Changeset 233035 in webkit


Ignore:
Timestamp:
Jun 21, 2018 4:03:58 AM (6 years ago)
Author:
zandobersek@gmail.com
Message:

[GTK] WebDriver: allow applying host-specific TLS certificates for automated sessions
https://bugs.webkit.org/show_bug.cgi?id=186884

Reviewed by Carlos Garcia Campos.

Source/JavaScriptCore:

Add a tuple array input parameter to the StartAutomationSession DBus
message, representing a list of host-and-certificate pairs that have to
be allowed for a given session. This array is then unpacked and used to
fill out the certificates Vector object in the SessionCapabilities
struct.

  • inspector/remote/RemoteInspector.h: Add a GLib-specific Vector of

String pairs representing hosts and the certificate file paths.

  • inspector/remote/glib/RemoteInspectorServer.cpp:

Source/WebDriver:

Start handling the 'certificates' capability for the GTK+ port. This is
a list of host-certificate pairs that should be marked as allowed for a
given automation session. This object should be positioned inside the
'webkitgtk:browserOptions' dictionary in the capabilities JSON.

  • Capabilities.h:
  • glib/SessionHostGlib.cpp:

(WebDriver::SessionHost::startAutomationSession): Include any
host-certificate pairs in the StartAutomationSession DBus message.

  • gtk/WebDriverServiceGtk.cpp:

(WebDriver::WebDriverService::platformValidateCapability const):
Properly validate the 'certificates' value, if present.
(WebDriver::WebDriverService::platformParseCapabilities const):
Properly parse the 'certificates' value, if present, and extract the
host-certificate pairs.

Source/WebKit:

  • UIProcess/API/glib/WebKitAutomationSession.cpp:

(webkitAutomationSessionCreate): Handle any host-certificate pair that's
been set for this session, creating a GTlsCertificate object through
loading from the specified certificate path and marking that certificate
as allowed for the specified host through the
webkit_web_context_allow_tls_certificate_for_host() API.

Location:
trunk/Source
Files:
9 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/ChangeLog

    r233018 r233035  
     12018-06-21  Zan Dobersek  <zdobersek@igalia.com>
     2
     3        [GTK] WebDriver: allow applying host-specific TLS certificates for automated sessions
     4        https://bugs.webkit.org/show_bug.cgi?id=186884
     5
     6        Reviewed by Carlos Garcia Campos.
     7
     8        Add a tuple array input parameter to the StartAutomationSession DBus
     9        message, representing a list of host-and-certificate pairs that have to
     10        be allowed for a given session. This array is then unpacked and used to
     11        fill out the certificates Vector object in the SessionCapabilities
     12        struct.
     13
     14        * inspector/remote/RemoteInspector.h: Add a GLib-specific Vector of
     15        String pairs representing hosts and the certificate file paths.
     16        * inspector/remote/glib/RemoteInspectorServer.cpp:
     17
    1182018-06-20  Keith Miller  <keith_miller@apple.com>
    219
  • trunk/Source/JavaScriptCore/inspector/remote/RemoteInspector.h

    r232833 r233035  
    2828#if ENABLE(REMOTE_INSPECTOR)
    2929
     30#include <utility>
    3031#include <wtf/Forward.h>
    3132#include <wtf/HashMap.h>
     
    7576        struct SessionCapabilities {
    7677            bool acceptInsecureCertificates { false };
     78#if USE(GLIB)
     79            Vector<std::pair<String, String>> certificates;
     80#endif
    7781#if PLATFORM(COCOA)
    7882            std::optional<bool> allowInsecureMediaCapture;
  • trunk/Source/JavaScriptCore/inspector/remote/glib/RemoteInspectorServer.cpp

    r232833 r233035  
    8181    "      <arg type='s' name='sessionID' direction='in'/>"
    8282    "      <arg type='b' name='acceptInsecureCertificates' direction='in'/>"
     83    "      <arg type='a(ss)' name='certificates' direction='in'/>"
    8384    "      <arg type='s' name='browserName' direction='out'/>"
    8485    "      <arg type='s' name='browserVersion' direction='out'/>"
     
    125126            const char* sessionID;
    126127            gboolean acceptInsecureCertificates;
    127             g_variant_get(parameters, "(&sb)", &sessionID, &acceptInsecureCertificates);
     128            GUniqueOutPtr<GVariantIter> certificates;
     129            g_variant_get(parameters, "(&sba(ss))", &sessionID, &acceptInsecureCertificates, &certificates.outPtr());
    128130            RemoteInspector::Client::SessionCapabilities capabilities;
    129131            capabilities.acceptInsecureCertificates = acceptInsecureCertificates;
     132            capabilities.certificates.reserveCapacity(g_variant_iter_n_children(certificates.get()));
     133            const char* host;
     134            const char* certificateFile;
     135            while (g_variant_iter_loop(certificates.get(), "(&s&s)", &host, &certificateFile))
     136                capabilities.certificates.uncheckedAppend({ String::fromUTF8(host), String::fromUTF8(certificateFile) });
    130137            inspectorServer->startAutomationSession(connection, sessionID, capabilities);
    131138            auto clientCapabilities = RemoteInspector::singleton().clientCapabilities();
  • trunk/Source/WebDriver/Capabilities.h

    r227412 r233035  
    2626#pragma once
    2727
     28#include <utility>
    2829#include <wtf/Forward.h>
    2930#include <wtf/Seconds.h>
     
    6566    std::optional<String> browserBinary;
    6667    std::optional<Vector<String>> browserArguments;
     68    std::optional<Vector<std::pair<String, String>>> certificates;
    6769#endif
    6870#if PLATFORM(GTK)
  • trunk/Source/WebDriver/ChangeLog

    r232833 r233035  
     12018-06-21  Zan Dobersek  <zdobersek@igalia.com>
     2
     3        [GTK] WebDriver: allow applying host-specific TLS certificates for automated sessions
     4        https://bugs.webkit.org/show_bug.cgi?id=186884
     5
     6        Reviewed by Carlos Garcia Campos.
     7
     8        Start handling the 'certificates' capability for the GTK+ port. This is
     9        a list of host-certificate pairs that should be marked as allowed for a
     10        given automation session. This object should be positioned inside the
     11        'webkitgtk:browserOptions' dictionary in the capabilities JSON.
     12
     13        * Capabilities.h:
     14        * glib/SessionHostGlib.cpp:
     15        (WebDriver::SessionHost::startAutomationSession): Include any
     16        host-certificate pairs in the StartAutomationSession DBus message.
     17        * gtk/WebDriverServiceGtk.cpp:
     18        (WebDriver::WebDriverService::platformValidateCapability const):
     19        Properly validate the 'certificates' value, if present.
     20        (WebDriver::WebDriverService::platformParseCapabilities const):
     21        Properly parse the 'certificates' value, if present, and extract the
     22        host-certificate pairs.
     23
    1242018-06-14  Carlos Garcia Campos  <cgarcia@igalia.com>
    225
  • trunk/Source/WebDriver/glib/SessionHostGlib.cpp

    r232833 r233035  
    268268    m_startSessionCompletionHandler = WTFMove(completionHandler);
    269269    m_sessionID = createCanonicalUUIDString();
     270    GVariantBuilder builder;
     271    g_variant_builder_init(&builder, G_VARIANT_TYPE("a(ss)"));
     272    if (m_capabilities.certificates) {
     273        for (auto& certificate : *m_capabilities.certificates) {
     274            g_variant_builder_add_value(&builder, g_variant_new("(ss)",
     275                certificate.first.utf8().data(), certificate.second.utf8().data()));
     276        }
     277    }
    270278    g_dbus_connection_call(m_dbusConnection.get(), nullptr,
    271279        INSPECTOR_DBUS_OBJECT_PATH,
    272280        INSPECTOR_DBUS_INTERFACE,
    273281        "StartAutomationSession",
    274         g_variant_new("(sb)", m_sessionID.utf8().data(), m_capabilities.acceptInsecureCerts.value_or(false)),
     282        g_variant_new("(sba(ss))", m_sessionID.utf8().data(), m_capabilities.acceptInsecureCerts.value_or(false), &builder),
    275283        nullptr, G_DBUS_CALL_FLAGS_NO_AUTO_START,
    276284        -1, m_cancellable.get(), [](GObject* source, GAsyncResult* result, gpointer userData) {
  • trunk/Source/WebDriver/gtk/WebDriverServiceGtk.cpp

    r232833 r233035  
    7878    }
    7979
     80    RefPtr<JSON::Value> certificatesValue;
     81    if (browserOptions->getValue(ASCIILiteral("certificates"), certificatesValue)) {
     82        RefPtr<JSON::Array> certificates;
     83        if (!certificatesValue->asArray(certificates))
     84            return false;
     85
     86        unsigned certificatesLength = certificates->length();
     87        for (unsigned i = 0; i < certificatesLength; ++i) {
     88            RefPtr<JSON::Value> certificateValue = certificates->get(i);
     89            RefPtr<JSON::Object> certificate;
     90            if (!certificateValue->asObject(certificate))
     91                return false;
     92
     93            RefPtr<JSON::Value> hostValue;
     94            String host;
     95            if (!certificate->getValue(ASCIILiteral("host"), hostValue) || !hostValue->asString(host))
     96                return false;
     97
     98            RefPtr<JSON::Value> certificateFileValue;
     99            String certificateFile;
     100            if (!certificate->getValue(ASCIILiteral("certificateFile"), certificateFileValue) || !certificateFileValue->asString(certificateFile))
     101                return false;
     102        }
     103    }
     104
    80105    return true;
    81106}
     
    119144    else
    120145        capabilities.useOverlayScrollbars = true;
     146
     147    RefPtr<JSON::Array> certificates;
     148    if (browserOptions->getArray(ASCIILiteral("certificates"), certificates) && certificates->length()) {
     149        unsigned certificatesLength = certificates->length();
     150        capabilities.certificates = Vector<std::pair<String, String>>();
     151        capabilities.certificates->reserveInitialCapacity(certificatesLength);
     152        for (unsigned i = 0; i < certificatesLength; ++i) {
     153            RefPtr<JSON::Value> value = certificates->get(i);
     154            RefPtr<JSON::Object> certificate;
     155            value->asObject(certificate);
     156            ASSERT(certificate);
     157
     158            String host;
     159            certificate->getString(ASCIILiteral("host"), host);
     160            ASSERT(!host.isNull());
     161
     162            String certificateFile;
     163            certificate->getString(ASCIILiteral("certificateFile"), certificateFile);
     164            ASSERT(!certificateFile.isNull());
     165
     166            capabilities.certificates->uncheckedAppend({ WTFMove(host), WTFMove(certificateFile) });
     167        }
     168    }
    121169}
    122170
  • trunk/Source/WebKit/ChangeLog

    r233034 r233035  
     12018-06-21  Zan Dobersek  <zdobersek@igalia.com>
     2
     3        [GTK] WebDriver: allow applying host-specific TLS certificates for automated sessions
     4        https://bugs.webkit.org/show_bug.cgi?id=186884
     5
     6        Reviewed by Carlos Garcia Campos.
     7
     8        * UIProcess/API/glib/WebKitAutomationSession.cpp:
     9        (webkitAutomationSessionCreate): Handle any host-certificate pair that's
     10        been set for this session, creating a GTlsCertificate object through
     11        loading from the specified certificate path and marking that certificate
     12        as allowed for the specified host through the
     13        webkit_web_context_allow_tls_certificate_for_host() API.
     14
    1152018-06-21  Chris Dumez  <cdumez@apple.com>
    216
  • trunk/Source/WebKit/UIProcess/API/glib/WebKitAutomationSession.cpp

    r232833 r233035  
    295295    if (capabilities.acceptInsecureCertificates)
    296296        webkit_web_context_set_tls_errors_policy(webContext, WEBKIT_TLS_ERRORS_POLICY_IGNORE);
     297    for (auto& certificate : capabilities.certificates) {
     298        GRefPtr<GTlsCertificate> tlsCertificate = adoptGRef(g_tls_certificate_new_from_file(certificate.second.utf8().data(), nullptr));
     299        if (tlsCertificate)
     300            webkit_web_context_allow_tls_certificate_for_host(webContext, tlsCertificate.get(), certificate.first.utf8().data());
     301    }
    297302    return session;
    298303}
Note: See TracChangeset for help on using the changeset viewer.