Changeset 253398 in webkit

Timestamp:

Dec 11, 2019 3:19:08 PM (4 years ago)

Author:

jiewen_tan@apple.com

Message:

[WebAuthn] Combine AuthenticatorResponse and PublicKeyCredentialData
​https://bugs.webkit.org/show_bug.cgi?id=190783
<rdar://problem/57781183>

Reviewed by Brent Fulgham.

Source/WebCore:

This patch combines AuthenticatorResponse and PublicKeyCredentialData, and therefore renames
PublicKeyCredentialData to AuthenticatorResponseData as well. The complexity of WebKit's CTAP
implementation has reached the point that PublicKeyCredentialData is not appropriate to represent
all the different type of responses from authenticators anymore. For example, authenticatorGetNextAssertion
depends on the numberOfCredentials member from authenticatorGetAssertion response to function, but
numberOfCredentials is not used anywhere else. Therefore, a polymorphic type is needed to
represent different responses from authenticators instead of an uniform one, i.e., PublicKeyCredentialData.

AuthenticatorResponse seems to be the best fit. However, there are some limitations:
1) it is a WebIDL interface, and therefore is RefCounted. RefCounted objects cannot be serialized through
IPC. To solve this, AuthenticatorResponseData (PublicKeyCredentialData) is kept as an intermediate type
that is only used during IPC.
2) it doesn't contain all the information from an actual authenticator response. To solve this, it
has been enlarged to include all members from PublicKeyCredential. After this patch, PublicKeyCredential
will be a thin wrapper on top of AuthenticatorResponse.

Covered by existing tests.

• CMakeLists.txt:
• DerivedSources-input.xcfilelist:
• DerivedSources-output.xcfilelist:
• DerivedSources.make:
• Headers.cmake:
• Modules/webauthn/AuthenticationExtensionsClientOutputs.h: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.
• Modules/webauthn/AuthenticationExtensionsClientOutputs.idl: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.

This is separated from PublicKeyCredential such that AuthenticatorResponse can include it.

• Modules/webauthn/AuthenticatorAssertionResponse.cpp: Added.

(WebCore::AuthenticatorAssertionResponse::create):
(WebCore::AuthenticatorAssertionResponse::AuthenticatorAssertionResponse):
(WebCore::AuthenticatorAssertionResponse::data const):

• Modules/webauthn/AuthenticatorAssertionResponse.h:

(WebCore::AuthenticatorAssertionResponse::create): Deleted.
(WebCore::AuthenticatorAssertionResponse::AuthenticatorAssertionResponse): Deleted.

• Modules/webauthn/AuthenticatorAttestationResponse.cpp: Copied from Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.h.

(WebCore::AuthenticatorAttestationResponse::create):
(WebCore::AuthenticatorAttestationResponse::AuthenticatorAttestationResponse):
(WebCore::AuthenticatorAttestationResponse::data const):

• Modules/webauthn/AuthenticatorAttestationResponse.h:

(WebCore::AuthenticatorAttestationResponse::create): Deleted.
(WebCore::AuthenticatorAttestationResponse::AuthenticatorAttestationResponse): Deleted.

• Modules/webauthn/AuthenticatorCoordinator.cpp:

(WebCore::AuthenticatorCoordinator::create const):
(WebCore::AuthenticatorCoordinator::discoverFromExternalSource const):

• Modules/webauthn/AuthenticatorCoordinatorClient.h:
• Modules/webauthn/AuthenticatorResponse.cpp: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.cpp.

(WebCore::AuthenticatorResponse::tryCreate):
(WebCore::AuthenticatorResponse::data const):
(WebCore::AuthenticatorResponse::extensions const):
(WebCore::AuthenticatorResponse::setClientDataJSON):
(WebCore::AuthenticatorResponse::clientDataJSON const):
(WebCore::AuthenticatorResponse::AuthenticatorResponse):

• Modules/webauthn/AuthenticatorResponse.h:

(WebCore::AuthenticatorResponse::rawId const):
(WebCore::AuthenticatorResponse::setExtensions):
(WebCore::AuthenticatorResponse::AuthenticatorResponse): Deleted.
(WebCore::AuthenticatorResponse::clientDataJSON const): Deleted.

• Modules/webauthn/AuthenticatorResponseData.h: Renamed from Source/WebCore/Modules/webauthn/PublicKeyCredentialData.h.

(WebCore::AuthenticatorResponseData::encode const):
(WebCore::AuthenticatorResponseData::decode):

• Modules/webauthn/PublicKeyCredential.cpp:

(WebCore::PublicKeyCredential::create):
(WebCore::PublicKeyCredential::rawId const):
(WebCore::PublicKeyCredential::getClientExtensionResults const):
(WebCore::PublicKeyCredential::PublicKeyCredential):
(WebCore::PublicKeyCredential::tryCreate): Deleted.

• Modules/webauthn/PublicKeyCredential.h:
• Modules/webauthn/PublicKeyCredential.idl:
• Modules/webauthn/fido/DeviceResponseConverter.cpp:

(fido::readCTAPMakeCredentialResponse):
(fido::readCTAPGetAssertionResponse):

• Modules/webauthn/fido/DeviceResponseConverter.h:

A more appropriate derived type of AuthenticatorResponse is used to replace PublicKeyCredentialData.

• Modules/webauthn/fido/U2fResponseConverter.cpp:

(fido::readU2fRegisterResponse):
(fido::readU2fSignResponse):

• Modules/webauthn/fido/U2fResponseConverter.h:

A more appropriate derived type of AuthenticatorResponse is used to replace PublicKeyCredentialData.

• Sources.txt:
• WebCore.xcodeproj/project.pbxproj:

Source/WebKit:

Code in WebKit are changed to use AuthenticatorResponse and its subtypes.

• UIProcess/WebAuthentication/Authenticator.h:
• UIProcess/WebAuthentication/AuthenticatorManager.cpp:

(WebKit::AuthenticatorManager::respondReceived):
(WebKit::AuthenticatorManager::invokePendingCompletionHandler):

• UIProcess/WebAuthentication/AuthenticatorManager.h:
• UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:

(WebKit::LocalAuthenticator::continueMakeCredentialAfterAttested):
(WebKit::LocalAuthenticator::continueGetAssertionAfterUserConsented):

• UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp:

(WebKit::WebAuthenticatorCoordinatorProxy::handleRequest):

• UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h:
• UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.messages.in:
• UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:

(WebKit::CtapAuthenticator::continueMakeCredentialAfterResponseReceived const):
(WebKit::CtapAuthenticator::continueGetAssertionAfterResponseReceived):

• UIProcess/WebAuthentication/fido/U2fAuthenticator.cpp:

(WebKit::U2fAuthenticator::continueRegisterCommandAfterResponseReceived):
(WebKit::U2fAuthenticator::continueSignCommandAfterResponseReceived):

• WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp:

Tools:

• TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp:

(TestWebKitAPI::TEST):
Updates tests accordingly.

Location:

trunk

Files:

• Source/WebCore/CMakeLists.txt (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/DerivedSources-input.xcfilelist (modified) (1 diff)
• Source/WebCore/DerivedSources-output.xcfilelist (modified) (1 diff)
• Source/WebCore/DerivedSources.make (modified) (1 diff)
• Source/WebCore/Headers.cmake (modified) (1 diff)
• Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.h (copied) (copied from trunk/Source/WebCore/Modules/webauthn/PublicKeyCredential.idl) (2 diffs)
• Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.idl (copied) (copied from trunk/Source/WebCore/Modules/webauthn/PublicKeyCredential.idl) (2 diffs)
• Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.cpp (added)
• Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.h (modified) (2 diffs)
• Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.cpp (copied) (copied from trunk/Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.h) (2 diffs)
• Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.h (modified) (2 diffs)
• Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp (modified) (6 diffs)
• Source/WebCore/Modules/webauthn/AuthenticatorCoordinatorClient.h (modified) (1 diff)
• Source/WebCore/Modules/webauthn/AuthenticatorResponse.cpp (copied) (copied from trunk/Source/WebCore/Modules/webauthn/PublicKeyCredential.cpp) (5 diffs)
• Source/WebCore/Modules/webauthn/AuthenticatorResponse.h (modified) (3 diffs)
• Source/WebCore/Modules/webauthn/AuthenticatorResponseData.h (moved) (moved from trunk/Source/WebCore/Modules/webauthn/PublicKeyCredentialData.h) (3 diffs)
• Source/WebCore/Modules/webauthn/PublicKeyCredential.cpp (modified) (3 diffs)
• Source/WebCore/Modules/webauthn/PublicKeyCredential.h (modified) (4 diffs)
• Source/WebCore/Modules/webauthn/PublicKeyCredential.idl (modified) (1 diff)
• Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp (modified) (5 diffs)
• Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.h (modified) (2 diffs)
• Source/WebCore/Modules/webauthn/fido/U2fResponseConverter.cpp (modified) (3 diffs)
• Source/WebCore/Modules/webauthn/fido/U2fResponseConverter.h (modified) (2 diffs)
• Source/WebCore/Sources.txt (modified) (2 diffs)
• Source/WebCore/WebCore.xcodeproj/project.pbxproj (modified) (14 diffs)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/UIProcess/WebAuthentication/Authenticator.h (modified) (2 diffs)
• Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp (modified) (2 diffs)
• Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.h (modified) (2 diffs)
• Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm (modified) (3 diffs)
• Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp (modified) (2 diffs)
• Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h (modified) (2 diffs)
• Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.messages.in (modified) (1 diff)
• Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp (modified) (2 diffs)
• Source/WebKit/UIProcess/WebAuthentication/fido/U2fAuthenticator.cpp (modified) (3 diffs)
• Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp (modified) (5 diffs)

trunk/Source/WebCore/CMakeLists.txt

@@ -462 +462 @@
     Modules/webauthn/AttestationConveyancePreference.idl
     Modules/webauthn/AuthenticationExtensionsClientInputs.idl
+    Modules/webauthn/AuthenticationExtensionsClientOutputs.idl
     Modules/webauthn/AuthenticatorAssertionResponse.idl
     Modules/webauthn/AuthenticatorAttestationResponse.idl

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2019-12-11  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebAuthn] Combine AuthenticatorResponse and PublicKeyCredentialData
+        https://bugs.webkit.org/show_bug.cgi?id=190783
+        <rdar://problem/57781183>
+
+        Reviewed by Brent Fulgham.
+
+        This patch combines AuthenticatorResponse and PublicKeyCredentialData, and therefore renames
+        PublicKeyCredentialData to AuthenticatorResponseData as well. The complexity of WebKit's CTAP
+        implementation has reached the point that PublicKeyCredentialData is not appropriate to represent
+        all the different type of responses from authenticators anymore. For example, authenticatorGetNextAssertion
+        depends on the numberOfCredentials member from authenticatorGetAssertion response to function, but
+        numberOfCredentials is not used anywhere else. Therefore, a polymorphic type is needed to
+        represent different responses from authenticators instead of an uniform one, i.e., PublicKeyCredentialData.
+
+        AuthenticatorResponse seems to be the best fit. However, there are some limitations:
+        1) it is a WebIDL interface, and therefore is RefCounted. RefCounted objects cannot be serialized through
+        IPC. To solve this, AuthenticatorResponseData (PublicKeyCredentialData) is kept as an intermediate type
+        that is only used during IPC.
+        2) it doesn't contain all the information from an actual authenticator response. To solve this, it
+        has been enlarged to include all members from PublicKeyCredential. After this patch, PublicKeyCredential
+        will be a thin wrapper on top of AuthenticatorResponse.
+
+        Covered by existing tests.
+
+        * CMakeLists.txt:
+        * DerivedSources-input.xcfilelist:
+        * DerivedSources-output.xcfilelist:
+        * DerivedSources.make:
+        * Headers.cmake:
+        * Modules/webauthn/AuthenticationExtensionsClientOutputs.h: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.
+        * Modules/webauthn/AuthenticationExtensionsClientOutputs.idl: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.
+        This is separated from PublicKeyCredential such that AuthenticatorResponse can include it.
+        * Modules/webauthn/AuthenticatorAssertionResponse.cpp: Added.
+        (WebCore::AuthenticatorAssertionResponse::create):
+        (WebCore::AuthenticatorAssertionResponse::AuthenticatorAssertionResponse):
+        (WebCore::AuthenticatorAssertionResponse::data const):
+        * Modules/webauthn/AuthenticatorAssertionResponse.h:
+        (WebCore::AuthenticatorAssertionResponse::create): Deleted.
+        (WebCore::AuthenticatorAssertionResponse::AuthenticatorAssertionResponse): Deleted.
+        * Modules/webauthn/AuthenticatorAttestationResponse.cpp: Copied from Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.h.
+        (WebCore::AuthenticatorAttestationResponse::create):
+        (WebCore::AuthenticatorAttestationResponse::AuthenticatorAttestationResponse):
+        (WebCore::AuthenticatorAttestationResponse::data const):
+        * Modules/webauthn/AuthenticatorAttestationResponse.h:
+        (WebCore::AuthenticatorAttestationResponse::create): Deleted.
+        (WebCore::AuthenticatorAttestationResponse::AuthenticatorAttestationResponse): Deleted.
+        * Modules/webauthn/AuthenticatorCoordinator.cpp:
+        (WebCore::AuthenticatorCoordinator::create const):
+        (WebCore::AuthenticatorCoordinator::discoverFromExternalSource const):
+        * Modules/webauthn/AuthenticatorCoordinatorClient.h:
+        * Modules/webauthn/AuthenticatorResponse.cpp: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.cpp.
+        (WebCore::AuthenticatorResponse::tryCreate):
+        (WebCore::AuthenticatorResponse::data const):
+        (WebCore::AuthenticatorResponse::extensions const):
+        (WebCore::AuthenticatorResponse::setClientDataJSON):
+        (WebCore::AuthenticatorResponse::clientDataJSON const):
+        (WebCore::AuthenticatorResponse::AuthenticatorResponse):
+        * Modules/webauthn/AuthenticatorResponse.h:
+        (WebCore::AuthenticatorResponse::rawId const):
+        (WebCore::AuthenticatorResponse::setExtensions):
+        (WebCore::AuthenticatorResponse::AuthenticatorResponse): Deleted.
+        (WebCore::AuthenticatorResponse::clientDataJSON const): Deleted.
+        * Modules/webauthn/AuthenticatorResponseData.h: Renamed from Source/WebCore/Modules/webauthn/PublicKeyCredentialData.h.
+        (WebCore::AuthenticatorResponseData::encode const):
+        (WebCore::AuthenticatorResponseData::decode):
+        * Modules/webauthn/PublicKeyCredential.cpp:
+        (WebCore::PublicKeyCredential::create):
+        (WebCore::PublicKeyCredential::rawId const):
+        (WebCore::PublicKeyCredential::getClientExtensionResults const):
+        (WebCore::PublicKeyCredential::PublicKeyCredential):
+        (WebCore::PublicKeyCredential::tryCreate): Deleted.
+        * Modules/webauthn/PublicKeyCredential.h:
+        * Modules/webauthn/PublicKeyCredential.idl:
+        * Modules/webauthn/fido/DeviceResponseConverter.cpp:
+        (fido::readCTAPMakeCredentialResponse):
+        (fido::readCTAPGetAssertionResponse):
+        * Modules/webauthn/fido/DeviceResponseConverter.h:
+        A more appropriate derived type of AuthenticatorResponse is used to replace PublicKeyCredentialData.
+        * Modules/webauthn/fido/U2fResponseConverter.cpp:
+        (fido::readU2fRegisterResponse):
+        (fido::readU2fSignResponse):
+        * Modules/webauthn/fido/U2fResponseConverter.h:
+        A more appropriate derived type of AuthenticatorResponse is used to replace PublicKeyCredentialData.
+        * Sources.txt:
+        * WebCore.xcodeproj/project.pbxproj:
+
 2019-12-11  Eric Carlson  <eric.carlson@apple.com>
 

trunk/Source/WebCore/DerivedSources-input.xcfilelist

@@ -315 +315 @@
 $(PROJECT_DIR)/Modules/webauthn/AttestationConveyancePreference.idl
 $(PROJECT_DIR)/Modules/webauthn/AuthenticationExtensionsClientInputs.idl
+$(PROJECT_DIR)/Modules/webauthn/AuthenticationExtensionsClientOutputs.idl
 $(PROJECT_DIR)/Modules/webauthn/AuthenticatorAssertionResponse.idl
 $(PROJECT_DIR)/Modules/webauthn/AuthenticatorAttestationResponse.idl

trunk/Source/WebCore/DerivedSources-output.xcfilelist

@@ -161 +161 @@
 $(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSAuthenticationExtensionsClientInputs.cpp
 $(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSAuthenticationExtensionsClientInputs.h
+$(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSAuthenticationExtensionsClientOutputs.cpp
+$(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSAuthenticationExtensionsClientOutputs.h
 $(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSAuthenticatorAssertionResponse.cpp
 $(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSAuthenticatorAssertionResponse.h

trunk/Source/WebCore/DerivedSources.make

@@ -374 +374 @@
     $(WebCore)/Modules/webauthn/AttestationConveyancePreference.idl \
     $(WebCore)/Modules/webauthn/AuthenticationExtensionsClientInputs.idl \
+    $(WebCore)/Modules/webauthn/AuthenticationExtensionsClientOutputs.idl \
     $(WebCore)/Modules/webauthn/AuthenticatorAssertionResponse.idl \
     $(WebCore)/Modules/webauthn/AuthenticatorAttestationResponse.idl \

trunk/Source/WebCore/Headers.cmake

@@ -113 +113 @@
     Modules/webauthn/AttestationConveyancePreference.h
     Modules/webauthn/AuthenticationExtensionsClientInputs.h
+    Modules/webauthn/AuthenticationExtensionsClientOutputs.h
     Modules/webauthn/AuthenticatorCoordinator.h
     Modules/webauthn/AuthenticatorCoordinatorClient.h
+    Modules/webauthn/AuthenticatorResponseData.h
     Modules/webauthn/AuthenticatorTransport.h
     Modules/webauthn/PublicKeyCredentialCreationOptions.h
-    Modules/webauthn/PublicKeyCredentialData.h
     Modules/webauthn/PublicKeyCredentialDescriptor.h
     Modules/webauthn/PublicKeyCredentialRequestOptions.h

trunk/Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -24 +24 @@
  */
 
-[
-    Conditional=WEB_AUTHN,
-    EnabledAtRuntime=WebAuthentication,
-    Exposed=Window,
-    SecureContext,
-] interface PublicKeyCredential : BasicCredential {
-    [SameObject] readonly attribute ArrayBuffer rawId;
-    [SameObject] readonly attribute AuthenticatorResponse response;
-    AuthenticationExtensionsClientOutputs getClientExtensionResults();
+#pragma once
 
-    [CallWith=Document] static Promise<boolean> isUserVerifyingPlatformAuthenticatorAvailable();
+#if ENABLE(WEB_AUTHN)
+
+namespace WebCore {
+
+struct AuthenticationExtensionsClientOutputs {
+    Optional<bool> appid;
 };
 
-[
-    Conditional=WEB_AUTHN,
-    JSGenerateToJSObject,
-] dictionary AuthenticationExtensionsClientOutputs {
-    boolean appid;
-};
+} // namespace WebCore
+
+#endif // ENABLE(WEB_AUTHN)

trunk/Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.idl

@@ -1 +1 @@
 /*
- * Copyright (C) 2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26 +26 @@
 [
     Conditional=WEB_AUTHN,
-    EnabledAtRuntime=WebAuthentication,
-    Exposed=Window,
-    SecureContext,
-] interface PublicKeyCredential : BasicCredential {
-    [SameObject] readonly attribute ArrayBuffer rawId;
-    [SameObject] readonly attribute AuthenticatorResponse response;
-    AuthenticationExtensionsClientOutputs getClientExtensionResults();
-
-    [CallWith=Document] static Promise<boolean> isUserVerifyingPlatformAuthenticatorAvailable();
-};
-
-[
-    Conditional=WEB_AUTHN,
     JSGenerateToJSObject,
 ] dictionary AuthenticationExtensionsClientOutputs {

trunk/Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.h

@@ -34 +34 @@
 class AuthenticatorAssertionResponse : public AuthenticatorResponse {
 public:
-    static Ref<AuthenticatorAssertionResponse> create(Ref<ArrayBuffer>&& clientDataJSON, Ref<ArrayBuffer>&& authenticatorData, Ref<ArrayBuffer>&& signature, RefPtr<ArrayBuffer>&& userHandle)
-    {
-        return adoptRef(*new AuthenticatorAssertionResponse(WTFMove(clientDataJSON), WTFMove(authenticatorData), WTFMove(signature), WTFMove(userHandle)));
-    }
-
+    static Ref<AuthenticatorAssertionResponse> create(Ref<ArrayBuffer>&& rawId, Ref<ArrayBuffer>&& authenticatorData, Ref<ArrayBuffer>&& signature, RefPtr<ArrayBuffer>&& userHandle, Optional<AuthenticationExtensionsClientOutputs>&&);
+    WEBCORE_EXPORT static Ref<AuthenticatorAssertionResponse> create(const Vector<uint8_t>& rawId, const Vector<uint8_t>& authenticatorData, const Vector<uint8_t>& signature,  const Vector<uint8_t>& userHandle);
     virtual ~AuthenticatorAssertionResponse() = default;
 
@@ -46 +43 @@
 
 private:
-    AuthenticatorAssertionResponse(Ref<ArrayBuffer>&& clientDataJSON, Ref<ArrayBuffer>&& authenticatorData, Ref<ArrayBuffer>&& signature, RefPtr<ArrayBuffer>&& userHandle)
-        : AuthenticatorResponse(WTFMove(clientDataJSON))
-        , m_authenticatorData(WTFMove(authenticatorData))
-        , m_signature(WTFMove(signature))
-        , m_userHandle(WTFMove(userHandle))
-    {
-    }
+    AuthenticatorAssertionResponse(Ref<ArrayBuffer>&&, Ref<ArrayBuffer>&&, Ref<ArrayBuffer>&&, RefPtr<ArrayBuffer>&&);
 
     Type type() const final { return Type::Assertion; }
+    AuthenticatorResponseData data() const final;
 
     Ref<ArrayBuffer> m_authenticatorData;

trunk/Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -24 +24 @@
  */
 
-#pragma once
+#include "config.h"
+#include "AuthenticatorAttestationResponse.h"
 
 #if ENABLE(WEB_AUTHN)
 
-#include "AuthenticatorResponse.h"
+#include "AuthenticatorResponseData.h"
 
 namespace WebCore {
 
-class AuthenticatorAttestationResponse : public AuthenticatorResponse {
-public:
-    static Ref<AuthenticatorAttestationResponse> create(Ref<ArrayBuffer>&& clientDataJSON, Ref<ArrayBuffer>&& attestationObject)
-    {
-        return adoptRef(*new AuthenticatorAttestationResponse(WTFMove(clientDataJSON), WTFMove(attestationObject)));
-    }
+Ref<AuthenticatorAttestationResponse> AuthenticatorAttestationResponse::create(Ref<ArrayBuffer>&& rawId, Ref<ArrayBuffer>&& attestationObject)
+{
+    return adoptRef(*new AuthenticatorAttestationResponse(WTFMove(rawId), WTFMove(attestationObject)));
+}
 
-    virtual ~AuthenticatorAttestationResponse() = default;
+Ref<AuthenticatorAttestationResponse> AuthenticatorAttestationResponse::create(const Vector<uint8_t>& rawId, const Vector<uint8_t>& attestationObject)
+{
+    return create(ArrayBuffer::create(rawId.data(), rawId.size()), ArrayBuffer::create(attestationObject.data(), attestationObject.size()));
+}
 
-    ArrayBuffer* attestationObject() const { return m_attestationObject.ptr(); }
+AuthenticatorAttestationResponse::AuthenticatorAttestationResponse(Ref<ArrayBuffer>&& rawId, Ref<ArrayBuffer>&& attestationObject)
+    : AuthenticatorResponse(WTFMove(rawId))
+    , m_attestationObject(WTFMove(attestationObject))
+{
+}
 
-private:
-    AuthenticatorAttestationResponse(Ref<ArrayBuffer>&& clientDataJSON, Ref<ArrayBuffer>&& attestationObject)
-        : AuthenticatorResponse(WTFMove(clientDataJSON))
-        , m_attestationObject(WTFMove(attestationObject))
-    {
-    }
-
-    Type type() const final { return Type::Attestation; }
-
-    Ref<ArrayBuffer> m_attestationObject;
-};
+AuthenticatorResponseData AuthenticatorAttestationResponse::data() const
+{
+    auto data = AuthenticatorResponse::data();
+    data.isAuthenticatorAttestationResponse = true;
+    data.attestationObject = m_attestationObject.copyRef();
+    return data;
+}
 
 } // namespace WebCore
 
-SPECIALIZE_TYPE_TRAITS_AUTHENTICATOR_RESPONSE(AuthenticatorAttestationResponse, AuthenticatorResponse::Type::Attestation)
-
 #endif // ENABLE(WEB_AUTHN)

trunk/Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.h

@@ -34 +34 @@
 class AuthenticatorAttestationResponse : public AuthenticatorResponse {
 public:
-    static Ref<AuthenticatorAttestationResponse> create(Ref<ArrayBuffer>&& clientDataJSON, Ref<ArrayBuffer>&& attestationObject)
-    {
-        return adoptRef(*new AuthenticatorAttestationResponse(WTFMove(clientDataJSON), WTFMove(attestationObject)));
-    }
+    static Ref<AuthenticatorAttestationResponse> create(Ref<ArrayBuffer>&& rawId, Ref<ArrayBuffer>&& attestationObject);
+    WEBCORE_EXPORT static Ref<AuthenticatorAttestationResponse> create(const Vector<uint8_t>& rawId, const Vector<uint8_t>& attestationObject);
 
     virtual ~AuthenticatorAttestationResponse() = default;
@@ -44 +42 @@
 
 private:
-    AuthenticatorAttestationResponse(Ref<ArrayBuffer>&& clientDataJSON, Ref<ArrayBuffer>&& attestationObject)
-        : AuthenticatorResponse(WTFMove(clientDataJSON))
-        , m_attestationObject(WTFMove(attestationObject))
-    {
-    }
+    AuthenticatorAttestationResponse(Ref<ArrayBuffer>&&, Ref<ArrayBuffer>&&);
 
     Type type() const final { return Type::Attestation; }
+    AuthenticatorResponseData data() const final;
 
     Ref<ArrayBuffer> m_attestationObject;

trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp

@@ -33 +33 @@
 #include "AuthenticatorAttestationResponse.h"
 #include "AuthenticatorCoordinatorClient.h"
+#include "AuthenticatorResponseData.h"
 #include "Document.h"
 #include "JSBasicCredential.h"
@@ -38 +39 @@
 #include "PublicKeyCredential.h"
 #include "PublicKeyCredentialCreationOptions.h"
-#include "PublicKeyCredentialData.h"
 #include "PublicKeyCredentialRequestOptions.h"
 #include "RegistrableDomain.h"
@@ -186 +186 @@
     }
 
-    auto callback = [clientDataJson = WTFMove(clientDataJson), promise = WTFMove(promise), abortSignal = WTFMove(abortSignal)] (PublicKeyCredentialData&& data, ExceptionData&& exception) mutable {
+    auto callback = [clientDataJson = WTFMove(clientDataJson), promise = WTFMove(promise), abortSignal = WTFMove(abortSignal)] (AuthenticatorResponseData&& data, ExceptionData&& exception) mutable {
         if (abortSignal && abortSignal->aborted()) {
             promise.reject(Exception { AbortError, "Aborted by AbortSignal."_s });
@@ -192 +192 @@
         }
 
-        data.clientDataJSON = WTFMove(clientDataJson);
-        if (auto publicKeyCredential = PublicKeyCredential::tryCreate(WTFMove(data))) {
-            promise.resolve(publicKeyCredential.get());
+        if (auto response = AuthenticatorResponse::tryCreate(WTFMove(data))) {
+            response->setClientDataJSON(WTFMove(clientDataJson));
+            promise.resolve(PublicKeyCredential::create(response.releaseNonNull()).ptr());
             return;
         }
@@ -257 +257 @@
     }
 
-    auto callback = [clientDataJson = WTFMove(clientDataJson), promise = WTFMove(promise), abortSignal = WTFMove(abortSignal)] (PublicKeyCredentialData&& data, ExceptionData&& exception) mutable {
+    auto callback = [clientDataJson = WTFMove(clientDataJson), promise = WTFMove(promise), abortSignal = WTFMove(abortSignal)] (AuthenticatorResponseData&& data, ExceptionData&& exception) mutable {
         if (abortSignal && abortSignal->aborted()) {
             promise.reject(Exception { AbortError, "Aborted by AbortSignal."_s });
@@ -263 +263 @@
         }
 
-        data.clientDataJSON = WTFMove(clientDataJson);
-        if (auto publicKeyCredential = PublicKeyCredential::tryCreate(WTFMove(data))) {
-            promise.resolve(publicKeyCredential.get());
+        if (auto response = AuthenticatorResponse::tryCreate(WTFMove(data))) {
+            response->setClientDataJSON(WTFMove(clientDataJson));
+            promise.resolve(PublicKeyCredential::create(response.releaseNonNull()).ptr());
             return;
         }

trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinatorClient.h

@@ -39 +39 @@
 class SecurityOrigin;
 
+struct AuthenticatorResponseData;
 struct PublicKeyCredentialCreationOptions;
-struct PublicKeyCredentialData;
 struct PublicKeyCredentialRequestOptions;
 
-using RequestCompletionHandler = CompletionHandler<void(WebCore::PublicKeyCredentialData&&, WebCore::ExceptionData&&)>;
+using RequestCompletionHandler = CompletionHandler<void(WebCore::AuthenticatorResponseData&&, WebCore::ExceptionData&&)>;
 using QueryCompletionHandler = CompletionHandler<void(bool)>;
 

trunk/Source/WebCore/Modules/webauthn/AuthenticatorResponse.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -25 +25 @@
 
 #include "config.h"
-#include "PublicKeyCredential.h"
+#include "AuthenticatorResponse.h"
 
 #if ENABLE(WEB_AUTHN)
@@ -31 +31 @@
 #include "AuthenticatorAssertionResponse.h"
 #include "AuthenticatorAttestationResponse.h"
-#include "AuthenticatorCoordinator.h"
-#include "AuthenticatorResponse.h"
-#include "Document.h"
-#include "JSDOMPromiseDeferred.h"
-#include "Page.h"
-#include "PublicKeyCredentialData.h"
-#include "RuntimeEnabledFeatures.h"
-#include <wtf/text/Base64.h>
+#include "AuthenticatorResponseData.h"
 
 namespace WebCore {
 
-RefPtr<PublicKeyCredential> PublicKeyCredential::tryCreate(PublicKeyCredentialData&& data)
+RefPtr<AuthenticatorResponse> AuthenticatorResponse::tryCreate(AuthenticatorResponseData&& data)
 {
-    if (!data.rawId || !data.clientDataJSON)
+    if (!data.rawId)
         return nullptr;
 
@@ -51 +44 @@
             return nullptr;
 
-        return adoptRef(*new PublicKeyCredential(data.rawId.releaseNonNull(), AuthenticatorAttestationResponse::create(data.clientDataJSON.releaseNonNull(), data.attestationObject.releaseNonNull()), { data.appid }));
+        return AuthenticatorAttestationResponse::create(data.rawId.releaseNonNull(), data.attestationObject.releaseNonNull());
     }
 
@@ -57 +50 @@
         return nullptr;
 
-    return adoptRef(*new PublicKeyCredential(data.rawId.releaseNonNull(), AuthenticatorAssertionResponse::create(data.clientDataJSON.releaseNonNull(), data.authenticatorData.releaseNonNull(), data.signature.releaseNonNull(), WTFMove(data.userHandle)), { data.appid }));
+    return AuthenticatorAssertionResponse::create(data.rawId.releaseNonNull(), data.authenticatorData.releaseNonNull(), data.signature.releaseNonNull(), WTFMove(data.userHandle), AuthenticationExtensionsClientOutputs { data.appid });
 }
 
-PublicKeyCredential::PublicKeyCredential(Ref<ArrayBuffer>&& id, Ref<AuthenticatorResponse>&& response, AuthenticationExtensionsClientOutputs&& extensions)
-    : BasicCredential(WTF::base64URLEncode(id->data(), id->byteLength()), Type::PublicKey, Discovery::Remote)
-    , m_rawId(WTFMove(id))
-    , m_response(WTFMove(response))
-    , m_extensions(WTFMove(extensions))
+AuthenticatorResponseData AuthenticatorResponse::data() const
 {
+    AuthenticatorResponseData data;
+    data.rawId = m_rawId.copyRef();
+    data.appid = m_extensions.appid;
+    return data;
 }
 
-PublicKeyCredential::AuthenticationExtensionsClientOutputs PublicKeyCredential::getClientExtensionResults() const
+ArrayBuffer* AuthenticatorResponse::rawId() const
+{
+    return m_rawId.ptr();
+}
+
+void AuthenticatorResponse::setExtensions(AuthenticationExtensionsClientOutputs&& extensions)
+{
+    m_extensions = WTFMove(extensions);
+}
+
+AuthenticationExtensionsClientOutputs AuthenticatorResponse::extensions() const
 {
     return m_extensions;
 }
 
-void PublicKeyCredential::isUserVerifyingPlatformAuthenticatorAvailable(Document& document, DOMPromiseDeferred<IDLBoolean>&& promise)
+void AuthenticatorResponse::setClientDataJSON(Ref<ArrayBuffer>&& clientDataJSON)
 {
-    if (!RuntimeEnabledFeatures::sharedFeatures().webAuthenticationLocalAuthenticatorEnabled()) {
-        promise.resolve(false);
-        return;
-    }
-    document.page()->authenticatorCoordinator().isUserVerifyingPlatformAuthenticatorAvailable(WTFMove(promise));
+    m_clientDataJSON = WTFMove(clientDataJSON);
+}
+
+ArrayBuffer* AuthenticatorResponse::clientDataJSON() const
+{
+    return m_clientDataJSON.get();
+}
+
+AuthenticatorResponse::AuthenticatorResponse(Ref<ArrayBuffer>&& rawId)
+    : m_rawId(WTFMove(rawId))
+{
 }
 

trunk/Source/WebCore/Modules/webauthn/AuthenticatorResponse.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -28 +28 @@
 #if ENABLE(WEB_AUTHN)
 
-#include <JavaScriptCore/ArrayBuffer.h>
+#include "AuthenticationExtensionsClientOutputs.h"
+#include "IDLTypes.h"
 #include <wtf/RefCounted.h>
 #include <wtf/TypeCasts.h>
 
 namespace WebCore {
+
+struct AuthenticatorResponseData;
 
 class AuthenticatorResponse : public RefCounted<AuthenticatorResponse> {
@@ -41 +44 @@
     };
 
-    explicit AuthenticatorResponse(Ref<ArrayBuffer>&& clientDataJSON)
-        : m_clientDataJSON(WTFMove(clientDataJSON))
-    {
-    }
+    static RefPtr<AuthenticatorResponse> tryCreate(AuthenticatorResponseData&&);
     virtual ~AuthenticatorResponse() = default;
 
     virtual Type type() const = 0;
+    virtual AuthenticatorResponseData data() const;
 
-    ArrayBuffer* clientDataJSON() const { return m_clientDataJSON.ptr(); }
+    WEBCORE_EXPORT ArrayBuffer* rawId() const;
+    WEBCORE_EXPORT void setExtensions(AuthenticationExtensionsClientOutputs&&);
+    AuthenticationExtensionsClientOutputs extensions() const;
+    void setClientDataJSON(Ref<ArrayBuffer>&&);
+    ArrayBuffer* clientDataJSON() const;
+
+protected:
+    AuthenticatorResponse(Ref<ArrayBuffer>&&);
 
 private:
-    Ref<ArrayBuffer> m_clientDataJSON;
+    Ref<ArrayBuffer> m_rawId;
+    AuthenticationExtensionsClientOutputs m_extensions;
+    RefPtr<ArrayBuffer> m_clientDataJSON;
 };
 

trunk/Source/WebCore/Modules/webauthn/AuthenticatorResponseData.h

@@ -35 +35 @@
 class AuthenticatorResponse;
 
-struct PublicKeyCredentialData {
+struct AuthenticatorResponseData {
+    bool isAuthenticatorAttestationResponse;
+
+    // AuthenticatorResponse
     RefPtr<ArrayBuffer> rawId;
 
-    // AuthenticatorResponse
-    bool isAuthenticatorAttestationResponse;
-    RefPtr<ArrayBuffer> clientDataJSON;
+    // Extensions
+    Optional<bool> appid;
 
     // AuthenticatorAttestationResponse
@@ -50 +52 @@
     RefPtr<ArrayBuffer> userHandle;
 
-    // Extensions
-    Optional<bool> appid;
-
     template<class Encoder> void encode(Encoder&) const;
-    template<class Decoder> static Optional<PublicKeyCredentialData> decode(Decoder&);
+    template<class Decoder> static Optional<AuthenticatorResponseData> decode(Decoder&);
 };
 
-// Noted: clientDataJSON is never encoded or decoded as it is never sent across different processes.
 template<class Encoder>
-void PublicKeyCredentialData::encode(Encoder& encoder) const
+void AuthenticatorResponseData::encode(Encoder& encoder) const
 {
     if (!rawId) {
@@ -98 +96 @@
 
 template<class Decoder>
-Optional<PublicKeyCredentialData> PublicKeyCredentialData::decode(Decoder& decoder)
+Optional<AuthenticatorResponseData> AuthenticatorResponseData::decode(Decoder& decoder)
 {
-    PublicKeyCredentialData result;
+    AuthenticatorResponseData result;
 
     Optional<bool> isEmpty;

trunk/Source/WebCore/Modules/webauthn/PublicKeyCredential.cpp

@@ -29 +29 @@
 #if ENABLE(WEB_AUTHN)
 
-#include "AuthenticatorAssertionResponse.h"
-#include "AuthenticatorAttestationResponse.h"
 #include "AuthenticatorCoordinator.h"
 #include "AuthenticatorResponse.h"
@@ -36 +34 @@
 #include "JSDOMPromiseDeferred.h"
 #include "Page.h"
-#include "PublicKeyCredentialData.h"
 #include "RuntimeEnabledFeatures.h"
 #include <wtf/text/Base64.h>
@@ -42 +39 @@
 namespace WebCore {
 
-RefPtr<PublicKeyCredential> PublicKeyCredential::tryCreate(PublicKeyCredentialData&& data)
+Ref<PublicKeyCredential> PublicKeyCredential::create(Ref<AuthenticatorResponse>&& response)
 {
-    if (!data.rawId || !data.clientDataJSON)
-        return nullptr;
-
-    if (data.isAuthenticatorAttestationResponse) {
-        if (!data.attestationObject)
-            return nullptr;
-
-        return adoptRef(*new PublicKeyCredential(data.rawId.releaseNonNull(), AuthenticatorAttestationResponse::create(data.clientDataJSON.releaseNonNull(), data.attestationObject.releaseNonNull()), { data.appid }));
-    }
-
-    if (!data.authenticatorData || !data.signature)
-        return nullptr;
-
-    return adoptRef(*new PublicKeyCredential(data.rawId.releaseNonNull(), AuthenticatorAssertionResponse::create(data.clientDataJSON.releaseNonNull(), data.authenticatorData.releaseNonNull(), data.signature.releaseNonNull(), WTFMove(data.userHandle)), { data.appid }));
+    return adoptRef(*new PublicKeyCredential(WTFMove(response)));
 }
 
-PublicKeyCredential::PublicKeyCredential(Ref<ArrayBuffer>&& id, Ref<AuthenticatorResponse>&& response, AuthenticationExtensionsClientOutputs&& extensions)
-    : BasicCredential(WTF::base64URLEncode(id->data(), id->byteLength()), Type::PublicKey, Discovery::Remote)
-    , m_rawId(WTFMove(id))
-    , m_response(WTFMove(response))
-    , m_extensions(WTFMove(extensions))
+ArrayBuffer* PublicKeyCredential::rawId() const
 {
+    return m_response->rawId();
 }
 
-PublicKeyCredential::AuthenticationExtensionsClientOutputs PublicKeyCredential::getClientExtensionResults() const
+AuthenticationExtensionsClientOutputs PublicKeyCredential::getClientExtensionResults() const
 {
-    return m_extensions;
+    return m_response->extensions();
+}
+
+PublicKeyCredential::PublicKeyCredential(Ref<AuthenticatorResponse>&& response)
+    : BasicCredential(WTF::base64URLEncode(response->rawId()->data(), response->rawId()->byteLength()), Type::PublicKey, Discovery::Remote)
+    , m_response(WTFMove(response))
+{
 }
 

trunk/Source/WebCore/Modules/webauthn/PublicKeyCredential.h

@@ -29 +29 @@
 
 #include "BasicCredential.h"
-#include "ExceptionOr.h"
 #include "IDLTypes.h"
-#include <JavaScriptCore/ArrayBuffer.h>
 #include <wtf/Forward.h>
 
@@ -39 +37 @@
 class Document;
 
-struct PublicKeyCredentialData;
+struct AuthenticationExtensionsClientOutputs;
 
 template<typename IDLType> class DOMPromiseDeferred;
@@ -45 +43 @@
 class PublicKeyCredential final : public BasicCredential {
 public:
-    struct AuthenticationExtensionsClientOutputs {
-        Optional<bool> appid;
-    };
+    static Ref<PublicKeyCredential> create(Ref<AuthenticatorResponse>&&);
 
-    static RefPtr<PublicKeyCredential> tryCreate(PublicKeyCredentialData&&);
-
-    ArrayBuffer* rawId() const { return m_rawId.ptr(); }
+    ArrayBuffer* rawId() const;
     AuthenticatorResponse* response() const { return m_response.ptr(); }
     AuthenticationExtensionsClientOutputs getClientExtensionResults() const;
@@ -58 +52 @@
 
 private:
-    PublicKeyCredential(Ref<ArrayBuffer>&& id, Ref<AuthenticatorResponse>&&, AuthenticationExtensionsClientOutputs&&);
+    PublicKeyCredential(Ref<AuthenticatorResponse>&&);
 
     Type credentialType() const final { return Type::PublicKey; }
 
-    Ref<ArrayBuffer> m_rawId;
     Ref<AuthenticatorResponse> m_response;
-    AuthenticationExtensionsClientOutputs m_extensions;
 };
 

trunk/Source/WebCore/Modules/webauthn/PublicKeyCredential.idl

@@ -36 +36 @@
     [CallWith=Document] static Promise<boolean> isUserVerifyingPlatformAuthenticatorAvailable();
 };
-
-[
-    Conditional=WEB_AUTHN,
-    JSGenerateToJSObject,
-] dictionary AuthenticationExtensionsClientOutputs {
-    boolean appid;
-};

trunk/Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp

@@ -86 +86 @@
 // Decodes byte array response from authenticator to CBOR value object and
 // checks for correct encoding format.
-Optional<PublicKeyCredentialData> readCTAPMakeCredentialResponse(const Vector<uint8_t>& inBuffer, const WebCore::AttestationConveyancePreference& attestation)
+RefPtr<AuthenticatorAttestationResponse> readCTAPMakeCredentialResponse(const Vector<uint8_t>& inBuffer, const AttestationConveyancePreference& attestation)
 {
     if (inBuffer.size() <= kResponseCodeLength)
-        return WTF::nullopt;
+        return nullptr;
 
     Vector<uint8_t> buffer;
@@ -95 +95 @@
     Optional<CBOR> decodedResponse = cbor::CBORReader::read(buffer);
     if (!decodedResponse || !decodedResponse->isMap())
-        return WTF::nullopt;
+        return nullptr;
     const auto& decodedMap = decodedResponse->getMap();
 
     auto it = decodedMap.find(CBOR(1));
     if (it == decodedMap.end() || !it->second.isString())
-        return WTF::nullopt;
+        return nullptr;
     auto format = it->second.clone();
 
     it = decodedMap.find(CBOR(2));
     if (it == decodedMap.end() || !it->second.isByteString())
-        return WTF::nullopt;
+        return nullptr;
     auto authenticatorData = it->second.clone();
 
     auto credentialId = getCredentialId(authenticatorData.getByteString());
     if (credentialId.isEmpty())
-        return WTF::nullopt;
+        return nullptr;
 
     it = decodedMap.find(CBOR(3));
     if (it == decodedMap.end() || !it->second.isMap())
-        return WTF::nullopt;
+        return nullptr;
     auto attStmt = it->second.clone();
 
@@ -131 +131 @@
     }
 
-    return PublicKeyCredentialData { ArrayBuffer::create(credentialId.data(), credentialId.size()), true, nullptr, ArrayBuffer::create(attestationObject.value().data(), attestationObject.value().size()), nullptr, nullptr, nullptr, WTF::nullopt };
-}
-
-Optional<PublicKeyCredentialData> readCTAPGetAssertionResponse(const Vector<uint8_t>& inBuffer)
+    return AuthenticatorAttestationResponse::create(credentialId, *attestationObject);
+}
+
+RefPtr<AuthenticatorAssertionResponse> readCTAPGetAssertionResponse(const Vector<uint8_t>& inBuffer)
 {
     if (inBuffer.size() <= kResponseCodeLength)
-        return WTF::nullopt;
+        return nullptr;
 
     Vector<uint8_t> buffer;
@@ -144 +144 @@
 
     if (!decodedResponse || !decodedResponse->isMap())
-        return WTF::nullopt;
+        return nullptr;
 
     auto& responseMap = decodedResponse->getMap();
 
-    RefPtr<ArrayBuffer> credentialId;
     auto it = responseMap.find(CBOR(1));
-    if (it != responseMap.end() && it->second.isMap()) {
-        auto& credential = it->second.getMap();
-        auto itr = credential.find(CBOR(kCredentialIdKey));
-        if (itr == credential.end() || !itr->second.isByteString())
-            return WTF::nullopt;
-        auto& id = itr->second.getByteString();
-        credentialId = ArrayBuffer::create(id.data(), id.size());
-    }
+    if (it == responseMap.end() || !it->second.isMap())
+        return nullptr;
+    auto& credential = it->second.getMap();
+    auto itr = credential.find(CBOR(kCredentialIdKey));
+    if (itr == credential.end() || !itr->second.isByteString())
+        return nullptr;
+    auto& credentialId = itr->second.getByteString();
 
     it = responseMap.find(CBOR(2));
     if (it == responseMap.end() || !it->second.isByteString())
-        return WTF::nullopt;
+        return nullptr;
     auto& authData = it->second.getByteString();
 
     it = responseMap.find(CBOR(3));
     if (it == responseMap.end() || !it->second.isByteString())
-        return WTF::nullopt;
+        return nullptr;
     auto& signature = it->second.getByteString();
 
-    RefPtr<ArrayBuffer> userHandle;
     it = responseMap.find(CBOR(4));
     if (it != responseMap.end() && it->second.isMap()) {
@@ -175 +172 @@
         auto itr = user.find(CBOR(kEntityIdMapKey));
         if (itr == user.end() || !itr->second.isByteString())
-            return WTF::nullopt;
-        auto& id = itr->second.getByteString();
-        userHandle = ArrayBuffer::create(id.data(), id.size());
-    }
-
-    return PublicKeyCredentialData { WTFMove(credentialId), false, nullptr, nullptr, ArrayBuffer::create(authData.data(), authData.size()), ArrayBuffer::create(signature.data(), signature.size()), WTFMove(userHandle), WTF::nullopt };
+            return nullptr;
+        auto& userHandle = itr->second.getByteString();
+        return AuthenticatorAssertionResponse::create(credentialId, authData, signature, userHandle);
+    }
+
+    return AuthenticatorAssertionResponse::create(credentialId, authData, signature, { });
 }
 

trunk/Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.h

@@ -33 +33 @@
 
 #include "AttestationConveyancePreference.h"
+#include "AuthenticatorAssertionResponse.h"
+#include "AuthenticatorAttestationResponse.h"
 #include "AuthenticatorGetInfoResponse.h"
 #include "FidoConstants.h"
-#include "PublicKeyCredentialData.h"
 
 // Converts response from authenticators to CTAPResponse objects. If the
@@ -50 +51 @@
 // CBOR map keys that conform to format of attestation object defined by the
 // WebAuthN spec : https://w3c.github.io/webauthn/#fig-attStructs
-WEBCORE_EXPORT Optional<WebCore::PublicKeyCredentialData> readCTAPMakeCredentialResponse(const Vector<uint8_t>&, const WebCore::AttestationConveyancePreference& attestation = WebCore::AttestationConveyancePreference::Direct);
+WEBCORE_EXPORT RefPtr<WebCore::AuthenticatorAttestationResponse> readCTAPMakeCredentialResponse(const Vector<uint8_t>&, const WebCore::AttestationConveyancePreference& attestation = WebCore::AttestationConveyancePreference::Direct);
 
 // De-serializes CBOR encoded response to AuthenticatorGetAssertion /
 // AuthenticatorGetNextAssertion request to AuthenticatorGetAssertionResponse
 // object.
-// FIXME(190783): Probably need to remake AuthenticatorResponse to include more fields like numberOfCredentials,
-// and use it here instead of PublicKeyCredentialData.
-WEBCORE_EXPORT Optional<WebCore::PublicKeyCredentialData> readCTAPGetAssertionResponse(const Vector<uint8_t>&);
+WEBCORE_EXPORT RefPtr<WebCore::AuthenticatorAssertionResponse> readCTAPGetAssertionResponse(const Vector<uint8_t>&);
 
 // De-serializes CBOR encoded response to AuthenticatorGetInfo request to

trunk/Source/WebCore/Modules/webauthn/fido/U2fResponseConverter.cpp

@@ -148 +148 @@
 } // namespace
 
-Optional<PublicKeyCredentialData> readU2fRegisterResponse(const String& rpId, const Vector<uint8_t>& u2fData, const AttestationConveyancePreference& attestation)
+RefPtr<AuthenticatorAttestationResponse> readU2fRegisterResponse(const String& rpId, const Vector<uint8_t>& u2fData, const AttestationConveyancePreference& attestation)
 {
     auto publicKey = extractECPublicKeyFromU2fRegistrationResponse(u2fData);
     if (publicKey.isEmpty())
-        return WTF::nullopt;
+        return nullptr;
 
     auto attestedCredentialData = createAttestedCredentialDataFromU2fRegisterResponse(u2fData, publicKey);
     if (attestedCredentialData.isEmpty())
-        return WTF::nullopt;
+        return nullptr;
 
     // Extract the credentialId for packing into the response data.
@@ -167 +167 @@
     auto fidoAttestationStatement = createFidoAttestationStatementFromU2fRegisterResponse(u2fData, kU2fKeyHandleOffset + credentialId.size());
     if (fidoAttestationStatement.empty())
-        return WTF::nullopt;
+        return nullptr;
 
     auto attestationObject = buildAttestationObject(WTFMove(authData), "fido-u2f", WTFMove(fidoAttestationStatement), attestation);
 
-    return PublicKeyCredentialData { ArrayBuffer::create(credentialId.data(), credentialId.size()), true, nullptr, ArrayBuffer::create(attestationObject.data(), attestationObject.size()), nullptr, nullptr, nullptr, WTF::nullopt };
+    return AuthenticatorAttestationResponse::create(credentialId, attestationObject);
 }
 
-Optional<PublicKeyCredentialData> readU2fSignResponse(const String& rpId, const Vector<uint8_t>& keyHandle, const Vector<uint8_t>& u2fData)
+RefPtr<AuthenticatorAssertionResponse> readU2fSignResponse(const String& rpId, const Vector<uint8_t>& keyHandle, const Vector<uint8_t>& u2fData)
 {
     if (keyHandle.isEmpty() || u2fData.size() <= signatureIndex)
-        return WTF::nullopt;
+        return nullptr;
 
     // 1 byte flags, 4 bytes counter
@@ -187 +187 @@
     auto authData = buildAuthData(rpId, flags, counter, { });
 
-    return PublicKeyCredentialData { ArrayBuffer::create(keyHandle.data(), keyHandle.size()), false, nullptr, nullptr, ArrayBuffer::create(authData.data(), authData.size()), ArrayBuffer::create(u2fData.data() + signatureIndex, u2fData.size() - signatureIndex), nullptr, WTF::nullopt };
+    // FIXME: Find a way to remove the need of constructing a vector here.
+    Vector<uint8_t> signature;
+    signature.append(u2fData.data() + signatureIndex, u2fData.size() - signatureIndex);
+
+    return AuthenticatorAssertionResponse::create(keyHandle, authData, signature, { });
 }
 

trunk/Source/WebCore/Modules/webauthn/fido/U2fResponseConverter.h

@@ -33 +33 @@
 
 #include "AttestationConveyancePreference.h"
-#include "PublicKeyCredentialData.h"
+#include "AuthenticatorAssertionResponse.h"
+#include "AuthenticatorAttestationResponse.h"
 #include <wtf/Forward.h>
 
@@ -40 +41 @@
 // Converts a U2F register response to WebAuthN makeCredential response.
 // https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#u2f-authenticatorMakeCredential-interoperability
-WEBCORE_EXPORT Optional<WebCore::PublicKeyCredentialData> readU2fRegisterResponse(const String& rpId, const Vector<uint8_t>& u2fData, const WebCore::AttestationConveyancePreference& attestation = WebCore::AttestationConveyancePreference::Direct);
+WEBCORE_EXPORT RefPtr<WebCore::AuthenticatorAttestationResponse> readU2fRegisterResponse(const String& rpId, const Vector<uint8_t>& u2fData, const WebCore::AttestationConveyancePreference& attestation = WebCore::AttestationConveyancePreference::Direct);
 
 // Converts a U2F authentication response to WebAuthN getAssertion response.
 // https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#u2f-authenticatorGetAssertion-interoperability
-WEBCORE_EXPORT Optional<WebCore::PublicKeyCredentialData> readU2fSignResponse(const String& rpId, const Vector<uint8_t>& keyHandle, const Vector<uint8_t>& u2fData);
+WEBCORE_EXPORT RefPtr<WebCore::AuthenticatorAssertionResponse> readU2fSignResponse(const String& rpId, const Vector<uint8_t>& keyHandle, const Vector<uint8_t>& u2fData);
 
 } // namespace fido

trunk/Source/WebCore/Sources.txt

@@ -269 +269 @@
 
 Modules/webauthn/AuthenticatorCoordinator.cpp
+Modules/webauthn/AuthenticatorAssertionResponse.cpp
+Modules/webauthn/AuthenticatorAttestationResponse.cpp
+Modules/webauthn/AuthenticatorResponse.cpp
 Modules/webauthn/PublicKeyCredential.cpp
 Modules/webauthn/WebAuthenticationUtils.cpp
@@ -2654 +2657 @@
 JSAttestationConveyancePreference.cpp
 JSAuthenticationExtensionsClientInputs.cpp
+JSAuthenticationExtensionsClientOutputs.cpp
 JSAuthenticatorAssertionResponse.cpp
 JSAuthenticatorAttestationResponse.cpp

trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj

@@ -1774 +1774 @@
                 57303BBB2006C6EE00355965 /* CBORBinary.h in Headers */ = {isa = PBXBuildFile; fileRef = 57303BB62006C6ED00355965 /* CBORBinary.h */; };
                 57303BC12006E00C00355965 /* CBORReader.h in Headers */ = {isa = PBXBuildFile; fileRef = 57303BBF2006E00C00355965 /* CBORReader.h */; settings = {ATTRIBUTES = (Private, ); }; };
-                57303BD220087A8300355965 /* AuthenticatorResponse.h in Headers */ = {isa = PBXBuildFile; fileRef = 57303BCF20087A8300355965 /* AuthenticatorResponse.h */; };
+                57303BD220087A8300355965 /* AuthenticatorResponse.h in Headers */ = {isa = PBXBuildFile; fileRef = 57303BCF20087A8300355965 /* AuthenticatorResponse.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 57303BE120095D6100355965 /* JSAuthenticatorResponse.h in Headers */ = {isa = PBXBuildFile; fileRef = 57303BDD20095B2600355965 /* JSAuthenticatorResponse.h */; };
                 57303BE92009748D00355965 /* PublicKeyCredentialCreationOptions.h in Headers */ = {isa = PBXBuildFile; fileRef = 57303BE62009747A00355965 /* PublicKeyCredentialCreationOptions.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -1784 +1784 @@
                 57303C1120099CB100355965 /* JSPublicKeyCredentialRequestOptions.h in Headers */ = {isa = PBXBuildFile; fileRef = 57303C0C20099C7500355965 /* JSPublicKeyCredentialRequestOptions.h */; };
                 57303C192009A2F300355965 /* JSPublicKeyCredentialCreationOptions.h in Headers */ = {isa = PBXBuildFile; fileRef = 57303C132009A25700355965 /* JSPublicKeyCredentialCreationOptions.h */; };
-                57303C1F2009AB4200355965 /* AuthenticatorAttestationResponse.h in Headers */ = {isa = PBXBuildFile; fileRef = 57303C1B2009A98600355965 /* AuthenticatorAttestationResponse.h */; };
+                57303C1F2009AB4200355965 /* AuthenticatorAttestationResponse.h in Headers */ = {isa = PBXBuildFile; fileRef = 57303C1B2009A98600355965 /* AuthenticatorAttestationResponse.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 57303C222009AF0300355965 /* JSAuthenticatorAttestationResponse.h in Headers */ = {isa = PBXBuildFile; fileRef = 57303C212009AEF600355965 /* JSAuthenticatorAttestationResponse.h */; };
-                57303C2C2009B4A800355965 /* AuthenticatorAssertionResponse.h in Headers */ = {isa = PBXBuildFile; fileRef = 57303C272009B2FC00355965 /* AuthenticatorAssertionResponse.h */; };
+                57303C2C2009B4A800355965 /* AuthenticatorAssertionResponse.h in Headers */ = {isa = PBXBuildFile; fileRef = 57303C272009B2FC00355965 /* AuthenticatorAssertionResponse.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 57303C2F2009B7E100355965 /* JSAuthenticatorAssertionResponse.h in Headers */ = {isa = PBXBuildFile; fileRef = 57303C2D2009B7D900355965 /* JSAuthenticatorAssertionResponse.h */; };
                 57303C4620105D2F00355965 /* AuthenticatorCoordinator.h in Headers */ = {isa = PBXBuildFile; fileRef = 57303C4320105B3D00355965 /* AuthenticatorCoordinator.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -1799 +1799 @@
                 5750A9871E6A216800705C4A /* CryptoAlgorithmECDH.h in Headers */ = {isa = PBXBuildFile; fileRef = 5750A9851E6A216800705C4A /* CryptoAlgorithmECDH.h */; };
                 5754719F1ECE628300DD63B2 /* JSRsaPssParams.h in Headers */ = {isa = PBXBuildFile; fileRef = 575471991ECE5D2A00DD63B2 /* JSRsaPssParams.h */; };
+                57585961239F124D00C74572 /* JSAuthenticationExtensionsClientOutputs.h in Headers */ = {isa = PBXBuildFile; fileRef = 5758595E239F117300C74572 /* JSAuthenticationExtensionsClientOutputs.h */; };
+                5758596C239F321C00C74572 /* AuthenticationExtensionsClientOutputs.h in Headers */ = {isa = PBXBuildFile; fileRef = 57585965239F14CC00C74572 /* AuthenticationExtensionsClientOutputs.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 5760827220215A5500116678 /* AuthenticatorCoordinatorClient.h in Headers */ = {isa = PBXBuildFile; fileRef = 576082702021513F00116678 /* AuthenticatorCoordinatorClient.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 5768142A1E6F99C100E77754 /* CryptoAlgorithmEcdhKeyDeriveParams.h in Headers */ = {isa = PBXBuildFile; fileRef = 576814291E6F99C100E77754 /* CryptoAlgorithmEcdhKeyDeriveParams.h */; };
@@ -1826 +1828 @@
                 57D846351FEAFCD300CA3682 /* JSPublicKeyCredential.h in Headers */ = {isa = PBXBuildFile; fileRef = 57D846301FEAFC2F00CA3682 /* JSPublicKeyCredential.h */; };
                 57DA47B0224034E4002A4612 /* AuthenticationExtensionsClientInputs.h in Headers */ = {isa = PBXBuildFile; fileRef = 57DA47A522401E0F002A4612 /* AuthenticationExtensionsClientInputs.h */; settings = {ATTRIBUTES = (Private, ); }; };
-                57DCED74214305F00016B847 /* PublicKeyCredentialData.h in Headers */ = {isa = PBXBuildFile; fileRef = 57DCED72214305F00016B847 /* PublicKeyCredentialData.h */; settings = {ATTRIBUTES = (Private, ); }; };
+                57DCED74214305F00016B847 /* AuthenticatorResponseData.h in Headers */ = {isa = PBXBuildFile; fileRef = 57DCED72214305F00016B847 /* AuthenticatorResponseData.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 57DCED9021487FF70016B847 /* AuthenticatorTransport.h in Headers */ = {isa = PBXBuildFile; fileRef = 57DCED8C21487EDB0016B847 /* AuthenticatorTransport.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 57DCED98214882160016B847 /* JSAuthenticatorTransport.h in Headers */ = {isa = PBXBuildFile; fileRef = 57DCED92214880C60016B847 /* JSAuthenticatorTransport.h */; };
@@ -8783 +8785 @@
                 575471991ECE5D2A00DD63B2 /* JSRsaPssParams.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSRsaPssParams.h; sourceTree = "<group>"; };
                 5754719A1ECE5D2A00DD63B2 /* JSRsaPssParams.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSRsaPssParams.cpp; sourceTree = "<group>"; };
+                5758595C239F113000C74572 /* JSAuthenticationExtensionsClientOutputs.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = JSAuthenticationExtensionsClientOutputs.cpp; sourceTree = "<group>"; };
+                5758595E239F117300C74572 /* JSAuthenticationExtensionsClientOutputs.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = JSAuthenticationExtensionsClientOutputs.h; sourceTree = "<group>"; };
+                57585965239F14CC00C74572 /* AuthenticationExtensionsClientOutputs.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AuthenticationExtensionsClientOutputs.h; sourceTree = "<group>"; };
+                57585967239F14CD00C74572 /* AuthenticationExtensionsClientOutputs.idl */ = {isa = PBXFileReference; lastKnownFileType = text; path = AuthenticationExtensionsClientOutputs.idl; sourceTree = "<group>"; };
+                57585969239F1EC700C74572 /* AuthenticatorResponse.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = AuthenticatorResponse.cpp; sourceTree = "<group>"; };
+                5758596B239F284B00C74572 /* AuthenticatorAttestationResponse.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = AuthenticatorAttestationResponse.cpp; sourceTree = "<group>"; };
+                5758596E239F397900C74572 /* AuthenticatorAssertionResponse.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = AuthenticatorAssertionResponse.cpp; sourceTree = "<group>"; };
                 5760824F20118D8D00116678 /* JSBasicCredentialCustom.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = JSBasicCredentialCustom.cpp; sourceTree = "<group>"; };
                 576082562011BE0200116678 /* JSAuthenticatorResponseCustom.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = JSAuthenticatorResponseCustom.cpp; sourceTree = "<group>"; };
@@ -8853 +8862 @@
                 57DA47AC224032DC002A4612 /* JSAuthenticationExtensionsClientInputs.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = JSAuthenticationExtensionsClientInputs.cpp; sourceTree = "<group>"; };
                 57DA47AD224032DD002A4612 /* JSAuthenticationExtensionsClientInputs.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = JSAuthenticationExtensionsClientInputs.h; sourceTree = "<group>"; };
-                57DCED72214305F00016B847 /* PublicKeyCredentialData.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = PublicKeyCredentialData.h; sourceTree = "<group>"; };
+                57DCED72214305F00016B847 /* AuthenticatorResponseData.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AuthenticatorResponseData.h; sourceTree = "<group>"; };
                 57DCED8C21487EDB0016B847 /* AuthenticatorTransport.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AuthenticatorTransport.h; sourceTree = "<group>"; };
                 57DCED8E21487EDB0016B847 /* AuthenticatorTransport.idl */ = {isa = PBXFileReference; lastKnownFileType = text; path = AuthenticatorTransport.idl; sourceTree = "<group>"; };
@@ -20029 +20038 @@
                                 57DA47A522401E0F002A4612 /* AuthenticationExtensionsClientInputs.h */,
                                 57DA47A722401E0F002A4612 /* AuthenticationExtensionsClientInputs.idl */,
+                                57585965239F14CC00C74572 /* AuthenticationExtensionsClientOutputs.h */,
+                                57585967239F14CD00C74572 /* AuthenticationExtensionsClientOutputs.idl */,
+                                5758596E239F397900C74572 /* AuthenticatorAssertionResponse.cpp */,
                                 57303C272009B2FC00355965 /* AuthenticatorAssertionResponse.h */,
                                 57303C292009B2FC00355965 /* AuthenticatorAssertionResponse.idl */,
+                                5758596B239F284B00C74572 /* AuthenticatorAttestationResponse.cpp */,
                                 57303C1B2009A98600355965 /* AuthenticatorAttestationResponse.h */,
                                 57303C1D2009A98600355965 /* AuthenticatorAttestationResponse.idl */,
@@ -20036 +20049 @@
                                 57303C4320105B3D00355965 /* AuthenticatorCoordinator.h */,
                                 576082702021513F00116678 /* AuthenticatorCoordinatorClient.h */,
+                                57585969239F1EC700C74572 /* AuthenticatorResponse.cpp */,
                                 57303BCF20087A8300355965 /* AuthenticatorResponse.h */,
                                 57303BD120087A8300355965 /* AuthenticatorResponse.idl */,
+                                57DCED72214305F00016B847 /* AuthenticatorResponseData.h */,
                                 57DCED8C21487EDB0016B847 /* AuthenticatorTransport.h */,
                                 57DCED8E21487EDB0016B847 /* AuthenticatorTransport.idl */,
@@ -20045 +20060 @@
                                 57303BE62009747A00355965 /* PublicKeyCredentialCreationOptions.h */,
                                 57303BE82009747A00355965 /* PublicKeyCredentialCreationOptions.idl */,
-                                57DCED72214305F00016B847 /* PublicKeyCredentialData.h */,
                                 57303BEC200980BF00355965 /* PublicKeyCredentialDescriptor.h */,
                                 57303BEE200980BF00355965 /* PublicKeyCredentialDescriptor.idl */,
@@ -20068 +20082 @@
                                 57DA47AC224032DC002A4612 /* JSAuthenticationExtensionsClientInputs.cpp */,
                                 57DA47AD224032DD002A4612 /* JSAuthenticationExtensionsClientInputs.h */,
+                                5758595C239F113000C74572 /* JSAuthenticationExtensionsClientOutputs.cpp */,
+                                5758595E239F117300C74572 /* JSAuthenticationExtensionsClientOutputs.h */,
                                 57303C2E2009B7DA00355965 /* JSAuthenticatorAssertionResponse.cpp */,
                                 57303C2D2009B7D900355965 /* JSAuthenticatorAssertionResponse.h */,
@@ -29043 +29059 @@
                                 E124748410AA161D00B79493 /* AuthenticationClient.h in Headers */,
                                 57DA47B0224034E4002A4612 /* AuthenticationExtensionsClientInputs.h in Headers */,
+                                5758596C239F321C00C74572 /* AuthenticationExtensionsClientOutputs.h in Headers */,
                                 514C764C0CE9234E007EF3CD /* AuthenticationMac.h in Headers */,
                                 57303C2C2009B4A800355965 /* AuthenticatorAssertionResponse.h in Headers */,
@@ -29050 +29067 @@
                                 572B40422178114A000AD43E /* AuthenticatorGetInfoResponse.h in Headers */,
                                 57303BD220087A8300355965 /* AuthenticatorResponse.h in Headers */,
+                                57DCED74214305F00016B847 /* AuthenticatorResponseData.h in Headers */,
                                 572B404021780171000AD43E /* AuthenticatorSupportedOptions.h in Headers */,
                                 57DCED9021487FF70016B847 /* AuthenticatorTransport.h in Headers */,
@@ -30401 +30419 @@
                                 BE8EF045171C8FF9009B48C3 /* JSAudioTrackList.h in Headers */,
                                 57D1352A2294AA3900827401 /* JSAuthenticationExtensionsClientInputs.h in Headers */,
+                                57585961239F124D00C74572 /* JSAuthenticationExtensionsClientOutputs.h in Headers */,
                                 57303C2F2009B7E100355965 /* JSAuthenticatorAssertionResponse.h in Headers */,
                                 57303C222009AF0300355965 /* JSAuthenticatorAttestationResponse.h in Headers */,
@@ -31776 +31795 @@
                                 57D8462E1FEAF69900CA3682 /* PublicKeyCredential.h in Headers */,
                                 57303BE92009748D00355965 /* PublicKeyCredentialCreationOptions.h in Headers */,
-                                57DCED74214305F00016B847 /* PublicKeyCredentialData.h in Headers */,
                                 57303BEF200980C600355965 /* PublicKeyCredentialDescriptor.h in Headers */,
                                 57303C0A20099BAD00355965 /* PublicKeyCredentialRequestOptions.h in Headers */,

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2019-12-11  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebAuthn] Combine AuthenticatorResponse and PublicKeyCredentialData
+        https://bugs.webkit.org/show_bug.cgi?id=190783
+        <rdar://problem/57781183>
+
+        Reviewed by Brent Fulgham.
+
+        Code in WebKit are changed to use AuthenticatorResponse and its subtypes.
+
+        * UIProcess/WebAuthentication/Authenticator.h:
+        * UIProcess/WebAuthentication/AuthenticatorManager.cpp:
+        (WebKit::AuthenticatorManager::respondReceived):
+        (WebKit::AuthenticatorManager::invokePendingCompletionHandler):
+        * UIProcess/WebAuthentication/AuthenticatorManager.h:
+        * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:
+        (WebKit::LocalAuthenticator::continueMakeCredentialAfterAttested):
+        (WebKit::LocalAuthenticator::continueGetAssertionAfterUserConsented):
+        * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp:
+        (WebKit::WebAuthenticatorCoordinatorProxy::handleRequest):
+        * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h:
+        * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.messages.in:
+        * UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
+        (WebKit::CtapAuthenticator::continueMakeCredentialAfterResponseReceived const):
+        (WebKit::CtapAuthenticator::continueGetAssertionAfterResponseReceived):
+        * UIProcess/WebAuthentication/fido/U2fAuthenticator.cpp:
+        (WebKit::U2fAuthenticator::continueRegisterCommandAfterResponseReceived):
+        (WebKit::U2fAuthenticator::continueSignCommandAfterResponseReceived):
+        * WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp:
+
 2019-12-11  Truitt Savell  <tsavell@apple.com>
 

trunk/Source/WebKit/UIProcess/WebAuthentication/Authenticator.h

@@ -30 +30 @@
 #include "WebAuthenticationFlags.h"
 #include "WebAuthenticationRequestData.h"
+#include <WebCore/AuthenticatorResponse.h>
 #include <WebCore/ExceptionData.h>
-#include <WebCore/PublicKeyCredentialData.h>
 #include <wtf/Forward.h>
 #include <wtf/RefCounted.h>
@@ -40 +40 @@
 class Authenticator : public RefCounted<Authenticator>, public CanMakeWeakPtr<Authenticator> {
 public:
-    using Respond = Variant<WebCore::PublicKeyCredentialData, WebCore::ExceptionData>;
+    using Respond = Variant<Ref<WebCore::AuthenticatorResponse>, WebCore::ExceptionData>;
 
     class Observer : public CanMakeWeakPtr<Observer> {

trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp

@@ -244 +244 @@
     ASSERT(m_pendingCompletionHandler);
 
-    auto shouldComplete = WTF::holds_alternative<PublicKeyCredentialData>(respond);
+    auto shouldComplete = WTF::holds_alternative<Ref<AuthenticatorResponse>>(respond);
     if (!shouldComplete)
         shouldComplete = WTF::get<ExceptionData>(respond).code == InvalidStateError;
@@ -350 +350 @@
 {
     if (auto *panel = m_pendingRequestData.panel.get()) {
-        WTF::switchOn(respond, [&](const PublicKeyCredentialData&) {
+        WTF::switchOn(respond, [&](const Ref<AuthenticatorResponse>&) {
             panel->client().dismissPanel(WebAuthenticationResult::Succeeded);
         }, [&](const ExceptionData&) {

trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.h

@@ -31 +31 @@
 #include "AuthenticatorTransportService.h"
 #include "WebAuthenticationRequestData.h"
+#include <WebCore/AuthenticatorResponse.h>
 #include <WebCore/ExceptionData.h>
-#include <WebCore/PublicKeyCredentialData.h>
 #include <wtf/CompletionHandler.h>
 #include <wtf/HashSet.h>
@@ -49 +49 @@
     WTF_MAKE_NONCOPYABLE(AuthenticatorManager);
 public:
-    using Respond = Variant<WebCore::PublicKeyCredentialData, WebCore::ExceptionData>;
+    using Respond = Variant<Ref<WebCore::AuthenticatorResponse>, WebCore::ExceptionData>;
     using Callback = CompletionHandler<void(Respond&&)>;
     using TransportSet = HashSet<WebCore::AuthenticatorTransport, WTF::IntHash<WebCore::AuthenticatorTransport>, WTF::StrongEnumHashTraits<WebCore::AuthenticatorTransport>>;

trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm

@@ -30 +30 @@
 
 #import <Security/SecItem.h>
+#import <WebCore/AuthenticatorAssertionResponse.h>
+#import <WebCore/AuthenticatorAttestationResponse.h>
 #import <WebCore/CBORWriter.h>
 #import <WebCore/ExceptionData.h>
 #import <WebCore/PublicKeyCredentialCreationOptions.h>
-#import <WebCore/PublicKeyCredentialData.h>
 #import <WebCore/PublicKeyCredentialRequestOptions.h>
 #import <WebCore/WebAuthenticationConstants.h>
@@ -341 +342 @@
     auto attestationObject = buildAttestationObject(WTFMove(authData), "Apple", WTFMove(attestationStatementMap), creationOptions.attestation);
 
-    receiveRespond(PublicKeyCredentialData { ArrayBuffer::create(credentialId.data(), credentialId.size()), true, nullptr, ArrayBuffer::create(attestationObject.data(), attestationObject.size()), nullptr, nullptr, nullptr, WTF::nullopt });
+    receiveRespond(AuthenticatorAttestationResponse::create(credentialId, attestationObject));
 }
 
@@ -482 +483 @@
 
     // Step 13.
-    receiveRespond(PublicKeyCredentialData { ArrayBuffer::create(credentialId.data(), credentialId.size()), false, nullptr, nullptr, ArrayBuffer::create(authData.data(), authData.size()), ArrayBuffer::create(signature.data(), signature.size()), ArrayBuffer::create(userhandle.data(), userhandle.size()), WTF::nullopt });
+    receiveRespond(AuthenticatorAssertionResponse::create(credentialId, authData, signature, userhandle));
 }
 

trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp

@@ -36 +36 @@
 #include "WebProcessProxy.h"
 #include "WebsiteDataStore.h"
+#include <WebCore/AuthenticatorResponseData.h>
 #include <WebCore/ExceptionData.h>
-#include <WebCore/PublicKeyCredentialData.h>
 #include <WebCore/SecurityOriginData.h>
 #include <wtf/MainThread.h>
@@ -68 +68 @@
 void WebAuthenticatorCoordinatorProxy::handleRequest(WebAuthenticationRequestData&& data, RequestCompletionHandler&& handler)
 {
-    auto callback = [handler = WTFMove(handler)] (Variant<PublicKeyCredentialData, ExceptionData>&& result) mutable {
+    auto callback = [handler = WTFMove(handler)] (Variant<Ref<AuthenticatorResponse>, ExceptionData>&& result) mutable {
         ASSERT(RunLoop::isMain());
-        WTF::switchOn(result, [&](const PublicKeyCredentialData& data) {
-            handler(data, { });
+        WTF::switchOn(result, [&](const Ref<AuthenticatorResponse>& response) {
+            handler(response->data(), { });
         }, [&](const ExceptionData& exception) {
             handler({ }, exception);

trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h

@@ -36 +36 @@
 struct ExceptionData;
 struct PublicKeyCredentialCreationOptions;
-struct PublicKeyCredentialData;
+struct AuthenticatorResponseData;
 struct PublicKeyCredentialRequestOptions;
 struct SecurityOriginData;
@@ -55 +55 @@
 
 private:
-    using RequestCompletionHandler = CompletionHandler<void(const WebCore::PublicKeyCredentialData&, const WebCore::ExceptionData&)>;
+    using RequestCompletionHandler = CompletionHandler<void(const WebCore::AuthenticatorResponseData&, const WebCore::ExceptionData&)>;
     using QueryCompletionHandler = CompletionHandler<void(bool)>;
 

trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.messages.in

@@ -27 +27 @@
 messages -> WebAuthenticatorCoordinatorProxy NotRefCounted {
 
-    MakeCredential(WebCore::FrameIdentifier frameID, struct WebCore::SecurityOriginData origin, Vector<uint8_t> hash, struct WebCore::PublicKeyCredentialCreationOptions options) -> (struct WebCore::PublicKeyCredentialData data, struct WebCore::ExceptionData exception) Async
-    GetAssertion(WebCore::FrameIdentifier frameID, struct WebCore::SecurityOriginData origin, Vector<uint8_t> hash, struct WebCore::PublicKeyCredentialRequestOptions options) -> (struct WebCore::PublicKeyCredentialData data, struct WebCore::ExceptionData exception) Async
+    MakeCredential(WebCore::FrameIdentifier frameID, struct WebCore::SecurityOriginData origin, Vector<uint8_t> hash, struct WebCore::PublicKeyCredentialCreationOptions options) -> (struct WebCore::AuthenticatorResponseData data, struct WebCore::ExceptionData exception) Async
+    GetAssertion(WebCore::FrameIdentifier frameID, struct WebCore::SecurityOriginData origin, Vector<uint8_t> hash, struct WebCore::PublicKeyCredentialRequestOptions options) -> (struct WebCore::AuthenticatorResponseData data, struct WebCore::ExceptionData exception) Async
     IsUserVerifyingPlatformAuthenticatorAvailable() -> (bool result) Async
 }

trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp

@@ -74 +74 @@
         return;
     }
-    receiveRespond(WTFMove(*response));
+    receiveRespond(response.releaseNonNull());
 }
 
@@ -101 +101 @@
         return;
     }
-    receiveRespond(WTFMove(*response));
+    receiveRespond(response.releaseNonNull());
 }
 

trunk/Source/WebKit/UIProcess/WebAuthentication/fido/U2fAuthenticator.cpp

@@ -162 +162 @@
             return;
         }
-        receiveRespond(WTFMove(*response));
+        receiveRespond(response.releaseNonNull());
         return;
     }
@@ -206 +206 @@
     switch (apduResponse.status()) {
     case ApduResponse::Status::SW_NO_ERROR: {
-        Optional<PublicKeyCredentialData> response;
+        RefPtr<AuthenticatorAssertionResponse> response;
         if (m_isAppId) {
             ASSERT(requestOptions.extensions && !requestOptions.extensions->appid.isNull());
@@ -217 +217 @@
         }
         if (m_isAppId)
-            response->appid = m_isAppId;
-
-        receiveRespond(WTFMove(*response));
+            response->setExtensions({ m_isAppId });
+
+        receiveRespond(response.releaseNonNull());
         return;
     }

trunk/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp

@@ -32 +32 @@
 #include "WebFrame.h"
 #include "WebPage.h"
+#include <WebCore/AuthenticatorResponseData.h>
 #include <WebCore/PublicKeyCredentialCreationOptions.h>
-#include <WebCore/PublicKeyCredentialData.h>
 #include <WebCore/PublicKeyCredentialRequestOptions.h>
 #include <WebCore/SecurityOrigin.h>

trunk/Tools/ChangeLog

@@ +1 @@
+2019-12-11  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebAuthn] Combine AuthenticatorResponse and PublicKeyCredentialData
+        https://bugs.webkit.org/show_bug.cgi?id=190783
+        <rdar://problem/57781183>
+
+        Reviewed by Brent Fulgham.
+
+        * TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp:
+        (TestWebKitAPI::TEST):
+        Updates tests accordingly.
+
 2019-12-11  Truitt Savell  <tsavell@apple.com>
 

trunk/Tools/TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp

@@ -356 +356 @@
     auto makeCredentialResponse = readCTAPMakeCredentialResponse(convertBytesToVector(TestData::kTestMakeCredentialResponse, sizeof(TestData::kTestMakeCredentialResponse)));
     ASSERT_TRUE(makeCredentialResponse);
-    auto cborAttestationObject = cbor::CBORReader::read(convertBytesToVector(reinterpret_cast<uint8_t*>(makeCredentialResponse->attestationObject->data()), makeCredentialResponse->attestationObject->byteLength()));
+    auto cborAttestationObject = cbor::CBORReader::read(convertBytesToVector(reinterpret_cast<uint8_t*>(makeCredentialResponse->attestationObject()->data()), makeCredentialResponse->attestationObject()->byteLength()));
     ASSERT_TRUE(cborAttestationObject);
     ASSERT_TRUE(cborAttestationObject->isMap());
@@ -394 +394 @@
     ASSERT_TRUE(certificate.getArray()[0].isByteString());
     EXPECT_EQ(certificate.getArray()[0].getByteString(), convertBytesToVector(TestData::kCtap2MakeCredentialCertificate, sizeof(TestData::kCtap2MakeCredentialCertificate)));
-    EXPECT_EQ(makeCredentialResponse->rawId->byteLength(), sizeof(TestData::kCtap2MakeCredentialCredentialId));
-    EXPECT_EQ(memcmp(makeCredentialResponse->rawId->data(), TestData::kCtap2MakeCredentialCredentialId, sizeof(TestData::kCtap2MakeCredentialCredentialId)), 0);
+    EXPECT_EQ(makeCredentialResponse->rawId()->byteLength(), sizeof(TestData::kCtap2MakeCredentialCredentialId));
+    EXPECT_EQ(memcmp(makeCredentialResponse->rawId()->data(), TestData::kCtap2MakeCredentialCredentialId, sizeof(TestData::kCtap2MakeCredentialCredentialId)), 0);
 }
 
@@ -405 +405 @@
     ASSERT_TRUE(getAssertionResponse);
 
-    EXPECT_EQ(getAssertionResponse->authenticatorData->byteLength(), sizeof(TestData::kCtap2GetAssertionAuthData));
-    EXPECT_EQ(memcmp(getAssertionResponse->authenticatorData->data(), TestData::kCtap2GetAssertionAuthData, sizeof(TestData::kCtap2GetAssertionAuthData)), 0);
-    EXPECT_EQ(getAssertionResponse->signature->byteLength(), sizeof(TestData::kCtap2GetAssertionSignature));
-    EXPECT_EQ(memcmp(getAssertionResponse->signature->data(), TestData::kCtap2GetAssertionSignature, sizeof(TestData::kCtap2GetAssertionSignature)), 0);
+    EXPECT_EQ(getAssertionResponse->authenticatorData()->byteLength(), sizeof(TestData::kCtap2GetAssertionAuthData));
+    EXPECT_EQ(memcmp(getAssertionResponse->authenticatorData()->data(), TestData::kCtap2GetAssertionAuthData, sizeof(TestData::kCtap2GetAssertionAuthData)), 0);
+    EXPECT_EQ(getAssertionResponse->signature()->byteLength(), sizeof(TestData::kCtap2GetAssertionSignature));
+    EXPECT_EQ(memcmp(getAssertionResponse->signature()->data(), TestData::kCtap2GetAssertionSignature, sizeof(TestData::kCtap2GetAssertionSignature)), 0);
 }
 
@@ -416 +416 @@
     auto response = readU2fRegisterResponse(TestData::kRelyingPartyId, convertBytesToVector(TestData::kTestU2fRegisterResponse, sizeof(TestData::kTestU2fRegisterResponse)));
     ASSERT_TRUE(response);
-    EXPECT_EQ(response->rawId->byteLength(), sizeof(TestData::kU2fSignKeyHandle));
-    EXPECT_EQ(memcmp(response->rawId->data(), TestData::kU2fSignKeyHandle, sizeof(TestData::kU2fSignKeyHandle)), 0);
-    EXPECT_TRUE(response->isAuthenticatorAttestationResponse);
+    EXPECT_EQ(response->rawId()->byteLength(), sizeof(TestData::kU2fSignKeyHandle));
+    EXPECT_EQ(memcmp(response->rawId()->data(), TestData::kU2fSignKeyHandle, sizeof(TestData::kU2fSignKeyHandle)), 0);
     auto expectedAttestationObject = getTestAttestationObjectBytes();
-    EXPECT_EQ(response->attestationObject->byteLength(), expectedAttestationObject.size());
-    EXPECT_EQ(memcmp(response->attestationObject->data(), expectedAttestationObject.data(), expectedAttestationObject.size()), 0);
+    EXPECT_EQ(response->attestationObject()->byteLength(), expectedAttestationObject.size());
+    EXPECT_EQ(memcmp(response->attestationObject()->data(), expectedAttestationObject.data(), expectedAttestationObject.size()), 0);
 }
 
@@ -523 +522 @@
     auto response = readU2fSignResponse(TestData::kRelyingPartyId, getTestCredentialRawIdBytes(), getTestSignResponse());
     ASSERT_TRUE(response);
-    EXPECT_EQ(response->rawId->byteLength(), sizeof(TestData::kU2fSignKeyHandle));
-    EXPECT_EQ(memcmp(response->rawId->data(), TestData::kU2fSignKeyHandle, sizeof(TestData::kU2fSignKeyHandle)), 0);
-    EXPECT_FALSE(response->isAuthenticatorAttestationResponse);
-    EXPECT_EQ(response->authenticatorData->byteLength(), sizeof(TestData::kTestSignAuthenticatorData));
-    EXPECT_EQ(memcmp(response->authenticatorData->data(), TestData::kTestSignAuthenticatorData, sizeof(TestData::kTestSignAuthenticatorData)), 0);
-    EXPECT_EQ(response->signature->byteLength(), sizeof(TestData::kU2fSignature));
-    EXPECT_EQ(memcmp(response->signature->data(), TestData::kU2fSignature, sizeof(TestData::kU2fSignature)), 0);
+    EXPECT_EQ(response->rawId()->byteLength(), sizeof(TestData::kU2fSignKeyHandle));
+    EXPECT_EQ(memcmp(response->rawId()->data(), TestData::kU2fSignKeyHandle, sizeof(TestData::kU2fSignKeyHandle)), 0);
+    EXPECT_EQ(response->authenticatorData()->byteLength(), sizeof(TestData::kTestSignAuthenticatorData));
+    EXPECT_EQ(memcmp(response->authenticatorData()->data(), TestData::kTestSignAuthenticatorData, sizeof(TestData::kTestSignAuthenticatorData)), 0);
+    EXPECT_EQ(response->signature()->byteLength(), sizeof(TestData::kU2fSignature));
+    EXPECT_EQ(memcmp(response->signature()->data(), TestData::kU2fSignature, sizeof(TestData::kU2fSignature)), 0);
 }