Changeset 286746 in webkit

Timestamp:

Dec 8, 2021, 3:49:16 PM (4 years ago)

Author:

J Pascoe

Message:

[WebAuthn] Consider support for the displayName for FIDO authenticator
​https://bugs.webkit.org/show_bug.cgi?id=233389
rdar://84938707

Reviewed by Brent Fulgham.

Source/WebKit:

Start storing the displayName field with the platform authenticator
and add them to the getAllLocalAuthenticatorCredentials SPI.

The displayName is part of the WebAuthn level 2 spec:
​https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialuserentity-displayname

• UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:
• UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:

(getAllLocalAuthenticatorCredentialsImpl):

• UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:

(WebKit::LocalAuthenticator::continueMakeCredentialAfterUserVerification):

Tools:

Add test for new field stored with platform authenticator: displayName

• TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:

(TestWebKitAPI::TEST):

Location:

trunk

Files:

• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h (modified) (1 diff)
• Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm (modified) (2 diffs)
• Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm (modified) (1 diff)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2021-12-08  J Pascoe  <j_pascoe@apple.com>
+
+        [WebAuthn] Consider support for the displayName for FIDO authenticator
+        https://bugs.webkit.org/show_bug.cgi?id=233389
+        rdar://84938707
+
+        Reviewed by Brent Fulgham.
+
+        Start storing the displayName field with the platform authenticator
+        and add them to the getAllLocalAuthenticatorCredentials SPI.
+
+        The displayName is part of the WebAuthn level 2 spec:
+        https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialuserentity-displayname
+
+        * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:
+        * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:
+        (getAllLocalAuthenticatorCredentialsImpl):
+        * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:
+        (WebKit::LocalAuthenticator::continueMakeCredentialAfterUserVerification):
+
 2021-12-08  Truitt Savell  <tsavell@apple.com>
 

trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h

@@ -88 +88 @@
 
 WK_EXPORT extern NSString * const _WKLocalAuthenticatorCredentialNameKey;
+WK_EXPORT extern NSString * const _WKLocalAuthenticatorCredentialDisplayNameKey;
 WK_EXPORT extern NSString * const _WKLocalAuthenticatorCredentialIDKey;
 WK_EXPORT extern NSString * const _WKLocalAuthenticatorCredentialRelyingPartyIDKey;

trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm

@@ -101 +101 @@
 
 NSString * const _WKLocalAuthenticatorCredentialNameKey = @"_WKLocalAuthenticatorCredentialNameKey";
+NSString * const _WKLocalAuthenticatorCredentialDisplayNameKey = @"_WKLocalAuthenticatorCredentialDisplayNameKey";
 NSString * const _WKLocalAuthenticatorCredentialIDKey = @"_WKLocalAuthenticatorCredentialIDKey";
 NSString * const _WKLocalAuthenticatorCredentialRelyingPartyIDKey = @"_WKLocalAuthenticatorCredentialRelyingPartyIDKey";
@@ -266 +267 @@
         }
         auto& username = it->second.getString();
-
-        [result addObject:@{
-            _WKLocalAuthenticatorCredentialNameKey: username,
-            _WKLocalAuthenticatorCredentialIDKey: attributes[bridge_cast(kSecAttrApplicationLabel)],
-            _WKLocalAuthenticatorCredentialRelyingPartyIDKey: attributes[bridge_cast(kSecAttrLabel)],
-            _WKLocalAuthenticatorCredentialLastModificationDateKey: attributes[bridge_cast(kSecAttrModificationDate)],
-            _WKLocalAuthenticatorCredentialCreationDateKey: attributes[bridge_cast(kSecAttrCreationDate)]
-        }];
+        auto credential = adoptNS([[NSMutableDictionary alloc] initWithObjectsAndKeys:
+            username, _WKLocalAuthenticatorCredentialNameKey,
+            attributes[bridge_cast(kSecAttrApplicationLabel)], _WKLocalAuthenticatorCredentialIDKey,
+            attributes[bridge_cast(kSecAttrLabel)], _WKLocalAuthenticatorCredentialRelyingPartyIDKey,
+            attributes[bridge_cast(kSecAttrModificationDate)], _WKLocalAuthenticatorCredentialLastModificationDateKey,
+            attributes[bridge_cast(kSecAttrCreationDate)], _WKLocalAuthenticatorCredentialCreationDateKey,
+            nil
+        ]);
+
+        it = responseMap.find(cbor::CBORValue(fido::kDisplayNameMapKey));
+        if (it != responseMap.end() && it->second.isString())
+            [credential setObject:it->second.getString() forKey:_WKLocalAuthenticatorCredentialDisplayNameKey];
+
+        [result addObject:credential.get()];
     }
 

trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm

@@ -348 +348 @@
     // kSecAttrLabel: RP ID
     // kSecAttrApplicationLabel: Credential ID (auto-gen by Keychain)
-    // kSecAttrApplicationTag: { "id": UserEntity.id, "name": UserEntity.name } (CBOR encoded)
+    // kSecAttrApplicationTag: { "id": UserEntity.id, "name": UserEntity.name, "displayName": UserEntity.name} (CBOR encoded)
     // Noted, the vale of kSecAttrApplicationLabel is automatically generated by the Keychain, which is a SHA-1 hash of
     // the public key.
     const auto& secAttrLabel = creationOptions.rp.id;
 
+    // id, name, and displayName are required in PublicKeyCredentialUserEntity
+    // https://www.w3.org/TR/webauthn-2/#dictdef-publickeycredentialuserentity
     cbor::CBORValue::MapValue userEntityMap;
     userEntityMap[cbor::CBORValue(fido::kEntityIdMapKey)] = cbor::CBORValue(creationOptions.user.id);
     userEntityMap[cbor::CBORValue(fido::kEntityNameMapKey)] = cbor::CBORValue(creationOptions.user.name);
+    userEntityMap[cbor::CBORValue(fido::kDisplayNameMapKey)] = cbor::CBORValue(creationOptions.user.displayName);
     auto userEntity = cbor::CBORWriter::write(cbor::CBORValue(WTFMove(userEntityMap)));
     ASSERT(userEntity);

trunk/Tools/ChangeLog

@@ +1 @@
+2021-12-08  J Pascoe  <j_pascoe@apple.com>
+
+        [WebAuthn] Consider support for the displayName for FIDO authenticator
+        https://bugs.webkit.org/show_bug.cgi?id=233389
+        rdar://84938707
+
+        Reviewed by Brent Fulgham.
+
+        Add test for new field stored with platform authenticator: displayName
+
+        * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:
+        (TestWebKitAPI::TEST):
+
 2021-12-08  Truitt Savell  <tsavell@apple.com>
 

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm

@@ -2194 +2194 @@
 }
 
+TEST(WebAuthenticationPanel, GetAllCredentialWithDisplayName)
+{
+    reset();
+
+    // {"id": h'00010203040506070809', "name": "John", "displayName": "Johnny"}
+    ASSERT_TRUE(addKeyToKeychain(testES256PrivateKeyBase64, "example.com", "o2JpZEoAAQIDBAUGBwgJZG5hbWVkSm9obmtkaXNwbGF5TmFtZWZKb2hubnk="));
+
+    auto after = adoptNS([[NSDate alloc] init]);
+
+    auto *credentials = [_WKWebAuthenticationPanel getAllLocalAuthenticatorCredentialsWithAccessGroup:@"com.apple.TestWebKitAPI"];
+    EXPECT_NOT_NULL(credentials);
+    EXPECT_EQ([credentials count], 1lu);
+
+    EXPECT_NOT_NULL([credentials firstObject]);
+    EXPECT_WK_STREQ([credentials firstObject][_WKLocalAuthenticatorCredentialNameKey], "John");
+    EXPECT_WK_STREQ([credentials firstObject][_WKLocalAuthenticatorCredentialDisplayNameKey], "Johnny");
+
+    cleanUpKeychain("example.com");
+}
+
 TEST(WebAuthenticationPanel, UpdateCredentialUsername)
 {