[webkit-changes] [WebKit/WebKit] 4ad382: [WebAuthn] Handle security keys with a full key store
J Pascoe
noreply at github.com
Fri Dec 16 07:44:35 PST 2022
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 4ad382e777def610a6a4c6b079722b85bb042176
https://github.com/WebKit/WebKit/commit/4ad382e777def610a6a4c6b079722b85bb042176
Author: J Pascoe <j_pascoe at apple.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt
M LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https.html
M LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https-expected.txt
M LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html
M LayoutTests/http/wpt/webauthn/public-key-credential-create-success-nfc.https-expected.txt
M LayoutTests/http/wpt/webauthn/public-key-credential-create-success-nfc.https.html
M LayoutTests/http/wpt/webauthn/resources/util.js
M Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp
M Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.h
M Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp
M Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h
M Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.mm
M Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationFlags.h
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h
Log Message:
-----------
[WebAuthn] Handle security keys with a full key store
https://bugs.webkit.org/show_bug.cgi?id=247339
rdar://100241655
Reviewed by Brent Fulgham.
* LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt:
* LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https.html:
* LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html:
* LayoutTests/http/wpt/webauthn/public-key-credential-create-success-local.https-expected.txt:
* LayoutTests/http/wpt/webauthn/public-key-credential-create-success-nfc.https-expected.txt:
* LayoutTests/http/wpt/webauthn/public-key-credential-create-success-nfc.https.html:
* LayoutTests/http/wpt/webauthn/resources/util.js:
* Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp:
(fido::encodeAsCBOR):
* Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.h:
* Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp:
(fido::readCTAPGetInfoResponse):
* Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:
* Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.mm:
(WebKit::AuthenticatorPresenterCoordinator::updatePresenter):
* Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.mm:
(WebKit::wkWebAuthenticationPanelUpdate):
* Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationFlags.h:
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
(WebKit::CtapAuthenticator::makeCredential):
(WebKit::CtapAuthenticator::continueMakeCredentialAfterResponseReceived):
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h:
Whenever security keys are unable to create a credential due to their internal key storage being full
they return the kCtap2ErrKeyStoreFull error code. In this case we should either retry the registeration
without a discoverable credential if the preference was set to preferred, otherwise surface an error to the
user notifying them they need to use a different key or clear space on the current key.
This patch fixes this by handling the kCtap2ErrKeyStoreFull error case. For security keys supporting the CTAP 2.1
standard, this patch also adds support for reading the "remainingDiscoverableCredentials" value from getInfo to detect
if the key store is full without having to first attempt a create.
Added layout tests for new functionality.
Canonical link: https://commits.webkit.org/257989@main
More information about the webkit-changes
mailing list