Diff
Modified: trunk/LayoutTests/ChangeLog (254893 => 254894)
--- trunk/LayoutTests/ChangeLog 2020-01-22 00:26:24 UTC (rev 254893)
+++ trunk/LayoutTests/ChangeLog 2020-01-22 01:25:57 UTC (rev 254894)
@@ -1,3 +1,12 @@
+2020-01-21 Jiewen Tan <[email protected]>
+
+ [WebAuthn] Incorporate more detailed UnknownError messages for LocalAuthenticator
+ https://bugs.webkit.org/show_bug.cgi?id=191530
+
+ Reviewed by Brent Fulgham.
+
+ * http/wpt/webauthn/public-key-credential-create-failure-local.https.html:
+
2020-01-21 Commit Queue <[email protected]>
Unreviewed, rolling out r254807 and r254849.
Modified: trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local.https.html (254893 => 254894)
--- trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local.https.html 2020-01-22 00:26:24 UTC (rev 254893)
+++ trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-local.https.html 2020-01-22 01:25:57 UTC (rev 254894)
@@ -118,7 +118,7 @@
};
if (window.internals)
internals.setMockWebAuthenticationConfiguration({ local: { acceptAuthentication: true, acceptAttestation: false } });
- return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Unknown internal error.");
+ return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Couldn't attest: The operation couldn't complete.");
}, "PublicKeyCredential's [[create]] without attestation in a mock local authenticator.");
promise_test(t => {
@@ -140,7 +140,7 @@
internals.setMockWebAuthenticationConfiguration({ local: { acceptAuthentication: true, acceptAttestation: false } });
testRunner.addTestKeyToKeychain(privateKeyBase64, testRpId, userhandleBase64);
}
- return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Unknown internal error.").then(() => {
+ return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Couldn't attest: The operation couldn't complete.").then(() => {
if (window.testRunner)
assert_false(testRunner.keyExistsInKeychain(testRpId, userhandleBase64));
});
Modified: trunk/Source/WebKit/ChangeLog (254893 => 254894)
--- trunk/Source/WebKit/ChangeLog 2020-01-22 00:26:24 UTC (rev 254893)
+++ trunk/Source/WebKit/ChangeLog 2020-01-22 01:25:57 UTC (rev 254894)
@@ -1,3 +1,23 @@
+2020-01-21 Jiewen Tan <[email protected]>
+
+ [WebAuthn] Incorporate more detailed UnknownError messages for LocalAuthenticator
+ https://bugs.webkit.org/show_bug.cgi?id=191530
+
+ Reviewed by Brent Fulgham.
+
+ This patch replaces UnknownError messages within LocalAuthenticator with the LOG_ERROR
+ messages. At the meantime, it enhances MockLocalConnection::getAttestation to return
+ errors instead of assertions.
+
+ * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:
+ (WebKit::LocalAuthenticator::makeCredential):
+ (WebKit::LocalAuthenticator::continueMakeCredentialAfterUserConsented):
+ (WebKit::LocalAuthenticator::continueMakeCredentialAfterAttested):
+ (WebKit::LocalAuthenticator::getAssertion):
+ (WebKit::LocalAuthenticator::continueGetAssertionAfterUserConsented):
+ * UIProcess/WebAuthentication/Mock/MockLocalConnection.mm:
+ (WebKit::MockLocalConnection::getAttestation const):
+
2020-01-21 Chris Dumez <[email protected]>
[IPC Hardening] Only process Messages::NetworkProcess messages when sent by the UIProcess
Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm (254893 => 254894)
--- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2020-01-22 00:26:24 UTC (rev 254893)
+++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2020-01-22 01:25:57 UTC (rev 254894)
@@ -131,7 +131,7 @@
OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &attributesArrayRef);
if (status && status != errSecItemNotFound) {
LOG_ERROR("Couldn't query Keychain: %d", status);
- receiveRespond(ExceptionData { UnknownError, "Unknown internal error."_s });
+ receiveRespond(ExceptionData { UnknownError, makeString("Couldn't query Keychain: ", status) });
return;
}
auto retainAttributesArray = adoptCF(attributesArrayRef);
@@ -186,8 +186,8 @@
};
OSStatus status = SecItemDelete((__bridge CFDictionaryRef)deleteQuery);
if (status && status != errSecItemNotFound) {
- LOG_ERROR("Couldn't detele older credential: %d", status);
- receiveRespond(ExceptionData { UnknownError, "Unknown internal error."_s });
+ LOG_ERROR("Couldn't delete older credential: %d", status);
+ receiveRespond(ExceptionData { UnknownError, makeString("Couldn't delete older credential: ", status) });
return;
}
@@ -211,7 +211,7 @@
if (error) {
LOG_ERROR("Couldn't attest: %@", error);
- receiveRespond(ExceptionData { UnknownError, "Unknown internal error."_s });
+ receiveRespond(ExceptionData { UnknownError, makeString("Couldn't attest: ", String(error.localizedDescription)) });
return;
}
// Attestation Certificate and Attestation Issuing CA
@@ -249,7 +249,7 @@
OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)credentialIdQuery, &attributesRef);
if (status) {
LOG_ERROR("Couldn't get Credential ID: %d", status);
- receiveRespond(ExceptionData { UnknownError, "Unknown internal error."_s });
+ receiveRespond(ExceptionData { UnknownError, makeString("Couldn't get Credential ID: ", status) });
return;
}
auto retainAttributes = adoptCF(attributesRef);
@@ -274,7 +274,7 @@
status = SecItemUpdate((__bridge CFDictionaryRef)updateQuery, (__bridge CFDictionaryRef)updateParams);
if (status) {
LOG_ERROR("Couldn't update the Keychain item: %d", status);
- receiveRespond(ExceptionData { UnknownError, "Unknown internal error."_s });
+ receiveRespond(ExceptionData { UnknownError, makeString("Couldn't update the Keychain item: ", status) });
return;
}
}
@@ -295,7 +295,7 @@
auto retainError = adoptCF(errorRef);
if (errorRef) {
LOG_ERROR("Couldn't export the public key: %@", (NSError*)errorRef);
- receiveRespond(ExceptionData { UnknownError, "Unknown internal error."_s });
+ receiveRespond(ExceptionData { UnknownError, makeString("Couldn't export the public key: ", String(((NSError*)errorRef).localizedDescription)) });
return;
}
ASSERT(((NSData *)publicKeyDataRef.get()).length == (1 + 2 * ES256FieldElementLength)); // 04 | X | Y
@@ -327,7 +327,7 @@
auto retainError = adoptCF(errorRef);
if (errorRef) {
LOG_ERROR("Couldn't generate the signature: %@", (NSError*)errorRef);
- receiveRespond(ExceptionData { UnknownError, "Unknown internal error."_s });
+ receiveRespond(ExceptionData { UnknownError, makeString("Couldn't generate the signature: ", String(((NSError*)errorRef).localizedDescription)) });
return;
}
signature = toVector((NSData *)signatureRef.get());
@@ -379,7 +379,7 @@
OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &attributesArrayRef);
if (status && status != errSecItemNotFound) {
LOG_ERROR("Couldn't query Keychain: %d", status);
- receiveRespond(ExceptionData { UnknownError, "Unknown internal error."_s });
+ receiveRespond(ExceptionData { UnknownError, makeString("Couldn't query Keychain: ", status) });
return;
}
auto retainAttributesArray = adoptCF(attributesArrayRef);
@@ -461,7 +461,7 @@
OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &privateKeyRef);
if (status) {
LOG_ERROR("Couldn't get the private key reference: %d", status);
- receiveRespond(ExceptionData { UnknownError, "Unknown internal error."_s });
+ receiveRespond(ExceptionData { UnknownError, makeString("Couldn't get the private key reference: ", status) });
return;
}
auto privateKey = adoptCF(privateKeyRef);
@@ -475,7 +475,7 @@
auto retainError = adoptCF(errorRef);
if (errorRef) {
LOG_ERROR("Couldn't generate the signature: %@", (NSError*)errorRef);
- receiveRespond(ExceptionData { UnknownError, "Unknown internal error."_s });
+ receiveRespond(ExceptionData { UnknownError, makeString("Couldn't generate the signature: ", String(((NSError*)errorRef).localizedDescription)) });
return;
}
signature = toVector((NSData *)signatureRef.get());
Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.mm (254893 => 254894)
--- trunk/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.mm 2020-01-22 00:26:24 UTC (rev 254893)
+++ trunk/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.mm 2020-01-22 01:25:57 UTC (rev 254894)
@@ -73,7 +73,7 @@
RunLoop::main().dispatch([configuration = m_configuration, rpId, username, hash, callback = WTFMove(callback)]() mutable {
ASSERT(configuration.local);
if (!configuration.local->acceptAttestation) {
- callback(NULL, NULL, [NSError errorWithDomain:NSOSStatusErrorDomain code:-1 userInfo:nil]);
+ callback(NULL, NULL, [NSError errorWithDomain:@"WebAuthentication" code:-1 userInfo:@{ NSLocalizedDescriptionKey: @"The operation couldn't complete." }]);
return;
}
@@ -89,7 +89,10 @@
(__bridge CFDictionaryRef)options,
&errorRef
));
- ASSERT(!errorRef);
+ if (errorRef) {
+ callback(NULL, NULL, (NSError *)errorRef);
+ return;
+ }
// Mock what DeviceIdentity would do.
String label = makeString(username, "@", rpId, "-rk-ucrt");
@@ -99,7 +102,10 @@
(id)kSecAttrLabel: (id)label,
};
OSStatus status = SecItemAdd((__bridge CFDictionaryRef)addQuery, NULL);
- ASSERT_UNUSED(status, !status);
+ if (status) {
+ callback(NULL, NULL, [NSError errorWithDomain:@"WebAuthentication" code:status userInfo:@{ NSLocalizedDescriptionKey: @"Couldn't add the key to the keychain." }]);
+ return;
+ }
auto attestationCertificate = adoptCF(SecCertificateCreateWithData(NULL, (__bridge CFDataRef)adoptNS([[NSData alloc] initWithBase64EncodedString:configuration.local->userCertificateBase64 options:NSDataBase64DecodingIgnoreUnknownCharacters]).get()));
auto attestationIssuingCACertificate = adoptCF(SecCertificateCreateWithData(NULL, (__bridge CFDataRef)adoptNS([[NSData alloc] initWithBase64EncodedString:configuration.local->intermediateCACertificateBase64 options:NSDataBase64DecodingIgnoreUnknownCharacters]).get()));
