Title: [175270] trunk/Source/WebKit2
- Revision
- 175270
- Author
- m...@apple.com
- Date
- 2014-10-28 13:01:47 -0700 (Tue, 28 Oct 2014)
Log Message
[Cocoa] REGERESSION (r171801): Client certificate authentication is failing
https://bugs.webkit.org/show_bug.cgi?id=138144
Reviewed by Alexey Proskuryakov.
NSURLCredential’s implementation of NSSecureCoding fails to encode identity-based
credentials properly. Work around that by encoding the identity, certificate, and
persistence individually.
* Shared/mac/WebCoreArgumentCodersMac.mm:
(IPC::ArgumentCoder<Credential>::encodePlatformData):
(IPC::ArgumentCoder<Credential>::decodePlatformData):
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (175269 => 175270)
--- trunk/Source/WebKit2/ChangeLog 2014-10-28 19:57:55 UTC (rev 175269)
+++ trunk/Source/WebKit2/ChangeLog 2014-10-28 20:01:47 UTC (rev 175270)
@@ -1,3 +1,18 @@
+2014-10-28 Dan Bernstein <m...@apple.com>
+
+ [Cocoa] REGERESSION (r171801): Client certificate authentication is failing
+ https://bugs.webkit.org/show_bug.cgi?id=138144
+
+ Reviewed by Alexey Proskuryakov.
+
+ NSURLCredential’s implementation of NSSecureCoding fails to encode identity-based
+ credentials properly. Work around that by encoding the identity, certificate, and
+ persistence individually.
+
+ * Shared/mac/WebCoreArgumentCodersMac.mm:
+ (IPC::ArgumentCoder<Credential>::encodePlatformData):
+ (IPC::ArgumentCoder<Credential>::decodePlatformData):
+
2014-10-28 Joseph Pecoraro <pecor...@apple.com>
[iOS] iPhone should not allow selecting <optgroup> in <select multiple>
Modified: trunk/Source/WebKit2/Shared/mac/WebCoreArgumentCodersMac.mm (175269 => 175270)
--- trunk/Source/WebKit2/Shared/mac/WebCoreArgumentCodersMac.mm 2014-10-28 19:57:55 UTC (rev 175269)
+++ trunk/Source/WebKit2/Shared/mac/WebCoreArgumentCodersMac.mm 2014-10-28 20:01:47 UTC (rev 175270)
@@ -282,16 +282,60 @@
void ArgumentCoder<Credential>::encodePlatformData(ArgumentEncoder& encoder, const Credential& credential)
{
+ NSURLCredential *nsCredential = credential.nsCredential();
+ // NSURLCredential doesn't serialize identities correctly, so we encode the pieces individually in the identity case.
+ if (SecIdentityRef identity = nsCredential.identity) {
+ encoder << true;
+ IPC::encode(encoder, identity);
+
+ if (NSArray *certificates = nsCredential.certificates) {
+ encoder << true;
+ IPC::encode(encoder, reinterpret_cast<CFArrayRef>(certificates));
+ } else
+ encoder << false;
+
+ encoder << static_cast<uint64_t>(nsCredential.persistence);
+ return;
+ }
+
+ encoder << false;
RetainPtr<NSMutableData> data = "" alloc] init]);
RetainPtr<NSKeyedArchiver> archiver = adoptNS([[NSKeyedArchiver alloc] initForWritingWithMutableData:data.get()]);
[archiver setRequiresSecureCoding:YES];
- [archiver encodeObject:credential.nsCredential() forKey:@"credential"];
+ [archiver encodeObject:nsCredential forKey:@"credential"];
[archiver finishEncoding];
IPC::encode(encoder, reinterpret_cast<CFDataRef>(data.get()));
}
bool ArgumentCoder<Credential>::decodePlatformData(ArgumentDecoder& decoder, Credential& credential)
{
+ bool hasIdentity;
+ if (!decoder.decode(hasIdentity))
+ return false;
+
+ if (hasIdentity) {
+ RetainPtr<SecIdentityRef> identity;
+ if (!IPC::decode(decoder, identity))
+ return false;
+
+ RetainPtr<CFArrayRef> certificates;
+ bool hasCertificates;
+ if (!decoder.decode(hasCertificates))
+ return false;
+
+ if (hasCertificates) {
+ if (!IPC::decode(decoder, certificates))
+ return false;
+ }
+
+ uint64_t persistence;
+ if (!decoder.decode(persistence))
+ return false;
+
+ credential = Credential(adoptNS([[NSURLCredential alloc] initWithIdentity:identity.get() certificates:(NSArray *)certificates.get() persistence:(NSURLCredentialPersistence)persistence]).get());
+ return true;
+ }
+
RetainPtr<CFDataRef> data;
if (!IPC::decode(decoder, data))
return false;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes