Bug 233371 - Add headers for [_WKWebAuthenticationPanel makeCredentialWithClientDataHash] and [_WKWebAuthenticationPanel getAssertionWithClientDataHash]
Summary: Add headers for [_WKWebAuthenticationPanel makeCredentialWithClientDataHash] ...
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: j_pascoe@apple.com
Keywords: InRadar
Depends on: 233216
  Show dependency treegraph
Reported: 2021-11-19 09:21 PST by j_pascoe@apple.com
Modified: 2021-11-19 14:20 PST (History)
2 users (show)

See Also:

Patch (2.54 KB, patch)
2021-11-19 09:30 PST, j_pascoe@apple.com
no flags Details | Formatted Diff | Diff
Patch (8.93 KB, patch)
2021-11-19 09:52 PST, j_pascoe@apple.com
no flags Details | Formatted Diff | Diff
Patch (9.12 KB, patch)
2021-11-19 10:47 PST, j_pascoe@apple.com
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description j_pascoe@apple.com 2021-11-19 09:21:17 PST
This is a followup to: https://bugs.webkit.org/show_bug.cgi?id=233216

In order to avoid needing to make and coordinate changes to ASC to support new fields or changes within ClientDataJSON and to maintain a single source of truth, calls to ASC from WebKit will contain a precomputed ClientDataHash.

In order to use these new methods, they must be added to _WKWebAuthenticationPanel.h
Comment 1 Radar WebKit Bug Importer 2021-11-19 09:21:34 PST
Comment 2 j_pascoe@apple.com 2021-11-19 09:30:31 PST
Created attachment 444825 [details]
Comment 3 j_pascoe@apple.com 2021-11-19 09:52:45 PST
Created attachment 444828 [details]
Comment 4 Brent Fulgham 2021-11-19 10:10:08 PST
Comment on attachment 444828 [details]

View in context: https://bugs.webkit.org/attachment.cgi?id=444828&action=review

r=me if you switch to WK_<MAC/IOS>_TBA in the availability macros.

> Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:129
> +- (void)makeCredentialWithClientDataHash:(NSData *)clientDataHash options:(_WKPublicKeyCredentialCreationOptions *)options completionHandler:(void (^)(_WKAuthenticatorAttestationResponse *, NSError *))handler WK_API_AVAILABLE(macos(12.0), ios(15.0));

This isn't true -- we already shipped macOS 12 and iOS 15 without these methods. Usually we use "WK_MAC_TBA" and "WK_IOS_TBA" until we are close to a release.

> Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:131
> +- (void)getAssertionWithClientDataHash:(NSData *)clientDataHash options:(_WKPublicKeyCredentialRequestOptions *)options completionHandler:(void (^)(_WKAuthenticatorAssertionResponse *, NSError *))handler WK_API_AVAILABLE(macos(12.0), ios(15.0));


> Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:1932
> +        EXPECT_WK_STREQ([response.rawId base64EncodedStringWithOptions:0], "SMSXHngF7hEOsElA73C3RY+8bR4=");

Curious if this rawId has a meaning you could reference, similar to the comments in the GetAssertionLAClientDataHash test, below.

> Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:2117
> +        // echo -n "example.com" | shasum -a 256 | xxd -r -p | base64

These comments are super helpful. I wonder if there is a similar thing you could say about the raw ID above?
Comment 5 j_pascoe@apple.com 2021-11-19 10:47:39 PST
Created attachment 444835 [details]
Comment 6 j_pascoe@apple.com 2021-11-19 10:49:20 PST
Wish I could've made it a slick bash command but converting from x9.63 to something openssl understands and back was involved.
Comment 7 Brent Fulgham 2021-11-19 10:57:31 PST
Comment on attachment 444835 [details]

Comment 8 EWS 2021-11-19 14:19:59 PST
Committed r286078 (244465@main): <https://commits.webkit.org/244465@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 444835 [details].