Changeset 175495 in webkit

Timestamp:

Nov 3, 2014, 4:17:25 PM (11 years ago)

Author:

mitz@apple.com

Message:

Client certificate credentials with session persistence don’t work
​https://bugs.webkit.org/show_bug.cgi?id=138330

Reviewed by Alexey Proskuryakov.

I think this is not testable with our test HTTP server.

• platform/network/CredentialStorage.cpp:

(WebCore::CredentialStorage::set): Don’t require a valid URL for client certificate
credentials, since they don’t apply to a specific path. Don’t save such credentials to
CFNetwork’s persistent storage (we only do that as a workaround for sharing credentials
with the media framework, and we don’t want to expand the scope of the workaround).

• platform/network/cf/ResourceHandleCFNet.cpp:

(WebCore::ResourceHandle::receivedCredential): Changed to use the Credential consturctor
that takes a Credential and a new persistence, so that this code works not only with
user+password credentials.

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• platform/network/CredentialStorage.cpp (modified) (1 diff)
• platform/network/cf/ResourceHandleCFNet.cpp (modified) (1 diff)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2014-11-03  Dan Bernstein  <mitz@apple.com>
+
+        Client certificate credentials with session persistence don’t work
+        https://bugs.webkit.org/show_bug.cgi?id=138330
+
+        Reviewed by Alexey Proskuryakov.
+
+        I think this is not testable with our test HTTP server.
+
+        * platform/network/CredentialStorage.cpp:
+        (WebCore::CredentialStorage::set): Don’t require a valid URL for client certificate
+        credentials, since they don’t apply to a specific path. Don’t save such credentials to
+        CFNetwork’s persistent storage (we only do that as a workaround for sharing credentials
+        with the media framework, and we don’t want to expand the scope of the workaround).
+        * platform/network/cf/ResourceHandleCFNet.cpp:
+        (WebCore::ResourceHandle::receivedCredential): Changed to use the Credential consturctor
+        that takes a Credential and a new persistence, so that this code works not only with
+        user+password credentials.
+
 2014-11-03  Simon Fraser  <simon.fraser@apple.com>
 

trunk/Source/WebCore/platform/network/CredentialStorage.cpp

@@ -94 +94 @@
 void CredentialStorage::set(const Credential& credential, const ProtectionSpace& protectionSpace, const URL& url)
 {
-    ASSERT(protectionSpace.isProxy() || url.protocolIsInHTTPFamily());
-    ASSERT(protectionSpace.isProxy() || url.isValid());
+    ASSERT(protectionSpace.isProxy() || protectionSpace.authenticationScheme() == ProtectionSpaceAuthenticationSchemeClientCertificateRequested || url.protocolIsInHTTPFamily());
+    ASSERT(protectionSpace.isProxy() || protectionSpace.authenticationScheme() == ProtectionSpaceAuthenticationSchemeClientCertificateRequested || url.isValid());
 
     protectionSpaceToCredentialMap().set(protectionSpace, credential);
 
 #if PLATFORM(IOS)
-    saveToPersistentStorage(protectionSpace, credential);
+    if (protectionSpace.authenticationScheme() != ProtectionSpaceAuthenticationSchemeClientCertificateRequested)
+        saveToPersistentStorage(protectionSpace, credential);
 #endif
 
-    if (!protectionSpace.isProxy()) {
+    if (!protectionSpace.isProxy() && protectionSpace.authenticationScheme() != ProtectionSpaceAuthenticationSchemeClientCertificateRequested) {
         originsWithCredentials().add(originStringFromURL(url));
 

trunk/Source/WebCore/platform/network/cf/ResourceHandleCFNet.cpp

@@ -425 +425 @@
         // Manage per-session credentials internally, because once NSURLCredentialPersistencePerSession is used, there is no way
         // to ignore it for a particular request (short of removing it altogether).
-        Credential webCredential(credential.user(), credential.password(), CredentialPersistenceNone);
+        Credential webCredential(credential, CredentialPersistenceNone);
 
         URL urlToStore;