Changeset 289059 in webkit
- Timestamp:
- Feb 3, 2022 10:01:45 AM (6 months ago)
- Location:
- trunk
- Files:
-
- 4 edited
-
Source/WebKit/ChangeLog (modified) (1 diff)
-
Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm (modified) (4 diffs)
-
Tools/ChangeLog (modified) (1 diff)
-
Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit/ChangeLog
r289055 r289059 1 2022-02-03 J Pascoe <j_pascoe@apple.com> 2 3 [WebAuthn] Allow use of hardware-fixed credentials while using alternate store 4 https://bugs.webkit.org/show_bug.cgi?id=235923 5 rdar://88102108 6 7 Reviewed by Brent Fulgham. 8 9 This patch allows use of credentials created before a user started using 10 the alternate credential store by searching regardless of status when 11 querying credentials. 12 13 Added API test + tested manually. 14 15 * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: 16 (WebKit::LocalAuthenticatorInternal::getExistingCredentials): 17 (WebKit::LocalAuthenticator::continueGetAssertionAfterUserVerification): 18 1 19 2022-02-03 Per Arne Vollan <pvollan@apple.com> 2 20 -
trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm
r288816 r289059 121 121 { 122 122 // Search Keychain for existing credential matched the RP ID. 123 auto query = adoptNS([[NSMutableDictionary alloc] init]); 124 [query setDictionary:@{ 123 NSDictionary *query = @{ 125 124 (id)kSecClass: (id)kSecClassKey, 126 125 (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate, 126 (id)kSecAttrSynchronizable: (id)kSecAttrSynchronizableAny, 127 127 (id)kSecAttrLabel: rpId, 128 128 (id)kSecReturnAttributes: @YES, 129 129 (id)kSecMatchLimit: (id)kSecMatchLimitAll, 130 130 (id)kSecUseDataProtectionKeychain: @YES 131 }]; 132 updateQueryIfNecessary(query.get()); 131 }; 133 132 134 133 CFTypeRef attributesArrayRef = nullptr; 135 OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query .get(), &attributesArrayRef);134 OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &attributesArrayRef); 136 135 if (status && status != errSecItemNotFound) 137 136 return std::nullopt; … … 600 599 (id)kSecClass: (id)kSecClassKey, 601 600 (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate, 601 (id)kSecAttrSynchronizable: (id)kSecAttrSynchronizableAny, 602 602 (id)kSecAttrApplicationLabel: nsCredentialId.get(), 603 603 (id)kSecReturnRef: @YES, … … 609 609 610 610 auto query = adoptNS(queryDictionary); 611 updateQueryIfNecessary(query.get());612 611 613 612 CFTypeRef privateKeyRef = nullptr; … … 634 633 // Extra step: update the Keychain item with the same value to update its modification date such that LRU can be used 635 634 // for selectAssertionResponse 636 auto query = adoptNS([[NSMutableDictionary alloc] init]); 637 [query setDictionary:@{ 635 NSDictionary *query = @{ 638 636 (id)kSecClass: (id)kSecClassKey, 639 637 (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate, 638 (id)kSecAttrSynchronizable: (id)kSecAttrSynchronizableAny, 640 639 (id)kSecAttrApplicationLabel: nsCredentialId.get(), 641 640 (id)kSecUseDataProtectionKeychain: @YES 642 }]; 643 updateQueryIfNecessary(query.get()); 641 }; 644 642 645 643 NSDictionary *updateParams = @{ 646 644 (id)kSecAttrLabel: requestOptions.rpId, 647 645 }; 648 auto status = SecItemUpdate((__bridge CFDictionaryRef)query .get(), (__bridge CFDictionaryRef)updateParams);646 auto status = SecItemUpdate((__bridge CFDictionaryRef)query, (__bridge CFDictionaryRef)updateParams); 649 647 if (status) 650 648 LOG_ERROR("Couldn't update the Keychain item: %d", status); -
trunk/Tools/ChangeLog
r289042 r289059 1 2022-02-03 J Pascoe <j_pascoe@apple.com> 2 3 [WebAuthn] Allow use of hardware-fixed credentials while using alternate store 4 https://bugs.webkit.org/show_bug.cgi?id=235923 5 rdar://88102108 6 7 Reviewed by Brent Fulgham. 8 9 Add new test for querying credentials created both before and after enabling 10 alternative credential store. 11 12 * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: 13 (TestWebKitAPI::WebCore::addKeyToKeychain): 14 (TestWebKitAPI::WebCore::cleanUpKeychain): 15 (TestWebKitAPI::TEST): 16 1 17 2022-02-03 Carlos Garcia Campos <cgarcia@igalia.com> 2 18 -
trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm
r288816 r289059 363 363 #if USE(APPLE_INTERNAL_SDK) || PLATFORM(IOS) 364 364 365 bool addKeyToKeychain(const String& privateKeyBase64, const String& rpId, const String& userHandleBase64 )365 bool addKeyToKeychain(const String& privateKeyBase64, const String& rpId, const String& userHandleBase64, bool synchronizable = false) 366 366 { 367 367 NSDictionary* options = @{ … … 379 379 return false; 380 380 381 NSDictionary* addQuery = @{ 381 auto addQuery = adoptNS([[NSMutableDictionary alloc] init]); 382 [addQuery setDictionary:@{ 382 383 (id)kSecValueRef: (id)key.get(), 383 384 (id)kSecClass: (id)kSecClassKey, … … 386 387 (id)kSecAttrAccessible: (id)kSecAttrAccessibleAfterFirstUnlock, 387 388 (id)kSecUseDataProtectionKeychain: @YES 388 }; 389 OSStatus status = SecItemAdd((__bridge CFDictionaryRef)addQuery, NULL); 389 }]; 390 if (synchronizable) 391 [addQuery.get() setObject:@YES forKey:(__bridge id)kSecAttrSynchronizable]; 392 393 OSStatus status = SecItemAdd((__bridge CFDictionaryRef)addQuery.get(), NULL); 390 394 if (status) 391 395 return false; … … 399 403 (id)kSecClass: (id)kSecClassKey, 400 404 (id)kSecAttrLabel: rpId, 405 (id)kSecAttrSynchronizable: (id)kSecAttrSynchronizableAny, 401 406 (id)kSecAttrAccessible: (id)kSecAttrAccessibleAfterFirstUnlock, 402 407 (id)kSecUseDataProtectionKeychain: @YES … … 1511 1516 } 1512 1517 1518 TEST(WebAuthenticationPanel, LAGetAssertionMultipleCredentialStore) 1519 { 1520 reset(); 1521 RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-get-assertion-la" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]; 1522 1523 auto *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES]; 1524 [[configuration preferences] _setEnabled:NO forExperimentalFeature:webAuthenticationModernExperimentalFeature()]; 1525 1526 auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSZeroRect configuration:configuration]); 1527 auto delegate = adoptNS([[TestWebAuthenticationPanelUIDelegate alloc] init]); 1528 [webView setUIDelegate:delegate.get()]; 1529 [webView focus]; 1530 1531 ASSERT_TRUE(addKeyToKeychain(testES256PrivateKeyBase64, "", testUserEntityBundleBase64)); 1532 ASSERT_TRUE(addKeyToKeychain("BBRoi2JbR0IXTeJmvXUp1YIuM4sph/Lu3eGf75F7n+HojHKG70a4R0rB2PQce5/SJle6T7OO5Cqet/LJZVM6NQ8yDDxWvayf71GTDp2yUtuIbqJLFVbpWymlj9WRizgX3A==", "", "omJpZEoAAQIDBAUGBwgJZG5hbWVkSmFuZQ=="/* { "id": h'00010203040506070809', "name": "Jane" } */, true /* synchronizable */)); 1533 1534 [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]]; 1535 [webView waitForMessage:@"Succeeded!"]; 1536 EXPECT_WK_STREQ(webAuthenticationPanelSelectedCredentialName, "John"); 1537 1538 [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]]; 1539 [webView waitForMessage:@"Succeeded!"]; 1540 EXPECT_WK_STREQ(webAuthenticationPanelSelectedCredentialName, "Jane"); 1541 1542 cleanUpKeychain(""); 1543 } 1544 1513 1545 TEST(WebAuthenticationPanel, LAGetAssertionNoMockNoUserGesture) 1514 1546 {
Note: See TracChangeset
for help on using the changeset viewer.
