Changeset 245281 in webkit


Ignore:
Timestamp:
May 14, 2019 8:49:35 AM (5 years ago)
Author:
commit-queue@webkit.org
Message:

Add a unit test for client certificate authentication
https://bugs.webkit.org/show_bug.cgi?id=197800

Patch by Alex Christensen <achristensen@webkit.org> on 2019-05-14
Reviewed by Youenn Fablet.

Source/WebKit:

  • Shared/cf/ArgumentCodersCF.cpp:

Move SPI declarations to SecuritySPI.h.

Source/WTF:

  • wtf/spi/cocoa/SecuritySPI.h:

Move declarations from ArgumentCodersCF.cpp so they can be shared.

Tools:

Make better abstractions for reading and writing from/to TCPServer.
Add a unit test that causes a client certificate authentication challenge to happen.

  • TestWebKitAPI/TCPServer.cpp:

(TestWebKitAPI::TCPServer::TCPServer):
(TestWebKitAPI::TCPServer::read):
(TestWebKitAPI::TCPServer::write):
(TestWebKitAPI::TCPServer::respondWithChallengeThenOK):
(TestWebKitAPI::TCPServer::respondWithOK):

  • TestWebKitAPI/TCPServer.h:
  • TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm:

(credentialWithIdentity):
(-[ChallengeDelegate webView:didReceiveAuthenticationChallenge:completionHandler:]):
(TEST):
(-[ClientCertificateDelegate webView:didFinishNavigation:]):
(-[ClientCertificateDelegate webView:didReceiveAuthenticationChallenge:completionHandler:]):
(-[ClientCertificateDelegate challengeCount]):
(TestWebKitAPI::TEST):
(respondWithChallengeThenOK): Deleted.
(credentialWithIdentityAndKeychainPath): Deleted.

  • TestWebKitAPI/Tests/WebKitCocoa/PDFLinkReferrer.mm:

(TEST):

  • TestWebKitAPI/Tests/WebKitCocoa/Proxy.mm:

(TestWebKitAPI::TEST):

  • TestWebKitAPI/Tests/WebKitCocoa/WKNavigationResponse.mm:

(TEST):
(readRequest): Deleted.
(writeResponse): Deleted.

  • TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm:

(TestWebKitAPI::TEST):
(TestWebKitAPI::respondWithChallengeThenOK): Deleted.

Location:
trunk
Files:
12 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WTF/ChangeLog

    r245271 r245281  
     12019-05-14  Alex Christensen  <achristensen@webkit.org>
     2
     3        Add a unit test for client certificate authentication
     4        https://bugs.webkit.org/show_bug.cgi?id=197800
     5
     6        Reviewed by Youenn Fablet.
     7
     8        * wtf/spi/cocoa/SecuritySPI.h:
     9        Move declarations from ArgumentCodersCF.cpp so they can be shared.
     10
    1112019-05-13  Robin Morisset  <rmorisset@apple.com>
    212
  • trunk/Source/WTF/wtf/spi/cocoa/SecuritySPI.h

    r232604 r245281  
    2828#if USE(APPLE_INTERNAL_SDK)
    2929
     30#include <Security/SecAccessControlPriv.h>
    3031#include <Security/SecCertificatePriv.h>
     32#include <Security/SecIdentityPriv.h>
     33#include <Security/SecKeyPriv.h>
    3134#include <Security/SecTask.h>
    3235#include <Security/SecTrustPriv.h>
     
    6871SecTaskRef SecTaskCreateWithAuditToken(CFAllocatorRef, audit_token_t);
    6972SecTaskRef SecTaskCreateFromSelf(CFAllocatorRef);
    70 CFTypeRef SecTaskCopyValueForEntitlement(SecTaskRef, CFStringRef entitlement, CFErrorRef *);
     73CFTypeRef SecTaskCopyValueForEntitlement(SecTaskRef, CFStringRef entitlement, CFErrorRef*);
     74SecIdentityRef SecIdentityCreate(CFAllocatorRef, SecCertificateRef, SecKeyRef);
     75OSStatus SecKeyFindWithPersistentRef(CFDataRef persistentRef, SecKeyRef* lookedUpData);
     76SecAccessControlRef SecAccessControlCreateFromData(CFAllocatorRef, CFDataRef, CFErrorRef*);
     77CFDataRef SecAccessControlCopyData(SecAccessControlRef);
    7178
    7279#if PLATFORM(MAC)
  • trunk/Source/WebKit/ChangeLog

    r245272 r245281  
     12019-05-14  Alex Christensen  <achristensen@webkit.org>
     2
     3        Add a unit test for client certificate authentication
     4        https://bugs.webkit.org/show_bug.cgi?id=197800
     5
     6        Reviewed by Youenn Fablet.
     7
     8        * Shared/cf/ArgumentCodersCF.cpp:
     9        Move SPI declarations to SecuritySPI.h.
     10
    1112019-05-13  Wenson Hsieh  <wenson_hsieh@apple.com>
    212
  • trunk/Source/WebKit/Shared/cf/ArgumentCodersCF.cpp

    r243640 r245281  
    4040#if USE(FOUNDATION)
    4141#import <Foundation/Foundation.h>
    42 #endif
    43 
    44 #if USE(APPLE_INTERNAL_SDK)
    45 #include <Security/SecIdentityPriv.h>
    46 #endif
    47 
    48 extern "C" SecIdentityRef SecIdentityCreate(CFAllocatorRef allocator, SecCertificateRef certificate, SecKeyRef privateKey);
    49 
    50 #if PLATFORM(IOS_FAMILY)
    51 #if USE(APPLE_INTERNAL_SDK)
    52 #include <Security/SecKeyPriv.h>
    53 #endif
    54 
    55 extern "C" OSStatus SecKeyFindWithPersistentRef(CFDataRef persistentRef, SecKeyRef* lookedUpData);
    56 #endif
    57 
    58 #if HAVE(SEC_ACCESS_CONTROL)
    59 #if USE(APPLE_INTERNAL_SDK)
    60 #include <Security/SecAccessControlPriv.h>
    61 #endif
    62 
    63 extern "C" SecAccessControlRef SecAccessControlCreateFromData(CFAllocatorRef allocator, CFDataRef data, CFErrorRef *error);
    64 extern "C" CFDataRef SecAccessControlCopyData(SecAccessControlRef access_control);
    6542#endif
    6643
  • trunk/Tools/ChangeLog

    r245280 r245281  
     12019-05-14  Alex Christensen  <achristensen@webkit.org>
     2
     3        Add a unit test for client certificate authentication
     4        https://bugs.webkit.org/show_bug.cgi?id=197800
     5
     6        Reviewed by Youenn Fablet.
     7
     8        Make better abstractions for reading and writing from/to TCPServer.
     9        Add a unit test that causes a client certificate authentication challenge to happen.
     10
     11        * TestWebKitAPI/TCPServer.cpp:
     12        (TestWebKitAPI::TCPServer::TCPServer):
     13        (TestWebKitAPI::TCPServer::read):
     14        (TestWebKitAPI::TCPServer::write):
     15        (TestWebKitAPI::TCPServer::respondWithChallengeThenOK):
     16        (TestWebKitAPI::TCPServer::respondWithOK):
     17        * TestWebKitAPI/TCPServer.h:
     18        * TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm:
     19        (credentialWithIdentity):
     20        (-[ChallengeDelegate webView:didReceiveAuthenticationChallenge:completionHandler:]):
     21        (TEST):
     22        (-[ClientCertificateDelegate webView:didFinishNavigation:]):
     23        (-[ClientCertificateDelegate webView:didReceiveAuthenticationChallenge:completionHandler:]):
     24        (-[ClientCertificateDelegate challengeCount]):
     25        (TestWebKitAPI::TEST):
     26        (respondWithChallengeThenOK): Deleted.
     27        (credentialWithIdentityAndKeychainPath): Deleted.
     28        * TestWebKitAPI/Tests/WebKitCocoa/PDFLinkReferrer.mm:
     29        (TEST):
     30        * TestWebKitAPI/Tests/WebKitCocoa/Proxy.mm:
     31        (TestWebKitAPI::TEST):
     32        * TestWebKitAPI/Tests/WebKitCocoa/WKNavigationResponse.mm:
     33        (TEST):
     34        (readRequest): Deleted.
     35        (writeResponse): Deleted.
     36        * TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm:
     37        (TestWebKitAPI::TEST):
     38        (TestWebKitAPI::respondWithChallengeThenOK): Deleted.
     39
    1402019-05-14  Said Abou-Hallawa  <sabouhallawa@apple.com>
    241
  • trunk/Tools/TestWebKitAPI/TCPServer.cpp

    r244594 r245281  
    3131#include <unistd.h>
    3232#include <wtf/Optional.h>
     33#include <wtf/text/Base64.h>
    3334
    3435extern "C" {
     
    3940struct EVP_PKEY;
    4041struct SSL_METHOD;
     42struct X509_STORE_CTX {
     43    void* unused;
     44    X509* cert;
     45};
    4146struct pem_password_cb;
    4247int BIO_free(BIO*);
     
    5762int SSL_accept(SSL*);
    5863int SSL_set_fd(SSL*, int);
     64void SSL_CTX_set_verify(SSL_CTX*, int, int (*)(int, X509_STORE_CTX*));
     65void SSL_CTX_set_cert_verify_callback(SSL_CTX*, int (*)(X509_STORE_CTX*, void*), void*);
     66int SSL_get_error(const SSL*, int);
     67int SSL_read(SSL*, void*, int);
     68int SSL_write(SSL*, const void*, int);
     69int i2d_X509(X509*, unsigned char**);
     70void OPENSSL_free(void*);
     71#define SSL_VERIFY_PEER 0x01
     72#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
    5973
    6074} // extern "C"
     
    93107    }
    94108};
     109template<> struct deleter<uint8_t[]> {
     110    void operator()(uint8_t* buffer)
     111    {
     112        OPENSSL_free(buffer);
     113    }
     114};
    95115
    96116TCPServer::TCPServer(Function<void(Socket)>&& connectionHandler, size_t connections)
     
    102122TCPServer::TCPServer(Protocol protocol, Function<void(SSL*)>&& secureConnectionHandler)
    103123{
    104     auto startSecureConnection = [secureConnectionHandler = WTFMove(secureConnectionHandler)] (Socket socket) {
     124    auto startSecureConnection = [secureConnectionHandler = WTFMove(secureConnectionHandler), protocol] (Socket socket) {
    105125        SSL_library_init();
    106126
     
    130150        SSL_CTX_use_certificate(ctx.get(), certX509.get());
    131151
     152        if (protocol == Protocol::HTTPSWithClientCertificateRequest) {
     153            SSL_CTX_set_verify(ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
     154            SSL_CTX_set_cert_verify_callback(ctx.get(), [] (X509_STORE_CTX* store_ctx, void*) -> int {
     155                uint8_t* bufferPointer = nullptr;
     156                auto length = i2d_X509(store_ctx->cert, &bufferPointer);
     157                std::unique_ptr<uint8_t[], deleter<uint8_t[]>> buffer(bufferPointer);
     158                auto expectedCert = testCertificate();
     159                EXPECT_EQ(static_cast<int>(expectedCert.size()), length);
     160                for (int i = 0; i < length; ++i)
     161                    EXPECT_EQ(buffer.get()[i], expectedCert[i]);
     162                return 1;
     163            }, nullptr);
     164        }
     165
    132166        // This is a test key from BoringSSL.
    133167        char kKeyPEM[] =
     
    165199    switch (protocol) {
    166200    case Protocol::HTTPS:
     201    case Protocol::HTTPSWithClientCertificateRequest:
    167202        m_connectionHandler = WTFMove(startSecureConnection);
    168203        break;
     
    240275}
    241276
     277template<> Vector<uint8_t> TCPServer::read(Socket socket)
     278{
     279    uint8_t buffer[1000];
     280    auto bytesRead = ::read(socket, buffer, sizeof(buffer));
     281    ASSERT_UNUSED(bytesRead, bytesRead > 0);
     282    ASSERT(static_cast<size_t>(bytesRead) < sizeof(buffer));
     283
     284    Vector<uint8_t> vector;
     285    vector.append(buffer, bytesRead);
     286    return vector;
     287}
     288
     289template<> void TCPServer::write(Socket socket, const void* response, size_t length)
     290{
     291    auto bytesWritten = ::write(socket, response, length);
     292    EXPECT_EQ(static_cast<size_t>(bytesWritten), length);
     293}
     294
     295template<> Vector<uint8_t> TCPServer::read(SSL* ssl)
     296{
     297    uint8_t buffer[1000];
     298    auto bytesRead = SSL_read(ssl, buffer, sizeof(buffer));
     299    ASSERT_UNUSED(bytesRead, bytesRead > 0);
     300    ASSERT(static_cast<size_t>(bytesRead) < sizeof(buffer));
     301
     302    Vector<uint8_t> vector;
     303    vector.append(buffer, bytesRead);
     304    return vector;
     305}
     306
     307template<> void TCPServer::write(SSL* ssl, const void* response, size_t length)
     308{
     309    auto bytesWritten = SSL_write(ssl, response, length);
     310    EXPECT_EQ(static_cast<size_t>(bytesWritten), length);
     311}
     312
     313void TCPServer::respondWithChallengeThenOK(Socket socket)
     314{
     315    read(socket);
     316   
     317    const char* challengeHeader =
     318    "HTTP/1.1 401 Unauthorized\r\n"
     319    "Date: Sat, 23 Mar 2019 06:29:01 GMT\r\n"
     320    "Content-Length: 0\r\n"
     321    "WWW-Authenticate: Basic realm=\"testrealm\"\r\n\r\n";
     322    write(socket, challengeHeader, strlen(challengeHeader));
     323   
     324    read(socket);
     325   
     326    const char* responseHeader =
     327    "HTTP/1.1 200 OK\r\n"
     328    "Content-Length: 13\r\n\r\n"
     329    "Hello, World!";
     330    write(socket, responseHeader, strlen(responseHeader));
     331}
     332
     333void TCPServer::respondWithOK(SSL* ssl)
     334{
     335    read(ssl);
     336   
     337    const char* reply = ""
     338    "HTTP/1.1 200 OK\r\n"
     339    "Content-Length: 34\r\n\r\n"
     340    "<script>alert('success!')</script>";
     341    write(ssl, reply, strlen(reply));
     342}
     343
     344Vector<uint8_t> TCPServer::testCertificate()
     345{
     346    // Certificate and private key were generated by running this command:
     347    // openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
     348    // and entering this information:
     349    /*
     350     Country Name (2 letter code) []:US
     351     State or Province Name (full name) []:New Mexico
     352     Locality Name (eg, city) []:Santa Fe
     353     Organization Name (eg, company) []:Self
     354     Organizational Unit Name (eg, section) []:Myself
     355     Common Name (eg, fully qualified host name) []:Me
     356     Email Address []:me@example.com
     357     */
     358   
     359    String pemEncodedCertificate(""
     360    "MIIFgDCCA2gCCQCKHiPRU5MQuDANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMC"
     361    "VVMxEzARBgNVBAgMCk5ldyBNZXhpY28xETAPBgNVBAcMCFNhbnRhIEZlMQ0wCwYD"
     362    "VQQKDARTZWxmMQ8wDQYDVQQLDAZNeXNlbGYxCzAJBgNVBAMMAk1lMR0wGwYJKoZI"
     363    "hvcNAQkBFg5tZUBleGFtcGxlLmNvbTAeFw0xOTAzMjMwNTUwMTRaFw0yMDAzMjIw"
     364    "NTUwMTRaMIGBMQswCQYDVQQGEwJVUzETMBEGA1UECAwKTmV3IE1leGljbzERMA8G"
     365    "A1UEBwwIU2FudGEgRmUxDTALBgNVBAoMBFNlbGYxDzANBgNVBAsMBk15c2VsZjEL"
     366    "MAkGA1UEAwwCTWUxHTAbBgkqhkiG9w0BCQEWDm1lQGV4YW1wbGUuY29tMIICIjAN"
     367    "BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3rhN4SPg8VY/PtGDNKY3T9JISgby"
     368    "8YGMJx0vO+YZFZm3G3fsTUsyvDyEHwqp5abCZRB/By1PwWkNrfxn/XP8P034JPlE"
     369    "6irViuAYQrqUh6k7ZR8CpOM5GEcRZgAUJGGQwNlOkEwaHnMGc8SsHurgDPh5XBpg"
     370    "bDytd7BJuB1NoI/KJmhcajkAuV3varS+uPLofPHNqe+cL8hNnjZQwHWarP45ks4e"
     371    "BcOD7twqxuHnVm/FWErpY8Ws5s1MrPThUdDahjEMf+YfDJ9KL8y304yS8J8feCxY"
     372    "fcH4BvgLtJmBNHJgj3eND/EMZjJgz2FsBjrJk8kKD31cw+4Wp8UF4skWXCf46+mN"
     373    "OHp13PeSCZLyF4ZAHazUVknDPcc2YNrWVV1i6n3T15kI0T5Z7bstdmALuSkE2cuJ"
     374    "SVNO6gR+ZsVRTneuQxwWTU0MNEhAPFOX2BhGP5eisgEUzknxMJddFDn9Wxklu1Jh"
     375    "gkzASA/+3AmlrFZMPhOhjEul0zjgNR5RBl1G8Hz92LAx5UEDBtdLg71I+I8AzQOh"
     376    "d6LtBekECxA16pSappg5vcW9Z/8N6ZlsHnZ2FztA0nCOflkoO9iejOpcuFN4EVYD"
     377    "xItwctKw1LCeND/s4kmoRRnXbX7k9O6cI1UUWM595Gsu5tPa33M5AZFCav2gOVuY"
     378    "djppS0HOfo5hv6cCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAY8EWaAFEfw7OV+oD"
     379    "XUZSIYXq3EH2E5p3q38AhIOLRjBuB+utyu7Q6rxMMHuw2TtsN+zbAR7yrjfsseA3"
     380    "4TM1xe4Nk7NVNHRoZQ+C0Iqf9fvcioMvT1tTrma0MhKSjFQpx+PvyLVbD7YdP86L"
     381    "meehKqU7h1pLGAiGwjoaZ9Ybh6Kuq/MTAHy3D8+wk7B36VBxF6diVlUPZJZQWKJy"
     382    "MKy9G3sze1ZGt9WeE0AMvkN2HIef0HTKCUZ3eBvecOMijxL0WhWo5Qyf5k6ylCaU"
     383    "2fx+M8DfDcwFo7tSgLxSK3GCFpxPfiDt6Qk8c9tQn5S1gY3t6LJuwVCFwUIXlNkB"
     384    "JD7+cZ1Z/tCrEhzj3YCk0uUU8CifoU+4FG+HGFP+SPztsYE055mSj3+Esh+oyoVB"
     385    "gBH90sE2T1i0eNI8f61oSgwYFeHsf7fC71XEXLFR+GwNdmwqlmwlDZEpTu7BoNN+"
     386    "q7+Tfk1MRkJlL1PH6Yu/IPhZiNh4tyIqDOtlYfzp577A+OUU+q5PPRFRIsqheOxt"
     387    "mNlHx4Uzd4U3ITfmogJazjqwYO2viBZY4jUQmyZs75eH/jiUFHWRsha3AdnW5LWa"
     388    "G3PFnYbW8urH0NSJG/W+/9DA+Y7Aa0cs4TPpuBGZ0NU1W94OoCMo4lkO6H/y6Leu"
     389    "3vjZD3y9kZk7mre9XHwkI8MdK5s=");
     390   
     391    Vector<uint8_t> vector;
     392    base64Decode(pemEncodedCertificate, vector, WTF::Base64DecodeOptions::Base64Default);
     393    return vector;
     394}
     395
     396Vector<uint8_t> TCPServer::testPrivateKey()
     397{
     398    String pemEncodedPrivateKey(""
     399    "MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDeuE3hI+DxVj8+"
     400    "0YM0pjdP0khKBvLxgYwnHS875hkVmbcbd+xNSzK8PIQfCqnlpsJlEH8HLU/BaQ2t"
     401    "/Gf9c/w/Tfgk+UTqKtWK4BhCupSHqTtlHwKk4zkYRxFmABQkYZDA2U6QTBoecwZz"
     402    "xKwe6uAM+HlcGmBsPK13sEm4HU2gj8omaFxqOQC5Xe9qtL648uh88c2p75wvyE2e"
     403    "NlDAdZqs/jmSzh4Fw4Pu3CrG4edWb8VYSuljxazmzUys9OFR0NqGMQx/5h8Mn0ov"
     404    "zLfTjJLwnx94LFh9wfgG+Au0mYE0cmCPd40P8QxmMmDPYWwGOsmTyQoPfVzD7han"
     405    "xQXiyRZcJ/jr6Y04enXc95IJkvIXhkAdrNRWScM9xzZg2tZVXWLqfdPXmQjRPlnt"
     406    "uy12YAu5KQTZy4lJU07qBH5mxVFOd65DHBZNTQw0SEA8U5fYGEY/l6KyARTOSfEw"
     407    "l10UOf1bGSW7UmGCTMBID/7cCaWsVkw+E6GMS6XTOOA1HlEGXUbwfP3YsDHlQQMG"
     408    "10uDvUj4jwDNA6F3ou0F6QQLEDXqlJqmmDm9xb1n/w3pmWwednYXO0DScI5+WSg7"
     409    "2J6M6ly4U3gRVgPEi3By0rDUsJ40P+ziSahFGddtfuT07pwjVRRYzn3kay7m09rf"
     410    "czkBkUJq/aA5W5h2OmlLQc5+jmG/pwIDAQABAoICAGra/Cp/f0Xqvk9ST+Prt2/p"
     411    "kNtLeDXclLSTcP0JCZHufQaFw+7VnFLpqe4GvLq9Bllcz8VOvQwrbe/CwNW+VxC8"
     412    "RMjge2rqACgwGhOx1t87l46NkUQw7Ey0lCle8kr+MGgGGoZqrMFdKIRUoMv4nmQ6"
     413    "tmc1FHv5pLRe9Q+Lp5nYQwGoYmZoUOueoOaOL08m49pGXQkiN8pJDMxSfO3Jvtsu"
     414    "4cqIb6kOQ/dO1Is1CTvURld1IYLH7YuShi4ZEx2g2ac2Uyvt6YmxxvMmAjBSKpGd"
     415    "loiepho3/NrDGUKdv3q9QYyzrA8w9GT32LDGqgBXJi1scBI8cExkp6P4iDllhv7s"
     416    "vZsspvobRJa3O1zk863LHXa24JCnyuzimqezZ2Olh7l4olHoYD6UFC9jfd4KcHRg"
     417    "1c4syqt/n8AK/1s1eBfS9dzb5Cfjt9MtKYslxvLzq1WwOINwz8rIYuRi0PcLm9hs"
     418    "l+U0u/zB37eMgv6+iwDXk1fSjbuYsE/bETWYknKGNFFL5JSiKV7WCpmgNTTrrE4K"
     419    "S8E6hR9uPOAaow7vPCCt4xLX/48l2EI6Zeq6qOpq1lJ2qcy8r4tyuQgNRLQMkZg1"
     420    "AxQl6vnQ8Cu4iu+NIhef0y9Z7qkfNvZeCj5GlFB9c2YjV8Y2mdWfJB4qWK3Z/+MJ"
     421    "QOTCKRz7/LxLNBUepRjJAoIBAQD3ZsV5tWU9ZSKcVJ9DC7TZk0P+lhcisZr0nL0t"
     422    "PQuQO+pHvPI1MqRnNskHJhyPnqVCi+dp89tK/It590ULl8os6UC1FhytBPoT1YPd"
     423    "WGWep2pOc7bVpi4ip31y+ImfgeZyJtMATdme3kBPAOe5NGE9Gig/l5nqLyb02sd1"
     424    "QW7O0GdqLx3DpLw4SLlhMf6aE0uGRS8sfB085e4DGn54O2wEVuSZqZl5NNEf35Rz"
     425    "Xgim3h+RWF1ZFSQzjB/smN0Zh+v3Iz7vEJ1h0ywV6o+GzvHkP9HE6gLIhtyV8OEw"
     426    "vlyYk1Ga7pUVGRh8o8OMe6RR9DQi7JqC4eI7GckmBzaqzJcDAoIBAQDmde6ATew3"
     427    "H9bQK6xnbMIncz/COpIISdlcFb23AHGEb4b4VhJFBNwxrNL6tHKSFLeYZFLhTdhx"
     428    "PfXyULHNf5ozdEkl0WrleroDdogbCyWg5uJp9/Q68sbwbGr8CAlO7ZHYTrjuQf1K"
     429    "AS9pCm77KP3k2d3UlG+pelDjXLoBziXq0NjxJpMz45vrIx8rSWzFNjMGjXT3fXaS"
     430    "962k/0AXei5/bfuhBxlm7Pni0bQJIWFkeaUuGlrOaHDRxUiX1r9IZS9wv5lk1Ptg"
     431    "idpbcWyw18cFGTvjdKhRbZH8EsbmzmNNsCGdgCMqFkKYsW16QKoCj/NAovI3n0qn"
     432    "6VoRa0sGmTGNAoIBACl/mqZEsBuxSDHy29gSMZ7BXglpQa43HmfjlrPs5nCmLDEm"
     433    "V3Zm7T7G6MeDNA0/LjdQYlvaZLFaVUb7HCDKsEYCRjFZ6St4hz4mdXz+Y+VN7b4F"
     434    "GOkTe++iKp/LYsJXtsD1FDWb2WIVo7Hc1AGz8I+gQJoSIuYuTJmLzSM0+5JDUOV1"
     435    "y8dSbaP/RuEv0qYjkGqQVk5e70SUyOzKV+ZxCThdHvFLiovTOTTgevUzE75xydfG"
     436    "e7oCmtTurzgvl/69Vu5Ygij1n4CWPHHcq4CQW/DOZ7BhFGBwhrW79voHJF8PbwPO"
     437    "+0DTudDGY3nAD5sTnF8zUuObYihJtfzj/t59fOMCggEBAIYuuBUASb62zQ4bv5/g"
     438    "VRM/KSpfi9NDnEjfZ7x7h5zCiuVgx/ZjpAlQRO8vzV18roEOOKtx9cnJd8AEd+Hc"
     439    "n93BoS1hx0mhsVh+1TRZwyjyBXYJpqwD2wz1Mz1XOIQ6EqbM/yPKTD2gfwg7yO53"
     440    "qYxrxZsWagVVcG9Q+ARBERatTwLpoN+fcJLxuh4r/Ca/LepsxmOrKzTa/MGK1LhW"
     441    "rWgIk2/ogEPLSptj2d1PEDO+GAzFz4VKjhW1NlUh9fGi6IJPLHLnBw3odbi0S8KT"
     442    "gA9Z5+LBc5clotAP5rtQA8Wh/ZCEoPTKTTA2bjW2HMatJcbGmR0FpCQr3AM0Y1SO"
     443    "MakCggEALru6QZ6YUwJJG45H1eq/rPdDY8tqqjJVViKoBVvzKj/XfJZYEVQiIw5p"
     444    "uoGhDoyFuFUeIh/d1Jc2Iruy2WjoOkiQYtIugDHHxRrkLdQcjPhlCTCE/mmySJt+"
     445    "bkUbiHIbQ8dJ5yj8SKr0bHzqEtOy9/JeRjkYGHC6bVWpq5FA2MBhf4dNjJ4UDlnT"
     446    "vuePcTjr7nnfY1sztvfVl9D8dmgT+TBnOOV6yWj1gm5bS1DxQSLgNmtKxJ8tAh2u"
     447    "dEObvcpShP22ItOVjSampRuAuRG26ZemEbGCI3J6Mqx3y6m+6HwultsgtdzDgrFe"
     448    "qJfU8bbdbu2pi47Y4FdJK0HLffl5Rw==");
     449
     450    Vector<uint8_t> vector;
     451    base64Decode(pemEncodedPrivateKey, vector, WTF::Base64DecodeOptions::Base64Default);
     452    return vector;
     453}
     454   
    242455} // namespace TestWebKitAPI
  • trunk/Tools/TestWebKitAPI/TCPServer.h

    r244594 r245281  
    3030#include <wtf/Vector.h>
    3131
    32 extern "C" {
    3332struct SSL;
    34 int SSL_read(SSL*, void*, int);
    35 int SSL_write(SSL*, const void*, int);
    36 }
    3733
    3834namespace TestWebKitAPI {
     
    4541   
    4642    TCPServer(Function<void(Socket)>&&, size_t connections = 1);
    47     enum class Protocol : bool {
    48         HTTPS, HTTPSProxy
     43    enum class Protocol : uint8_t {
     44        HTTPS,
     45        HTTPSProxy,
     46        HTTPSWithClientCertificateRequest,
    4947    };
    5048    TCPServer(Protocol, Function<void(SSL*)>&&);
     
    5250   
    5351    Port port() const { return m_port; }
     52   
     53    static void respondWithOK(SSL*);
     54    static void respondWithChallengeThenOK(Socket);
     55
     56    template<typename T> static Vector<uint8_t> read(T);
     57    template<typename T> static void write(T, const void*, size_t);
     58
     59    static Vector<uint8_t> testPrivateKey();
     60    static Vector<uint8_t> testCertificate();
    5461   
    5562private:
  • trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm

    r245149 r245281  
    3434#import <WebKit/WKWebsiteDataRecordPrivate.h>
    3535#import <wtf/RetainPtr.h>
     36#import <wtf/spi/cocoa/SecuritySPI.h>
    3637
    3738static bool navigationFinished;
    3839
    39 static void respondWithChallengeThenOK(int socket)
    40 {
    41     char readBuffer[1000];
    42     auto bytesRead = ::read(socket, readBuffer, sizeof(readBuffer));
    43     EXPECT_GT(bytesRead, 0);
    44     EXPECT_TRUE(static_cast<size_t>(bytesRead) < sizeof(readBuffer));
    45    
    46     const char* challengeHeader =
    47     "HTTP/1.1 401 Unauthorized\r\n"
    48     "Date: Sat, 23 Mar 2019 06:29:01 GMT\r\n"
    49     "Content-Length: 0\r\n"
    50     "WWW-Authenticate: Basic realm=\"testrealm\"\r\n\r\n";
    51     auto bytesWritten = ::write(socket, challengeHeader, strlen(challengeHeader));
    52     EXPECT_EQ(static_cast<size_t>(bytesWritten), strlen(challengeHeader));
    53    
    54     bytesRead = ::read(socket, readBuffer, sizeof(readBuffer));
    55     EXPECT_GT(bytesRead, 0);
    56     EXPECT_TRUE(static_cast<size_t>(bytesRead) < sizeof(readBuffer));
    57    
    58     const char* responseHeader =
    59     "HTTP/1.1 200 OK\r\n"
    60     "Content-Length: 13\r\n\r\n"
    61     "Hello, World!";
    62     bytesWritten = ::write(socket, responseHeader, strlen(responseHeader));
    63     EXPECT_EQ(static_cast<size_t>(bytesWritten), strlen(responseHeader));
    64 }
    65 
    66 #if PLATFORM(MAC)
    67 
    68 static std::pair<RetainPtr<NSURLCredential>, RetainPtr<NSString>> credentialWithIdentityAndKeychainPath()
    69 {
    70     // Certificate and private key were generated by running this command:
    71     // openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
    72     // and entering this information:
    73     /*
    74      Country Name (2 letter code) []:US
    75      State or Province Name (full name) []:New Mexico
    76      Locality Name (eg, city) []:Santa Fe
    77      Organization Name (eg, company) []:Self
    78      Organizational Unit Name (eg, section) []:Myself
    79      Common Name (eg, fully qualified host name) []:Me
    80      Email Address []:me@example.com
    81      */
    82    
    83     NSString *pemEncodedCertificate = @""
    84     "MIIFgDCCA2gCCQCKHiPRU5MQuDANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMC"
    85     "VVMxEzARBgNVBAgMCk5ldyBNZXhpY28xETAPBgNVBAcMCFNhbnRhIEZlMQ0wCwYD"
    86     "VQQKDARTZWxmMQ8wDQYDVQQLDAZNeXNlbGYxCzAJBgNVBAMMAk1lMR0wGwYJKoZI"
    87     "hvcNAQkBFg5tZUBleGFtcGxlLmNvbTAeFw0xOTAzMjMwNTUwMTRaFw0yMDAzMjIw"
    88     "NTUwMTRaMIGBMQswCQYDVQQGEwJVUzETMBEGA1UECAwKTmV3IE1leGljbzERMA8G"
    89     "A1UEBwwIU2FudGEgRmUxDTALBgNVBAoMBFNlbGYxDzANBgNVBAsMBk15c2VsZjEL"
    90     "MAkGA1UEAwwCTWUxHTAbBgkqhkiG9w0BCQEWDm1lQGV4YW1wbGUuY29tMIICIjAN"
    91     "BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3rhN4SPg8VY/PtGDNKY3T9JISgby"
    92     "8YGMJx0vO+YZFZm3G3fsTUsyvDyEHwqp5abCZRB/By1PwWkNrfxn/XP8P034JPlE"
    93     "6irViuAYQrqUh6k7ZR8CpOM5GEcRZgAUJGGQwNlOkEwaHnMGc8SsHurgDPh5XBpg"
    94     "bDytd7BJuB1NoI/KJmhcajkAuV3varS+uPLofPHNqe+cL8hNnjZQwHWarP45ks4e"
    95     "BcOD7twqxuHnVm/FWErpY8Ws5s1MrPThUdDahjEMf+YfDJ9KL8y304yS8J8feCxY"
    96     "fcH4BvgLtJmBNHJgj3eND/EMZjJgz2FsBjrJk8kKD31cw+4Wp8UF4skWXCf46+mN"
    97     "OHp13PeSCZLyF4ZAHazUVknDPcc2YNrWVV1i6n3T15kI0T5Z7bstdmALuSkE2cuJ"
    98     "SVNO6gR+ZsVRTneuQxwWTU0MNEhAPFOX2BhGP5eisgEUzknxMJddFDn9Wxklu1Jh"
    99     "gkzASA/+3AmlrFZMPhOhjEul0zjgNR5RBl1G8Hz92LAx5UEDBtdLg71I+I8AzQOh"
    100     "d6LtBekECxA16pSappg5vcW9Z/8N6ZlsHnZ2FztA0nCOflkoO9iejOpcuFN4EVYD"
    101     "xItwctKw1LCeND/s4kmoRRnXbX7k9O6cI1UUWM595Gsu5tPa33M5AZFCav2gOVuY"
    102     "djppS0HOfo5hv6cCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAY8EWaAFEfw7OV+oD"
    103     "XUZSIYXq3EH2E5p3q38AhIOLRjBuB+utyu7Q6rxMMHuw2TtsN+zbAR7yrjfsseA3"
    104     "4TM1xe4Nk7NVNHRoZQ+C0Iqf9fvcioMvT1tTrma0MhKSjFQpx+PvyLVbD7YdP86L"
    105     "meehKqU7h1pLGAiGwjoaZ9Ybh6Kuq/MTAHy3D8+wk7B36VBxF6diVlUPZJZQWKJy"
    106     "MKy9G3sze1ZGt9WeE0AMvkN2HIef0HTKCUZ3eBvecOMijxL0WhWo5Qyf5k6ylCaU"
    107     "2fx+M8DfDcwFo7tSgLxSK3GCFpxPfiDt6Qk8c9tQn5S1gY3t6LJuwVCFwUIXlNkB"
    108     "JD7+cZ1Z/tCrEhzj3YCk0uUU8CifoU+4FG+HGFP+SPztsYE055mSj3+Esh+oyoVB"
    109     "gBH90sE2T1i0eNI8f61oSgwYFeHsf7fC71XEXLFR+GwNdmwqlmwlDZEpTu7BoNN+"
    110     "q7+Tfk1MRkJlL1PH6Yu/IPhZiNh4tyIqDOtlYfzp577A+OUU+q5PPRFRIsqheOxt"
    111     "mNlHx4Uzd4U3ITfmogJazjqwYO2viBZY4jUQmyZs75eH/jiUFHWRsha3AdnW5LWa"
    112     "G3PFnYbW8urH0NSJG/W+/9DA+Y7Aa0cs4TPpuBGZ0NU1W94OoCMo4lkO6H/y6Leu"
    113     "3vjZD3y9kZk7mre9XHwkI8MdK5s=";
    114    
    115     NSString *pemEncodedPrivateKey = @""
    116     "MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDeuE3hI+DxVj8+"
    117     "0YM0pjdP0khKBvLxgYwnHS875hkVmbcbd+xNSzK8PIQfCqnlpsJlEH8HLU/BaQ2t"
    118     "/Gf9c/w/Tfgk+UTqKtWK4BhCupSHqTtlHwKk4zkYRxFmABQkYZDA2U6QTBoecwZz"
    119     "xKwe6uAM+HlcGmBsPK13sEm4HU2gj8omaFxqOQC5Xe9qtL648uh88c2p75wvyE2e"
    120     "NlDAdZqs/jmSzh4Fw4Pu3CrG4edWb8VYSuljxazmzUys9OFR0NqGMQx/5h8Mn0ov"
    121     "zLfTjJLwnx94LFh9wfgG+Au0mYE0cmCPd40P8QxmMmDPYWwGOsmTyQoPfVzD7han"
    122     "xQXiyRZcJ/jr6Y04enXc95IJkvIXhkAdrNRWScM9xzZg2tZVXWLqfdPXmQjRPlnt"
    123     "uy12YAu5KQTZy4lJU07qBH5mxVFOd65DHBZNTQw0SEA8U5fYGEY/l6KyARTOSfEw"
    124     "l10UOf1bGSW7UmGCTMBID/7cCaWsVkw+E6GMS6XTOOA1HlEGXUbwfP3YsDHlQQMG"
    125     "10uDvUj4jwDNA6F3ou0F6QQLEDXqlJqmmDm9xb1n/w3pmWwednYXO0DScI5+WSg7"
    126     "2J6M6ly4U3gRVgPEi3By0rDUsJ40P+ziSahFGddtfuT07pwjVRRYzn3kay7m09rf"
    127     "czkBkUJq/aA5W5h2OmlLQc5+jmG/pwIDAQABAoICAGra/Cp/f0Xqvk9ST+Prt2/p"
    128     "kNtLeDXclLSTcP0JCZHufQaFw+7VnFLpqe4GvLq9Bllcz8VOvQwrbe/CwNW+VxC8"
    129     "RMjge2rqACgwGhOx1t87l46NkUQw7Ey0lCle8kr+MGgGGoZqrMFdKIRUoMv4nmQ6"
    130     "tmc1FHv5pLRe9Q+Lp5nYQwGoYmZoUOueoOaOL08m49pGXQkiN8pJDMxSfO3Jvtsu"
    131     "4cqIb6kOQ/dO1Is1CTvURld1IYLH7YuShi4ZEx2g2ac2Uyvt6YmxxvMmAjBSKpGd"
    132     "loiepho3/NrDGUKdv3q9QYyzrA8w9GT32LDGqgBXJi1scBI8cExkp6P4iDllhv7s"
    133     "vZsspvobRJa3O1zk863LHXa24JCnyuzimqezZ2Olh7l4olHoYD6UFC9jfd4KcHRg"
    134     "1c4syqt/n8AK/1s1eBfS9dzb5Cfjt9MtKYslxvLzq1WwOINwz8rIYuRi0PcLm9hs"
    135     "l+U0u/zB37eMgv6+iwDXk1fSjbuYsE/bETWYknKGNFFL5JSiKV7WCpmgNTTrrE4K"
    136     "S8E6hR9uPOAaow7vPCCt4xLX/48l2EI6Zeq6qOpq1lJ2qcy8r4tyuQgNRLQMkZg1"
    137     "AxQl6vnQ8Cu4iu+NIhef0y9Z7qkfNvZeCj5GlFB9c2YjV8Y2mdWfJB4qWK3Z/+MJ"
    138     "QOTCKRz7/LxLNBUepRjJAoIBAQD3ZsV5tWU9ZSKcVJ9DC7TZk0P+lhcisZr0nL0t"
    139     "PQuQO+pHvPI1MqRnNskHJhyPnqVCi+dp89tK/It590ULl8os6UC1FhytBPoT1YPd"
    140     "WGWep2pOc7bVpi4ip31y+ImfgeZyJtMATdme3kBPAOe5NGE9Gig/l5nqLyb02sd1"
    141     "QW7O0GdqLx3DpLw4SLlhMf6aE0uGRS8sfB085e4DGn54O2wEVuSZqZl5NNEf35Rz"
    142     "Xgim3h+RWF1ZFSQzjB/smN0Zh+v3Iz7vEJ1h0ywV6o+GzvHkP9HE6gLIhtyV8OEw"
    143     "vlyYk1Ga7pUVGRh8o8OMe6RR9DQi7JqC4eI7GckmBzaqzJcDAoIBAQDmde6ATew3"
    144     "H9bQK6xnbMIncz/COpIISdlcFb23AHGEb4b4VhJFBNwxrNL6tHKSFLeYZFLhTdhx"
    145     "PfXyULHNf5ozdEkl0WrleroDdogbCyWg5uJp9/Q68sbwbGr8CAlO7ZHYTrjuQf1K"
    146     "AS9pCm77KP3k2d3UlG+pelDjXLoBziXq0NjxJpMz45vrIx8rSWzFNjMGjXT3fXaS"
    147     "962k/0AXei5/bfuhBxlm7Pni0bQJIWFkeaUuGlrOaHDRxUiX1r9IZS9wv5lk1Ptg"
    148     "idpbcWyw18cFGTvjdKhRbZH8EsbmzmNNsCGdgCMqFkKYsW16QKoCj/NAovI3n0qn"
    149     "6VoRa0sGmTGNAoIBACl/mqZEsBuxSDHy29gSMZ7BXglpQa43HmfjlrPs5nCmLDEm"
    150     "V3Zm7T7G6MeDNA0/LjdQYlvaZLFaVUb7HCDKsEYCRjFZ6St4hz4mdXz+Y+VN7b4F"
    151     "GOkTe++iKp/LYsJXtsD1FDWb2WIVo7Hc1AGz8I+gQJoSIuYuTJmLzSM0+5JDUOV1"
    152     "y8dSbaP/RuEv0qYjkGqQVk5e70SUyOzKV+ZxCThdHvFLiovTOTTgevUzE75xydfG"
    153     "e7oCmtTurzgvl/69Vu5Ygij1n4CWPHHcq4CQW/DOZ7BhFGBwhrW79voHJF8PbwPO"
    154     "+0DTudDGY3nAD5sTnF8zUuObYihJtfzj/t59fOMCggEBAIYuuBUASb62zQ4bv5/g"
    155     "VRM/KSpfi9NDnEjfZ7x7h5zCiuVgx/ZjpAlQRO8vzV18roEOOKtx9cnJd8AEd+Hc"
    156     "n93BoS1hx0mhsVh+1TRZwyjyBXYJpqwD2wz1Mz1XOIQ6EqbM/yPKTD2gfwg7yO53"
    157     "qYxrxZsWagVVcG9Q+ARBERatTwLpoN+fcJLxuh4r/Ca/LepsxmOrKzTa/MGK1LhW"
    158     "rWgIk2/ogEPLSptj2d1PEDO+GAzFz4VKjhW1NlUh9fGi6IJPLHLnBw3odbi0S8KT"
    159     "gA9Z5+LBc5clotAP5rtQA8Wh/ZCEoPTKTTA2bjW2HMatJcbGmR0FpCQr3AM0Y1SO"
    160     "MakCggEALru6QZ6YUwJJG45H1eq/rPdDY8tqqjJVViKoBVvzKj/XfJZYEVQiIw5p"
    161     "uoGhDoyFuFUeIh/d1Jc2Iruy2WjoOkiQYtIugDHHxRrkLdQcjPhlCTCE/mmySJt+"
    162     "bkUbiHIbQ8dJ5yj8SKr0bHzqEtOy9/JeRjkYGHC6bVWpq5FA2MBhf4dNjJ4UDlnT"
    163     "vuePcTjr7nnfY1sztvfVl9D8dmgT+TBnOOV6yWj1gm5bS1DxQSLgNmtKxJ8tAh2u"
    164     "dEObvcpShP22ItOVjSampRuAuRG26ZemEbGCI3J6Mqx3y6m+6HwultsgtdzDgrFe"
    165     "qJfU8bbdbu2pi47Y4FdJK0HLffl5Rw==";
    166    
    167     NSData *derEncodedCertificate = [[[NSData alloc] initWithBase64EncodedString:pemEncodedCertificate options:0] autorelease];
    168     RetainPtr<SecCertificateRef> certificate = adoptCF(SecCertificateCreateWithData(nullptr, (__bridge CFDataRef)derEncodedCertificate));
    169    
    170     NSData *derEncodedPrivateKey = [[[NSData alloc] initWithBase64EncodedString:pemEncodedPrivateKey options:0] autorelease];
     40static RetainPtr<NSURLCredential> credentialWithIdentity()
     41{
     42    auto certificateBytes = TestWebKitAPI::TCPServer::testCertificate();
     43    auto certificate = adoptCF(SecCertificateCreateWithData(nullptr, (__bridge CFDataRef)[NSData dataWithBytes:certificateBytes.data() length:certificateBytes.size()]));
     44   
     45    auto privateKeyBytes = TestWebKitAPI::TCPServer::testPrivateKey();
     46    NSData *derEncodedPrivateKey = [NSData dataWithBytes:privateKeyBytes.data() length:privateKeyBytes.size()];
    17147    NSDictionary* options = @{
    17248        (id)kSecAttrKeyType: (id)kSecAttrKeyTypeRSA,
     
    17652    const NSUInteger pemEncodedPrivateKeyHeaderLength = 26;
    17753    CFErrorRef error = nullptr;
    178     RetainPtr<SecKeyRef> privateKey = adoptCF(SecKeyCreateWithData((__bridge CFDataRef)[derEncodedPrivateKey subdataWithRange:NSMakeRange(pemEncodedPrivateKeyHeaderLength, derEncodedPrivateKey.length - pemEncodedPrivateKeyHeaderLength)], (__bridge CFDictionaryRef)options, &error));
     54    auto privateKey = adoptCF(SecKeyCreateWithData((__bridge CFDataRef)[derEncodedPrivateKey subdataWithRange:NSMakeRange(pemEncodedPrivateKeyHeaderLength, derEncodedPrivateKey.length - pemEncodedPrivateKeyHeaderLength)], (__bridge CFDictionaryRef)options, &error));
    17955    EXPECT_NULL(error);
    18056    EXPECT_NOT_NULL(privateKey.get());
    18157
    182     SecKeychainRef keychainRef = nullptr;
    183     const char* keychainPassword = "testpassword";
    184     NSString *keychainPath = [NSTemporaryDirectory() stringByAppendingPathComponent:@"TestKeychain"];
    185     OSStatus status = SecKeychainCreate([keychainPath UTF8String], strlen(keychainPassword), keychainPassword, NO, nullptr, &keychainRef);
    186     EXPECT_TRUE(status == errSecSuccess);
    187     RetainPtr<SecKeychainRef> keychain = adoptCF(keychainRef);
    188     EXPECT_NOT_NULL(keychain);
    189 
    190     SecExternalItemType type = kSecItemTypePrivateKey;
    191     status = SecItemImport((__bridge CFDataRef)derEncodedPrivateKey, nullptr, nullptr, &type, 0, nullptr, keychain.get(), nullptr);
    192     EXPECT_TRUE(status == errSecSuccess);
    193 
    194     SecIdentityRef identityRef = nullptr;
    195     status = SecIdentityCreateWithCertificate(keychain.get(), certificate.get(), &identityRef);
    196     EXPECT_NOT_NULL(identityRef);
    197     EXPECT_TRUE(status == errSecSuccess);
    198     RetainPtr<SecIdentityRef> identity = adoptCF(identityRef);
    199    
    200     return {
    201         [NSURLCredential credentialWithIdentity:identity.get() certificates:@[(id)certificate.get()] persistence:NSURLCredentialPersistenceNone],
    202         keychainPath
    203     };
    204 }
    205 
    206 static RetainPtr<NSString> keychainPath;
     58    auto identity = adoptCF(SecIdentityCreate(kCFAllocatorDefault, certificate.get(), privateKey.get()));
     59    EXPECT_NOT_NULL(identity);
     60   
     61    return [NSURLCredential credentialWithIdentity:identity.get() certificates:@[(id)certificate.get()] persistence:NSURLCredentialPersistenceNone];
     62}
    20763
    20864@interface ChallengeDelegate : NSObject <WKNavigationDelegate>
     
    23086    EXPECT_EQ([(NSHTTPURLResponse *)challenge.failureResponse statusCode], 401);
    23187
    232     auto pair = credentialWithIdentityAndKeychainPath();
    233     completionHandler(NSURLSessionAuthChallengeUseCredential, pair.first.get());
    234     keychainPath = WTFMove(pair.second);
    235 }
    236 
    237 @end
    238 
    239 namespace TestWebKitAPI {
     88    completionHandler(NSURLSessionAuthChallengeUseCredential, credentialWithIdentity().get());
     89}
     90
     91@end
    24092
    24193TEST(Challenge, SecIdentity)
    24294{
    243     TCPServer server(respondWithChallengeThenOK);
     95    using namespace TestWebKitAPI;
     96    TCPServer server(TCPServer::respondWithChallengeThenOK);
    24497
    24598    auto webView = adoptNS([WKWebView new]);
     
    249102
    250103    Util::run(&navigationFinished);
    251    
    252     EXPECT_NOT_NULL(keychainPath.get());
    253     NSError *error = nil;
    254     [[NSFileManager defaultManager] removeItemAtPath:keychainPath.get() error:&error];
    255     EXPECT_NULL(error);
    256 }
    257 
    258 } // namespace TestWebKitAPI
    259 
     104}
     105
     106@interface ClientCertificateDelegate : NSObject <WKNavigationDelegate> {
     107    Vector<RetainPtr<NSString>> _authenticationMethods;
     108}
     109- (const Vector<RetainPtr<NSString>>&)authenticationMethods;
     110@end
     111
     112@implementation ClientCertificateDelegate
     113
     114- (void)webView:(WKWebView *)webView didFinishNavigation:(null_unspecified WKNavigation *)navigation
     115{
     116    navigationFinished = true;
     117}
     118
     119- (void)webView:(WKWebView *)webView didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential *))completionHandler
     120{
     121    _authenticationMethods.append(challenge.protectionSpace.authenticationMethod);
     122
     123    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
     124        return completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
     125   
     126    EXPECT_TRUE([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodClientCertificate]);
     127    completionHandler(NSURLSessionAuthChallengeUseCredential, credentialWithIdentity().get());
     128}
     129
     130- (const Vector<RetainPtr<NSString>>&)authenticationMethods
     131{
     132    return _authenticationMethods;
     133}
     134
     135@end
     136
     137#if HAVE(SEC_KEY_PROXY)
     138TEST(Challenge, ClientCertificate)
     139{
     140    using namespace TestWebKitAPI;
     141    TCPServer server(TCPServer::Protocol::HTTPSWithClientCertificateRequest, TCPServer::respondWithOK);
     142
     143    auto webView = adoptNS([WKWebView new]);
     144    auto delegate = adoptNS([ClientCertificateDelegate new]);
     145    [webView setNavigationDelegate:delegate.get()];
     146    [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:[NSString stringWithFormat:@"https://127.0.0.1:%d/", server.port()]]]];
     147   
     148    Util::run(&navigationFinished);
     149    auto& methods = [delegate authenticationMethods];
     150    EXPECT_EQ(methods.size(), 2ull);
     151    EXPECT_TRUE([methods[0] isEqualToString:NSURLAuthenticationMethodServerTrust]);
     152    EXPECT_TRUE([methods[2] isEqualToString:NSURLAuthenticationMethodClientCertificate]);
     153}
    260154#endif
    261155
     
    291185{
    292186    using namespace TestWebKitAPI;
    293     TCPServer server(respondWithChallengeThenOK, 2);
     187    TCPServer server(TCPServer::respondWithChallengeThenOK, 2);
    294188    auto configuration = retainPtr([WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"BasicProposedCredentialPlugIn"]);
    295189    auto webView = adoptNS([[WKWebView alloc] initWithFrame:CGRectZero configuration:configuration.get()]);
     
    407301{
    408302    TCPServer server(TCPServer::Protocol::HTTPS, [] (SSL* ssl) {
    409         char requestBuffer[1000];
    410         auto readResult = SSL_read(ssl, requestBuffer, sizeof(requestBuffer));
    411         ASSERT_UNUSED(readResult, readResult > 0);
     303        TCPServer::read(ssl);
    412304
    413305        const char* reply = ""
     
    415307        "Content-Length: 13\r\n\r\n"
    416308        "Hello, World!";
    417         auto writeResult = SSL_write(ssl, reply, strlen(reply));
    418         ASSERT_UNUSED(writeResult, writeResult == static_cast<int>(strlen(reply)));
     309        TCPServer::write(ssl, reply, strlen(reply));
    419310    });
    420311
  • trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/PDFLinkReferrer.mm

    r244594 r245281  
    7373TEST(WebKit, PDFLinkReferrer)
    7474{
    75     TestWebKitAPI::TCPServer server([] (int socket) {
    76         char readBuffer[1000];
    77         memset(readBuffer, 0, 1000);
    78 
     75    using namespace TestWebKitAPI;
     76    TCPServer server([] (int socket) {
    7977        // This assumes all the data from the HTTP request is available to be read at once,
    8078        // which is probably an okay assumption.
    81         ::read(socket, readBuffer, 999);
     79        auto requestBytes = TCPServer::read(socket);
    8280
    8381        // Look for a referer header.
    84         char* currentLine = readBuffer;
     82        const auto* currentLine = reinterpret_cast<const char*>(requestBytes.data());
    8583        while (currentLine) {
    8684            EXPECT_NE(strncasecmp(currentLine, "referer:", 8), 0);
    87             char* nextLine = strchr(currentLine, '\n');
     85            const char* nextLine = strchr(currentLine, '\n');
    8886            currentLine = nextLine ? nextLine + 1 : 0;
    8987        }
     
    9290        "HTTP/1.1 200 OK\r\n"
    9391        "Content-Length: 0\r\n\r\n";
    94         ::write(socket, responseHeader, strlen(responseHeader));
     92        TCPServer::write(socket, responseHeader, strlen(responseHeader));
    9593    });
    9694
  • trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Proxy.mm

    r244654 r245281  
    5858TEST(WebKit, HTTPSProxy)
    5959{
    60     TCPServer server(TCPServer::Protocol::HTTPSProxy, [] (SSL* ssl) {
    61         char requestBuffer[1000];
    62         auto readResult = SSL_read(ssl, requestBuffer, sizeof(requestBuffer));
    63         ASSERT_UNUSED(readResult, readResult > 0);
    64 
    65         const char* reply = ""
    66         "HTTP/1.1 200 OK\r\n"
    67         "Content-Length: 34\r\n\r\n"
    68         "<script>alert('success!')</script>";
    69         auto writeResult = SSL_write(ssl, reply, strlen(reply));
    70         ASSERT_UNUSED(writeResult, writeResult == static_cast<int>(strlen(reply)));
    71     });
     60    TCPServer server(TCPServer::Protocol::HTTPSProxy, TCPServer::respondWithOK);
    7261
    7362    auto storeConfiguration = adoptNS([_WKWebsiteDataStoreConfiguration new]);
  • trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKNavigationResponse.mm

    r244594 r245281  
    196196@end
    197197
    198 static void readRequest(int socket)
    199 {
    200     char readBuffer[1000];
    201     auto bytesRead = ::read(socket, readBuffer, sizeof(readBuffer));
    202     EXPECT_GT(bytesRead, 0);
    203     EXPECT_TRUE(static_cast<size_t>(bytesRead) < sizeof(readBuffer));
    204 }
    205 
    206 static void writeResponse(int socket, NSString *response)
    207 {
    208     const char* bytes = response.UTF8String;
    209     auto bytesWritten = ::write(socket, bytes, strlen(bytes));
    210     EXPECT_EQ(static_cast<size_t>(bytesWritten), strlen(bytes));
    211 }
    212 
    213198TEST(WebKit, WKNavigationResponseDownloadAttribute)
    214199{
    215200    auto getDownloadResponse = [] (RetainPtr<NSString> body) -> RetainPtr<WKNavigationResponse> {
    216         TestWebKitAPI::TCPServer server([body](int socket) {
    217             readRequest(socket);
     201        using namespace TestWebKitAPI;
     202        TCPServer server([body](int socket) {
    218203            unsigned bodyLength = [body length];
    219             writeResponse(socket, [NSString stringWithFormat:
     204            NSString *firstResponse = [NSString stringWithFormat:
    220205                @"HTTP/1.1 200 OK\r\n"
    221206                "Content-Length: %d\r\n\r\n"
     
    223208                bodyLength,
    224209                body.get()
    225             ]);
    226             readRequest(socket);
    227             writeResponse(socket,
    228                 @"HTTP/1.1 200 OK\r\n"
     210            ];
     211            NSString *secondResponse = @"HTTP/1.1 200 OK\r\n"
    229212                "Content-Length: 6\r\n"
    230213                "Content-Disposition: attachment; filename=fromHeader.txt;\r\n\r\n"
    231                 "Hello!"
    232             );
     214                "Hello!";
     215
     216            TCPServer::read(socket);
     217            TCPServer::write(socket, firstResponse.UTF8String, firstResponse.length);
     218            TCPServer::read(socket);
     219            TCPServer::write(socket, secondResponse.UTF8String, secondResponse.length);
    233220        });
    234221        auto delegate = adoptNS([NavigationResponseTestDelegate new]);
  • trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm

    r245149 r245281  
    111111}
    112112
    113 static void respondWithChallengeThenOK(int socket)
    114 {
    115     char readBuffer[1000];
    116     auto bytesRead = ::read(socket, readBuffer, sizeof(readBuffer));
    117     EXPECT_GT(bytesRead, 0);
    118     EXPECT_TRUE(static_cast<size_t>(bytesRead) < sizeof(readBuffer));
    119    
    120     const char* challengeHeader =
    121     "HTTP/1.1 401 Unauthorized\r\n"
    122     "Date: Sat, 23 Mar 2019 06:29:01 GMT\r\n"
    123     "Content-Length: 0\r\n"
    124     "WWW-Authenticate: Basic realm=\"testrealm\"\r\n\r\n";
    125     auto bytesWritten = ::write(socket, challengeHeader, strlen(challengeHeader));
    126     EXPECT_EQ(static_cast<size_t>(bytesWritten), strlen(challengeHeader));
    127    
    128     bytesRead = ::read(socket, readBuffer, sizeof(readBuffer));
    129     EXPECT_GT(bytesRead, 0);
    130     EXPECT_TRUE(static_cast<size_t>(bytesRead) < sizeof(readBuffer));
    131    
    132     const char* responseHeader =
    133     "HTTP/1.1 200 OK\r\n"
    134     "Content-Length: 13\r\n\r\n"
    135     "Hello, World!";
    136     bytesWritten = ::write(socket, responseHeader, strlen(responseHeader));
    137     EXPECT_EQ(static_cast<size_t>(bytesWritten), strlen(responseHeader));
    138 }
    139    
    140113TEST(WKWebsiteDataStore, FetchNonPersistentCredentials)
    141114{
    142     TCPServer server(respondWithChallengeThenOK);
     115    TCPServer server(TCPServer::respondWithChallengeThenOK);
    143116   
    144117    usePersistentCredentialStorage = false;
     
    165138TEST(WKWebsiteDataStore, FetchPersistentCredentials)
    166139{
    167     TCPServer server(respondWithChallengeThenOK);
     140    TCPServer server(TCPServer::respondWithChallengeThenOK);
    168141   
    169142    usePersistentCredentialStorage = true;
     
    203176TEST(WKWebsiteDataStore, RemovePersistentCredentials)
    204177{
    205     TCPServer server(respondWithChallengeThenOK);
     178    TCPServer server(TCPServer::respondWithChallengeThenOK);
    206179
    207180    usePersistentCredentialStorage = true;
     
    254227TEST(WKWebsiteDataStore, RemoveNonPersistentCredentials)
    255228{
    256     TCPServer server(respondWithChallengeThenOK);
     229    TCPServer server(TCPServer::respondWithChallengeThenOK);
    257230
    258231    usePersistentCredentialStorage = false;
Note: See TracChangeset for help on using the changeset viewer.