Changeset 243654 in webkit


Ignore:
Timestamp:
Mar 29, 2019 12:03:16 PM (5 years ago)
Author:
commit-queue@webkit.org
Message:

[Curl] Add Server Trust Evaluation Support.
https://bugs.webkit.org/show_bug.cgi?id=191646

Patch by Takashi Komori <Takashi.Komori@sony.com> on 2019-03-29
Reviewed by Fujii Hironori.

Source/WebCore:

Tests: http/tests/ssl/iframe-upgrade.https.html

http/tests/ssl/mixedContent/insecure-websocket.html
http/tests/ssl/upgrade-origin-usage.html

  • platform/network/curl/AuthenticationChallenge.h:
  • platform/network/curl/AuthenticationChallengeCurl.cpp:

(WebCore::AuthenticationChallenge::AuthenticationChallenge):
(WebCore::AuthenticationChallenge::protectionSpaceForPasswordBased):
(WebCore::AuthenticationChallenge::protectionSpaceForServerTrust):
(WebCore::AuthenticationChallenge::protectionSpaceFromHandle): Deleted.

  • platform/network/curl/CurlContext.cpp:

(WebCore::CurlHandle::disableServerTrustEvaluation):

  • platform/network/curl/CurlContext.h:
  • platform/network/curl/CurlRequest.cpp:

(WebCore::CurlRequest::setupTransfer):

  • platform/network/curl/CurlRequest.h:

(WebCore::CurlRequest::disableServerTrustEvaluation):

Source/WebKit:

Tests: http/tests/ssl/iframe-upgrade.https.html

http/tests/ssl/mixedContent/insecure-websocket.html
http/tests/ssl/upgrade-origin-usage.html

  • NetworkProcess/curl/NetworkDataTaskCurl.cpp:

(WebKit::NetworkDataTaskCurl::curlDidFailWithError):
(WebKit::NetworkDataTaskCurl::tryServerTrustEvaluation):
(WebKit::NetworkDataTaskCurl::restartWithCredential):

  • NetworkProcess/curl/NetworkDataTaskCurl.h:

Tools:

Implemented MiniBrowser UI for asking if user trusts the server.

  • MiniBrowser/win/Common.cpp:

(askServerTrustEvaluation):
(replaceString):

  • MiniBrowser/win/Common.h:
  • MiniBrowser/win/MiniBrowserLib.rc:
  • MiniBrowser/win/MiniBrowserLibResource.h:
  • MiniBrowser/win/WebKitBrowserWindow.cpp:

(createPEMString):
(WebKitBrowserWindow::didReceiveAuthenticationChallenge):
(WebKitBrowserWindow::canTrustServerCertificate):

  • MiniBrowser/win/WebKitBrowserWindow.h:

LayoutTests:

  • platform/wincairo-wk1/TestExpectations:
  • platform/wincairo/TestExpectations:
Location:
trunk
Files:
20 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r243653 r243654  
     12019-03-29  Takashi Komori  <Takashi.Komori@sony.com>
     2
     3        [Curl] Add Server Trust Evaluation Support.
     4        https://bugs.webkit.org/show_bug.cgi?id=191646
     5
     6        Reviewed by Fujii Hironori.
     7
     8        * platform/wincairo-wk1/TestExpectations:
     9        * platform/wincairo/TestExpectations:
     10
    1112019-03-29  Ryosuke Niwa  <rniwa@webkit.org>
    212
  • trunk/LayoutTests/platform/wincairo-wk1/TestExpectations

    r242517 r243654  
    2121http/tests/security/cookies/third-party-cookie-blocking-xslt.xml [ Skip ]
    2222
     23# Server trust evaluation only supported in WK2.
     24http/tests/ssl/iframe-upgrade.https.html [ Skip ]
     25http/tests/ssl/mixedContent/insecure-websocket.html [ Failure ]
     26http/tests/ssl/upgrade-origin-usage.html [ Failure ]
     27
    2328# There is not NetworkProcess in WK1, so it can't crash.
    2429http/tests/websocket/tests/hybi/network-process-crash-error.html [ Skip ]
  • trunk/LayoutTests/platform/wincairo/TestExpectations

    r243433 r243654  
    949949http/tests/security/cookies/third-party-cookie-blocking-user-action.html [ Pass ]
    950950http/tests/security/cookies/third-party-cookie-blocking-xslt.xml [ Pass ]
    951 
    952 http/tests/ssl/iframe-upgrade.https.html [ Skip ]
    953 http/tests/ssl/mixedContent/insecure-websocket.html [ Failure ]
    954 http/tests/ssl/upgrade-origin-usage.html [ Failure ]
    955951
    956952http/tests/ssl/media-stream [ Skip ]
  • trunk/Source/WebCore/ChangeLog

    r243653 r243654  
     12019-03-29  Takashi Komori  <Takashi.Komori@sony.com>
     2
     3        [Curl] Add Server Trust Evaluation Support.
     4        https://bugs.webkit.org/show_bug.cgi?id=191646
     5
     6        Reviewed by Fujii Hironori.
     7
     8        Tests: http/tests/ssl/iframe-upgrade.https.html
     9               http/tests/ssl/mixedContent/insecure-websocket.html
     10               http/tests/ssl/upgrade-origin-usage.html
     11
     12        * platform/network/curl/AuthenticationChallenge.h:
     13        * platform/network/curl/AuthenticationChallengeCurl.cpp:
     14        (WebCore::AuthenticationChallenge::AuthenticationChallenge):
     15        (WebCore::AuthenticationChallenge::protectionSpaceForPasswordBased):
     16        (WebCore::AuthenticationChallenge::protectionSpaceForServerTrust):
     17        (WebCore::AuthenticationChallenge::protectionSpaceFromHandle): Deleted.
     18        * platform/network/curl/CurlContext.cpp:
     19        (WebCore::CurlHandle::disableServerTrustEvaluation):
     20        * platform/network/curl/CurlContext.h:
     21        * platform/network/curl/CurlRequest.cpp:
     22        (WebCore::CurlRequest::setupTransfer):
     23        * platform/network/curl/CurlRequest.h:
     24        (WebCore::CurlRequest::disableServerTrustEvaluation):
     25
    1262019-03-29  Ryosuke Niwa  <rniwa@webkit.org>
    227
  • trunk/Source/WebCore/platform/network/curl/AuthenticationChallenge.h

    r239427 r243654  
    4646
    4747    AuthenticationChallenge(const CurlResponse&, unsigned, const ResourceResponse&, AuthenticationClient* = nullptr);
     48    AuthenticationChallenge(const URL&, const CertificateInfo&, const ResourceError&, AuthenticationClient* = nullptr);
     49
    4850    AuthenticationClient* authenticationClient() const { return m_authenticationClient.get(); }
    4951
    5052private:
    5153    ProtectionSpaceServerType protectionSpaceServerTypeFromURI(const URL&, bool isForProxy);
    52     ProtectionSpace protectionSpaceFromHandle(const CurlResponse&, const ResourceResponse&);
     54    ProtectionSpace protectionSpaceForPasswordBased(const CurlResponse&, const ResourceResponse&);
     55    ProtectionSpace protectionSpaceForServerTrust(const URL&, const CertificateInfo&);
    5356    Optional<uint16_t> determineProxyPort(const URL&);
    5457    ProtectionSpaceAuthenticationScheme authenticationSchemeFromCurlAuth(long);
  • trunk/Source/WebCore/platform/network/curl/AuthenticationChallengeCurl.cpp

    r239427 r243654  
    3636
    3737AuthenticationChallenge::AuthenticationChallenge(const CurlResponse& curlResponse, unsigned previousFailureCount, const ResourceResponse& response, AuthenticationClient* client)
    38     : AuthenticationChallengeBase(protectionSpaceFromHandle(curlResponse, response), Credential(), previousFailureCount, response, ResourceError())
     38    : AuthenticationChallengeBase(protectionSpaceForPasswordBased(curlResponse, response), Credential(), previousFailureCount, response, ResourceError())
     39    , m_authenticationClient(client)
     40{
     41}
     42
     43AuthenticationChallenge::AuthenticationChallenge(const URL& url, const CertificateInfo& certificateInfo, const ResourceError& resourceError, AuthenticationClient* client)
     44    : AuthenticationChallengeBase(protectionSpaceForServerTrust(url, certificateInfo), Credential(), 0, ResourceResponse(), resourceError)
    3945    , m_authenticationClient(client)
    4046{
     
    5258}
    5359
    54 ProtectionSpace AuthenticationChallenge::protectionSpaceFromHandle(const CurlResponse& curlResponse, const ResourceResponse& response)
     60ProtectionSpace AuthenticationChallenge::protectionSpaceForPasswordBased(const CurlResponse& curlResponse, const ResourceResponse& response)
    5561{
    5662    if (!response.isUnauthorized() && !response.isProxyAuthenticationRequired())
     
    6369    auto authenticationScheme = authenticationSchemeFromCurlAuth(isProxyAuth ? curlResponse.availableProxyAuth : curlResponse.availableHttpAuth);
    6470
    65     return ProtectionSpace(url.host().toString(), static_cast<int>(port ? *port : 0), serverType, parseRealm(response), authenticationScheme);
     71    return ProtectionSpace(url.host().toString(), static_cast<int>(port.valueOr(0)), serverType, parseRealm(response), authenticationScheme);
     72}
     73
     74ProtectionSpace AuthenticationChallenge::protectionSpaceForServerTrust(const URL& url, const CertificateInfo& certificateInfo)
     75{
     76    auto port = determineProxyPort(url);
     77    auto serverType = protectionSpaceServerTypeFromURI(url, false);
     78    auto authenticationScheme = ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested;
     79
     80    return ProtectionSpace(url.host().toString(), static_cast<int>(port.valueOr(0)), serverType, String(), authenticationScheme, certificateInfo);
    6681}
    6782
  • trunk/Source/WebCore/platform/network/curl/CurlContext.cpp

    r242842 r243654  
    325325}
    326326
     327void CurlHandle::disableServerTrustEvaluation()
     328{
     329    setSslVerifyPeer(CurlHandle::VerifyPeer::Disable);
     330    setSslVerifyHost(CurlHandle::VerifyHost::LooseNameCheck);
     331}
     332
    327333CURLcode CurlHandle::willSetupSslCtx(void* sslCtx)
    328334{
  • trunk/Source/WebCore/platform/network/curl/CurlContext.h

    r239427 r243654  
    254254    void setHttpAuthUserPass(const String&, const String&, long authType = CURLAUTH_ANY);
    255255
     256    void disableServerTrustEvaluation();
    256257    void setCACertPath(const char*);
    257258    void setSslVerifyPeer(VerifyPeer);
  • trunk/Source/WebCore/platform/network/curl/CurlRequest.cpp

    r242842 r243654  
    214214    }
    215215
     216    if (m_shouldDisableServerTrustEvaluation)
     217        m_curlHandle->disableServerTrustEvaluation();
     218
    216219    m_curlHandle->setHeaderCallbackFunction(didReceiveHeaderCallback, this);
    217220    m_curlHandle->setWriteCallbackFunction(didReceiveDataCallback, this);
  • trunk/Source/WebCore/platform/network/curl/CurlRequest.h

    r240958 r243654  
    3232#include "CurlRequestSchedulerClient.h"
    3333#include "CurlResponse.h"
    34 #include "CurlSSLVerifier.h"
    3534#include "NetworkLoadMetrics.h"
    3635#include "ProtectionSpace.h"
     
    7675    WEBCORE_EXPORT void setAuthenticationScheme(ProtectionSpaceAuthenticationScheme);
    7776    WEBCORE_EXPORT void setUserPass(const String&, const String&);
     77    void disableServerTrustEvaluation() { m_shouldDisableServerTrustEvaluation = true; }
    7878    void setStartTime(const MonotonicTime& startTime) { m_requestStartTime = startTime; }
    7979
     
    174174    String m_password;
    175175    unsigned long m_authType { CURLAUTH_ANY };
     176    bool m_shouldDisableServerTrustEvaluation { false };
    176177    bool m_shouldSuspend { false };
    177178    bool m_enableMultipart { false };
  • trunk/Source/WebKit/ChangeLog

    r243643 r243654  
     12019-03-29  Takashi Komori  <Takashi.Komori@sony.com>
     2
     3        [Curl] Add Server Trust Evaluation Support.
     4        https://bugs.webkit.org/show_bug.cgi?id=191646
     5
     6        Reviewed by Fujii Hironori.
     7
     8        Tests: http/tests/ssl/iframe-upgrade.https.html
     9               http/tests/ssl/mixedContent/insecure-websocket.html
     10               http/tests/ssl/upgrade-origin-usage.html
     11
     12        * NetworkProcess/curl/NetworkDataTaskCurl.cpp:
     13        (WebKit::NetworkDataTaskCurl::curlDidFailWithError):
     14        (WebKit::NetworkDataTaskCurl::tryServerTrustEvaluation):
     15        (WebKit::NetworkDataTaskCurl::restartWithCredential):
     16        * NetworkProcess/curl/NetworkDataTaskCurl.h:
     17
    1182019-03-29  Cathie Chen  <cathiechen@igalia.com>
    219
  • trunk/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp

    r242842 r243654  
    190190}
    191191
    192 void NetworkDataTaskCurl::curlDidFailWithError(CurlRequest&, const ResourceError& resourceError)
     192void NetworkDataTaskCurl::curlDidFailWithError(CurlRequest& request, const ResourceError& resourceError)
    193193{
    194194    if (state() == State::Canceling || state() == State::Completed || (!m_client && !isDownload()))
    195195        return;
     196
     197    if (resourceError.isSSLCertVerificationError()) {
     198        tryServerTrustEvaluation(AuthenticationChallenge(request.resourceRequest().url(), request.certificateInfo(), resourceError));
     199        return;
     200    }
    196201
    197202    m_client->didCompleteWithError(resourceError);
     
    399404}
    400405
     406void NetworkDataTaskCurl::tryServerTrustEvaluation(AuthenticationChallenge&& challenge)
     407{
     408    m_client->didReceiveChallenge(AuthenticationChallenge(challenge), [this, protectedThis = makeRef(*this), challenge](AuthenticationChallengeDisposition disposition, const Credential& credential) {
     409        if (m_state == State::Canceling || m_state == State::Completed)
     410            return;
     411
     412        if (disposition == AuthenticationChallengeDisposition::UseCredential && !credential.isEmpty()) {
     413            auto requestCredential = m_curlRequest ? Credential(m_curlRequest->user(), m_curlRequest->password(), CredentialPersistenceNone) : Credential();
     414            restartWithCredential(challenge.protectionSpace(), requestCredential);
     415            return;
     416        }
     417
     418        cancel();
     419        m_client->didCompleteWithError(challenge.error());
     420    });
     421}
     422
    401423void NetworkDataTaskCurl::restartWithCredential(const ProtectionSpace& protectionSpace, const Credential& credential)
    402424{
     
    409431    m_curlRequest->setAuthenticationScheme(protectionSpace.authenticationScheme());
    410432    m_curlRequest->setUserPass(credential.user(), credential.password());
     433    if (protectionSpace.authenticationScheme() == ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested)
     434        m_curlRequest->disableServerTrustEvaluation();
    411435    m_curlRequest->setStartTime(m_startTime);
    412436    m_curlRequest->start();
  • trunk/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.h

    r242517 r243654  
    7979    void restartWithCredential(const WebCore::ProtectionSpace&, const WebCore::Credential&);
    8080
     81    void tryServerTrustEvaluation(WebCore::AuthenticationChallenge&&);
     82
    8183    void appendCookieHeader(WebCore::ResourceRequest&);
    8284    void handleCookieHeaders(const WebCore::ResourceRequest&, const WebCore::CurlResponse&);
  • trunk/Tools/ChangeLog

    r243643 r243654  
     12019-03-29  Takashi Komori  <Takashi.Komori@sony.com>
     2
     3        [Curl] Add Server Trust Evaluation Support.
     4        https://bugs.webkit.org/show_bug.cgi?id=191646
     5
     6        Reviewed by Fujii Hironori.
     7
     8        Implemented MiniBrowser UI for asking if user trusts the server.
     9
     10        * MiniBrowser/win/Common.cpp:
     11        (askServerTrustEvaluation):
     12        (replaceString):
     13        * MiniBrowser/win/Common.h:
     14        * MiniBrowser/win/MiniBrowserLib.rc:
     15        * MiniBrowser/win/MiniBrowserLibResource.h:
     16        * MiniBrowser/win/WebKitBrowserWindow.cpp:
     17        (createPEMString):
     18        (WebKitBrowserWindow::didReceiveAuthenticationChallenge):
     19        (WebKitBrowserWindow::canTrustServerCertificate):
     20        * MiniBrowser/win/WebKitBrowserWindow.h:
     21
    1222019-03-29  Cathie Chen  <cathiechen@igalia.com>
    223
  • trunk/Tools/MiniBrowser/win/Common.cpp

    r242984 r243654  
    232232}
    233233
     234bool askServerTrustEvaluation(HWND hwnd, const std::wstring& pems)
     235{
     236    class ServerTrustEvaluationDialog : public Dialog {
     237    public:
     238        ServerTrustEvaluationDialog(const std::wstring& pems)
     239            : m_pems { pems }
     240        {
     241            SendMessage(GetDlgItem(this->hDlg(), IDC_SERVER_TRUST_TEXT), WM_SETFONT, (WPARAM)GetStockObject(ANSI_FIXED_FONT), TRUE);
     242        }
     243
     244    protected:
     245        std::wstring m_pems;
     246
     247        void setup()
     248        {
     249            setText(IDC_SERVER_TRUST_TEXT, m_pems);
     250        }
     251
     252        void ok() final
     253        {
     254
     255        }
     256    };
     257
     258    ServerTrustEvaluationDialog dialog { pems };
     259    return dialog.run(hInst, hwnd, IDD_SERVER_TRUST);
     260}
     261
    234262CommandLineOptions parseCommandLine()
    235263{
     
    257285    return options;
    258286}
     287
     288std::wstring replaceString(std::wstring src, const std::wstring& oldValue, const std::wstring& newValue)
     289{
     290    if (src.empty() || oldValue.empty())
     291        return src;
     292
     293    size_t pos = 0;
     294    while ((pos = src.find(oldValue, pos)) != src.npos) {
     295        src.replace(pos, oldValue.length(), newValue);
     296        pos += newValue.length();
     297    }
     298
     299    return src;
     300}
  • trunk/Tools/MiniBrowser/win/Common.h

    r242984 r243654  
    7171bool askProxySettings(HWND, ProxySettings&);
    7272
     73bool askServerTrustEvaluation(HWND, const std::wstring& pems);
     74std::wstring replaceString(std::wstring src, const std::wstring& oldValue, const std::wstring& newValue);
     75
    7376extern HINSTANCE hInst;
    7477extern POINT s_windowPosition;
  • trunk/Tools/MiniBrowser/win/MiniBrowserLib.rc

    r238051 r243654  
    281281END
    282282
     283IDD_SERVER_TRUST DIALOGEX 0, 0, 319, 184
     284STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
     285CAPTION "Server Trust Evaluation Request"
     286FONT 8, "MS Shell Dlg", 400, 0, 0x1
     287BEGIN
     288    DEFPUSHBUTTON   "Yes",IDOK,197,163,50,14
     289    PUSHBUTTON      "No",IDCANCEL,262,163,50,14
     290    LTEXT           "Certificate information",IDC_STATIC,7,7,294,17
     291    EDITTEXT        IDC_SERVER_TRUST_TEXT,7,24,305,130,ES_MULTILINE | ES_READONLY | WS_VSCROLL | WS_HSCROLL | NOT WS_TABSTOP
     292END
     293
    283294
    284295#ifdef APSTUDIO_INVOKED
     
    358369        BOTTOMMARGIN, 169
    359370    END
     371
     372    IDD_SERVER_TRUST, DIALOG
     373    BEGIN
     374        LEFTMARGIN, 7
     375        RIGHTMARGIN, 312
     376        TOPMARGIN, 7
     377        BOTTOMMARGIN, 177
     378    END
    360379END
    361380#endif    // APSTUDIO_INVOKED
  • trunk/Tools/MiniBrowser/win/MiniBrowserLibResource.h

    r238051 r243654  
    5858#define IDM_DEBUG_INFO_LAYER            177
    5959#define IDD_PROXY                       178
     60#define IDD_SERVER_TRUST                179
    6061#define IDC_EMPTY_URL_CACHE             1000
    6162#define IDC_RETURN_FREE_MEMORY          1001
     
    119120#define IDC_PROXY_EXCLUDE               1060
    120121#define IDC_PROXY_DISABLE               1061
     122#define IDC_SERVER_TRUST_TEXT           1062
    121123#define IDM_NEW_WEBKIT_WINDOW           32776
    122124#define IDM_NEW_WEBKITLEGACY_WINDOW     32777
     
    125127
    126128// Next default values for new objects
    127 //
     129// 
    128130#ifdef APSTUDIO_INVOKED
    129131#ifndef APSTUDIO_READONLY_SYMBOLS
    130132#define _APS_NO_MFC                     1
    131 #define _APS_NEXT_RESOURCE_VALUE        179
     133#define _APS_NEXT_RESOURCE_VALUE        180
    132134#define _APS_NEXT_COMMAND_VALUE         32779
    133 #define _APS_NEXT_CONTROL_VALUE         1062
     135#define _APS_NEXT_CONTROL_VALUE         1063
    134136#define _APS_NEXT_SYMED_VALUE           110
    135137#endif
  • trunk/Tools/MiniBrowser/win/WebKitBrowserWindow.cpp

    r242984 r243654  
    3030#include <WebKit/WKAuthenticationChallenge.h>
    3131#include <WebKit/WKAuthenticationDecisionListener.h>
     32#include <WebKit/WKCertificateInfoCurl.h>
    3233#include <WebKit/WKCredential.h>
    3334#include <WebKit/WKInspector.h>
    3435#include <WebKit/WKProtectionSpace.h>
     36#include <WebKit/WKProtectionSpaceCurl.h>
    3537#include <WebKit/WKWebsiteDataStoreRefCurl.h>
    3638#include <vector>
     
    5759    size_t actualLength = WideCharToMultiByte(CP_UTF8, 0, src, srcLength, buffer.data(), length, nullptr, nullptr);
    5860    return { buffer.data(), actualLength };
     61}
     62
     63std::wstring createPEMString(WKProtectionSpaceRef protectionSpace)
     64{
     65    auto certificateInfo = WKProtectionSpaceCopyCertificateInfo(protectionSpace);
     66    auto chainSize = WKCertificateInfoGetCertificateChainSize(certificateInfo);
     67
     68    std::wstring pems;
     69
     70    for (auto i = 0; i < chainSize; i++) {
     71        auto certificate = adoptWK(WKCertificateInfoCopyCertificateAtIndex(certificateInfo, i));
     72        auto size = WKDataGetSize(certificate.get());
     73        auto data = WKDataGetBytes(certificate.get());
     74
     75        for (size_t i = 0; i < size; i++)
     76            pems.push_back(data[i]);
     77    }
     78
     79    return replaceString(pems, L"\n", L"\r\n");
    5980}
    6081
     
    287308    auto protectionSpace = WKAuthenticationChallengeGetProtectionSpace(challenge);
    288309    auto decisionListener = WKAuthenticationChallengeGetDecisionListener(challenge);
    289 
    290     WKRetainPtr<WKStringRef> realm(WKProtectionSpaceCopyRealm(protectionSpace));
    291     if (auto credential = askCredential(thisWindow.hwnd(), createString(realm.get()))) {
    292         WKRetainPtr<WKStringRef> username = createWKString(credential->username);
    293         WKRetainPtr<WKStringRef> password = createWKString(credential->password);
    294         WKRetainPtr<WKCredentialRef> wkCredential(AdoptWK, WKCredentialCreate(username.get(), password.get(), kWKCredentialPersistenceForSession));
    295         WKAuthenticationDecisionListenerUseCredential(decisionListener, wkCredential.get());
    296         return;
     310    auto authenticationScheme = WKProtectionSpaceGetAuthenticationScheme(protectionSpace);
     311
     312    if (authenticationScheme == kWKProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
     313        if (thisWindow.canTrustServerCertificate(protectionSpace)) {
     314            WKRetainPtr<WKStringRef> username = createWKString("accept server trust");
     315            WKRetainPtr<WKStringRef> password = createWKString("");
     316            WKRetainPtr<WKCredentialRef> wkCredential(AdoptWK, WKCredentialCreate(username.get(), password.get(), kWKCredentialPersistenceForSession));
     317            WKAuthenticationDecisionListenerUseCredential(decisionListener, wkCredential.get());
     318            return;
     319        }
     320    } else {
     321        WKRetainPtr<WKStringRef> realm(WKProtectionSpaceCopyRealm(protectionSpace));
     322
     323        if (auto credential = askCredential(thisWindow.hwnd(), createString(realm.get()))) {
     324            WKRetainPtr<WKStringRef> username = createWKString(credential->username);
     325            WKRetainPtr<WKStringRef> password = createWKString(credential->password);
     326            WKRetainPtr<WKCredentialRef> wkCredential(AdoptWK, WKCredentialCreate(username.get(), password.get(), kWKCredentialPersistenceForSession));
     327            WKAuthenticationDecisionListenerUseCredential(decisionListener, wkCredential.get());
     328            return;
     329        }
    297330    }
    298331
    299332    WKAuthenticationDecisionListenerUseCredential(decisionListener, nullptr);
     333}
     334
     335bool WebKitBrowserWindow::canTrustServerCertificate(WKProtectionSpaceRef protectionSpace)
     336{
     337    auto host = createString(adoptWK(WKProtectionSpaceCopyHost(protectionSpace)).get());
     338    auto pem = createPEMString(protectionSpace);
     339
     340    auto it = m_acceptedServerTrustCerts.find(host);
     341    if (it != m_acceptedServerTrustCerts.end() && it->second == pem)
     342        return true;
     343
     344    if (askServerTrustEvaluation(hwnd(), pem)) {
     345        m_acceptedServerTrustCerts.emplace(host, pem);
     346        return true;
     347    }
     348
     349    return false;
    300350}
    301351
  • trunk/Tools/MiniBrowser/win/WebKitBrowserWindow.h

    r242984 r243654  
    2929#include <WebKit/WKRetainPtr.h>
    3030#include <WebKit/WebKit2_C.h>
     31#include <unordered_map>
    3132
    3233class WebKitBrowserWindow : public BrowserWindow {
     
    6263    void updateProxySettings();
    6364
     65    bool canTrustServerCertificate(WKProtectionSpaceRef);
     66
    6467    static void didFinishNavigation(WKPageRef, WKNavigationRef, WKTypeRef, const void*);
    6568    static void didCommitNavigation(WKPageRef, WKNavigationRef, WKTypeRef, const void*);
     
    7174    HWND m_urlBarWnd { nullptr };
    7275    ProxySettings m_proxy { };
     76    std::unordered_map<std::wstring, std::wstring> m_acceptedServerTrustCerts;
    7377};
Note: See TracChangeset for help on using the changeset viewer.