RESOLVED FIXED 238293
[WebAuthn] Maintain last modification time separate from last used time for platform credentials 
https://bugs.webkit.org/show_bug.cgi?id=238293
Summary [WebAuthn] Maintain last modification time separate from last used time for p...
pascoe@apple.com
Reported 2022-03-23 15:02:51 PDT
This splits _WKLocalAuthenticatorCredentialLastModificationDateKey (that signifies the last time it was modified or used) into _WKLocalAuthenticatorCredentialLastModificationDateKey (signifying the last modification) and _WKLocalAuthenticatorCredentialLastUsedDateKey (the last time a key was used).
Attachments
Patch (12.72 KB, patch)
2022-03-23 15:10 PDT, pascoe@apple.com 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
pascoe@apple.com
Comment 1 2022-03-23 15:03:23 PDT
rdar://90655676
pascoe@apple.com
Comment 2 2022-03-23 15:10:51 PDT
Created attachment 455567 [details] Patch
Brent Fulgham
Comment 3 2022-03-25 11:15:23 PDT
Comment on attachment 455567 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=455567&action=review r=me > Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:285 > + attributes[bridge_cast(kSecAttrModificationDate)], _WKLocalAuthenticatorCredentialLastUsedDateKey, It's kind of strange that we are using kSecAttrModifiedationDate to hold the _WKLocalAuthenticatorCredentialLastUsedDateKey. I guess this is a limitation of the Security framework API we are using?
pascoe@apple.com
Comment 4 2022-03-25 11:22:53 PDT
(In reply to Brent Fulgham from comment #3) > Comment on attachment 455567 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=455567&action=review > > r=me > > > Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:285 > > + attributes[bridge_cast(kSecAttrModificationDate)], _WKLocalAuthenticatorCredentialLastUsedDateKey, > > It's kind of strange that we are using kSecAttrModificationDate to hold the > _WKLocalAuthenticatorCredentialLastUsedDateKey. I guess this is a limitation > of the Security framework API we are using? Currently we "modify" the rpId in the label to the same value every time we do an assertion to later sort options by most recently used. We could create a new field in the applicationTag to store the last assertion, but it would still the same as kSecAttrModificationDate. Another idea I had was to store the last used time outside of the keychain, however it's nice to have all the state within one keychain item.
EWS
Comment 5 2022-03-25 13:17:40 PDT
Committed r291882 (248881@main): <https://commits.webkit.org/248881@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 455567 [details].
Note You need to log in before you can comment on or make changes to this bug.