ChangeLog

2020-01-10  Jiewen Tan  <jiewen_tan@apple.com>

        [WebAuthn] Implement SPI to tell UI clients to select assertion responses

        https://bugs.webkit.org/show_bug.cgi?id=206112

        <rdar://problem/58495733>

        Reviewed by NOBODY (OOPS!).

        Covered by API tests.

        This patch adds a new delegate method in _WKWebAuthenticationPanelDelegate to tell UI clients to

        select an assertion response when multiple are returned from an authenticator. Here is the SPI:

        @protocol _WKWebAuthenticationPanelDelegate <NSObject>

        @optional

        ...

        - (void)panel:(_WKWebAuthenticationPanel *)panel selectAssertionResponses:(NSArray < _WKWebAuthenticationAssertionResponse *> *)responses completionHandler:(void (^)(_WKWebAuthenticationAssertionResponse *))completionHandler;

        ...

        @end

        A new interface is introduced to represent an authenticator assertion response:

        @interface _WKWebAuthenticationAssertionResponse : NSObject

        @property (nonatomic, readonly, copy) NSString *name;

        @property (nonatomic, readonly, copy) NSString *displayName;

        @property (nonatomic, readonly, copy) NSData *userHandle;

        @end

        Only members that can assist users to make a decision are exposed to UI clients.

        * Shared/API/APIObject.h:

        * Shared/Cocoa/APIObject.mm:

        (API::Object::newObject):

        * Sources.txt:

        * SourcesCocoa.txt:

        * UIProcess/API/APIWebAuthenticationAssertionResponse.cpp: Copied from Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.h.

        (API::WebAuthenticationAssertionResponse::create):

        (API::WebAuthenticationAssertionResponse::WebAuthenticationAssertionResponse):

        * UIProcess/API/APIWebAuthenticationAssertionResponse.h: Copied from Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.h.

        * UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.h: Copied from Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.h.

        * UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.mm: Copied from Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.h.

        (-[_WKWebAuthenticationAssertionResponse dealloc]):

        (-[_WKWebAuthenticationAssertionResponse name]):

        (-[_WKWebAuthenticationAssertionResponse displayName]):

        (-[_WKWebAuthenticationAssertionResponse userHandle]):

        (-[_WKWebAuthenticationAssertionResponse _apiObject]):

        * UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponseInternal.h: Copied from Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.h.

        * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:

        * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:

        * UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.h:

        * UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.mm:

        (WebKit::WebAuthenticationPanelClient::WebAuthenticationPanelClient):

        (WebKit::WebAuthenticationPanelClient::selectAssertionResponses const):

        * WebKit.xcodeproj/project.pbxproj:

2020-01-10  Jiewen Tan  <jiewen_tan@apple.com>

        [WebAuthn] Support authenticatorGetNextAssertion

Source/WebKit/Shared/API/APIObject.h

@@public:

#endif

#if ENABLE(WEB_AUTHN)

186 WebAuthenticationAssertionResponse,

        WebAuthenticationPanel,

#endif

Source/WebKit/Shared/Cocoa/APIObject.mm

#import "_WKUserInitiatedActionInternal.h"

#import "_WKUserStyleSheetInternal.h"

#import "_WKVisitedLinkStoreInternal.h"

91#import "_WKWebAuthenticationAssertionResponseInternal.h"

#import "_WKWebAuthenticationPanelInternal.h"

#import "_WKWebsiteDataStoreConfigurationInternal.h"

@@void* Object::newObject(size_t size, Type type)

    case Type::WebAuthenticationPanel:

        wrapper = [_WKWebAuthenticationPanel alloc];

        break;

    case Type::WebAuthenticationAssertionResponse:

        wrapper = [_WKWebAuthenticationAssertionResponse alloc];

        break;

#endif

    case Type::BundleFrame:

Source/WebKit/Sources.txt

@@UIProcess/API/APIURLSchemeTask.cpp

UIProcess/API/APIUserContentWorld.cpp

UIProcess/API/APIUserScript.cpp

UIProcess/API/APIUserStyleSheet.cpp

341UIProcess/API/APIWebAuthenticationAssertionResponse.cpp

UIProcess/API/APIWebAuthenticationPanel.cpp

UIProcess/API/APIWebsitePolicies.cpp

UIProcess/API/APIWindowFeatures.cpp

Source/WebKit/SourcesCocoa.txt

@@UIProcess/API/Cocoa/_WKUserContentWorld.mm

UIProcess/API/Cocoa/_WKUserInitiatedAction.mm

UIProcess/API/Cocoa/_WKUserStyleSheet.mm

UIProcess/API/Cocoa/_WKVisitedLinkStore.mm

281UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.mm

UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm

UIProcess/API/Cocoa/_WKWebsiteDataSize.mm

UIProcess/API/Cocoa/_WKWebsiteDataStore.mm

Source/WebKit/UIProcess/API/APIWebAuthenticationAssertionResponse.cpp

/*

 * Copyright (C) 2020 Apple Inc. All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''

 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,

 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS

 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF

 * THE POSSIBILITY OF SUCH DAMAGE.

 */

#include "config.h"

#include "APIWebAuthenticationAssertionResponse.h"

#if ENABLE(WEB_AUTHN)

namespace API {

using namespace WebCore;

Ref<WebAuthenticationAssertionResponse> WebAuthenticationAssertionResponse::create(Ref<WebCore::AuthenticatorAssertionResponse>&& response)

{

    return adoptRef(*new WebAuthenticationAssertionResponse(WTFMove(response)));

}

WebAuthenticationAssertionResponse::WebAuthenticationAssertionResponse(Ref<WebCore::AuthenticatorAssertionResponse>&& response)

    : m_response(WTFMove(response))

{

}

WebAuthenticationAssertionResponse::~WebAuthenticationAssertionResponse() = default;

} // namespace API

#endif // ENABLE(WEB_AUTHN)

Source/WebKit/UIProcess/API/APIWebAuthenticationAssertionResponse.h

/*

 * Copyright (C) 2020 Apple Inc. All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''

 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,

 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS

 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF

 * THE POSSIBILITY OF SUCH DAMAGE.

 */

#pragma once

#if ENABLE(WEB_AUTHN)

#include "APIObject.h"

#include <WebCore/AuthenticatorAssertionResponse.h>

namespace API {

class WebAuthenticationAssertionResponse final : public ObjectImpl<Object::Type::WebAuthenticationAssertionResponse> {

public:

    static Ref<WebAuthenticationAssertionResponse> create(Ref<WebCore::AuthenticatorAssertionResponse>&&);

    ~WebAuthenticationAssertionResponse();

    WTF::String name() const { return m_response->name(); }

    WTF::String displayName() const { return m_response->displayName(); }

    ArrayBuffer* userHandle() const { return m_response->userHandle(); }

    const Ref<WebCore::AuthenticatorAssertionResponse>& response() { return m_response; }

private:

    WebAuthenticationAssertionResponse(Ref<WebCore::AuthenticatorAssertionResponse>&&);

    Ref<WebCore::AuthenticatorAssertionResponse> m_response;

};

} // namespace API

#endif // ENABLE(WEB_AUTHN)

Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.h

/*

 * Copyright (C) 2020 Apple Inc. All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''

 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,

 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS

 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF

 * THE POSSIBILITY OF SUCH DAMAGE.

 */

#pragma once

#import <WebKit/WKFoundation.h>

#import <Foundation/Foundation.h>

NS_ASSUME_NONNULL_BEGIN

WK_CLASS_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA))

@interface _WKWebAuthenticationAssertionResponse : NSObject

@property (nonatomic, readonly, copy) NSString *name;

@property (nonatomic, readonly, copy) NSString *displayName;

@property (nonatomic, readonly, copy) NSData *userHandle;

@end

NS_ASSUME_NONNULL_END

Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.mm

/*

 * Copyright (C) 2020 Apple Inc. All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''

 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,

 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS

 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF

 * THE POSSIBILITY OF SUCH DAMAGE.

 */

#import "config.h"

#import "_WKWebAuthenticationAssertionResponseInternal.h"

@implementation _WKWebAuthenticationAssertionResponse {

    RetainPtr<NSData> _userHandle;

}

#if ENABLE(WEB_AUTHN)

- (void)dealloc

{

    _response->~WebAuthenticationAssertionResponse();

    [super dealloc];

}

- (NSString *)name

{

    return _response->name();

}

- (NSString *)displayName

{

    return _response->displayName();

}

- (NSData *)userHandle

{

    if (_userHandle)

        return _userHandle.get();

    if (auto* userHandle = _response->userHandle())

        _userHandle = [[NSData alloc] initWithBytes:userHandle->data() length:userHandle->byteLength()];

    return _userHandle.get();

}

#pragma mark WKObject protocol implementation

- (API::Object&)_apiObject

{

    return *_response;

}

#endif

@end

Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponseInternal.h

/*

 * Copyright (C) 2020 Apple Inc. All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''

 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,

 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS

 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF

 * THE POSSIBILITY OF SUCH DAMAGE.

 */

#pragma once

#import "_WKWebAuthenticationAssertionResponse.h"

#if ENABLE(WEB_AUTHN)

#import "APIWebAuthenticationAssertionResponse.h"

#import "WKObject.h"

namespace WebKit {

template<> struct WrapperTraits<API::WebAuthenticationAssertionResponse> {

    using WrapperClass = _WKWebAuthenticationAssertionResponse;

};

}

@interface _WKWebAuthenticationAssertionResponse () <WKObject> {

@package

    API::ObjectStorage<API::WebAuthenticationAssertionResponse> _response;

}

@end

#endif // ENABLE(WEB_AUTHN)

Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h

NS_ASSUME_NONNULL_BEGIN

34@class _WKWebAuthenticationAssertionResponse;

@class _WKWebAuthenticationPanel;

typedef NS_ENUM(NSInteger, _WKWebAuthenticationPanelResult) {

@@typedef NS_ENUM(NSInteger, _WKWebAuthenticationType) {

- (void)panel:(_WKWebAuthenticationPanel *)panel updateWebAuthenticationPanel:(_WKWebAuthenticationPanelUpdate)update WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));

- (void)panel:(_WKWebAuthenticationPanel *)panel dismissWebAuthenticationPanelWithResult:(_WKWebAuthenticationResult)result WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));

- (void)panel:(_WKWebAuthenticationPanel *)panel requestPINWithRemainingRetries:(NSUInteger)retries completionHandler:(void (^)(NSString *))completionHandler WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));

73- (void)panel:(_WKWebAuthenticationPanel *)panel selectAssertionResponses:(NSArray < _WKWebAuthenticationAssertionResponse *> *)responses completionHandler:(void (^)(_WKWebAuthenticationAssertionResponse *))completionHandler WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));

@end

Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm

 */

#import "config.h"

27 #import "WebAuthenticationPanelClient.h"

2827#import "_WKWebAuthenticationPanelInternal.h"

29 #import <WebCore/WebAuthenticationConstants.h>

3028

29#import "WebAuthenticationPanelClient.h"

30#import <WebCore/WebAuthenticationConstants.h>

#import <wtf/RetainPtr.h>

@implementation _WKWebAuthenticationPanel {

Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.h

@@private:

    // API::WebAuthenticationPanelClient

    void updatePanel(WebAuthenticationStatus) const final;

    void dismissPanel(WebAuthenticationResult) const final;

52 void selectAssertionResponses(const HashSet<Ref<WebCore::AuthenticatorAssertionResponse>>&, CompletionHandler<void(const Ref<WebCore::AuthenticatorAssertionResponse>&)>&&) const final;

    _WKWebAuthenticationPanel *m_panel;

    WeakObjCPtr<id <_WKWebAuthenticationPanelDelegate> > m_delegate;

@@private:

    struct {

        bool panelUpdateWebAuthenticationPanel : 1;

        bool panelDismissWebAuthenticationPanelWithResult : 1;

60 bool panelSelectAssertionResponsesCompletionHandler : 1;

    } m_delegateMethods;

};

Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.mm

#if ENABLE(WEB_AUTHN)

#import "APIWebAuthenticationAssertionResponse.h"

#import "CompletionHandlerCallChecker.h"

#import "WKSharedAPICast.h"

3134#import "WebAuthenticationFlags.h"

35#import "_WKWebAuthenticationAssertionResponseInternal.h"

#import "_WKWebAuthenticationPanel.h"

#import <wtf/RunLoop.h>

@@WebAuthenticationPanelClient::WebAuthenticationPanelClient(_WKWebAuthenticationP

{

    m_delegateMethods.panelUpdateWebAuthenticationPanel = [delegate respondsToSelector:@selector(panel:updateWebAuthenticationPanel:)];

    m_delegateMethods.panelDismissWebAuthenticationPanelWithResult = [delegate respondsToSelector:@selector(panel:dismissWebAuthenticationPanelWithResult:)];

47 m_delegateMethods.panelSelectAssertionResponsesCompletionHandler = [delegate respondsToSelector:@selector(panel:selectAssertionResponses:completionHandler:)];

}

RetainPtr<id <_WKWebAuthenticationPanelDelegate> > WebAuthenticationPanelClient::delegate()

@@void WebAuthenticationPanelClient::dismissPanel(WebAuthenticationResult result)

    });

}

void WebAuthenticationPanelClient::selectAssertionResponses(const HashSet<Ref<WebCore::AuthenticatorAssertionResponse>>& responses, CompletionHandler<void(const Ref<WebCore::AuthenticatorAssertionResponse>&)>&& completionHandler) const

{

    auto nsResponses = adoptNS([[NSMutableArray alloc] initWithCapacity:responses.size()]);

    for (auto& response : responses)

        [nsResponses addObject:wrapper(API::WebAuthenticationAssertionResponse::create(response.copyRef()))];

    // Call delegates in the next run loop to prevent clients' reentrance that would potentially modify the state

    // of the current run loop in unexpected ways.

    RunLoop::main().dispatch([weakThis = makeWeakPtr(*this), this, nsResponses = WTFMove(nsResponses), completionHandler = WTFMove(completionHandler)] () mutable {

        if (!weakThis) {

            completionHandler(static_cast<API::WebAuthenticationAssertionResponse&>([[nsResponses firstObject] _apiObject]).response());

            return;

        }

        if (!m_delegateMethods.panelSelectAssertionResponsesCompletionHandler) {

            completionHandler(static_cast<API::WebAuthenticationAssertionResponse&>([[nsResponses firstObject] _apiObject]).response());

            return;

        }

        auto delegate = m_delegate.get();

        if (!delegate) {

            completionHandler(static_cast<API::WebAuthenticationAssertionResponse&>([[nsResponses firstObject] _apiObject]).response());

            return;

        }

        auto checker = CompletionHandlerCallChecker::create(delegate.get(), @selector(panel:selectAssertionResponses:completionHandler:));

        [delegate panel:m_panel selectAssertionResponses:nsResponses.get() completionHandler:makeBlockPtr([completionHandler = WTFMove(completionHandler), checker = WTFMove(checker)](_WKWebAuthenticationAssertionResponse *response) mutable {

            if (checker->completionHandlerHasBeenCalled())

                return;

            checker->didCallCompletionHandler();

            completionHandler(static_cast<API::WebAuthenticationAssertionResponse&>([response _apiObject]).response());

        }).get()];

    });

}

} // namespace WebKit

#endif // ENABLE(WEB_AUTHN)

Source/WebKit/WebKit.xcodeproj/project.pbxproj

		577FF7822346E81C004EDFB9 /* APIWebAuthenticationPanelClient.h in Headers */ = {isa = PBXBuildFile; fileRef = 577FF7812346E81C004EDFB9 /* APIWebAuthenticationPanelClient.h */; };

		577FF7852346ECAA004EDFB9 /* WebAuthenticationPanelClient.h in Headers */ = {isa = PBXBuildFile; fileRef = 577FF7832346ECAA004EDFB9 /* WebAuthenticationPanelClient.h */; };

		578DC2982155A0020074E815 /* LocalAuthenticationSoftLink.h in Headers */ = {isa = PBXBuildFile; fileRef = 578DC2972155A0010074E815 /* LocalAuthenticationSoftLink.h */; };

		579F1BF623C80DB600C7D4B4 /* _WKWebAuthenticationAssertionResponse.h in Headers */ = {isa = PBXBuildFile; fileRef = 579F1BF423C80DB600C7D4B4 /* _WKWebAuthenticationAssertionResponse.h */; settings = {ATTRIBUTES = (Private, ); }; };

		579F1BF923C80EC600C7D4B4 /* _WKWebAuthenticationAssertionResponseInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = 579F1BF823C80EC600C7D4B4 /* _WKWebAuthenticationAssertionResponseInternal.h */; };

		579F1BFC23C811CF00C7D4B4 /* APIWebAuthenticationAssertionResponse.h in Headers */ = {isa = PBXBuildFile; fileRef = 579F1BFA23C811CF00C7D4B4 /* APIWebAuthenticationAssertionResponse.h */; };

		57AC8F50217FEED90055438C /* HidConnection.h in Headers */ = {isa = PBXBuildFile; fileRef = 57AC8F4E217FEED90055438C /* HidConnection.h */; };

		57B4B46020B504AC00D4AD79 /* ClientCertificateAuthenticationXPCConstants.h in Headers */ = {isa = PBXBuildFile; fileRef = 57B4B45E20B504AB00D4AD79 /* ClientCertificateAuthenticationXPCConstants.h */; };

		57B826412304EB3E00B72EB0 /* NearFieldSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 57B826402304EB3E00B72EB0 /* NearFieldSPI.h */; };

		577FF7832346ECAA004EDFB9 /* WebAuthenticationPanelClient.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WebAuthenticationPanelClient.h; sourceTree = "<group>"; };

		577FF7842346ECAA004EDFB9 /* WebAuthenticationPanelClient.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = WebAuthenticationPanelClient.mm; sourceTree = "<group>"; };

		578DC2972155A0010074E815 /* LocalAuthenticationSoftLink.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = LocalAuthenticationSoftLink.h; sourceTree = "<group>"; };

		579F1BF423C80DB600C7D4B4 /* _WKWebAuthenticationAssertionResponse.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = _WKWebAuthenticationAssertionResponse.h; sourceTree = "<group>"; };

		579F1BF523C80DB600C7D4B4 /* _WKWebAuthenticationAssertionResponse.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = _WKWebAuthenticationAssertionResponse.mm; sourceTree = "<group>"; };

		579F1BF823C80EC600C7D4B4 /* _WKWebAuthenticationAssertionResponseInternal.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = _WKWebAuthenticationAssertionResponseInternal.h; sourceTree = "<group>"; };

		579F1BFA23C811CF00C7D4B4 /* APIWebAuthenticationAssertionResponse.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = APIWebAuthenticationAssertionResponse.h; sourceTree = "<group>"; };

		579F1BFB23C811CF00C7D4B4 /* APIWebAuthenticationAssertionResponse.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = APIWebAuthenticationAssertionResponse.cpp; sourceTree = "<group>"; };

		57AC8F4E217FEED90055438C /* HidConnection.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = HidConnection.h; sourceTree = "<group>"; };

		57AC8F4F217FEED90055438C /* HidConnection.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = HidConnection.mm; sourceTree = "<group>"; };

		57B4B45D20B504AB00D4AD79 /* AuthenticationManagerCocoa.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = AuthenticationManagerCocoa.mm; sourceTree = "<group>"; };

				1A81B37F18BD66AD0007FDAC /* _WKVisitedLinkStore.h */,

				1A81B37E18BD66AD0007FDAC /* _WKVisitedLinkStore.mm */,

				1A81B38418BD673A0007FDAC /* _WKVisitedLinkStoreInternal.h */,

				579F1BF423C80DB600C7D4B4 /* _WKWebAuthenticationAssertionResponse.h */,

				579F1BF523C80DB600C7D4B4 /* _WKWebAuthenticationAssertionResponse.mm */,

				579F1BF823C80EC600C7D4B4 /* _WKWebAuthenticationAssertionResponseInternal.h */,

				574728CF23456E98001700AF /* _WKWebAuthenticationPanel.h */,

				574728D023456E98001700AF /* _WKWebAuthenticationPanel.mm */,

				574728D3234570AE001700AF /* _WKWebAuthenticationPanelInternal.h */,

				7C89D2921A67122F003A5FDE /* APIUserScript.h */,

				2D8786211BDB58FF00D02ABB /* APIUserStyleSheet.cpp */,

				2D8786221BDB58FF00D02ABB /* APIUserStyleSheet.h */,

8534 579F1BFB23C811CF00C7D4B4 /* APIWebAuthenticationAssertionResponse.cpp */,

8535 579F1BFA23C811CF00C7D4B4 /* APIWebAuthenticationAssertionResponse.h */,

				57EBE269234676C5008D8AF9 /* APIWebAuthenticationPanel.cpp */,

				57EBE268234676C5008D8AF9 /* APIWebAuthenticationPanel.h */,

				577FF7812346E81C004EDFB9 /* APIWebAuthenticationPanelClient.h */,

				2D8786201BDB57F500D02ABB /* _WKUserStyleSheetInternal.h in Headers */,

				1A81B38118BD66AD0007FDAC /* _WKVisitedLinkStore.h in Headers */,

				1A81B38518BD673A0007FDAC /* _WKVisitedLinkStoreInternal.h in Headers */,

9902 579F1BF623C80DB600C7D4B4 /* _WKWebAuthenticationAssertionResponse.h in Headers */,

9903 579F1BF923C80EC600C7D4B4 /* _WKWebAuthenticationAssertionResponseInternal.h in Headers */,

				574728D123456E98001700AF /* _WKWebAuthenticationPanel.h in Headers */,

				574728D4234570AE001700AF /* _WKWebAuthenticationPanelInternal.h in Headers */,

				1AE286781C7E76510069AC4F /* _WKWebsiteDataSize.h in Headers */,

				2D8786241BDB58FF00D02ABB /* APIUserStyleSheet.h in Headers */,

				C5E1AFED16B21017006CC1F2 /* APIWebArchive.h in Headers */,

				C5E1AFEF16B21029006CC1F2 /* APIWebArchiveResource.h in Headers */,

9986 579F1BFC23C811CF00C7D4B4 /* APIWebAuthenticationAssertionResponse.h in Headers */,

				57EBE26A234676C5008D8AF9 /* APIWebAuthenticationPanel.h in Headers */,

				577FF7822346E81C004EDFB9 /* APIWebAuthenticationPanelClient.h in Headers */,

				1AE286841C7F93860069AC4F /* APIWebsiteDataRecord.h in Headers */,

Tools/ChangeLog

2020-01-10  Jiewen Tan  <jiewen_tan@apple.com>

        [WebAuthn] Implement SPI to tell UI clients to select assertion responses

        https://bugs.webkit.org/show_bug.cgi?id=206112

        <rdar://problem/58495733>

        Reviewed by NOBODY (OOPS!).

        * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:

        * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:

        (-[TestWebAuthenticationPanelDelegate panel:selectAssertionResponses:completionHandler:]):

        (TestWebKitAPI::TEST):

        * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-hid-multiple-accounts.html: Added.

        * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid.html:

2020-01-10  Alex Christensen  <achristensen@webkit.org>

        Build fix for builds without libwebrtc's BoringSSL.

Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj

		5797FE331EB15AB100B2F4A0 /* navigation-client-default-crypto.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 5797FE321EB15A8900B2F4A0 /* navigation-client-default-crypto.html */; };

		5798337E236019A4008E5547 /* web-authentication-make-credential-hid.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 5798337D2360196D008E5547 /* web-authentication-make-credential-hid.html */; };

		579833922368FA37008E5547 /* web-authentication-get-assertion-nfc-multiple-tags.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 5798337B235EB65C008E5547 /* web-authentication-get-assertion-nfc-multiple-tags.html */; };

366 579F1C0123C93AF500C7D4B4 /* web-authentication-get-assertion-hid-multiple-accounts.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 579F1BFF23C92FD300C7D4B4 /* web-authentication-get-assertion-hid-multiple-accounts.html */; };

		57A79857224AB34E00A7F6F1 /* WebCryptoMasterKey.mm in Sources */ = {isa = PBXBuildFile; fileRef = 57A79856224AB34E00A7F6F1 /* WebCryptoMasterKey.mm */; };

		57C3FA661F7C248F009D4B80 /* WeakPtr.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1CB9BC371A67482300FE5678 /* WeakPtr.cpp */; };

		57C6244E2346BCFA00383FE7 /* _WKWebAuthenticationPanel.mm in Sources */ = {isa = PBXBuildFile; fileRef = 57C6244D2346BCFA00383FE7 /* _WKWebAuthenticationPanel.mm */; };

				2EBD9D0A2134730D002DA758 /* video.html in Copy Resources */,

				CD577799211CE0E4001B371E /* web-audio-only.html in Copy Resources */,

				57663DF32357E48900E85E09 /* web-authentication-get-assertion-hid-cancel.html in Copy Resources */,

1483 579F1C0123C93AF500C7D4B4 /* web-authentication-get-assertion-hid-multiple-accounts.html in Copy Resources */,

				577454D02359B378008E1ED7 /* web-authentication-get-assertion-hid-no-credentials.html in Copy Resources */,

				57663DEC234F1F9300E85E09 /* web-authentication-get-assertion-hid.html in Copy Resources */,

				579833922368FA37008E5547 /* web-authentication-get-assertion-nfc-multiple-tags.html in Copy Resources */,

		5798337B235EB65C008E5547 /* web-authentication-get-assertion-nfc-multiple-tags.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "web-authentication-get-assertion-nfc-multiple-tags.html"; sourceTree = "<group>"; };

		5798337D2360196D008E5547 /* web-authentication-make-credential-hid.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "web-authentication-make-credential-hid.html"; sourceTree = "<group>"; };

		5798E2AF1CAF5C2800C5CBA0 /* ProvisionalURLNotChange.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = ProvisionalURLNotChange.mm; sourceTree = "<group>"; };

1939 579F1BFF23C92FD300C7D4B4 /* web-authentication-get-assertion-hid-multiple-accounts.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-get-assertion-hid-multiple-accounts.html"; sourceTree = "<group>"; };

		57A79856224AB34E00A7F6F1 /* WebCryptoMasterKey.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = WebCryptoMasterKey.mm; sourceTree = "<group>"; };

		57C6244D2346BCFA00383FE7 /* _WKWebAuthenticationPanel.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = _WKWebAuthenticationPanel.mm; sourceTree = "<group>"; };

		57C6244F2346C1EC00383FE7 /* web-authentication-get-assertion.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "web-authentication-get-assertion.html"; sourceTree = "<group>"; };

				CD57779B211CE6CE001B371E /* video-with-audio-and-web-audio.html */,

				CD577798211CDE8F001B371E /* web-audio-only.html */,

				57663DF22357E45D00E85E09 /* web-authentication-get-assertion-hid-cancel.html */,

3491 579F1BFF23C92FD300C7D4B4 /* web-authentication-get-assertion-hid-multiple-accounts.html */,

				577454CF2359B338008E1ED7 /* web-authentication-get-assertion-hid-no-credentials.html */,

				57663DEB234F1F8000E85E09 /* web-authentication-get-assertion-hid.html */,

				5798337B235EB65C008E5547 /* web-authentication-get-assertion-nfc-multiple-tags.html */,

Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm

#import <WebKit/WKPreferencesPrivate.h>

#import <WebKit/WKUIDelegatePrivate.h>

#import <WebKit/_WKExperimentalFeature.h>

38#import <WebKit/_WKWebAuthenticationAssertionResponse.h>

3839#import <WebKit/_WKWebAuthenticationPanel.h>

3940#import <wtf/BlockPtr.h>

41#import <wtf/RandomNumber.h>

42#import <wtf/text/Base64.h>

#import <wtf/text/StringConcatenateNumbers.h>

static bool webAuthenticationPanelRan = false;

@@static bool webAuthenticationPanelSucceded = false;

static bool webAuthenticationPanelUpdateMultipleNFCTagsPresent = false;

static bool webAuthenticationPanelUpdateNoCredentialsFound = false;

static bool webAuthenticationPanelCancelImmediately = false;

51static BOOL webAuthenticationPanelNullUserHandle = NO;

@interface TestWebAuthenticationPanelDelegate : NSObject <_WKWebAuthenticationPanelDelegate>

@end

@@- (void)panel:(_WKWebAuthenticationPanel *)panel dismissWebAuthenticationPanelWi

    }

}

- (void)panel:(_WKWebAuthenticationPanel *)panel selectAssertionResponses:(NSArray < _WKWebAuthenticationAssertionResponse *> *)responses completionHandler:(void (^)(_WKWebAuthenticationAssertionResponse *))completionHandler

{

    EXPECT_EQ(responses.count, 2ul);

    for (_WKWebAuthenticationAssertionResponse *response in responses) {

        EXPECT_TRUE([response.name isEqual:@"johnpsmith@example.com"] || [response.name isEqual:@""]);

        EXPECT_TRUE([response.displayName isEqual:@"John P. Smith"] || [response.displayName isEqual:@""]);

    }

    auto index = weakRandomUint32() % 2;

    webAuthenticationPanelNullUserHandle = responses[index].userHandle ? NO : YES;

    completionHandler(responses[index]);

}

@end

@interface TestWebAuthenticationPanelFakeDelegate : NSObject <_WKWebAuthenticationPanelDelegate>

@@TEST(WebAuthenticationPanel, PanelHidCtapNoCredentialsFoundCancelNoCrash)

    Util::run(&webAuthenticationPanelUpdateNoCredentialsFound);

}

TEST(WebAuthenticationPanel, MultipleAccountsNullDelegate)

{

    reset();

    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-get-assertion-hid-multiple-accounts" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];

    auto *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];

    [[configuration preferences] _setEnabled:YES forExperimentalFeature:webAuthenticationExperimentalFeature()];

    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSZeroRect configuration:configuration]);

    auto delegate = adoptNS([[TestWebAuthenticationPanelUIDelegate alloc] init]);

    [delegate setIsNull:true];

    [webView setUIDelegate:delegate.get()];

    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];

    [webView waitForMessage:@"Succeeded!"];

}

TEST(WebAuthenticationPanel, MultipleAccounts)

{

    reset();

    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-get-assertion-hid-multiple-accounts" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];

    auto *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];

    [[configuration preferences] _setEnabled:YES forExperimentalFeature:webAuthenticationExperimentalFeature()];

    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSZeroRect configuration:configuration]);

    auto delegate = adoptNS([[TestWebAuthenticationPanelUIDelegate alloc] init]);

    [webView setUIDelegate:delegate.get()];

    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];

    [webView waitForMessage:@"Succeeded!"];

    EXPECT_EQ([[webView stringByEvaluatingJavaScript:@"userHandle"] isEqualToString:@"<null>"], webAuthenticationPanelNullUserHandle);

}

} // namespace TestWebKitAPI

#endif // ENABLE(WEB_AUTHN)

Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-hid-multiple-accounts.html

<input type="text" id="input">

<script>

    const testAssertionMessageLongBase64 =

        "AKUBomJpZFhAKAitzuj+Tslzelf3/vZwIGtDQNgoKeFd5oEieYzhyzA65saf0tK2" +

        "w/mooa7tQtGgDdwZIjOhjcuZ0pQ1ajoE4GR0eXBlanB1YmxpYy1rZXkCWCVGzH+5" +

        "Z51VstuQkuHI2eXh0Ct1gPC0gSx3CWLh5I9a2AEAAABQA1hHMEUCIQCSFTuuBWgB" +

        "4/F0VB7DlUVM09IHPmxe1MzHUwRoCRZbCAIgGKov6xoAx2MEf6/6qNs8OutzhP2C" +

        "QoJ1L7Fe64G9uBcEpGJpZFggMIIBkzCCATigAwIBAjCCAZMwggE4oAMCAQIwggGT" +

        "MIJkaWNvbngoaHR0cHM6Ly9waWNzLmFjbWUuY29tLzAwL3AvYUJqampwcVBiLnBu" +

        "Z2RuYW1ldmpvaG5wc21pdGhAZXhhbXBsZS5jb21rZGlzcGxheU5hbWVtSm9obiBQ" +

        "LiBTbWl0aAUC";

    const testAssertionMessageBase64 =

        "AKMBomJpZFhAKAitzuj+Tslzelf3/vZwIGtDQNgoKeFd5oEieYzhyzA65saf0tK2" +

        "w/mooa7tQtGgDdwZIjOhjcuZ0pQ1ajoE4GR0eXBlanB1YmxpYy1rZXkCWCVGzH+5" +

        "Z51VstuQkuHI2eXh0Ct1gPC0gSx3CWLh5I9a2AEAAABQA1hHMEUCIQCSFTuuBWgB" +

        "4/F0VB7DlUVM09IHPmxe1MzHUwRoCRZbCAIgGKov6xoAx2MEf6/6qNs8OutzhP2C" +

        "QoJ1L7Fe64G9uBc=";

    if (window.internals) {

        internals.setMockWebAuthenticationConfiguration({ silentFailure: true, hid: { payloadBase64: [testAssertionMessageLongBase64, testAssertionMessageBase64] } });

        internals.withUserGesture(() => { input.focus(); });

    }

    function bytesToHexString(bytes)

    {

        if (!bytes)

            return null;

        bytes = new Uint8Array(bytes);

        var hexBytes = [];

        for (var i = 0; i < bytes.length; ++i) {

            var byteString = bytes[i].toString(16);

            if (byteString.length < 2)

                byteString = "0" + byteString;

            hexBytes.push(byteString);

        }

        return hexBytes.join("");

    }

    const options = {

        publicKey: {

            challenge: new Uint8Array(16),

            timeout: 1000

        }

    };

    navigator.credentials.get(options).then(credential => {

        userHandle = bytesToHexString(credential.response.userHandle);

        // console.log("Succeeded!");

        window.webkit.messageHandlers.testHandler.postMessage("Succeeded!");

    }, error => {

        // console.log(error.message);

        window.webkit.messageHandlers.testHandler.postMessage(error.message);

    });

</script>

Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid.html

            },

            challenge: new Uint8Array(16),

            pubKeyCredParams: [{ type: "public-key", alg: -7 }],

42 timeout: 100

42 timeout: 100,

        }

    };