticationRequestData to store a WebPreferences such that AuthenticatorManager could utilize 13 runtime feature flags to turn features on or off. 14 15 * UIProcess/WebAuthentication/Authenticator.cpp: 16 (WebKit::Authenticator::handleRequest): 17 * UIProcess/WebAuthentication/AuthenticatorManager.cpp: 18 (WebKit::AuthenticatorManager::handleRequest): 19 (WebKit::AuthenticatorManager::clearState): 20 (WebKit::AuthenticatorManager::authenticatorAdded): 21 (WebKit::AuthenticatorManager::startDiscovery): 22 (WebKit::AuthenticatorManager::makeCredential): Deleted. 23 (WebKit::AuthenticatorManager::getAssertion): Deleted. 24 * UIProcess/WebAuthentication/AuthenticatorManager.h: 25 * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: 26 (WebKit::LocalAuthenticator::makeCredential): 27 (WebKit::LocalAuthenticator::continueMakeCredentialAfterUserConsented): 28 (WebKit::LocalAuthenticator::continueMakeCredentialAfterAttested): 29 (WebKit::LocalAuthenticator::getAssertion): 30 (WebKit::LocalAuthenticator::continueGetAssertionAfterUserConsented): 31 * UIProcess/WebAuthentication/Cocoa/LocalService.mm: 32 (WebKit::LocalService::isAvailable): 33 Don't check RuntimeEnabledFeatures given it is for WebCore. 34 * UIProcess/WebAuthentication/WebAuthenticationRequestData.h: 35 (): Deleted. 36 * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp: 37 (WebKit::WebAuthenticatorCoordinatorProxy::makeCredential): 38 (WebKit::WebAuthenticatorCoordinatorProxy::getAssertion): 39 (WebKit::WebAuthenticatorCoordinatorProxy::handleRequest): 40 * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h: 41 * UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp: 42 (WebKit::CtapAuthenticator::makeCredential): 43 (WebKit::CtapAuthenticator::continueMakeCredentialAfterResponseReceived const): 44 (WebKit::CtapAuthenticator::getAssertion): 45 * UIProcess/WebAuthentication/fido/U2fAuthenticator.cpp: 46 (WebKit::U2fAuthenticator::makeCredential): 47 (WebKit::U2fAuthenticator::checkExcludeList): 48 (WebKit::U2fAuthenticator::issueRegisterCommand): 49 (WebKit::U2fAuthenticator::getAssertion): 50 (WebKit::U2fAuthenticator::issueSignCommand): 51 (WebKit::U2fAuthenticator::continueRegisterCommandAfterResponseReceived): 52 (WebKit::U2fAuthenticator::continueSignCommandAfterResponseReceived): 53 1 54 2019-09-17 Carlos Garcia Campos <cgarcia@igalia.com> 2 55 -
trunk/Source/WebKit/UIProcess/WebAuthentication/Authenticator.cpp
r236481 r249949 37 37 m_pendingRequestData = data; 38 38 // Enforce asynchronous execution of makeCredential/getAssertion. 39 RunLoop::main().dispatch([weakThis = makeWeakPtr(*this) ] {39 RunLoop::main().dispatch([weakThis = makeWeakPtr(*this), this] { 40 40 if (!weakThis) 41 41 return; 42 if ( weakThis->m_pendingRequestData.isCreationRequest)43 weakThis->makeCredential();42 if (WTF::holds_alternative<WebCore::PublicKeyCredentialCreationOptions>(m_pendingRequestData.options)) 43 makeCredential(); 44 44 else 45 weakThis->getAssertion();45 getAssertion(); 46 46 }); 47 47 } -
trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp
r249108 r249949 29 29 #if ENABLE(WEB_AUTHN) 30 30 31 #include "WebPreferencesKeys.h" 31 32 #include <WebCore/AuthenticatorTransport.h> 32 33 #include <WebCore/PublicKeyCredentialCreationOptions.h> … … 120 121 } 121 122 122 void AuthenticatorManager:: makeCredential(const Vector<uint8_t>& hash, const PublicKeyCredentialCreationOptions& options, Callback&& callback)123 void AuthenticatorManager::handleRequest(WebAuthenticationRequestData&& data, Callback&& callback) 123 124 { 124 125 using namespace AuthenticatorManagerInternal; … … 131 132 132 133 // 1. Save request for async operations. 133 m_pendingRequestData = { hash, true, options, { } };134 m_pendingRequestData = WTFMove(data); 134 135 m_pendingCompletionHandler = WTFMove(callback); 135 initTimeOutTimer(options.timeout);136 136 137 137 // 2. Get available transports and start discovering authenticators on them. 138 startDiscovery(collectTransports(options.authenticatorSelection)); 139 } 140 141 void AuthenticatorManager::getAssertion(const Vector<uint8_t>& hash, const PublicKeyCredentialRequestOptions& options, Callback&& callback) 142 { 143 using namespace AuthenticatorManagerInternal; 144 145 if (m_pendingCompletionHandler) { 146 m_pendingCompletionHandler(ExceptionData { NotAllowedError, "This request has been cancelled by a new request."_s }); 147 m_requestTimeOutTimer.stop(); 148 } 149 clearState(); 150 151 // 1. Save request for async operations. 152 m_pendingRequestData = { hash, false, { }, options }; 153 m_pendingCompletionHandler = WTFMove(callback); 154 initTimeOutTimer(options.timeout); 155 156 // 2. Get available transports and start discovering authenticators on them. 157 ASSERT(m_services.isEmpty()); 158 startDiscovery(collectTransports(options.allowCredentials)); 138 WTF::switchOn(m_pendingRequestData.options, [&](const PublicKeyCredentialCreationOptions& options) { 139 initTimeOutTimer(options.timeout); 140 startDiscovery(collectTransports(options.authenticatorSelection)); 141 }, [&](const PublicKeyCredentialRequestOptions& options) { 142 initTimeOutTimer(options.timeout); 143 startDiscovery(collectTransports(options.allowCredentials)); 144 }); 159 145 } 160 146 … … 229 215 using namespace AuthenticatorManagerInternal; 230 216 231 ASSERT(m_services.isEmpty() && transports.size() <= maxTransportNumber );217 ASSERT(m_services.isEmpty() && transports.size() <= maxTransportNumber && m_pendingRequestData.preferences); 232 218 for (auto& transport : transports) { 219 if (transport == AuthenticatorTransport::Internal && !m_pendingRequestData.preferences->store().getBoolValueForKey(WebPreferencesKey::webAuthenticationLocalAuthenticatorEnabledKey())) 220 continue; 233 221 auto service = createService(transport, *this); 234 222 service->startDiscovery(); -
trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.h
r245987 r249949 55 55 virtual ~AuthenticatorManager() = default; 56 56 57 void makeCredential(const Vector<uint8_t>& hash, const WebCore::PublicKeyCredentialCreationOptions&, Callback&&); 58 void getAssertion(const Vector<uint8_t>& hash, const WebCore::PublicKeyCredentialRequestOptions&, Callback&&); 57 void handleRequest(WebAuthenticationRequestData&&, Callback&&); 59 58 60 59 virtual bool isMock() const { return false; } -
trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm
r248324 r249949 92 92 ASSERT(m_state == State::Init); 93 93 m_state = State::RequestReceived; 94 auto& creationOptions = WTF::get<PublicKeyCredentialCreationOptions>(requestData().options); 94 95 95 96 // The following implements https://www.w3.org/TR/webauthn/#op-make-cred as of 5 December 2017. … … 99 100 // Step 2. 100 101 bool canFullfillPubKeyCredParams = false; 101 for (auto& pubKeyCredParam : requestData().creationOptions.pubKeyCredParams) {102 for (auto& pubKeyCredParam : creationOptions.pubKeyCredParams) { 102 103 if (pubKeyCredParam.type == PublicKeyCredentialType::PublicKey && pubKeyCredParam.alg == COSE::ES256) { 103 104 canFullfillPubKeyCredParams = true; … … 111 112 112 113 // Step 3. 113 HashSet<String> excludeCredentialIds = produceHashSet(requestData().creationOptions.excludeCredentials);114 auto excludeCredentialIds = produceHashSet(creationOptions.excludeCredentials); 114 115 if (!excludeCredentialIds.isEmpty()) { 115 116 // Search Keychain for the RP ID. … … 117 118 (id)kSecClass: (id)kSecClassKey, 118 119 (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate, 119 (id)kSecAttrLabel: requestData().creationOptions.rp.id,120 (id)kSecAttrLabel: creationOptions.rp.id, 120 121 (id)kSecReturnAttributes: @YES, 121 122 (id)kSecMatchLimit: (id)kSecMatchLimitAll, … … 155 156 }; 156 157 m_connection->getUserConsent( 157 "allow " + requestData().creationOptions.rp.id + " to create a public key credential for " + requestData().creationOptions.user.name,158 "allow " + creationOptions.rp.id + " to create a public key credential for " + creationOptions.user.name, 158 159 WTFMove(callback)); 159 160 } … … 163 164 ASSERT(m_state == State::RequestReceived); 164 165 m_state = State::UserConsented; 166 auto& creationOptions = WTF::get<PublicKeyCredentialCreationOptions>(requestData().options); 165 167 166 168 if (consent == LocalConnection::UserConsent::No) { … … 174 176 NSDictionary* deleteQuery = @{ 175 177 (id)kSecClass: (id)kSecClassKey, 176 (id)kSecAttrLabel: requestData().creationOptions.rp.id,177 (id)kSecAttrApplicationTag: [NSData dataWithBytes: requestData().creationOptions.user.idVector.data() length:requestData().creationOptions.user.idVector.size()],178 (id)kSecAttrLabel: creationOptions.rp.id, 179 (id)kSecAttrApplicationTag: [NSData dataWithBytes:creationOptions.user.idVector.data() length:creationOptions.user.idVector.size()], 178 180 #if HAVE(DATA_PROTECTION_KEYCHAIN) 179 181 (id)kSecUseDataProtectionKeychain: @YES … … 196 198 weakThis->continueMakeCredentialAfterAttested(privateKey, certificates, error); 197 199 }; 198 m_connection->getAttestation( requestData().creationOptions.rp.id, requestData().creationOptions.user.name, requestData().hash, WTFMove(callback));200 m_connection->getAttestation(creationOptions.rp.id, creationOptions.user.name, requestData().hash, WTFMove(callback)); 199 201 } 200 202 … … 205 207 ASSERT(m_state == State::UserConsented); 206 208 m_state = State::Attested; 209 auto& creationOptions = WTF::get<PublicKeyCredentialCreationOptions>(requestData().options); 207 210 208 211 if (error) { … … 230 233 { 231 234 // -rk-ucrt is added by DeviceIdentity.Framework. 232 String label = makeString( requestData().creationOptions.user.name, "@", requestData().creationOptions.rp.id, "-rk-ucrt");235 String label = makeString(creationOptions.user.name, "@", creationOptions.rp.id, "-rk-ucrt"); 233 236 NSDictionary *credentialIdQuery = @{ 234 237 (id)kSecClass: (id)kSecClassKey, … … 265 268 }; 266 269 NSDictionary *updateParams = @{ 267 (id)kSecAttrLabel: requestData().creationOptions.rp.id,268 (id)kSecAttrApplicationTag: [NSData dataWithBytes: requestData().creationOptions.user.idVector.data() length:requestData().creationOptions.user.idVector.size()],270 (id)kSecAttrLabel: creationOptions.rp.id, 271 (id)kSecAttrApplicationTag: [NSData dataWithBytes:creationOptions.user.idVector.data() length:creationOptions.user.idVector.size()], 269 272 }; 270 273 status = SecItemUpdate((__bridge CFDictionaryRef)updateQuery, (__bridge CFDictionaryRef)updateParams); … … 309 312 310 313 // Step 12. 311 auto authData = buildAuthData( requestData().creationOptions.rp.id, makeCredentialFlags, counter, attestedCredentialData);314 auto authData = buildAuthData(creationOptions.rp.id, makeCredentialFlags, counter, attestedCredentialData); 312 315 313 316 // Step 13. Apple Attestation Cont' … … 336 339 attestationStatementMap[cbor::CBORValue("x5c")] = cbor::CBORValue(WTFMove(cborArray)); 337 340 } 338 auto attestationObject = buildAttestationObject(WTFMove(authData), "Apple", WTFMove(attestationStatementMap), requestData().creationOptions.attestation);341 auto attestationObject = buildAttestationObject(WTFMove(authData), "Apple", WTFMove(attestationStatementMap), creationOptions.attestation); 339 342 340 343 receiveRespond(PublicKeyCredentialData { ArrayBuffer::create(credentialId.data(), credentialId.size()), true, nullptr, ArrayBuffer::create(attestationObject.data(), attestationObject.size()), nullptr, nullptr, nullptr, WTF::nullopt }); … … 346 349 ASSERT(m_state == State::Init); 347 350 m_state = State::RequestReceived; 351 auto& requestOptions = WTF::get<PublicKeyCredentialRequestOptions>(requestData().options); 348 352 349 353 // The following implements https://www.w3.org/TR/webauthn/#op-get-assertion as of 5 December 2017. … … 352 356 // Step 12 is implicitly captured by all UnknownError exception callbacks. 353 357 // Step 3-5. Unlike the spec, if an allow list is provided and there is no intersection between existing ones and the allow list, we always return NotAllowedError. 354 HashSet<String> allowCredentialIds = produceHashSet(requestData().requestOptions.allowCredentials);355 if (!request Data().requestOptions.allowCredentials.isEmpty() && allowCredentialIds.isEmpty()) {358 auto allowCredentialIds = produceHashSet(requestOptions.allowCredentials); 359 if (!requestOptions.allowCredentials.isEmpty() && allowCredentialIds.isEmpty()) { 356 360 receiveRespond(ExceptionData { NotAllowedError, "No matched credentials are found in the platform attached authenticator."_s }); 357 361 return; … … 362 366 (id)kSecClass: (id)kSecClassKey, 363 367 (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate, 364 (id)kSecAttrLabel: request Data().requestOptions.rpId,368 (id)kSecAttrLabel: requestOptions.rpId, 365 369 (id)kSecReturnAttributes: @YES, 366 370 (id)kSecMatchLimit: (id)kSecMatchLimitAll, … … 381 385 382 386 NSArray *intersectedCredentialsAttributes = nil; 383 if (request Data().requestOptions.allowCredentials.isEmpty())387 if (requestOptions.allowCredentials.isEmpty()) 384 388 intersectedCredentialsAttributes = (NSArray *)attributesArrayRef; 385 389 else { … … 417 421 StringView idStringView { static_cast<const UChar*>([idData bytes]), static_cast<unsigned>([idData length]) }; 418 422 m_connection->getUserConsent( 419 makeString("log into ", request Data().requestOptions.rpId, " with ", idStringView),423 makeString("log into ", requestOptions.rpId, " with ", idStringView), 420 424 (__bridge SecAccessControlRef)selectedCredentialAttributes[(id)kSecAttrAccessControl], 421 425 WTFMove(callback)); … … 437 441 // Therefore, it is always zero. 438 442 uint32_t counter = 0; 439 auto authData = buildAuthData( requestData().requestOptions.rpId, getAssertionFlags, counter, { });443 auto authData = buildAuthData(WTF::get<PublicKeyCredentialRequestOptions>(requestData().options).rpId, getAssertionFlags, counter, { }); 440 444 441 445 // Step 11. -
trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalService.mm
r248308 r249949 45 45 bool LocalService::isAvailable() 46 46 { 47 // FIXME(198176)48 if (!WebCore::RuntimeEnabledFeatures::sharedFeatures().webAuthenticationLocalAuthenticatorEnabled())49 return false;50 51 47 auto context = adoptNS([allocLAContextInstance() init]); 52 48 NSError *error = nil; -
trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationRequestData.h
r236481 r249949 28 28 #if ENABLE(WEB_AUTHN) 29 29 30 #include "WebPreferences.h" 30 31 #include <WebCore/PublicKeyCredentialCreationOptions.h> 31 32 #include <WebCore/PublicKeyCredentialRequestOptions.h> 33 #include <wtf/Variant.h> 32 34 #include <wtf/Vector.h> 33 35 … … 36 38 struct WebAuthenticationRequestData { 37 39 Vector<uint8_t> hash; 38 // FIXME: Maybe we could make an ABC of Options and then use safe casting here. 39 bool isCreationRequest { true }; 40 WebCore::PublicKeyCredentialCreationOptions creationOptions; 41 WebCore::PublicKeyCredentialRequestOptions requestOptions; 40 Variant<WebCore::PublicKeyCredentialCreationOptions, WebCore::PublicKeyCredentialRequestOptions> options; 41 RefPtr<WebPreferences> preferences; 42 42 }; 43 43 -
trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp
r249275 r249949 56 56 void WebAuthenticatorCoordinatorProxy::makeCredential(uint64_t messageId, const Vector<uint8_t>& hash, const WebCore::PublicKeyCredentialCreationOptions& options) 57 57 { 58 auto callback = [messageId, weakThis = makeWeakPtr(*this)] (Variant<WebCore::PublicKeyCredentialData, WebCore::ExceptionData>&& result) { 59 ASSERT(RunLoop::isMain()); 60 if (!weakThis) 61 return; 62 63 WTF::switchOn(result, [&](const WebCore::PublicKeyCredentialData& data) { 64 weakThis->requestReply(messageId, data, { }); 65 }, [&](const WebCore::ExceptionData& exception) { 66 weakThis->requestReply(messageId, { }, exception); 67 }); 68 }; 69 m_webPageProxy.websiteDataStore().authenticatorManager().makeCredential(hash, options, WTFMove(callback)); 58 handleRequest(messageId, { hash, options, m_webPageProxy.preferences().copy() }); 70 59 } 71 60 72 61 void WebAuthenticatorCoordinatorProxy::getAssertion(uint64_t messageId, const Vector<uint8_t>& hash, const WebCore::PublicKeyCredentialRequestOptions& options) 62 { 63 handleRequest(messageId, { hash, options, m_webPageProxy.preferences().copy() }); 64 } 65 66 void WebAuthenticatorCoordinatorProxy::handleRequest(uint64_t messageId, WebAuthenticationRequestData&& data) 73 67 { 74 68 auto callback = [messageId, weakThis = makeWeakPtr(*this)] (Variant<WebCore::PublicKeyCredentialData, WebCore::ExceptionData>&& result) { … … 83 77 }); 84 78 }; 85 m_webPageProxy.websiteDataStore().authenticatorManager(). getAssertion(hash, options, WTFMove(callback));79 m_webPageProxy.websiteDataStore().authenticatorManager().handleRequest(WTFMove(data), WTFMove(callback)); 86 80 } 87 81 -
trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h
r248762 r249949 44 44 class WebPageProxy; 45 45 46 struct WebAuthenticationRequestData; 47 46 48 class WebAuthenticatorCoordinatorProxy : private IPC::MessageReceiver, public CanMakeWeakPtr<WebAuthenticatorCoordinatorProxy> { 47 49 WTF_MAKE_FAST_ALLOCATED; … … 63 65 void requestReply(uint64_t messageId, const WebCore::PublicKeyCredentialData&, const WebCore::ExceptionData&); 64 66 67 void handleRequest(uint64_t messageId, WebAuthenticationRequestData&&); 68 65 69 WebPageProxy& m_webPageProxy; 66 70 }; -
trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp
r249059 r249949 53 53 { 54 54 ASSERT(!m_isDowngraded); 55 auto cborCmd = encodeMakeCredenitalRequestAsCBOR(requestData().hash, requestData().creationOptions, m_info.options().userVerificationAvailability());55 auto cborCmd = encodeMakeCredenitalRequestAsCBOR(requestData().hash, WTF::get<PublicKeyCredentialCreationOptions>(requestData().options), m_info.options().userVerificationAvailability()); 56 56 m_driver->transact(WTFMove(cborCmd), [weakThis = makeWeakPtr(*this)](Vector<uint8_t>&& data) { 57 57 ASSERT(RunLoop::isMain()); … … 64 64 void CtapAuthenticator::continueMakeCredentialAfterResponseReceived(Vector<uint8_t>&& data) const 65 65 { 66 auto response = readCTAPMakeCredentialResponse(data, requestData().creationOptions.attestation);66 auto response = readCTAPMakeCredentialResponse(data, WTF::get<PublicKeyCredentialCreationOptions>(requestData().options).attestation); 67 67 if (!response) { 68 68 auto error = getResponseCode(data); … … 79 79 { 80 80 ASSERT(!m_isDowngraded); 81 auto cborCmd = encodeGetAssertionRequestAsCBOR(requestData().hash, requestData().requestOptions, m_info.options().userVerificationAvailability());81 auto cborCmd = encodeGetAssertionRequestAsCBOR(requestData().hash, WTF::get<PublicKeyCredentialRequestOptions>(requestData().options), m_info.options().userVerificationAvailability()); 82 82 m_driver->transact(WTFMove(cborCmd), [weakThis = makeWeakPtr(*this)](Vector<uint8_t>&& data) { 83 83 ASSERT(RunLoop::isMain()); -
trunk/Source/WebKit/UIProcess/WebAuthentication/fido/U2fAuthenticator.cpp
r249059 r249949 56 56 void U2fAuthenticator::makeCredential() 57 57 { 58 if (!isConvertibleToU2fRegisterCommand(requestData().creationOptions)) { 58 auto& creationOptions = WTF::get<PublicKeyCredentialCreationOptions>(requestData().options); 59 if (!isConvertibleToU2fRegisterCommand(creationOptions)) { 59 60 receiveRespond(ExceptionData { NotSupportedError, "Cannot convert the request to U2F command."_s }); 60 61 return; 61 62 } 62 if (! requestData().creationOptions.excludeCredentials.isEmpty()) {63 if (!creationOptions.excludeCredentials.isEmpty()) { 63 64 ASSERT(!m_nextListIndex); 64 65 checkExcludeList(m_nextListIndex++); … … 70 71 void U2fAuthenticator::checkExcludeList(size_t index) 71 72 { 72 if (index >= requestData().creationOptions.excludeCredentials.size()) { 73 auto& creationOptions = WTF::get<PublicKeyCredentialCreationOptions>(requestData().options); 74 if (index >= creationOptions.excludeCredentials.size()) { 73 75 issueRegisterCommand(); 74 76 return; 75 77 } 76 auto u2fCmd = convertToU2fCheckOnlySignCommand(requestData().hash, requestData().creationOptions, requestData().creationOptions.excludeCredentials[index]);78 auto u2fCmd = convertToU2fCheckOnlySignCommand(requestData().hash, creationOptions, creationOptions.excludeCredentials[index]); 77 79 ASSERT(u2fCmd); 78 80 issueNewCommand(WTFMove(*u2fCmd), CommandType::CheckOnlyCommand); … … 81 83 void U2fAuthenticator::issueRegisterCommand() 82 84 { 83 auto u2fCmd = convertToU2fRegisterCommand(requestData().hash, requestData().creationOptions);85 auto u2fCmd = convertToU2fRegisterCommand(requestData().hash, WTF::get<PublicKeyCredentialCreationOptions>(requestData().options)); 84 86 ASSERT(u2fCmd); 85 87 issueNewCommand(WTFMove(*u2fCmd), CommandType::RegisterCommand); … … 88 90 void U2fAuthenticator::getAssertion() 89 91 { 90 if (!isConvertibleToU2fSignCommand( requestData().requestOptions)) {92 if (!isConvertibleToU2fSignCommand(WTF::get<PublicKeyCredentialRequestOptions>(requestData().options))) { 91 93 receiveRespond(ExceptionData { NotSupportedError, "Cannot convert the request to U2F command."_s }); 92 94 return; … … 98 100 void U2fAuthenticator::issueSignCommand(size_t index) 99 101 { 100 if (index >= requestData().requestOptions.allowCredentials.size()) { 102 auto& requestOptions = WTF::get<PublicKeyCredentialRequestOptions>(requestData().options); 103 if (index >= requestOptions.allowCredentials.size()) { 101 104 receiveRespond(ExceptionData { NotAllowedError, "No credentials from the allowCredentials list is found in the authenticator."_s }); 102 105 return; 103 106 } 104 auto u2fCmd = convertToU2fSignCommand(requestData().hash, request Data().requestOptions, requestData().requestOptions.allowCredentials[index].idVector, m_isAppId);107 auto u2fCmd = convertToU2fSignCommand(requestData().hash, requestOptions, requestOptions.allowCredentials[index].idVector, m_isAppId); 105 108 ASSERT(u2fCmd); 106 109 issueNewCommand(WTFMove(*u2fCmd), CommandType::SignCommand); … … 153 156 switch (apduResponse.status()) { 154 157 case ApduResponse::Status::SW_NO_ERROR: { 155 auto response = readU2fRegisterResponse( requestData().creationOptions.rp.id, apduResponse.data(), requestData().creationOptions.attestation);158 auto response = readU2fRegisterResponse(WTF::get<PublicKeyCredentialCreationOptions>(requestData().options).rp.id, apduResponse.data(), WTF::get<PublicKeyCredentialCreationOptions>(requestData().options).attestation); 156 159 if (!response) { 157 160 receiveRespond(ExceptionData { UnknownError, "Couldn't parse the U2F register response."_s }); … … 199 202 void U2fAuthenticator::continueSignCommandAfterResponseReceived(ApduResponse&& apduResponse) 200 203 { 204 auto& requestOptions = WTF::get<PublicKeyCredentialRequestOptions>(requestData().options); 201 205 switch (apduResponse.status()) { 202 206 case ApduResponse::Status::SW_NO_ERROR: { 203 207 Optional<PublicKeyCredentialData> response; 204 208 if (m_isAppId) { 205 ASSERT(request Data().requestOptions.extensions && !requestData().requestOptions.extensions->appid.isNull());206 response = readU2fSignResponse(request Data().requestOptions.extensions->appid, requestData().requestOptions.allowCredentials[m_nextListIndex - 1].idVector, apduResponse.data());209 ASSERT(requestOptions.extensions && !requestOptions.extensions->appid.isNull()); 210 response = readU2fSignResponse(requestOptions.extensions->appid, requestOptions.allowCredentials[m_nextListIndex - 1].idVector, apduResponse.data()); 207 211 } else 208 response = readU2fSignResponse(request Data().requestOptions.rpId, requestData().requestOptions.allowCredentials[m_nextListIndex - 1].idVector, apduResponse.data());212 response = readU2fSignResponse(requestOptions.rpId, requestOptions.allowCredentials[m_nextListIndex - 1].idVector, apduResponse.data()); 209 213 if (!response) { 210 214 receiveRespond(ExceptionData { UnknownError, "Couldn't parse the U2F sign response."_s }); … … 222 226 return; 223 227 case ApduResponse::Status::SW_WRONG_DATA: 224 if (request Data().requestOptions.extensions && !requestData().requestOptions.extensions->appid.isNull()) {228 if (requestOptions.extensions && !requestOptions.extensions->appid.isNull()) { 225 229 if (!m_isAppId) { 226 230 m_isAppId = true;
Note: See TracChangeset
for help on using the changeset viewer.