[webkit-changes] [WebKit/WebKit] 3ec7aa: [WebAuthn] Reland handle security keys with a full...

Commit Queue noreply at github.com
Mon Jan 8 14:58:36 PST 2024


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 3ec7aa1207135d48b4e5fcf3881f847401e5ff30
      https://github.com/WebKit/WebKit/commit/3ec7aa1207135d48b4e5fcf3881f847401e5ff30
  Author: Pascoe <pascoe at apple.com>
  Date:   2024-01-08 (Mon, 08 Jan 2024)

  Changed paths:
    M LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt
    M LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https.html
    M LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https-expected.txt
    M LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html
    M LayoutTests/http/wpt/webauthn/public-key-credential-create-success-nfc.https-expected.txt
    M LayoutTests/http/wpt/webauthn/public-key-credential-create-success-nfc.https.html
    M LayoutTests/http/wpt/webauthn/resources/util.js
    M Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp
    M Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.h
    M Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp
    M Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.mm
    M Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationFlags.h
    M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp
    M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h

  Log Message:
  -----------
  [WebAuthn] Reland handle security keys with a full key store
rdar://120402606
https://bugs.webkit.org/show_bug.cgi?id=267101

Reviewed by Brent Fulgham.

Whenever security keys are unable to create a credential due to their internal key storage being full
they return the kCtap2ErrKeyStoreFull error code. In this case we should either retry the registeration
without a discoverable credential if the preference was set to preferred, otherwise surface an error to the
user notifying them they need to use a different key or clear space on the current key.

This patch fixes this by handling the kCtap2ErrKeyStoreFull error case. For security keys supporting the CTAP 2.1
standard, this patch also adds support for reading the "remainingDiscoverableCredentials" value from getInfo to detect
if the key store is full without having to first attempt a create.

Added layout tests for new functionality.

* LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt:
* LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https.html:
* LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https-expected.txt:
* LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html:
* LayoutTests/http/wpt/webauthn/public-key-credential-create-success-nfc.https-expected.txt:
* LayoutTests/http/wpt/webauthn/public-key-credential-create-success-nfc.https.html:
* LayoutTests/http/wpt/webauthn/resources/util.js:
* Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp:
(fido::AuthenticatorGetInfoResponse::setRemainingDiscoverableCredentials):
(fido::encodeAsCBOR):
* Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.h:
* Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp:
(fido::readCTAPGetInfoResponse):
* Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:
* Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.mm:
(WebKit::wkWebAuthenticationPanelUpdate):
* Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationFlags.h:
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
(WebKit::CtapAuthenticator::makeCredential):
(WebKit::CtapAuthenticator::continueMakeCredentialAfterResponseReceived):
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h:

Canonical link: https://commits.webkit.org/272790@main




More information about the webkit-changes mailing list