[webkit-changes] [175374] trunk/Source/WebKit2

[mitz]

Title: [175374] trunk/Source/WebKit2

Revision

175374

Author

m...@apple.com

Date

2014-10-30 11:48:43 -0700 (Thu, 30 Oct 2014)

Log Message

When a client certificate is rejected, Safari says the website didn’t accept the certificate “unknown” instead of naming the certificate
https://bugs.webkit.org/show_bug.cgi?id=138216

Reviewed by Alexey Proskuryakov.

* Shared/cf/ArgumentCodersCF.cpp:
(IPC::typeFromCFTypeRef): Remove no-longer-necessary platform guards around SecIdentityRef.
(IPC::encode): Ditto.
(IPC::decode): Ditto.
* Shared/mac/WebCoreArgumentCodersMac.mm:
(IPC::ArgumentCoder<ResourceError>::encodePlatformData): If NSErrorClientCertificateChainKey
is present in the error’s userInfo dictionary, assert that it’s an array of identities and
certificates, and include it in the filtered dictionary.

Modified Paths

• trunk/Source/WebKit2/ChangeLog
• trunk/Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp
• trunk/Source/WebKit2/Shared/mac/WebCoreArgumentCodersMac.mm

Diff

Modified: trunk/Source/WebKit2/ChangeLog (175373 => 175374)

--- trunk/Source/WebKit2/ChangeLog	2014-10-30 17:39:52 UTC (rev 175373)
+++ trunk/Source/WebKit2/ChangeLog	2014-10-30 18:48:43 UTC (rev 175374)
@@ -1,3 +1,19 @@
+2014-10-30  Dan Bernstein  <m...@apple.com>
+
+        When a client certificate is rejected, Safari says the website didn’t accept the certificate “unknown” instead of naming the certificate
+        https://bugs.webkit.org/show_bug.cgi?id=138216
+
+        Reviewed by Alexey Proskuryakov.
+
+        * Shared/cf/ArgumentCodersCF.cpp:
+        (IPC::typeFromCFTypeRef): Remove no-longer-necessary platform guards around SecIdentityRef.
+        (IPC::encode): Ditto.
+        (IPC::decode): Ditto.
+        * Shared/mac/WebCoreArgumentCodersMac.mm:
+        (IPC::ArgumentCoder<ResourceError>::encodePlatformData): If NSErrorClientCertificateChainKey
+        is present in the error’s userInfo dictionary, assert that it’s an array of identities and
+        certificates, and include it in the filtered dictionary.
+
 2014-10-29  Hunseop Jeong  <hs85.je...@samsung.com>
 
         [CoordinatedGraphics] Use modern for-loops

Modified: trunk/Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp (175373 => 175374)

--- trunk/Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp	2014-10-30 17:39:52 UTC (rev 175373)
+++ trunk/Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp	2014-10-30 18:48:43 UTC (rev 175374)
@@ -80,9 +80,7 @@
     CFString,
     CFURL,
     SecCertificate,
-#if PLATFORM(IOS)
     SecIdentity,
-#endif
 #if HAVE(SEC_KEYCHAIN)
     SecKeychainItem,
 #endif
@@ -121,10 +119,8 @@
         return CFURL;
     if (typeID == SecCertificateGetTypeID())
         return SecCertificate;
-#if PLATFORM(IOS)
     if (typeID == SecIdentityGetTypeID())
         return SecIdentity;
-#endif
 #if HAVE(SEC_KEYCHAIN)
     if (typeID == SecKeychainItemGetTypeID())
         return SecKeychainItem;
@@ -173,11 +169,9 @@
     case SecCertificate:
         encode(encoder, (SecCertificateRef)typeRef);
         return;
-#if PLATFORM(IOS)
     case SecIdentity:
         encode(encoder, (SecIdentityRef)(typeRef));
         return;
-#endif
 #if HAVE(SEC_KEYCHAIN)
     case SecKeychainItem:
         encode(encoder, (SecKeychainItemRef)typeRef);
@@ -270,7 +264,6 @@
         result = adoptCF(certificate.leakRef());
         return true;
     }
-#if PLATFORM(IOS)
     case SecIdentity: {
         RetainPtr<SecIdentityRef> identity;
         if (!decode(decoder, identity))
@@ -278,7 +271,6 @@
         result = adoptCF(identity.leakRef());
         return true;
     }
-#endif
 #if HAVE(SEC_KEYCHAIN)
     case SecKeychainItem: {
         RetainPtr<SecKeychainItemRef> keychainItem;

Modified: trunk/Source/WebKit2/Shared/mac/WebCoreArgumentCodersMac.mm (175373 => 175374)

--- trunk/Source/WebKit2/Shared/mac/WebCoreArgumentCodersMac.mm	2014-10-30 17:39:52 UTC (rev 175373)
+++ trunk/Source/WebKit2/Shared/mac/WebCoreArgumentCodersMac.mm	2014-10-30 18:48:43 UTC (rev 175374)
@@ -198,6 +198,19 @@
             CFDictionarySetValue(filteredUserInfo.get(), key, value);
     }];
 
+    if (NSArray *clientIdentityAndCertificates = [userInfo objectForKey:@"NSErrorClientCertificateChainKey"]) {
+        ASSERT([clientIdentityAndCertificates isKindOfClass:[NSArray class]]);
+        ASSERT(^{
+            for (id object in clientIdentityAndCertificates) {
+                if (CFGetTypeID(object) != SecIdentityGetTypeID() && CFGetTypeID(object) != SecCertificateGetTypeID())
+                    return false;
+            }
+            return true;
+        }());
+
+        CFDictionarySetValue(filteredUserInfo.get(), @"NSErrorClientCertificateChainKey", clientIdentityAndCertificates);
+    };
+
     IPC::encode(encoder, filteredUserInfo.get());
 
     id peerCertificateChain = [userInfo objectForKey:@"NSErrorPeerCertificateChainKey"];

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes