[WebAuthn] Remove whitelistedRpId
authorjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 1 Jul 2020 01:52:18 +0000 (01:52 +0000)
committerjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 1 Jul 2020 01:52:18 +0000 (01:52 +0000)
https://bugs.webkit.org/show_bug.cgi?id=213817
<rdar://problem/60108131>

Reviewed by Geoffrey Garen.

Remove the whitelist such that we can test the attestation service in a wider range.

* UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:
(WebKit::LocalAuthenticator::continueMakeCredentialAfterUserVerification):
(WebKit::LocalAuthenticatorInternal::whitelistedRpId): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@263782 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm

index c64c81c..d735739 100644 (file)
@@ -1,3 +1,17 @@
+2020-06-30  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebAuthn] Remove whitelistedRpId
+        https://bugs.webkit.org/show_bug.cgi?id=213817
+        <rdar://problem/60108131>
+
+        Reviewed by Geoffrey Garen.
+
+        Remove the whitelist such that we can test the attestation service in a wider range.
+
+        * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:
+        (WebKit::LocalAuthenticator::continueMakeCredentialAfterUserVerification):
+        (WebKit::LocalAuthenticatorInternal::whitelistedRpId): Deleted.
+
 2020-06-30  Brady Eidson  <beidson@apple.com>
 
         Fix Swift overlay build after r263727.
index ce419e9..76e8613 100644 (file)
@@ -106,17 +106,6 @@ static inline Ref<ArrayBuffer> toArrayBuffer(const Vector<uint8_t>& data)
     return ArrayBuffer::create(data.data(), data.size());
 }
 
-// FIXME(<rdar://problem/60108131>): Remove this whitelist once testing is complete.
-static const HashSet<String>& whitelistedRpId()
-{
-    static NeverDestroyed<HashSet<String>> whitelistedRpId = std::initializer_list<String> {
-        "",
-        "localhost",
-        "tlstestwebkit.org",
-    };
-    return whitelistedRpId;
-}
-
 static Optional<Vector<Ref<AuthenticatorAssertionResponse>>> getExistingCredentials(const String& rpId)
 {
     // Search Keychain for existing credential matched the RP ID.
@@ -373,8 +362,8 @@ void LocalAuthenticator::continueMakeCredentialAfterUserVerification(SecAccessCo
     // Step 12.
     auto authData = buildAuthData(creationOptions.rp.id, makeCredentialFlags, counter, attestedCredentialData);
 
-    // Skip Apple Attestation for none attestation, and non whitelisted RP ID for now.
-    if (creationOptions.attestation == AttestationConveyancePreference::None || !whitelistedRpId().contains(creationOptions.rp.id)) {
+    // Skip Apple Attestation for none attestation.
+    if (creationOptions.attestation == AttestationConveyancePreference::None) {
         deleteDuplicateCredential();
 
         auto attestationObject = buildAttestationObject(WTFMove(authData), "", { }, AttestationConveyancePreference::None);