Changeset 162530 in webkit


Ignore:
Timestamp:
Jan 22, 2014 10:20:20 AM (10 years ago)
Author:
commit-queue@webkit.org
Message:

[curl] Improve detecting and handling of SSL client certificate
https://bugs.webkit.org/show_bug.cgi?id=125006

Patch by Robert Sipka <sipka@inf.u-szeged.hu> on 2014-01-22
Reviewed by Brent Fulgham.

Add client certificate handling.

  • platform/network/ResourceHandle.h:
  • platform/network/curl/ResourceError.h:

(WebCore::ResourceError::hasSSLConnectError):

  • platform/network/curl/ResourceHandleCurl.cpp:

(WebCore::ResourceHandle::setClientCertificateInfo):

  • platform/network/curl/ResourceHandleManager.cpp:

(WebCore::ResourceHandleManager::initializeHandle):

  • platform/network/curl/SSLHandle.cpp:

(WebCore::addAllowedClientCertificate):
(WebCore::setSSLClientCertificate):

  • platform/network/curl/SSLHandle.h:
Location:
trunk/Source/WebCore
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebCore/ChangeLog

    r162523 r162530  
     12014-01-22  Robert Sipka  <sipka@inf.u-szeged.hu>
     2
     3        [curl] Improve detecting and handling of SSL client certificate
     4        https://bugs.webkit.org/show_bug.cgi?id=125006
     5
     6        Reviewed by Brent Fulgham.
     7
     8        Add client certificate handling.
     9
     10        * platform/network/ResourceHandle.h:
     11        * platform/network/curl/ResourceError.h:
     12        (WebCore::ResourceError::hasSSLConnectError):
     13        * platform/network/curl/ResourceHandleCurl.cpp:
     14        (WebCore::ResourceHandle::setClientCertificateInfo):
     15        * platform/network/curl/ResourceHandleManager.cpp:
     16        (WebCore::ResourceHandleManager::initializeHandle):
     17        * platform/network/curl/SSLHandle.cpp:
     18        (WebCore::addAllowedClientCertificate):
     19        (WebCore::setSSLClientCertificate):
     20        * platform/network/curl/SSLHandle.h:
     21
    1222014-01-22  Mihai Maerean  <mmaerean@adobe.com>
    223
  • trunk/Source/WebCore/platform/network/ResourceHandle.h

    r162451 r162530  
    153153#if PLATFORM(WIN) && USE(CURL)
    154154    static void setHostAllowsAnyHTTPSCertificate(const String&);
     155    static void setClientCertificateInfo(const String&, const String&, const String&);
    155156#endif
    156157#if PLATFORM(WIN) && USE(CURL) && USE(CF)
  • trunk/Source/WebCore/platform/network/curl/ResourceError.h

    r159587 r162530  
    2828
    2929#include "ResourceErrorBase.h"
     30#include <curl/curl.h>
    3031
    3132namespace WebCore {
     
    4546    unsigned sslErrors() const { return m_sslErrors; }
    4647    void setSSLErrors(unsigned sslVerifyResult) { m_sslErrors = sslVerifyResult; }
     48    bool hasSSLConnectError() const { return errorCode() == CURLE_SSL_CONNECT_ERROR; }
    4749
    4850private:
  • trunk/Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp

    r161338 r162530  
    3131#include "CachedResourceLoader.h"
    3232#include "CredentialStorage.h"
     33#include "FileSystem.h"
     34#include "Logging.h"
    3335#include "NetworkingContext.h"
    3436#include "NotImplemented.h"
     
    120122{
    121123    allowsAnyHTTPSCertificateHosts(host.lower());
     124}
     125
     126void ResourceHandle::setClientCertificateInfo(const String& host, const String& certificate, const String& key)
     127{
     128    if (fileExists(certificate))
     129        addAllowedClientCertificate(host, certificate, key);
     130    else
     131        LOG(Network, "Invalid client certificate file: %s!\n", certificate.latin1().data());
    122132}
    123133
  • trunk/Source/WebCore/platform/network/curl/ResourceHandleManager.cpp

    r162464 r162530  
    963963    curl_easy_setopt(d->m_handle, CURLOPT_PROTOCOLS, allowedProtocols);
    964964    curl_easy_setopt(d->m_handle, CURLOPT_REDIR_PROTOCOLS, allowedProtocols);
     965    setSSLClientCertificate(job);
    965966
    966967    if (ignoreSSLErrors)
  • trunk/Source/WebCore/platform/network/curl/SSLHandle.cpp

    r159692 r162530  
    3434#include <openssl/x509_vfy.h>
    3535#include <wtf/ListHashSet.h>
     36#include <wtf/text/CString.h>
    3637
    3738namespace WebCore {
    3839
     40typedef std::tuple<WTF::String, WTF::String> clientCertificate;
    3941static HashMap<String, ListHashSet<String>> allowedHosts;
     42static HashMap<String, clientCertificate> allowedClientHosts;
    4043
    4144void allowsAnyHTTPSCertificateHosts(const String& host)
     
    4346    ListHashSet<String> certificates;
    4447    allowedHosts.set(host, certificates);
     48}
     49
     50void addAllowedClientCertificate(const String& host, const String& certificate, const String& key)
     51{
     52    clientCertificate clientInfo(certificate, key);
     53    allowedClientHosts.set(host.lower(), clientInfo);
     54}
     55
     56void setSSLClientCertificate(ResourceHandle* handle)
     57{
     58    String host = handle->firstRequest().url().host();
     59    HashMap<String, clientCertificate>::iterator it = allowedClientHosts.find(host.lower());
     60    if (it == allowedClientHosts.end())
     61        return;
     62
     63    ResourceHandleInternal* d = handle->getInternal();
     64    clientCertificate clientInfo = it->value;
     65    curl_easy_setopt(d->m_handle, CURLOPT_SSLCERT, std::get<0>(clientInfo).utf8().data());
     66    curl_easy_setopt(d->m_handle, CURLOPT_SSLCERTTYPE, "P12");
     67    curl_easy_setopt(d->m_handle, CURLOPT_SSLCERTPASSWD, std::get<1>(clientInfo).utf8().data());
    4568}
    4669
  • trunk/Source/WebCore/platform/network/curl/SSLHandle.h

    r159587 r162530  
    4444
    4545
     46void addAllowedClientCertificate(const String&, const String&, const String&);
    4647void allowsAnyHTTPSCertificateHosts(const String&);
    4748bool sslIgnoreHTTPSCertificate(const String&, const String&);
    4849void setSSLVerifyOptions(ResourceHandle*);
     50void setSSLClientCertificate(ResourceHandle*);
    4951
    5052}
Note: See TracChangeset for help on using the changeset viewer.