Source/WebCore:
authormitz@apple.com <mitz@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 10 Mar 2015 07:34:06 +0000 (07:34 +0000)
committermitz@apple.com <mitz@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 10 Mar 2015 07:34:06 +0000 (07:34 +0000)
commit00d84697688368efd7d038d4ca1b56975c453d06
treea6b68a67fa679c4af80eb460c97e2b9be970d6b1
parent0e88844f69c6d29947cf578642a839a227956529
Source/WebCore:
WebCore part of <rdar://problem/20086546> [Cocoa] Add an option to treat certificate chains with SHA1-signed certificates as insecure
https://bugs.webkit.org/show_bug.cgi?id=142461

Reviewed by Sam Weinig.

* WebCore.xcodeproj/project.pbxproj: Added reference to SecuritySPI.h and sorted the
spi/cocoa group.

* platform/network/cf/CertificateInfo.h: Declared new member function
containsNonRootSHA1SignedCertificate.

* platform/network/mac/CertificateInfoMac.mm:
(WebCore::CertificateInfo::containsNonRootSHA1SignedCertificate): Added. Checks if any but
the last certificate in the chain uses SHA-1 as its signature hash algorithm.

* platform/network/curl/CertificateInfo.h:
(WebCore::CertificateInfo::containsNonRootSHA1SignedCertificate): Added notImplemented
implementation.

* platform/network/soup/CertificateInfo.h:
(WebCore::CertificateInfo::containsNonRootSHA1SignedCertificate): Ditto.

* platform/spi/cocoa/SecuritySPI.h: Added.

Source/WebKit2:
WebKit2 part of <rdar://problem/20086546> [Cocoa] Add an option to treat certificate chains with SHA1-signed certificates as insecure
https://bugs.webkit.org/show_bug.cgi?id=142461

Reviewed by Sam Weinig.

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView initWithFrame:configuration:]): Initialize
webPageConfiguration.treatsSHA1SignedCertificatesAsInsecure from the WKWebViewConfiguration.

* UIProcess/API/Cocoa/WKWebViewConfiguration.mm:
Added _treatsSHA1SignedCertificatesAsInsecure ivar.
(-[WKWebViewConfiguration copyWithZone:]): Copy _treatsSHA1SignedCertificatesAsInsecure.
(-[WKWebViewConfiguration _treatsSHA1SignedCertificatesAsInsecure]): Added this getter.
(-[WKWebViewConfiguration _setTreatsSHA1SignedCertificatesAsInsecure:]): Added this setter.

* UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h: Declared new
_treatsSHA1SignedCertificatesAsInsecure property.

* UIProcess/PageLoadState.cpp:
(WebKit::PageLoadState::didCommitLoad): Use new hasInsecureContent parameter to initialize
hasInsecureContent parameter in the uncommitted state.
* UIProcess/PageLoadState.h:

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::WebPageProxy): Initialize new m_treatsSHA1CertificatesAsInsecure
member variable from the WebPageConfiguration.
(WebKit::WebPageProxy::didCommitLoadForFrame): Pass true for the new hasInsecureContent to
PageLoadState::didCommitLoad if we are treating SHA1-signed certificates as insecure and
the certificate info contains a non-root SHA1-signed certificate.
* UIProcess/WebPageProxy.h: Added m_treatsSHA1CertificatesAsInsecure member variable.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@181317 268f45cc-cd09-0410-ab3c-d52691b4dbfc
15 files changed:
Source/WebCore/ChangeLog
Source/WebCore/WebCore.xcodeproj/project.pbxproj
Source/WebCore/platform/network/cf/CertificateInfo.h
Source/WebCore/platform/network/curl/CertificateInfo.h
Source/WebCore/platform/network/mac/CertificateInfoMac.mm
Source/WebCore/platform/network/soup/CertificateInfo.h
Source/WebCore/platform/spi/cocoa/SecuritySPI.h [new file with mode: 0644]
Source/WebKit2/ChangeLog
Source/WebKit2/UIProcess/API/Cocoa/WKWebView.mm
Source/WebKit2/UIProcess/API/Cocoa/WKWebViewConfiguration.mm
Source/WebKit2/UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h
Source/WebKit2/UIProcess/PageLoadState.cpp
Source/WebKit2/UIProcess/PageLoadState.h
Source/WebKit2/UIProcess/WebPageProxy.cpp
Source/WebKit2/UIProcess/WebPageProxy.h