WebKit Bugzilla
Attachment 370522 Details for
Bug 182772
: [WebAuthN] Enable LocalAuthenticator for macOS
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-182772-20190523145351.patch (text/plain), 31.56 KB, created by
Jiewen Tan
on 2019-05-23 14:53:52 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Jiewen Tan
Created:
2019-05-23 14:53:52 PDT
Size:
31.56 KB
patch
obsolete
>Subversion Revision: 245637 >diff --git a/Source/WTF/ChangeLog b/Source/WTF/ChangeLog >index 278ebc0cf65e3402fd1d415919ca911af9412ebf..314628239a125998eeea6f53be10e7ccdba1f0af 100644 >--- a/Source/WTF/ChangeLog >+++ b/Source/WTF/ChangeLog >@@ -1,3 +1,16 @@ >+2019-05-23 Jiewen Tan <jiewen_tan@apple.com> >+ >+ [WebAuthN] Enable LocalAuthenticator for macOS >+ https://bugs.webkit.org/show_bug.cgi?id=182772 >+ <rdar://problem/43347920> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * wtf/Platform.h: >+ Adds HAVE_DEVICE_IDENTITY. >+ * wtf/spi/cocoa/SecuritySPI.h: >+ Adds a SPI for telling macOS keychain to use the modern one. >+ > 2019-05-21 Ross Kirsling <ross.kirsling@sony.com> > > [PlayStation] Don't call fcntl. >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 3776d6d4941790c94429af655a227203865f2337..89f725e4e3dde42fc0d64896be2b22307e15d180 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,31 @@ >+2019-05-23 Jiewen Tan <jiewen_tan@apple.com> >+ >+ [WebAuthN] Enable LocalAuthenticator for macOS >+ https://bugs.webkit.org/show_bug.cgi?id=182772 >+ <rdar://problem/43347920> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ This patch enables LocalAuthenticator for macOS. The majority >+ of this patch is to tweak macOS keychain to use the modern one. >+ >+ * Configurations/WebKit.xcconfig: >+ * Platform/spi/Cocoa/DeviceIdentitySPI.h: >+ * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: >+ (WebKit::LocalAuthenticatorInternal::toVector): >+ (WebKit::LocalAuthenticator::makeCredential): >+ (WebKit::LocalAuthenticator::continueMakeCredentialAfterUserConsented): >+ (WebKit::LocalAuthenticator::continueMakeCredentialAfterAttested): >+ (WebKit::LocalAuthenticator::getAssertion): >+ (WebKit::LocalAuthenticator::continueGetAssertionAfterUserConsented): >+ * UIProcess/WebAuthentication/Cocoa/LocalConnection.mm: >+ (WebKit::LocalConnection::getUserConsent const): >+ (WebKit::LocalConnection::getAttestation const): >+ * UIProcess/WebAuthentication/Cocoa/LocalService.mm: >+ (WebKit::LocalService::isAvailable): >+ * UIProcess/WebAuthentication/Mock/MockLocalConnection.mm: >+ (WebKit::MockLocalConnection::getAttestation const): >+ > 2019-05-22 Zalan Bujtas <zalan@apple.com> > > [Paste] Add support for preferred presentation size when pasting an image >diff --git a/Source/WTF/wtf/Platform.h b/Source/WTF/wtf/Platform.h >index 447bb18a8f028c29501d3931fb9557a8d53a2607..57a1cd3b36a4c303bd658853299cb951c7dbff8f 100644 >--- a/Source/WTF/wtf/Platform.h >+++ b/Source/WTF/wtf/Platform.h >@@ -1559,3 +1559,6 @@ > #define HAVE_CORETEXT_AUTO_OPTICAL_SIZING 1 > #endif > >+#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400) || (PLATFORM(IOS) && !PLATFORM(IOS_SIMULATOR)) >+#define HAVE_DEVICE_IDENTITY 1 >+#endif >diff --git a/Source/WTF/wtf/spi/cocoa/SecuritySPI.h b/Source/WTF/wtf/spi/cocoa/SecuritySPI.h >index 96e30a7c7d294f455c03b0de37be0a4d12135e42..9ffa8aff532f7047e7fc47f196ac43a6936b4ab1 100644 >--- a/Source/WTF/wtf/spi/cocoa/SecuritySPI.h >+++ b/Source/WTF/wtf/spi/cocoa/SecuritySPI.h >@@ -28,6 +28,7 @@ > #if USE(APPLE_INTERNAL_SDK) > > #include <Security/SecCertificatePriv.h> >+#include <Security/SecItemPriv.h> > #include <Security/SecTask.h> > #include <Security/SecTrustPriv.h> > >@@ -88,4 +89,6 @@ extern const CFStringRef kSecTrustInfoExtendedValidationKey; > extern const CFStringRef kSecTrustInfoCompanyNameKey; > extern const CFStringRef kSecTrustInfoRevocationKey; > >+extern const CFStringRef kSecAttrNoLegacy; >+ > WTF_EXTERN_C_END >diff --git a/Source/WebKit/Configurations/WebKit.xcconfig b/Source/WebKit/Configurations/WebKit.xcconfig >index fee14791a81f2f36a25d3ab6b7fa597302e72b56..7e04e10e4fbf88f92123e04deb05826e00f331ad 100644 >--- a/Source/WebKit/Configurations/WebKit.xcconfig >+++ b/Source/WebKit/Configurations/WebKit.xcconfig >@@ -165,8 +165,10 @@ WK_FRAMEWORK_HEADER_POSTPROCESSING_DISABLED[sdk=iphone*12.*] = YES; > WK_RELOCATABLE_FRAMEWORK_LDFLAGS = $(WK_RELOCATABLE_FRAMEWORK_LDFLAGS_$(WK_RELOCATABLE_FRAMEWORKS)); > WK_RELOCATABLE_FRAMEWORK_LDFLAGS_YES = -Wl,-not_for_dyld_shared_cache; > >-WK_HAVE_DEVICE_IDENTITY = $(WK_HAVE_DEVICE_IDENTITY_$(PLATFORM_NAME)); >+WK_HAVE_DEVICE_IDENTITY = $(WK_HAVE_DEVICE_IDENTITY_$(WK_PLATFORM_NAME)); > WK_HAVE_DEVICE_IDENTITY_iphoneos = YES; >+WK_HAVE_DEVICE_IDENTITY_macosx = $(WK_HAVE_DEVICE_IDENTITY$(WK_MACOS_1014)); >+WK_HAVE_DEVICE_IDENTITY_MACOS_SINCE_1014 = YES; > > WK_HAVE_URL_FORMATTING = $(WK_HAVE_URL_FORMATTING_$(WK_PLATFORM_NAME)); > WK_HAVE_URL_FORMATTING_iphoneos = $(WK_HAVE_URL_FORMATTING$(WK_IOS_12)); >diff --git a/Source/WebKit/Platform/spi/Cocoa/DeviceIdentitySPI.h b/Source/WebKit/Platform/spi/Cocoa/DeviceIdentitySPI.h >index 03203e2604322aa7a29d1833edb754b9cc235dca..7477e409721bea367811145cccabfb606d5398b1 100644 >--- a/Source/WebKit/Platform/spi/Cocoa/DeviceIdentitySPI.h >+++ b/Source/WebKit/Platform/spi/Cocoa/DeviceIdentitySPI.h >@@ -27,7 +27,7 @@ > > #if ENABLE(WEB_AUTHN) > >-#if PLATFORM(IOS_FAMILY) && !PLATFORM(IOS_FAMILY_SIMULATOR) >+#if HAVE(DEVICE_IDENTITY) > > #if USE(APPLE_INTERNAL_SDK) > >@@ -54,6 +54,6 @@ void DeviceIdentityIssueClientCertificateWithCompletion(dispatch_queue_t _Nullab > > #endif // USE(APPLE_INTERNAL_SDK) > >-#endif // PLATFORM(IOS_FAMILY) && !PLATFORM(IOS_FAMILY_SIMULATOR) >+#endif // HAVE(DEVICE_IDENTITY) > > #endif // ENABLE(WEB_AUTHN) >diff --git a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm b/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm >index 69ffedbacc794e9268ca86357c9b2847adb7e2a6..022806557a9e55010613c7150919a79055871245 100644 >--- a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm >+++ b/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm >@@ -41,6 +41,7 @@ > #import <wtf/RetainPtr.h> > #import <wtf/RunLoop.h> > #import <wtf/Vector.h> >+#import <wtf/spi/cocoa/SecuritySPI.h> > #import <wtf/text/StringHash.h> > > namespace WebKit { >@@ -54,7 +55,6 @@ const uint8_t getAssertionFlags = 0b00000101; // UP and UV are set. > // Credential ID is currently SHA-1 of the corresponding public key. > const uint16_t credentialIdLength = 20; > >-#if PLATFORM(IOS_FAMILY) > static inline bool emptyTransportsOrContain(const Vector<AuthenticatorTransport>& transports, AuthenticatorTransport target) > { > return transports.isEmpty() ? true : transports.contains(target); >@@ -78,7 +78,6 @@ static inline Vector<uint8_t> toVector(NSData *data) > result.append(reinterpret_cast<const uint8_t*>(data.bytes), data.length); > return result; > } >-#endif // !PLATFORM(IOS_FAMILY) > > } // LocalAuthenticatorInternal > >@@ -89,12 +88,10 @@ LocalAuthenticator::LocalAuthenticator(UniqueRef<LocalConnection>&& connection) > > void LocalAuthenticator::makeCredential() > { >- // FIXME(182772) > using namespace LocalAuthenticatorInternal; > ASSERT(m_state == State::Init); > m_state = State::RequestReceived; > >-#if PLATFORM(IOS_FAMILY) > // The following implements https://www.w3.org/TR/webauthn/#op-make-cred as of 5 December 2017. > // Skip Step 4-5 as requireResidentKey and requireUserVerification are enforced. > // Skip Step 9 as extensions are not supported yet. >@@ -122,6 +119,7 @@ void LocalAuthenticator::makeCredential() > (id)kSecAttrLabel: requestData().creationOptions.rp.id, > (id)kSecReturnAttributes: @YES, > (id)kSecMatchLimit: (id)kSecMatchLimitAll, >+ (id)kSecAttrNoLegacy: @YES > }; > CFTypeRef attributesArrayRef = nullptr; > OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &attributesArrayRef); >@@ -152,18 +150,15 @@ void LocalAuthenticator::makeCredential() > weakThis->continueMakeCredentialAfterUserConsented(consent); > }; > m_connection->getUserConsent( >- "Allow " + requestData().creationOptions.rp.id + " to create a public key credential for " + requestData().creationOptions.user.name, >+ "allow " + requestData().creationOptions.rp.id + " to create a public key credential for " + requestData().creationOptions.user.name, > WTFMove(callback)); >-#endif // !PLATFORM(IOS_FAMILY) > } > > void LocalAuthenticator::continueMakeCredentialAfterUserConsented(LocalConnection::UserConsent consent) > { >- // FIXME(182772) > ASSERT(m_state == State::RequestReceived); > m_state = State::UserConsented; > >-#if PLATFORM(IOS_FAMILY) > if (consent == LocalConnection::UserConsent::No) { > receiveRespond(ExceptionData { NotAllowedError, "Couldn't get user consent."_s }); > return; >@@ -176,6 +171,7 @@ void LocalAuthenticator::continueMakeCredentialAfterUserConsented(LocalConnectio > (id)kSecClass: (id)kSecClassKey, > (id)kSecAttrLabel: requestData().creationOptions.rp.id, > (id)kSecAttrApplicationTag: [NSData dataWithBytes:requestData().creationOptions.user.idVector.data() length:requestData().creationOptions.user.idVector.size()], >+ (id)kSecAttrNoLegacy: @YES > }; > OSStatus status = SecItemDelete((__bridge CFDictionaryRef)deleteQuery); > if (status && status != errSecItemNotFound) { >@@ -192,18 +188,15 @@ void LocalAuthenticator::continueMakeCredentialAfterUserConsented(LocalConnectio > weakThis->continueMakeCredentialAfterAttested(privateKey, certificates, error); > }; > m_connection->getAttestation(requestData().creationOptions.rp.id, requestData().creationOptions.user.name, requestData().hash, WTFMove(callback)); >-#endif // !PLATFORM(IOS_FAMILY) > } > > void LocalAuthenticator::continueMakeCredentialAfterAttested(SecKeyRef privateKey, NSArray *certificates, NSError *error) > { >- // FIXME(182772) > using namespace LocalAuthenticatorInternal; > > ASSERT(m_state == State::UserConsented); > m_state = State::Attested; > >-#if PLATFORM(IOS_FAMILY) > if (error) { > LOG_ERROR("Couldn't attest: %@", error); > receiveRespond(ExceptionData { UnknownError, "Unknown internal error."_s }); >@@ -227,13 +220,14 @@ void LocalAuthenticator::continueMakeCredentialAfterAttested(SecKeyRef privateKe > // FIXME(183533): DeviceIdentity.Framework would insert certificates into Keychain as well. We should update those as well. > Vector<uint8_t> credentialId; > { >- // -rk is added by DeviceIdentity.Framework. >- String label = makeString(requestData().creationOptions.user.name, "@", requestData().creationOptions.rp.id, "-rk"); >+ // -rk-ucrt is added by DeviceIdentity.Framework. >+ String label = makeString(requestData().creationOptions.user.name, "@", requestData().creationOptions.rp.id, "-rk-ucrt"); > NSDictionary *credentialIdQuery = @{ > (id)kSecClass: (id)kSecClassKey, > (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate, > (id)kSecAttrLabel: label, >- (id)kSecReturnAttributes: @YES >+ (id)kSecReturnAttributes: @YES, >+ (id)kSecAttrNoLegacy: @YES > }; > CFTypeRef attributesRef = nullptr; > OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)credentialIdQuery, &attributesRef); >@@ -251,6 +245,7 @@ void LocalAuthenticator::continueMakeCredentialAfterAttested(SecKeyRef privateKe > (id)kSecClass: (id)kSecClassKey, > (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate, > (id)kSecAttrApplicationLabel: nsAttributes[(id)kSecAttrApplicationLabel], >+ (id)kSecAttrNoLegacy: @YES > }; > NSDictionary *updateParams = @{ > (id)kSecAttrLabel: requestData().creationOptions.rp.id, >@@ -327,17 +322,14 @@ void LocalAuthenticator::continueMakeCredentialAfterAttested(SecKeyRef privateKe > auto attestationObject = buildAttestationObject(WTFMove(authData), "Apple", WTFMove(attestationStatementMap)); > > receiveRespond(PublicKeyCredentialData { ArrayBuffer::create(credentialId.data(), credentialId.size()), true, nullptr, ArrayBuffer::create(attestationObject.data(), attestationObject.size()), nullptr, nullptr, nullptr, WTF::nullopt }); >-#endif // !PLATFORM(IOS_FAMILY) > } > > void LocalAuthenticator::getAssertion() > { >- // FIXME(182772) > using namespace LocalAuthenticatorInternal; > ASSERT(m_state == State::Init); > m_state = State::RequestReceived; > >-#if PLATFORM(IOS_FAMILY) > // The following implements https://www.w3.org/TR/webauthn/#op-get-assertion as of 5 December 2017. > // Skip Step 2 as requireUserVerification is enforced. > // Skip Step 8 as extensions are not supported yet. >@@ -355,7 +347,8 @@ void LocalAuthenticator::getAssertion() > (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate, > (id)kSecAttrLabel: requestData().requestOptions.rpId, > (id)kSecReturnAttributes: @YES, >- (id)kSecMatchLimit: (id)kSecMatchLimitAll >+ (id)kSecMatchLimit: (id)kSecMatchLimitAll, >+ (id)kSecAttrNoLegacy: @YES > }; > CFTypeRef attributesArrayRef = nullptr; > OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &attributesArrayRef); >@@ -401,22 +394,19 @@ void LocalAuthenticator::getAssertion() > weakThis->continueGetAssertionAfterUserConsented(consent, context, credentialId, userhandle); > }; > NSData *idData = selectedCredentialAttributes[(id)kSecAttrApplicationTag]; >- StringView idStringView { static_cast<const LChar*>([idData bytes]), static_cast<unsigned>([idData length]) }; >+ StringView idStringView { static_cast<const UChar*>([idData bytes]), static_cast<unsigned>([idData length]) }; > m_connection->getUserConsent( >- makeString("Log into ", requestData().requestOptions.rpId, " with ", idStringView, '.'), >+ makeString("log into ", requestData().requestOptions.rpId, " with ", idStringView), > (__bridge SecAccessControlRef)selectedCredentialAttributes[(id)kSecAttrAccessControl], > WTFMove(callback)); >-#endif // PLATFORM(IOS_FAMILY) > } > > void LocalAuthenticator::continueGetAssertionAfterUserConsented(LocalConnection::UserConsent consent, LAContext *context, const Vector<uint8_t>& credentialId, const Vector<uint8_t>& userhandle) > { >- // FIXME(182772) > using namespace LocalAuthenticatorInternal; > ASSERT(m_state == State::RequestReceived); > m_state = State::UserConsented; > >-#if PLATFORM(IOS_FAMILY) > if (consent == LocalConnection::UserConsent::No) { > receiveRespond(ExceptionData { NotAllowedError, "Couldn't get user consent."_s }); > return; >@@ -437,6 +427,7 @@ void LocalAuthenticator::continueGetAssertionAfterUserConsented(LocalConnection: > (id)kSecAttrApplicationLabel: [NSData dataWithBytes:credentialId.data() length:credentialId.size()], > (id)kSecUseAuthenticationContext: context, > (id)kSecReturnRef: @YES, >+ (id)kSecAttrNoLegacy: @YES > }; > CFTypeRef privateKeyRef = nullptr; > OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &privateKeyRef); >@@ -464,7 +455,6 @@ void LocalAuthenticator::continueGetAssertionAfterUserConsented(LocalConnection: > > // Step 13. > receiveRespond(PublicKeyCredentialData { ArrayBuffer::create(credentialId.data(), credentialId.size()), false, nullptr, nullptr, ArrayBuffer::create(authData.data(), authData.size()), ArrayBuffer::create(signature.data(), signature.size()), ArrayBuffer::create(userhandle.data(), userhandle.size()), WTF::nullopt }); >-#endif // !PLATFORM(IOS_FAMILY) > } > > } // namespace WebKit >diff --git a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm b/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm >index 944705c269cb1356958bf7465dbfc90d30012565..9c9896910309e3e70d5d1f825e1fc26e893f88e9 100644 >--- a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm >+++ b/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm >@@ -39,8 +39,6 @@ namespace WebKit { > > void LocalConnection::getUserConsent(const String& reason, UserConsentCallback&& completionHandler) const > { >- // FIXME(182772) >-#if PLATFORM(IOS_FAMILY) > auto context = adoptNS([allocLAContextInstance() init]); > auto reply = makeBlockPtr([completionHandler = WTFMove(completionHandler)] (BOOL success, NSError *error) mutable { > ASSERT(!RunLoop::isMain()); >@@ -55,13 +53,10 @@ void LocalConnection::getUserConsent(const String& reason, UserConsentCallback&& > }); > }); > [context evaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics localizedReason:reason reply:reply.get()]; >-#endif > } > > void LocalConnection::getUserConsent(const String& reason, SecAccessControlRef accessControl, UserConsentContextCallback&& completionHandler) const > { >- // FIXME(182772) >-#if PLATFORM(IOS_FAMILY) > auto context = adoptNS([allocLAContextInstance() init]); > auto reply = makeBlockPtr([context, completionHandler = WTFMove(completionHandler)] (BOOL success, NSError *error) mutable { > ASSERT(!RunLoop::isMain()); >@@ -76,13 +71,11 @@ void LocalConnection::getUserConsent(const String& reason, SecAccessControlRef a > }); > }); > [context evaluateAccessControl:accessControl operation:LAAccessControlOperationUseKeySign localizedReason:reason reply:reply.get()]; >-#endif > } > > void LocalConnection::getAttestation(const String& rpId, const String& username, const Vector<uint8_t>& hash, AttestationCallback&& completionHandler) const > { >- // DeviceIdentity.Framework is not avaliable in iOS simulator. >-#if PLATFORM(IOS_FAMILY) && !PLATFORM(IOS_FAMILY_SIMULATOR) >+#if HAVE(DEVICE_IDENTITY) > // Apple Attestation > ASSERT(hash.size() <= 32); > >@@ -114,7 +107,7 @@ void LocalConnection::getAttestation(const String& rpId, const String& username, > > // FIXME(183652): Reduce prompt for biometrics > DeviceIdentityIssueClientCertificateWithCompletion(dispatch_get_main_queue(), options, makeBlockPtr(WTFMove(completionHandler)).get()); >-#endif >+#endif // HAVE(DEVICE_IDENTITY) > } > > } // namespace WebKit >diff --git a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalService.mm b/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalService.mm >index f40696cd112b07749a75d77cdc271797d00faa88..3249b0e01767256ff8e3447d6f44f5a80ac17f8f 100644 >--- a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalService.mm >+++ b/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalService.mm >@@ -41,12 +41,10 @@ LocalService::LocalService(Observer& observer) > { > } > >+// FIXME(rdar://problem/51048542) > bool LocalService::isAvailable() > { >-// FIXME(182772) >-#if !PLATFORM(IOS_FAMILY) >- return false; >-#else >+ // FIXME(198176) > if (!WebCore::RuntimeEnabledFeatures::sharedFeatures().webAuthenticationLocalAuthenticatorEnabled()) > return false; > >@@ -57,7 +55,6 @@ bool LocalService::isAvailable() > return false; > } > return true; >-#endif > } > > void LocalService::startDiscoveryInternal() >diff --git a/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.mm b/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.mm >index ca765e582a6bb8646f3e017db76466692eb617a7..86e0790d1680121ee7e1ff7ba69766514adf5b99 100644 >--- a/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.mm >+++ b/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.mm >@@ -92,7 +92,7 @@ void MockLocalConnection::getAttestation(const String& rpId, const String& usern > ASSERT(!errorRef); > > // Mock what DeviceIdentity would do. >- String label = makeString(username, "@", rpId, "-rk"); >+ String label = makeString(username, "@", rpId, "-rk-ucrt"); > NSDictionary* addQuery = @{ > (id)kSecValueRef: (id)key.get(), > (id)kSecClass: (id)kSecClassKey, >diff --git a/Tools/ChangeLog b/Tools/ChangeLog >index ca572b8d5bda289b53d94a5f099d403b26786d04..da6fd3a25003b9bae859ecb71c359ea11fd4050e 100644 >--- a/Tools/ChangeLog >+++ b/Tools/ChangeLog >@@ -1,3 +1,22 @@ >+2019-05-23 Jiewen Tan <jiewen_tan@apple.com> >+ >+ [WebAuthN] Enable LocalAuthenticator for macOS >+ https://bugs.webkit.org/show_bug.cgi?id=182772 >+ <rdar://problem/43347920> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Add an entitlement file to WebKitTestRunner such that it can access >+ the modern macOS keychain. >+ >+ * WebKitTestRunner/Configurations/WebKitTestRunner.entitlements: Added. >+ * WebKitTestRunner/Configurations/WebKitTestRunner.xcconfig: >+ * WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj: >+ * WebKitTestRunner/cocoa/TestControllerCocoa.mm: >+ (WTR::TestController::addTestKeyToKeychain): >+ (WTR::TestController::cleanUpKeychain): >+ (WTR::TestController::keyExistsInKeychain): >+ > 2019-05-22 Zalan Bujtas <zalan@apple.com> > > [Paste] Add support for preferred presentation size when pasting an image >diff --git a/Tools/WebKitTestRunner/Configurations/WebKitTestRunner.entitlements b/Tools/WebKitTestRunner/Configurations/WebKitTestRunner.entitlements >new file mode 100644 >index 0000000000000000000000000000000000000000..1fb4827795659794e860bfec1b264074a11c2492 >--- /dev/null >+++ b/Tools/WebKitTestRunner/Configurations/WebKitTestRunner.entitlements >@@ -0,0 +1,10 @@ >+<?xml version="1.0" encoding="UTF-8"?> >+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> >+<plist version="1.0"> >+ <dict> >+ <key>keychain-access-groups</key> >+ <array> >+ <string>com.apple.WebKitTestRunner</string> >+ </array> >+ </dict> >+</plist> >diff --git a/Tools/WebKitTestRunner/Configurations/WebKitTestRunner.xcconfig b/Tools/WebKitTestRunner/Configurations/WebKitTestRunner.xcconfig >index dfcdfd9de38fdf936db52155be09c2c10d3f942c..33ede09ff4c52601be87f1f6758129ad1eabeb07 100644 >--- a/Tools/WebKitTestRunner/Configurations/WebKitTestRunner.xcconfig >+++ b/Tools/WebKitTestRunner/Configurations/WebKitTestRunner.xcconfig >@@ -33,3 +33,5 @@ OTHER_LDFLAGS[sdk=macosx*] = $(inherited) -lWebKitTestRunner -framework Carbon - > SKIP_INSTALL[sdk=iphone*] = YES; > EXCLUDED_SOURCE_FILE_NAMES[sdk=iphone*] = mac/*; > INCLUDED_SOURCE_FILE_NAMES[sdk=iphone*] = mac/main.mm; >+ >+CODE_SIGN_ENTITLEMENTS[sdk=macosx*] = Configurations/WebKitTestRunner.entitlements; >diff --git a/Tools/WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj b/Tools/WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj >index 4b47e89a9ceb53a259952f16cbae11db0525d1bb..eec904d24c8138b90cc2ecf66ebafa4e49f75f48 100644 >--- a/Tools/WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj >+++ b/Tools/WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj >@@ -102,7 +102,7 @@ > 5641E2D014335E95008307E5 /* JSTextInputController.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5641E2CE14335E95008307E5 /* JSTextInputController.cpp */; }; > 5664A49A14326384008881BE /* TextInputController.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5664A49814326384008881BE /* TextInputController.cpp */; }; > 5670B8281386FCA5002EB355 /* EventSenderProxy.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5670B8271386FCA5002EB355 /* EventSenderProxy.mm */; }; >- 570E75A82152DB4F00324B6E /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 570E75A42152DA2C00324B6E /* Security.framework */; }; >+ 5714B60D21B0BF2300CDCCAA /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 570E75A42152DA2C00324B6E /* Security.framework */; }; > 6510A78211EC643800410867 /* AHEM____.TTF in Resources */ = {isa = PBXBuildFile; fileRef = 6510A77711EC643800410867 /* AHEM____.TTF */; }; > 6510A78411EC643800410867 /* WebKitWeightWatcher100.ttf in Resources */ = {isa = PBXBuildFile; fileRef = 6510A77911EC643800410867 /* WebKitWeightWatcher100.ttf */; }; > 6510A78511EC643800410867 /* WebKitWeightWatcher200.ttf in Resources */ = {isa = PBXBuildFile; fileRef = 6510A77A11EC643800410867 /* WebKitWeightWatcher200.ttf */; }; >@@ -316,6 +316,7 @@ > 5670B8261386FC13002EB355 /* EventSenderProxy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = EventSenderProxy.h; sourceTree = "<group>"; }; > 5670B8271386FCA5002EB355 /* EventSenderProxy.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = EventSenderProxy.mm; sourceTree = "<group>"; }; > 570E75A42152DA2C00324B6E /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = System/Library/Frameworks/Security.framework; sourceTree = SDKROOT; }; >+ 5714B60E21B0C96400CDCCAA /* WebKitTestRunner.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = WebKitTestRunner.entitlements; sourceTree = "<group>"; }; > 583913D014335E95008307E5 /* JSAccessibilityController.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSAccessibilityController.cpp; sourceTree = "<group>"; }; > 583913D114335E95008307E5 /* JSAccessibilityController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSAccessibilityController.h; sourceTree = "<group>"; }; > 6510A77711EC643800410867 /* AHEM____.TTF */ = {isa = PBXFileReference; lastKnownFileType = file; name = "AHEM____.TTF"; path = "fonts/AHEM____.TTF"; sourceTree = "<group>"; }; >@@ -410,7 +411,6 @@ > isa = PBXFrameworksBuildPhase; > buildActionMask = 2147483647; > files = ( >- 570E75A82152DB4F00324B6E /* Security.framework in Frameworks */, > ); > runOnlyForDeploymentPostprocessing = 0; > }; >@@ -419,6 +419,7 @@ > buildActionMask = 2147483647; > files = ( > 51058AD51D678820009A538C /* libWebCoreTestSupport.dylib in Frameworks */, >+ 5714B60D21B0BF2300CDCCAA /* Security.framework in Frameworks */, > 51058AD61D678825009A538C /* WebKit.framework in Frameworks */, > ); > runOnlyForDeploymentPostprocessing = 0; >@@ -795,6 +796,7 @@ > BC793427118F7DAF005EA8E2 /* DebugRelease.xcconfig */, > BC25197111D15E61002EBC01 /* InjectedBundle.xcconfig */, > A1B89B94221E026B00EB4CEA /* SDKVariant.xcconfig */, >+ 5714B60E21B0C96400CDCCAA /* WebKitTestRunner.entitlements */, > A18510381B9ADF2200744AEB /* WebKitTestRunner.xcconfig */, > 9B0D132E2036D346008FC8FB /* WebKitTestRunnerApp-iOS.entitlements */, > 311183AA212B1AC70077BCE0 /* WebKitTestRunnerApp-watchOS.entitlements */, >@@ -1249,6 +1251,8 @@ > isa = XCBuildConfiguration; > baseConfigurationReference = A18510381B9ADF2200744AEB /* WebKitTestRunner.xcconfig */; > buildSettings = { >+ CODE_SIGN_IDENTITY = "Safari Engineering"; >+ CODE_SIGN_STYLE = Manual; > }; > name = Debug; > }; >@@ -1256,6 +1260,8 @@ > isa = XCBuildConfiguration; > baseConfigurationReference = A18510381B9ADF2200744AEB /* WebKitTestRunner.xcconfig */; > buildSettings = { >+ CODE_SIGN_IDENTITY = "Safari Engineering"; >+ CODE_SIGN_STYLE = Manual; > }; > name = Release; > }; >@@ -1404,6 +1410,8 @@ > isa = XCBuildConfiguration; > baseConfigurationReference = A18510381B9ADF2200744AEB /* WebKitTestRunner.xcconfig */; > buildSettings = { >+ CODE_SIGN_IDENTITY = "Safari Engineering"; >+ CODE_SIGN_STYLE = Manual; > }; > name = Production; > }; >diff --git a/Tools/WebKitTestRunner/cocoa/TestControllerCocoa.mm b/Tools/WebKitTestRunner/cocoa/TestControllerCocoa.mm >index 4087735ba25bb853a2e6cff000f2e031abbcfa12..43ff40b30d29a271a0831083681758579d473e52 100644 >--- a/Tools/WebKitTestRunner/cocoa/TestControllerCocoa.mm >+++ b/Tools/WebKitTestRunner/cocoa/TestControllerCocoa.mm >@@ -51,6 +51,7 @@ > #import <WebKit/_WKUserContentExtensionStore.h> > #import <WebKit/_WKUserContentExtensionStorePrivate.h> > #import <wtf/MainThread.h> >+#import <wtf/spi/cocoa/SecuritySPI.h> > > namespace WTR { > >@@ -330,8 +331,6 @@ void TestController::injectUserScript(WKStringRef script) > > void TestController::addTestKeyToKeychain(const String& privateKeyBase64, const String& attrLabel, const String& applicationTagBase64) > { >- // FIXME(182772) >-#if PLATFORM(IOS_FAMILY) > NSDictionary* options = @{ > (id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, > (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate, >@@ -349,40 +348,36 @@ void TestController::addTestKeyToKeychain(const String& privateKeyBase64, const > (id)kSecValueRef: (id)key.get(), > (id)kSecClass: (id)kSecClassKey, > (id)kSecAttrLabel: attrLabel, >- (id)kSecAttrApplicationTag: adoptNS([[NSData alloc] initWithBase64EncodedString:applicationTagBase64 options:NSDataBase64DecodingIgnoreUnknownCharacters]).get() >+ (id)kSecAttrApplicationTag: adoptNS([[NSData alloc] initWithBase64EncodedString:applicationTagBase64 options:NSDataBase64DecodingIgnoreUnknownCharacters]).get(), >+ (id)kSecAttrNoLegacy: @YES > }; > OSStatus status = SecItemAdd((__bridge CFDictionaryRef)addQuery, NULL); > ASSERT_UNUSED(status, !status); >-#endif > } > > void TestController::cleanUpKeychain(const String& attrLabel) > { >- // FIXME(182772) >-#if PLATFORM(IOS_FAMILY) > NSDictionary* deleteQuery = @{ > (id)kSecClass: (id)kSecClassKey, >- (id)kSecAttrLabel: attrLabel >+ (id)kSecAttrLabel: attrLabel, >+ (id)kSecAttrNoLegacy: @YES > }; > SecItemDelete((__bridge CFDictionaryRef)deleteQuery); >-#endif > } > > bool TestController::keyExistsInKeychain(const String& attrLabel, const String& applicationTagBase64) > { >- // FIXME(182772) >-#if PLATFORM(IOS_FAMILY) > NSDictionary *query = @{ > (id)kSecClass: (id)kSecClassKey, > (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate, > (id)kSecAttrLabel: attrLabel, > (id)kSecAttrApplicationTag: adoptNS([[NSData alloc] initWithBase64EncodedString:applicationTagBase64 options:NSDataBase64DecodingIgnoreUnknownCharacters]).get(), >+ (id)kSecAttrNoLegacy: @YES > }; > OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, NULL); > if (!status) > return true; > ASSERT(status == errSecItemNotFound); >-#endif > return false; > } > >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 9ee96b620c604849cc33fafbea95d38f83f47745..c6526d1d8748fd1530c1c30f65a5db4977a3d7d3 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,15 @@ >+2019-05-23 Jiewen Tan <jiewen_tan@apple.com> >+ >+ [WebAuthN] Enable LocalAuthenticator for macOS >+ https://bugs.webkit.org/show_bug.cgi?id=182772 >+ <rdar://problem/43347920> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Enable existing local authenticator tests for macOS. >+ >+ * platform/mac-wk2/TestExpectations: >+ > 2019-05-22 Jer Noble <jer.noble@apple.com> > > Hide MediaCapabilities.encodingInfo() when the platform does not support it. >diff --git a/LayoutTests/platform/mac-wk2/TestExpectations b/LayoutTests/platform/mac-wk2/TestExpectations >index 8c815000156cea8da2cab6b3bd5ee0c33cafba77..a8836d4ff7df7cdec44f40590cf05ec4267edd83 100644 >--- a/LayoutTests/platform/mac-wk2/TestExpectations >+++ b/LayoutTests/platform/mac-wk2/TestExpectations >@@ -901,15 +901,6 @@ imported/w3c/web-platform-tests/payment-request/user-accepts-payment-request-alg > > webkit.org/b/189598 compositing/backing/backing-store-attachment-fill-forwards-animation.html [ Pass Failure ] > >-# Skip local authenticator tests for mac now. >-http/wpt/webauthn/public-key-credential-create-failure-local.https.html [ Skip ] >-http/wpt/webauthn/public-key-credential-create-success-local.https.html [ Skip ] >-http/wpt/webauthn/public-key-credential-get-failure-local.https.html [ Skip ] >-http/wpt/webauthn/public-key-credential-get-success-local.https.html [ Skip ] >-# The following tests require PublicKeyCredential objects. We can only produce them via local authenticators now. >-http/wpt/credential-management/credentialscontainer-store-basics.https.html [ Skip ] >-http/wpt/webauthn/idl.https.html [ Skip ] >- > webkit.org/b/183878 media/modern-media-controls/tracks-panel/tracks-panel-up-click-over-media-does-not-dimiss-media-controls-when-media-is-playing.html [ Pass Timeout ] > > webkit.org/b/191658 [ Sierra Release ] fast/layers/no-clipping-overflow-hidden-added-after-transform.html [ Pass ImageOnlyFailure ]
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=370522">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 182772
:
370494
|
370522
|
370531
|
375459
|
375641