Changeset 236842 in webkit

Timestamp:

Oct 4, 2018 12:32:14 PM (6 years ago)

Author:

jiewen_tan@apple.com

Message:

[WebAuthN] Move time out control from WebProcess to UIProcess
​https://bugs.webkit.org/show_bug.cgi?id=189642
<rdar://problem/44476765>

Reviewed by Chris Dumez.

Source/WebCore:

Since now the control unit of WebAuthN has been moved to UI Process, i.e. AuthenticatorManager,
the time out timer should move to UI Process as well.

Tests: http/wpt/webauthn/public-key-credential-create-failure-local-silent.https.html

http/wpt/webauthn/public-key-credential-get-failure-local-silent.https.html

• Modules/webauthn/AuthenticatorCoordinator.cpp:

(WebCore::AuthenticatorCoordinator::create const):
(WebCore::AuthenticatorCoordinator::discoverFromExternalSource const):
(WebCore::AuthenticatorCoordinatorInternal::initTimeoutTimer): Deleted.
(WebCore::AuthenticatorCoordinatorInternal::didTimeoutTimerFire): Deleted.

• Modules/webauthn/PublicKeyCredentialCreationOptions.h:

(WebCore::PublicKeyCredentialCreationOptions::encode const):
(WebCore::PublicKeyCredentialCreationOptions::decode):

• Modules/webauthn/PublicKeyCredentialRequestOptions.h:

(WebCore::PublicKeyCredentialRequestOptions::encode const):
(WebCore::PublicKeyCredentialRequestOptions::decode):

Source/WebKit:

Besides adding a time out timer in the AuthenticatorManager, this patch also adds a new
option in MockWebAuthenticationConfiguration to turn on silent failure which is the
default policy of treating authenticators' error as suggested by spec.

• UIProcess/API/C/WKWebsiteDataStoreRef.cpp:

(WKWebsiteDataStoreSetWebAuthenticationMockConfiguration):

• UIProcess/WebAuthentication/AuthenticatorManager.cpp:

(WebKit::AuthenticatorManagerInternal::collectTransports):
(WebKit::AuthenticatorManager::makeCredential):
(WebKit::AuthenticatorManager::getAssertion):
(WebKit::AuthenticatorManager::respondReceived):
(WebKit::AuthenticatorManager::initTimeOutTimer):

• UIProcess/WebAuthentication/AuthenticatorManager.h:

(WebKit::AuthenticatorManager::requestTimeOutTimer):

• UIProcess/WebAuthentication/Mock/MockAuthenticatorManager.cpp:

(WebKit::MockAuthenticatorManager::respondReceivedInternal):

• UIProcess/WebAuthentication/Mock/MockWebAuthenticationConfiguration.h:

Tools:

• WebKitTestRunner/InjectedBundle/TestRunner.cpp:

(WTR::TestRunner::setWebAuthenticationMockConfiguration):

LayoutTests:

This patch also fixes some flaky behaviours regarding to the dirty ASN.1 decoder.

• http/wpt/webauthn/public-key-credential-create-failure-local-silent.https-expected.txt: Added.
• http/wpt/webauthn/public-key-credential-create-failure-local-silent.https.html: Copied from LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local.https.html.
• http/wpt/webauthn/public-key-credential-create-failure-local.https-expected.txt:
• http/wpt/webauthn/public-key-credential-create-failure-local.https.html:
• http/wpt/webauthn/public-key-credential-create-failure.https-expected.txt:
• http/wpt/webauthn/public-key-credential-create-failure.https.html:
• http/wpt/webauthn/public-key-credential-get-failure-local-silent.https-expected.txt: Added.
• http/wpt/webauthn/public-key-credential-get-failure-local-silent.https.html: Copied from LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-local.https.html.
• http/wpt/webauthn/public-key-credential-get-failure-local.https-expected.txt:
• http/wpt/webauthn/public-key-credential-get-failure-local.https.html:
• http/wpt/webauthn/public-key-credential-get-failure.https-expected.txt:
• http/wpt/webauthn/public-key-credential-get-failure.https.html:
• http/wpt/webauthn/resources/util.js:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local-silent.https-expected.txt (added)
• LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local-silent.https.html (copied) (copied from trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local.https.html) (8 diffs)
• LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local.https-expected.txt (modified) (1 diff)
• LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local.https.html (modified) (1 diff)
• LayoutTests/http/wpt/webauthn/public-key-credential-create-failure.https-expected.txt (modified) (1 diff)
• LayoutTests/http/wpt/webauthn/public-key-credential-create-failure.https.html (modified) (1 diff)
• LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-local-silent.https-expected.txt (added)
• LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-local-silent.https.html (copied) (copied from trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-local.https.html) (5 diffs)
• LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-local.https-expected.txt (modified) (1 diff)
• LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-local.https.html (modified) (1 diff)
• LayoutTests/http/wpt/webauthn/public-key-credential-get-failure.https-expected.txt (modified) (1 diff)
• LayoutTests/http/wpt/webauthn/public-key-credential-get-failure.https.html (modified) (1 diff)
• LayoutTests/http/wpt/webauthn/resources/util.js (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp (modified) (8 diffs)
• Source/WebCore/Modules/webauthn/PublicKeyCredentialCreationOptions.h (modified) (4 diffs)
• Source/WebCore/Modules/webauthn/PublicKeyCredentialRequestOptions.h (modified) (3 diffs)
• Source/WebCore/WebCore.xcodeproj/project.pbxproj (modified) (2 diffs)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/UIProcess/API/C/WKWebsiteDataStoreRef.cpp (modified) (1 diff)
• Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp (modified) (6 diffs)
• Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.h (modified) (3 diffs)
• Source/WebKit/UIProcess/WebAuthentication/Mock/MockAuthenticatorManager.cpp (modified) (1 diff)
• Source/WebKit/UIProcess/WebAuthentication/Mock/MockWebAuthenticationConfiguration.h (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2018-10-04  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebAuthN] Move time out control from WebProcess to UIProcess
+        https://bugs.webkit.org/show_bug.cgi?id=189642
+        <rdar://problem/44476765>
+
+        Reviewed by Chris Dumez.
+
+        This patch also fixes some flaky behaviours regarding to the dirty ASN.1 decoder.
+
+        * http/wpt/webauthn/public-key-credential-create-failure-local-silent.https-expected.txt: Added.
+        * http/wpt/webauthn/public-key-credential-create-failure-local-silent.https.html: Copied from LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local.https.html.
+        * http/wpt/webauthn/public-key-credential-create-failure-local.https-expected.txt:
+        * http/wpt/webauthn/public-key-credential-create-failure-local.https.html:
+        * http/wpt/webauthn/public-key-credential-create-failure.https-expected.txt:
+        * http/wpt/webauthn/public-key-credential-create-failure.https.html:
+        * http/wpt/webauthn/public-key-credential-get-failure-local-silent.https-expected.txt: Added.
+        * http/wpt/webauthn/public-key-credential-get-failure-local-silent.https.html: Copied from LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-local.https.html.
+        * http/wpt/webauthn/public-key-credential-get-failure-local.https-expected.txt:
+        * http/wpt/webauthn/public-key-credential-get-failure-local.https.html:
+        * http/wpt/webauthn/public-key-credential-get-failure.https-expected.txt:
+        * http/wpt/webauthn/public-key-credential-get-failure.https.html:
+        * http/wpt/webauthn/resources/util.js:
+
 2018-10-04  Chris Dumez  <cdumez@apple.com>
 

trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local-silent.https.html

@@ -1 +1 @@
 <!DOCTYPE html>
-<title>Web Authentication API: PublicKeyCredential's [[create]] failure cases with a mock local authenticator.</title>
+<title>Web Authentication API: PublicKeyCredential's [[create]] silent failure cases with a mock local authenticator.</title>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
@@ -7 +7 @@
     // Default mock configuration. Tests need to override if they need different configuration.
     if (window.testRunner)
-        testRunner.setWebAuthenticationMockConfiguration({ local: { acceptAuthentication: false, acceptAttestation: false } });
+        testRunner.setWebAuthenticationMockConfiguration({ silentFailure: true, local: { acceptAuthentication: false, acceptAttestation: false } });
 
     promise_test(t => {
@@ -22 +22 @@
                 challenge: asciiToUint8Array("123456"),
                 pubKeyCredParams: [{ type: "public-key", alg: -35 }, { type: "public-key", alg: -257 }], // ES384, RS256
+                timeout: 10
             }
         };
-        return promiseRejects(t, "NotSupportedError", navigator.credentials.create(options), "The platform attached authenticator doesn't support any provided PublicKeyCredentialParameters.");
-    }, "PublicKeyCredential's [[create]] with unsupported public key credential parameters in a mock local authenticator.");
+        return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Operation timed out.");
+    }, "PublicKeyCredential's [[create]] with silent failure in a mock local authenticator.");
 
     promise_test(t => {
@@ -40 +41 @@
                 challenge: asciiToUint8Array("123456"),
                 pubKeyCredParams: [{ type: "public-key", alg: -7 }],
-                excludeCredentials: [{ type: "public-key", id: Base64URL.parse(testCredentialIdBase64) }]
+                excludeCredentials: [{ type: "public-key", id: Base64URL.parse(testCredentialIdBase64) }],
+                timeout: 10
             }
         };
         if (window.testRunner)
             testRunner.addTestKeyToKeychain(testES256PrivateKeyBase64, testRpId, testUserhandleBase64);
-        return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the platform attached authenticator.").then(() => {
+        return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Operation timed out.").then(() => {
             if (window.testRunner)
                 testRunner.cleanUpKeychain(testRpId);
         });
-    }, "PublicKeyCredential's [[create]] with matched exclude credentials in a mock local authenticator.");
+    }, "PublicKeyCredential's [[create]] with silent failure in a mock local authenticator. 2");
 
     promise_test(t => {
@@ -69 +71 @@
                     { type: "public-key", id: Base64URL.parse(testCredentialIdBase64), transports: ["ble"] },
                     { type: "public-key", id: Base64URL.parse(testCredentialIdBase64), transports: ["internal"] }
-                ]
+                ],
+                timeout: 10
             }
         };
         if (window.testRunner)
             testRunner.addTestKeyToKeychain(testES256PrivateKeyBase64, testRpId, testUserhandleBase64);
-        return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the platform attached authenticator.").then(() => {
+        return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Operation timed out.").then(() => {
             if (window.testRunner)
                 testRunner.cleanUpKeychain(testRpId);
         });
-    }, "PublicKeyCredential's [[create]] with matched exclude credentials in a mock local authenticator. 2nd");
+    }, "PublicKeyCredential's [[create]] with silent failure in a mock local authenticator. 3");
 
     promise_test(t => {
@@ -92 +95 @@
                 },
                 challenge: asciiToUint8Array("123456"),
-                pubKeyCredParams: [{ type: "public-key", alg: -7 }]
+                pubKeyCredParams: [{ type: "public-key", alg: -7 }],
+                timeout: 10
             }
         };
-        return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Couldn't get user consent.");
-    }, "PublicKeyCredential's [[create]] without user consent in a mock local authenticator.");
+        return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Operation timed out.");
+    }, "PublicKeyCredential's [[create]] with silent failure in a mock local authenticator. 4");
 
     promise_test(t => {
@@ -110 +114 @@
                 },
                 challenge: asciiToUint8Array("123456"),
-                pubKeyCredParams: [{ type: "public-key", alg: -7 }]
+                pubKeyCredParams: [{ type: "public-key", alg: -7 }],
+                timeout: 10
             }
         };
         if (window.testRunner)
-            testRunner.setWebAuthenticationMockConfiguration({ local: { acceptAuthentication: true, acceptAttestation: false } });
-        return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Unknown internal error.");
-    }, "PublicKeyCredential's [[create]] without attestation in a mock local authenticator.");
+            testRunner.setWebAuthenticationMockConfiguration({ silentFailure: true, local: { acceptAuthentication: true, acceptAttestation: false } });
+        return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Operation timed out.");
+    }, "PublicKeyCredential's [[create]] with silent failure in a mock local authenticator. 5");
 
     promise_test(t => {
@@ -130 +135 @@
                 },
                 challenge: asciiToUint8Array("123456"),
-                pubKeyCredParams: [{ type: "public-key", alg: -7 }]
+                pubKeyCredParams: [{ type: "public-key", alg: -7 }],
+                timeout: 10
             }
         };
         if (window.testRunner) {
-            testRunner.setWebAuthenticationMockConfiguration({ local: { acceptAuthentication: true, acceptAttestation: false } });
+            testRunner.setWebAuthenticationMockConfiguration({ silentFailure: true, local: { acceptAuthentication: true, acceptAttestation: false } });
             testRunner.addTestKeyToKeychain(testES256PrivateKeyBase64, testRpId, testUserhandleBase64);
         }
-        return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Unknown internal error.").then(() => {
+        return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Operation timed out.").then(() => {
             if (window.testRunner)
                 assert_false(testRunner.keyExistsInKeychain(testRpId, testUserhandleBase64));
         });
-    }, "PublicKeyCredential's [[create]] deleting old credential in a mock local authenticator.");
+    }, "PublicKeyCredential's [[create]] with silent failure in a mock local authenticator. 6");
 </script>

trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local.https-expected.txt

@@ -6 +6 @@
 PASS PublicKeyCredential's [[create]] without attestation in a mock local authenticator. 
 PASS PublicKeyCredential's [[create]] deleting old credential in a mock local authenticator. 
+PASS PublicKeyCredential's [[create]] with timeout in a mock local authenticator. 
 

trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local.https.html

@@ -142 +142 @@
         });
     }, "PublicKeyCredential's [[create]] deleting old credential in a mock local authenticator.");
+
+    promise_test(function(t) {
+        const options = {
+            publicKey: {
+                rp: {
+                    name: "example.com"
+                },
+                user: {
+                    name: "John Appleseed",
+                    id: asciiToUint8Array("123456"),
+                    displayName: "John",
+                },
+                challenge: asciiToUint8Array("123456"),
+                pubKeyCredParams: [{ type: "public-key", alg: -7 }],
+                timeout: 10,
+                authenticatorSelection: { authenticatorAttachment: "cross-platform" }
+            }
+        };
+
+        if (window.testRunner)
+            testRunner.setWebAuthenticationMockConfiguration({ local: { acceptAuthentication: false, acceptAttestation: false } });
+        return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Operation timed out.");
+    }, "PublicKeyCredential's [[create]] with timeout in a mock local authenticator.");
 </script>

trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure.https-expected.txt

@@ -1 +1 @@
 
+PASS PublicKeyCredential's [[create]] with timeout 
 PASS PublicKeyCredential's [[create]] with a mismatched RP ID 
 PASS PublicKeyCredential's [[create]] with an empty pubKeyCredParams 

trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure.https.html

@@ -9 +9 @@
         testRunner.setWebAuthenticationMockConfiguration({ });
 
-    // FIXME(189642): Re-enable the following test.
-    // promise_test(function(t) {
-    //     const options = {
-    //         publicKey: {
-    //             rp: {
-    //                 name: "example.com"
-    //             },
-    //             user: {
-    //                 name: "John Appleseed",
-    //                 id: asciiToUint8Array("123456"),
-    //                 displayName: "John",
-    //             },
-    //             challenge: asciiToUint8Array("123456"),
-    //             pubKeyCredParams: [{ type: "public-key", alg: -7 }],
-    //             timeout: 0,
-    //         }
-    //     };
-    //
-    //     return promiseRejects(t, "NotAllowedError",
-    //         navigator.credentials.create(options), "Operation timed out.");
-    // }, "PublicKeyCredential's [[create]] with timeout");
+    promise_test(function(t) {
+        const options = {
+            publicKey: {
+                rp: {
+                    name: "example.com"
+                },
+                user: {
+                    name: "John Appleseed",
+                    id: asciiToUint8Array("123456"),
+                    displayName: "John",
+                },
+                challenge: asciiToUint8Array("123456"),
+                pubKeyCredParams: [{ type: "public-key", alg: -7 }],
+                timeout: 10,
+            }
+        };
+
+        return promiseRejects(t, "NotAllowedError",
+            navigator.credentials.create(options), "Operation timed out.");
+    }, "PublicKeyCredential's [[create]] with timeout");
 
     promise_test(function(t) {

trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-local-silent.https.html

@@ -7 +7 @@
     // Default mock configuration. Tests need to override if they need different configuration.
     if (window.testRunner)
-        testRunner.setWebAuthenticationMockConfiguration({ local: { acceptAuthentication: false, acceptAttestation: false } });
+        testRunner.setWebAuthenticationMockConfiguration({ silentFailure: true, local: { acceptAuthentication: false, acceptAttestation: false } });
 
     promise_test(t => {
@@ -18 +18 @@
                     { type: "public-key", id: Base64URL.parse(testCredentialIdBase64), transports: ["ble"] },
                     { type: "public-key", id: Base64URL.parse(testCredentialIdBase64), transports: ["internal"] }
-                ]
+                ],
+                timeout: 10
             }
         };
 
-        return promiseRejects(t, "NotAllowedError", navigator.credentials.get(options), "No matched credentials are found in the platform attached authenticator.");
-    }, "PublicKeyCredential's [[get]] with no matched credentials in a mock local authenticator.");
+        return promiseRejects(t, "NotAllowedError", navigator.credentials.get(options), "Operation timed out.");
+    }, "PublicKeyCredential's [[get]] with silent failure in a mock local authenticator.");
 
     promise_test(t => {
@@ -31 +32 @@
                 allowCredentials: [
                     { type: "public-key", id: Base64URL.parse(testUserhandleBase64) }
-                ]
+                ],
+                timeout: 10
             }
         };
@@ -37 +39 @@
         if (window.testRunner)
             testRunner.addTestKeyToKeychain(testES256PrivateKeyBase64, testRpId, testUserhandleBase64);
-        return promiseRejects(t, "NotAllowedError", navigator.credentials.get(options), "No matched credentials are found in the platform attached authenticator.").then(() => {
+        return promiseRejects(t, "NotAllowedError", navigator.credentials.get(options), "Operation timed out.").then(() => {
                 if (window.testRunner)
                     testRunner.cleanUpKeychain(testRpId);
             });
-    }, "PublicKeyCredential's [[get]] with no matched credentials in a mock local authenticator. 2nd");
+    }, "PublicKeyCredential's [[get]] with silent failure in a mock local authenticator. 2");
 
     promise_test(t => {
         const options = {
             publicKey: {
-                challenge: asciiToUint8Array("123456")
+                challenge: asciiToUint8Array("123456"),
+                timeout: 10
             }
         };
@@ -52 +55 @@
         if (window.testRunner)
             testRunner.addTestKeyToKeychain(testES256PrivateKeyBase64, testRpId, testUserhandleBase64);
-        return promiseRejects(t, "NotAllowedError", navigator.credentials.get(options), "Couldn't get user consent.").then(() => {
+        return promiseRejects(t, "NotAllowedError", navigator.credentials.get(options), "Operation timed out.").then(() => {
             if (window.testRunner)
                 testRunner.cleanUpKeychain(testRpId);
         });
-    }, "PublicKeyCredential's [[get]] without user consent in a mock local authenticator.");
+    }, "PublicKeyCredential's [[get]] with silent failure in a mock local authenticator. 3");
 </script>

trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-local.https-expected.txt

@@ -3 +3 @@
 PASS PublicKeyCredential's [[get]] with no matched credentials in a mock local authenticator. 2nd 
 PASS PublicKeyCredential's [[get]] without user consent in a mock local authenticator. 
+PASS PublicKeyCredential's [[get]] with timeout in a mock local authenticator. 
 

trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-local.https.html

@@ -57 +57 @@
         });
     }, "PublicKeyCredential's [[get]] without user consent in a mock local authenticator.");
+
+    promise_test(t => {
+        const options = {
+            publicKey: {
+                challenge: asciiToUint8Array("123456"),
+                allowCredentials: [
+                    { type: "public-key", id: Base64URL.parse(testCredentialIdBase64), transports: ["usb"] },
+                    { type: "public-key", id: Base64URL.parse(testCredentialIdBase64), transports: ["nfc"] },
+                    { type: "public-key", id: Base64URL.parse(testCredentialIdBase64), transports: ["ble"] }
+                ],
+                timeout: 10
+            }
+        };
+
+        return promiseRejects(t, "NotAllowedError", navigator.credentials.get(options), "Operation timed out.");
+    }, "PublicKeyCredential's [[get]] with timeout in a mock local authenticator.");
 </script>

trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure.https-expected.txt

@@ -1 +1 @@
 
+PASS PublicKeyCredential's [[get]] with timeout 
 PASS PublicKeyCredential's [[get]] with a mismatched RP ID 
 

trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure.https.html

@@ -9 +9 @@
         testRunner.setWebAuthenticationMockConfiguration({ });
 
-    // FIXME(189642): Re-enable the following test.
-    // promise_test(function(t) {
-    //     const options = {
-    //         publicKey: {
-    //             challenge: asciiToUint8Array("123456"),
-    //             timeout: 0,
-    //         }
-    //     };
-    //
-    //     return promiseRejects(t, "NotAllowedError",
-    //         navigator.credentials.get(options), "Operation timed out.");
-    // }, "PublicKeyCredential's [[get]] with timeout");
+    promise_test(t => {
+        const options = {
+            publicKey: {
+                challenge: asciiToUint8Array("123456"),
+                timeout: 10
+            }
+        };
 
-    promise_test(function(t) {
+        return promiseRejects(t, "NotAllowedError",
+            navigator.credentials.get(options), "Operation timed out.");
+    }, "PublicKeyCredential's [[get]] with timeout");
+
+    promise_test(t => {
         const options = {
             publicKey: {
                 rpId: "example.com",
-                challenge: asciiToUint8Array("123456"),
+                challenge: asciiToUint8Array("123456")
             }
         };
+
         return promiseRejects(t, "SecurityError",
             navigator.credentials.get(options), "The origin of the document is not a registrable domain suffix of the provided RP ID.");

trunk/LayoutTests/http/wpt/webauthn/resources/util.js

@@ -173 +173 @@
     const signature = new Uint8Array(asn1signature);
     let tmp = new Uint8Array(64);
+
     const rStart =  signature[3] - 32;
-    tmp.set(new Uint8Array(signature.slice(4 + rStart, 36 + rStart)), 0);
+    if (rStart >= 0)
+        tmp.set(new Uint8Array(signature.slice(4 + rStart, 36 + rStart)), 0);
+    else
+        tmp.set(new Uint8Array(signature.slice(4, 36 + rStart)), -rStart);
+
     const sStart =  signature[37 + rStart] - 32;
-    tmp.set(new Uint8Array(signature.slice(38 + rStart + sStart)), 32);
+    if (sStart >= 0)
+        tmp.set(new Uint8Array(signature.slice(38 + rStart + sStart)), 32);
+    else
+        tmp.set(new Uint8Array(signature.slice(38 + rStart)), 32 - sStart);
+
     return tmp.buffer;
 }

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2018-10-04  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebAuthN] Move time out control from WebProcess to UIProcess
+        https://bugs.webkit.org/show_bug.cgi?id=189642
+        <rdar://problem/44476765>
+
+        Reviewed by Chris Dumez.
+
+        Since now the control unit of WebAuthN has been moved to UI Process, i.e. AuthenticatorManager,
+        the time out timer should move to UI Process as well.
+
+        Tests: http/wpt/webauthn/public-key-credential-create-failure-local-silent.https.html
+               http/wpt/webauthn/public-key-credential-get-failure-local-silent.https.html
+
+        * Modules/webauthn/AuthenticatorCoordinator.cpp:
+        (WebCore::AuthenticatorCoordinator::create const):
+        (WebCore::AuthenticatorCoordinator::discoverFromExternalSource const):
+        (WebCore::AuthenticatorCoordinatorInternal::initTimeoutTimer): Deleted.
+        (WebCore::AuthenticatorCoordinatorInternal::didTimeoutTimerFire): Deleted.
+        * Modules/webauthn/PublicKeyCredentialCreationOptions.h:
+        (WebCore::PublicKeyCredentialCreationOptions::encode const):
+        (WebCore::PublicKeyCredentialCreationOptions::decode):
+        * Modules/webauthn/PublicKeyCredentialRequestOptions.h:
+        (WebCore::PublicKeyCredentialRequestOptions::encode const):
+        (WebCore::PublicKeyCredentialRequestOptions::decode):
+
 2018-10-04  Chris Dumez  <cdumez@apple.com>
 

trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp

@@ -39 +39 @@
 #include "PublicKeyCredentialRequestOptions.h"
 #include "SecurityOrigin.h"
-#include "Timer.h"
 #include <pal/crypto/CryptoDigest.h>
 #include <wtf/JSONValues.h>
@@ -83 +82 @@
 }
 
-// FIXME(181947): We should probably trim timeOutInMs to some max allowable number.
-static std::unique_ptr<Timer> initTimeoutTimer(std::optional<unsigned long> timeOutInMs, const CredentialPromise& promise)
-{
-    if (!timeOutInMs)
-        return nullptr;
-
-    auto timer = std::make_unique<Timer>([promise = promise] () mutable {
-        promise.reject(Exception { NotAllowedError, "Operation timed out."_s });
-    });
-    timer->startOneShot(Seconds::fromMilliseconds(*timeOutInMs));
-    return timer;
-}
-
-static bool didTimeoutTimerFire(Timer* timer)
-{
-    if (!timer)
-        return false;
-    if (!timer->isActive())
-        return true;
-    timer->stop();
-    return false;
-}
-
 } // namespace AuthenticatorCoordinatorInternal
 
@@ -131 +107 @@
     }
 
-    // Step 4 & 17.
-    std::unique_ptr<Timer> timeoutTimer = initTimeoutTimer(options.timeout, promise);
-
     // Step 5-7.
     // FIXME(181950): We lack fundamental support from SecurityOrigin to determine if a host is a valid domain or not.
@@ -157 +130 @@
     auto clientDataJsonHash = produceClientDataJsonHash(clientDataJson);
 
-    // Step 18-21.
+    // Step 4, 17-21.
     // Only platform attachments will be supported at this stage. Assuming one authenticator per device.
     // Also, resident keys, user verifications and direct attestation are enforced at this tage.
@@ -166 +139 @@
     }
 
-    auto completionHandler = [clientDataJson = WTFMove(clientDataJson), promise = WTFMove(promise), timeoutTimer = WTFMove(timeoutTimer), abortSignal = WTFMove(abortSignal)] (const WebCore::PublicKeyCredentialData& data, const WebCore::ExceptionData& exception) mutable {
-        if (didTimeoutTimerFire(timeoutTimer.get()))
-            return;
+    auto completionHandler = [clientDataJson = WTFMove(clientDataJson), promise = WTFMove(promise), abortSignal = WTFMove(abortSignal)] (const WebCore::PublicKeyCredentialData& data, const WebCore::ExceptionData& exception) mutable {
         if (abortSignal && abortSignal->aborted()) {
             promise.reject(Exception { AbortError, "Aborted by AbortSignal."_s });
@@ -199 +170 @@
     }
 
-    // Step 4 & 16.
-    std::unique_ptr<Timer> timeoutTimer = initTimeoutTimer(options.timeout, promise);
-
     // Step 5-7.
     // FIXME(181950): We lack fundamental support from SecurityOrigin to determine if a host is a valid domain or not.
@@ -217 +185 @@
     auto clientDataJsonHash = produceClientDataJsonHash(clientDataJson);
 
-    // Step 14-15, 17-19.
+    // Step 4, 14-19.
     // Only platform attachments will be supported at this stage. Assuming one authenticator per device.
     // Also, resident keys, user verifications and direct attestation are enforced at this tage.
@@ -226 +194 @@
     }
 
-    auto completionHandler = [clientDataJson = WTFMove(clientDataJson), promise = WTFMove(promise), timeoutTimer = WTFMove(timeoutTimer), abortSignal = WTFMove(abortSignal)] (const WebCore::PublicKeyCredentialData& data, const WebCore::ExceptionData& exception) mutable {
-        if (didTimeoutTimerFire(timeoutTimer.get()))
-            return;
+    auto completionHandler = [clientDataJson = WTFMove(clientDataJson), promise = WTFMove(promise), abortSignal = WTFMove(abortSignal)] (const WebCore::PublicKeyCredentialData& data, const WebCore::ExceptionData& exception) mutable {
         if (abortSignal && abortSignal->aborted()) {
             promise.reject(Exception { AbortError, "Aborted by AbortSignal."_s });

trunk/Source/WebCore/Modules/webauthn/PublicKeyCredentialCreationOptions.h

@@ -79 +79 @@
     Vector<Parameters> pubKeyCredParams;
 
-    std::optional<unsigned long> timeout;
+    std::optional<unsigned> timeout;
     Vector<PublicKeyCredentialDescriptor> excludeCredentials;
     std::optional<AuthenticatorSelectionCriteria> authenticatorSelection;
@@ -126 +126 @@
     encoder << static_cast<uint64_t>(user.id.length());
     encoder.encodeFixedLengthData(user.id.data(), user.id.length(), 1);
-    encoder << user.displayName << user.name << user.icon << pubKeyCredParams << excludeCredentials << authenticatorSelection;
+    encoder << user.displayName << user.name << user.icon << pubKeyCredParams << timeout << excludeCredentials << authenticatorSelection;
 }
 
@@ -149 +149 @@
     if (!decoder.decode(result.pubKeyCredParams))
         return std::nullopt;
+
+    std::optional<std::optional<unsigned>> timeout;
+    decoder >> timeout;
+    if (!timeout)
+        return std::nullopt;
+    result.timeout = WTFMove(*timeout);
+
     if (!decoder.decode(result.excludeCredentials))
         return std::nullopt;
@@ -156 +163 @@
     if (!authenticatorSelection)
         return std::nullopt;
-    result.authenticatorSelection = WTFMove(authenticatorSelection.value());
+    result.authenticatorSelection = WTFMove(*authenticatorSelection);
 
     return result;

trunk/Source/WebCore/Modules/webauthn/PublicKeyCredentialRequestOptions.h

@@ -36 +36 @@
 struct PublicKeyCredentialRequestOptions {
     BufferSource challenge;
-    std::optional<unsigned long> timeout;
+    std::optional<unsigned> timeout;
     mutable String rpId;
     Vector<PublicKeyCredentialDescriptor> allowCredentials;
@@ -48 +48 @@
 void PublicKeyCredentialRequestOptions::encode(Encoder& encoder) const
 {
-    encoder << rpId << allowCredentials;
+    encoder << timeout << rpId << allowCredentials;
 }
 
@@ -55 +55 @@
 {
     PublicKeyCredentialRequestOptions result;
+
+    std::optional<std::optional<unsigned>> timeout;
+    decoder >> timeout;
+    if (!timeout)
+        return std::nullopt;
+    result.timeout = WTFMove(*timeout);
+
     if (!decoder.decode(result.rpId))
         return std::nullopt;

trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj

@@ -18820 +18820 @@
                         sourceTree = "<group>";
                 };
-                574F55DD204F3744002948C6 /* cocoa */ = {
-                        isa = PBXGroup;
-                        children = (
-                        );
-                        path = cocoa;
-                        sourceTree = "<group>";
-                };
                 57C7A6881E56946D00C67D71 /* credentialmanagement */ = {
                         isa = PBXGroup;
@@ -18868 +18861 @@
                         children = (
                                 57303BB32006C6ED00355965 /* cbor */,
-                                574F55DD204F3744002948C6 /* cocoa */,
                                 57303C272009B2FC00355965 /* AuthenticatorAssertionResponse.h */,
                                 57303C292009B2FC00355965 /* AuthenticatorAssertionResponse.idl */,

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2018-10-04  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebAuthN] Move time out control from WebProcess to UIProcess
+        https://bugs.webkit.org/show_bug.cgi?id=189642
+        <rdar://problem/44476765>
+
+        Reviewed by Chris Dumez.
+
+        Besides adding a time out timer in the AuthenticatorManager, this patch also adds a new
+        option in MockWebAuthenticationConfiguration to turn on silent failure which is the
+        default policy of treating authenticators' error as suggested by spec.
+
+        * UIProcess/API/C/WKWebsiteDataStoreRef.cpp:
+        (WKWebsiteDataStoreSetWebAuthenticationMockConfiguration):
+        * UIProcess/WebAuthentication/AuthenticatorManager.cpp:
+        (WebKit::AuthenticatorManagerInternal::collectTransports):
+        (WebKit::AuthenticatorManager::makeCredential):
+        (WebKit::AuthenticatorManager::getAssertion):
+        (WebKit::AuthenticatorManager::respondReceived):
+        (WebKit::AuthenticatorManager::initTimeOutTimer):
+        * UIProcess/WebAuthentication/AuthenticatorManager.h:
+        (WebKit::AuthenticatorManager::requestTimeOutTimer):
+        * UIProcess/WebAuthentication/Mock/MockAuthenticatorManager.cpp:
+        (WebKit::MockAuthenticatorManager::respondReceivedInternal):
+        * UIProcess/WebAuthentication/Mock/MockWebAuthenticationConfiguration.h:
+
 2018-10-04  Yuhan Wu  <yuhan_wu@apple.com>
 

trunk/Source/WebKit/UIProcess/API/C/WKWebsiteDataStoreRef.cpp

@@ -578 +578 @@
     MockWebAuthenticationConfiguration configuration;
 
+    auto silentFailureRef = static_cast<WKBooleanRef>(WKDictionaryGetItemForKey(configurationRef, adoptWK(WKStringCreateWithUTF8CString("SilentFailure")).get()));
+    if (silentFailureRef)
+        configuration.silentFailure = WKBooleanGetValue(silentFailureRef);
+
     auto localRef = static_cast<WKDictionaryRef>(WKDictionaryGetItemForKey(configurationRef, adoptWK(WKStringCreateWithUTF8CString("Local")).get()));
     if (localRef) {

trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp

@@ -39 +39 @@
 
 const size_t maxTransportNumber = 1;
+// Suggested by WebAuthN spec as of 7 August 2018.
+const unsigned maxTimeOutValue = 120000;
 
 // FIXME(188623, 188624, 188625): Support USB, NFC and BLE authenticators.
@@ -50 +52 @@
     }
 
-    if (authenticatorSelection.value().authenticatorAttachment == PublicKeyCredentialCreationOptions::AuthenticatorAttachment::Platform) {
+    if (authenticatorSelection->authenticatorAttachment == PublicKeyCredentialCreationOptions::AuthenticatorAttachment::Platform) {
         auto addResult = result.add(AuthenticatorTransport::Internal);
         ASSERT_UNUSED(addResult, addResult.isNewEntry);
         return result;
     }
-    if (authenticatorSelection.value().authenticatorAttachment == PublicKeyCredentialCreationOptions::AuthenticatorAttachment::CrossPlatform)
+    if (authenticatorSelection->authenticatorAttachment == PublicKeyCredentialCreationOptions::AuthenticatorAttachment::CrossPlatform)
         return result;
 
@@ -105 +107 @@
     m_pendingRequestData = { hash, true, options, { } };
     m_pendingCompletionHandler = WTFMove(callback);
+    initTimeOutTimer(options.timeout);
 
     // 2. Get available transports and start discovering authenticators on them.
@@ -122 +125 @@
     m_pendingRequestData = { hash, false, { }, options };
     m_pendingCompletionHandler = WTFMove(callback);
+    initTimeOutTimer(options.timeout);
 
     // 2. Get available transports and start discovering authenticators on them.
@@ -148 +152 @@
 {
     ASSERT(RunLoop::isMain());
+    ASSERT(m_requestTimeOutTimer);
+    if (!m_requestTimeOutTimer->isActive())
+        return;
+
     ASSERT(m_pendingCompletionHandler);
-    // FIXME(189642)
     if (WTF::holds_alternative<PublicKeyCredentialData>(respond)) {
         m_pendingCompletionHandler(WTFMove(respond));
         clearState();
+        m_requestTimeOutTimer->stop();
         return;
     }
@@ -179 +187 @@
 }
 
+void AuthenticatorManager::initTimeOutTimer(const std::optional<unsigned>& timeOutInMs)
+{
+    using namespace AuthenticatorManagerInternal;
+
+    unsigned timeOutInMsValue = std::min(maxTimeOutValue, timeOutInMs.value_or(maxTimeOutValue));
+
+    m_requestTimeOutTimer = std::make_unique<Timer>([context = this]() mutable {
+        context->m_pendingCompletionHandler((ExceptionData { NotAllowedError, "Operation timed out."_s }));
+        context->clearState();
+    });
+    m_requestTimeOutTimer->startOneShot(Seconds::fromMilliseconds(timeOutInMsValue));
+}
+
 } // namespace WebKit
 

trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.h

@@ -33 +33 @@
 #include <WebCore/ExceptionData.h>
 #include <WebCore/PublicKeyCredentialData.h>
+#include <WebCore/Timer.h>
 #include <wtf/CompletionHandler.h>
 #include <wtf/HashSet.h>
@@ -58 +59 @@
 protected:
     Callback& pendingCompletionHandler() { return m_pendingCompletionHandler; }
+    WebCore::Timer* requestTimeOutTimer() { return m_requestTimeOutTimer.get(); }
     void clearState();
 
@@ -73 +75 @@
 
     void startDiscovery(const TransportSet&);
+    void initTimeOutTimer(const std::optional<unsigned>& timeOutInMs);
 
     // Request: We only allow one request per time.
     WebAuthenticationRequestData m_pendingRequestData;
     Callback m_pendingCompletionHandler;
+    std::unique_ptr<WebCore::Timer> m_requestTimeOutTimer;
 
     Vector<UniqueRef<AuthenticatorTransportService>> m_services;

trunk/Source/WebKit/UIProcess/WebAuthentication/Mock/MockAuthenticatorManager.cpp

@@ -43 +43 @@
 void MockAuthenticatorManager::respondReceivedInternal(Respond&& respond)
 {
+    if (m_testConfiguration.silentFailure)
+        return;
+
     pendingCompletionHandler()(WTFMove(respond));
     clearState();
+    requestTimeOutTimer()->stop();
 }
 

trunk/Source/WebKit/UIProcess/WebAuthentication/Mock/MockWebAuthenticationConfiguration.h

@@ -39 +39 @@
     };
 
+    bool silentFailure { false };
     std::optional<Local> local;
 };

trunk/Tools/ChangeLog

@@ +1 @@
+2018-10-04  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebAuthN] Move time out control from WebProcess to UIProcess
+        https://bugs.webkit.org/show_bug.cgi?id=189642
+        <rdar://problem/44476765>
+
+        Reviewed by Chris Dumez.
+
+        * WebKitTestRunner/InjectedBundle/TestRunner.cpp:
+        (WTR::TestRunner::setWebAuthenticationMockConfiguration):
+
 2018-10-04  YUHAN WU  <yuhan_wu@apple.com>
 

trunk/Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp

@@ -2356 +2356 @@
     Vector<WKRetainPtr<WKTypeRef>> configurationValues;
 
+    JSRetainPtr<JSStringRef> silentFailurePropertyName(Adopt, JSStringCreateWithUTF8CString("silentFailure"));
+    JSValueRef silentFailureValue = JSObjectGetProperty(context, configuration, silentFailurePropertyName.get(), 0);
+    if (!JSValueIsUndefined(context, silentFailureValue)) {
+        if (!JSValueIsBoolean(context, silentFailureValue))
+            return;
+        bool silentFailure = JSValueToBoolean(context, silentFailureValue);
+        configurationKeys.append({ AdoptWK, WKStringCreateWithUTF8CString("SilentFailure") });
+        configurationValues.append(adoptWK(WKBooleanCreate(silentFailure)).get());
+    }
+
     JSRetainPtr<JSStringRef> localPropertyName(Adopt, JSStringCreateWithUTF8CString("local"));
     JSValueRef localValue = JSObjectGetProperty(context, configuration, localPropertyName.get(), 0);
-    if (!JSValueIsNull(context, localValue)) {
+    if (!JSValueIsUndefined(context, localValue) && !JSValueIsNull(context, localValue)) {
         if (!JSValueIsObject(context, localValue))
             return;