When a client certificate is rejected, Safari says the website didn’t accept the...
authormitz@apple.com <mitz@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 30 Oct 2014 18:48:43 +0000 (18:48 +0000)
committermitz@apple.com <mitz@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 30 Oct 2014 18:48:43 +0000 (18:48 +0000)
https://bugs.webkit.org/show_bug.cgi?id=138216

Reviewed by Alexey Proskuryakov.

* Shared/cf/ArgumentCodersCF.cpp:
(IPC::typeFromCFTypeRef): Remove no-longer-necessary platform guards around SecIdentityRef.
(IPC::encode): Ditto.
(IPC::decode): Ditto.
* Shared/mac/WebCoreArgumentCodersMac.mm:
(IPC::ArgumentCoder<ResourceError>::encodePlatformData): If NSErrorClientCertificateChainKey
is present in the error’s userInfo dictionary, assert that it’s an array of identities and
certificates, and include it in the filtered dictionary.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@175374 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog
Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp
Source/WebKit2/Shared/mac/WebCoreArgumentCodersMac.mm

index b90a646..0f02f58 100644 (file)
@@ -1,3 +1,19 @@
+2014-10-30  Dan Bernstein  <mitz@apple.com>
+
+        When a client certificate is rejected, Safari says the website didn’t accept the certificate “unknown” instead of naming the certificate
+        https://bugs.webkit.org/show_bug.cgi?id=138216
+
+        Reviewed by Alexey Proskuryakov.
+
+        * Shared/cf/ArgumentCodersCF.cpp:
+        (IPC::typeFromCFTypeRef): Remove no-longer-necessary platform guards around SecIdentityRef.
+        (IPC::encode): Ditto.
+        (IPC::decode): Ditto.
+        * Shared/mac/WebCoreArgumentCodersMac.mm:
+        (IPC::ArgumentCoder<ResourceError>::encodePlatformData): If NSErrorClientCertificateChainKey
+        is present in the error’s userInfo dictionary, assert that it’s an array of identities and
+        certificates, and include it in the filtered dictionary.
+
 2014-10-29  Hunseop Jeong  <hs85.jeong@samsung.com>
 
         [CoordinatedGraphics] Use modern for-loops
index 03b3024..ebf0926 100644 (file)
@@ -80,9 +80,7 @@ enum CFType {
     CFString,
     CFURL,
     SecCertificate,
-#if PLATFORM(IOS)
     SecIdentity,
-#endif
 #if HAVE(SEC_KEYCHAIN)
     SecKeychainItem,
 #endif
@@ -121,10 +119,8 @@ static CFType typeFromCFTypeRef(CFTypeRef type)
         return CFURL;
     if (typeID == SecCertificateGetTypeID())
         return SecCertificate;
-#if PLATFORM(IOS)
     if (typeID == SecIdentityGetTypeID())
         return SecIdentity;
-#endif
 #if HAVE(SEC_KEYCHAIN)
     if (typeID == SecKeychainItemGetTypeID())
         return SecKeychainItem;
@@ -173,11 +169,9 @@ void encode(ArgumentEncoder& encoder, CFTypeRef typeRef)
     case SecCertificate:
         encode(encoder, (SecCertificateRef)typeRef);
         return;
-#if PLATFORM(IOS)
     case SecIdentity:
         encode(encoder, (SecIdentityRef)(typeRef));
         return;
-#endif
 #if HAVE(SEC_KEYCHAIN)
     case SecKeychainItem:
         encode(encoder, (SecKeychainItemRef)typeRef);
@@ -270,7 +264,6 @@ bool decode(ArgumentDecoder& decoder, RetainPtr<CFTypeRef>& result)
         result = adoptCF(certificate.leakRef());
         return true;
     }
-#if PLATFORM(IOS)
     case SecIdentity: {
         RetainPtr<SecIdentityRef> identity;
         if (!decode(decoder, identity))
@@ -278,7 +271,6 @@ bool decode(ArgumentDecoder& decoder, RetainPtr<CFTypeRef>& result)
         result = adoptCF(identity.leakRef());
         return true;
     }
-#endif
 #if HAVE(SEC_KEYCHAIN)
     case SecKeychainItem: {
         RetainPtr<SecKeychainItemRef> keychainItem;
index 27d39c2..db6b731 100644 (file)
@@ -198,6 +198,19 @@ void ArgumentCoder<ResourceError>::encodePlatformData(ArgumentEncoder& encoder,
             CFDictionarySetValue(filteredUserInfo.get(), key, value);
     }];
 
+    if (NSArray *clientIdentityAndCertificates = [userInfo objectForKey:@"NSErrorClientCertificateChainKey"]) {
+        ASSERT([clientIdentityAndCertificates isKindOfClass:[NSArray class]]);
+        ASSERT(^{
+            for (id object in clientIdentityAndCertificates) {
+                if (CFGetTypeID(object) != SecIdentityGetTypeID() && CFGetTypeID(object) != SecCertificateGetTypeID())
+                    return false;
+            }
+            return true;
+        }());
+
+        CFDictionarySetValue(filteredUserInfo.get(), @"NSErrorClientCertificateChainKey", clientIdentityAndCertificates);
+    };
+
     IPC::encode(encoder, filteredUserInfo.get());
 
     id peerCertificateChain = [userInfo objectForKey:@"NSErrorPeerCertificateChainKey"];