[Mac] When NSError user info is missing NSErrorPeerCertificateChainKey, ArgumentCoder...
authormitz@apple.com <mitz@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 4 Dec 2013 22:00:35 +0000 (22:00 +0000)
committermitz@apple.com <mitz@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 4 Dec 2013 22:00:35 +0000 (22:00 +0000)
https://bugs.webkit.org/show_bug.cgi?id=125251

Reviewed by Anders Carlsson.

* Shared/mac/WebCoreArgumentCodersMac.mm:
(CoreIPC::::encodePlatformData): If the user info doesn’t include
NSURLErrorFailingURLPeerTrustErrorKey, copy the peer certificate chain from the peer trust
under NSURLErrorFailingURLPeerTrustErrorKey. On the decoding side, it will appear under the
NSURLErrorFailingURLPeerTrustErrorKey, because a trust object can’t be fully serialized.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@160122 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog
Source/WebKit2/Shared/mac/WebCoreArgumentCodersMac.mm

index 20e1ff5..e89e412 100644 (file)
@@ -1,5 +1,18 @@
 2013-12-04  Dan Bernstein  <mitz@apple.com>
 
+        [Mac] When NSError user info is missing NSErrorPeerCertificateChainKey, ArgumentCoder should extract it from NSURLErrorFailingURLPeerTrustErrorKey
+        https://bugs.webkit.org/show_bug.cgi?id=125251
+
+        Reviewed by Anders Carlsson.
+
+        * Shared/mac/WebCoreArgumentCodersMac.mm:
+        (CoreIPC::::encodePlatformData): If the user info doesn’t include
+        NSURLErrorFailingURLPeerTrustErrorKey, copy the peer certificate chain from the peer trust
+        under NSURLErrorFailingURLPeerTrustErrorKey. On the decoding side, it will appear under the
+        NSURLErrorFailingURLPeerTrustErrorKey, because a trust object can’t be fully serialized.
+
+2013-12-04  Dan Bernstein  <mitz@apple.com>
+
         Replace USE(SECURITY_FRAMEWORK) with finer-grained defines
         https://bugs.webkit.org/show_bug.cgi?id=125242
 
index dfa93fe..5f4e728 100644 (file)
@@ -167,6 +167,14 @@ void ArgumentCoder<ResourceError>::encodePlatformData(ArgumentEncoder& encoder,
     CoreIPC::encode(encoder, filteredUserInfo.get());
 
     id peerCertificateChain = [userInfo objectForKey:@"NSErrorPeerCertificateChainKey"];
+    if (!peerCertificateChain) {
+        if (SecTrustRef peerTrust = (SecTrustRef)userInfo[NSURLErrorFailingURLPeerTrustErrorKey]) {
+            CFIndex count = SecTrustGetCertificateCount(peerTrust);
+            peerCertificateChain = [NSMutableArray arrayWithCapacity:count];
+            for (CFIndex i = 0; i < count; ++i)
+                [peerCertificateChain addObject:(id)SecTrustGetCertificateAtIndex(peerTrust, i)];
+        }
+    }
     ASSERT(!peerCertificateChain || [peerCertificateChain isKindOfClass:[NSArray class]]);
     encoder << CertificateInfo((CFArrayRef)peerCertificateChain);
 }