WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
[patch]
Patch
bug-182772-20190802144758.patch (text/plain), 32.29 KB, created by
Jiewen Tan
on 2019-08-02 14:47:59 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Jiewen Tan
Created:
2019-08-02 14:47:59 PDT
Size:
32.29 KB
patch
obsolete
>Subversion Revision: 248141 >diff --git a/Source/WTF/ChangeLog b/Source/WTF/ChangeLog >index 2ecde1623f18fba4dd1458492e2f752dab289dcf..1ec25afe35c6d6c7a0f50eb27f0e8d552c1dbb4f 100644 >--- a/Source/WTF/ChangeLog >+++ b/Source/WTF/ChangeLog >@@ -1,3 +1,16 @@ >+2019-05-23 Jiewen Tan <jiewen_tan@apple.com> >+ >+ [WebAuthN] Enable LocalAuthenticator for macOS >+ https://bugs.webkit.org/show_bug.cgi?id=182772 >+ <rdar://problem/43347920> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * wtf/Platform.h: >+ Adds HAVE_DEVICE_IDENTITY. >+ * wtf/spi/cocoa/SecuritySPI.h: >+ Adds a SPI for telling macOS keychain to use the modern one. >+ > 2019-08-01 Alex Christensen <achristensen@webkit.org> > > Move FormData zip file generation to NetworkProcess and enable it for all WebKit clients for uploading directories >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 34661377dfb57f1527cc1ae5393c13cb5c80191c..2f55dc83603f4f7c1ef74d3daf45130f9949c7b3 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,32 @@ >+2019-05-23 Jiewen Tan <jiewen_tan@apple.com> >+ >+ [WebAuthN] Enable LocalAuthenticator for macOS >+ https://bugs.webkit.org/show_bug.cgi?id=182772 >+ <rdar://problem/43347920> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ This patch enables LocalAuthenticator for macOS. The majority >+ of this patch is to tweak macOS keychain to use the modern one. >+ >+ * Configurations/WebKit.xcconfig: >+ * Platform/spi/Cocoa/DeviceIdentitySPI.h: >+ * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: >+ (WebKit::LocalAuthenticatorInternal::toVector): >+ (WebKit::LocalAuthenticator::makeCredential): >+ (WebKit::LocalAuthenticator::continueMakeCredentialAfterUserConsented): >+ (WebKit::LocalAuthenticator::continueMakeCredentialAfterAttested): >+ (WebKit::LocalAuthenticator::getAssertion): >+ (WebKit::LocalAuthenticator::continueGetAssertionAfterUserConsented): >+ * UIProcess/WebAuthentication/Cocoa/LocalConnection.mm: >+ (WebKit::LocalConnection::getUserConsent const): >+ (WebKit::LocalConnection::getAttestation const): >+ * UIProcess/WebAuthentication/Cocoa/LocalService.mm: >+ (WebKit::LocalService::isAvailable): >+ * UIProcess/WebAuthentication/Mock/MockLocalConnection.mm: >+ (WebKit::MockLocalConnection::getAttestation const): >+ * config.h: >+ > 2019-08-01 Alex Christensen <achristensen@webkit.org> > > Move FormData zip file generation to NetworkProcess and enable it for all WebKit clients for uploading directories >diff --git a/Source/WTF/wtf/Platform.h b/Source/WTF/wtf/Platform.h >index 9836c290e1a57ff49f71235fd9effa43f984a2d2..37e8be76adf0ed3b3a1bb83a85463ebe6cf38552 100644 >--- a/Source/WTF/wtf/Platform.h >+++ b/Source/WTF/wtf/Platform.h >@@ -1624,3 +1624,7 @@ > #if (PLATFORM(IOS_FAMILY) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 130000) || (PLATFORM(WATCHOS) && __WATCH_OS_VERSION_MIN_REQUIRED >= 60000) || (PLATFORM(APPLETV) && __TV_OS_VERSION_MIN_REQUIRED >= 130000) > #define USE_HIRAGINO_SANS_WORKAROUND 1 > #endif >+ >+#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400) || (PLATFORM(IOS) && !PLATFORM(IOS_SIMULATOR)) >+#define HAVE_DEVICE_IDENTITY 1 >+#endif >diff --git a/Source/WTF/wtf/spi/cocoa/SecuritySPI.h b/Source/WTF/wtf/spi/cocoa/SecuritySPI.h >index e3f6aeec447c822274aac4ff6041f31cc680d546..77dc830a3eee6bdab60cbacf3641496d4f3823b5 100644 >--- a/Source/WTF/wtf/spi/cocoa/SecuritySPI.h >+++ b/Source/WTF/wtf/spi/cocoa/SecuritySPI.h >@@ -30,6 +30,7 @@ > #include <Security/SecAccessControlPriv.h> > #include <Security/SecCertificatePriv.h> > #include <Security/SecIdentityPriv.h> >+#include <Security/SecItemPriv.h> > #include <Security/SecKeyPriv.h> > #include <Security/SecTask.h> > #include <Security/SecTrustPriv.h> >@@ -62,10 +63,11 @@ OSStatus SecTrustedApplicationCreateFromPath(const char* path, SecTrustedApplica > #endif > > SecSignatureHashAlgorithm SecCertificateGetSignatureHashAlgorithm(SecCertificateRef); >+extern const CFStringRef kSecAttrNoLegacy; > > WTF_EXTERN_C_END > >-#endif >+#endif // USE(APPLE_INTERNAL_SDK) > > typedef struct __SecTask *SecTaskRef; > typedef struct __SecTrust *SecTrustRef; >diff --git a/Source/WebKit/Configurations/WebKit.xcconfig b/Source/WebKit/Configurations/WebKit.xcconfig >index e1297622692a9b4853850ad6f33073ef9e287c50..20f3542789688bdca7b5487c2cbc3651259c4575 100644 >--- a/Source/WebKit/Configurations/WebKit.xcconfig >+++ b/Source/WebKit/Configurations/WebKit.xcconfig >@@ -172,8 +172,10 @@ WK_FRAMEWORK_HEADER_POSTPROCESSING_DISABLED[sdk=iphone*12.*] = YES; > WK_RELOCATABLE_FRAMEWORK_LDFLAGS = $(WK_RELOCATABLE_FRAMEWORK_LDFLAGS_$(WK_RELOCATABLE_FRAMEWORKS)_$(WK_PLATFORM_NAME)); > WK_RELOCATABLE_FRAMEWORK_LDFLAGS_YES_macosx = -Wl,-not_for_dyld_shared_cache; > >-WK_HAVE_DEVICE_IDENTITY = $(WK_HAVE_DEVICE_IDENTITY_$(PLATFORM_NAME)); >+WK_HAVE_DEVICE_IDENTITY = $(WK_HAVE_DEVICE_IDENTITY_$(WK_PLATFORM_NAME)); > WK_HAVE_DEVICE_IDENTITY_iphoneos = YES; >+WK_HAVE_DEVICE_IDENTITY_macosx = $(WK_HAVE_DEVICE_IDENTITY$(WK_MACOS_1014)); >+WK_HAVE_DEVICE_IDENTITY_MACOS_SINCE_1014 = YES; > > WK_HAVE_URL_FORMATTING = $(WK_HAVE_URL_FORMATTING_$(WK_PLATFORM_NAME)); > WK_HAVE_URL_FORMATTING_iphoneos = $(WK_HAVE_URL_FORMATTING$(WK_IOS_12)); >diff --git a/Source/WebKit/Platform/spi/Cocoa/DeviceIdentitySPI.h b/Source/WebKit/Platform/spi/Cocoa/DeviceIdentitySPI.h >index 03203e2604322aa7a29d1833edb754b9cc235dca..7477e409721bea367811145cccabfb606d5398b1 100644 >--- a/Source/WebKit/Platform/spi/Cocoa/DeviceIdentitySPI.h >+++ b/Source/WebKit/Platform/spi/Cocoa/DeviceIdentitySPI.h >@@ -27,7 +27,7 @@ > > #if ENABLE(WEB_AUTHN) > >-#if PLATFORM(IOS_FAMILY) && !PLATFORM(IOS_FAMILY_SIMULATOR) >+#if HAVE(DEVICE_IDENTITY) > > #if USE(APPLE_INTERNAL_SDK) > >@@ -54,6 +54,6 @@ void DeviceIdentityIssueClientCertificateWithCompletion(dispatch_queue_t _Nullab > > #endif // USE(APPLE_INTERNAL_SDK) > >-#endif // PLATFORM(IOS_FAMILY) && !PLATFORM(IOS_FAMILY_SIMULATOR) >+#endif // HAVE(DEVICE_IDENTITY) > > #endif // ENABLE(WEB_AUTHN) >diff --git a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm b/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm >index 9c0314f9b3f689ca2148a369373717fec93e20ae..7d7a27050a4b44958637f053e5016d5566864fd6 100644 >--- a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm >+++ b/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm >@@ -41,6 +41,7 @@ > #import <wtf/RetainPtr.h> > #import <wtf/RunLoop.h> > #import <wtf/Vector.h> >+#import <wtf/spi/cocoa/SecuritySPI.h> > #import <wtf/text/StringHash.h> > > namespace WebKit { >@@ -54,7 +55,6 @@ const uint8_t getAssertionFlags = 0b00000101; // UP and UV are set. > // Credential ID is currently SHA-1 of the corresponding public key. > const uint16_t credentialIdLength = 20; > >-#if PLATFORM(IOS_FAMILY) > static inline bool emptyTransportsOrContain(const Vector<AuthenticatorTransport>& transports, AuthenticatorTransport target) > { > return transports.isEmpty() ? true : transports.contains(target); >@@ -78,7 +78,6 @@ static inline Vector<uint8_t> toVector(NSData *data) > result.append(reinterpret_cast<const uint8_t*>(data.bytes), data.length); > return result; > } >-#endif // !PLATFORM(IOS_FAMILY) > > } // LocalAuthenticatorInternal > >@@ -89,12 +88,10 @@ LocalAuthenticator::LocalAuthenticator(UniqueRef<LocalConnection>&& connection) > > void LocalAuthenticator::makeCredential() > { >- // FIXME(182772) > using namespace LocalAuthenticatorInternal; > ASSERT(m_state == State::Init); > m_state = State::RequestReceived; > >-#if PLATFORM(IOS_FAMILY) > // The following implements https://www.w3.org/TR/webauthn/#op-make-cred as of 5 December 2017. > // Skip Step 4-5 as requireResidentKey and requireUserVerification are enforced. > // Skip Step 9 as extensions are not supported yet. >@@ -122,6 +119,7 @@ void LocalAuthenticator::makeCredential() > (id)kSecAttrLabel: requestData().creationOptions.rp.id, > (id)kSecReturnAttributes: @YES, > (id)kSecMatchLimit: (id)kSecMatchLimitAll, >+ (id)kSecAttrNoLegacy: @YES > }; > CFTypeRef attributesArrayRef = nullptr; > OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &attributesArrayRef); >@@ -152,18 +150,15 @@ void LocalAuthenticator::makeCredential() > weakThis->continueMakeCredentialAfterUserConsented(consent); > }; > m_connection->getUserConsent( >- "Allow " + requestData().creationOptions.rp.id + " to create a public key credential for " + requestData().creationOptions.user.name, >+ "allow " + requestData().creationOptions.rp.id + " to create a public key credential for " + requestData().creationOptions.user.name, > WTFMove(callback)); >-#endif // !PLATFORM(IOS_FAMILY) > } > > void LocalAuthenticator::continueMakeCredentialAfterUserConsented(LocalConnection::UserConsent consent) > { >- // FIXME(182772) > ASSERT(m_state == State::RequestReceived); > m_state = State::UserConsented; > >-#if PLATFORM(IOS_FAMILY) > if (consent == LocalConnection::UserConsent::No) { > receiveRespond(ExceptionData { NotAllowedError, "Couldn't get user consent."_s }); > return; >@@ -176,6 +171,7 @@ void LocalAuthenticator::continueMakeCredentialAfterUserConsented(LocalConnectio > (id)kSecClass: (id)kSecClassKey, > (id)kSecAttrLabel: requestData().creationOptions.rp.id, > (id)kSecAttrApplicationTag: [NSData dataWithBytes:requestData().creationOptions.user.idVector.data() length:requestData().creationOptions.user.idVector.size()], >+ (id)kSecAttrNoLegacy: @YES > }; > OSStatus status = SecItemDelete((__bridge CFDictionaryRef)deleteQuery); > if (status && status != errSecItemNotFound) { >@@ -192,18 +188,15 @@ void LocalAuthenticator::continueMakeCredentialAfterUserConsented(LocalConnectio > weakThis->continueMakeCredentialAfterAttested(privateKey, certificates, error); > }; > m_connection->getAttestation(requestData().creationOptions.rp.id, requestData().creationOptions.user.name, requestData().hash, WTFMove(callback)); >-#endif // !PLATFORM(IOS_FAMILY) > } > > void LocalAuthenticator::continueMakeCredentialAfterAttested(SecKeyRef privateKey, NSArray *certificates, NSError *error) > { >- // FIXME(182772) > using namespace LocalAuthenticatorInternal; > > ASSERT(m_state == State::UserConsented); > m_state = State::Attested; > >-#if PLATFORM(IOS_FAMILY) > if (error) { > LOG_ERROR("Couldn't attest: %@", error); > receiveRespond(ExceptionData { UnknownError, "Unknown internal error."_s }); >@@ -227,13 +220,14 @@ void LocalAuthenticator::continueMakeCredentialAfterAttested(SecKeyRef privateKe > // FIXME(183533): DeviceIdentity.Framework would insert certificates into Keychain as well. We should update those as well. > Vector<uint8_t> credentialId; > { >- // -rk is added by DeviceIdentity.Framework. >- String label = makeString(requestData().creationOptions.user.name, "@", requestData().creationOptions.rp.id, "-rk"); >+ // -rk-ucrt is added by DeviceIdentity.Framework. >+ String label = makeString(requestData().creationOptions.user.name, "@", requestData().creationOptions.rp.id, "-rk-ucrt"); > NSDictionary *credentialIdQuery = @{ > (id)kSecClass: (id)kSecClassKey, > (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate, > (id)kSecAttrLabel: label, >- (id)kSecReturnAttributes: @YES >+ (id)kSecReturnAttributes: @YES, >+ (id)kSecAttrNoLegacy: @YES > }; > CFTypeRef attributesRef = nullptr; > OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)credentialIdQuery, &attributesRef); >@@ -251,6 +245,7 @@ void LocalAuthenticator::continueMakeCredentialAfterAttested(SecKeyRef privateKe > (id)kSecClass: (id)kSecClassKey, > (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate, > (id)kSecAttrApplicationLabel: nsAttributes[(id)kSecAttrApplicationLabel], >+ (id)kSecAttrNoLegacy: @YES > }; > NSDictionary *updateParams = @{ > (id)kSecAttrLabel: requestData().creationOptions.rp.id, >@@ -327,17 +322,14 @@ void LocalAuthenticator::continueMakeCredentialAfterAttested(SecKeyRef privateKe > auto attestationObject = buildAttestationObject(WTFMove(authData), "Apple", WTFMove(attestationStatementMap), requestData().creationOptions.attestation); > > receiveRespond(PublicKeyCredentialData { ArrayBuffer::create(credentialId.data(), credentialId.size()), true, nullptr, ArrayBuffer::create(attestationObject.data(), attestationObject.size()), nullptr, nullptr, nullptr, WTF::nullopt }); >-#endif // !PLATFORM(IOS_FAMILY) > } > > void LocalAuthenticator::getAssertion() > { >- // FIXME(182772) > using namespace LocalAuthenticatorInternal; > ASSERT(m_state == State::Init); > m_state = State::RequestReceived; > >-#if PLATFORM(IOS_FAMILY) > // The following implements https://www.w3.org/TR/webauthn/#op-get-assertion as of 5 December 2017. > // Skip Step 2 as requireUserVerification is enforced. > // Skip Step 8 as extensions are not supported yet. >@@ -355,7 +347,8 @@ void LocalAuthenticator::getAssertion() > (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate, > (id)kSecAttrLabel: requestData().requestOptions.rpId, > (id)kSecReturnAttributes: @YES, >- (id)kSecMatchLimit: (id)kSecMatchLimitAll >+ (id)kSecMatchLimit: (id)kSecMatchLimitAll, >+ (id)kSecAttrNoLegacy: @YES > }; > CFTypeRef attributesArrayRef = nullptr; > OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &attributesArrayRef); >@@ -401,22 +394,19 @@ void LocalAuthenticator::getAssertion() > weakThis->continueGetAssertionAfterUserConsented(consent, context, credentialId, userhandle); > }; > NSData *idData = selectedCredentialAttributes[(id)kSecAttrApplicationTag]; >- StringView idStringView { static_cast<const LChar*>([idData bytes]), static_cast<unsigned>([idData length]) }; >+ StringView idStringView { static_cast<const UChar*>([idData bytes]), static_cast<unsigned>([idData length]) }; > m_connection->getUserConsent( >- makeString("Log into ", requestData().requestOptions.rpId, " with ", idStringView, '.'), >+ makeString("log into ", requestData().requestOptions.rpId, " with ", idStringView), > (__bridge SecAccessControlRef)selectedCredentialAttributes[(id)kSecAttrAccessControl], > WTFMove(callback)); >-#endif // PLATFORM(IOS_FAMILY) > } > > void LocalAuthenticator::continueGetAssertionAfterUserConsented(LocalConnection::UserConsent consent, LAContext *context, const Vector<uint8_t>& credentialId, const Vector<uint8_t>& userhandle) > { >- // FIXME(182772) > using namespace LocalAuthenticatorInternal; > ASSERT(m_state == State::RequestReceived); > m_state = State::UserConsented; > >-#if PLATFORM(IOS_FAMILY) > if (consent == LocalConnection::UserConsent::No) { > receiveRespond(ExceptionData { NotAllowedError, "Couldn't get user consent."_s }); > return; >@@ -437,6 +427,7 @@ void LocalAuthenticator::continueGetAssertionAfterUserConsented(LocalConnection: > (id)kSecAttrApplicationLabel: [NSData dataWithBytes:credentialId.data() length:credentialId.size()], > (id)kSecUseAuthenticationContext: context, > (id)kSecReturnRef: @YES, >+ (id)kSecAttrNoLegacy: @YES > }; > CFTypeRef privateKeyRef = nullptr; > OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &privateKeyRef); >@@ -464,7 +455,6 @@ void LocalAuthenticator::continueGetAssertionAfterUserConsented(LocalConnection: > > // Step 13. > receiveRespond(PublicKeyCredentialData { ArrayBuffer::create(credentialId.data(), credentialId.size()), false, nullptr, nullptr, ArrayBuffer::create(authData.data(), authData.size()), ArrayBuffer::create(signature.data(), signature.size()), ArrayBuffer::create(userhandle.data(), userhandle.size()), WTF::nullopt }); >-#endif // !PLATFORM(IOS_FAMILY) > } > > } // namespace WebKit >diff --git a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm b/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm >index 944705c269cb1356958bf7465dbfc90d30012565..9c9896910309e3e70d5d1f825e1fc26e893f88e9 100644 >--- a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm >+++ b/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm >@@ -39,8 +39,6 @@ namespace WebKit { > > void LocalConnection::getUserConsent(const String& reason, UserConsentCallback&& completionHandler) const > { >- // FIXME(182772) >-#if PLATFORM(IOS_FAMILY) > auto context = adoptNS([allocLAContextInstance() init]); > auto reply = makeBlockPtr([completionHandler = WTFMove(completionHandler)] (BOOL success, NSError *error) mutable { > ASSERT(!RunLoop::isMain()); >@@ -55,13 +53,10 @@ void LocalConnection::getUserConsent(const String& reason, UserConsentCallback&& > }); > }); > [context evaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics localizedReason:reason reply:reply.get()]; >-#endif > } > > void LocalConnection::getUserConsent(const String& reason, SecAccessControlRef accessControl, UserConsentContextCallback&& completionHandler) const > { >- // FIXME(182772) >-#if PLATFORM(IOS_FAMILY) > auto context = adoptNS([allocLAContextInstance() init]); > auto reply = makeBlockPtr([context, completionHandler = WTFMove(completionHandler)] (BOOL success, NSError *error) mutable { > ASSERT(!RunLoop::isMain()); >@@ -76,13 +71,11 @@ void LocalConnection::getUserConsent(const String& reason, SecAccessControlRef a > }); > }); > [context evaluateAccessControl:accessControl operation:LAAccessControlOperationUseKeySign localizedReason:reason reply:reply.get()]; >-#endif > } > > void LocalConnection::getAttestation(const String& rpId, const String& username, const Vector<uint8_t>& hash, AttestationCallback&& completionHandler) const > { >- // DeviceIdentity.Framework is not avaliable in iOS simulator. >-#if PLATFORM(IOS_FAMILY) && !PLATFORM(IOS_FAMILY_SIMULATOR) >+#if HAVE(DEVICE_IDENTITY) > // Apple Attestation > ASSERT(hash.size() <= 32); > >@@ -114,7 +107,7 @@ void LocalConnection::getAttestation(const String& rpId, const String& username, > > // FIXME(183652): Reduce prompt for biometrics > DeviceIdentityIssueClientCertificateWithCompletion(dispatch_get_main_queue(), options, makeBlockPtr(WTFMove(completionHandler)).get()); >-#endif >+#endif // HAVE(DEVICE_IDENTITY) > } > > } // namespace WebKit >diff --git a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalService.mm b/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalService.mm >index f40696cd112b07749a75d77cdc271797d00faa88..3249b0e01767256ff8e3447d6f44f5a80ac17f8f 100644 >--- a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalService.mm >+++ b/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalService.mm >@@ -41,12 +41,10 @@ LocalService::LocalService(Observer& observer) > { > } > >+// FIXME(rdar://problem/51048542) > bool LocalService::isAvailable() > { >-// FIXME(182772) >-#if !PLATFORM(IOS_FAMILY) >- return false; >-#else >+ // FIXME(198176) > if (!WebCore::RuntimeEnabledFeatures::sharedFeatures().webAuthenticationLocalAuthenticatorEnabled()) > return false; > >@@ -57,7 +55,6 @@ bool LocalService::isAvailable() > return false; > } > return true; >-#endif > } > > void LocalService::startDiscoveryInternal() >diff --git a/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.mm b/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.mm >index ca765e582a6bb8646f3e017db76466692eb617a7..86e0790d1680121ee7e1ff7ba69766514adf5b99 100644 >--- a/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.mm >+++ b/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.mm >@@ -92,7 +92,7 @@ void MockLocalConnection::getAttestation(const String& rpId, const String& usern > ASSERT(!errorRef); > > // Mock what DeviceIdentity would do. >- String label = makeString(username, "@", rpId, "-rk"); >+ String label = makeString(username, "@", rpId, "-rk-ucrt"); > NSDictionary* addQuery = @{ > (id)kSecValueRef: (id)key.get(), > (id)kSecClass: (id)kSecClassKey, >diff --git a/Tools/ChangeLog b/Tools/ChangeLog >index 9a509d424d18b53782b1aeb0539cbf0a524f8fd6..91b043acbe4d1786d74231402797cf00dfe5bc6a 100644 >--- a/Tools/ChangeLog >+++ b/Tools/ChangeLog >@@ -1,3 +1,22 @@ >+2019-05-23 Jiewen Tan <jiewen_tan@apple.com> >+ >+ [WebAuthN] Enable LocalAuthenticator for macOS >+ https://bugs.webkit.org/show_bug.cgi?id=182772 >+ <rdar://problem/43347920> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Add an entitlement file to WebKitTestRunner such that it can access >+ the modern macOS keychain. >+ >+ * WebKitTestRunner/Configurations/WebKitTestRunner.entitlements: Added. >+ * WebKitTestRunner/Configurations/WebKitTestRunner.xcconfig: >+ * WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj: >+ * WebKitTestRunner/cocoa/TestControllerCocoa.mm: >+ (WTR::TestController::addTestKeyToKeychain): >+ (WTR::TestController::cleanUpKeychain): >+ (WTR::TestController::keyExistsInKeychain): >+ > 2019-08-01 Alex Christensen <achristensen@webkit.org> > > Move FormData zip file generation to NetworkProcess and enable it for all WebKit clients for uploading directories >diff --git a/Tools/WebKitTestRunner/Configurations/WebKitTestRunner.entitlements b/Tools/WebKitTestRunner/Configurations/WebKitTestRunner.entitlements >new file mode 100644 >index 0000000000000000000000000000000000000000..1fb4827795659794e860bfec1b264074a11c2492 >--- /dev/null >+++ b/Tools/WebKitTestRunner/Configurations/WebKitTestRunner.entitlements >@@ -0,0 +1,10 @@ >+<?xml version="1.0" encoding="UTF-8"?> >+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> >+<plist version="1.0"> >+ <dict> >+ <key>keychain-access-groups</key> >+ <array> >+ <string>com.apple.WebKitTestRunner</string> >+ </array> >+ </dict> >+</plist> >diff --git a/Tools/WebKitTestRunner/Configurations/WebKitTestRunner.xcconfig b/Tools/WebKitTestRunner/Configurations/WebKitTestRunner.xcconfig >index 4e519237bfb1ad926866e2596f5453d1746cc781..fa62eb43851a9b5376afbf4b1f8f57e73e2be315 100644 >--- a/Tools/WebKitTestRunner/Configurations/WebKitTestRunner.xcconfig >+++ b/Tools/WebKitTestRunner/Configurations/WebKitTestRunner.xcconfig >@@ -34,3 +34,8 @@ STRIP_STYLE = debugging; > SKIP_INSTALL[sdk=iphone*] = YES; > EXCLUDED_SOURCE_FILE_NAMES[sdk=iphone*] = mac/*; > INCLUDED_SOURCE_FILE_NAMES[sdk=iphone*] = mac/main.mm; >+ >+CODE_SIGN_ENTITLEMENTS[sdk=macosx*] = Configurations/WebKitTestRunner.entitlements; >+ >+CODE_SIGN_IDENTITY[sdk=macosx*] = $(CODE_SIGN_IDENTITY_$(USE_INTERNAL_SDK)); >+CODE_SIGN_IDENTITY_YES = $(WK_ENGINEERING_CODE_SIGN_IDENTITY); >diff --git a/Tools/WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj b/Tools/WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj >index 143ddb25e4c229330c3c760bc5d505d8b8c929f1..1643d400d030f82f9759f829f03f98c1c956646e 100644 >--- a/Tools/WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj >+++ b/Tools/WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj >@@ -105,7 +105,8 @@ > 5641E2D014335E95008307E5 /* JSTextInputController.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5641E2CE14335E95008307E5 /* JSTextInputController.cpp */; }; > 5664A49A14326384008881BE /* TextInputController.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5664A49814326384008881BE /* TextInputController.cpp */; }; > 5670B8281386FCA5002EB355 /* EventSenderProxy.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5670B8271386FCA5002EB355 /* EventSenderProxy.mm */; }; >- 570E75A82152DB4F00324B6E /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 570E75A42152DA2C00324B6E /* Security.framework */; }; >+ 57A0062E22976EEB00AD08BD /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 570E75A42152DA2C00324B6E /* Security.framework */; }; >+ 57A0062F22976EF800AD08BD /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 570E75A42152DA2C00324B6E /* Security.framework */; }; > 6510A78211EC643800410867 /* AHEM____.TTF in Resources */ = {isa = PBXBuildFile; fileRef = 6510A77711EC643800410867 /* AHEM____.TTF */; }; > 6510A78411EC643800410867 /* WebKitWeightWatcher100.ttf in Resources */ = {isa = PBXBuildFile; fileRef = 6510A77911EC643800410867 /* WebKitWeightWatcher100.ttf */; }; > 6510A78511EC643800410867 /* WebKitWeightWatcher200.ttf in Resources */ = {isa = PBXBuildFile; fileRef = 6510A77A11EC643800410867 /* WebKitWeightWatcher200.ttf */; }; >@@ -323,6 +324,7 @@ > 5670B8261386FC13002EB355 /* EventSenderProxy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = EventSenderProxy.h; sourceTree = "<group>"; }; > 5670B8271386FCA5002EB355 /* EventSenderProxy.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = EventSenderProxy.mm; sourceTree = "<group>"; }; > 570E75A42152DA2C00324B6E /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = System/Library/Frameworks/Security.framework; sourceTree = SDKROOT; }; >+ 57A0062C22976E4D00AD08BD /* WebKitTestRunner.entitlements */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.entitlements; path = WebKitTestRunner.entitlements; sourceTree = "<group>"; }; > 583913D014335E95008307E5 /* JSAccessibilityController.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSAccessibilityController.cpp; sourceTree = "<group>"; }; > 583913D114335E95008307E5 /* JSAccessibilityController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSAccessibilityController.h; sourceTree = "<group>"; }; > 6510A77711EC643800410867 /* AHEM____.TTF */ = {isa = PBXFileReference; lastKnownFileType = file; name = "AHEM____.TTF"; path = "fonts/AHEM____.TTF"; sourceTree = "<group>"; }; >@@ -417,7 +419,7 @@ > isa = PBXFrameworksBuildPhase; > buildActionMask = 2147483647; > files = ( >- 570E75A82152DB4F00324B6E /* Security.framework in Frameworks */, >+ 57A0062F22976EF800AD08BD /* Security.framework in Frameworks */, > ); > runOnlyForDeploymentPostprocessing = 0; > }; >@@ -426,6 +428,7 @@ > buildActionMask = 2147483647; > files = ( > 51058AD51D678820009A538C /* libWebCoreTestSupport.dylib in Frameworks */, >+ 57A0062E22976EEB00AD08BD /* Security.framework in Frameworks */, > 51058AD61D678825009A538C /* WebKit.framework in Frameworks */, > ); > runOnlyForDeploymentPostprocessing = 0; >@@ -806,6 +809,7 @@ > BC793427118F7DAF005EA8E2 /* DebugRelease.xcconfig */, > BC25197111D15E61002EBC01 /* InjectedBundle.xcconfig */, > A1B89B94221E026B00EB4CEA /* SDKVariant.xcconfig */, >+ 57A0062C22976E4D00AD08BD /* WebKitTestRunner.entitlements */, > A18510381B9ADF2200744AEB /* WebKitTestRunner.xcconfig */, > 9B0D132E2036D346008FC8FB /* WebKitTestRunnerApp-iOS.entitlements */, > 311183AA212B1AC70077BCE0 /* WebKitTestRunnerApp-watchOS.entitlements */, >diff --git a/Tools/WebKitTestRunner/cocoa/TestControllerCocoa.mm b/Tools/WebKitTestRunner/cocoa/TestControllerCocoa.mm >index fd28758de3df64634acdced79ce5e14fe5a644b3..aaa38b169b22e962666df0a6c16a91e6794a74e0 100644 >--- a/Tools/WebKitTestRunner/cocoa/TestControllerCocoa.mm >+++ b/Tools/WebKitTestRunner/cocoa/TestControllerCocoa.mm >@@ -51,6 +51,7 @@ > #import <WebKit/_WKUserContentExtensionStore.h> > #import <WebKit/_WKUserContentExtensionStorePrivate.h> > #import <wtf/MainThread.h> >+#import <wtf/spi/cocoa/SecuritySPI.h> > > namespace WTR { > >@@ -329,8 +330,6 @@ void TestController::injectUserScript(WKStringRef script) > > void TestController::addTestKeyToKeychain(const String& privateKeyBase64, const String& attrLabel, const String& applicationTagBase64) > { >- // FIXME(182772) >-#if PLATFORM(IOS_FAMILY) > NSDictionary* options = @{ > (id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, > (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate, >@@ -348,40 +347,36 @@ void TestController::addTestKeyToKeychain(const String& privateKeyBase64, const > (id)kSecValueRef: (id)key.get(), > (id)kSecClass: (id)kSecClassKey, > (id)kSecAttrLabel: attrLabel, >- (id)kSecAttrApplicationTag: adoptNS([[NSData alloc] initWithBase64EncodedString:applicationTagBase64 options:NSDataBase64DecodingIgnoreUnknownCharacters]).get() >+ (id)kSecAttrApplicationTag: adoptNS([[NSData alloc] initWithBase64EncodedString:applicationTagBase64 options:NSDataBase64DecodingIgnoreUnknownCharacters]).get(), >+ (id)kSecAttrNoLegacy: @YES > }; > OSStatus status = SecItemAdd((__bridge CFDictionaryRef)addQuery, NULL); > ASSERT_UNUSED(status, !status); >-#endif > } > > void TestController::cleanUpKeychain(const String& attrLabel) > { >- // FIXME(182772) >-#if PLATFORM(IOS_FAMILY) > NSDictionary* deleteQuery = @{ > (id)kSecClass: (id)kSecClassKey, >- (id)kSecAttrLabel: attrLabel >+ (id)kSecAttrLabel: attrLabel, >+ (id)kSecAttrNoLegacy: @YES > }; > SecItemDelete((__bridge CFDictionaryRef)deleteQuery); >-#endif > } > > bool TestController::keyExistsInKeychain(const String& attrLabel, const String& applicationTagBase64) > { >- // FIXME(182772) >-#if PLATFORM(IOS_FAMILY) > NSDictionary *query = @{ > (id)kSecClass: (id)kSecClassKey, > (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate, > (id)kSecAttrLabel: attrLabel, > (id)kSecAttrApplicationTag: adoptNS([[NSData alloc] initWithBase64EncodedString:applicationTagBase64 options:NSDataBase64DecodingIgnoreUnknownCharacters]).get(), >+ (id)kSecAttrNoLegacy: @YES > }; > OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, NULL); > if (!status) > return true; > ASSERT(status == errSecItemNotFound); >-#endif > return false; > } > >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index bd94bf41045253812ec6ade76926c565c0946c09..c9eab8669b533cd9163d7f5a97da18ec9f4f1709 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,17 @@ >+2019-05-23 Jiewen Tan <jiewen_tan@apple.com> >+ >+ [WebAuthN] Enable LocalAuthenticator for macOS >+ https://bugs.webkit.org/show_bug.cgi?id=182772 >+ <rdar://problem/43347920> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Enable existing local authenticator tests for macOS. Since OpenSource bots >+ don't have the internal setting to include restricted entitlements, tests >+ will fail on OpenSource bots. >+ >+ * platform/mac-wk2/TestExpectations: >+ > 2019-08-01 Wenson Hsieh <wenson_hsieh@apple.com> > > [Text autosizing] [iPadOS] Add targeted hacks to address some remaining text autosizing issues >diff --git a/LayoutTests/platform/mac-wk2/TestExpectations b/LayoutTests/platform/mac-wk2/TestExpectations >index 307ecbefadb7af8b76f91a5e003cf5d9d98a71fd..9d5cff531e5c7884506817e3b3b061333b4a4b7a 100644 >--- a/LayoutTests/platform/mac-wk2/TestExpectations >+++ b/LayoutTests/platform/mac-wk2/TestExpectations >@@ -905,14 +905,13 @@ imported/w3c/web-platform-tests/payment-request/user-accepts-payment-request-alg > > webkit.org/b/189598 compositing/backing/backing-store-attachment-fill-forwards-animation.html [ Pass Failure ] > >-# Skip local authenticator tests for mac now. >-http/wpt/webauthn/public-key-credential-create-failure-local.https.html [ Skip ] >-http/wpt/webauthn/public-key-credential-create-success-local.https.html [ Skip ] >-http/wpt/webauthn/public-key-credential-get-failure-local.https.html [ Skip ] >-http/wpt/webauthn/public-key-credential-get-success-local.https.html [ Skip ] >-# The following tests require PublicKeyCredential objects. We can only produce them via local authenticators now. >-http/wpt/credential-management/credentialscontainer-store-basics.https.html [ Skip ] >-http/wpt/webauthn/idl.https.html [ Skip ] >+# Local authenticator tests fail on OpenSource. >+http/wpt/webauthn/public-key-credential-create-failure-local.https.html [ Failure ] >+http/wpt/webauthn/public-key-credential-create-success-local.https.html [ Failure ] >+http/wpt/webauthn/public-key-credential-get-failure-local.https.html [ Failure ] >+http/wpt/webauthn/public-key-credential-get-success-local.https.html [ Failure ] >+http/wpt/credential-management/credentialscontainer-store-basics.https.html [ Failure ] >+http/wpt/webauthn/idl.https.html [ Failure ] > > webkit.org/b/183878 media/modern-media-controls/tracks-panel/tracks-panel-up-click-over-media-does-not-dimiss-media-controls-when-media-is-playing.html [ Pass Timeout ] >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 182772
:
370494
|
370522
|
370531
|
375459
|
375641