Changeset 228444 in webkit

Timestamp:

Feb 13, 2018 5:34:21 PM (6 years ago)

Author:

jiewen_tan@apple.com

Message:

[WebAuthN] Revisit the whole async model of task dispatching, timeout and aborting
​https://bugs.webkit.org/show_bug.cgi?id=181946
<rdar://problem/37258262>

Reviewed by Chris Dumez.

Source/WebCore:

This patch changes the original async model from a work queue to IPC between WebProcess
and UIProcess. Since all authenticator operations must be handled in the UIProcess due
to sandboxing, this message passing IPC async model then surpasses the original multi
threading model. To cooperate that, a CredentialsMessenger class is then created and
all task dispatching code is moved thre.

As an improvement over existing code, static functions from PublicKeyCredential are
moved to AuthenticatorManager. AuthenticatorManager is made as a singleton such that
when static functions are called, they could reach the CredentialsMessenger to interact
with UIProccess. CredentialsMessenger and AuthenticatorManager are separated so later
on when other Credential types are created, they can reuse the same IPC messenger.

What's more, a mock CredentialsMessenger is then created to mock behaviors of UIProcess
for testing purpose.

Covered by existing tests.

• DerivedSources.make:
• Modules/credentialmanagement/BasicCredential.h:
• Modules/credentialmanagement/CredentialsContainer.cpp:

(WebCore::CredentialsContainer::CredentialsContainer):
(WebCore::CredentialsContainer::doesHaveSameOriginAsItsAncestors):
(WebCore::CredentialsContainer::get):
(WebCore::CredentialsContainer::isCreate):
(WebCore::CredentialsContainer::PendingPromise::PendingPromise): Deleted.
(WebCore::CredentialsContainer::dispatchTask): Deleted.

• Modules/credentialmanagement/CredentialsContainer.h:

(WebCore::CredentialsContainer::PendingPromise::create): Deleted.

• Modules/credentialmanagement/CredentialsMessenger.cpp: Added.

(WebCore::CredentialsMessenger::exceptionReply):
(WebCore::CredentialsMessenger::addCreationCompletionHandler):
(WebCore::CredentialsMessenger::takeCreationCompletionHandler):
(WebCore::CredentialsMessenger::addRequestCompletionHandler):
(WebCore::CredentialsMessenger::takeRequestCompletionHandler):
(WebCore::CredentialsMessenger::addQueryCompletionHandler):
(WebCore::CredentialsMessenger::takeQueryCompletionHandler):
(WebCore::getIdFromAttestationObject):

• Modules/credentialmanagement/CredentialsMessenger.h: Added.

(WebCore::CreationReturnBundle::CreationReturnBundle):
(WebCore::AssertionReturnBundle::AssertionReturnBundle):
(WebCore::CredentialsMessenger::weakPtrFactory const):

• Modules/webauthn/Authenticator.cpp: Removed.
• Modules/webauthn/Authenticator.h: Removed.
• Modules/webauthn/AuthenticatorManager.cpp: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.cpp.

(WebCore::AuthenticatorManagerInternal::produceClientDataJson):
(WebCore::AuthenticatorManagerInternal::produceClientDataJsonHash):
(WebCore::AuthenticatorManagerInternal::initTimer):
(WebCore::AuthenticatorManagerInternal::didTimerFire):
(WebCore::AuthenticatorManager::singleton):
(WebCore::AuthenticatorManager::setMessenger):
(WebCore::AuthenticatorManager::create const):
(WebCore::AuthenticatorManager::discoverFromExternalSource const):

• Modules/webauthn/AuthenticatorManager.h: Copied from Source/WebCore/Modules/webauthn/AuthenticatorResponse.h.
• Modules/webauthn/AuthenticatorResponse.h:
• Modules/webauthn/PublicKeyCredential.cpp:

(WebCore::PublicKeyCredentialInternal::produceClientDataJson): Deleted.
(WebCore::PublicKeyCredentialInternal::produceClientDataJsonHash): Deleted.
(WebCore::PublicKeyCredentialInternal::getIdFromAttestationObject): Deleted.
(WebCore::PublicKeyCredential::collectFromCredentialStore): Deleted.
(WebCore::PublicKeyCredential::discoverFromExternalSource): Deleted.
(WebCore::PublicKeyCredential::store): Deleted.
(WebCore::PublicKeyCredential::create): Deleted.
(WebCore::PublicKeyCredential::rawId const): Deleted.
(WebCore::PublicKeyCredential::response const): Deleted.

• Modules/webauthn/PublicKeyCredential.h:
• Sources.txt:
• WebCore.xcodeproj/project.pbxproj:
• testing/Internals.cpp:

(WebCore::Internals::Internals):
(WebCore::Internals::mockCredentialsMessenger const):

• testing/Internals.h:
• testing/Internals.idl:
• testing/MockCredentialsMessenger.cpp: Added.

(WebCore::MockCredentialsMessenger::setAttestationObject):
(WebCore::MockCredentialsMessenger::setAssertionReturnBundle):
(WebCore::MockCredentialsMessenger::makeCredential):
(WebCore::MockCredentialsMessenger::getAssertion):
(WebCore::MockCredentialsMessenger::makeCredentialReply):
(WebCore::MockCredentialsMessenger::getAssertionReply):

• testing/MockCredentialsMessenger.h: Copied from Source/WebCore/Modules/webauthn/AuthenticatorResponse.h.
• testing/MockCredentialsMessenger.idl: Copied from Source/WebCore/Modules/webauthn/AuthenticatorResponse.h.

Source/WebKit:

Dummy WebCredentialsMessenger and WebCredentialsMessengerProxy are crafted to establish
a message exchange channel between UIProcess and WebProcess.

• DerivedSources.make:
• UIProcess/CredentialManagement/WebCredentialsMessengerProxy.cpp: Copied from Source/WebCore/Modules/webauthn/AuthenticatorResponse.h.

(WebKit::WebCredentialsMessengerProxy::WebCredentialsMessengerProxy):
(WebKit::WebCredentialsMessengerProxy::~WebCredentialsMessengerProxy):
(WebKit::WebCredentialsMessengerProxy::makeCredential):
(WebKit::WebCredentialsMessengerProxy::getAssertion):

• UIProcess/CredentialManagement/WebCredentialsMessengerProxy.h: Copied from Source/WebCore/Modules/webauthn/AuthenticatorResponse.h.
• UIProcess/CredentialManagement/WebCredentialsMessengerProxy.messages.in: Added.
• UIProcess/WebPageProxy.cpp:

(WebKit::m_configurationPreferenceValues):
(WebKit::WebPageProxy::reattachToWebProcess):

• UIProcess/WebPageProxy.h:
• WebKit.xcodeproj/project.pbxproj:
• WebProcess/CredentialManagement/WebCredentialsMessenger.cpp: Copied from Source/WebCore/Modules/webauthn/AuthenticatorResponse.h.

(WebKit::WebCredentialsMessenger::WebCredentialsMessenger):
(WebKit::WebCredentialsMessenger::~WebCredentialsMessenger):
(WebKit::WebCredentialsMessenger::makeCredential):
(WebKit::WebCredentialsMessenger::getAssertion):
(WebKit::WebCredentialsMessenger::makeCredentialReply):
(WebKit::WebCredentialsMessenger::getAssertionReply):

• WebProcess/CredentialManagement/WebCredentialsMessenger.h: Copied from Source/WebCore/Modules/webauthn/AuthenticatorResponse.h.
• WebProcess/CredentialManagement/WebCredentialsMessenger.messages.in: Added.
• WebProcess/WebPage/WebPage.cpp:

(WebKit::m_credentialsMessenger):
(WebKit::m_cpuLimit): Deleted.

• WebProcess/WebPage/WebPage.h:

LayoutTests:

• http/wpt/credential-management/credentialscontainer-store-basics.https.html:
• http/wpt/webauthn/idl.https.html:
• http/wpt/webauthn/public-key-credential-create-failure.https.html:
• http/wpt/webauthn/public-key-credential-create-success.https.html:
• http/wpt/webauthn/public-key-credential-get-failure.https.html:
• http/wpt/webauthn/public-key-credential-get-success.https.html:
• http/wpt/webauthn/resources/util.js:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/wpt/credential-management/credentialscontainer-store-basics.https.html (modified) (2 diffs)
• LayoutTests/http/wpt/webauthn/idl.https.html (modified) (2 diffs)
• LayoutTests/http/wpt/webauthn/public-key-credential-create-failure.https.html (modified) (3 diffs)
• LayoutTests/http/wpt/webauthn/public-key-credential-create-success.https.html (modified) (3 diffs)
• LayoutTests/http/wpt/webauthn/public-key-credential-get-failure.https.html (modified) (3 diffs)
• LayoutTests/http/wpt/webauthn/public-key-credential-get-success.https.html (modified) (1 diff)
• LayoutTests/http/wpt/webauthn/resources/util.js (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/credential-management/credentialscontainer-create-basics.https-expected.txt (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/DerivedSources.make (modified) (1 diff)
• Source/WebCore/Modules/credentialmanagement/BasicCredential.h (modified) (2 diffs)
• Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp (modified) (5 diffs)
• Source/WebCore/Modules/credentialmanagement/CredentialsContainer.h (modified) (2 diffs)
• Source/WebCore/Modules/credentialmanagement/CredentialsMessenger.cpp (added)
• Source/WebCore/Modules/credentialmanagement/CredentialsMessenger.h (added)
• Source/WebCore/Modules/webauthn/Authenticator.cpp (deleted)
• Source/WebCore/Modules/webauthn/Authenticator.h (deleted)
• Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp (added)
• Source/WebCore/Modules/webauthn/AuthenticatorManager.h (copied) (copied from trunk/Source/WebCore/Modules/webauthn/AuthenticatorResponse.h) (1 diff)
• Source/WebCore/Modules/webauthn/AuthenticatorResponse.h (modified) (1 diff)
• Source/WebCore/Modules/webauthn/PublicKeyCredential.cpp (modified) (2 diffs)
• Source/WebCore/Modules/webauthn/PublicKeyCredential.h (modified) (2 diffs)
• Source/WebCore/Sources.txt (modified) (2 diffs)
• Source/WebCore/WebCore.xcodeproj/project.pbxproj (modified) (15 diffs)
• Source/WebCore/testing/Internals.cpp (modified) (3 diffs)
• Source/WebCore/testing/Internals.h (modified) (3 diffs)
• Source/WebCore/testing/Internals.idl (modified) (1 diff)
• Source/WebCore/testing/MockCredentialsMessenger.cpp (added)
• Source/WebCore/testing/MockCredentialsMessenger.h (copied) (copied from trunk/Source/WebCore/Modules/webauthn/AuthenticatorResponse.h) (1 diff)
• Source/WebCore/testing/MockCredentialsMessenger.idl (copied) (copied from trunk/Source/WebCore/Modules/webauthn/AuthenticatorResponse.h) (1 diff)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/DerivedSources.make (modified) (3 diffs)
• Source/WebKit/UIProcess/CredentialManagement (added)
• Source/WebKit/UIProcess/CredentialManagement/WebCredentialsMessengerProxy.cpp (copied) (copied from trunk/Source/WebCore/Modules/webauthn/AuthenticatorResponse.h) (1 diff)
• Source/WebKit/UIProcess/CredentialManagement/WebCredentialsMessengerProxy.h (copied) (copied from trunk/Source/WebCore/Modules/webauthn/AuthenticatorResponse.h) (1 diff)
• Source/WebKit/UIProcess/CredentialManagement/WebCredentialsMessengerProxy.messages.in (added)
• Source/WebKit/UIProcess/WebPageProxy.cpp (modified) (3 diffs)
• Source/WebKit/UIProcess/WebPageProxy.h (modified) (2 diffs)
• Source/WebKit/WebKit.xcodeproj/project.pbxproj (modified) (8 diffs)
• Source/WebKit/WebProcess/CredentialManagement (added)
• Source/WebKit/WebProcess/CredentialManagement/WebCredentialsMessenger.cpp (copied) (copied from trunk/Source/WebCore/Modules/webauthn/AuthenticatorResponse.h) (1 diff)
• Source/WebKit/WebProcess/CredentialManagement/WebCredentialsMessenger.h (copied) (copied from trunk/Source/WebCore/Modules/webauthn/AuthenticatorResponse.h) (1 diff)
• Source/WebKit/WebProcess/CredentialManagement/WebCredentialsMessenger.messages.in (added)
• Source/WebKit/WebProcess/WebPage/WebPage.cpp (modified) (3 diffs)
• Source/WebKit/WebProcess/WebPage/WebPage.h (modified) (2 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2018-02-13  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebAuthN] Revisit the whole async model of task dispatching, timeout and aborting
+        https://bugs.webkit.org/show_bug.cgi?id=181946
+        <rdar://problem/37258262>
+
+        Reviewed by Chris Dumez.
+
+        * http/wpt/credential-management/credentialscontainer-store-basics.https.html:
+        * http/wpt/webauthn/idl.https.html:
+        * http/wpt/webauthn/public-key-credential-create-failure.https.html:
+        * http/wpt/webauthn/public-key-credential-create-success.https.html:
+        * http/wpt/webauthn/public-key-credential-get-failure.https.html:
+        * http/wpt/webauthn/public-key-credential-get-success.https.html:
+        * http/wpt/webauthn/resources/util.js:
+
 2018-02-13  Antti Koivisto  <antti@apple.com>
 

trunk/LayoutTests/http/wpt/credential-management/credentialscontainer-store-basics.https.html

@@ -10 +10 @@
             chars.push(str.charCodeAt(i));
         return new Uint8Array(chars);
+    }
+    function hexStringToUint8Array(hexString)
+    {
+        if (hexString.length % 2 != 0)
+            throw "Invalid hexString";
+        var arrayBuffer = new Uint8Array(hexString.length / 2);
+
+        for (var i = 0; i < hexString.length; i += 2) {
+            var byteValue = parseInt(hexString.substr(i, 2), 16);
+            if (byteValue == NaN)
+                throw "Invalid hexString";
+            arrayBuffer[i/2] = byteValue;
+        }
+
+        return arrayBuffer;
     }
 
@@ -27 +42 @@
             }
         };
+        // A mock attestation object
+        internals.mockCredentialsMessenger.setAttestationObject(hexStringToUint8Array('000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001ff'));
+        const credential = await navigator.credentials.create(options);
 
-        const credential = await navigator.credentials.create(options);
         return promise_rejects(t, "NotSupportedError",
             navigator.credentials.store(credential));

trunk/LayoutTests/http/wpt/webauthn/idl.https.html

@@ -50 +50 @@
         }
     };
+    // A mock attestation object
+    internals.mockCredentialsMessenger.setAttestationObject(hexStringToUint8Array('000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001ff'));
     createdCredential = await navigator.credentials.create(creationOptions);
 
@@ -58 +60 @@
         }
     };
+    // A mock assertion return bundle.
+    internals.mockCredentialsMessenger.setAssertionReturnBundle(hexStringToUint8Array('00'), hexStringToUint8Array('01'), hexStringToUint8Array('02'), hexStringToUint8Array('03'));
     requestedCredential = await navigator.credentials.get(requestOptions);
 

trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure.https.html

@@ -21 +21 @@
             }
         };
+        internals.mockCredentialsMessenger.setDidTimeOut();
+
         return promise_rejects(t, "NotAllowedError",
             navigator.credentials.create(options));
@@ -65 +67 @@
     }, "PublicKeyCredential's [[create]] with an empty pubKeyCredParams");
 
-    // This test is targeting to the dummy authenticator, which always cancel the operation
-    // when user.displayName = "John".
     promise_test(function(t) {
         const options = {
@@ -83 +83 @@
             }
         };
+        internals.mockCredentialsMessenger.setDidUserCancel();
+
         return promise_rejects(t, "NotAllowedError",
             navigator.credentials.create(options));

trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-success.https.html

@@ -5 +5 @@
 <script src="./resources/util.js"></script>
 <script>
-    // The following test is specifically tuned for current dummy authenticator.
     promise_test(function(t) {
         const options = {
@@ -21 +20 @@
             }
         };
+        // A mock attestation object
+        internals.mockCredentialsMessenger.setAttestationObject(hexStringToUint8Array('000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001ff'));
 
         return navigator.credentials.create(options).then(function(credential) {
@@ -27 +28 @@
                 assert_equals(bytesToHexString(credential.rawId), 'ff');
                 assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.create","challenge":"MTIzNDU2","origin":"https://localhost:9443","hashAlgorithm":"SHA-256"}');
-                // This field is completely fake 0x00*43 | 0x0001ff | SHA-256 hash of the clientDataJSON
-                assert_equals(bytesToHexString(credential.response.attestationObject), '000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001ff3374b98316b38046727a770b8e95c4580a292b9e2f4bb44a250a5402d6d3783a');
+                assert_equals(bytesToHexString(credential.response.attestationObject), '000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001ff');
                 try {
                     assert_throws("NotSupportedError", credential.getClientExtensionResults());

trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure.https.html

@@ -12 +12 @@
             }
         };
+        internals.mockCredentialsMessenger.setDidTimeOut();
+
         return promise_rejects(t, "NotAllowedError",
             navigator.credentials.get(options));
@@ -27 +29 @@
     }, "PublicKeyCredential's [[get]] with a mismatched RP ID");
 
-    // This test is targeting to the dummy authenticator, which always cancel the operation
-    // when allowCredentials is not empty.
     promise_test(function(t) {
         const options = {
@@ -36 +36 @@
             }
         };
+        internals.mockCredentialsMessenger.setDidUserCancel();
+
         return promise_rejects(t, "NotAllowedError",
             navigator.credentials.get(options));

trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-success.https.html

@@ -12 +12 @@
             }
         };
+        // A mock assertion return bundle.
+        internals.mockCredentialsMessenger.setAssertionReturnBundle(hexStringToUint8Array('00'), hexStringToUint8Array('01'), hexStringToUint8Array('02'), hexStringToUint8Array('03'));
 
         return navigator.credentials.get(options).then(function(credential) {
-            const clientDataJsonHash = '577cc24b64b3dd011c61a8efb240aee7e77acc3c144d6dfbe097c6a208bb6d49';
-
-            assert_equals(credential.id, 'V3zCS2Sz3QEcYajvskCu5-d6zDwUTW374JfGogi7bUk');
+            assert_equals(credential.id, 'AA');
             assert_equals(credential.type, 'public-key');
-            assert_equals(bytesToHexString(credential.rawId), clientDataJsonHash);
+            assert_equals(bytesToHexString(credential.rawId), '00');
             assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.get","challenge":"MTIzNDU2","origin":"https://localhost:9443","hashAlgorithm":"SHA-256"}');
-            // This field is completely fake 0x00*43 | 0x0001ff | SHA-256 hash of the clientDataJSON
-            assert_equals(bytesToHexString(credential.response.authenticatorData), clientDataJsonHash);
-            assert_equals(bytesToHexString(credential.response.signature), clientDataJsonHash);
-            assert_equals(bytesToHexString(credential.response.userHandle), clientDataJsonHash);
+            assert_equals(bytesToHexString(credential.response.authenticatorData), '01');
+            assert_equals(bytesToHexString(credential.response.signature), '02');
+            assert_equals(bytesToHexString(credential.response.userHandle), '03');
             try {
                 assert_throws("NotSupportedError", credential.getClientExtensionResults());

trunk/LayoutTests/http/wpt/webauthn/resources/util.js

@@ -44 +44 @@
     }
 };
+
+function hexStringToUint8Array(hexString)
+{
+    if (hexString.length % 2 != 0)
+        throw "Invalid hexString";
+    var arrayBuffer = new Uint8Array(hexString.length / 2);
+
+    for (var i = 0; i < hexString.length; i += 2) {
+        var byteValue = parseInt(hexString.substr(i, 2), 16);
+        if (byteValue == NaN)
+            throw "Invalid hexString";
+        arrayBuffer[i/2] = byteValue;
+    }
+
+    return arrayBuffer;
+}

trunk/LayoutTests/imported/w3c/web-platform-tests/credential-management/credentialscontainer-create-basics.https-expected.txt

@@ -2 +2 @@
 PASS navigator.credentials.create() with no argument. 
 PASS navigator.credentials.create() with empty argument. 
-FAIL navigator.credentials.create() with valid PasswordCredentialData promise_test: Unhandled rejection with value: object "NotSupportedError: The operation is not supported."
-FAIL navigator.credentials.create() with valid HTMLFormElement promise_test: Unhandled rejection with value: object "NotSupportedError: The operation is not supported."
-FAIL navigator.credentials.create() with bogus password data assert_throws: function "function () { throw e }" threw object "NotSupportedError: The operation is not supported." ("NotSupportedError") expected object "TypeError" ("TypeError")
-FAIL navigator.credentials.create() with valid FederatedCredentialData promise_test: Unhandled rejection with value: object "NotSupportedError: The operation is not supported."
-FAIL navigator.credentials.create() with bogus federated data assert_throws: function "function () { throw e }" threw object "NotSupportedError: The operation is not supported." ("NotSupportedError") expected object "TypeError" ("TypeError")
+FAIL navigator.credentials.create() with valid PasswordCredentialData promise_test: Unhandled rejection with value: object "NotSupportedError: Only PublicKeyCredential is supported."
+FAIL navigator.credentials.create() with valid HTMLFormElement promise_test: Unhandled rejection with value: object "NotSupportedError: Only PublicKeyCredential is supported."
+FAIL navigator.credentials.create() with bogus password data assert_throws: function "function () { throw e }" threw object "NotSupportedError: Only PublicKeyCredential is supported." ("NotSupportedError") expected object "TypeError" ("TypeError")
+FAIL navigator.credentials.create() with valid FederatedCredentialData promise_test: Unhandled rejection with value: object "NotSupportedError: Only PublicKeyCredential is supported."
+FAIL navigator.credentials.create() with bogus federated data assert_throws: function "function () { throw e }" threw object "NotSupportedError: Only PublicKeyCredential is supported." ("NotSupportedError") expected object "TypeError" ("TypeError")
 PASS navigator.credentials.create() with bogus publicKey data 
 FAIL navigator.credentials.create() returns PublicKeyCredential promise_test: Unhandled rejection with value: object "TypeError: Member PublicKeyCredentialCreationOptions.pubKeyCredParams is required and must be an instance of sequence"
 PASS navigator.credentials.create() with both PasswordCredentialData and FederatedCredentialData 
-FAIL navigator.credentials.create() with bogus password and federated data assert_throws: function "function () { throw e }" threw object "NotSupportedError: The operation is not supported." ("NotSupportedError") expected object "TypeError" ("TypeError")
+FAIL navigator.credentials.create() with bogus password and federated data assert_throws: function "function () { throw e }" threw object "NotSupportedError: Only PublicKeyCredential is supported." ("NotSupportedError") expected object "TypeError" ("TypeError")
 PASS navigator.credentials.create() with bogus federated and publicKey data 
 PASS navigator.credentials.create() with bogus password and publicKey data 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2018-02-13  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebAuthN] Revisit the whole async model of task dispatching, timeout and aborting
+        https://bugs.webkit.org/show_bug.cgi?id=181946
+        <rdar://problem/37258262>
+
+        Reviewed by Chris Dumez.
+
+        This patch changes the original async model from a work queue to IPC between WebProcess
+        and UIProcess. Since all authenticator operations must be handled in the UIProcess due
+        to sandboxing, this message passing IPC async model then surpasses the original multi
+        threading model. To cooperate that, a CredentialsMessenger class is then created and
+        all task dispatching code is moved thre.
+
+        As an improvement over existing code, static functions from PublicKeyCredential are
+        moved to AuthenticatorManager. AuthenticatorManager is made as a singleton such that
+        when static functions are called, they could reach the CredentialsMessenger to interact
+        with UIProccess. CredentialsMessenger and AuthenticatorManager are separated so later
+        on when other Credential types are created, they can reuse the same IPC messenger.
+
+        What's more, a mock CredentialsMessenger is then created to mock behaviors of UIProcess
+        for testing purpose.
+
+        Covered by existing tests.
+
+        * DerivedSources.make:
+        * Modules/credentialmanagement/BasicCredential.h:
+        * Modules/credentialmanagement/CredentialsContainer.cpp:
+        (WebCore::CredentialsContainer::CredentialsContainer):
+        (WebCore::CredentialsContainer::doesHaveSameOriginAsItsAncestors):
+        (WebCore::CredentialsContainer::get):
+        (WebCore::CredentialsContainer::isCreate):
+        (WebCore::CredentialsContainer::PendingPromise::PendingPromise): Deleted.
+        (WebCore::CredentialsContainer::dispatchTask): Deleted.
+        * Modules/credentialmanagement/CredentialsContainer.h:
+        (WebCore::CredentialsContainer::PendingPromise::create): Deleted.
+        * Modules/credentialmanagement/CredentialsMessenger.cpp: Added.
+        (WebCore::CredentialsMessenger::exceptionReply):
+        (WebCore::CredentialsMessenger::addCreationCompletionHandler):
+        (WebCore::CredentialsMessenger::takeCreationCompletionHandler):
+        (WebCore::CredentialsMessenger::addRequestCompletionHandler):
+        (WebCore::CredentialsMessenger::takeRequestCompletionHandler):
+        (WebCore::CredentialsMessenger::addQueryCompletionHandler):
+        (WebCore::CredentialsMessenger::takeQueryCompletionHandler):
+        (WebCore::getIdFromAttestationObject):
+        * Modules/credentialmanagement/CredentialsMessenger.h: Added.
+        (WebCore::CreationReturnBundle::CreationReturnBundle):
+        (WebCore::AssertionReturnBundle::AssertionReturnBundle):
+        (WebCore::CredentialsMessenger::weakPtrFactory const):
+        * Modules/webauthn/Authenticator.cpp: Removed.
+        * Modules/webauthn/Authenticator.h: Removed.
+        * Modules/webauthn/AuthenticatorManager.cpp: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.cpp.
+        (WebCore::AuthenticatorManagerInternal::produceClientDataJson):
+        (WebCore::AuthenticatorManagerInternal::produceClientDataJsonHash):
+        (WebCore::AuthenticatorManagerInternal::initTimer):
+        (WebCore::AuthenticatorManagerInternal::didTimerFire):
+        (WebCore::AuthenticatorManager::singleton):
+        (WebCore::AuthenticatorManager::setMessenger):
+        (WebCore::AuthenticatorManager::create const):
+        (WebCore::AuthenticatorManager::discoverFromExternalSource const):
+        * Modules/webauthn/AuthenticatorManager.h: Copied from Source/WebCore/Modules/webauthn/AuthenticatorResponse.h.
+        * Modules/webauthn/AuthenticatorResponse.h:
+        * Modules/webauthn/PublicKeyCredential.cpp:
+        (WebCore::PublicKeyCredentialInternal::produceClientDataJson): Deleted.
+        (WebCore::PublicKeyCredentialInternal::produceClientDataJsonHash): Deleted.
+        (WebCore::PublicKeyCredentialInternal::getIdFromAttestationObject): Deleted.
+        (WebCore::PublicKeyCredential::collectFromCredentialStore): Deleted.
+        (WebCore::PublicKeyCredential::discoverFromExternalSource): Deleted.
+        (WebCore::PublicKeyCredential::store): Deleted.
+        (WebCore::PublicKeyCredential::create): Deleted.
+        (WebCore::PublicKeyCredential::rawId const): Deleted.
+        (WebCore::PublicKeyCredential::response const): Deleted.
+        * Modules/webauthn/PublicKeyCredential.h:
+        * Sources.txt:
+        * WebCore.xcodeproj/project.pbxproj:
+        * testing/Internals.cpp:
+        (WebCore::Internals::Internals):
+        (WebCore::Internals::mockCredentialsMessenger const):
+        * testing/Internals.h:
+        * testing/Internals.idl:
+        * testing/MockCredentialsMessenger.cpp: Added.
+        (WebCore::MockCredentialsMessenger::setAttestationObject):
+        (WebCore::MockCredentialsMessenger::setAssertionReturnBundle):
+        (WebCore::MockCredentialsMessenger::makeCredential):
+        (WebCore::MockCredentialsMessenger::getAssertion):
+        (WebCore::MockCredentialsMessenger::makeCredentialReply):
+        (WebCore::MockCredentialsMessenger::getAssertionReply):
+        * testing/MockCredentialsMessenger.h: Copied from Source/WebCore/Modules/webauthn/AuthenticatorResponse.h.
+        * testing/MockCredentialsMessenger.idl: Copied from Source/WebCore/Modules/webauthn/AuthenticatorResponse.h.
+
 2018-02-13  Zalan Bujtas  <zalan@apple.com>
 

trunk/Source/WebCore/DerivedSources.make

@@ -948 +948 @@
     $(WebCore)/testing/MockCDMFactory.idl \
     $(WebCore)/testing/MockContentFilterSettings.idl \
+    $(WebCore)/testing/MockCredentialsMessenger.idl \
     $(WebCore)/testing/MockPageOverlay.idl \
     $(WebCore)/testing/MockPaymentAddress.idl \

trunk/Source/WebCore/Modules/credentialmanagement/BasicCredential.h

@@ -28 +28 @@
 #if ENABLE(WEB_AUTHN)
 
-#include <wtf/ThreadSafeRefCounted.h>
+#include <wtf/RefCounted.h>
 #include <wtf/TypeCasts.h>
 #include <wtf/text/WTFString.h>
@@ -34 +34 @@
 namespace WebCore {
 
-class BasicCredential : public ThreadSafeRefCounted<BasicCredential> {
+class BasicCredential : public RefCounted<BasicCredential> {
 public:
     enum class Type {

trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp

@@ -31 +31 @@
 
 #include "AbortSignal.h"
+#include "AuthenticatorManager.h"
 #include "CredentialCreationOptions.h"
 #include "CredentialRequestOptions.h"
 #include "Document.h"
 #include "ExceptionOr.h"
-#include "JSBasicCredential.h"
-#include "PublicKeyCredential.h"
+#include "JSDOMPromiseDeferred.h"
 #include "SecurityOrigin.h"
-#include <wtf/MainThread.h>
 
 namespace WebCore {
 
-CredentialsContainer::PendingPromise::PendingPromise(Ref<DeferredPromise>&& promise, std::unique_ptr<Timer>&& timer)
-    : promise(WTFMove(promise))
-    , timer(WTFMove(timer))
+CredentialsContainer::CredentialsContainer(WeakPtr<Document>&& document)
+    : m_document(WTFMove(document))
 {
 }
 
-CredentialsContainer::PendingPromise::PendingPromise(Ref<DeferredPromise>&& promise)
-    : promise(WTFMove(promise))
-{
-}
-
-CredentialsContainer::CredentialsContainer(WeakPtr<Document>&& document)
-    : m_document(WTFMove(document))
-    , m_workQueue(WorkQueue::create("com.apple.WebKit.CredentialQueue"))
-{
-}
-
-// The following implements https://w3c.github.io/webappsec-credential-management/#same-origin-with-its-ancestors
-// as of 14 November 2017.
 bool CredentialsContainer::doesHaveSameOriginAsItsAncestors()
 {
+    // The following implements https://w3c.github.io/webappsec-credential-management/#same-origin-with-its-ancestors
+    // as of 14 November 2017.
     if (!m_document)
         return false;
@@ -74 +61 @@
 }
 
-// FIXME(181946): Since the underlying authenticator model is not clear at this moment, the timer is moved to CredentialsContainer such that
-// timer can stay with main thread and therefore can easily time out activities on the work queue.
-// FIXME(181945): The usages of AbortSignal are also moved here for the very same reason. Also the AbortSignal is kind of bogus at this moment
-// since it doesn't support observers (or other means) to trigger the actual abort action. Enhancement to AbortSignal is needed.
-template<typename OperationType>
-void CredentialsContainer::dispatchTask(OperationType&& operation, Ref<DeferredPromise>&& promise, std::optional<unsigned long> timeOutInMs)
-{
-    ASSERT(isMainThread());
-    if (!m_document)
-        return;
-
-    auto* promiseIndex = promise.ptr();
-    auto weakThis = m_weakPtrFactory.createWeakPtr(*this);
-    // FIXME(181947): We should probably trim timeOutInMs to some max allowable number.
-    if (timeOutInMs) {
-        auto pendingPromise = PendingPromise::create(WTFMove(promise), std::make_unique<Timer>([promiseIndex, weakThis] () {
-            ASSERT(isMainThread());
-            if (weakThis) {
-                // A lock should not be needed as all callbacks are executed in the main thread.
-                if (auto promise = weakThis->m_pendingPromises.take(promiseIndex))
-                    promise.value()->promise->reject(Exception { NotAllowedError });
-            }
-        }));
-        pendingPromise->timer->startOneShot(Seconds(timeOutInMs.value() / 1000.0));
-        m_pendingPromises.add(promiseIndex, WTFMove(pendingPromise));
-    } else
-        m_pendingPromises.add(promiseIndex, PendingPromise::create(WTFMove(promise)));
-
-    auto task = [promiseIndex, weakThis, origin = m_document->securityOrigin().isolatedCopy(), isSameOriginWithItsAncestors = doesHaveSameOriginAsItsAncestors(), operation = WTFMove(operation)] () {
-        auto result = operation(origin, isSameOriginWithItsAncestors);
-        callOnMainThread([promiseIndex, weakThis, result = WTFMove(result)] () mutable {
-            if (weakThis) {
-                // A lock should not be needed as all callbacks are executed in the main thread.
-                if (auto promise = weakThis->m_pendingPromises.take(promiseIndex)) {
-                    if (result.hasException())
-                        promise.value()->promise->reject(result.releaseException());
-                    else
-                        promise.value()->promise->resolve<IDLNullable<IDLInterface<BasicCredential>>>(result.returnValue().get());
-                }
-            }
-        });
-    };
-    m_workQueue->dispatch(WTFMove(task));
-}
-
 void CredentialsContainer::get(CredentialRequestOptions&& options, Ref<DeferredPromise>&& promise)
 {
     // The following implements https://www.w3.org/TR/credential-management-1/#algorithm-request as of 4 August 2017
     // with enhancement from 14 November 2017 Editor's Draft.
-    // FIXME: Optional options are passed with no contents. It should be std::optional.
-    if ((!options.signal && !options.publicKey) || !m_document) {
+    if (!m_document) {
         promise->reject(Exception { NotSupportedError });
         return;
     }
     if (options.signal && options.signal->aborted()) {
-        promise->reject(Exception { AbortError });
+        promise->reject(Exception { AbortError, ASCIILiteral("Aborted by AbortSignal.") });
         return;
     }
@@ -139 +80 @@
     // be requested from [[discoverFromExternalSource]].
     if (!options.publicKey) {
-        promise->reject(Exception { NotSupportedError });
+        promise->reject(Exception { NotSupportedError, ASCIILiteral("Only PublicKeyCredential is supported.") });
         return;
     }
 
-    auto timeout = options.publicKey->timeout;
-    auto operation = [options = WTFMove(options.publicKey.value())] (const SecurityOrigin& origin, bool isSameOriginWithItsAncestors) {
-        return PublicKeyCredential::discoverFromExternalSource(origin, options, isSameOriginWithItsAncestors);
-    };
-    dispatchTask(WTFMove(operation), WTFMove(promise), timeout);
+    // Async operations are dispatched/handled in (Web)CredentialMessenger, which exchanges messages between WebProcess and UIProcess.
+    AuthenticatorManager::singleton().discoverFromExternalSource(m_document->securityOrigin(), options.publicKey.value(), doesHaveSameOriginAsItsAncestors(), WTFMove(options.signal), WTFMove(promise));
 }
 
 void CredentialsContainer::store(const BasicCredential&, Ref<DeferredPromise>&& promise)
 {
-    promise->reject(Exception { NotSupportedError });
+    promise->reject(Exception { NotSupportedError, ASCIILiteral("Not implemented.") });
 }
 
@@ -159 +97 @@
     // The following implements https://www.w3.org/TR/credential-management-1/#algorithm-create as of 4 August 2017
     // with enhancement from 14 November 2017 Editor's Draft.
-    // FIXME: Optional options are passed with no contents. It should be std::optional.
-    if ((!options.signal && !options.publicKey) || !m_document) {
+    if (!m_document) {
         promise->reject(Exception { NotSupportedError });
         return;
     }
     if (options.signal && options.signal->aborted()) {
-        promise->reject(Exception { AbortError });
+        promise->reject(Exception { AbortError, ASCIILiteral("Aborted by AbortSignal.") });
         return;
     }
@@ -171 +108 @@
     ASSERT(m_document->isSecureContext());
 
-    // Step 3-4. Shortcut as we only support one kind of credentials.
+    // Step 3-7. Shortcut as we only support one kind of credentials.
     if (!options.publicKey) {
-        promise->reject(Exception { NotSupportedError });
+        promise->reject(Exception { NotSupportedError, ASCIILiteral("Only PublicKeyCredential is supported.") });
         return;
     }
 
-    auto timeout = options.publicKey->timeout;
-    // Step 5-7.
-    auto operation = [options = WTFMove(options.publicKey.value())] (const SecurityOrigin& origin, bool isSameOriginWithItsAncestors) {
-        // Shortcut as well.
-        return PublicKeyCredential::create(origin, options, isSameOriginWithItsAncestors);
-    };
-    dispatchTask(WTFMove(operation), WTFMove(promise), timeout);
+    // Async operations are dispatched/handled in (Web)CredentialMessenger, which exchanges messages between WebProcess and UIProcess.
+    AuthenticatorManager::singleton().create(m_document->securityOrigin(), options.publicKey.value(), doesHaveSameOriginAsItsAncestors(), WTFMove(options.signal), WTFMove(promise));
 }
 
 void CredentialsContainer::preventSilentAccess(Ref<DeferredPromise>&& promise) const
 {
-    promise->reject(Exception { NotSupportedError });
+    promise->reject(Exception { NotSupportedError, ASCIILiteral("Not implemented.") });
 }
 

trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.h

@@ -29 +29 @@
 #if ENABLE(WEB_AUTHN)
 
-#include "JSDOMPromiseDeferred.h"
-#include "Timer.h"
-#include <wtf/Function.h>
 #include <wtf/RefCounted.h>
 #include <wtf/WeakPtr.h>
-#include <wtf/WorkQueue.h>
 
 namespace WebCore {
 
 class BasicCredential;
+class DeferredPromise;
 class Document;
 
@@ -60 +57 @@
 
     bool doesHaveSameOriginAsItsAncestors();
-    template<typename OperationType>
-    void dispatchTask(OperationType&&, Ref<DeferredPromise>&&, std::optional<unsigned long> timeOutInMs = std::nullopt);
 
     WeakPtr<Document> m_document;
-    Ref<WorkQueue> m_workQueue;
-    WeakPtrFactory<CredentialsContainer> m_weakPtrFactory;
-
-    // Bundle promise and timer, such that the timer can
-    // times out the corresponding promsie.
-    struct PendingPromise : public RefCounted<PendingPromise> {
-        static Ref<PendingPromise> create(Ref<DeferredPromise>&& promise, std::unique_ptr<Timer>&& timer)
-        {
-            return adoptRef(*new PendingPromise(WTFMove(promise), WTFMove(timer)));
-        }
-        static Ref<PendingPromise> create(Ref<DeferredPromise>&& promise)
-        {
-            return adoptRef(*new PendingPromise(WTFMove(promise)));
-        }
-
-    private:
-        PendingPromise(Ref<DeferredPromise>&&, std::unique_ptr<Timer>&&);
-        PendingPromise(Ref<DeferredPromise>&&);
-
-    public:
-        Ref<DeferredPromise> promise;
-        std::unique_ptr<Timer> timer;
-    };
-    HashMap<DeferredPromise*, Ref<PendingPromise>> m_pendingPromises;
 };
 

trunk/Source/WebCore/Modules/webauthn/AuthenticatorManager.h

@@ -28 +28 @@
 #if ENABLE(WEB_AUTHN)
 
-#include <JavaScriptCore/ArrayBuffer.h>
-#include <wtf/ThreadSafeRefCounted.h>
-#include <wtf/TypeCasts.h>
+#include <wtf/Forward.h>
+#include <wtf/Noncopyable.h>
+#include <wtf/WeakPtr.h>
 
 namespace WebCore {
 
-class AuthenticatorResponse : public ThreadSafeRefCounted<AuthenticatorResponse> {
+class AbortSignal;
+class CredentialsMessenger;
+class DeferredPromise;
+class SecurityOrigin;
+
+struct PublicKeyCredentialCreationOptions;
+struct PublicKeyCredentialRequestOptions;
+
+class AuthenticatorManager {
+    WTF_MAKE_NONCOPYABLE(AuthenticatorManager);
+    friend class NeverDestroyed<AuthenticatorManager>;
 public:
-    enum class Type {
-        Assertion,
-        Attestation
-    };
+    WEBCORE_EXPORT static AuthenticatorManager& singleton();
+    WEBCORE_EXPORT void setMessenger(CredentialsMessenger&);
 
-    explicit AuthenticatorResponse(RefPtr<ArrayBuffer>&&);
-    virtual ~AuthenticatorResponse() = default;
-
-    virtual Type type() const = 0;
-
-    ArrayBuffer* clientDataJSON() const;
+    // The following methods implement static methods of PublicKeyCredential.
+    void create(const SecurityOrigin&, const PublicKeyCredentialCreationOptions&, bool sameOriginWithAncestors, RefPtr<AbortSignal>&&, Ref<DeferredPromise>&&) const;
+    void discoverFromExternalSource(const SecurityOrigin&, const PublicKeyCredentialRequestOptions&, bool sameOriginWithAncestors, RefPtr<AbortSignal>&&, Ref<DeferredPromise>&&) const;
 
 private:
-    RefPtr<ArrayBuffer> m_clientDataJSON;
+    AuthenticatorManager() = default;
+
+    WeakPtr<CredentialsMessenger> m_messenger;
 };
 
 } // namespace WebCore
 
-#define SPECIALIZE_TYPE_TRAITS_AUTHENTICATOR_RESPONSE(ToClassName, Type) \
-SPECIALIZE_TYPE_TRAITS_BEGIN(WebCore::ToClassName) \
-    static bool isType(const WebCore::AuthenticatorResponse& response) { return response.type() == WebCore::Type; } \
-SPECIALIZE_TYPE_TRAITS_END()
-
 #endif // ENABLE(WEB_AUTHN)

trunk/Source/WebCore/Modules/webauthn/AuthenticatorResponse.h

@@ -29 +29 @@
 
 #include <JavaScriptCore/ArrayBuffer.h>
-#include <wtf/ThreadSafeRefCounted.h>
+#include <wtf/RefCounted.h>
 #include <wtf/TypeCasts.h>
 
 namespace WebCore {
 
-class AuthenticatorResponse : public ThreadSafeRefCounted<AuthenticatorResponse> {
+class AuthenticatorResponse : public RefCounted<AuthenticatorResponse> {
 public:
     enum class Type {

trunk/Source/WebCore/Modules/webauthn/PublicKeyCredential.cpp

@@ -29 +29 @@
 #if ENABLE(WEB_AUTHN)
 
-#include "Authenticator.h"
-#include "AuthenticatorResponse.h"
 #include "JSDOMPromiseDeferred.h"
-#include "PublicKeyCredentialCreationOptions.h"
-#include "PublicKeyCredentialRequestOptions.h"
-#include "SecurityOrigin.h"
-#include <pal/crypto/CryptoDigest.h>
-#include <wtf/CurrentTime.h>
-#include <wtf/JSONValues.h>
 #include <wtf/text/Base64.h>
 
 namespace WebCore {
-
-namespace PublicKeyCredentialInternal {
-
-// The layout of attestation object: https://www.w3.org/TR/webauthn/#attestation-object as of 5 December 2017.
-// Here is a summary before CredentialID in the layout. All lengths are fixed.
-// RP ID hash (32) || FLAGS (1) || COUNTER (4) || AAGUID (16) || L (2) || CREDENTIAL ID (?) || ...
-static constexpr size_t CredentialIdLengthOffset = 43;
-
-enum class ClientDataType {
-    Create,
-    Get
-};
-
-// FIXME(181948): Add token binding ID and extensions.
-static Ref<ArrayBuffer> produceClientDataJson(ClientDataType type, const BufferSource& challenge, const SecurityOrigin& origin)
-{
-    auto object = JSON::Object::create();
-    switch (type) {
-    case ClientDataType::Create:
-        object->setString(ASCIILiteral("type"), ASCIILiteral("webauthn.create"));
-        break;
-    case ClientDataType::Get:
-        object->setString(ASCIILiteral("type"), ASCIILiteral("webauthn.get"));
-        break;
-    }
-    object->setString(ASCIILiteral("challenge"), WTF::base64URLEncode(challenge.data(), challenge.length()));
-    object->setString(ASCIILiteral("origin"), origin.toRawString());
-    // FIXME: This might be platform dependent.
-    object->setString(ASCIILiteral("hashAlgorithm"), ASCIILiteral("SHA-256"));
-
-    auto utf8JSONString = object->toJSONString().utf8();
-    return ArrayBuffer::create(utf8JSONString.data(), utf8JSONString.length());
-}
-
-static Vector<uint8_t> produceClientDataJsonHash(const Ref<ArrayBuffer>& clientDataJson)
-{
-    auto crypto = PAL::CryptoDigest::create(PAL::CryptoDigest::Algorithm::SHA_256);
-    crypto->addBytes(clientDataJson->data(), clientDataJson->byteLength());
-    return crypto->computeHash();
-}
-
-static RefPtr<ArrayBuffer> getIdFromAttestationObject(const Vector<uint8_t>& attestationObject)
-{
-    // The byte length of L is 2.
-    if (attestationObject.size() < CredentialIdLengthOffset + 2)
-        return nullptr;
-    size_t length = (attestationObject[CredentialIdLengthOffset] << 8) + attestationObject[CredentialIdLengthOffset + 1];
-    if (attestationObject.size() < CredentialIdLengthOffset + 2 + length)
-        return nullptr;
-    return ArrayBuffer::create(attestationObject.data() + CredentialIdLengthOffset + 2, length);
-}
-
-} // namespace PublicKeyCredentialInternal
 
 PublicKeyCredential::PublicKeyCredential(RefPtr<ArrayBuffer>&& id, RefPtr<AuthenticatorResponse>&& response)
@@ -100 +39 @@
     , m_response(WTFMove(response))
 {
-}
-
-Vector<Ref<BasicCredential>> PublicKeyCredential::collectFromCredentialStore(PublicKeyCredentialRequestOptions&&, bool)
-{
-    return { };
-}
-
-ExceptionOr<RefPtr<BasicCredential>> PublicKeyCredential::discoverFromExternalSource(const SecurityOrigin& callerOrigin, const PublicKeyCredentialRequestOptions& options, bool sameOriginWithAncestors)
-{
-    using namespace PublicKeyCredentialInternal;
-
-    // The following implements https://www.w3.org/TR/webauthn/#createCredential as of 5 December 2017.
-    // FIXME: Extensions are not supported yet. Skip Step 8-9.
-    // Step 1, 3-4, 13, 16 are handled by the caller, including options sanitizing, timer and abort signal.
-    // Step 2.
-    if (!sameOriginWithAncestors)
-        return Exception { NotAllowedError };
-
-    // Step 5-7.
-    // FIXME(181950): We lack fundamental support from SecurityOrigin to determine if a host is a valid domain or not.
-    // Step 6 is therefore skipped. Also, we lack the support to determine whether a domain is a registrable
-    // domain suffix of another domain. Hence restrict the comparison to equal in Step 7.
-    if (!options.rpId.isEmpty() && !(callerOrigin.host() == options.rpId))
-        return Exception { SecurityError };
-    if (options.rpId.isEmpty())
-        options.rpId = callerOrigin.host();
-
-    // Step 10-12.
-    auto clientDataJson = produceClientDataJson(ClientDataType::Get, options.challenge, callerOrigin);
-    auto clientDataJsonHash = produceClientDataJsonHash(clientDataJson);
-
-    // Step 14-15, 17-19.
-    // Only platform attachments will be supported at this stage. Assuming one authenticator per device.
-    // Also, resident keys, user verifications and direct attestation are enforced at this tage.
-    // For better performance, no filtering is done here regarding to options.excludeCredentials.
-    // What's more, user cancellations effectively means NotAllowedError. Therefore, the below call
-    // will only returns either an exception or a PublicKeyCredential ref.
-    // FIXME(181946): The following operation might need to perform async.
-    auto result = Authenticator::singleton().getAssertion(options.rpId, clientDataJsonHash, options.allowCredentials);
-    if (result.hasException())
-        return result.releaseException();
-
-    auto bundle = result.releaseReturnValue();
-    return ExceptionOr<RefPtr<BasicCredential>>(PublicKeyCredential::create(WTFMove(bundle.credentialID), AuthenticatorAssertionResponse::create(WTFMove(clientDataJson), WTFMove(bundle.authenticatorData), WTFMove(bundle.signature), WTFMove(bundle.userHandle))));
-}
-
-RefPtr<BasicCredential> PublicKeyCredential::store(RefPtr<BasicCredential>&&, bool)
-{
-    return nullptr;
-}
-
-ExceptionOr<RefPtr<BasicCredential>> PublicKeyCredential::create(const SecurityOrigin& callerOrigin, const PublicKeyCredentialCreationOptions& options, bool sameOriginWithAncestors)
-{
-    using namespace PublicKeyCredentialInternal;
-
-    // The following implements https://www.w3.org/TR/webauthn/#createCredential as of 5 December 2017.
-    // FIXME: Extensions are not supported yet. Skip Step 11-12.
-    // Step 1, 3-4, 16-17 are handled by the caller, including options sanitizing, timer and abort signal.
-    // Step 2.
-    if (!sameOriginWithAncestors)
-        return Exception { NotAllowedError };
-
-    // Step 5-7.
-    // FIXME(181950): We lack fundamental support from SecurityOrigin to determine if a host is a valid domain or not.
-    // Step 6 is therefore skipped. Also, we lack the support to determine whether a domain is a registrable
-    // domain suffix of another domain. Hence restrict the comparison to equal in Step 7.
-    if (!options.rp.id.isEmpty() && !(callerOrigin.host() == options.rp.id))
-        return Exception { SecurityError };
-    if (options.rp.id.isEmpty())
-        options.rp.id = callerOrigin.host();
-
-    // Step 8-10.
-    // Most of the jobs are done by bindings. However, we can't know if the JSValue of options.pubKeyCredParams
-    // is empty or not. Return NotSupportedError as long as it is empty.
-    if (options.pubKeyCredParams.isEmpty())
-        return Exception { NotSupportedError };
-
-    // Step 13-15.
-    auto clientDataJson = produceClientDataJson(ClientDataType::Create, options.challenge, callerOrigin);
-    auto clientDataJsonHash = produceClientDataJsonHash(clientDataJson);
-
-    // Step 18-21.
-    // Only platform attachments will be supported at this stage. Assuming one authenticator per device.
-    // Also, resident keys, user verifications and direct attestation are enforced at this tage.
-    // For better performance, no filtering is done here regarding to options.excludeCredentials.
-    // What's more, user cancellations effectively means NotAllowedError. Therefore, the below call
-    // will only returns either an exception or a PublicKeyCredential ref.
-    // FIXME(181946): The following operation might need to perform async.
-    auto result = Authenticator::singleton().makeCredential(clientDataJsonHash, options.rp, options.user, options.pubKeyCredParams, options.excludeCredentials);
-    if (result.hasException())
-        return result.releaseException();
-
-    auto attestationObject = result.releaseReturnValue();
-    return ExceptionOr<RefPtr<BasicCredential>>(PublicKeyCredential::create(getIdFromAttestationObject(attestationObject), AuthenticatorAttestationResponse::create(WTFMove(clientDataJson), ArrayBuffer::create(attestationObject.data(), attestationObject.size()))));
-}
-
-ArrayBuffer* PublicKeyCredential::rawId() const
-{
-    return m_rawId.get();
-}
-
-AuthenticatorResponse* PublicKeyCredential::response() const
-{
-    return m_response.get();
 }
 

trunk/Source/WebCore/Modules/webauthn/PublicKeyCredential.h

@@ -37 +37 @@
 class AuthenticatorResponse;
 class DeferredPromise;
-class SecurityOrigin;
-
-struct PublicKeyCredentialCreationOptions;
-struct PublicKeyCredentialRequestOptions;
 
 class PublicKeyCredential final : public BasicCredential {
@@ -49 +45 @@
     }
 
-    static Vector<Ref<BasicCredential>> collectFromCredentialStore(PublicKeyCredentialRequestOptions&&, bool);
-    static ExceptionOr<RefPtr<BasicCredential>> discoverFromExternalSource(const SecurityOrigin&, const PublicKeyCredentialRequestOptions&, bool sameOriginWithAncestors);
-    static RefPtr<BasicCredential> store(RefPtr<BasicCredential>&&, bool);
-    static ExceptionOr<RefPtr<BasicCredential>> create(const SecurityOrigin&, const PublicKeyCredentialCreationOptions&, bool sameOriginWithAncestors);
-
-    ArrayBuffer* rawId() const;
-    AuthenticatorResponse* response() const;
+    ArrayBuffer* rawId() const { return m_rawId.get(); }
+    AuthenticatorResponse* response() const { return m_response.get(); }
     // Not support yet. Always throws.
     ExceptionOr<bool> getClientExtensionResults() const;

trunk/Source/WebCore/Sources.txt

@@ -46 +46 @@
 Modules/credentialmanagement/BasicCredential.cpp
 Modules/credentialmanagement/CredentialsContainer.cpp
+Modules/credentialmanagement/CredentialsMessenger.cpp
 Modules/credentialmanagement/NavigatorCredentials.cpp
 
@@ -245 +246 @@
 Modules/webaudio/WaveShaperProcessor.cpp
 
-Modules/webauthn/Authenticator.cpp
 Modules/webauthn/AuthenticatorAssertionResponse.cpp
 Modules/webauthn/AuthenticatorAttestationResponse.cpp
+Modules/webauthn/AuthenticatorManager.cpp
 Modules/webauthn/AuthenticatorResponse.cpp
 Modules/webauthn/PublicKeyCredential.cpp

trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj

@@ -1663 +1663 @@
                 57303C2C2009B4A800355965 /* AuthenticatorAssertionResponse.h in Headers */ = {isa = PBXBuildFile; fileRef = 57303C272009B2FC00355965 /* AuthenticatorAssertionResponse.h */; };
                 57303C2F2009B7E100355965 /* JSAuthenticatorAssertionResponse.h in Headers */ = {isa = PBXBuildFile; fileRef = 57303C2D2009B7D900355965 /* JSAuthenticatorAssertionResponse.h */; };
-                57303C4620105D2F00355965 /* Authenticator.h in Headers */ = {isa = PBXBuildFile; fileRef = 57303C4320105B3D00355965 /* Authenticator.h */; };
+                57303C4620105D2F00355965 /* AuthenticatorManager.h in Headers */ = {isa = PBXBuildFile; fileRef = 57303C4320105B3D00355965 /* AuthenticatorManager.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 573489391DAC6B6E00DC0667 /* CryptoAlgorithmParameters.h in Headers */ = {isa = PBXBuildFile; fileRef = 573489381DAC6B6D00DC0667 /* CryptoAlgorithmParameters.h */; };
                 5739E12F1DAC7F7800E14383 /* JSCryptoAlgorithmParameters.h in Headers */ = {isa = PBXBuildFile; fileRef = 5739E12E1DAC7F7800E14383 /* JSCryptoAlgorithmParameters.h */; };
@@ -1671 +1671 @@
                 5750A9871E6A216800705C4A /* CryptoAlgorithmECDH.h in Headers */ = {isa = PBXBuildFile; fileRef = 5750A9851E6A216800705C4A /* CryptoAlgorithmECDH.h */; };
                 5754719F1ECE628300DD63B2 /* JSRsaPssParams.h in Headers */ = {isa = PBXBuildFile; fileRef = 575471991ECE5D2A00DD63B2 /* JSRsaPssParams.h */; };
+                5760827220215A5500116678 /* CredentialsMessenger.h in Headers */ = {isa = PBXBuildFile; fileRef = 576082702021513F00116678 /* CredentialsMessenger.h */; settings = {ATTRIBUTES = (Private, ); }; };
+                5760827A2024EA5C00116678 /* MockCredentialsMessenger.h in Headers */ = {isa = PBXBuildFile; fileRef = 5760827820244DAB00116678 /* MockCredentialsMessenger.h */; };
+                5760827B2024ED2900116678 /* MockCredentialsMessenger.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5760827920244DAC00116678 /* MockCredentialsMessenger.cpp */; };
+                5760828620256AFA00116678 /* JSMockCredentialsMessenger.h in Headers */ = {isa = PBXBuildFile; fileRef = 576082822025679700116678 /* JSMockCredentialsMessenger.h */; };
+                5760828820256AFD00116678 /* JSMockCredentialsMessenger.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 576082812025679600116678 /* JSMockCredentialsMessenger.cpp */; };
                 5768142A1E6F99C100E77754 /* CryptoAlgorithmEcdhKeyDeriveParams.h in Headers */ = {isa = PBXBuildFile; fileRef = 576814291E6F99C100E77754 /* CryptoAlgorithmEcdhKeyDeriveParams.h */; };
                 576814411E709FA400E77754 /* JSEcdhKeyDeriveParams.h in Headers */ = {isa = PBXBuildFile; fileRef = 5768143E1E709C3600E77754 /* JSEcdhKeyDeriveParams.h */; };
@@ -8240 +8245 @@
                 57303C2D2009B7D900355965 /* JSAuthenticatorAssertionResponse.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSAuthenticatorAssertionResponse.h; sourceTree = "<group>"; };
                 57303C2E2009B7DA00355965 /* JSAuthenticatorAssertionResponse.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSAuthenticatorAssertionResponse.cpp; sourceTree = "<group>"; };
-                57303C4320105B3D00355965 /* Authenticator.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = Authenticator.h; sourceTree = "<group>"; };
-                57303C4420105B3D00355965 /* Authenticator.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = Authenticator.cpp; sourceTree = "<group>"; };
+                57303C4320105B3D00355965 /* AuthenticatorManager.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AuthenticatorManager.h; sourceTree = "<group>"; };
+                57303C4420105B3D00355965 /* AuthenticatorManager.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = AuthenticatorManager.cpp; sourceTree = "<group>"; };
                 573489381DAC6B6D00DC0667 /* CryptoAlgorithmParameters.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CryptoAlgorithmParameters.h; sourceTree = "<group>"; };
                 5739E12E1DAC7F7800E14383 /* JSCryptoAlgorithmParameters.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSCryptoAlgorithmParameters.h; sourceTree = "<group>"; };
@@ -8260 +8265 @@
                 5760824F20118D8D00116678 /* JSBasicCredentialCustom.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = JSBasicCredentialCustom.cpp; sourceTree = "<group>"; };
                 576082562011BE0200116678 /* JSAuthenticatorResponseCustom.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = JSAuthenticatorResponseCustom.cpp; sourceTree = "<group>"; };
+                576082702021513F00116678 /* CredentialsMessenger.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = CredentialsMessenger.h; sourceTree = "<group>"; };
+                5760827820244DAB00116678 /* MockCredentialsMessenger.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MockCredentialsMessenger.h; sourceTree = "<group>"; };
+                5760827920244DAC00116678 /* MockCredentialsMessenger.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = MockCredentialsMessenger.cpp; sourceTree = "<group>"; };
+                57608280202556F400116678 /* MockCredentialsMessenger.idl */ = {isa = PBXFileReference; lastKnownFileType = text; path = MockCredentialsMessenger.idl; sourceTree = "<group>"; };
+                576082812025679600116678 /* JSMockCredentialsMessenger.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSMockCredentialsMessenger.cpp; sourceTree = "<group>"; };
+                576082822025679700116678 /* JSMockCredentialsMessenger.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSMockCredentialsMessenger.h; sourceTree = "<group>"; };
+                57608293202BA95300116678 /* CredentialsMessenger.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = CredentialsMessenger.cpp; sourceTree = "<group>"; };
                 576814281E6F98AD00E77754 /* EcdhKeyDeriveParams.idl */ = {isa = PBXFileReference; lastKnownFileType = text; path = EcdhKeyDeriveParams.idl; sourceTree = "<group>"; };
                 576814291E6F99C100E77754 /* CryptoAlgorithmEcdhKeyDeriveParams.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CryptoAlgorithmEcdhKeyDeriveParams.h; sourceTree = "<group>"; };
@@ -16489 +16501 @@
                                 A1B5B29D1AAA846E008B6042 /* MockContentFilterSettings.h */,
                                 A19AEA1C1AAA7C4900B52B25 /* MockContentFilterSettings.idl */,
+                                5760827920244DAC00116678 /* MockCredentialsMessenger.cpp */,
+                                5760827820244DAB00116678 /* MockCredentialsMessenger.h */,
+                                57608280202556F400116678 /* MockCredentialsMessenger.idl */,
                                 51058AD71D679257009A538C /* MockGamepad.cpp */,
                                 51058AD81D679257009A538C /* MockGamepad.h */,
@@ -16539 +16554 @@
                                 A19AEA1D1AAA806E00B52B25 /* JSMockContentFilterSettings.cpp */,
                                 A19AEA1E1AAA806E00B52B25 /* JSMockContentFilterSettings.h */,
+                                576082812025679600116678 /* JSMockCredentialsMessenger.cpp */,
+                                576082822025679700116678 /* JSMockCredentialsMessenger.h */,
                                 2D6F3E921C1F85550061DBD4 /* JSMockPageOverlay.cpp */,
                                 2D6F3E931C1F85550061DBD4 /* JSMockPageOverlay.h */,
@@ -18197 +18214 @@
                                 77D510161ED6021B00DA4C87 /* CredentialsContainer.h */,
                                 57D846291FE99F6300CA3682 /* CredentialsContainer.idl */,
+                                57608293202BA95300116678 /* CredentialsMessenger.cpp */,
+                                576082702021513F00116678 /* CredentialsMessenger.h */,
                                 57D846241FE895F500CA3682 /* NavigatorCredentials.cpp */,
                                 57D846261FE895F800CA3682 /* NavigatorCredentials.h */,
@@ -18225 +18244 @@
                         children = (
                                 57303BB32006C6ED00355965 /* cbor */,
-                                57303C4420105B3D00355965 /* Authenticator.cpp */,
-                                57303C4320105B3D00355965 /* Authenticator.h */,
                                 57303C282009B2FC00355965 /* AuthenticatorAssertionResponse.cpp */,
                                 57303C272009B2FC00355965 /* AuthenticatorAssertionResponse.h */,
@@ -18233 +18250 @@
                                 57303C1B2009A98600355965 /* AuthenticatorAttestationResponse.h */,
                                 57303C1D2009A98600355965 /* AuthenticatorAttestationResponse.idl */,
+                                57303C4420105B3D00355965 /* AuthenticatorManager.cpp */,
+                                57303C4320105B3D00355965 /* AuthenticatorManager.h */,
                                 57303BD020087A8300355965 /* AuthenticatorResponse.cpp */,
                                 57303BCF20087A8300355965 /* AuthenticatorResponse.h */,
@@ -26377 +26396 @@
                                 538EC9331F99B9F7004D22A8 /* JSMockCDMFactory.h in Headers */,
                                 A19AEA211AAA808600B52B25 /* JSMockContentFilterSettings.h in Headers */,
+                                5760828620256AFA00116678 /* JSMockCredentialsMessenger.h in Headers */,
                                 538EC9341F99B9F7004D22A8 /* JSMockPageOverlay.h in Headers */,
                                 A146D3231F99D0EF00D29196 /* JSMockPaymentAddress.h in Headers */,
@@ -26385 +26405 @@
                                 A1BF6B831AA96C7D00AF4A8A /* MockContentFilter.h in Headers */,
                                 A1B5B29F1AAA846F008B6042 /* MockContentFilterSettings.h in Headers */,
+                                5760827A2024EA5C00116678 /* MockCredentialsMessenger.h in Headers */,
                                 51058ADC1D6792C1009A538C /* MockGamepad.h in Headers */,
                                 51058ADE1D6792C1009A538C /* MockGamepadProvider.h in Headers */,
@@ -26565 +26586 @@
                                 E124748410AA161D00B79493 /* AuthenticationClient.h in Headers */,
                                 514C764C0CE9234E007EF3CD /* AuthenticationMac.h in Headers */,
-                                57303C4620105D2F00355965 /* Authenticator.h in Headers */,
                                 57303C2C2009B4A800355965 /* AuthenticatorAssertionResponse.h in Headers */,
                                 57303C1F2009AB4200355965 /* AuthenticatorAttestationResponse.h in Headers */,
+                                57303C4620105D2F00355965 /* AuthenticatorManager.h in Headers */,
                                 57303BD220087A8300355965 /* AuthenticatorResponse.h in Headers */,
                                 A501920E132EBF2E008BFE55 /* Autocapitalize.h in Headers */,
@@ -26825 +26846 @@
                                 77D5100B1ED5E28800DA4C87 /* CredentialRequestOptions.h in Headers */,
                                 77D510171ED6022200DA4C87 /* CredentialsContainer.h in Headers */,
+                                5760827220215A5500116678 /* CredentialsMessenger.h in Headers */,
                                 51A052331058774F00CC9E95 /* CredentialStorage.h in Headers */,
                                 2D481F02146B5C5500AA7834 /* CrossfadeGeneratedImage.h in Headers */,
@@ -30703 +30725 @@
                                 CDF4B7321E03D06000E235A2 /* JSMockCDMFactory.cpp in Sources */,
                                 A19AEA221AAA808A00B52B25 /* JSMockContentFilterSettings.cpp in Sources */,
+                                5760828820256AFD00116678 /* JSMockCredentialsMessenger.cpp in Sources */,
                                 2D4150DE1C1F868C000A3BA2 /* JSMockPageOverlay.cpp in Sources */,
                                 A146D3221F99D0EC00D29196 /* JSMockPaymentAddress.cpp in Sources */,
@@ -30712 +30735 @@
                                 A1BF6B821AA96C7D00AF4A8A /* MockContentFilter.cpp in Sources */,
                                 A1B5B29E1AAA846E008B6042 /* MockContentFilterSettings.cpp in Sources */,
+                                5760827B2024ED2900116678 /* MockCredentialsMessenger.cpp in Sources */,
                                 51058ADB1D6792C1009A538C /* MockGamepad.cpp in Sources */,
                                 51058ADD1D6792C1009A538C /* MockGamepadProvider.cpp in Sources */,

trunk/Source/WebCore/testing/Internals.cpp

@@ -260 +260 @@
 #endif
 
+#if ENABLE(WEB_AUTHN)
+#include "AuthenticatorManager.h"
+#include "MockCredentialsMessenger.h"
+#endif
+
 using JSC::CallData;
 using JSC::CallType;
@@ -526 +531 @@
         frame->mainFrame().setPaymentCoordinator(std::make_unique<PaymentCoordinator>(*m_mockPaymentCoordinator));
     }
+#endif
+
+#if ENABLE(WEB_AUTHN)
+    m_mockCredentialsMessenger = std::make_unique<MockCredentialsMessenger>(*this);
+    AuthenticatorManager::singleton().setMessenger(*m_mockCredentialsMessenger);
 #endif
 }
@@ -4376 +4386 @@
 #endif
 
+#if ENABLE(WEB_AUTHN)
+MockCredentialsMessenger& Internals::mockCredentialsMessenger() const
+{
+    return *m_mockCredentialsMessenger;
+}
+#endif
+
 } // namespace WebCore

trunk/Source/WebCore/testing/Internals.h

@@ -72 +72 @@
 class MockCDMFactory;
 class MockContentFilterSettings;
+class MockCredentialsMessenger;
 class MockPageOverlay;
 class MockPaymentCoordinator;
@@ -644 +645 @@
     void testIncomingSyncIPCMessageWhileWaitingForSyncReply();
 
+#if ENABLE(WEB_AUTHN)
+    MockCredentialsMessenger& mockCredentialsMessenger() const;
+#endif
+
 private:
     explicit Internals(Document&);
@@ -669 +674 @@
     MockPaymentCoordinator* m_mockPaymentCoordinator { nullptr };
 #endif
+
+#if ENABLE(WEB_AUTHN)
+    std::unique_ptr<MockCredentialsMessenger> m_mockCredentialsMessenger;
+#endif
 };
 

trunk/Source/WebCore/testing/Internals.idl

@@ -581 +581 @@
     [EnabledAtRuntime=WebAnimations] void setTimelineCurrentTime(AnimationTimeline timeline, double currentTime);
     [Conditional=APPLE_PAY] readonly attribute MockPaymentCoordinator mockPaymentCoordinator;
-};
+    [Conditional=WEB_AUTHN] readonly attribute MockCredentialsMessenger mockCredentialsMessenger;
+};

trunk/Source/WebCore/testing/MockCredentialsMessenger.h

@@ -28 +28 @@
 #if ENABLE(WEB_AUTHN)
 
-#include <JavaScriptCore/ArrayBuffer.h>
-#include <wtf/ThreadSafeRefCounted.h>
-#include <wtf/TypeCasts.h>
+#include "BufferSource.h"
+#include "CredentialsMessenger.h"
+#include <wtf/Forward.h>
 
 namespace WebCore {
 
-class AuthenticatorResponse : public ThreadSafeRefCounted<AuthenticatorResponse> {
+class Internals;
+
+class MockCredentialsMessenger final : public CredentialsMessenger {
 public:
-    enum class Type {
-        Assertion,
-        Attestation
-    };
+    MockCredentialsMessenger(Internals&);
 
-    explicit AuthenticatorResponse(RefPtr<ArrayBuffer>&&);
-    virtual ~AuthenticatorResponse() = default;
+    void setDidTimeOut() { m_didTimeOut = true; }
+    void setDidUserCancel() { m_didUserCancel = true; }
+    void setAttestationObject(const BufferSource&);
+    void setAssertionReturnBundle(const BufferSource& credentialId, const BufferSource& authenticatorData, const BufferSource& signature, const BufferSource& userHandle);
 
-    virtual Type type() const = 0;
-
-    ArrayBuffer* clientDataJSON() const;
+    void ref();
+    void deref();
 
 private:
-    RefPtr<ArrayBuffer> m_clientDataJSON;
+    void makeCredential(const Vector<uint8_t>&, const PublicKeyCredentialCreationOptions&, CreationCompletionHandler&&) final;
+    void getAssertion(const Vector<uint8_t>& hash, const PublicKeyCredentialRequestOptions&, RequestCompletionHandler&&) final;
+    void makeCredentialReply(uint64_t messageId, const Vector<uint8_t>&) final;
+    void getAssertionReply(uint64_t messageId, const Vector<uint8_t>& credentialId, const Vector<uint8_t>& authenticatorData, const Vector<uint8_t>& signature, const Vector<uint8_t>& userHandle) final;
+
+    Internals& m_internals;
+    // All following fields are disposable.
+    bool m_didTimeOut { false };
+    bool m_didUserCancel { false };
+    Vector<uint8_t> m_attestationObject;
+    Vector<uint8_t> m_credentialId;
+    Vector<uint8_t> m_authenticatorData;
+    Vector<uint8_t> m_signature;
+    Vector<uint8_t> m_userHandle;
 };
 
 } // namespace WebCore
 
-#define SPECIALIZE_TYPE_TRAITS_AUTHENTICATOR_RESPONSE(ToClassName, Type) \
-SPECIALIZE_TYPE_TRAITS_BEGIN(WebCore::ToClassName) \
-    static bool isType(const WebCore::AuthenticatorResponse& response) { return response.type() == WebCore::Type; } \
-SPECIALIZE_TYPE_TRAITS_END()
-
 #endif // ENABLE(WEB_AUTHN)

trunk/Source/WebCore/testing/MockCredentialsMessenger.idl

@@ -24 +24 @@
  */
 
-#pragma once
-
-#if ENABLE(WEB_AUTHN)
-
-#include <JavaScriptCore/ArrayBuffer.h>
-#include <wtf/ThreadSafeRefCounted.h>
-#include <wtf/TypeCasts.h>
-
-namespace WebCore {
-
-class AuthenticatorResponse : public ThreadSafeRefCounted<AuthenticatorResponse> {
-public:
-    enum class Type {
-        Assertion,
-        Attestation
-    };
-
-    explicit AuthenticatorResponse(RefPtr<ArrayBuffer>&&);
-    virtual ~AuthenticatorResponse() = default;
-
-    virtual Type type() const = 0;
-
-    ArrayBuffer* clientDataJSON() const;
-
-private:
-    RefPtr<ArrayBuffer> m_clientDataJSON;
+[
+    Conditional=WEB_AUTHN,
+    NoInterfaceObject,
+] interface MockCredentialsMessenger {
+    void setDidTimeOut();
+    void setDidUserCancel();
+    void setAttestationObject(BufferSource attestationObject);
+    void setAssertionReturnBundle(BufferSource credentialId, BufferSource authenticatorData, BufferSource signature, BufferSource userHandle);
 };
-
-} // namespace WebCore
-
-#define SPECIALIZE_TYPE_TRAITS_AUTHENTICATOR_RESPONSE(ToClassName, Type) \
-SPECIALIZE_TYPE_TRAITS_BEGIN(WebCore::ToClassName) \
-    static bool isType(const WebCore::AuthenticatorResponse& response) { return response.type() == WebCore::Type; } \
-SPECIALIZE_TYPE_TRAITS_END()
-
-#endif // ENABLE(WEB_AUTHN)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2018-02-13  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebAuthN] Revisit the whole async model of task dispatching, timeout and aborting
+        https://bugs.webkit.org/show_bug.cgi?id=181946
+        <rdar://problem/37258262>
+
+        Reviewed by Chris Dumez.
+
+        Dummy WebCredentialsMessenger and WebCredentialsMessengerProxy are crafted to establish
+        a message exchange channel between UIProcess and WebProcess.
+
+        * DerivedSources.make:
+        * UIProcess/CredentialManagement/WebCredentialsMessengerProxy.cpp: Copied from Source/WebCore/Modules/webauthn/AuthenticatorResponse.h.
+        (WebKit::WebCredentialsMessengerProxy::WebCredentialsMessengerProxy):
+        (WebKit::WebCredentialsMessengerProxy::~WebCredentialsMessengerProxy):
+        (WebKit::WebCredentialsMessengerProxy::makeCredential):
+        (WebKit::WebCredentialsMessengerProxy::getAssertion):
+        * UIProcess/CredentialManagement/WebCredentialsMessengerProxy.h: Copied from Source/WebCore/Modules/webauthn/AuthenticatorResponse.h.
+        * UIProcess/CredentialManagement/WebCredentialsMessengerProxy.messages.in: Added.
+        * UIProcess/WebPageProxy.cpp:
+        (WebKit::m_configurationPreferenceValues):
+        (WebKit::WebPageProxy::reattachToWebProcess):
+        * UIProcess/WebPageProxy.h:
+        * WebKit.xcodeproj/project.pbxproj:
+        * WebProcess/CredentialManagement/WebCredentialsMessenger.cpp: Copied from Source/WebCore/Modules/webauthn/AuthenticatorResponse.h.
+        (WebKit::WebCredentialsMessenger::WebCredentialsMessenger):
+        (WebKit::WebCredentialsMessenger::~WebCredentialsMessenger):
+        (WebKit::WebCredentialsMessenger::makeCredential):
+        (WebKit::WebCredentialsMessenger::getAssertion):
+        (WebKit::WebCredentialsMessenger::makeCredentialReply):
+        (WebKit::WebCredentialsMessenger::getAssertionReply):
+        * WebProcess/CredentialManagement/WebCredentialsMessenger.h: Copied from Source/WebCore/Modules/webauthn/AuthenticatorResponse.h.
+        * WebProcess/CredentialManagement/WebCredentialsMessenger.messages.in: Added.
+        * WebProcess/WebPage/WebPage.cpp:
+        (WebKit::m_credentialsMessenger):
+        (WebKit::m_cpuLimit): Deleted.
+        * WebProcess/WebPage/WebPage.h:
+
 2018-02-13  Youenn Fablet  <youenn@apple.com>
 

trunk/Source/WebKit/DerivedSources.make

@@ -44 +44 @@
     $(WebKit2)/WebProcess/Cache \
     $(WebKit2)/WebProcess/Cookies \
+    $(WebKit2)/WebProcess/CredentialManagement \
     $(WebKit2)/WebProcess/Databases/IndexedDB \
     $(WebKit2)/WebProcess/FullScreen \
@@ -69 +70 @@
     $(WebKit2)/UIProcess/Automation \
     $(WebKit2)/UIProcess/Cocoa \
+    $(WebKit2)/UIProcess/CredentialManagement \
     $(WebKit2)/UIProcess/Databases \
     $(WebKit2)/UIProcess/Downloads \
@@ -146 +148 @@
     WebCookieManager \
     WebCookieManagerProxy \
+    WebCredentialsMessenger \
+    WebCredentialsMessengerProxy \
     WebFullScreenManager \
     WebFullScreenManagerProxy \

trunk/Source/WebKit/UIProcess/CredentialManagement/WebCredentialsMessengerProxy.cpp

@@ -24 +24 @@
  */
 
-#pragma once
+#include "config.h"
+#include "WebCredentialsMessengerProxy.h"
 
 #if ENABLE(WEB_AUTHN)
 
-#include <JavaScriptCore/ArrayBuffer.h>
-#include <wtf/ThreadSafeRefCounted.h>
-#include <wtf/TypeCasts.h>
+#include "WebCredentialsMessengerMessages.h"
+#include "WebCredentialsMessengerProxyMessages.h"
+#include "WebPageProxy.h"
+#include "WebProcessProxy.h"
 
-namespace WebCore {
+namespace WebKit {
 
-class AuthenticatorResponse : public ThreadSafeRefCounted<AuthenticatorResponse> {
-public:
-    enum class Type {
-        Assertion,
-        Attestation
-    };
+WebCredentialsMessengerProxy::WebCredentialsMessengerProxy(WebPageProxy& webPageProxy)
+    : m_webPageProxy(webPageProxy)
+{
+    m_webPageProxy.process().addMessageReceiver(Messages::WebCredentialsMessengerProxy::messageReceiverName(), m_webPageProxy.pageID(), *this);
+}
 
-    explicit AuthenticatorResponse(RefPtr<ArrayBuffer>&&);
-    virtual ~AuthenticatorResponse() = default;
+WebCredentialsMessengerProxy::~WebCredentialsMessengerProxy()
+{
+    m_webPageProxy.process().removeMessageReceiver(Messages::WebCredentialsMessengerProxy::messageReceiverName(), m_webPageProxy.pageID());
+}
 
-    virtual Type type() const = 0;
+void WebCredentialsMessengerProxy::makeCredential(uint64_t)
+{
+}
 
-    ArrayBuffer* clientDataJSON() const;
+void WebCredentialsMessengerProxy::getAssertion(uint64_t)
+{
+}
 
-private:
-    RefPtr<ArrayBuffer> m_clientDataJSON;
-};
-
-} // namespace WebCore
-
-#define SPECIALIZE_TYPE_TRAITS_AUTHENTICATOR_RESPONSE(ToClassName, Type) \
-SPECIALIZE_TYPE_TRAITS_BEGIN(WebCore::ToClassName) \
-    static bool isType(const WebCore::AuthenticatorResponse& response) { return response.type() == WebCore::Type; } \
-SPECIALIZE_TYPE_TRAITS_END()
+} // namespace WebKit
 
 #endif // ENABLE(WEB_AUTHN)

trunk/Source/WebKit/UIProcess/CredentialManagement/WebCredentialsMessengerProxy.h

@@ -28 +28 @@
 #if ENABLE(WEB_AUTHN)
 
-#include <JavaScriptCore/ArrayBuffer.h>
-#include <wtf/ThreadSafeRefCounted.h>
-#include <wtf/TypeCasts.h>
+#include "MessageReceiver.h"
 
-namespace WebCore {
+namespace WebKit {
 
-class AuthenticatorResponse : public ThreadSafeRefCounted<AuthenticatorResponse> {
+class WebPageProxy;
+
+class WebCredentialsMessengerProxy : private IPC::MessageReceiver {
 public:
-    enum class Type {
-        Assertion,
-        Attestation
-    };
-
-    explicit AuthenticatorResponse(RefPtr<ArrayBuffer>&&);
-    virtual ~AuthenticatorResponse() = default;
-
-    virtual Type type() const = 0;
-
-    ArrayBuffer* clientDataJSON() const;
+    explicit WebCredentialsMessengerProxy(WebPageProxy&);
+    ~WebCredentialsMessengerProxy();
 
 private:
-    RefPtr<ArrayBuffer> m_clientDataJSON;
+    // IPC::MessageReceiver.
+    void didReceiveMessage(IPC::Connection&, IPC::Decoder&) override;
+
+    // Receivers.
+    void makeCredential(uint64_t messageId);
+    void getAssertion(uint64_t messageId);
+
+    WebPageProxy& m_webPageProxy;
 };
 
-} // namespace WebCore
-
-#define SPECIALIZE_TYPE_TRAITS_AUTHENTICATOR_RESPONSE(ToClassName, Type) \
-SPECIALIZE_TYPE_TRAITS_BEGIN(WebCore::ToClassName) \
-    static bool isType(const WebCore::AuthenticatorResponse& response) { return response.type() == WebCore::Type; } \
-SPECIALIZE_TYPE_TRAITS_END()
+} // namespace WebKit
 
 #endif // ENABLE(WEB_AUTHN)

trunk/Source/WebKit/UIProcess/WebPageProxy.cpp

@@ -196 +196 @@
 #endif
 
+#if ENABLE(WEB_AUTHN)
+#include "WebCredentialsMessengerProxy.h"
+#endif
+
 // This controls what strategy we use for mouse wheel coalescing.
 #define MERGE_WHEEL_EVENTS 1
@@ -409 +413 @@
 #endif
 
+#if ENABLE(WEB_AUTHN)
+    m_credentialsMessenger = std::make_unique<WebCredentialsMessengerProxy>(*this);
+#endif
+
     m_process->addMessageReceiver(Messages::WebPageProxy::messageReceiverName(), m_pageID, *this);
 
@@ -660 +668 @@
 #if ENABLE(APPLE_PAY)
     m_paymentCoordinator = std::make_unique<WebPaymentCoordinatorProxy>(*this);
+#endif
+
+#if ENABLE(WEB_AUTHN)
+    m_credentialsMessenger = std::make_unique<WebCredentialsMessengerProxy>(*this);
 #endif
 

trunk/Source/WebKit/UIProcess/WebPageProxy.h

@@ -218 +218 @@
 class WebNavigationState;
 class VideoFullscreenManagerProxy;
+class WebCredentialsMessengerProxy;
 class WebKeyboardEvent;
 class WebURLSchemeHandler;
@@ -1787 +1788 @@
 #endif
 
+#if ENABLE(WEB_AUTHN)
+    std::unique_ptr<WebCredentialsMessengerProxy> m_credentialsMessenger;
+#endif
+
     CallbackMap m_callbacks;
     HashSet<CallbackID> m_loadDependentStringCallbackIDs;

trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj

@@ -1210 +1210 @@
                 53BA47D11DC2EF5E004DF4AD /* NetworkDataTaskBlob.h in Headers */ = {isa = PBXBuildFile; fileRef = 539EB5471DC2EE40009D48CF /* NetworkDataTaskBlob.h */; };
                 53DEA3661DDE423100E82648 /* json.hpp in Headers */ = {isa = PBXBuildFile; fileRef = 53DEA3651DDE422E00E82648 /* json.hpp */; };
+                5760828E2029895E00116678 /* WebCredentialsMessenger.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5760828C2029854200116678 /* WebCredentialsMessenger.cpp */; };
+                57608298202BD8BA00116678 /* WebCredentialsMessengerProxy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 57608296202BD8BA00116678 /* WebCredentialsMessengerProxy.cpp */; };
+                5760829C202D2C3C00116678 /* WebCredentialsMessengerMessageReceiver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5760829020298FBD00116678 /* WebCredentialsMessengerMessageReceiver.cpp */; };
+                5760829D202D2C4000116678 /* WebCredentialsMessengerMessages.h in Headers */ = {isa = PBXBuildFile; fileRef = 5760828F20298FBD00116678 /* WebCredentialsMessengerMessages.h */; };
+                5760829E202D2C4300116678 /* WebCredentialsMessengerProxyMessageReceiver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5760829A202BEE5A00116678 /* WebCredentialsMessengerProxyMessageReceiver.cpp */; };
+                5760829F202D2C4600116678 /* WebCredentialsMessengerProxyMessages.h in Headers */ = {isa = PBXBuildFile; fileRef = 5760829B202BEE5A00116678 /* WebCredentialsMessengerProxyMessages.h */; };
                 5C0B17781E7C880E00E9123C /* NetworkSocketStreamMessageReceiver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5C0B17741E7C879C00E9123C /* NetworkSocketStreamMessageReceiver.cpp */; };
                 5C0B17791E7C882100E9123C /* WebSocketStreamMessageReceiver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5C0B17761E7C879C00E9123C /* WebSocketStreamMessageReceiver.cpp */; };
@@ -3631 +3637 @@
                 539EB5471DC2EE40009D48CF /* NetworkDataTaskBlob.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = NetworkDataTaskBlob.h; path = NetworkProcess/NetworkDataTaskBlob.h; sourceTree = "<group>"; };
                 53DEA3651DDE422E00E82648 /* json.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; name = json.hpp; path = NetworkProcess/capture/json.hpp; sourceTree = "<group>"; };
+                5760828B2029854200116678 /* WebCredentialsMessenger.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WebCredentialsMessenger.h; sourceTree = "<group>"; };
+                5760828C2029854200116678 /* WebCredentialsMessenger.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WebCredentialsMessenger.cpp; sourceTree = "<group>"; };
+                5760828D202987E600116678 /* WebCredentialsMessenger.messages.in */ = {isa = PBXFileReference; lastKnownFileType = text; path = WebCredentialsMessenger.messages.in; sourceTree = "<group>"; };
+                5760828F20298FBD00116678 /* WebCredentialsMessengerMessages.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WebCredentialsMessengerMessages.h; sourceTree = "<group>"; };
+                5760829020298FBD00116678 /* WebCredentialsMessengerMessageReceiver.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WebCredentialsMessengerMessageReceiver.cpp; sourceTree = "<group>"; };
+                57608295202BD8BA00116678 /* WebCredentialsMessengerProxy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WebCredentialsMessengerProxy.h; sourceTree = "<group>"; };
+                57608296202BD8BA00116678 /* WebCredentialsMessengerProxy.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WebCredentialsMessengerProxy.cpp; sourceTree = "<group>"; };
+                57608299202BDAE200116678 /* WebCredentialsMessengerProxy.messages.in */ = {isa = PBXFileReference; lastKnownFileType = text; path = WebCredentialsMessengerProxy.messages.in; sourceTree = "<group>"; };
+                5760829A202BEE5A00116678 /* WebCredentialsMessengerProxyMessageReceiver.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WebCredentialsMessengerProxyMessageReceiver.cpp; sourceTree = "<group>"; };
+                5760829B202BEE5A00116678 /* WebCredentialsMessengerProxyMessages.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WebCredentialsMessengerProxyMessages.h; sourceTree = "<group>"; };
                 5C0B17741E7C879C00E9123C /* NetworkSocketStreamMessageReceiver.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NetworkSocketStreamMessageReceiver.cpp; sourceTree = "<group>"; };
                 5C0B17751E7C879C00E9123C /* NetworkSocketStreamMessages.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NetworkSocketStreamMessages.h; sourceTree = "<group>"; };
@@ -6683 +6699 @@
                         sourceTree = "<group>";
                 };
+                5760828A202984C900116678 /* CredentialManagement */ = {
+                        isa = PBXGroup;
+                        children = (
+                                5760828C2029854200116678 /* WebCredentialsMessenger.cpp */,
+                                5760828B2029854200116678 /* WebCredentialsMessenger.h */,
+                                5760828D202987E600116678 /* WebCredentialsMessenger.messages.in */,
+                        );
+                        path = CredentialManagement;
+                        sourceTree = "<group>";
+                };
+                57608294202BD84900116678 /* CredentialManagement */ = {
+                        isa = PBXGroup;
+                        children = (
+                                57608296202BD8BA00116678 /* WebCredentialsMessengerProxy.cpp */,
+                                57608295202BD8BA00116678 /* WebCredentialsMessengerProxy.h */,
+                                57608299202BDAE200116678 /* WebCredentialsMessengerProxy.messages.in */,
+                        );
+                        path = CredentialManagement;
+                        sourceTree = "<group>";
+                };
                 5C1426F11C23F81700D41183 /* Downloads */ = {
                         isa = PBXGroup;
@@ -6942 +6978 @@
                                 7C6E70F818B2D47E00F24E2E /* cocoa */,
                                 3309344B1315B93A0097A7BC /* Cookies */,
+                                5760828A202984C900116678 /* CredentialManagement */,
                                 512A9754180DF9270039A149 /* Databases */,
                                 BCACC43B16B24C5D00B6E092 /* EntryPoint */,
@@ -7099 +7136 @@
                                 9955A6E81C79809000EB6A93 /* Automation */,
                                 1ABC3DF21899E415004F0626 /* Cocoa */,
+                                57608294202BD84900116678 /* CredentialManagement */,
                                 1AB7D4C71288AA9A00CFD08C /* Downloads */,
                                 515BE17B1D54EF5A00DD7C68 /* Gamepad */,
@@ -8246 +8284 @@
                                 330934451315B9220097A7BC /* WebCookieManagerProxyMessageReceiver.cpp */,
                                 330934461315B9220097A7BC /* WebCookieManagerProxyMessages.h */,
+                                5760829020298FBD00116678 /* WebCredentialsMessengerMessageReceiver.cpp */,
+                                5760828F20298FBD00116678 /* WebCredentialsMessengerMessages.h */,
+                                5760829A202BEE5A00116678 /* WebCredentialsMessengerProxyMessageReceiver.cpp */,
+                                5760829B202BEE5A00116678 /* WebCredentialsMessengerProxyMessages.h */,
                                 CD73BA48131ACD8E00EEDED2 /* WebFullScreenManagerMessageReceiver.cpp */,
                                 CD73BA49131ACD8E00EEDED2 /* WebFullScreenManagerMessages.h */,
@@ -9116 +9158 @@
                                 BC1DD7B2114DC396005ADAF3 /* WebCoreArgumentCoders.h in Headers */,
                                 512F589B12A8838800629530 /* WebCredential.h in Headers */,
+                                5760829D202D2C4000116678 /* WebCredentialsMessengerMessages.h in Headers */,
+                                5760829F202D2C4600116678 /* WebCredentialsMessengerProxyMessages.h in Headers */,
                                 1AA83F6D1A5B63FF00026EC6 /* WebDatabaseProvider.h in Headers */,
                                 CD19A26E1A13E834008D650E /* WebDiagnosticLoggingClient.h in Headers */,
@@ -10802 +10846 @@
                                 BCE23263122C6CF300D5C35A /* WebCoreArgumentCodersMac.mm in Sources */,
                                 512F589A12A8838800629530 /* WebCredential.cpp in Sources */,
+                                5760828E2029895E00116678 /* WebCredentialsMessenger.cpp in Sources */,
+                                5760829C202D2C3C00116678 /* WebCredentialsMessengerMessageReceiver.cpp in Sources */,
+                                57608298202BD8BA00116678 /* WebCredentialsMessengerProxy.cpp in Sources */,
+                                5760829E202D2C4300116678 /* WebCredentialsMessengerProxyMessageReceiver.cpp in Sources */,
                                 1AA83F6C1A5B63FF00026EC6 /* WebDatabaseProvider.cpp in Sources */,
                                 CD19A26D1A13E82A008D650E /* WebDiagnosticLoggingClient.cpp in Sources */,

trunk/Source/WebKit/WebProcess/CredentialManagement/WebCredentialsMessenger.cpp

@@ -24 +24 @@
  */
 
-#pragma once
+#include "config.h"
+#include "WebCredentialsMessenger.h"
 
 #if ENABLE(WEB_AUTHN)
 
-#include <JavaScriptCore/ArrayBuffer.h>
-#include <wtf/ThreadSafeRefCounted.h>
-#include <wtf/TypeCasts.h>
+#include "WebCredentialsMessengerMessages.h"
+#include "WebCredentialsMessengerProxyMessages.h"
+#include "WebPage.h"
+#include "WebProcess.h"
 
-namespace WebCore {
+namespace WebKit {
 
-class AuthenticatorResponse : public ThreadSafeRefCounted<AuthenticatorResponse> {
-public:
-    enum class Type {
-        Assertion,
-        Attestation
-    };
+WebCredentialsMessenger::WebCredentialsMessenger(WebPage& webPage)
+    : m_webPage(webPage)
+{
+    WebProcess::singleton().addMessageReceiver(Messages::WebCredentialsMessenger::messageReceiverName(), m_webPage.pageID(), *this);
+}
 
-    explicit AuthenticatorResponse(RefPtr<ArrayBuffer>&&);
-    virtual ~AuthenticatorResponse() = default;
+WebCredentialsMessenger::~WebCredentialsMessenger()
+{
+    WebProcess::singleton().removeMessageReceiver(*this);
+}
 
-    virtual Type type() const = 0;
+void WebCredentialsMessenger::makeCredential(const Vector<uint8_t>&, const WebCore::PublicKeyCredentialCreationOptions&, WebCore::CreationCompletionHandler&&)
+{
+}
 
-    ArrayBuffer* clientDataJSON() const;
+void WebCredentialsMessenger::getAssertion(const Vector<uint8_t>&, const WebCore::PublicKeyCredentialRequestOptions&, WebCore::RequestCompletionHandler&&)
+{
+}
 
-private:
-    RefPtr<ArrayBuffer> m_clientDataJSON;
-};
+void WebCredentialsMessenger::makeCredentialReply(uint64_t messageId, const Vector<uint8_t>&)
+{
+}
 
-} // namespace WebCore
+void WebCredentialsMessenger::getAssertionReply(uint64_t messageId, const Vector<uint8_t>& credentialId, const Vector<uint8_t>& authenticatorData, const Vector<uint8_t>& signature, const Vector<uint8_t>& userHandle)
+{
+}
 
-#define SPECIALIZE_TYPE_TRAITS_AUTHENTICATOR_RESPONSE(ToClassName, Type) \
-SPECIALIZE_TYPE_TRAITS_BEGIN(WebCore::ToClassName) \
-    static bool isType(const WebCore::AuthenticatorResponse& response) { return response.type() == WebCore::Type; } \
-SPECIALIZE_TYPE_TRAITS_END()
+} // namespace WebKit
 
 #endif // ENABLE(WEB_AUTHN)

trunk/Source/WebKit/WebProcess/CredentialManagement/WebCredentialsMessenger.h

@@ -28 +28 @@
 #if ENABLE(WEB_AUTHN)
 
-#include <JavaScriptCore/ArrayBuffer.h>
-#include <wtf/ThreadSafeRefCounted.h>
-#include <wtf/TypeCasts.h>
+#include "MessageReceiver.h"
+#include <WebCore/CredentialsMessenger.h>
 
-namespace WebCore {
+namespace WebKit {
 
-class AuthenticatorResponse : public ThreadSafeRefCounted<AuthenticatorResponse> {
+class WebPage;
+
+class WebCredentialsMessenger final : public WebCore::CredentialsMessenger, private IPC::MessageReceiver {
 public:
-    enum class Type {
-        Assertion,
-        Attestation
-    };
-
-    explicit AuthenticatorResponse(RefPtr<ArrayBuffer>&&);
-    virtual ~AuthenticatorResponse() = default;
-
-    virtual Type type() const = 0;
-
-    ArrayBuffer* clientDataJSON() const;
+    explicit WebCredentialsMessenger(WebPage&);
+    ~WebCredentialsMessenger();
 
 private:
-    RefPtr<ArrayBuffer> m_clientDataJSON;
+    // WebCore::CredentialsMessenger
+    // sender
+    void makeCredential(const Vector<uint8_t>&, const WebCore::PublicKeyCredentialCreationOptions&, WebCore::CreationCompletionHandler&&) final;
+    void getAssertion(const Vector<uint8_t>& hash, const WebCore::PublicKeyCredentialRequestOptions&, WebCore::RequestCompletionHandler&&) final;
+
+    // receiver
+    void makeCredentialReply(uint64_t messageId, const Vector<uint8_t>&) final;
+    void getAssertionReply(uint64_t messageId, const Vector<uint8_t>& credentialId, const Vector<uint8_t>& authenticatorData, const Vector<uint8_t>& signature, const Vector<uint8_t>& userHandle) final;
+
+    // IPC::MessageReceiver.
+    void didReceiveMessage(IPC::Connection&, IPC::Decoder&) override;
+
+    WebPage& m_webPage;
 };
 
-} // namespace WebCore
-
-#define SPECIALIZE_TYPE_TRAITS_AUTHENTICATOR_RESPONSE(ToClassName, Type) \
-SPECIALIZE_TYPE_TRAITS_BEGIN(WebCore::ToClassName) \
-    static bool isType(const WebCore::AuthenticatorResponse& response) { return response.type() == WebCore::Type; } \
-SPECIALIZE_TYPE_TRAITS_END()
+} // namespace WebKit
 
 #endif // ENABLE(WEB_AUTHN)

trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp

@@ -261 +261 @@
 #endif
 
+#if ENABLE(WEB_AUTHN)
+#include "WebCredentialsMessenger.h"
+#include <WebCore/AuthenticatorManager.h>
+#endif
+
 using namespace JSC;
 using namespace WebCore;
@@ -371 +376 @@
     , m_overrideContentSecurityPolicy { parameters.overrideContentSecurityPolicy }
     , m_cpuLimit(parameters.cpuLimit)
+#if ENABLE(WEB_AUTHN)
+    , m_credentialsMessenger(std::make_unique<WebCredentialsMessenger>(*this))
+#endif
 {
     ASSERT(m_pageID);
@@ -579 +587 @@
         enableEnumeratingAllNetworkInterfaces();
 #endif
+#endif
+
+#if ENABLE(WEB_AUTHN)
+    WebCore::AuthenticatorManager::singleton().setMessenger(*m_credentialsMessenger);
 #endif
 

trunk/Source/WebKit/WebProcess/WebPage/WebPage.h

@@ -212 +212 @@
 class WebWheelEvent;
 class WebTouchEvent;
+class WebCredentialsMessenger;
 class RemoteLayerTreeTransaction;
 
@@ -1687 +1688 @@
     HashMap<uint64_t, uint64_t> m_applicationManifestFetchCallbackMap;
 #endif
+
+#if ENABLE(WEB_AUTHN)
+    std::unique_ptr<WebCredentialsMessenger> m_credentialsMessenger;
+#endif
+
 };