Attachment #398823 for bug #183530

View Details Raw Unified Return to Bug 183530

| Differences between



2020-05-07  Jiewen Tan  <jiewen_tan@apple.com>

        [WebAuthn] Roll back newly created credentials if an error occurs
        https://bugs.webkit.org/show_bug.cgi?id=183530
        <rdar://problem/43357305>

        Reviewed by NOBODY (OOPS!).

        We should clean up any newly created credentials if an error occurs before the relying party
        registers the identity. Otherwise we are left with a dangling credential.

        Covered by API tests.

        * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.h:
        * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:
        (WebKit::LocalAuthenticator::continueMakeCredentialAfterUserVerification):
        (WebKit::LocalAuthenticator::continueGetAssertionAfterUserVerification):
        (WebKit::LocalAuthenticator::receiveException const):

2020-05-05  David Kilzer  <ddkilzer@apple.com>

        Fix deprecated NSGraphicsContext methods using 'graphicsPort'

Lines 75-80 private: a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.h_sec1
- a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.h +1 lines
75	State m_state { State::Init };	75	State m_state { State::Init };
76	UniqueRef<LocalConnection> m_connection;	76	UniqueRef<LocalConnection> m_connection;
77	Vector<Ref<WebCore::AuthenticatorAssertionResponse>> m_existingCredentials;	77	Vector<Ref<WebCore::AuthenticatorAssertionResponse>> m_existingCredentials;
		78	RetainPtr<NSData> m_provisionalCredentialId;
78	};	79	};
79		80
80	} // namespace WebKit	81	} // namespace WebKit



        auto digest = PAL::CryptoDigest::create(PAL::CryptoDigest::Algorithm::SHA_1);
        digest->addBytes(nsPublicKeyData.bytes, nsPublicKeyData.length);
        credentialId = digest->computeHash();
        m_provisionalCredentialId = toNSData(credentialId);

#ifndef NDEBUG
        NSDictionary *credentialIdQuery = @{
            (id)kSecClass: (id)kSecClassKey,
            (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate,
            (id)kSecAttrLabel: secAttrLabel,
            (id)kSecAttrApplicationLabel: m_provisionalCredentialId.get(),
#if HAVE(DATA_PROTECTION_KEYCHAIN)
            (id)kSecUseDataProtectionKeychain: @YES
#else

        }
    }

    // Step 13.
    response->setAuthenticatorData(WTFMove(authData));
    response->setSignature(toArrayBuffer((NSData *)signature.get()));
    receiveRespond(WTFMove(response));

    // Extra step: update the Keychain item with the same value to update its modification date such that LRU can be used
    // for selectAssertionResponse
    NSDictionary *updateQuery = @{

    auto status = SecItemUpdate((__bridge CFDictionaryRef)updateQuery, (__bridge CFDictionaryRef)updateParams);
    if (status)
        LOG_ERROR("Couldn't update the Keychain item: %d", status);

    // Step 13.
    response->setAuthenticatorData(WTFMove(authData));
    response->setSignature(toArrayBuffer((NSData *)signature.get()));
    receiveRespond(WTFMove(response));
}

void LocalAuthenticator::receiveException(ExceptionData&& exception, WebAuthenticationStatus status) const
{
    LOG_ERROR(exception.message.utf8().data());

    // Roll back the just created credential.
    if (m_provisionalCredentialId) {
        NSDictionary* deleteQuery = @{
            (id)kSecClass: (id)kSecClassKey,
            (id)kSecAttrApplicationLabel: m_provisionalCredentialId.get(),
#if HAVE(DATA_PROTECTION_KEYCHAIN)
            (id)kSecUseDataProtectionKeychain: @YES
#else
            (id)kSecAttrNoLegacy: @YES
#endif
        };
        OSStatus status = SecItemDelete((__bridge CFDictionaryRef)deleteQuery);
        if (status)
            LOG_ERROR(makeString("Couldn't delete provisional credential while handling error: "_s, status).utf8().data());
    }

    if (auto* observer = this->observer())
        observer->authenticatorStatusUpdated(status);

    receiveRespond(WTFMove(exception));
    return;
}



2020-05-07  Jiewen Tan  <jiewen_tan@apple.com>

        [WebAuthn] Roll back newly created credentials if an error occurs
        https://bugs.webkit.org/show_bug.cgi?id=183530
        <rdar://problem/43357305>

        Reviewed by NOBODY (OOPS!).

        * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
        * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:
        (TestWebKitAPI::TEST):
        * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-attestation.html: Added.
        * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la.html:

2020-05-05  Ross Kirsling  <ross.kirsling@sony.com>

        [ECMA-402] Implement Intl.Locale



		55A817FF2181021A0004A39A /* 100x100-red.tga in Copy Resources */ = {isa = PBXBuildFile; fileRef = 55A817FE218101DF0004A39A /* 100x100-red.tga */; };
		55A81800218102210004A39A /* 400x400-green.png in Copy Resources */ = {isa = PBXBuildFile; fileRef = 55A817FD218101DF0004A39A /* 400x400-green.png */; };
		55F9D2E52205031800A9AB38 /* AdditionalSupportedImageTypes.mm in Sources */ = {isa = PBXBuildFile; fileRef = 55F9D2E42205031800A9AB38 /* AdditionalSupportedImageTypes.mm */; };
		5703BB8D2463F88700475FB2 /* web-authentication-make-credential-la-no-attestation.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 5703BB8C2463F87200475FB2 /* web-authentication-make-credential-la-no-attestation.html */; };
		570D26F423C3CA6A00D5CF67 /* web-authentication-make-credential-hid-pin-get-key-agreement-error.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 570D26F323C3CA5500D5CF67 /* web-authentication-make-credential-hid-pin-get-key-agreement-error.html */; };
		570D26F623C3D33000D5CF67 /* web-authentication-make-credential-hid-pin.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 570D26F523C3D32700D5CF67 /* web-authentication-make-credential-hid-pin.html */; };
		570D26FA23C3F25100D5CF67 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 570D26F923C3F24500D5CF67 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html */; };

				5798337E236019A4008E5547 /* web-authentication-make-credential-hid.html in Copy Resources */,
				5742178A2400AED8002B303D /* web-authentication-make-credential-la-duplicate-credential.html in Copy Resources */,
				574217882400AC25002B303D /* web-authentication-make-credential-la-error.html in Copy Resources */,
				5703BB8D2463F88700475FB2 /* web-authentication-make-credential-la-no-attestation.html in Copy Resources */,
				57EDFC5C245A1A3F00959521 /* web-authentication-make-credential-la-no-mock.html in Copy Resources */,
				5742178E2400D2DF002B303D /* web-authentication-make-credential-la.html in Copy Resources */,
				1C2B81861C89259D00A5529F /* webfont.html in Copy Resources */,

		55A817FD218101DF0004A39A /* 400x400-green.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "400x400-green.png"; sourceTree = "<group>"; };
		55A817FE218101DF0004A39A /* 100x100-red.tga */ = {isa = PBXFileReference; lastKnownFileType = file; path = "100x100-red.tga"; sourceTree = "<group>"; };
		55F9D2E42205031800A9AB38 /* AdditionalSupportedImageTypes.mm */ = {isa = PBXFileReference; explicitFileType = sourcecode.cpp.objcpp; path = AdditionalSupportedImageTypes.mm; sourceTree = "<group>"; };
		5703BB8C2463F87200475FB2 /* web-authentication-make-credential-la-no-attestation.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-la-no-attestation.html"; sourceTree = "<group>"; };
		570D26F323C3CA5500D5CF67 /* web-authentication-make-credential-hid-pin-get-key-agreement-error.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-hid-pin-get-key-agreement-error.html"; sourceTree = "<group>"; };
		570D26F523C3D32700D5CF67 /* web-authentication-make-credential-hid-pin.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-hid-pin.html"; sourceTree = "<group>"; };
		570D26F923C3F24500D5CF67 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html"; sourceTree = "<group>"; };

				5798337D2360196D008E5547 /* web-authentication-make-credential-hid.html */,
				574217892400AED0002B303D /* web-authentication-make-credential-la-duplicate-credential.html */,
				574217872400ABFD002B303D /* web-authentication-make-credential-la-error.html */,
				5703BB8C2463F87200475FB2 /* web-authentication-make-credential-la-no-attestation.html */,
				57EDFC5B245A18F500959521 /* web-authentication-make-credential-la-no-mock.html */,
				5742178D2400D26C002B303D /* web-authentication-make-credential-la.html */,
				51714EB21CF8C761004723C4 /* WebProcessKillIDBCleanup-1.html */,

			buildActionMask = 2147483647;
			files = (
				7C83DE991D0A590C00FEBCF3 /* AtomString.cpp in Sources */,
				FE2D9474245EB2F400E48135 /* Bitmap.cpp in Sources */,
				1ADAD1501D77A9F600212586 /* BlockPtr.mm in Sources */,
				7C83DE9C1D0A590C00FEBCF3 /* BloomFilter.cpp in Sources */,
				04DB2396235E43EC00328F17 /* BumpPointerAllocator.cpp in Sources */,

				E38D65CB23A45FAA0063D69A /* PackedRefPtr.cpp in Sources */,
				7C83DF591D0A590C00FEBCF3 /* ParkingLot.cpp in Sources */,
				53EC25411E96FD87000831B9 /* PriorityQueue.cpp in Sources */,
				FE2D9474245EB2F400E48135 /* Bitmap.cpp in Sources */,
				7C83DF131D0A590C00FEBCF3 /* RedBlackTree.cpp in Sources */,
				7C83DF141D0A590C00FEBCF3 /* Ref.cpp in Sources */,
				7C83DF151D0A590C00FEBCF3 /* RefCounter.cpp in Sources */,



    checkPanel([delegate panel], @"", @[adoptNS([[NSNumber alloc] initWithInt:_WKWebAuthenticationTransportUSB]).get()], _WKWebAuthenticationTypeCreate);
}

TEST(WebAuthenticationPanel, LAMakeCredentialRollBackCredential)
{
    reset();
    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-make-credential-la-no-attestation" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];

    auto *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];
    [[configuration preferences] _setEnabled:YES forExperimentalFeature:webAuthenticationExperimentalFeature()];

    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSZeroRect configuration:configuration]);
    auto delegate = adoptNS([[TestWebAuthenticationPanelUIDelegate alloc] init]);
    [webView setUIDelegate:delegate.get()];

    localAuthenticatorPolicy = _WKLocalAuthenticatorPolicyAllow;
    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
    [webView waitForMessage:@"Couldn't attest: The operation couldn't complete."];

    NSDictionary *query = @{
        (id)kSecClass: (id)kSecClassKey,
        (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate,
        (id)kSecAttrLabel: @"",
#if HAVE(DATA_PROTECTION_KEYCHAIN)
        (id)kSecUseDataProtectionKeychain: @YES
#else
        (id)kSecAttrNoLegacy: @YES
#endif
    };
    OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, nullptr);
    EXPECT_EQ(status, errSecItemNotFound);
}

// Skip the test because of <rdar://problem/59635486>.
#if PLATFORM(MAC)




<input type="text" id="input">
<script>
    const testES256PrivateKeyBase64 =
        "BDj/zxSkzKgaBuS3cdWDF558of8AaIpgFpsjF/Qm1749VBJPgqUIwfhWHJ91nb7U" +
        "PH76c0+WFOzZKslPyyFse4goGIW2R7k9VHLPEZl5nfnBgEVFh5zev+/xpHQIvuq6" +
        "RQ==";
    if (window.internals) {
        internals.setMockWebAuthenticationConfiguration({
            local: {
                userVerification: "yes",
                acceptAttestation: false,
                privateKeyBase64: testES256PrivateKeyBase64,
           }
        });
        internals.withUserGesture(() => { input.focus(); });
    }

    const options = {
        publicKey: {
            rp: {
                name: "localhost",
            },
            user: {
                name: "John Appleseed",
                id: new Uint8Array(16),
                displayName: "Appleseed",
            },
            challenge: new Uint8Array(16),
            pubKeyCredParams: [{ type: "public-key", alg: -7 }],
            attestation: "direct",
            timeout: 100,
        }
    };

    navigator.credentials.create(options).then(credential => {
        // console.log("Succeeded!");
        window.webkit.messageHandlers.testHandler.postMessage("Succeeded!");
    }, error => {
        // console.log(error.message);
        window.webkit.messageHandlers.testHandler.postMessage(error.message);
    });
</script>

Lines 52-57 a/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la.html_sec1
- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la.html +1 lines
52	},	52	},
53	challenge: new Uint8Array(16),	53	challenge: new Uint8Array(16),
54	pubKeyCredParams: [{ type: "public-key", alg: -7 }],	54	pubKeyCredParams: [{ type: "public-key", alg: -7 }],
		55	attestation: "direct",
55	timeout: 100,	56	timeout: 100,
56	}	57	}
57	};	58	};

Return to Bug 183530

Lines 1331-1336 TEST(WebAuthenticationPanel, LAMakeCredentialNoMockNoUserGesture) a/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm_sec1
- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm +30 lines
1331	checkPanel([delegate panel], @"", @[adoptNS([[NSNumber alloc] initWithInt:_WKWebAuthenticationTransportUSB]).get()], _WKWebAuthenticationTypeCreate);	1331	checkPanel([delegate panel], @"", @[adoptNS([[NSNumber alloc] initWithInt:_WKWebAuthenticationTransportUSB]).get()], _WKWebAuthenticationTypeCreate);
1332	}	1332	}
1333		1333
		1334	TEST(WebAuthenticationPanel, LAMakeCredentialRollBackCredential)
		1335	{
		1336	reset();
		1337	RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-make-credential-la-no-attestation" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
		1338
		1339	auto *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];
		1340	[[configuration preferences] _setEnabled:YES forExperimentalFeature:webAuthenticationExperimentalFeature()];
		1341
		1342	auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSZeroRect configuration:configuration]);
		1343	auto delegate = adoptNS([[TestWebAuthenticationPanelUIDelegate alloc] init]);
		1344	[webView setUIDelegate:delegate.get()];
		1345
		1346	localAuthenticatorPolicy = _WKLocalAuthenticatorPolicyAllow;
		1347	[webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
		1348	[webView waitForMessage:@"Couldn't attest: The operation couldn't complete."];
		1349
		1350	NSDictionary *query = @{
		1351	(id)kSecClass: (id)kSecClassKey,
		1352	(id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate,
		1353	(id)kSecAttrLabel: @"",
		1354	#if HAVE(DATA_PROTECTION_KEYCHAIN)
		1355	(id)kSecUseDataProtectionKeychain: @YES
		1356	#else
		1357	(id)kSecAttrNoLegacy: @YES
		1358	#endif
		1359	};
		1360	OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, nullptr);
		1361	EXPECT_EQ(status, errSecItemNotFound);
		1362	}
		1363
1334	// Skip the test because of <rdar://problem/59635486>.	1364	// Skip the test because of <rdar://problem/59635486>.
1335	#if PLATFORM(MAC)	1365	#if PLATFORM(MAC)
1336		1366

Lines 1-3 a/Source/WebKit/ChangeLog_sec1
- a/Source/WebKit/ChangeLog +19 lines
		1	2020-05-07 Jiewen Tan <jiewen_tan@apple.com>
		2
		3	[WebAuthn] Roll back newly created credentials if an error occurs
		4	https://bugs.webkit.org/show_bug.cgi?id=183530
		5	<rdar://problem/43357305>
		6
		7	Reviewed by NOBODY (OOPS!).
		8
		9	We should clean up any newly created credentials if an error occurs before the relying party
		10	registers the identity. Otherwise we are left with a dangling credential.
		11
		12	Covered by API tests.
		13
		14	* UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.h:
		15	* UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:
		16	(WebKit::LocalAuthenticator::continueMakeCredentialAfterUserVerification):
		17	(WebKit::LocalAuthenticator::continueGetAssertionAfterUserVerification):
		18	(WebKit::LocalAuthenticator::receiveException const):
		19
1	2020-05-05 David Kilzer <ddkilzer@apple.com>	20	2020-05-05 David Kilzer <ddkilzer@apple.com>
2		21
3	Fix deprecated NSGraphicsContext methods using 'graphicsPort'	22	Fix deprecated NSGraphicsContext methods using 'graphicsPort'

Lines 337-349 void LocalAuthenticator::continueMakeCredentialAfterUserVerification(SecAccessCo a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm_sec1
- a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm -6 / +25 lines
337	auto digest = PAL::CryptoDigest::create(PAL::CryptoDigest::Algorithm::SHA_1);	337	auto digest = PAL::CryptoDigest::create(PAL::CryptoDigest::Algorithm::SHA_1);
338	digest->addBytes(nsPublicKeyData.bytes, nsPublicKeyData.length);	338	digest->addBytes(nsPublicKeyData.bytes, nsPublicKeyData.length);
339	credentialId = digest->computeHash();	339	credentialId = digest->computeHash();
		340	m_provisionalCredentialId = toNSData(credentialId);
340		341
341	#ifndef NDEBUG	342	#ifndef NDEBUG
342	NSDictionary *credentialIdQuery = @{	343	NSDictionary *credentialIdQuery = @{
343	(id)kSecClass: (id)kSecClassKey,	344	(id)kSecClass: (id)kSecClassKey,
344	(id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate,	345	(id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate,
345	(id)kSecAttrLabel: secAttrLabel,	346	(id)kSecAttrLabel: secAttrLabel,
346	(id)kSecAttrApplicationLabel: toNSData(credentialId).get(),	347	(id)kSecAttrApplicationLabel: m_provisionalCredentialId.get(),
347	#if HAVE(DATA_PROTECTION_KEYCHAIN)	348	#if HAVE(DATA_PROTECTION_KEYCHAIN)
348	(id)kSecUseDataProtectionKeychain: @YES	349	(id)kSecUseDataProtectionKeychain: @YES
349	#else	350	#else
Lines 559-569 void LocalAuthenticator::continueGetAssertionAfterUserVerification(Ref<WebCore:: a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm_sec2
559	}	560	}
560	}	561	}
561		562
562	// Step 13.
563	response->setAuthenticatorData(WTFMove(authData));
564	response->setSignature(toArrayBuffer((NSData *)signature.get()));
565	receiveRespond(WTFMove(response));
566
567	// Extra step: update the Keychain item with the same value to update its modification date such that LRU can be used	563	// Extra step: update the Keychain item with the same value to update its modification date such that LRU can be used
568	// for selectAssertionResponse	564	// for selectAssertionResponse
569	NSDictionary *updateQuery = @{	565	NSDictionary *updateQuery = @{
Lines 582-594 void LocalAuthenticator::continueGetAssertionAfterUserVerification(Ref<WebCore:: a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm_sec3
582	auto status = SecItemUpdate((__bridge CFDictionaryRef)updateQuery, (__bridge CFDictionaryRef)updateParams);	578	auto status = SecItemUpdate((__bridge CFDictionaryRef)updateQuery, (__bridge CFDictionaryRef)updateParams);
583	if (status)	579	if (status)
584	LOG_ERROR("Couldn't update the Keychain item: %d", status);	580	LOG_ERROR("Couldn't update the Keychain item: %d", status);
		581
		582	// Step 13.
		583	response->setAuthenticatorData(WTFMove(authData));
		584	response->setSignature(toArrayBuffer((NSData *)signature.get()));
		585	receiveRespond(WTFMove(response));
585	}	586	}
586		587
587	void LocalAuthenticator::receiveException(ExceptionData&& exception, WebAuthenticationStatus status) const	588	void LocalAuthenticator::receiveException(ExceptionData&& exception, WebAuthenticationStatus status) const
588	{	589	{
589	LOG_ERROR(exception.message.utf8().data());	590	LOG_ERROR(exception.message.utf8().data());
		591
		592	// Roll back the just created credential.
		593	if (m_provisionalCredentialId) {
		594	NSDictionary* deleteQuery = @{
		595	(id)kSecClass: (id)kSecClassKey,
		596	(id)kSecAttrApplicationLabel: m_provisionalCredentialId.get(),
		597	#if HAVE(DATA_PROTECTION_KEYCHAIN)
		598	(id)kSecUseDataProtectionKeychain: @YES
		599	#else
		600	(id)kSecAttrNoLegacy: @YES
		601	#endif
		602	};
		603	OSStatus status = SecItemDelete((__bridge CFDictionaryRef)deleteQuery);
		604	if (status)
		605	LOG_ERROR(makeString("Couldn't delete provisional credential while handling error: "_s, status).utf8().data());
		606	}
		607
590	if (auto* observer = this->observer())	608	if (auto* observer = this->observer())
591	observer->authenticatorStatusUpdated(status);	609	observer->authenticatorStatusUpdated(status);
		610
592	receiveRespond(WTFMove(exception));	611	receiveRespond(WTFMove(exception));
593	return;	612	return;
594	}	613	}

Lines 1-3 a/Tools/ChangeLog_sec1
- a/Tools/ChangeLog +14 lines
		1	2020-05-07 Jiewen Tan <jiewen_tan@apple.com>
		2
		3	[WebAuthn] Roll back newly created credentials if an error occurs
		4	https://bugs.webkit.org/show_bug.cgi?id=183530
		5	<rdar://problem/43357305>
		6
		7	Reviewed by NOBODY (OOPS!).
		8
		9	* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
		10	* TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:
		11	(TestWebKitAPI::TEST):
		12	* TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-attestation.html: Added.
		13	* TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la.html:
		14
1	2020-05-05 Ross Kirsling <ross.kirsling@sony.com>	15	2020-05-05 Ross Kirsling <ross.kirsling@sony.com>
2		16
3	[ECMA-402] Implement Intl.Locale	17	[ECMA-402] Implement Intl.Locale

Lines 339-344 a/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj_sec1
- a/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj -1 / +5 lines
339	55A817FF2181021A0004A39A /* 100x100-red.tga in Copy Resources / = {isa = PBXBuildFile; fileRef = 55A817FE218101DF0004A39A / 100x100-red.tga */; };	339	55A817FF2181021A0004A39A /* 100x100-red.tga in Copy Resources / = {isa = PBXBuildFile; fileRef = 55A817FE218101DF0004A39A / 100x100-red.tga */; };
340	55A81800218102210004A39A /* 400x400-green.png in Copy Resources / = {isa = PBXBuildFile; fileRef = 55A817FD218101DF0004A39A / 400x400-green.png */; };	340	55A81800218102210004A39A /* 400x400-green.png in Copy Resources / = {isa = PBXBuildFile; fileRef = 55A817FD218101DF0004A39A / 400x400-green.png */; };
341	55F9D2E52205031800A9AB38 /* AdditionalSupportedImageTypes.mm in Sources / = {isa = PBXBuildFile; fileRef = 55F9D2E42205031800A9AB38 / AdditionalSupportedImageTypes.mm */; };	341	55F9D2E52205031800A9AB38 /* AdditionalSupportedImageTypes.mm in Sources / = {isa = PBXBuildFile; fileRef = 55F9D2E42205031800A9AB38 / AdditionalSupportedImageTypes.mm */; };
		342	5703BB8D2463F88700475FB2 /* web-authentication-make-credential-la-no-attestation.html in Copy Resources / = {isa = PBXBuildFile; fileRef = 5703BB8C2463F87200475FB2 / web-authentication-make-credential-la-no-attestation.html */; };
342	570D26F423C3CA6A00D5CF67 /* web-authentication-make-credential-hid-pin-get-key-agreement-error.html in Copy Resources / = {isa = PBXBuildFile; fileRef = 570D26F323C3CA5500D5CF67 / web-authentication-make-credential-hid-pin-get-key-agreement-error.html */; };	343	570D26F423C3CA6A00D5CF67 /* web-authentication-make-credential-hid-pin-get-key-agreement-error.html in Copy Resources / = {isa = PBXBuildFile; fileRef = 570D26F323C3CA5500D5CF67 / web-authentication-make-credential-hid-pin-get-key-agreement-error.html */; };
343	570D26F623C3D33000D5CF67 /* web-authentication-make-credential-hid-pin.html in Copy Resources / = {isa = PBXBuildFile; fileRef = 570D26F523C3D32700D5CF67 / web-authentication-make-credential-hid-pin.html */; };	344	570D26F623C3D33000D5CF67 /* web-authentication-make-credential-hid-pin.html in Copy Resources / = {isa = PBXBuildFile; fileRef = 570D26F523C3D32700D5CF67 / web-authentication-make-credential-hid-pin.html */; };
344	570D26FA23C3F25100D5CF67 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html in Copy Resources / = {isa = PBXBuildFile; fileRef = 570D26F923C3F24500D5CF67 / web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html */; };	345	570D26FA23C3F25100D5CF67 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html in Copy Resources / = {isa = PBXBuildFile; fileRef = 570D26F923C3F24500D5CF67 / web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html */; };
Lines 1578-1583 a/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj_sec2
1578	5798337E236019A4008E5547 /* web-authentication-make-credential-hid.html in Copy Resources */,	1579	5798337E236019A4008E5547 /* web-authentication-make-credential-hid.html in Copy Resources */,
1579	5742178A2400AED8002B303D /* web-authentication-make-credential-la-duplicate-credential.html in Copy Resources */,	1580	5742178A2400AED8002B303D /* web-authentication-make-credential-la-duplicate-credential.html in Copy Resources */,
1580	574217882400AC25002B303D /* web-authentication-make-credential-la-error.html in Copy Resources */,	1581	574217882400AC25002B303D /* web-authentication-make-credential-la-error.html in Copy Resources */,
		1582	5703BB8D2463F88700475FB2 /* web-authentication-make-credential-la-no-attestation.html in Copy Resources */,
1581	57EDFC5C245A1A3F00959521 /* web-authentication-make-credential-la-no-mock.html in Copy Resources */,	1583	57EDFC5C245A1A3F00959521 /* web-authentication-make-credential-la-no-mock.html in Copy Resources */,
1582	5742178E2400D2DF002B303D /* web-authentication-make-credential-la.html in Copy Resources */,	1584	5742178E2400D2DF002B303D /* web-authentication-make-credential-la.html in Copy Resources */,
1583	1C2B81861C89259D00A5529F /* webfont.html in Copy Resources */,	1585	1C2B81861C89259D00A5529F /* webfont.html in Copy Resources */,
Lines 1999-2004 a/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj_sec3
1999	55A817FD218101DF0004A39A /* 400x400-green.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "400x400-green.png"; sourceTree = "<group>"; };	2001	55A817FD218101DF0004A39A /* 400x400-green.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "400x400-green.png"; sourceTree = "<group>"; };
2000	55A817FE218101DF0004A39A /* 100x100-red.tga */ = {isa = PBXFileReference; lastKnownFileType = file; path = "100x100-red.tga"; sourceTree = "<group>"; };	2002	55A817FE218101DF0004A39A /* 100x100-red.tga */ = {isa = PBXFileReference; lastKnownFileType = file; path = "100x100-red.tga"; sourceTree = "<group>"; };
2001	55F9D2E42205031800A9AB38 /* AdditionalSupportedImageTypes.mm */ = {isa = PBXFileReference; explicitFileType = sourcecode.cpp.objcpp; path = AdditionalSupportedImageTypes.mm; sourceTree = "<group>"; };	2003	55F9D2E42205031800A9AB38 /* AdditionalSupportedImageTypes.mm */ = {isa = PBXFileReference; explicitFileType = sourcecode.cpp.objcpp; path = AdditionalSupportedImageTypes.mm; sourceTree = "<group>"; };
		2004	5703BB8C2463F87200475FB2 /* web-authentication-make-credential-la-no-attestation.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-la-no-attestation.html"; sourceTree = "<group>"; };
2002	570D26F323C3CA5500D5CF67 /* web-authentication-make-credential-hid-pin-get-key-agreement-error.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-hid-pin-get-key-agreement-error.html"; sourceTree = "<group>"; };	2005	570D26F323C3CA5500D5CF67 /* web-authentication-make-credential-hid-pin-get-key-agreement-error.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-hid-pin-get-key-agreement-error.html"; sourceTree = "<group>"; };
2003	570D26F523C3D32700D5CF67 /* web-authentication-make-credential-hid-pin.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-hid-pin.html"; sourceTree = "<group>"; };	2006	570D26F523C3D32700D5CF67 /* web-authentication-make-credential-hid-pin.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-hid-pin.html"; sourceTree = "<group>"; };
2004	570D26F923C3F24500D5CF67 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html"; sourceTree = "<group>"; };	2007	570D26F923C3F24500D5CF67 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-hid-pin-get-pin-token-pin-blocked-error.html"; sourceTree = "<group>"; };
Lines 3708-3713 a/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj_sec4
3708	5798337D2360196D008E5547 /* web-authentication-make-credential-hid.html */,	3711	5798337D2360196D008E5547 /* web-authentication-make-credential-hid.html */,
3709	574217892400AED0002B303D /* web-authentication-make-credential-la-duplicate-credential.html */,	3712	574217892400AED0002B303D /* web-authentication-make-credential-la-duplicate-credential.html */,
3710	574217872400ABFD002B303D /* web-authentication-make-credential-la-error.html */,	3713	574217872400ABFD002B303D /* web-authentication-make-credential-la-error.html */,
		3714	5703BB8C2463F87200475FB2 /* web-authentication-make-credential-la-no-attestation.html */,
3711	57EDFC5B245A18F500959521 /* web-authentication-make-credential-la-no-mock.html */,	3715	57EDFC5B245A18F500959521 /* web-authentication-make-credential-la-no-mock.html */,
3712	5742178D2400D26C002B303D /* web-authentication-make-credential-la.html */,	3716	5742178D2400D26C002B303D /* web-authentication-make-credential-la.html */,
3713	51714EB21CF8C761004723C4 /* WebProcessKillIDBCleanup-1.html */,	3717	51714EB21CF8C761004723C4 /* WebProcessKillIDBCleanup-1.html */,
Lines 4657-4662 a/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj_sec5
4657	buildActionMask = 2147483647;	4661	buildActionMask = 2147483647;
4658	files = (	4662	files = (
4659	7C83DE991D0A590C00FEBCF3 /* AtomString.cpp in Sources */,	4663	7C83DE991D0A590C00FEBCF3 /* AtomString.cpp in Sources */,
		4664	FE2D9474245EB2F400E48135 /* Bitmap.cpp in Sources */,
4660	1ADAD1501D77A9F600212586 /* BlockPtr.mm in Sources */,	4665	1ADAD1501D77A9F600212586 /* BlockPtr.mm in Sources */,
4661	7C83DE9C1D0A590C00FEBCF3 /* BloomFilter.cpp in Sources */,	4666	7C83DE9C1D0A590C00FEBCF3 /* BloomFilter.cpp in Sources */,
4662	04DB2396235E43EC00328F17 /* BumpPointerAllocator.cpp in Sources */,	4667	04DB2396235E43EC00328F17 /* BumpPointerAllocator.cpp in Sources */,
Lines 4702-4708 a/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj_sec6
4702	E38D65CB23A45FAA0063D69A /* PackedRefPtr.cpp in Sources */,	4707	E38D65CB23A45FAA0063D69A /* PackedRefPtr.cpp in Sources */,
4703	7C83DF591D0A590C00FEBCF3 /* ParkingLot.cpp in Sources */,	4708	7C83DF591D0A590C00FEBCF3 /* ParkingLot.cpp in Sources */,
4704	53EC25411E96FD87000831B9 /* PriorityQueue.cpp in Sources */,	4709	53EC25411E96FD87000831B9 /* PriorityQueue.cpp in Sources */,
4705	FE2D9474245EB2F400E48135 /* Bitmap.cpp in Sources */,
4706	7C83DF131D0A590C00FEBCF3 /* RedBlackTree.cpp in Sources */,	4710	7C83DF131D0A590C00FEBCF3 /* RedBlackTree.cpp in Sources */,
4707	7C83DF141D0A590C00FEBCF3 /* Ref.cpp in Sources */,	4711	7C83DF141D0A590C00FEBCF3 /* Ref.cpp in Sources */,
4708	7C83DF151D0A590C00FEBCF3 /* RefCounter.cpp in Sources */,	4712	7C83DF151D0A590C00FEBCF3 /* RefCounter.cpp in Sources */,

Line 0 a/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-attestation.html_sec1
- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-attestation.html +42 lines
	1	<input type="text" id="input">
	2	<script>
	3	const testES256PrivateKeyBase64 =
	4	"BDj/zxSkzKgaBuS3cdWDF558of8AaIpgFpsjF/Qm1749VBJPgqUIwfhWHJ91nb7U" +
	5	"PH76c0+WFOzZKslPyyFse4goGIW2R7k9VHLPEZl5nfnBgEVFh5zev+/xpHQIvuq6" +
	6	"RQ==";
	7	if (window.internals) {
	8	internals.setMockWebAuthenticationConfiguration({
	9	local: {
	10	userVerification: "yes",
	11	acceptAttestation: false,
	12	privateKeyBase64: testES256PrivateKeyBase64,
	13	}
	14	});
	15	internals.withUserGesture(() => { input.focus(); });
	16	}
	17
	18	const options = {
	19	publicKey: {
	20	rp: {
	21	name: "localhost",
	22	},
	23	user: {
	24	name: "John Appleseed",
	25	id: new Uint8Array(16),
	26	displayName: "Appleseed",
	27	},
	28	challenge: new Uint8Array(16),
	29	pubKeyCredParams: [{ type: "public-key", alg: -7 }],
	30	attestation: "direct",
	31	timeout: 100,
	32	}
	33	};
	34
	35	navigator.credentials.create(options).then(credential => {
	36	// console.log("Succeeded!");
	37	window.webkit.messageHandlers.testHandler.postMessage("Succeeded!");
	38	}, error => {
	39	// console.log(error.message);
	40	window.webkit.messageHandlers.testHandler.postMessage(error.message);
	41	});
	42	</script>