Changeset 286993 in webkit

Timestamp:

Dec 13, 2021 3:58:25 PM (7 months ago)

Author:

J Pascoe

Message:

[WebAuthn] Allow same-site, cross-origin iframe get()
​https://bugs.webkit.org/show_bug.cgi?id=234180
rdar://85161142

Reviewed by Brent Fulgham.

Source/WebCore:

The Web Authentication level 2 specifies a feature policy to allow get calls in
cross-origin i-frames. This patch implements this feature policy partially. Only
same-site, cross-origin i-frames are supported instead. This is for tracking prevention
purposes. ​https://w3c.github.io/webauthn/#sctn-iframe-guidance

This patch also starts passing ClientDataJSON hashes to ASC to avoid the situation
where WebKit includes crossOrigin or other fields in ClientDataJSON that ASC is
unaware of when generating ClientDataJSON.

Added layout test cases for same-site, cross-origin get calls.

• Modules/webauthn/AuthenticatorCoordinator.cpp:

(WebCore::AuthenticatorCoordinator::create const):
(WebCore::doesHaveSameSiteAsAncestors):
(WebCore::AuthenticatorCoordinator::discoverFromExternalSource const):

• Modules/webauthn/WebAuthenticationUtils.cpp:

(WebCore::buildClientDataJson):

• Modules/webauthn/WebAuthenticationUtils.h:
• html/FeaturePolicy.cpp:

(WebCore::policyTypeName):
(WebCore::FeaturePolicy::parse):
(WebCore::FeaturePolicy::allows const):

• html/FeaturePolicy.h:

Source/WebKit:

The Web Authentication level 2 specifies a feature policy to allow get calls in
cross-origin i-frames. This patch implements this feature policy partially. Only
same-site, cross-origin i-frames are supported instead. This is for tracking prevention
purposes. ​https://w3c.github.io/webauthn/#sctn-iframe-guidance

This patch also starts passing ClientDataJSON hashes to ASC to avoid the situation
where WebKit includes crossOrigin or other fields in ClientDataJSON that ASC is
unaware of when generating ClientDataJSON.

Added layout test cases for same-site, cross-origin get calls.

• Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h:
• UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:

(produceClientDataJson):

• UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm:

(WebKit::configureRegistrationRequestContext):
(WebKit::configurationAssertionRequestContext):
(WebKit::WebAuthenticatorCoordinatorProxy::contextForRequest):

LayoutTests:

Add layout test for WebAuthn get assertions on cross-site, same-sites i-frames with
publickey-credentials-get feature policy.

• http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https-expected.txt:
• http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html:
• http/wpt/webauthn/resources/util.js:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https-expected.txt (modified) (1 diff)
• LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html (modified) (1 diff)
• LayoutTests/http/wpt/webauthn/resources/samesite-iframe.html (added)
• LayoutTests/http/wpt/webauthn/resources/util.js (modified) (2 diffs)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp (modified) (4 diffs)
• Source/WebCore/Modules/credentialmanagement/CredentialsContainer.h (modified) (2 diffs)
• Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp (modified) (7 diffs)
• Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.h (modified) (2 diffs)
• Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h (modified) (1 diff)
• Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp (modified) (2 diffs)
• Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h (modified) (1 diff)
• Source/WebCore/html/FeaturePolicy.cpp (modified) (5 diffs)
• Source/WebCore/html/FeaturePolicy.h (modified) (2 diffs)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h (modified) (2 diffs)
• Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm (modified) (1 diff)
• Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm (modified) (5 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2021-12-13  J Pascoe  <j_pascoe@apple.com>
+
+        [WebAuthn] Allow same-site, cross-origin iframe get()
+        https://bugs.webkit.org/show_bug.cgi?id=234180
+        rdar://85161142
+
+        Reviewed by Brent Fulgham.
+
+        Add layout test for WebAuthn get assertions on cross-site, same-sites i-frames with
+        publickey-credentials-get feature policy.
+
+        * http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https-expected.txt:
+        * http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html:
+        * http/wpt/webauthn/resources/util.js:
+
 2021-12-13  Ryan Haddad  <ryanhaddad@apple.com>
 

trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https-expected.txt

@@ -3 +3 @@
 PASS Tests that a frame that doesn't share the same origin with all its ancestors could not access the API.
 PASS Tests that a frame that doesn't share the same origin with all its ancestors could not access the API. 2
+PASS Tests that a frame that is same-site, cross-origin without publickey-credentials-get feature policy cannot use get().
+PASS Tests that a frame that is same-site, cross-origin with publickey-credentials-get feature policy can use get().
+PASS Tests that a frame that is cross-origin, NOT same-site  with publickey-credentials-get feature policy cannot use get().
 

trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html

@@ -23 +23 @@
             });
         }, "Tests that a frame that doesn't share the same origin with all its ancestors could not access the API. 2");
+
+        promise_test(t => {
+            return withSameSiteIframe("samesite-iframe.html").then((message) => {
+                assert_equals(message.data, "Throw NotAllowedError: The origin of the document is not the same as its ancestors.");
+            });
+        }, "Tests that a frame that is same-site, cross-origin without publickey-credentials-get feature policy cannot use get().");
+
+        promise_test(t => {
+            return withSameSiteIframe("samesite-iframe.html", "publickey-credentials-get").then((message) => {
+                assert_equals(message.data, "PASS!");
+            });
+        }, "Tests that a frame that is same-site, cross-origin with publickey-credentials-get feature policy can use get().");
+
+        promise_test(t => {
+            return withCrossOriginIframe("samesite-iframe.html", "publickey-credentials-get").then((message) => {
+                assert_equals(message.data, "Throw NotAllowedError: The origin of the document is not the same as its ancestors.");
+            });
+        }, "Tests that a frame that is cross-origin, NOT same-site  with publickey-credentials-get feature policy cannot use get().");
     </script>
 </body>

trunk/LayoutTests/http/wpt/webauthn/resources/util.js

@@ -305 +305 @@
 }
 
-function withCrossOriginIframe(resourceFile)
+function withCrossOriginIframe(resourceFile, allow = "")
 {
     return new Promise((resolve) => {
@@ -312 +312 @@
         });
         const frame = document.createElement("iframe");
+        frame.allow = allow;
         frame.src = get_host_info().HTTPS_REMOTE_ORIGIN + RESOURCES_DIR + resourceFile;
         document.body.appendChild(frame);
+    });
+}
+
+function withSameSiteIframe(resourceFile, allow = "")
+{
+    return new Promise((resolve) => {
+        waitForLoad().then((message) => {
+            resolve(message);
+       });
+       const frame = document.createElement("iframe");
+       const host = get_host_info();
+       frame.allow = allow;
+       frame.src = "https://" + host.ORIGINAL_HOST + ":" + host.HTTPS_PORT2 + RESOURCES_DIR + resourceFile;
+       document.body.appendChild(frame);
     });
 }

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2021-12-13  J Pascoe  <j_pascoe@apple.com>
+
+        [WebAuthn] Allow same-site, cross-origin iframe get()
+        https://bugs.webkit.org/show_bug.cgi?id=234180
+        rdar://85161142
+
+        Reviewed by Brent Fulgham.
+
+        The Web Authentication level 2 specifies a feature policy to allow get calls in
+        cross-origin i-frames. This patch implements this feature policy partially. Only
+        same-site, cross-origin i-frames are supported instead. This is for tracking prevention
+        purposes. https://w3c.github.io/webauthn/#sctn-iframe-guidance
+
+        This patch also starts passing ClientDataJSON hashes to ASC to avoid the situation
+        where WebKit includes crossOrigin or other fields in ClientDataJSON that ASC is
+        unaware of when generating ClientDataJSON.
+
+        Added layout test cases for same-site, cross-origin get calls.
+
+        * Modules/webauthn/AuthenticatorCoordinator.cpp:
+        (WebCore::AuthenticatorCoordinator::create const):
+        (WebCore::doesHaveSameSiteAsAncestors):
+        (WebCore::AuthenticatorCoordinator::discoverFromExternalSource const):
+        * Modules/webauthn/WebAuthenticationUtils.cpp:
+        (WebCore::buildClientDataJson):
+        * Modules/webauthn/WebAuthenticationUtils.h:
+        * html/FeaturePolicy.cpp:
+        (WebCore::policyTypeName):
+        (WebCore::FeaturePolicy::parse):
+        (WebCore::FeaturePolicy::allows const):
+        * html/FeaturePolicy.h:
+
 2021-12-13  Andreu Botella  <andreu@andreubotella.com>
 

trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp

@@ -38 +38 @@
 #include "Page.h"
 #include "SecurityOrigin.h"
+#include "WebAuthenticationConstants.h"
 
 namespace WebCore {
@@ -46 +47 @@
 }
 
-bool CredentialsContainer::doesHaveSameOriginAsItsAncestors()
+WebAuthn::Scope CredentialsContainer::scope()
 {
-    // The following implements https://w3c.github.io/webappsec-credential-management/#same-origin-with-its-ancestors
-    // as of 14 November 2017.
     if (!m_document)
-        return false;
+        return WebAuthn::Scope::CrossOrigin;
+    
+    bool isSameOrigin = true;
+    bool isSameSite = true;
+    auto& origin = m_document->securityOrigin();
+    auto& url = m_document->url();
+    for (auto* document = m_document->parentDocument(); document; document = document->parentDocument()) {
+        if (!origin.isSameOriginDomain(document->securityOrigin()) && !areRegistrableDomainsEqual(url, document->url()))
+            isSameSite = false;
+        if (!origin.isSameOriginAs(document->securityOrigin()))
+            isSameOrigin = false;
+    }
 
-    auto& origin = m_document->securityOrigin();
-    for (auto* document = m_document->parentDocument(); document; document = document->parentDocument()) {
-        if (!origin.isSameOriginAs(document->securityOrigin()))
-            return false;
-    }
-    return true;
+    if (isSameOrigin)
+        return WebAuthn::Scope::SameOrigin;
+    if (isSameSite)
+        return WebAuthn::Scope::SameSite;
+    return WebAuthn::Scope::CrossOrigin;
 }
 
@@ -90 +99 @@
     }
 
-    m_document->page()->authenticatorCoordinator().discoverFromExternalSource(*m_document, options.publicKey.value(), doesHaveSameOriginAsItsAncestors(), WTFMove(options.signal), WTFMove(promise));
+    m_document->page()->authenticatorCoordinator().discoverFromExternalSource(*m_document, options.publicKey.value(), scope(), WTFMove(options.signal), WTFMove(promise));
 }
 
@@ -125 +134 @@
     }
 
-    m_document->page()->authenticatorCoordinator().create(*m_document, options.publicKey.value(), doesHaveSameOriginAsItsAncestors(), WTFMove(options.signal), WTFMove(promise));
+    m_document->page()->authenticatorCoordinator().create(*m_document, options.publicKey.value(), scope(), WTFMove(options.signal), WTFMove(promise));
 }
 

trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.h

@@ -33 +33 @@
 #include <wtf/WeakPtr.h>
 
+namespace WebAuthn {
+enum class Scope;
+}
+
 namespace WebCore {
 
@@ -55 +59 @@
     CredentialsContainer(WeakPtr<Document>&&);
 
-    bool doesHaveSameOriginAsItsAncestors();
+    WebAuthn::Scope scope();
 
     WeakPtr<Document> m_document;

trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp

@@ -35 +35 @@
 #include "AuthenticatorResponseData.h"
 #include "Document.h"
+#include "FeaturePolicy.h"
 #include "JSBasicCredential.h"
 #include "JSDOMPromiseDeferred.h"
@@ -105 +106 @@
 }
 
-void AuthenticatorCoordinator::create(const Document& document, const PublicKeyCredentialCreationOptions& options, bool sameOriginWithAncestors, RefPtr<AbortSignal>&& abortSignal, CredentialPromise&& promise) const
+void AuthenticatorCoordinator::create(const Document& document, const PublicKeyCredentialCreationOptions& options, WebAuthn::Scope scope, RefPtr<AbortSignal>&& abortSignal, CredentialPromise&& promise) const
 {
     using namespace AuthenticatorCoordinatorInternal;
@@ -115 +116 @@
     // Step 1, 3, 16 are handled by the caller.
     // Step 2.
-    if (!sameOriginWithAncestors) {
+    if (scope != WebAuthn::Scope::SameOrigin) {
         promise.reject(Exception { NotAllowedError, "The origin of the document is not the same as its ancestors."_s });
         return;
@@ -149 +150 @@
 
     // Step 13-15.
-    auto clientDataJson = buildClientDataJson(ClientDataType::Create, options.challenge, callerOrigin);
+    auto clientDataJson = buildClientDataJson(ClientDataType::Create, options.challenge, callerOrigin, scope);
     auto clientDataJsonHash = buildClientDataJsonHash(clientDataJson);
 
@@ -176 +177 @@
 }
 
-void AuthenticatorCoordinator::discoverFromExternalSource(const Document& document, const PublicKeyCredentialRequestOptions& options, bool sameOriginWithAncestors, RefPtr<AbortSignal>&& abortSignal, CredentialPromise&& promise) const
+void AuthenticatorCoordinator::discoverFromExternalSource(const Document& document, const PublicKeyCredentialRequestOptions& options, WebAuthn::Scope scope, RefPtr<AbortSignal>&& abortSignal, CredentialPromise&& promise) const
 {
     using namespace AuthenticatorCoordinatorInternal;
@@ -186 +187 @@
     // Step 1, 3, 13 are handled by the caller.
     // Step 2.
-    if (!sameOriginWithAncestors) {
+    // This implements https://www.w3.org/TR/webauthn-2/#sctn-permissions-policy except only same-site, cross-origin is permitted.
+    if (scope != WebAuthn::Scope::SameOrigin && !(scope == WebAuthn::Scope::SameSite && isFeaturePolicyAllowedByDocumentAndAllOwners(FeaturePolicy::Type::PublickeyCredentialsGetRule, document, LogFeaturePolicyFailure::No))) {
         promise.reject(Exception { NotAllowedError, "The origin of the document is not the same as its ancestors."_s });
         return;
@@ -220 +222 @@
 
     // Step 10-12.
-    auto clientDataJson = buildClientDataJson(ClientDataType::Get, options.challenge, callerOrigin);
+    auto clientDataJson = buildClientDataJson(ClientDataType::Get, options.challenge, callerOrigin, scope);
     auto clientDataJsonHash = buildClientDataJsonHash(clientDataJson);
 

trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.h

@@ -32 +32 @@
 #include <wtf/Noncopyable.h>
 
+namespace WebAuthn {
+enum class Scope;
+}
+
 namespace WebCore {
 
@@ -54 +58 @@
 
     // The following methods implement static methods of PublicKeyCredential.
-    void create(const Document&, const PublicKeyCredentialCreationOptions&, bool sameOriginWithAncestors, RefPtr<AbortSignal>&&, CredentialPromise&&) const;
-    void discoverFromExternalSource(const Document&, const PublicKeyCredentialRequestOptions&, bool sameOriginWithAncestors, RefPtr<AbortSignal>&&, CredentialPromise&&) const;
+    void create(const Document&, const PublicKeyCredentialCreationOptions&, WebAuthn::Scope, RefPtr<AbortSignal>&&, CredentialPromise&&) const;
+    void discoverFromExternalSource(const Document&, const PublicKeyCredentialRequestOptions&, WebAuthn::Scope, RefPtr<AbortSignal>&&, CredentialPromise&&) const;
     void isUserVerifyingPlatformAuthenticatorAvailable(DOMPromiseDeferred<IDLBoolean>&&) const;
 

trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h

@@ -81 +81 @@
 
 } // namespace WebCore
+
+namespace WebAuthn {
+
+enum class Scope {
+    CrossOrigin,
+    SameOrigin,
+    SameSite
+};
+
+} // namespace WebAuthn

trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp

@@ -135 +135 @@
 
 // FIXME(181948): Add token binding ID.
-Ref<ArrayBuffer> buildClientDataJson(ClientDataType type, const BufferSource& challenge, const SecurityOrigin& origin)
+Ref<ArrayBuffer> buildClientDataJson(ClientDataType type, const BufferSource& challenge, const SecurityOrigin& origin, WebAuthn::Scope scope)
 {
     auto object = JSON::Object::create();
@@ -148 +148 @@
     object->setString("challenge"_s, base64URLEncodeToString(challenge.data(), challenge.length()));
     object->setString("origin"_s, origin.toRawString());
+    if (scope != WebAuthn::Scope::SameOrigin)
+        object->setBoolean("crossOrigin"_s, scope != WebAuthn::Scope::SameOrigin);
 
     auto utf8JSONString = object->toJSONString().utf8();

trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h

@@ -53 +53 @@
 WEBCORE_EXPORT Vector<uint8_t> buildAttestationObject(Vector<uint8_t>&& authData, String&& format, cbor::CBORValue::MapValue&& statementMap, const AttestationConveyancePreference&);
 
-WEBCORE_EXPORT Ref<ArrayBuffer> buildClientDataJson(ClientDataType /*type*/, const BufferSource& challenge, const SecurityOrigin& /*origin*/);
+WEBCORE_EXPORT Ref<ArrayBuffer> buildClientDataJson(ClientDataType /*type*/, const BufferSource& challenge, const SecurityOrigin& /*origin*/, WebAuthn::Scope);
 
 WEBCORE_EXPORT Vector<uint8_t> buildClientDataJsonHash(const ArrayBuffer& clientDataJson);

trunk/Source/WebCore/html/FeaturePolicy.cpp

@@ -68 +68 @@
         return "Magnetometer";
 #endif
+#if ENABLE(WEB_AUTHN)
+    case FeaturePolicy::Type::PublickeyCredentialsGetRule:
+        return "PublickeyCredentialsGet";
+#endif
 #if ENABLE(WEBXR)
     case FeaturePolicy::Type::XRSpatialTracking:
@@ -185 +189 @@
     bool isMagnetometerInitialized = false;
 #endif
+#if ENABLE(WEB_AUTHN)
+    bool isPublickeyCredentialsGetInitialized = false;
+#endif
 #if ENABLE(WEBXR)
     bool isXRSpatialTrackingInitialized = false;
@@ -249 +256 @@
             isMagnetometerInitialized = true;
             updateList(document, policy.m_magnetometerRule, item.substring(13));
+            continue;
+        }
+#endif
+#if ENABLE(WEB_AUTHN)
+        if (item.startsWith("publickey-credentials-get")) {
+            isPublickeyCredentialsGetInitialized = true;
+            updateList(document, policy.m_publickeyCredentialsGetRule, item.substring(26));
             continue;
         }
@@ -283 +297 @@
     if (!isMagnetometerInitialized)
         policy.m_magnetometerRule.allowedList.add(document.securityOrigin().data());
+#endif
+#if ENABLE(WEB_AUTHN)
+    if (!isPublickeyCredentialsGetInitialized)
+        policy.m_publickeyCredentialsGetRule.allowedList.add(document.securityOrigin().data());
 #endif
 #if ENABLE(WEBXR)
@@ -339 +357 @@
         return isAllowedByFeaturePolicy(m_magnetometerRule, origin);
 #endif
+#if ENABLE(WEB_AUTHN)
+    case Type::PublickeyCredentialsGetRule:
+        return isAllowedByFeaturePolicy(m_publickeyCredentialsGetRule, origin);
+#endif
 #if ENABLE(WEBXR)
     case Type::XRSpatialTracking:

trunk/Source/WebCore/html/FeaturePolicy.h

@@ -54 +54 @@
         Magnetometer,
 #endif
+#if ENABLE(WEB_AUTHN)
+        PublickeyCredentialsGetRule,
+#endif
 #if ENABLE(WEBXR)
         XRSpatialTracking,
@@ -82 +85 @@
     AllowRule m_magnetometerRule;
 #endif
+#if ENABLE(WEB_AUTHN)
+    AllowRule m_publickeyCredentialsGetRule;
+#endif
 #if ENABLE(WEBXR)
     AllowRule m_xrSpatialTrackingRule;

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2021-12-13  J Pascoe  <j_pascoe@apple.com>
+
+        [WebAuthn] Allow same-site, cross-origin iframe get()
+        https://bugs.webkit.org/show_bug.cgi?id=234180
+        rdar://85161142
+
+        Reviewed by Brent Fulgham.
+
+        The Web Authentication level 2 specifies a feature policy to allow get calls in
+        cross-origin i-frames. This patch implements this feature policy partially. Only
+        same-site, cross-origin i-frames are supported instead. This is for tracking prevention
+        purposes. https://w3c.github.io/webauthn/#sctn-iframe-guidance
+
+        This patch also starts passing ClientDataJSON hashes to ASC to avoid the situation
+        where WebKit includes crossOrigin or other fields in ClientDataJSON that ASC is
+        unaware of when generating ClientDataJSON.
+
+        Added layout test cases for same-site, cross-origin get calls.
+
+        * Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h:
+        * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:
+        (produceClientDataJson):
+        * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm:
+        (WebKit::configureRegistrationRequestContext):
+        (WebKit::configurationAssertionRequestContext):
+        (WebKit::WebAuthenticatorCoordinatorProxy::contextForRequest):
+
 2021-12-13  Jean-Yves Avenard  <jya@apple.com>
 

trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h

@@ -108 +108 @@
 @interface ASCPublicKeyCredentialCreationOptions : NSObject <NSSecureCoding>
 
-@property (nonatomic, copy) NSData *challenge;
+@property (nonatomic, nullable, copy) NSData *challenge;
+@property (nonatomic, nullable, copy) NSData *clientDataHash;
 @property (nonatomic, copy) NSString *relyingPartyIdentifier;
 @property (nonatomic, copy) NSString *userName;
@@ -117 +118 @@
 @property (nonatomic) BOOL shouldRequireResidentKey;
 
+@end
+
+@interface ASCPublicKeyCredentialAssertionOptions : NSObject <NSSecureCoding>
+@property (nonatomic, copy, readonly) NSString *relyingPartyIdentifier;
+@property (nonatomic, nullable, copy, readonly) NSData *challenge;
+@property (nonatomic, nullable, copy) NSData *clientDataHash;
+@property (nonatomic, nullable, readonly, copy) NSString *userVerificationPreference;
 @end
 

trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm

@@ -88 +88 @@
     auto securityOrigin = WebCore::SecurityOrigin::createFromString(origin);
 
-    auto clientDataJson = buildClientDataJson(clientDataType, WebCore::BufferSource(challengeBuffer), securityOrigin);
+    auto clientDataJson = buildClientDataJson(clientDataType, WebCore::BufferSource(challengeBuffer), securityOrigin, WebAuthn::Scope::SameOrigin);
     return adoptNS([[NSData alloc] initWithBytes:clientDataJson->data() length:clientDataJson->byteLength()]);
 }

trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm

@@ -146 +146 @@
 }
 
-static RetainPtr<ASCCredentialRequestContext> configureRegistrationRequestContext(const PublicKeyCredentialCreationOptions& options)
+static RetainPtr<ASCCredentialRequestContext> configureRegistrationRequestContext(const PublicKeyCredentialCreationOptions& options, NSData *hash)
 {
     ASCCredentialRequestTypes requestTypes = ASCCredentialRequestTypePlatformPublicKeyRegistration | ASCCredentialRequestTypeSecurityKeyPublicKeyRegistration;
@@ -170 +170 @@
     auto credentialCreationOptions = adoptNS([allocASCPublicKeyCredentialCreationOptionsInstance() init]);
 
-    [credentialCreationOptions setChallenge:WebCore::toNSData(options.challenge).get()];
+    if ([credentialCreationOptions respondsToSelector:@selector(setClientDataHash:)])
+        [credentialCreationOptions setClientDataHash:toNSData(hash).get()];
+    else
+        [credentialCreationOptions setChallenge:WebCore::toNSData(options.challenge).get()];
     [credentialCreationOptions setRelyingPartyIdentifier:options.rp.id];
     [credentialCreationOptions setUserName:options.user.name];
@@ -203 +206 @@
 }
 
-static RetainPtr<ASCCredentialRequestContext> configurationAssertionRequestContext(const PublicKeyCredentialRequestOptions& options)
+static RetainPtr<ASCCredentialRequestContext> configurationAssertionRequestContext(const PublicKeyCredentialRequestOptions& options, Vector<uint_8> hash)
 {
     ASCCredentialRequestTypes requestTypes = ASCCredentialRequestTypePlatformPublicKeyAssertion | ASCCredentialRequestTypeSecurityKeyPublicKeyAssertion;
@@ -228 +231 @@
     [requestContext setRelyingPartyIdentifier:options.rpId];
 
-    auto challenge = WebCore::toNSData(options.challenge);
-
-    if (requestTypes & ASCCredentialRequestTypePlatformPublicKeyAssertion)
-        [requestContext setPlatformKeyCredentialAssertionOptions:[allocASCPublicKeyCredentialAssertionOptionsInstance() initWithKind:ASCPublicKeyCredentialKindPlatform relyingPartyIdentifier:options.rpId challenge:challenge.get() userVerificationPreference:userVerification.get() allowedCredentials:allowedCredentials.get()]];
-
-    if (requestTypes & ASCCredentialRequestTypeSecurityKeyPublicKeyAssertion)
-        [requestContext setSecurityKeyCredentialAssertionOptions:[allocASCPublicKeyCredentialAssertionOptionsInstance() initWithKind:ASCPublicKeyCredentialKindSecurityKey relyingPartyIdentifier:options.rpId challenge:challenge.get() userVerificationPreference:userVerification.get() allowedCredentials:allowedCredentials.get()]];
+    if (requestTypes & ASCCredentialRequestTypePlatformPublicKeyAssertion) {
+        auto assertionOptions = adoptNS(allocASCPublicKeyCredentialAssertionOptionsInstance());
+        if ([assertionOptions respondsToSelector:@selector(initWithKind:relyingPartyIdentifier:clientDataHash:userVerificationPreference:allowedCredentials:)]) {
+            auto nsHash = toNSData(hash);
+            [assertionOptions initWithKind:ASCPublicKeyCredentialKindPlatform relyingPartyIdentifier:options.rpId clientDataHash:nsHash userVerificationPreference:userVerification.get() allowedCredentials:allowedCredentials.get()]
+        } else {
+            auto challenge = WebCore::toNSData(options.challenge);
+            [assertionOptions initWithKind:ASCPublicKeyCredentialKindPlatform relyingPartyIdentifier:options.rpId challenge:challenge.get() userVerificationPreference:userVerification.get() allowedCredentials:allowedCredentials.get()]
+        }
+
+        [requestContext setPlatformKeyCredentialAssertionOptions:assertionOptions.get()];
+    }
+
+    if (requestTypes & ASCCredentialRequestTypeSecurityKeyPublicKeyAssertion) {
+        auto assertionOptions = adoptNS(allocASCPublicKeyCredentialAssertionOptionsInstance());
+        if ([assertionOptions respondsToSelector:@selector(initWithKind:relyingPartyIdentifier:clientDataHash:userVerificationPreference:allowedCredentials:)]) {
+            auto nsHash = toNSData(hash);
+            [assertionOptions initWithKind:ASCPublicKeyCredentialKindSecurityKey relyingPartyIdentifier:options.rpId clientDataHash:nsHash userVerificationPreference:userVerification.get() allowedCredentials:allowedCredentials.get()]];
+        } else {
+            auto challenge = WebCore::toNSData(options.challenge);
+            [assertionOptions initWithKind:ASCPublicKeyCredentialKindSecurityKey relyingPartyIdentifier:options.rpId challenge:challenge.get() userVerificationPreference:userVerification.get() allowedCredentials:allowedCredentials.get()]];
+        }
+        [requestContext setSecurityKeyCredentialAssertionOptions:assertionOptions.get()];
+    }
 
     return requestContext;
@@ -243 +263 @@
     RetainPtr<ASCCredentialRequestContext> result;
     WTF::switchOn(requestData.options, [&](const PublicKeyCredentialCreationOptions& options) {
-        result = configureRegistrationRequestContext(options);
+        result = configureRegistrationRequestContext(options, requestData.hash);
     }, [&](const PublicKeyCredentialRequestOptions& options) {
-        result = configurationAssertionRequestContext(options);
+        result = configurationAssertionRequestContext(options, requestData.hash);
     });
     return result;