Changeset 256062 in webkit

Timestamp:

Feb 7, 2020 2:16:54 PM (4 years ago)

Author:

jiewen_tan@apple.com

Message:

[WebAuthn] Report CTAP Client Pin Error to clients
​https://bugs.webkit.org/show_bug.cgi?id=205837
<rdar://problem/58356872>

Reviewed by Brent Fulgham.

Source/WebKit:

Authenticators could return four different errors { kCtap2ErrPinInvalid, kCtap2ErrPinBlocked, kCtap2ErrPinAuthInvalid, kCtap2ErrPinAuthBlocked }
during 1) GetPinToken or 2) MakeCredential/GetAssertion with PinAuth.

All errors should be reported to the client so that appropriate UI can be displayed to users.
For kCtap2ErrPinAuthInvalid and kCtap2ErrPinInvalid, we will restart the whole Pin process to get
another Pin from the user.

Covered by API tests.

• UIProcess/API/APIWebAuthenticationPanelClient.h:
• UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.mm:

(WebKit::wkWebAuthenticationPanelUpdate):

• UIProcess/WebAuthentication/WebAuthenticationFlags.h:
• UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:

(WebKit::fido::toStatus):
(WebKit::fido::isPinError):
(WebKit::CtapAuthenticator::continueMakeCredentialAfterResponseReceived):
(WebKit::CtapAuthenticator::continueGetAssertionAfterResponseReceived):
(WebKit::CtapAuthenticator::continueRequestAfterGetPinToken):
(WebKit::CtapAuthenticator::tryRestartPin):

• UIProcess/WebAuthentication/fido/CtapAuthenticator.h:

Tools:

• TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
• TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:

(-[TestWebAuthenticationPanelDelegate panel:updateWebAuthenticationPanel:]):
(TestWebKitAPI::TEST):

• TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-hid-pin-auth-blocked-error.html: Copied from Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-error.html.
• TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-hid-pin-invalid-error-retry.html: Added.
• TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-auth-blocked-error.html: Copied from Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-error.html.
• TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-blocked-error.html: Copied from Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-error.html.
• TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-invalid-error-retry.html: Added.
• TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html: Renamed from Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-error.html.
• TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-pin-invalid-error-retry.html: Added.
• TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-invalid-error-retry.html: Added.

Location:

trunk

Files:

• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/UIProcess/API/APIWebAuthenticationPanelClient.h (modified) (1 diff)
• Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.mm (modified) (1 diff)
• Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationFlags.h (modified) (1 diff)
• Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp (modified) (5 diffs)
• Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (modified) (8 diffs)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm (modified) (7 diffs)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-hid-pin-auth-blocked-error.html (copied) (copied from trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-error.html) (2 diffs)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-hid-pin-invalid-error-retry.html (added)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-auth-blocked-error.html (copied) (copied from trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-error.html) (1 diff)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-blocked-error.html (copied) (copied from trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-error.html) (1 diff)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-invalid-error-retry.html (added)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html (moved) (moved from trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-error.html) (1 diff)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-pin-invalid-error-retry.html (added)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-invalid-error-retry.html (added)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2020-02-07  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebAuthn] Report CTAP Client Pin Error to clients
+        https://bugs.webkit.org/show_bug.cgi?id=205837
+        <rdar://problem/58356872>
+
+        Reviewed by Brent Fulgham.
+
+        Authenticators could return four different errors { kCtap2ErrPinInvalid, kCtap2ErrPinBlocked, kCtap2ErrPinAuthInvalid, kCtap2ErrPinAuthBlocked }
+        during 1) GetPinToken or 2) MakeCredential/GetAssertion with PinAuth.
+
+        All errors should be reported to the client so that appropriate UI can be displayed to users.
+        For kCtap2ErrPinAuthInvalid and kCtap2ErrPinInvalid, we will restart the whole Pin process to get
+        another Pin from the user.
+
+        Covered by API tests.
+
+        * UIProcess/API/APIWebAuthenticationPanelClient.h:
+        * UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.mm:
+        (WebKit::wkWebAuthenticationPanelUpdate):
+        * UIProcess/WebAuthentication/WebAuthenticationFlags.h:
+        * UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
+        (WebKit::fido::toStatus):
+        (WebKit::fido::isPinError):
+        (WebKit::CtapAuthenticator::continueMakeCredentialAfterResponseReceived):
+        (WebKit::CtapAuthenticator::continueGetAssertionAfterResponseReceived):
+        (WebKit::CtapAuthenticator::continueRequestAfterGetPinToken):
+        (WebKit::CtapAuthenticator::tryRestartPin):
+        * UIProcess/WebAuthentication/fido/CtapAuthenticator.h:
+
 2020-02-07  Jonathan Bedard  <jbedard@apple.com>
 

trunk/Source/WebKit/UIProcess/API/APIWebAuthenticationPanelClient.h

@@ -38 +38 @@
 
 namespace WebKit {
-enum class WebAuthenticationStatus : bool;
+enum class WebAuthenticationStatus : uint8_t;
 enum class WebAuthenticationResult : bool;
 }

trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.mm

@@ -60 +60 @@
     if (status == WebAuthenticationStatus::NoCredentialsFound)
         return _WKWebAuthenticationPanelUpdateNoCredentialsFound;
+    if (status == WebAuthenticationStatus::PinBlocked)
+        return _WKWebAuthenticationPanelUpdatePINBlocked;
+    if (status == WebAuthenticationStatus::PinAuthBlocked)
+        return _WKWebAuthenticationPanelUpdatePINAuthBlocked;
+    if (status == WebAuthenticationStatus::PinInvalid)
+        return _WKWebAuthenticationPanelUpdatePINInvalid;
     ASSERT_NOT_REACHED();
     return _WKWebAuthenticationPanelUpdateMultipleNFCTagsPresent;

trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationFlags.h

@@ -41 +41 @@
 };
 
-enum class WebAuthenticationStatus : bool {
+enum class WebAuthenticationStatus : uint8_t {
     MultipleNFCTagsPresent,
-    NoCredentialsFound
+    NoCredentialsFound,
+    PinBlocked,
+    PinAuthBlocked,
+    PinInvalid
 };
 

trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp

@@ -47 +47 @@
 using namespace fido;
 
+namespace {
+WebAuthenticationStatus toStatus(const CtapDeviceResponseCode& error)
+{
+    switch (error) {
+    case CtapDeviceResponseCode::kCtap2ErrPinAuthInvalid:
+    case CtapDeviceResponseCode::kCtap2ErrPinInvalid:
+        return WebAuthenticationStatus::PinInvalid;
+    case CtapDeviceResponseCode::kCtap2ErrPinAuthBlocked:
+        return WebAuthenticationStatus::PinAuthBlocked;
+    case CtapDeviceResponseCode::kCtap2ErrPinBlocked:
+        return WebAuthenticationStatus::PinBlocked;
+    default:
+        ASSERT_NOT_REACHED();
+        return WebAuthenticationStatus::PinInvalid;
+    }
+}
+
+bool isPinError(const CtapDeviceResponseCode& error)
+{
+    switch (error) {
+    case CtapDeviceResponseCode::kCtap2ErrPinAuthInvalid:
+    case CtapDeviceResponseCode::kCtap2ErrPinAuthBlocked:
+    case CtapDeviceResponseCode::kCtap2ErrPinInvalid:
+    case CtapDeviceResponseCode::kCtap2ErrPinBlocked:
+        return true;
+    default:
+        return false;
+    }
+}
+
+} // namespace
+
 CtapAuthenticator::CtapAuthenticator(std::unique_ptr<CtapDriver>&& driver, AuthenticatorGetInfoResponse&& info)
     : FidoAuthenticator(WTFMove(driver))
@@ -77 +109 @@
     if (!response) {
         auto error = getResponseCode(data);
-        if (error == CtapDeviceResponseCode::kCtap2ErrCredentialExcluded)
+
+        if (error == CtapDeviceResponseCode::kCtap2ErrCredentialExcluded) {
             receiveRespond(ExceptionData { InvalidStateError, "At least one credential matches an entry of the excludeCredentials list in the authenticator."_s });
-        // FIXME(205837)
-        else if (error == CtapDeviceResponseCode::kCtap2ErrPinInvalid || error == CtapDeviceResponseCode::kCtap2ErrPinAuthInvalid)
-            getRetries();
-        else
-            receiveRespond(ExceptionData { UnknownError, makeString("Unknown internal error. Error code: ", static_cast<uint8_t>(error)) });
+            return;
+        }
+
+        if (isPinError(error)) {
+            if (!m_pinAuth.isEmpty()) // Skip the very first command that acts like wink.
+                observer()->authenticatorStatusUpdated(toStatus(error));
+            if (tryRestartPin(error))
+                return;
+        }
+
+        receiveRespond(ExceptionData { UnknownError, makeString("Unknown internal error. Error code: ", static_cast<uint8_t>(error)) });
         return;
     }
@@ -111 +150 @@
     if (!response) {
         auto error = getResponseCode(data);
-        // FIXME(205837)
-        if (error == CtapDeviceResponseCode::kCtap2ErrPinInvalid || error == CtapDeviceResponseCode::kCtap2ErrPinAuthInvalid) {
-            getRetries();
-            return;
-        }
-        if (error != CtapDeviceResponseCode::kCtap2ErrInvalidCBOR && tryDowngrade())
-            return;
+
+        if (!isPinError(error) && tryDowngrade())
+            return;
+
+        if (isPinError(error)) {
+            if (!m_pinAuth.isEmpty()) // Skip the very first command that acts like wink.
+                observer()->authenticatorStatusUpdated(toStatus(error));
+            if (tryRestartPin(error))
+                return;
+        }
+
         if (error == CtapDeviceResponseCode::kCtap2ErrNoCredentials && observer())
             observer()->authenticatorStatusUpdated(WebAuthenticationStatus::NoCredentialsFound);
+
         receiveRespond(ExceptionData { UnknownError, makeString("Unknown internal error. Error code: ", static_cast<uint8_t>(error)) });
         return;
@@ -250 +294 @@
     if (!token) {
         auto error = getResponseCode(data);
+
+        if (isPinError(error)) {
+            observer()->authenticatorStatusUpdated(toStatus(error));
+            if (tryRestartPin(error))
+                return;
+        }
+
         receiveRespond(ExceptionData { UnknownError, makeString("Unknown internal error. Error code: ", static_cast<uint8_t>(error)) });
         return;
@@ -260 +311 @@
         getAssertion();
     });
+}
+
+bool CtapAuthenticator::tryRestartPin(const CtapDeviceResponseCode& error)
+{
+    switch (error) {
+    case CtapDeviceResponseCode::kCtap2ErrPinAuthInvalid:
+    case CtapDeviceResponseCode::kCtap2ErrPinInvalid:
+        getRetries();
+        return true;
+    default:
+        return false;
+    }
 }
 

trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h

@@ -66 +66 @@
     void continueGetPinTokenAfterRequestPin(const String& pin, const WebCore::CryptoKeyEC&);
     void continueRequestAfterGetPinToken(Vector<uint8_t>&&, const fido::pin::TokenRequest&);
+    bool tryRestartPin(const fido::CtapDeviceResponseCode&);
 
     bool tryDowngrade();

trunk/Tools/ChangeLog

@@ +1 @@
+2020-02-07  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebAuthn] Report CTAP Client Pin Error to clients
+        https://bugs.webkit.org/show_bug.cgi?id=205837
+        <rdar://problem/58356872>
+
+        Reviewed by Brent Fulgham.
+
+        * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+        * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:
+        (-[TestWebAuthenticationPanelDelegate panel:updateWebAuthenticationPanel:]):
+        (TestWebKitAPI::TEST):
+        * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-hid-pin-auth-blocked-error.html: Copied from Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-error.html.
+        * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-hid-pin-invalid-error-retry.html: Added.
+        * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-auth-blocked-error.html: Copied from Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-error.html.
+        * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-blocked-error.html: Copied from Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-error.html.
+        * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-invalid-error-retry.html: Added.
+        * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html: Renamed from Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-error.html.
+        * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-pin-invalid-error-retry.html: Added.
+        * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-invalid-error-retry.html: Added.
+
 2020-02-07  Jonathan Bedard  <jbedard@apple.com>
 

trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj

@@ -334 +334 @@
                 570D26F423C3CA6A00D5CF67 /* web-authentication-make-credential-hid-pin-get-key-agreement-error.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 570D26F323C3CA5500D5CF67 /* web-authentication-make-credential-hid-pin-get-key-agreement-error.html */; };
                 570D26F623C3D33000D5CF67 /* web-authentication-make-credential-hid-pin.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 570D26F523C3D32700D5CF67 /* web-authentication-make-credential-hid-pin.html */; };
-                570D26FA23C3F25100D5CF67 /* web-authentication-make-credential-hid-pin-get-pin-token-error.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 570D26F923C3F24500D5CF67 /* web-authentication-make-credential-hid-pin-get-pin-token-error.html */; };
+                570D26FA23C3F25100D5CF67 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 570D26F923C3F24500D5CF67 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html */; };
                 570D26FC23C3F87000D5CF67 /* web-authentication-get-assertion-hid-pin.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 570D26FB23C3F86500D5CF67 /* web-authentication-get-assertion-hid-pin.html */; };
                 5714ECB91CA8B5B000051AC8 /* DownloadRequestOriginalURL.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 5714ECB81CA8B58800051AC8 /* DownloadRequestOriginalURL.html */; };
@@ -367 +367 @@
                 5778D05622110A2600899E3B /* LoadWebArchive.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5778D05522110A2600899E3B /* LoadWebArchive.mm */; };
                 578CBD67204FB2C80083B9F2 /* LocalAuthentication.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 578CBD66204FB2C70083B9F2 /* LocalAuthentication.framework */; };
+                578DA44223ECC7A000246010 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-blocked-error.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 578DA44123ECC76B00246010 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-blocked-error.html */; };
+                578DA44423ECCAE900246010 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-invalid-error-retry.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 578DA44323ECC8A800246010 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-invalid-error-retry.html */; };
+                578DA44623ECCC0A00246010 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-invalid-error-retry.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 578DA44523ECCBD000246010 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-invalid-error-retry.html */; };
+                578DA44823ECD09B00246010 /* web-authentication-make-credential-hid-pin-auth-blocked-error.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 578DA44723ECD01300246010 /* web-authentication-make-credential-hid-pin-auth-blocked-error.html */; };
+                578DA44A23ECD18600246010 /* web-authentication-make-credential-hid-pin-invalid-error-retry.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 578DA44923ECD15500246010 /* web-authentication-make-credential-hid-pin-invalid-error-retry.html */; };
+                578DA44C23ECD23000246010 /* web-authentication-get-assertion-hid-pin-auth-blocked-error.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 578DA44B23ECD20300246010 /* web-authentication-get-assertion-hid-pin-auth-blocked-error.html */; };
+                578DA44E23ECD28B00246010 /* web-authentication-get-assertion-hid-pin-invalid-error-retry.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 578DA44D23ECD26100246010 /* web-authentication-get-assertion-hid-pin-invalid-error-retry.html */; };
                 57901FB11CAF142D00ED64F9 /* LoadInvalidURLRequest.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 57901FB01CAF141C00ED64F9 /* LoadInvalidURLRequest.html */; };
                 579651E7216BFDED006EBFE5 /* FidoHidMessageTest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 579651E6216BFD53006EBFE5 /* FidoHidMessageTest.cpp */; };
@@ -1502 +1509 @@
                                 579F1C0123C93AF500C7D4B4 /* web-authentication-get-assertion-hid-multiple-accounts.html in Copy Resources */,
                                 577454D02359B378008E1ED7 /* web-authentication-get-assertion-hid-no-credentials.html in Copy Resources */,
+                                578DA44C23ECD23000246010 /* web-authentication-get-assertion-hid-pin-auth-blocked-error.html in Copy Resources */,
+                                578DA44E23ECD28B00246010 /* web-authentication-get-assertion-hid-pin-invalid-error-retry.html in Copy Resources */,
                                 570D26FC23C3F87000D5CF67 /* web-authentication-get-assertion-hid-pin.html in Copy Resources */,
                                 57663DEC234F1F9300E85E09 /* web-authentication-get-assertion-hid.html in Copy Resources */,
@@ -1508 +1517 @@
                                 577454D22359BB01008E1ED7 /* web-authentication-get-assertion-u2f-no-credentials.html in Copy Resources */,
                                 57C624502346C21E00383FE7 /* web-authentication-get-assertion.html in Copy Resources */,
+                                578DA44823ECD09B00246010 /* web-authentication-make-credential-hid-pin-auth-blocked-error.html in Copy Resources */,
                                 570D26F423C3CA6A00D5CF67 /* web-authentication-make-credential-hid-pin-get-key-agreement-error.html in Copy Resources */,
-                                570D26FA23C3F25100D5CF67 /* web-authentication-make-credential-hid-pin-get-pin-token-error.html in Copy Resources */,
+                                578DA44223ECC7A000246010 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-blocked-error.html in Copy Resources */,
+                                578DA44623ECCC0A00246010 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-invalid-error-retry.html in Copy Resources */,
+                                570D26FA23C3F25100D5CF67 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html in Copy Resources */,
+                                578DA44423ECCAE900246010 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-invalid-error-retry.html in Copy Resources */,
                                 5758598423C3C3A400C74572 /* web-authentication-make-credential-hid-pin-get-retries-error.html in Copy Resources */,
+                                578DA44A23ECD18600246010 /* web-authentication-make-credential-hid-pin-invalid-error-retry.html in Copy Resources */,
                                 570D26F623C3D33000D5CF67 /* web-authentication-make-credential-hid-pin.html in Copy Resources */,
                                 5798337E236019A4008E5547 /* web-authentication-make-credential-hid.html in Copy Resources */,
@@ -1926 +1940 @@
                 570D26F323C3CA5500D5CF67 /* web-authentication-make-credential-hid-pin-get-key-agreement-error.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-hid-pin-get-key-agreement-error.html"; sourceTree = "<group>"; };
                 570D26F523C3D32700D5CF67 /* web-authentication-make-credential-hid-pin.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-hid-pin.html"; sourceTree = "<group>"; };
-                570D26F923C3F24500D5CF67 /* web-authentication-make-credential-hid-pin-get-pin-token-error.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-hid-pin-get-pin-token-error.html"; sourceTree = "<group>"; };
+                570D26F923C3F24500D5CF67 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html"; sourceTree = "<group>"; };
                 570D26FB23C3F86500D5CF67 /* web-authentication-get-assertion-hid-pin.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-get-assertion-hid-pin.html"; sourceTree = "<group>"; };
                 5714ECB81CA8B58800051AC8 /* DownloadRequestOriginalURL.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = DownloadRequestOriginalURL.html; sourceTree = "<group>"; };
@@ -1961 +1975 @@
                 5778D05522110A2600899E3B /* LoadWebArchive.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = LoadWebArchive.mm; sourceTree = "<group>"; };
                 578CBD66204FB2C70083B9F2 /* LocalAuthentication.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = LocalAuthentication.framework; path = System/Library/Frameworks/LocalAuthentication.framework; sourceTree = SDKROOT; };
+                578DA44123ECC76B00246010 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-blocked-error.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-blocked-error.html"; sourceTree = "<group>"; };
+                578DA44323ECC8A800246010 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-invalid-error-retry.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-hid-pin-get-pin-token-pin-invalid-error-retry.html"; sourceTree = "<group>"; };
+                578DA44523ECCBD000246010 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-invalid-error-retry.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-invalid-error-retry.html"; sourceTree = "<group>"; };
+                578DA44723ECD01300246010 /* web-authentication-make-credential-hid-pin-auth-blocked-error.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-hid-pin-auth-blocked-error.html"; sourceTree = "<group>"; };
+                578DA44923ECD15500246010 /* web-authentication-make-credential-hid-pin-invalid-error-retry.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-hid-pin-invalid-error-retry.html"; sourceTree = "<group>"; };
+                578DA44B23ECD20300246010 /* web-authentication-get-assertion-hid-pin-auth-blocked-error.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-get-assertion-hid-pin-auth-blocked-error.html"; sourceTree = "<group>"; };
+                578DA44D23ECD26100246010 /* web-authentication-get-assertion-hid-pin-invalid-error-retry.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-get-assertion-hid-pin-invalid-error-retry.html"; sourceTree = "<group>"; };
                 57901FAC1CAF12C200ED64F9 /* LoadInvalidURLRequest.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = LoadInvalidURLRequest.mm; sourceTree = "<group>"; };
                 57901FAE1CAF137100ED64F9 /* LoadInvalidURLRequest.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = LoadInvalidURLRequest.mm; sourceTree = "<group>"; };
@@ -3539 +3560 @@
                                 579F1BFF23C92FD300C7D4B4 /* web-authentication-get-assertion-hid-multiple-accounts.html */,
                                 577454CF2359B338008E1ED7 /* web-authentication-get-assertion-hid-no-credentials.html */,
+                                578DA44B23ECD20300246010 /* web-authentication-get-assertion-hid-pin-auth-blocked-error.html */,
+                                578DA44D23ECD26100246010 /* web-authentication-get-assertion-hid-pin-invalid-error-retry.html */,
                                 570D26FB23C3F86500D5CF67 /* web-authentication-get-assertion-hid-pin.html */,
                                 57663DEB234F1F8000E85E09 /* web-authentication-get-assertion-hid.html */,
@@ -3545 +3568 @@
                                 577454D12359BAD5008E1ED7 /* web-authentication-get-assertion-u2f-no-credentials.html */,
                                 57C6244F2346C1EC00383FE7 /* web-authentication-get-assertion.html */,
+                                578DA44723ECD01300246010 /* web-authentication-make-credential-hid-pin-auth-blocked-error.html */,
                                 570D26F323C3CA5500D5CF67 /* web-authentication-make-credential-hid-pin-get-key-agreement-error.html */,
-                                570D26F923C3F24500D5CF67 /* web-authentication-make-credential-hid-pin-get-pin-token-error.html */,
+                                578DA44123ECC76B00246010 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-blocked-error.html */,
+                                578DA44523ECCBD000246010 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-invalid-error-retry.html */,
+                                570D26F923C3F24500D5CF67 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html */,
+                                578DA44323ECC8A800246010 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-invalid-error-retry.html */,
                                 5758598323C3C36200C74572 /* web-authentication-make-credential-hid-pin-get-retries-error.html */,
+                                578DA44923ECD15500246010 /* web-authentication-make-credential-hid-pin-invalid-error-retry.html */,
                                 570D26F523C3D32700D5CF67 /* web-authentication-make-credential-hid-pin.html */,
                                 5798337D2360196D008E5547 /* web-authentication-make-credential-hid.html */,

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm

@@ -47 +47 @@
 static bool webAuthenticationPanelUpdateMultipleNFCTagsPresent = false;
 static bool webAuthenticationPanelUpdateNoCredentialsFound = false;
+static bool webAuthenticationPanelUpdatePINBlocked = false;
+static bool webAuthenticationPanelUpdatePINAuthBlocked = false;
+static bool webAuthenticationPanelUpdatePINInvalid = false;
 static bool webAuthenticationPanelCancelImmediately = false;
 static String webAuthenticationPanelPin;
@@ -68 +71 @@
     if (update == _WKWebAuthenticationPanelUpdateNoCredentialsFound) {
         webAuthenticationPanelUpdateNoCredentialsFound = true;
+        return;
+    }
+    if (update == _WKWebAuthenticationPanelUpdatePINBlocked) {
+        webAuthenticationPanelUpdatePINBlocked = true;
+        return;
+    }
+    if (update == _WKWebAuthenticationPanelUpdatePINAuthBlocked) {
+        webAuthenticationPanelUpdatePINAuthBlocked = true;
+        return;
+    }
+    if (update == _WKWebAuthenticationPanelUpdatePINInvalid) {
+        webAuthenticationPanelUpdatePINInvalid = true;
         return;
     }
@@ -222 +237 @@
     webAuthenticationPanelFailed = false;
     webAuthenticationPanelSucceded = false;
+    webAuthenticationPanelUpdateMultipleNFCTagsPresent = false;
+    webAuthenticationPanelUpdateNoCredentialsFound = false;
+    webAuthenticationPanelUpdatePINBlocked = false;
+    webAuthenticationPanelUpdatePINAuthBlocked = false;
+    webAuthenticationPanelUpdatePINInvalid = false;
     webAuthenticationPanelCancelImmediately = false;
+    webAuthenticationPanelPin = emptyString();
+    webAuthenticationPanelNullUserHandle = NO;
 }
 
@@ -839 +861 @@
 }
 
-TEST(WebAuthenticationPanel, PinGetPinTokenError)
-{
-    reset();
-    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-make-credential-hid-pin-get-pin-token-error" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+TEST(WebAuthenticationPanel, PinGetPinTokenPinBlockedError)
+{
+    reset();
+    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
 
     auto *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];
@@ -853 +875 @@
     webAuthenticationPanelPin = "1234";
     [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
-    [webView waitForMessage:@"Unknown internal error. Error code: 2"];
+    [webView waitForMessage:@"Unknown internal error. Error code: 50"];
+    EXPECT_FALSE(webAuthenticationPanelUpdatePINInvalid);
+    EXPECT_TRUE(webAuthenticationPanelUpdatePINBlocked);
+}
+
+TEST(WebAuthenticationPanel, PinGetPinTokenPinAuthBlockedError)
+{
+    reset();
+    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-blocked-error" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+
+    auto *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];
+    [[configuration preferences] _setEnabled:YES forExperimentalFeature:webAuthenticationExperimentalFeature()];
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSZeroRect configuration:configuration]);
+    auto delegate = adoptNS([[TestWebAuthenticationPanelUIDelegate alloc] init]);
+    [webView setUIDelegate:delegate.get()];
+
+    webAuthenticationPanelPin = "1234";
+    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
+    [webView waitForMessage:@"Unknown internal error. Error code: 52"];
+    EXPECT_FALSE(webAuthenticationPanelUpdatePINInvalid);
+    EXPECT_TRUE(webAuthenticationPanelUpdatePINAuthBlocked);
+}
+
+TEST(WebAuthenticationPanel, PinGetPinTokenPinInvalidErrorAndRetry)
+{
+    reset();
+    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-make-credential-hid-pin-get-pin-token-pin-invalid-error-retry" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+
+    auto *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];
+    [[configuration preferences] _setEnabled:YES forExperimentalFeature:webAuthenticationExperimentalFeature()];
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSZeroRect configuration:configuration]);
+    auto delegate = adoptNS([[TestWebAuthenticationPanelUIDelegate alloc] init]);
+    [webView setUIDelegate:delegate.get()];
+
+    webAuthenticationPanelPin = "1234";
+    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
+    [webView waitForMessage:@"Succeeded!"];
+    EXPECT_TRUE(webAuthenticationPanelUpdatePINInvalid);
+}
+
+TEST(WebAuthenticationPanel, PinGetPinTokenPinAuthInvalidErrorAndRetry)
+{
+    reset();
+    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-invalid-error-retry" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+
+    auto *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];
+    [[configuration preferences] _setEnabled:YES forExperimentalFeature:webAuthenticationExperimentalFeature()];
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSZeroRect configuration:configuration]);
+    auto delegate = adoptNS([[TestWebAuthenticationPanelUIDelegate alloc] init]);
+    [webView setUIDelegate:delegate.get()];
+
+    webAuthenticationPanelPin = "1234";
+    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
+    [webView waitForMessage:@"Succeeded!"];
+    EXPECT_TRUE(webAuthenticationPanelUpdatePINInvalid);
 }
 
@@ -873 +952 @@
 }
 
+TEST(WebAuthenticationPanel, MakeCredentialPinAuthBlockedError)
+{
+    reset();
+    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-make-credential-hid-pin-auth-blocked-error" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+
+    auto *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];
+    [[configuration preferences] _setEnabled:YES forExperimentalFeature:webAuthenticationExperimentalFeature()];
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSZeroRect configuration:configuration]);
+    auto delegate = adoptNS([[TestWebAuthenticationPanelUIDelegate alloc] init]);
+    [webView setUIDelegate:delegate.get()];
+
+    webAuthenticationPanelPin = "1234";
+    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
+    [webView waitForMessage:@"Unknown internal error. Error code: 52"];
+    EXPECT_FALSE(webAuthenticationPanelUpdatePINInvalid);
+    EXPECT_TRUE(webAuthenticationPanelUpdatePINAuthBlocked);
+}
+
+TEST(WebAuthenticationPanel, MakeCredentialPinInvalidErrorAndRetry)
+{
+    reset();
+    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-make-credential-hid-pin-invalid-error-retry" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+
+    auto *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];
+    [[configuration preferences] _setEnabled:YES forExperimentalFeature:webAuthenticationExperimentalFeature()];
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSZeroRect configuration:configuration]);
+    auto delegate = adoptNS([[TestWebAuthenticationPanelUIDelegate alloc] init]);
+    [webView setUIDelegate:delegate.get()];
+
+    webAuthenticationPanelPin = "1234";
+    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
+    [webView waitForMessage:@"Succeeded!"];
+    EXPECT_TRUE(webAuthenticationPanelUpdatePINInvalid);
+}
+
 TEST(WebAuthenticationPanel, GetAssertionPin)
 {
@@ -890 +1006 @@
 }
 
+TEST(WebAuthenticationPanel, GetAssertionPinAuthBlockedError)
+{
+    reset();
+    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-get-assertion-hid-pin-auth-blocked-error" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+
+    auto *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];
+    [[configuration preferences] _setEnabled:YES forExperimentalFeature:webAuthenticationExperimentalFeature()];
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSZeroRect configuration:configuration]);
+    auto delegate = adoptNS([[TestWebAuthenticationPanelUIDelegate alloc] init]);
+    [webView setUIDelegate:delegate.get()];
+
+    webAuthenticationPanelPin = "1234";
+    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
+    [webView waitForMessage:@"Unknown internal error. Error code: 52"];
+    EXPECT_FALSE(webAuthenticationPanelUpdatePINInvalid);
+    EXPECT_TRUE(webAuthenticationPanelUpdatePINAuthBlocked);
+}
+
+TEST(WebAuthenticationPanel, GetAssertionPinInvalidErrorAndRetry)
+{
+    reset();
+    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-get-assertion-hid-pin-invalid-error-retry" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+
+    auto *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];
+    [[configuration preferences] _setEnabled:YES forExperimentalFeature:webAuthenticationExperimentalFeature()];
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSZeroRect configuration:configuration]);
+    auto delegate = adoptNS([[TestWebAuthenticationPanelUIDelegate alloc] init]);
+    [webView setUIDelegate:delegate.get()];
+
+    webAuthenticationPanelPin = "1234";
+    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
+    [webView waitForMessage:@"Succeeded!"];
+    EXPECT_TRUE(webAuthenticationPanelUpdatePINInvalid);
+}
+
 TEST(WebAuthenticationPanel, MultipleAccountsNullDelegate)
 {

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-hid-pin-auth-blocked-error.html

@@ -1 +1 @@
 <input type="text" id="input">
 <script>
-    const testCtapPinInvalidErrorBase64 = "MQ==";
+    const testCtapPinAuthInvalidErrorBase64 = "Mw==";
     const testPinGetRetriesResponseBase64 = "AKEDCA==";
     const testPinGetKeyAgreementResponseBase64 = "AKEBpQECAzgYIAEhWCDodiWJbuTkbcAydm6Ah5YvNt+d/otWfzdjAVsZkKYOFCJYICfeYS1mQYvaGVBYHrxcjB2tcQyxTCL4yXBF9GEvsgyR";
-    const testCtapInvalidParameterErrorBase64 = "Ag==";
+    const testPinGetPinTokenResponseBase64 = "AKECUBOk7rcOyRrqAB6TFvYeQfc=";
+    const testCtapPinAuthBlockedErrorBase64 = "NA==";
     if (window.internals) {
-        internals.setMockWebAuthenticationConfiguration({ hid: { supportClientPin: true, payloadBase64: [testCtapPinInvalidErrorBase64, testPinGetRetriesResponseBase64, testPinGetKeyAgreementResponseBase64, testCtapInvalidParameterErrorBase64] } });
+        internals.setMockWebAuthenticationConfiguration({ hid: { supportClientPin: true, payloadBase64: [testCtapPinAuthInvalidErrorBase64, testPinGetRetriesResponseBase64, testPinGetKeyAgreementResponseBase64, testPinGetPinTokenResponseBase64, testCtapPinAuthBlockedErrorBase64] } });
         internals.withUserGesture(() => { input.focus(); });
     }
@@ -12 +13 @@
     const options = {
         publicKey: {
-            rp: {
-                name: "localhost",
-            },
-            user: {
-                name: "John Appleseed",
-                id: new Uint8Array(16),
-                displayName: "Appleseed",
-            },
             challenge: new Uint8Array(16),
-            pubKeyCredParams: [{ type: "public-key", alg: -7 }]
+            timeout: 100
         }
     };
 
-    navigator.credentials.create(options).then(credential => {
+    navigator.credentials.get(options).then(credential => {
         // console.log("Succeeded!");
         window.webkit.messageHandlers.testHandler.postMessage("Succeeded!");

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-auth-blocked-error.html

@@ -1 +1 @@
 <input type="text" id="input">
 <script>
-    const testCtapPinInvalidErrorBase64 = "MQ==";
+    const testCtapPinAuthInvalidErrorBase64 = "Mw==";
     const testPinGetRetriesResponseBase64 = "AKEDCA==";
     const testPinGetKeyAgreementResponseBase64 = "AKEBpQECAzgYIAEhWCDodiWJbuTkbcAydm6Ah5YvNt+d/otWfzdjAVsZkKYOFCJYICfeYS1mQYvaGVBYHrxcjB2tcQyxTCL4yXBF9GEvsgyR";
-    const testCtapInvalidParameterErrorBase64 = "Ag==";
+    const testPinGetPinTokenResponseBase64 = "AKECUBOk7rcOyRrqAB6TFvYeQfc=";
+    const testCtapPinAuthBlockedErrorBase64 = "NA==";
     if (window.internals) {
-        internals.setMockWebAuthenticationConfiguration({ hid: { supportClientPin: true, payloadBase64: [testCtapPinInvalidErrorBase64, testPinGetRetriesResponseBase64, testPinGetKeyAgreementResponseBase64, testCtapInvalidParameterErrorBase64] } });
+        internals.setMockWebAuthenticationConfiguration({ hid: { supportClientPin: true, payloadBase64: [testCtapPinAuthInvalidErrorBase64, testPinGetRetriesResponseBase64, testPinGetKeyAgreementResponseBase64, testPinGetPinTokenResponseBase64, testCtapPinAuthBlockedErrorBase64, ] } });
         internals.withUserGesture(() => { input.focus(); });
     }

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-blocked-error.html

@@ -4 +4 @@
     const testPinGetRetriesResponseBase64 = "AKEDCA==";
     const testPinGetKeyAgreementResponseBase64 = "AKEBpQECAzgYIAEhWCDodiWJbuTkbcAydm6Ah5YvNt+d/otWfzdjAVsZkKYOFCJYICfeYS1mQYvaGVBYHrxcjB2tcQyxTCL4yXBF9GEvsgyR";
-    const testCtapInvalidParameterErrorBase64 = "Ag==";
+    const testCtapPinAuthBlockedErrorBase64 = "NA==";
     if (window.internals) {
-        internals.setMockWebAuthenticationConfiguration({ hid: { supportClientPin: true, payloadBase64: [testCtapPinInvalidErrorBase64, testPinGetRetriesResponseBase64, testPinGetKeyAgreementResponseBase64, testCtapInvalidParameterErrorBase64] } });
+        internals.setMockWebAuthenticationConfiguration({ hid: { supportClientPin: true, payloadBase64: [testCtapPinInvalidErrorBase64, testPinGetRetriesResponseBase64, testPinGetKeyAgreementResponseBase64, testCtapPinAuthBlockedErrorBase64] } });
         internals.withUserGesture(() => { input.focus(); });
     }

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html

@@ -4 +4 @@
     const testPinGetRetriesResponseBase64 = "AKEDCA==";
     const testPinGetKeyAgreementResponseBase64 = "AKEBpQECAzgYIAEhWCDodiWJbuTkbcAydm6Ah5YvNt+d/otWfzdjAVsZkKYOFCJYICfeYS1mQYvaGVBYHrxcjB2tcQyxTCL4yXBF9GEvsgyR";
-    const testCtapInvalidParameterErrorBase64 = "Ag==";
+    const testCtapPinBlockedErrorBase64 = "Mg==";
     if (window.internals) {
-        internals.setMockWebAuthenticationConfiguration({ hid: { supportClientPin: true, payloadBase64: [testCtapPinInvalidErrorBase64, testPinGetRetriesResponseBase64, testPinGetKeyAgreementResponseBase64, testCtapInvalidParameterErrorBase64] } });
+        internals.setMockWebAuthenticationConfiguration({ hid: { supportClientPin: true, payloadBase64: [testCtapPinInvalidErrorBase64, testPinGetRetriesResponseBase64, testPinGetKeyAgreementResponseBase64, testCtapPinBlockedErrorBase64] } });
         internals.withUserGesture(() => { input.focus(); });
     }