Google Git
Sign in
webkit / WebKit / 5e71382b184e0be7fa4df602399d7e437f353495
commit5e71382b184e0be7fa4df602399d7e437f353495[log] [tgz]
authorjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Oct 18 20:55:56 2019 +0000
committerjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Oct 18 20:55:56 2019 +0000
treee77279dfbcf31dc232dd01bb18377416cfacaac1
parent7a1239f6ef09011ca2ae20597a4f8e5d502bf765 [diff]
[WebAuthn] Implement AuthenticatorCancel
https://bugs.webkit.org/show_bug.cgi?id=191523
<rdar://problem/55920204>

Reviewed by Brent Fulgham.

Source/WebCore:

Covered by new tests in existing test files.

* Modules/credentialmanagement/CredentialsContainer.cpp:
(WebCore::CredentialsContainer::get):
(WebCore::CredentialsContainer::isCreate):
* Modules/webauthn/AuthenticatorCoordinator.cpp:
(WebCore::AuthenticatorCoordinator::create const):
(WebCore::AuthenticatorCoordinator::discoverFromExternalSource const):
* Modules/webauthn/AuthenticatorCoordinator.h:
* Modules/webauthn/AuthenticatorCoordinatorClient.cpp: Removed.
* Modules/webauthn/AuthenticatorCoordinatorClient.h:
* Modules/webauthn/PublicKeyCredential.cpp:
(WebCore::PublicKeyCredential::tryCreate):
* Modules/webauthn/PublicKeyCredential.h:
* Modules/webauthn/PublicKeyCredentialData.h:
* Modules/webauthn/fido/DeviceRequestConverter.h:
* Modules/webauthn/fido/FidoHidMessage.cpp:
(fido::FidoHidMessage::FidoHidMessage):
* Modules/webauthn/fido/FidoHidPacket.cpp:
(fido::FidoHidInitPacket::getSerializedData const):
(fido::FidoHidContinuationPacket::getSerializedData const):
* Sources.txt:
* WebCore.xcodeproj/project.pbxproj:
* testing/MockWebAuthenticationConfiguration.h:
(WebCore::MockWebAuthenticationConfiguration::HidConfiguration::encode const):
(WebCore::MockWebAuthenticationConfiguration::HidConfiguration::decode):
* testing/MockWebAuthenticationConfiguration.idl:
Adds a new option to test AuthenticatorCancel.

Source/WebKit:

This patch implement two ways to cancel a pending WebAuthn ceremony:
1) Via navigation activities. Activities include i) main frame navigation, ii) main frame reload,
iii) main frame destruction, iv) sub frame navigation, and v) sub frame destruction. All the above
activities will cancel any pending WebAuthn ceremony that is associated with the frame. To prove
the association, a GlobalFrameIdentifier is bridged into WebAuthenticationRequestData. Navigation
cancel is done in WebPageProxy::didStartProvisionalLoadForFrameShared, and destruction cancel is done
in WebProcessProxy::didDestroyFrame and WebPageProxy::resetState.
2) Via UI. This path is simply bridged -[_WKWebAuthenticationPanel cancel] into AuthenticatorManager.
Noted, this patch follows the spec to wait until time out to notify RPs.
References: i) Step 20 of https://www.w3.org/TR/webauthn/#createCredential, ii) Step 18 of
https://www.w3.org/TR/webauthn/#getAssertion

As for what the cancel actually does, it:
1) stops any HID/NFC scanning;
2) sends CTAPHID_CANCEL to any HID authenticators that have been added. Reference:
https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#usb-hid-cancel
Sending CTAPHID_CANCEL, however, is not trivial. An abstract class FidoAuthenticator is crafted to
do this labor for both CtapAuthenticator and U2fAuthenticator during the time of destructions.
Noted: The CtapHidDriver is the only CtapDriver implements the cancel method. Since the message
is sent during state reset, lifecycle of the HidConenction and HidService which manage the underlying
IOHIDDeviceRef is very hard to hold. This is required for the regular async sender. Therefore,
HidConnection::sendSync is crafted to send the message synchronously to get rid of the tediousness
of managing those lifecycles.

P.S. Vector::grow doesn't initialize POD types. Therefore, this patch also appends it with memset
for FidoHidPacket.

P.S.S. This patch also simplifies AuthenticatorCoordinatorClient by: i) moving code from AuthenticatorCoordinatorClient
to WebAuthenticatorCoordinatorClient, and ii) using sendWithAsyncReply. The latter allows us to
get rid of the complex mechanism of ensuring the right reply is returned.

* DerivedSources.make:
* Sources.txt:
* UIProcess/API/APIWebAuthenticationPanel.cpp:
(API::WebAuthenticationPanel::create):
(API::WebAuthenticationPanel::WebAuthenticationPanel):
(API::WebAuthenticationPanel::cancel const):
* UIProcess/API/APIWebAuthenticationPanel.h:
* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:
(-[_WKWebAuthenticationPanel cancel]):
* UIProcess/WebAuthentication/AuthenticatorManager.cpp:
(WebKit::AuthenticatorManager::cancelRequest):
(WebKit::AuthenticatorManager::clearState):
(WebKit::AuthenticatorManager::runPanel):
(WebKit::AuthenticatorManager::resetState):
* UIProcess/WebAuthentication/AuthenticatorManager.h:
* UIProcess/WebAuthentication/Cocoa/HidConnection.h:
(WebKit::HidConnection::isInitialized const):
(WebKit::HidConnection::setIsInitialized):
* UIProcess/WebAuthentication/Cocoa/HidConnection.mm:
(WebKit::HidConnection::~HidConnection):
(WebKit::HidConnection::initialize):
(WebKit::HidConnection::terminate):
(WebKit::HidConnection::sendSync):
(WebKit::HidConnection::send):
(WebKit::HidConnection::registerDataReceivedCallback):
* UIProcess/WebAuthentication/Mock/MockHidConnection.cpp:
(WebKit::MockHidConnection::initialize):
(WebKit::MockHidConnection::terminate):
(WebKit::MockHidConnection::sendSync):
(WebKit::MockHidConnection::send):
(WebKit::MockHidConnection::feedReports):
* UIProcess/WebAuthentication/Mock/MockHidConnection.h:
* UIProcess/WebAuthentication/WebAuthenticationRequestData.h:
* UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp:
(WebKit::WebAuthenticatorCoordinatorProxy::makeCredential):
(WebKit::WebAuthenticatorCoordinatorProxy::getAssertion):
(WebKit::WebAuthenticatorCoordinatorProxy::handleRequest):
(WebKit::WebAuthenticatorCoordinatorProxy::isUserVerifyingPlatformAuthenticatorAvailable):
(WebKit::WebAuthenticatorCoordinatorProxy::requestReply): Deleted.
* UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h:
* UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.messages.in:
* UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
(WebKit::CtapAuthenticator::CtapAuthenticator):
(WebKit::CtapAuthenticator::makeCredential):
(WebKit::CtapAuthenticator::getAssertion):
(WebKit::CtapAuthenticator::tryDowngrade):
* UIProcess/WebAuthentication/fido/CtapAuthenticator.h:
* UIProcess/WebAuthentication/fido/CtapDriver.h:
(WebKit::CtapDriver::cancel):
* UIProcess/WebAuthentication/fido/CtapHidDriver.cpp:
(WebKit::CtapHidDriver::Worker::write):
(WebKit::CtapHidDriver::Worker::read):
(WebKit::CtapHidDriver::Worker::returnMessage):
(WebKit::CtapHidDriver::Worker::reset):
(WebKit::CtapHidDriver::Worker::cancel):
(WebKit::CtapHidDriver::continueAfterChannelAllocated):
(WebKit::CtapHidDriver::continueAfterResponseReceived):
(WebKit::CtapHidDriver::returnResponse):
(WebKit::CtapHidDriver::reset):
(WebKit::CtapHidDriver::cancel):
* UIProcess/WebAuthentication/fido/CtapHidDriver.h:
* UIProcess/WebAuthentication/fido/FidoAuthenticator.cpp: Copied from Source/WebKit/UIProcess/API/APIWebAuthenticationPanel.cpp.
(WebKit::FidoAuthenticator::FidoAuthenticator):
(WebKit::FidoAuthenticator::~FidoAuthenticator):
(WebKit::FidoAuthenticator::driver const):
(WebKit::FidoAuthenticator::releaseDriver):
* UIProcess/WebAuthentication/fido/FidoAuthenticator.h: Copied from Source/WebKit/UIProcess/API/APIWebAuthenticationPanel.cpp.
* UIProcess/WebAuthentication/fido/FidoService.cpp:
(WebKit::FidoService::continueAfterGetInfo):
* UIProcess/WebAuthentication/fido/U2fAuthenticator.cpp:
(WebKit::U2fAuthenticator::U2fAuthenticator):
(WebKit::U2fAuthenticator::issueCommand):
* UIProcess/WebAuthentication/fido/U2fAuthenticator.h:
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::didStartProvisionalLoadForFrameShared):
(WebKit::WebPageProxy::resetState):
* UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::didDestroyFrame):
* WebKit.xcodeproj/project.pbxproj:
* WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp:
(WebKit::WebAuthenticatorCoordinator::WebAuthenticatorCoordinator):
(WebKit::WebAuthenticatorCoordinator::makeCredential):
(WebKit::WebAuthenticatorCoordinator::getAssertion):
(WebKit::WebAuthenticatorCoordinator::isUserVerifyingPlatformAuthenticatorAvailable):
(WebKit::WebAuthenticatorCoordinator::~WebAuthenticatorCoordinator): Deleted.
* WebProcess/WebAuthentication/WebAuthenticatorCoordinator.h:
* WebProcess/WebAuthentication/WebAuthenticatorCoordinator.messages.in: Removed.
* WebProcess/WebPage/WebFrame.cpp:
(WebKit::WebFrame::fromCoreFrame):
* WebProcess/WebPage/WebFrame.h:

Tools:

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebCore/FidoHidMessageTest.cpp:
(TestWebKitAPI::TEST):
* TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:
(-[TestWebAuthenticationPanelUIDelegate webView:runWebAuthenticationPanel:initiatedByFrame:completionHandler:]):
(TestWebKitAPI::TEST):
* TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-hid-cancel.html: Copied from Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-hid.html.
* TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-hid.html:
* TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-nfc.html:
* TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion.html:

LayoutTests:

Modified one of the error message that is no longer emitted.

* http/wpt/webauthn/public-key-credential-create-failure.https.html:
* http/wpt/webauthn/public-key-credential-create-success-hid.https.html:
* http/wpt/webauthn/public-key-credential-get-failure.https.html:
* http/wpt/webauthn/public-key-credential-get-success-hid.https.html:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@251295 268f45cc-cd09-0410-ab3c-d52691b4dbfc
63 files changed
tree: e77279dfbcf31dc232dd01bb18377416cfacaac1
  1. JSTests/
  2. LayoutTests/
  3. ManualTests/
  4. PerformanceTests/
  5. Source/
  6. Tools/
  7. WebDriverTests/
  8. WebKit.xcworkspace/
  9. WebKitLibraries/
  10. Websites/
  11. .clang-format
  12. .dir-locals.el
  13. .gitattributes
  14. .gitignore
  15. ChangeLog
  16. ChangeLog-2012-05-22
  17. ChangeLog-2018-01-01
  18. CMakeLists.txt
  19. Makefile
  20. Makefile.shared
  21. ReadMe.md
ReadMe.md

WebKit

WebKit is a cross-platform web browser engine. On iOS and macOS, it powers Safari, Mail, iBooks, and many other applications.

Feature Status

Visit WebKit Feature Status page to see which Web API has been implemented, in development, or under consideration.

Trying the Latest

On macOS, download Safari Technology Preview to test the latest version of WebKit. On Linux, download Epiphany Technology Preview. On Windows, you'll have to build it yourself.

Reporting Bugs

  1. Search WebKit Bugzilla to see if there is an existing report for the bug you've encountered.
  2. Create a Bugzilla account to to report bugs (and to comment on them) if you haven't done so already.
  3. File a bug in accordance with our guidelines.

Once your bug is filed, you will receive email when it is updated at each stage in the bug life cycle. After the bug is considered fixed, you may be asked to download the latest nightly and confirm that the fix works for you.

Getting the Code

On Windows, follow the instructions on our website.

Cloning the Git SVN Repository

Run the following command to clone WebKit's Git SVN repository:

git clone git://git.webkit.org/WebKit.git WebKit

or

git clone https://git.webkit.org/git/WebKit.git WebKit

If you want to be able to commit changes to the repository, or just want to check out branches that aren’t contained in WebKit.git, you will need track WebKit's Subversion repository. You can run the following command to configure this and other options of the new Git clone for WebKit development.

Tools/Scripts/webkit-patch setup-git-clone

For information about this, and other aspects of using Git with WebKit, read the wiki page.

Checking out the Subversion Repository

If you don‘t want to use Git, run the following command to check out WebKit’s Subversion repository:

svn checkout https://svn.webkit.org/repository/webkit/trunk WebKit

Building WebKit

Building macOS Port

Install Xcode and its command line tools if you haven't done so already:

  1. Install Xcode Get Xcode from https://developer.apple.com/downloads. To build WebKit for OS X, Xcode 5.1.1 or later is required. To build WebKit for iOS Simulator, Xcode 7 or later is required.
  2. Install the Xcode Command Line Tools In Terminal, run the command: xcode-select --install

Run the following command to build a debug build with debugging symbols and assertions:

Tools/Scripts/build-webkit --debug

For performance testing, and other purposes, use --release instead.

Using Xcode

You can open WebKit.xcworkspace to build and debug WebKit within Xcode.

If you don't use a custom build location in Xcode preferences, you have to update the workspace settings to use WebKitBuild directory. In menu bar, choose File > Workspace Settings, then click the Advanced button, select “Custom”, “Relative to Workspace”, and enter WebKitBuild for both Products and Intermediates.

Building iOS Port

The first time after you install a new Xcode, you will need to run the following command to enable Xcode to build command line tools for iOS Simulator:

sudo Tools/Scripts/configure-xcode-for-ios-development

Without this step, you will see the error message: “target specifies product type ‘com.apple.product-type.tool’, but there’s no such product type for the ‘iphonesimulator’ platform.” when building target JSCLLIntOffsetsExtractor of project JavaScriptCore.

Run the following command to build a debug build with debugging symbols and assertions for iOS:

Tools/Scripts/build-webkit --debug --ios-simulator

Building the GTK+ Port

For production builds:

cmake -DPORT=GTK -DCMAKE_BUILD_TYPE=RelWithDebInfo -GNinja
ninja
sudo ninja install

For development builds:

Tools/gtk/install-dependencies
Tools/Scripts/update-webkitgtk-libs
Tools/Scripts/build-webkit --gtk --debug

For more information on building WebKitGTK+, see the wiki page.

Building the WPE Port

For production builds:

cmake -DPORT=WPE -DCMAKE_BUILD_TYPE=RelWithDebInfo -GNinja
ninja
sudo ninja install

For development builds:

Tools/wpe/install-dependencies
Tools/Scripts/update-webkitwpe-libs
Tools/Scripts/build-webkit --wpe --debug

Building Windows Port

For building WebKit on Windows, see the wiki page.

Running WebKit

With Safari and Other macOS Applications

Run the following command to launch Safari with your local build of WebKit:

Tools/Scripts/run-safari --debug

The run-safari script sets the DYLD_FRAMEWORK_PATH environment variable to point to your build products, and then launches /Applications/Safari.app. DYLD_FRAMEWORK_PATH tells the system loader to prefer your build products over the frameworks installed in /System/Library/Frameworks.

To run other applications with your local build of WebKit, run the following command:

Tools/Scripts/run-webkit-app <application-path>

iOS Simulator

Run the following command to launch iOS simulator with your local build of WebKit:

run-safari --debug --ios-simulator

In both cases, if you have built release builds instead, use --release instead of --debug.

Linux Ports

If you have a development build, you can use the run-minibrowser script, e.g.:

run-minibrowser --debug --wpe

Pass one of --gtk, --jsc-only, or --wpe to indicate the port to use.

Contribute

Congratulations! You’re up and running. Now you can begin coding in WebKit and contribute your fixes and new features to the project. For details on submitting your code to the project, read Contributing Code.