Changeset 175374 in webkit

Timestamp:

Oct 30, 2014, 11:48:43 AM (11 years ago)

Author:

mitz@apple.com

Message:

When a client certificate is rejected, Safari says the website didn’t accept the certificate “unknown” instead of naming the certificate
​https://bugs.webkit.org/show_bug.cgi?id=138216

Reviewed by Alexey Proskuryakov.

• Shared/cf/ArgumentCodersCF.cpp:

(IPC::typeFromCFTypeRef): Remove no-longer-necessary platform guards around SecIdentityRef.
(IPC::encode): Ditto.
(IPC::decode): Ditto.

• Shared/mac/WebCoreArgumentCodersMac.mm:

(IPC::ArgumentCoder<ResourceError>::encodePlatformData): If NSErrorClientCertificateChainKey
is present in the error’s userInfo dictionary, assert that it’s an array of identities and
certificates, and include it in the filtered dictionary.

Location:

trunk/Source/WebKit2

Files:

• ChangeLog (modified) (1 diff)
• Shared/cf/ArgumentCodersCF.cpp (modified) (5 diffs)
• Shared/mac/WebCoreArgumentCodersMac.mm (modified) (1 diff)

trunk/Source/WebKit2/ChangeLog

@@ +1 @@
+2014-10-30  Dan Bernstein  <mitz@apple.com>
+
+        When a client certificate is rejected, Safari says the website didn’t accept the certificate “unknown” instead of naming the certificate
+        https://bugs.webkit.org/show_bug.cgi?id=138216
+
+        Reviewed by Alexey Proskuryakov.
+
+        * Shared/cf/ArgumentCodersCF.cpp:
+        (IPC::typeFromCFTypeRef): Remove no-longer-necessary platform guards around SecIdentityRef.
+        (IPC::encode): Ditto.
+        (IPC::decode): Ditto.
+        * Shared/mac/WebCoreArgumentCodersMac.mm:
+        (IPC::ArgumentCoder<ResourceError>::encodePlatformData): If NSErrorClientCertificateChainKey
+        is present in the error’s userInfo dictionary, assert that it’s an array of identities and
+        certificates, and include it in the filtered dictionary.
+
 2014-10-29  Hunseop Jeong  <hs85.jeong@samsung.com>
 

trunk/Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp

@@ -81 +81 @@
     CFURL,
     SecCertificate,
-#if PLATFORM(IOS)
     SecIdentity,
-#endif
 #if HAVE(SEC_KEYCHAIN)
     SecKeychainItem,
@@ -122 +120 @@
     if (typeID == SecCertificateGetTypeID())
         return SecCertificate;
-#if PLATFORM(IOS)
     if (typeID == SecIdentityGetTypeID())
         return SecIdentity;
-#endif
 #if HAVE(SEC_KEYCHAIN)
     if (typeID == SecKeychainItemGetTypeID())
@@ -174 +170 @@
         encode(encoder, (SecCertificateRef)typeRef);
         return;
-#if PLATFORM(IOS)
     case SecIdentity:
         encode(encoder, (SecIdentityRef)(typeRef));
         return;
-#endif
 #if HAVE(SEC_KEYCHAIN)
     case SecKeychainItem:
@@ -271 +265 @@
         return true;
     }
-#if PLATFORM(IOS)
     case SecIdentity: {
         RetainPtr<SecIdentityRef> identity;
@@ -279 +272 @@
         return true;
     }
-#endif
 #if HAVE(SEC_KEYCHAIN)
     case SecKeychainItem: {

trunk/Source/WebKit2/Shared/mac/WebCoreArgumentCodersMac.mm

@@ -199 +199 @@
     }];
 
+    if (NSArray *clientIdentityAndCertificates = [userInfo objectForKey:@"NSErrorClientCertificateChainKey"]) {
+        ASSERT([clientIdentityAndCertificates isKindOfClass:[NSArray class]]);
+        ASSERT(^{
+            for (id object in clientIdentityAndCertificates) {
+                if (CFGetTypeID(object) != SecIdentityGetTypeID() && CFGetTypeID(object) != SecCertificateGetTypeID())
+                    return false;
+            }
+            return true;
+        }());
+
+        CFDictionarySetValue(filteredUserInfo.get(), @"NSErrorClientCertificateChainKey", clientIdentityAndCertificates);
+    };
+
     IPC::encode(encoder, filteredUserInfo.get());