commit | 5e71382b184e0be7fa4df602399d7e437f353495 | [log] [tgz] |
---|---|---|
author | jiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> | Fri Oct 18 20:55:56 2019 +0000 |
committer | jiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> | Fri Oct 18 20:55:56 2019 +0000 |
tree | e77279dfbcf31dc232dd01bb18377416cfacaac1 | |
parent | 7a1239f6ef09011ca2ae20597a4f8e5d502bf765 [diff] |
[WebAuthn] Implement AuthenticatorCancel https://bugs.webkit.org/show_bug.cgi?id=191523 <rdar://problem/55920204> Reviewed by Brent Fulgham. Source/WebCore: Covered by new tests in existing test files. * Modules/credentialmanagement/CredentialsContainer.cpp: (WebCore::CredentialsContainer::get): (WebCore::CredentialsContainer::isCreate): * Modules/webauthn/AuthenticatorCoordinator.cpp: (WebCore::AuthenticatorCoordinator::create const): (WebCore::AuthenticatorCoordinator::discoverFromExternalSource const): * Modules/webauthn/AuthenticatorCoordinator.h: * Modules/webauthn/AuthenticatorCoordinatorClient.cpp: Removed. * Modules/webauthn/AuthenticatorCoordinatorClient.h: * Modules/webauthn/PublicKeyCredential.cpp: (WebCore::PublicKeyCredential::tryCreate): * Modules/webauthn/PublicKeyCredential.h: * Modules/webauthn/PublicKeyCredentialData.h: * Modules/webauthn/fido/DeviceRequestConverter.h: * Modules/webauthn/fido/FidoHidMessage.cpp: (fido::FidoHidMessage::FidoHidMessage): * Modules/webauthn/fido/FidoHidPacket.cpp: (fido::FidoHidInitPacket::getSerializedData const): (fido::FidoHidContinuationPacket::getSerializedData const): * Sources.txt: * WebCore.xcodeproj/project.pbxproj: * testing/MockWebAuthenticationConfiguration.h: (WebCore::MockWebAuthenticationConfiguration::HidConfiguration::encode const): (WebCore::MockWebAuthenticationConfiguration::HidConfiguration::decode): * testing/MockWebAuthenticationConfiguration.idl: Adds a new option to test AuthenticatorCancel. Source/WebKit: This patch implement two ways to cancel a pending WebAuthn ceremony: 1) Via navigation activities. Activities include i) main frame navigation, ii) main frame reload, iii) main frame destruction, iv) sub frame navigation, and v) sub frame destruction. All the above activities will cancel any pending WebAuthn ceremony that is associated with the frame. To prove the association, a GlobalFrameIdentifier is bridged into WebAuthenticationRequestData. Navigation cancel is done in WebPageProxy::didStartProvisionalLoadForFrameShared, and destruction cancel is done in WebProcessProxy::didDestroyFrame and WebPageProxy::resetState. 2) Via UI. This path is simply bridged -[_WKWebAuthenticationPanel cancel] into AuthenticatorManager. Noted, this patch follows the spec to wait until time out to notify RPs. References: i) Step 20 of https://www.w3.org/TR/webauthn/#createCredential, ii) Step 18 of https://www.w3.org/TR/webauthn/#getAssertion As for what the cancel actually does, it: 1) stops any HID/NFC scanning; 2) sends CTAPHID_CANCEL to any HID authenticators that have been added. Reference: https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#usb-hid-cancel Sending CTAPHID_CANCEL, however, is not trivial. An abstract class FidoAuthenticator is crafted to do this labor for both CtapAuthenticator and U2fAuthenticator during the time of destructions. Noted: The CtapHidDriver is the only CtapDriver implements the cancel method. Since the message is sent during state reset, lifecycle of the HidConenction and HidService which manage the underlying IOHIDDeviceRef is very hard to hold. This is required for the regular async sender. Therefore, HidConnection::sendSync is crafted to send the message synchronously to get rid of the tediousness of managing those lifecycles. P.S. Vector::grow doesn't initialize POD types. Therefore, this patch also appends it with memset for FidoHidPacket. P.S.S. This patch also simplifies AuthenticatorCoordinatorClient by: i) moving code from AuthenticatorCoordinatorClient to WebAuthenticatorCoordinatorClient, and ii) using sendWithAsyncReply. The latter allows us to get rid of the complex mechanism of ensuring the right reply is returned. * DerivedSources.make: * Sources.txt: * UIProcess/API/APIWebAuthenticationPanel.cpp: (API::WebAuthenticationPanel::create): (API::WebAuthenticationPanel::WebAuthenticationPanel): (API::WebAuthenticationPanel::cancel const): * UIProcess/API/APIWebAuthenticationPanel.h: * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (-[_WKWebAuthenticationPanel cancel]): * UIProcess/WebAuthentication/AuthenticatorManager.cpp: (WebKit::AuthenticatorManager::cancelRequest): (WebKit::AuthenticatorManager::clearState): (WebKit::AuthenticatorManager::runPanel): (WebKit::AuthenticatorManager::resetState): * UIProcess/WebAuthentication/AuthenticatorManager.h: * UIProcess/WebAuthentication/Cocoa/HidConnection.h: (WebKit::HidConnection::isInitialized const): (WebKit::HidConnection::setIsInitialized): * UIProcess/WebAuthentication/Cocoa/HidConnection.mm: (WebKit::HidConnection::~HidConnection): (WebKit::HidConnection::initialize): (WebKit::HidConnection::terminate): (WebKit::HidConnection::sendSync): (WebKit::HidConnection::send): (WebKit::HidConnection::registerDataReceivedCallback): * UIProcess/WebAuthentication/Mock/MockHidConnection.cpp: (WebKit::MockHidConnection::initialize): (WebKit::MockHidConnection::terminate): (WebKit::MockHidConnection::sendSync): (WebKit::MockHidConnection::send): (WebKit::MockHidConnection::feedReports): * UIProcess/WebAuthentication/Mock/MockHidConnection.h: * UIProcess/WebAuthentication/WebAuthenticationRequestData.h: * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp: (WebKit::WebAuthenticatorCoordinatorProxy::makeCredential): (WebKit::WebAuthenticatorCoordinatorProxy::getAssertion): (WebKit::WebAuthenticatorCoordinatorProxy::handleRequest): (WebKit::WebAuthenticatorCoordinatorProxy::isUserVerifyingPlatformAuthenticatorAvailable): (WebKit::WebAuthenticatorCoordinatorProxy::requestReply): Deleted. * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h: * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.messages.in: * UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp: (WebKit::CtapAuthenticator::CtapAuthenticator): (WebKit::CtapAuthenticator::makeCredential): (WebKit::CtapAuthenticator::getAssertion): (WebKit::CtapAuthenticator::tryDowngrade): * UIProcess/WebAuthentication/fido/CtapAuthenticator.h: * UIProcess/WebAuthentication/fido/CtapDriver.h: (WebKit::CtapDriver::cancel): * UIProcess/WebAuthentication/fido/CtapHidDriver.cpp: (WebKit::CtapHidDriver::Worker::write): (WebKit::CtapHidDriver::Worker::read): (WebKit::CtapHidDriver::Worker::returnMessage): (WebKit::CtapHidDriver::Worker::reset): (WebKit::CtapHidDriver::Worker::cancel): (WebKit::CtapHidDriver::continueAfterChannelAllocated): (WebKit::CtapHidDriver::continueAfterResponseReceived): (WebKit::CtapHidDriver::returnResponse): (WebKit::CtapHidDriver::reset): (WebKit::CtapHidDriver::cancel): * UIProcess/WebAuthentication/fido/CtapHidDriver.h: * UIProcess/WebAuthentication/fido/FidoAuthenticator.cpp: Copied from Source/WebKit/UIProcess/API/APIWebAuthenticationPanel.cpp. (WebKit::FidoAuthenticator::FidoAuthenticator): (WebKit::FidoAuthenticator::~FidoAuthenticator): (WebKit::FidoAuthenticator::driver const): (WebKit::FidoAuthenticator::releaseDriver): * UIProcess/WebAuthentication/fido/FidoAuthenticator.h: Copied from Source/WebKit/UIProcess/API/APIWebAuthenticationPanel.cpp. * UIProcess/WebAuthentication/fido/FidoService.cpp: (WebKit::FidoService::continueAfterGetInfo): * UIProcess/WebAuthentication/fido/U2fAuthenticator.cpp: (WebKit::U2fAuthenticator::U2fAuthenticator): (WebKit::U2fAuthenticator::issueCommand): * UIProcess/WebAuthentication/fido/U2fAuthenticator.h: * UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::didStartProvisionalLoadForFrameShared): (WebKit::WebPageProxy::resetState): * UIProcess/WebProcessProxy.cpp: (WebKit::WebProcessProxy::didDestroyFrame): * WebKit.xcodeproj/project.pbxproj: * WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp: (WebKit::WebAuthenticatorCoordinator::WebAuthenticatorCoordinator): (WebKit::WebAuthenticatorCoordinator::makeCredential): (WebKit::WebAuthenticatorCoordinator::getAssertion): (WebKit::WebAuthenticatorCoordinator::isUserVerifyingPlatformAuthenticatorAvailable): (WebKit::WebAuthenticatorCoordinator::~WebAuthenticatorCoordinator): Deleted. * WebProcess/WebAuthentication/WebAuthenticatorCoordinator.h: * WebProcess/WebAuthentication/WebAuthenticatorCoordinator.messages.in: Removed. * WebProcess/WebPage/WebFrame.cpp: (WebKit::WebFrame::fromCoreFrame): * WebProcess/WebPage/WebFrame.h: Tools: * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/WebCore/FidoHidMessageTest.cpp: (TestWebKitAPI::TEST): * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm: (-[TestWebAuthenticationPanelUIDelegate webView:runWebAuthenticationPanel:initiatedByFrame:completionHandler:]): (TestWebKitAPI::TEST): * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-hid-cancel.html: Copied from Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-hid.html. * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-hid.html: * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-nfc.html: * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion.html: LayoutTests: Modified one of the error message that is no longer emitted. * http/wpt/webauthn/public-key-credential-create-failure.https.html: * http/wpt/webauthn/public-key-credential-create-success-hid.https.html: * http/wpt/webauthn/public-key-credential-get-failure.https.html: * http/wpt/webauthn/public-key-credential-get-success-hid.https.html: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@251295 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit is a cross-platform web browser engine. On iOS and macOS, it powers Safari, Mail, iBooks, and many other applications.
Visit WebKit Feature Status page to see which Web API has been implemented, in development, or under consideration.
On macOS, download Safari Technology Preview to test the latest version of WebKit. On Linux, download Epiphany Technology Preview. On Windows, you'll have to build it yourself.
Once your bug is filed, you will receive email when it is updated at each stage in the bug life cycle. After the bug is considered fixed, you may be asked to download the latest nightly and confirm that the fix works for you.
On Windows, follow the instructions on our website.
Run the following command to clone WebKit's Git SVN repository:
git clone git://git.webkit.org/WebKit.git WebKit
or
git clone https://git.webkit.org/git/WebKit.git WebKit
If you want to be able to commit changes to the repository, or just want to check out branches that aren’t contained in WebKit.git, you will need track WebKit's Subversion repository. You can run the following command to configure this and other options of the new Git clone for WebKit development.
Tools/Scripts/webkit-patch setup-git-clone
For information about this, and other aspects of using Git with WebKit, read the wiki page.
If you don‘t want to use Git, run the following command to check out WebKit’s Subversion repository:
svn checkout https://svn.webkit.org/repository/webkit/trunk WebKit
Install Xcode and its command line tools if you haven't done so already:
xcode-select --install
Run the following command to build a debug build with debugging symbols and assertions:
Tools/Scripts/build-webkit --debug
For performance testing, and other purposes, use --release
instead.
You can open WebKit.xcworkspace
to build and debug WebKit within Xcode.
If you don't use a custom build location in Xcode preferences, you have to update the workspace settings to use WebKitBuild
directory. In menu bar, choose File > Workspace Settings, then click the Advanced button, select “Custom”, “Relative to Workspace”, and enter WebKitBuild
for both Products and Intermediates.
The first time after you install a new Xcode, you will need to run the following command to enable Xcode to build command line tools for iOS Simulator:
sudo Tools/Scripts/configure-xcode-for-ios-development
Without this step, you will see the error message: “target specifies product type ‘com.apple.product-type.tool’, but there’s no such product type for the ‘iphonesimulator’ platform.
” when building target JSCLLIntOffsetsExtractor
of project JavaScriptCore
.
Run the following command to build a debug build with debugging symbols and assertions for iOS:
Tools/Scripts/build-webkit --debug --ios-simulator
For production builds:
cmake -DPORT=GTK -DCMAKE_BUILD_TYPE=RelWithDebInfo -GNinja ninja sudo ninja install
For development builds:
Tools/gtk/install-dependencies Tools/Scripts/update-webkitgtk-libs Tools/Scripts/build-webkit --gtk --debug
For more information on building WebKitGTK+, see the wiki page.
For production builds:
cmake -DPORT=WPE -DCMAKE_BUILD_TYPE=RelWithDebInfo -GNinja ninja sudo ninja install
For development builds:
Tools/wpe/install-dependencies Tools/Scripts/update-webkitwpe-libs Tools/Scripts/build-webkit --wpe --debug
For building WebKit on Windows, see the wiki page.
Run the following command to launch Safari with your local build of WebKit:
Tools/Scripts/run-safari --debug
The run-safari
script sets the DYLD_FRAMEWORK_PATH
environment variable to point to your build products, and then launches /Applications/Safari.app
. DYLD_FRAMEWORK_PATH
tells the system loader to prefer your build products over the frameworks installed in /System/Library/Frameworks
.
To run other applications with your local build of WebKit, run the following command:
Tools/Scripts/run-webkit-app <application-path>
Run the following command to launch iOS simulator with your local build of WebKit:
run-safari --debug --ios-simulator
In both cases, if you have built release builds instead, use --release
instead of --debug
.
If you have a development build, you can use the run-minibrowser script, e.g.:
run-minibrowser --debug --wpe
Pass one of --gtk
, --jsc-only
, or --wpe
to indicate the port to use.
Congratulations! You’re up and running. Now you can begin coding in WebKit and contribute your fixes and new features to the project. For details on submitting your code to the project, read Contributing Code.