Bug 238293

Summary: [WebAuthn] Maintain last modification time separate from last used time for platform credentials
Product: WebKit Reporter: pascoe <pascoe>
Component: WebKit Misc.Assignee: pascoe <pascoe>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, pascoe, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description pascoe@apple.com 2022-03-23 15:02:51 PDT 
This splits _WKLocalAuthenticatorCredentialLastModificationDateKey (that signifies the last time it was modified or used) into _WKLocalAuthenticatorCredentialLastModificationDateKey (signifying the last modification) and _WKLocalAuthenticatorCredentialLastUsedDateKey (the last time a key was used).
Comment 1 pascoe@apple.com 2022-03-23 15:03:23 PDT 
rdar://90655676
Comment 2 pascoe@apple.com 2022-03-23 15:10:51 PDT 
Created attachment 455567 [details]
Patch
Comment 3 Brent Fulgham 2022-03-25 11:15:23 PDT 
Comment on attachment 455567 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=455567&action=review

r=me

> Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:285
> +            attributes[bridge_cast(kSecAttrModificationDate)], _WKLocalAuthenticatorCredentialLastUsedDateKey,

It's kind of strange that we are using kSecAttrModifiedationDate to hold the _WKLocalAuthenticatorCredentialLastUsedDateKey. I guess this is a limitation of the Security framework API we are using?
Comment 4 pascoe@apple.com 2022-03-25 11:22:53 PDT 
(In reply to Brent Fulgham from comment #3)
> Comment on attachment 455567 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=455567&action=review
> 
> r=me
> 
> > Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:285
> > +            attributes[bridge_cast(kSecAttrModificationDate)], _WKLocalAuthenticatorCredentialLastUsedDateKey,
> 
> It's kind of strange that we are using kSecAttrModificationDate to hold the
> _WKLocalAuthenticatorCredentialLastUsedDateKey. I guess this is a limitation
> of the Security framework API we are using?

Currently we "modify" the rpId in the label to the same value every time we do an assertion to later sort options by most recently used.

We could create a new field in the applicationTag to store the last assertion, but it would still the same as kSecAttrModificationDate. Another idea I had was to store the last used time outside of the keychain, however it's nice to have all the state within one keychain item.
Comment 5 EWS 2022-03-25 13:17:40 PDT 
Committed r291882 (248881@main): <https://commits.webkit.org/248881@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 455567 [details].