Changeset 200816 in webkit

Timestamp:

May 12, 2016, 11:37:09 PM (9 years ago)

Author:

bshafiei@apple.com

Message:

Roll out r200463. rdar://problem/26260800

Location:

branches/safari-602.1.32-branch/Source

Files:

• WTF/ChangeLog (modified) (1 diff)
• WTF/wtf/Platform.h (modified) (1 diff)
• WTF/wtf/spi/cocoa/SecuritySPI.h (modified) (2 diffs)
• WebCore/ChangeLog (modified) (1 diff)
• WebCore/platform/network/cf/CertificateInfo.h (modified) (2 diffs)
• WebCore/platform/network/cocoa/ResourceResponseCocoa.mm (modified) (1 diff)
• WebCore/platform/network/mac/CertificateInfoMac.mm (modified) (2 diffs)
• WebKit2/ChangeLog (modified) (1 diff)
• WebKit2/Shared/API/c/mac/WKCertificateInfoMac.h (modified) (2 diffs)
• WebKit2/Shared/API/c/mac/WKCertificateInfoMac.mm (modified) (1 diff)
• WebKit2/Shared/Authentication/mac/AuthenticationManager.mac.mm (modified) (2 diffs)
• WebKit2/Shared/cf/ArgumentCodersCF.cpp (modified) (6 diffs)
• WebKit2/Shared/cf/ArgumentCodersCF.h (modified) (2 diffs)
• WebKit2/Shared/mac/WebCoreArgumentCodersMac.mm (modified) (4 diffs)
• WebKit2/UIProcess/API/Cocoa/WKWebView.h (modified) (2 diffs)
• WebKit2/UIProcess/API/Cocoa/WKWebView.mm (modified) (2 diffs)
• WebKit2/UIProcess/Cocoa/NavigationState.mm (modified) (2 diffs)
• WebKit2/WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInFrame.mm (modified) (1 diff)
• WebKit2/WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInFramePrivate.h (modified) (1 diff)

branches/safari-602.1.32-branch/Source/WTF/ChangeLog

@@ +1 @@
+2016-05-12  Babak Shafiei  <bshafiei@apple.com>
+
+        Roll out r200463.
+
 2016-05-08  Chris Dumez  <cdumez@apple.com>
 

branches/safari-602.1.32-branch/Source/WTF/wtf/Platform.h

@@ -1147 +1147 @@
 #endif
 
-#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200) || (PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 100000)
-#define HAVE_SEC_TRUST_SERIALIZATION 1
-#endif
 
 #if !defined(WTF_DEFAULT_EVENT_LOOP)

branches/safari-602.1.32-branch/Source/WTF/wtf/spi/cocoa/SecuritySPI.h

@@ -31 +31 @@
 #include <Security/SecCertificatePriv.h>
 #include <Security/SecTask.h>
-#include <Security/SecTrustPriv.h>
 
 #else
@@ -59 +58 @@
 EXTERN_C CFTypeRef SecTaskCopyValueForEntitlement(SecTaskRef, CFStringRef entitlement, CFErrorRef *);
 
-#if HAVE(SEC_TRUST_SERIALIZATION)
-EXTERN_C CF_RETURNS_RETAINED CFDataRef SecTrustSerialize(SecTrustRef, CFErrorRef *);
-EXTERN_C CF_RETURNS_RETAINED SecTrustRef SecTrustDeserialize(CFDataRef serializedTrust, CFErrorRef *);
-#endif
-
 #endif // SecuritySPI_h

branches/safari-602.1.32-branch/Source/WebCore/ChangeLog

@@ +1 @@
+2016-05-12  Babak Shafiei  <bshafiei@apple.com>
+
+        Roll out r200463.
+
 2016-05-12  Babak Shafiei  <bshafiei@apple.com>
 

branches/safari-602.1.32-branch/Source/WebCore/platform/network/cf/CertificateInfo.h

@@ -30 +30 @@
 #include <wtf/RetainPtr.h>
 
-#if HAVE(SEC_TRUST_SERIALIZATION)
-#include <Security/SecTrust.h>
-#endif
-
 namespace WebCore {
 
 class CertificateInfo {
 public:
-     CertificateInfo() = default;
- 
-    enum class Type {
-        None,
-        CertificateChain,
-#if HAVE(SEC_TRUST_SERIALIZATION)
-        Trust,
-#endif
-    };
+    CertificateInfo() { }
+    CertificateInfo(RetainPtr<CFArrayRef> certificateChain)
+        : m_certificateChain(certificateChain)
+    { }
 
-#if HAVE(SEC_TRUST_SERIALIZATION)
-    explicit CertificateInfo(RetainPtr<SecTrustRef>&& trust)
-        : m_trust(WTFMove(trust))
-    {
-    }
- 
-    SecTrustRef trust() const { return m_trust.get(); }
-#endif
+    void setCertificateChain(CFArrayRef certificateChain) { m_certificateChain = certificateChain; }
+    CFArrayRef certificateChain() const { return m_certificateChain.get(); }
 
-    CertificateInfo(RetainPtr<CFArrayRef>&& certificateChain)
-        : m_certificateChain(WTFMove(certificateChain))
-    {
-    }
-
-    WEBCORE_EXPORT CFArrayRef certificateChain() const;
-
-    WEBCORE_EXPORT Type type() const;
     WEBCORE_EXPORT bool containsNonRootSHA1SignedCertificate() const;
-
-    bool isEmpty() const { return type() == Type::None; }
-
-#if PLATFORM(COCOA)
-    static RetainPtr<CFArrayRef> certificateChainFromSecTrust(SecTrustRef);
-#endif
 
 #ifndef NDEBUG
@@ -78 +49 @@
 
 private:
-#if HAVE(SEC_TRUST_SERIALIZATION)
-    RetainPtr<SecTrustRef> m_trust;
-#endif
-    mutable RetainPtr<CFArrayRef> m_certificateChain;
+    RetainPtr<CFArrayRef> m_certificateChain;
 };
 
 }
+
 #endif

branches/safari-602.1.32-branch/Source/WebCore/platform/network/cocoa/ResourceResponseCocoa.mm

@@ -100 +100 @@
     }
 
-#if HAVE(SEC_TRUST_SERIALIZATION)
-    return CertificateInfo(trust);
-#else
-    return CertificateInfo(CertificateInfo::certificateChainFromSecTrust(trust));
-#endif
+    CFIndex count = SecTrustGetCertificateCount(trust);
+    auto certificateChain = CFArrayCreateMutable(0, count, &kCFTypeArrayCallBacks);
+    for (CFIndex i = 0; i < count; i++)
+        CFArrayAppendValue(certificateChain, SecTrustGetCertificateAtIndex(trust, i));
+
+    return CertificateInfo(adoptCF(certificateChain));
 }
 

branches/safari-602.1.32-branch/Source/WebCore/platform/network/mac/CertificateInfoMac.mm

@@ -32 +32 @@
 namespace WebCore {
 
-#if PLATFORM(COCOA)
-RetainPtr<CFArrayRef> CertificateInfo::certificateChainFromSecTrust(SecTrustRef trust)
-{
-    auto count = SecTrustGetCertificateCount(trust);
-    auto certificateChain = CFArrayCreateMutable(0, count, &kCFTypeArrayCallBacks);
-    for (CFIndex i = 0; i < count; i++)
-        CFArrayAppendValue(certificateChain, SecTrustGetCertificateAtIndex(trust, i));
-    return adoptCF((CFArrayRef)certificateChain);
-}
-#endif
-
-CertificateInfo::Type CertificateInfo::type() const
-{
-#if HAVE(SEC_TRUST_SERIALIZATION)
-    if (m_trust)
-        return Type::Trust;
-#endif
-    if (m_certificateChain)
-        return Type::CertificateChain;
-    return Type::None;
-}
-
-CFArrayRef CertificateInfo::certificateChain() const
-{
-#if HAVE(SEC_TRUST_SERIALIZATION)
-    if (m_certificateChain)
-        return m_certificateChain.get();
-
-    if (m_trust) 
-        m_certificateChain = CertificateInfo::certificateChainFromSecTrust(m_trust.get());
-#endif
-
-    return m_certificateChain.get();
-}
-
 bool CertificateInfo::containsNonRootSHA1SignedCertificate() const
 {
-#if HAVE(SEC_TRUST_SERIALIZATION)
-    if (m_trust) {
-        // Allow only the root certificate (the last in the chain) to be SHA1.
-        for (CFIndex i = 0, size = SecTrustGetCertificateCount(trust()) - 1; i < size; ++i) {
-            auto certificate = SecTrustGetCertificateAtIndex(trust(), i);
-            if (SecCertificateGetSignatureHashAlgorithm(certificate) == kSecSignatureHashAlgorithmSHA1)
-                return true;
-        }
+#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101100) || PLATFORM(IOS)
+    if (!m_certificateChain)
+        return false;
 
-        return false;
+    for (CFIndex i = 0, size = CFArrayGetCount(m_certificateChain.get()) - 1; i < size; ++i) {
+        SecCertificateRef certificate = (SecCertificateRef)CFArrayGetValueAtIndex(m_certificateChain.get(), i);
+        if (SecCertificateGetSignatureHashAlgorithm(certificate) == kSecSignatureHashAlgorithmSHA1)
+            return true;
     }
-#endif
-
-#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101100) || PLATFORM(IOS)
-    if (m_certificateChain) {
-        // Allow only the root certificate (the last in the chain) to be SHA1.
-        for (CFIndex i = 0, size = CFArrayGetCount(m_certificateChain.get()) - 1; i < size; ++i) {
-            auto certificate = (SecCertificateRef)CFArrayGetValueAtIndex(m_certificateChain.get(), i);
-            if (SecCertificateGetSignatureHashAlgorithm(certificate) == kSecSignatureHashAlgorithmSHA1)
-                return true;
-        }
-        return false;
-    }
+    return false;
 #else
     notImplemented();
+    return false;
 #endif
-
-    return false;
 }
 
@@ -102 +53 @@
 void CertificateInfo::dump() const
 {
-#if HAVE(SEC_TRUST_SERIALIZATION)
-    if (m_trust) {
-        CFIndex entries = SecTrustGetCertificateCount(trust());
+    unsigned entries = m_certificateChain ? CFArrayGetCount(m_certificateChain.get()) : 0;
 
-        NSLog(@"CertificateInfo SecTrust\n");
-        NSLog(@"  Entries: %ld\n", entries);
-        for (CFIndex i = 0; i < entries; ++i) {
-            RetainPtr<CFStringRef> summary = adoptCF(SecCertificateCopySubjectSummary(SecTrustGetCertificateAtIndex(trust(), i)));
-            NSLog(@"  %@", (NSString *)summary.get());
-        }
-
-        return;
+    NSLog(@"CertificateInfo\n");
+    NSLog(@"  Entries: %d\n", entries);
+    for (unsigned i = 0; i < entries; ++i) {
+        RetainPtr<CFStringRef> summary = adoptCF(SecCertificateCopySubjectSummary((SecCertificateRef)CFArrayGetValueAtIndex(m_certificateChain.get(), i)));
+        NSLog(@"  %@", (NSString *)summary.get());
     }
-#endif
-    if (m_certificateChain) {
-        CFIndex entries = CFArrayGetCount(m_certificateChain.get());
-
-        NSLog(@"CertificateInfo (Certificate Chain)\n");
-        NSLog(@"  Entries: %ld\n", entries);
-        for (CFIndex i = 0; i < entries; ++i) {
-            RetainPtr<CFStringRef> summary = adoptCF(SecCertificateCopySubjectSummary((SecCertificateRef)CFArrayGetValueAtIndex(m_certificateChain.get(), i)));
-            NSLog(@"  %@", (NSString *)summary.get());
-        }
-
-        return;
-    }
-    
-    NSLog(@"CertificateInfo (Empty)\n");
 }
 #endif

branches/safari-602.1.32-branch/Source/WebKit2/ChangeLog

@@ +1 @@
+2016-05-12  Babak Shafiei  <bshafiei@apple.com>
+
+        Roll out r200463.
+
 2016-05-09  Anders Carlsson  <andersca@apple.com>
 

branches/safari-602.1.32-branch/Source/WebKit2/Shared/API/c/mac/WKCertificateInfoMac.h

@@ -28 +28 @@
 
 #include <CoreFoundation/CoreFoundation.h>
-#include <Security/SecTrust.h>
 #include <WebKit/WKBase.h>
 
@@ -36 +35 @@
 
 WK_EXPORT WKCertificateInfoRef WKCertificateInfoCreateWithCertficateChain(CFArrayRef certificateChain);
-WK_EXPORT SecTrustRef WKCertificateInfoGetServerTrust(WKCertificateInfoRef certificateInfo);
-
-// Deprecated
 WK_EXPORT CFArrayRef WKCertificateInfoGetCertificateChain(WKCertificateInfoRef certificateInfo);
 

branches/safari-602.1.32-branch/Source/WebKit2/Shared/API/c/mac/WKCertificateInfoMac.mm

@@ -43 +43 @@
     return toImpl(certificateInfoRef)->certificateInfo().certificateChain();
 }
-
-SecTrustRef WKCertificateInfoGetServerTrust(WKCertificateInfoRef certificateInfoRef)
-{
-#if HAVE(SEC_TRUST_SERIALIZATION)
-    return toImpl(certificateInfoRef)->certificateInfo().trust();
-#else
-    return nullptr;
-#endif
-}

branches/safari-602.1.32-branch/Source/WebKit2/Shared/Authentication/mac/AuthenticationManager.mac.mm

@@ -37 +37 @@
 namespace WebKit {
 
-static SecCertificateRef leafCertificate(const CertificateInfo& certificateInfo)
-{
-#if HAVE(SEC_TRUST_SERIALIZATION)
-    return SecTrustGetCertificateAtIndex(certificateInfo.trust(), 0);
-#else
-    ASSERT(CFArrayGetCount(certificateInfo.certificateChain()));
-    return (SecCertificateRef)CFArrayGetValueAtIndex(certificateInfo.certificateChain(), 0);
-#endif
-}
-
-static NSArray *chain(const CertificateInfo& certificateInfo)
-{
-#if HAVE(SEC_TRUST_SERIALIZATION)
-    CFIndex count = SecTrustGetCertificateCount(certificateInfo.trust());
-    if (count < 2)
-        return nil;
-
-    NSMutableArray *array = [NSMutableArray array];
-    for (CFIndex i = 1; i < count; ++i)
-        [array addObject:(id)SecTrustGetCertificateAtIndex(certificateInfo.trust(), i)];
-        
-    return array;
-#else
-    CFIndex chainCount = CFArrayGetCount(certificateInfo.certificateChain());
-    return chainCount > 1 ? [(NSArray *)certificateInfo.certificateChain() subarrayWithRange:NSMakeRange(1, chainCount - 1)] : nil;
-#endif
-}
-
-
 // FIXME: This function creates an identity from a certificate, which should not be needed. We should pass an identity over IPC (as we do on iOS).
 bool AuthenticationManager::tryUseCertificateInfoForChallenge(const AuthenticationChallenge& challenge, const CertificateInfo& certificateInfo, ChallengeCompletionHandler completionHandler)
 {
-    if (certificateInfo.isEmpty())
+    CFArrayRef chain = certificateInfo.certificateChain();
+    if (!chain)
         return false;
+        
+    ASSERT(CFArrayGetCount(chain));
 
     // The passed-in certificate chain includes the identity certificate at index 0, and additional certificates starting at index 1.
     SecIdentityRef identity;
-    OSStatus result = SecIdentityCreateWithCertificate(NULL, leafCertificate(certificateInfo), &identity);
+    OSStatus result = SecIdentityCreateWithCertificate(NULL, (SecCertificateRef)CFArrayGetValueAtIndex(chain, 0), &identity);
     if (result != errSecSuccess) {
         LOG_ERROR("Unable to create SecIdentityRef with certificate - %i", result);
@@ -84 +58 @@
     }
 
-    NSURLCredential *credential = [NSURLCredential credentialWithIdentity:identity certificates:chain(certificateInfo) persistence:NSURLCredentialPersistenceNone];
+    CFIndex chainCount = CFArrayGetCount(chain);
+    NSArray *nsChain = chainCount > 1 ? [(NSArray *)chain subarrayWithRange:NSMakeRange(1, chainCount - 1)] : nil;
+
+    NSURLCredential *credential = [NSURLCredential credentialWithIdentity:identity
+                                                             certificates:nsChain
+                                                              persistence:NSURLCredentialPersistenceNone];
+
     if (completionHandler)
         completionHandler(AuthenticationChallengeDisposition::UseCredential, Credential(credential));

branches/safari-602.1.32-branch/Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp

@@ -32 +32 @@
 #include <WebCore/CFURLExtras.h>
 #include <wtf/Vector.h>
-#include <wtf/spi/cocoa/SecuritySPI.h>
 
 #if USE(FOUNDATION)
@@ -88 +87 @@
 #if HAVE(SEC_ACCESS_CONTROL)
     SecAccessControl,
-#endif
-#if HAVE(SEC_TRUST_SERIALIZATION)
-    SecTrust,
 #endif
     Null,
@@ -134 +130 @@
         return SecAccessControl;
 #endif
-#if HAVE(SEC_TRUST_SERIALIZATION)
-    if (typeID == SecTrustGetTypeID())
-        return SecTrust;
-#endif
 
     ASSERT_NOT_REACHED();
@@ -189 +181 @@
     case SecAccessControl:
         encode(encoder, (SecAccessControlRef)typeRef);
-        return;
-#endif
-#if HAVE(SEC_TRUST_SERIALIZATION)
-    case SecTrust:
-        encode(encoder, (SecTrustRef)typeRef);
         return;
 #endif
@@ -300 +287 @@
             return false;
         result = adoptCF(accessControl.leakRef());
-        return true;
-    }
-#endif
-#if HAVE(SEC_TRUST_SERIALIZATION)
-    case SecTrust: {
-        RetainPtr<SecTrustRef> trust;
-        if (!decode(decoder, trust))
-            return false;
-        result = adoptCF(trust.leakRef());
         return true;
     }
@@ -764 +742 @@
     return true;
 }
-#endif
-
-#if HAVE(SEC_TRUST_SERIALIZATION)
-void encode(ArgumentEncoder& encoder, SecTrustRef trust)
-{
-    auto data = adoptCF(SecTrustSerialize(trust, nullptr));
-    if (!data) {
-        encoder << false;
-        return;
-    }
-
-    encoder << true;
-    IPC::encode(encoder, data.get());
-}
-
-bool decode(ArgumentDecoder& decoder, RetainPtr<SecTrustRef>& result)
-{
-    bool hasTrust;
-    if (!decoder.decode(hasTrust))
-        return false;
-
-    if (!hasTrust)
-        return true;
-
-    RetainPtr<CFDataRef> trustData;
-    if (!IPC::decode(decoder, trustData))
-        return false;
-
-    auto trust = adoptCF(SecTrustDeserialize(trustData.get(), nullptr));
-    if (!trust)
-        return false;
-
-    result = WTFMove(trust);
-    return true;
-}
+
 #endif
 

branches/safari-602.1.32-branch/Source/WebKit2/Shared/cf/ArgumentCodersCF.h

@@ -28 +28 @@
 
 #include <Security/SecCertificate.h>
-#include <Security/SecTrust.h>
 #include <wtf/RetainPtr.h>
 
@@ -96 +95 @@
 #endif
 
-#if HAVE(SEC_TRUST_SERIALIZATION)
-// SecTrustRef
-void encode(ArgumentEncoder&, SecTrustRef);
-bool decode(ArgumentDecoder&, RetainPtr<SecTrustRef>&);
-#endif
-
 #if PLATFORM(IOS)
 void setAllowsDecodingSecKeyRef(bool);

branches/safari-602.1.32-branch/Source/WebKit2/Shared/mac/WebCoreArgumentCodersMac.mm

@@ -164 +164 @@
 void ArgumentCoder<CertificateInfo>::encode(ArgumentEncoder& encoder, const CertificateInfo& certificateInfo)
 {
-    encoder.encodeEnum(certificateInfo.type());
-
-    switch (certificateInfo.type()) {
-#if HAVE(SEC_TRUST_SERIALIZATION)
-    case CertificateInfo::Type::Trust:
-        IPC::encode(encoder, certificateInfo.trust());
-        break;
-#endif
-    case CertificateInfo::Type::CertificateChain:
-        IPC::encode(encoder, certificateInfo.certificateChain());
-        break;
-    case CertificateInfo::Type::None:
-        // Do nothing.
-        break;
-    }
+    CFArrayRef certificateChain = certificateInfo.certificateChain();
+    if (!certificateChain) {
+        encoder << false;
+        return;
+    }
+
+    encoder << true;
+    IPC::encode(encoder, certificateChain);
 }
 
 bool ArgumentCoder<CertificateInfo>::decode(ArgumentDecoder& decoder, CertificateInfo& certificateInfo)
 {
-    CertificateInfo::Type certificateInfoType;
-    if (!decoder.decodeEnum(certificateInfoType))
-        return false;
-
-    switch (certificateInfoType) {
-#if HAVE(SEC_TRUST_SERIALIZATION)
-    case CertificateInfo::Type::Trust: {
-        RetainPtr<SecTrustRef> trust;
-        if (!IPC::decode(decoder, trust))
-            return false;
-
-        certificateInfo = CertificateInfo(WTFMove(trust));
+    bool hasCertificateChain;
+    if (!decoder.decode(hasCertificateChain))
+        return false;
+
+    if (!hasCertificateChain)
         return true;
-    }
-#endif
-    case CertificateInfo::Type::CertificateChain: {
-        RetainPtr<CFArrayRef> certificateChain;
-        if (!IPC::decode(decoder, certificateChain))
-            return false;
-
-        certificateInfo = CertificateInfo(WTFMove(certificateChain));
-        return true;
-    }    
-    case CertificateInfo::Type::None:
-        // Do nothing.
-        break;
-    }
+
+    RetainPtr<CFArrayRef> certificateChain;
+    if (!IPC::decode(decoder, certificateChain))
+        return false;
+
+    certificateInfo.setCertificateChain(certificateChain.get());
 
     return true;
@@ -242 +220 @@
 
         CFDictionarySetValue(filteredUserInfo.get(), @"NSErrorClientCertificateChainKey", clientIdentityAndCertificates);
-    }
+    };
+
+    IPC::encode(encoder, filteredUserInfo.get());
 
     id peerCertificateChain = [userInfo objectForKey:@"NSErrorPeerCertificateChainKey"];
@@ -254 +234 @@
     }
     ASSERT(!peerCertificateChain || [peerCertificateChain isKindOfClass:[NSArray class]]);
-    if (peerCertificateChain)
-        CFDictionarySetValue(filteredUserInfo.get(), @"NSErrorPeerCertificateChainKey", peerCertificateChain);
-
-#if HAVE(SEC_TRUST_SERIALIZATION)
-    if (SecTrustRef peerTrust = (SecTrustRef)[userInfo objectForKey:NSURLErrorFailingURLPeerTrustErrorKey])
-        CFDictionarySetValue(filteredUserInfo.get(), NSURLErrorFailingURLPeerTrustErrorKey, peerTrust);
-#endif
-
-    IPC::encode(encoder, filteredUserInfo.get());
+    encoder << CertificateInfo((CFArrayRef)peerCertificateChain);
 
     if (id underlyingError = [userInfo objectForKey:NSUnderlyingErrorKey]) {
@@ -297 +269 @@
     if (!IPC::decode(decoder, userInfo))
         return false;
+
+    CertificateInfo certificate;
+    if (!decoder.decode(certificate))
+        return false;
+
+    if (certificate.certificateChain()) {
+        userInfo = adoptCF(CFDictionaryCreateMutableCopy(kCFAllocatorDefault, CFDictionaryGetCount(userInfo.get()) + 1, userInfo.get()));
+        CFDictionarySetValue((CFMutableDictionaryRef)userInfo.get(), CFSTR("NSErrorPeerCertificateChainKey"), (CFArrayRef)certificate.certificateChain());
+    }
 
     bool hasUnderlyingError = false;

branches/safari-602.1.32-branch/Source/WebKit2/UIProcess/API/Cocoa/WKWebView.h

@@ -165 +165 @@
 @property (nonatomic, readonly) BOOL hasOnlySecureContent;
 
-/*! @abstract A SecTrustRef for the currently committed navigation.
- @discussion @link WKWebView @/link is key-value observing (KVO) compliant 
- for this property.
- */
-@property (nonatomic, readonly, nullable) SecTrustRef serverTrust WK_AVAILABLE(WK_MAC_TBA, WK_IOS_TBA);
+/*! @abstract An array of SecCertificateRef objects forming the certificate
+ chain for the currently committed navigation.
+ @discussion The certificates are ordered from leaf (at index 0) to anchor.
+ @link WKWebView @/link is key-value observing (KVO) compliant for this property.
+ */
+@property (nonatomic, readonly, copy) NSArray *certificateChain WK_AVAILABLE(10_11, 9_0);
 
 /*! @abstract A Boolean value indicating whether there is a back item in
@@ -305 +306 @@
 #endif
 
-@interface WKWebView (WKDeprecated)
-
-@property (nonatomic, readonly, copy) NSArray *certificateChain WK_DEPRECATED(10_11, WK_MAC_TBA, 9_0, WK_IOS_TBA, "Please use serverTrust");
-
-@end
-
 NS_ASSUME_NONNULL_END
 

branches/safari-602.1.32-branch/Source/WebKit2/UIProcess/API/Cocoa/WKWebView.mm

@@ -725 +725 @@
 }
 
-- (SecTrustRef)serverTrust
-{
-#if HAVE(SEC_TRUST_SERIALIZATION)
+- (NSArray *)certificateChain
+{
     auto certificateInfo = _page->pageLoadState().certificateInfo();
     if (!certificateInfo)
-        return nil;
-
-    return certificateInfo->certificateInfo().trust();
-#else
-    return nil;
-#endif
+        return @[ ];
+
+    return (NSArray *)certificateInfo->certificateInfo().certificateChain() ?: @[ ];
 }
 
@@ -4577 +4573 @@
 #endif
 
-@implementation WKWebView (WKDeprecated)
-
-- (NSArray *)certificateChain
-{
-    auto certificateInfo = _page->pageLoadState().certificateInfo();
-    if (!certificateInfo)
-        return @[ ];
-
-    return (NSArray *)certificateInfo->certificateInfo().certificateChain() ?: @[ ];
-}
-
-@end
-
 #if PLATFORM(IOS) && USE(APPLE_INTERNAL_SDK)
 #import <WebKitAdditions/WKWebViewAdditions.mm>

branches/safari-602.1.32-branch/Source/WebKit2/UIProcess/Cocoa/NavigationState.mm

@@ -903 +903 @@
 void NavigationState::willChangeCertificateInfo()
 {
-    [m_webView willChangeValueForKey:@"serverTrust"];
     [m_webView willChangeValueForKey:@"certificateChain"];
 }
@@ -910 +909 @@
 {
     [m_webView didChangeValueForKey:@"certificateChain"];
-    [m_webView didChangeValueForKey:@"serverTrust"];
 }
 

branches/safari-602.1.32-branch/Source/WebKit2/WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInFrame.mm

@@ -150 +150 @@
 }
 
-- (SecTrustRef)_serverTrust
-{
-#if HAVE(SEC_TRUST_SERIALIZATION)
-    return _frame->certificateInfo().trust();
-#else
-    return nil;
-#endif
-}
-
 - (NSURL *)_provisionalURL
 {

branches/safari-602.1.32-branch/Source/WebKit2/WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInFramePrivate.h

@@ -38 +38 @@
 @property (nonatomic, readonly) BOOL _hasCustomContentProvider;
 @property (nonatomic, readonly) NSArray *_certificateChain;
-@property (nonatomic, readonly) SecTrustRef _serverTrust;
 @property (nonatomic, readonly) NSURL *_provisionalURL;