Bug 233371

Summary:

Add headers for [_WKWebAuthenticationPanel makeCredentialWithClientDataHash] and [_WKWebAuthenticationPanel getAssertionWithClientDataHash]

Product:

WebKit

Reporter:

pascoe <pascoe>

Component:

WebKit Misc.

Assignee:

pascoe <pascoe>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bfulgham, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

233216

Bug Blocks:

Attachments:

Description	Flags
Patch	none
Patch	none
Patch	none

Description pascoe@apple.com 2021-11-19 09:21:17 PST

This is a followup to: https://bugs.webkit.org/show_bug.cgi?id=233216

Summary:
In order to avoid needing to make and coordinate changes to ASC to support new fields or changes within ClientDataJSON and to maintain a single source of truth, calls to ASC from WebKit will contain a precomputed ClientDataHash.

In order to use these new methods, they must be added to _WKWebAuthenticationPanel.h

Comment 1 Radar WebKit Bug Importer 2021-11-19 09:21:34 PST

<rdar://problem/85607248>

Comment 2 pascoe@apple.com 2021-11-19 09:30:31 PST

Created attachment 444825 [details]
Patch

Comment 3 pascoe@apple.com 2021-11-19 09:52:45 PST

Created attachment 444828 [details]
Patch

Comment 4 Brent Fulgham 2021-11-19 10:10:08 PST

Comment on attachment 444828 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=444828&action=review

r=me if you switch to WK_<MAC/IOS>_TBA in the availability macros.

> Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:129
> +- (void)makeCredentialWithClientDataHash:(NSData *)clientDataHash options:(_WKPublicKeyCredentialCreationOptions *)options completionHandler:(void (^)(_WKAuthenticatorAttestationResponse *, NSError *))handler WK_API_AVAILABLE(macos(12.0), ios(15.0));

This isn't true -- we already shipped macOS 12 and iOS 15 without these methods. Usually we use "WK_MAC_TBA" and "WK_IOS_TBA" until we are close to a release.

> Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:131
> +- (void)getAssertionWithClientDataHash:(NSData *)clientDataHash options:(_WKPublicKeyCredentialRequestOptions *)options completionHandler:(void (^)(_WKAuthenticatorAssertionResponse *, NSError *))handler WK_API_AVAILABLE(macos(12.0), ios(15.0));

Ditto.

> Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:1932
> +        EXPECT_WK_STREQ([response.rawId base64EncodedStringWithOptions:0], "SMSXHngF7hEOsElA73C3RY+8bR4=");

Curious if this rawId has a meaning you could reference, similar to the comments in the GetAssertionLAClientDataHash test, below.

> Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:2117
> +        // echo -n "example.com" | shasum -a 256 | xxd -r -p | base64

These comments are super helpful. I wonder if there is a similar thing you could say about the raw ID above?

Comment 5 pascoe@apple.com 2021-11-19 10:47:39 PST

Created attachment 444835 [details]
Patch

Comment 6 pascoe@apple.com 2021-11-19 10:49:20 PST

Wish I could've made it a slick bash command but converting from x9.63 to something openssl understands and back was involved.

Comment 7 Brent Fulgham 2021-11-19 10:57:31 PST

Comment on attachment 444835 [details]
Patch

r=me

Comment 8 EWS 2021-11-19 14:19:59 PST

Committed r286078 (244465@main): <https://commits.webkit.org/244465@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 444835 [details].