Client certificate credentials with session persistence don’t work
authormitz@apple.com <mitz@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 4 Nov 2014 00:17:25 +0000 (00:17 +0000)
committermitz@apple.com <mitz@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 4 Nov 2014 00:17:25 +0000 (00:17 +0000)
https://bugs.webkit.org/show_bug.cgi?id=138330

Reviewed by Alexey Proskuryakov.

I think this is not testable with our test HTTP server.

* platform/network/CredentialStorage.cpp:
(WebCore::CredentialStorage::set): Don’t require a valid URL for client certificate
credentials, since they don’t apply to a specific path. Don’t save such credentials to
CFNetwork’s persistent storage (we only do that as a workaround for sharing credentials
with the media framework, and we don’t want to expand the scope of the workaround).
* platform/network/cf/ResourceHandleCFNet.cpp:
(WebCore::ResourceHandle::receivedCredential): Changed to use the Credential consturctor
that takes a Credential and a new persistence, so that this code works not only with
user+password credentials.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@175495 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/platform/network/CredentialStorage.cpp
Source/WebCore/platform/network/cf/ResourceHandleCFNet.cpp

index 5791f45..6dcd475 100644 (file)
@@ -1,3 +1,22 @@
+2014-11-03  Dan Bernstein  <mitz@apple.com>
+
+        Client certificate credentials with session persistence don’t work
+        https://bugs.webkit.org/show_bug.cgi?id=138330
+
+        Reviewed by Alexey Proskuryakov.
+
+        I think this is not testable with our test HTTP server.
+
+        * platform/network/CredentialStorage.cpp:
+        (WebCore::CredentialStorage::set): Don’t require a valid URL for client certificate
+        credentials, since they don’t apply to a specific path. Don’t save such credentials to
+        CFNetwork’s persistent storage (we only do that as a workaround for sharing credentials
+        with the media framework, and we don’t want to expand the scope of the workaround).
+        * platform/network/cf/ResourceHandleCFNet.cpp:
+        (WebCore::ResourceHandle::receivedCredential): Changed to use the Credential consturctor
+        that takes a Credential and a new persistence, so that this code works not only with
+        user+password credentials.
+
 2014-11-03  Simon Fraser  <simon.fraser@apple.com>
 
         Add page overlays that show regions with mouseWheel event handlers, and the non-fast-scrollable region, and code to toggle them in MiniBrowser WK2
index 41005d0..47545ce 100644 (file)
@@ -93,16 +93,17 @@ static String protectionSpaceMapKeyFromURL(const URL& url)
 
 void CredentialStorage::set(const Credential& credential, const ProtectionSpace& protectionSpace, const URL& url)
 {
-    ASSERT(protectionSpace.isProxy() || url.protocolIsInHTTPFamily());
-    ASSERT(protectionSpace.isProxy() || url.isValid());
+    ASSERT(protectionSpace.isProxy() || protectionSpace.authenticationScheme() == ProtectionSpaceAuthenticationSchemeClientCertificateRequested || url.protocolIsInHTTPFamily());
+    ASSERT(protectionSpace.isProxy() || protectionSpace.authenticationScheme() == ProtectionSpaceAuthenticationSchemeClientCertificateRequested || url.isValid());
 
     protectionSpaceToCredentialMap().set(protectionSpace, credential);
 
 #if PLATFORM(IOS)
-    saveToPersistentStorage(protectionSpace, credential);
+    if (protectionSpace.authenticationScheme() != ProtectionSpaceAuthenticationSchemeClientCertificateRequested)
+        saveToPersistentStorage(protectionSpace, credential);
 #endif
 
-    if (!protectionSpace.isProxy()) {
+    if (!protectionSpace.isProxy() && protectionSpace.authenticationScheme() != ProtectionSpaceAuthenticationSchemeClientCertificateRequested) {
         originsWithCredentials().add(originStringFromURL(url));
 
         ProtectionSpaceAuthenticationScheme scheme = protectionSpace.authenticationScheme();
index cb8faa6..70dc9d4 100644 (file)
@@ -424,7 +424,7 @@ void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge
     if (credential.persistence() == CredentialPersistenceForSession && challenge.protectionSpace().authenticationScheme() != ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
         // Manage per-session credentials internally, because once NSURLCredentialPersistencePerSession is used, there is no way
         // to ignore it for a particular request (short of removing it altogether).
-        Credential webCredential(credential.user(), credential.password(), CredentialPersistenceNone);
+        Credential webCredential(credential, CredentialPersistenceNone);
 
         URL urlToStore;
         if (challenge.failureResponse().httpStatusCode() == 401)