- Revision
- 233035
- Author
- zandober...@gmail.com
- Date
- 2018-06-21 04:03:58 -0700 (Thu, 21 Jun 2018)
Log Message
[GTK] WebDriver: allow applying host-specific TLS certificates for automated sessions
https://bugs.webkit.org/show_bug.cgi?id=186884
Reviewed by Carlos Garcia Campos.
Source/_javascript_Core:
Add a tuple array input parameter to the StartAutomationSession DBus
message, representing a list of host-and-certificate pairs that have to
be allowed for a given session. This array is then unpacked and used to
fill out the certificates Vector object in the SessionCapabilities
struct.
* inspector/remote/RemoteInspector.h: Add a GLib-specific Vector of
String pairs representing hosts and the certificate file paths.
* inspector/remote/glib/RemoteInspectorServer.cpp:
Source/WebDriver:
Start handling the 'certificates' capability for the GTK+ port. This is
a list of host-certificate pairs that should be marked as allowed for a
given automation session. This object should be positioned inside the
'webkitgtk:browserOptions' dictionary in the capabilities JSON.
* Capabilities.h:
* glib/SessionHostGlib.cpp:
(WebDriver::SessionHost::startAutomationSession): Include any
host-certificate pairs in the StartAutomationSession DBus message.
* gtk/WebDriverServiceGtk.cpp:
(WebDriver::WebDriverService::platformValidateCapability const):
Properly validate the 'certificates' value, if present.
(WebDriver::WebDriverService::platformParseCapabilities const):
Properly parse the 'certificates' value, if present, and extract the
host-certificate pairs.
Source/WebKit:
* UIProcess/API/glib/WebKitAutomationSession.cpp:
(webkitAutomationSessionCreate): Handle any host-certificate pair that's
been set for this session, creating a GTlsCertificate object through
loading from the specified certificate path and marking that certificate
as allowed for the specified host through the
webkit_web_context_allow_tls_certificate_for_host() API.
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (233034 => 233035)
--- trunk/Source/_javascript_Core/ChangeLog 2018-06-21 11:01:08 UTC (rev 233034)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-06-21 11:03:58 UTC (rev 233035)
@@ -1,3 +1,20 @@
+2018-06-21 Zan Dobersek <zdober...@igalia.com>
+
+ [GTK] WebDriver: allow applying host-specific TLS certificates for automated sessions
+ https://bugs.webkit.org/show_bug.cgi?id=186884
+
+ Reviewed by Carlos Garcia Campos.
+
+ Add a tuple array input parameter to the StartAutomationSession DBus
+ message, representing a list of host-and-certificate pairs that have to
+ be allowed for a given session. This array is then unpacked and used to
+ fill out the certificates Vector object in the SessionCapabilities
+ struct.
+
+ * inspector/remote/RemoteInspector.h: Add a GLib-specific Vector of
+ String pairs representing hosts and the certificate file paths.
+ * inspector/remote/glib/RemoteInspectorServer.cpp:
+
2018-06-20 Keith Miller <keith_mil...@apple.com>
Expand concurrent GC assertion to accept JSValue() or 0
Modified: trunk/Source/_javascript_Core/inspector/remote/RemoteInspector.h (233034 => 233035)
--- trunk/Source/_javascript_Core/inspector/remote/RemoteInspector.h 2018-06-21 11:01:08 UTC (rev 233034)
+++ trunk/Source/_javascript_Core/inspector/remote/RemoteInspector.h 2018-06-21 11:03:58 UTC (rev 233035)
@@ -27,6 +27,7 @@
#if ENABLE(REMOTE_INSPECTOR)
+#include <utility>
#include <wtf/Forward.h>
#include <wtf/HashMap.h>
#include <wtf/Lock.h>
@@ -74,6 +75,9 @@
struct SessionCapabilities {
bool acceptInsecureCertificates { false };
+#if USE(GLIB)
+ Vector<std::pair<String, String>> certificates;
+#endif
#if PLATFORM(COCOA)
std::optional<bool> allowInsecureMediaCapture;
std::optional<bool> suppressICECandidateFiltering;
Modified: trunk/Source/_javascript_Core/inspector/remote/glib/RemoteInspectorServer.cpp (233034 => 233035)
--- trunk/Source/_javascript_Core/inspector/remote/glib/RemoteInspectorServer.cpp 2018-06-21 11:01:08 UTC (rev 233034)
+++ trunk/Source/_javascript_Core/inspector/remote/glib/RemoteInspectorServer.cpp 2018-06-21 11:03:58 UTC (rev 233035)
@@ -80,6 +80,7 @@
" <method name='StartAutomationSession'>"
" <arg type='s' name='sessionID' direction='in'/>"
" <arg type='b' name='acceptInsecureCertificates' direction='in'/>"
+ " <arg type='a(ss)' name='certificates' direction='in'/>"
" <arg type='s' name='browserName' direction='out'/>"
" <arg type='s' name='browserVersion' direction='out'/>"
" </method>"
@@ -124,9 +125,15 @@
} else if (!g_strcmp0(methodName, "StartAutomationSession")) {
const char* sessionID;
gboolean acceptInsecureCertificates;
- g_variant_get(parameters, "(&sb)", &sessionID, &acceptInsecureCertificates);
+ GUniqueOutPtr<GVariantIter> certificates;
+ g_variant_get(parameters, "(&sba(ss))", &sessionID, &acceptInsecureCertificates, &certificates.outPtr());
RemoteInspector::Client::SessionCapabilities capabilities;
capabilities.acceptInsecureCertificates = acceptInsecureCertificates;
+ capabilities.certificates.reserveCapacity(g_variant_iter_n_children(certificates.get()));
+ const char* host;
+ const char* certificateFile;
+ while (g_variant_iter_loop(certificates.get(), "(&s&s)", &host, &certificateFile))
+ capabilities.certificates.uncheckedAppend({ String::fromUTF8(host), String::fromUTF8(certificateFile) });
inspectorServer->startAutomationSession(connection, sessionID, capabilities);
auto clientCapabilities = RemoteInspector::singleton().clientCapabilities();
g_dbus_method_invocation_return_value(invocation, g_variant_new("(ss)",
Modified: trunk/Source/WebDriver/Capabilities.h (233034 => 233035)
--- trunk/Source/WebDriver/Capabilities.h 2018-06-21 11:01:08 UTC (rev 233034)
+++ trunk/Source/WebDriver/Capabilities.h 2018-06-21 11:03:58 UTC (rev 233035)
@@ -25,6 +25,7 @@
#pragma once
+#include <utility>
#include <wtf/Forward.h>
#include <wtf/Seconds.h>
#include <wtf/Vector.h>
@@ -64,6 +65,7 @@
#if PLATFORM(GTK) || PLATFORM(WPE)
std::optional<String> browserBinary;
std::optional<Vector<String>> browserArguments;
+ std::optional<Vector<std::pair<String, String>>> certificates;
#endif
#if PLATFORM(GTK)
std::optional<bool> useOverlayScrollbars;
Modified: trunk/Source/WebDriver/ChangeLog (233034 => 233035)
--- trunk/Source/WebDriver/ChangeLog 2018-06-21 11:01:08 UTC (rev 233034)
+++ trunk/Source/WebDriver/ChangeLog 2018-06-21 11:03:58 UTC (rev 233035)
@@ -1,3 +1,26 @@
+2018-06-21 Zan Dobersek <zdober...@igalia.com>
+
+ [GTK] WebDriver: allow applying host-specific TLS certificates for automated sessions
+ https://bugs.webkit.org/show_bug.cgi?id=186884
+
+ Reviewed by Carlos Garcia Campos.
+
+ Start handling the 'certificates' capability for the GTK+ port. This is
+ a list of host-certificate pairs that should be marked as allowed for a
+ given automation session. This object should be positioned inside the
+ 'webkitgtk:browserOptions' dictionary in the capabilities JSON.
+
+ * Capabilities.h:
+ * glib/SessionHostGlib.cpp:
+ (WebDriver::SessionHost::startAutomationSession): Include any
+ host-certificate pairs in the StartAutomationSession DBus message.
+ * gtk/WebDriverServiceGtk.cpp:
+ (WebDriver::WebDriverService::platformValidateCapability const):
+ Properly validate the 'certificates' value, if present.
+ (WebDriver::WebDriverService::platformParseCapabilities const):
+ Properly parse the 'certificates' value, if present, and extract the
+ host-certificate pairs.
+
2018-06-14 Carlos Garcia Campos <cgar...@igalia.com>
[GTK][WPE] WebDriver: handle acceptInsecureCertificates capability
Modified: trunk/Source/WebDriver/glib/SessionHostGlib.cpp (233034 => 233035)
--- trunk/Source/WebDriver/glib/SessionHostGlib.cpp 2018-06-21 11:01:08 UTC (rev 233034)
+++ trunk/Source/WebDriver/glib/SessionHostGlib.cpp 2018-06-21 11:03:58 UTC (rev 233035)
@@ -267,11 +267,19 @@
ASSERT(!m_startSessionCompletionHandler);
m_startSessionCompletionHandler = WTFMove(completionHandler);
m_sessionID = createCanonicalUUIDString();
+ GVariantBuilder builder;
+ g_variant_builder_init(&builder, G_VARIANT_TYPE("a(ss)"));
+ if (m_capabilities.certificates) {
+ for (auto& certificate : *m_capabilities.certificates) {
+ g_variant_builder_add_value(&builder, g_variant_new("(ss)",
+ certificate.first.utf8().data(), certificate.second.utf8().data()));
+ }
+ }
g_dbus_connection_call(m_dbusConnection.get(), nullptr,
INSPECTOR_DBUS_OBJECT_PATH,
INSPECTOR_DBUS_INTERFACE,
"StartAutomationSession",
- g_variant_new("(sb)", m_sessionID.utf8().data(), m_capabilities.acceptInsecureCerts.value_or(false)),
+ g_variant_new("(sba(ss))", m_sessionID.utf8().data(), m_capabilities.acceptInsecureCerts.value_or(false), &builder),
nullptr, G_DBUS_CALL_FLAGS_NO_AUTO_START,
-1, m_cancellable.get(), [](GObject* source, GAsyncResult* result, gpointer userData) {
GUniqueOutPtr<GError> error;
Modified: trunk/Source/WebDriver/gtk/WebDriverServiceGtk.cpp (233034 => 233035)
--- trunk/Source/WebDriver/gtk/WebDriverServiceGtk.cpp 2018-06-21 11:01:08 UTC (rev 233034)
+++ trunk/Source/WebDriver/gtk/WebDriverServiceGtk.cpp 2018-06-21 11:03:58 UTC (rev 233035)
@@ -77,6 +77,31 @@
}
}
+ RefPtr<JSON::Value> certificatesValue;
+ if (browserOptions->getValue(ASCIILiteral("certificates"), certificatesValue)) {
+ RefPtr<JSON::Array> certificates;
+ if (!certificatesValue->asArray(certificates))
+ return false;
+
+ unsigned certificatesLength = certificates->length();
+ for (unsigned i = 0; i < certificatesLength; ++i) {
+ RefPtr<JSON::Value> certificateValue = certificates->get(i);
+ RefPtr<JSON::Object> certificate;
+ if (!certificateValue->asObject(certificate))
+ return false;
+
+ RefPtr<JSON::Value> hostValue;
+ String host;
+ if (!certificate->getValue(ASCIILiteral("host"), hostValue) || !hostValue->asString(host))
+ return false;
+
+ RefPtr<JSON::Value> certificateFileValue;
+ String certificateFile;
+ if (!certificate->getValue(ASCIILiteral("certificateFile"), certificateFileValue) || !certificateFileValue->asString(certificateFile))
+ return false;
+ }
+ }
+
return true;
}
@@ -118,6 +143,29 @@
capabilities.useOverlayScrollbars = useOverlayScrollbars;
else
capabilities.useOverlayScrollbars = true;
+
+ RefPtr<JSON::Array> certificates;
+ if (browserOptions->getArray(ASCIILiteral("certificates"), certificates) && certificates->length()) {
+ unsigned certificatesLength = certificates->length();
+ capabilities.certificates = Vector<std::pair<String, String>>();
+ capabilities.certificates->reserveInitialCapacity(certificatesLength);
+ for (unsigned i = 0; i < certificatesLength; ++i) {
+ RefPtr<JSON::Value> value = certificates->get(i);
+ RefPtr<JSON::Object> certificate;
+ value->asObject(certificate);
+ ASSERT(certificate);
+
+ String host;
+ certificate->getString(ASCIILiteral("host"), host);
+ ASSERT(!host.isNull());
+
+ String certificateFile;
+ certificate->getString(ASCIILiteral("certificateFile"), certificateFile);
+ ASSERT(!certificateFile.isNull());
+
+ capabilities.certificates->uncheckedAppend({ WTFMove(host), WTFMove(certificateFile) });
+ }
+ }
}
} // namespace WebDriver
Modified: trunk/Source/WebKit/ChangeLog (233034 => 233035)
--- trunk/Source/WebKit/ChangeLog 2018-06-21 11:01:08 UTC (rev 233034)
+++ trunk/Source/WebKit/ChangeLog 2018-06-21 11:03:58 UTC (rev 233035)
@@ -1,3 +1,17 @@
+2018-06-21 Zan Dobersek <zdober...@igalia.com>
+
+ [GTK] WebDriver: allow applying host-specific TLS certificates for automated sessions
+ https://bugs.webkit.org/show_bug.cgi?id=186884
+
+ Reviewed by Carlos Garcia Campos.
+
+ * UIProcess/API/glib/WebKitAutomationSession.cpp:
+ (webkitAutomationSessionCreate): Handle any host-certificate pair that's
+ been set for this session, creating a GTlsCertificate object through
+ loading from the specified certificate path and marking that certificate
+ as allowed for the specified host through the
+ webkit_web_context_allow_tls_certificate_for_host() API.
+
2018-06-21 Chris Dumez <cdu...@apple.com>
Regression(r226990) : Crash under WebCore::Page::applicationWillResignActive
Modified: trunk/Source/WebKit/UIProcess/API/glib/WebKitAutomationSession.cpp (233034 => 233035)
--- trunk/Source/WebKit/UIProcess/API/glib/WebKitAutomationSession.cpp 2018-06-21 11:01:08 UTC (rev 233034)
+++ trunk/Source/WebKit/UIProcess/API/glib/WebKitAutomationSession.cpp 2018-06-21 11:03:58 UTC (rev 233035)
@@ -294,6 +294,11 @@
session->priv->webContext = webContext;
if (capabilities.acceptInsecureCertificates)
webkit_web_context_set_tls_errors_policy(webContext, WEBKIT_TLS_ERRORS_POLICY_IGNORE);
+ for (auto& certificate : capabilities.certificates) {
+ GRefPtr<GTlsCertificate> tlsCertificate = adoptGRef(g_tls_certificate_new_from_file(certificate.second.utf8().data(), nullptr));
+ if (tlsCertificate)
+ webkit_web_context_allow_tls_certificate_for_host(webContext, tlsCertificate.get(), certificate.first.utf8().data());
+ }
return session;
}