Reviewed by Don.
authormjs <mjs@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 5 Jun 2005 20:42:32 +0000 (20:42 +0000)
committermjs <mjs@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 5 Jun 2005 20:42:32 +0000 (20:42 +0000)
- remove security code and use the stuff from WebKitSystemInterface instead

        * WebCoreSupport.subproj/WebKeyGenerator.m:
        (-[WebKeyGenerator signedPublicKeyAndChallengeStringWithStrengthIndex:challenge:pageURL:]):
        (-[WebKeyGenerator addCertificatesToKeychainFromData:]):
        * WebCoreSupport.subproj/WebNewKeyGeneration.c: Removed.
        * WebCoreSupport.subproj/WebNewKeyGeneration.h: Removed.
        * WebKit.pbproj/project.pbxproj:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@9277 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebKit/ChangeLog
WebKit/WebCoreSupport.subproj/WebKeyGenerator.m
WebKit/WebCoreSupport.subproj/WebNewKeyGeneration.c [deleted file]
WebKit/WebCoreSupport.subproj/WebNewKeyGeneration.h [deleted file]
WebKit/WebKit.pbproj/project.pbxproj

index e5b57d06e748d4e03257744225cc5e3add07b5c1..0c970d268354494bf8b07ca0e485a2aa54038dd9 100644 (file)
@@ -1,3 +1,16 @@
+2005-06-05  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Don.
+
+       - remove security code and use the stuff from WebKitSystemInterface instead
+
+        * WebCoreSupport.subproj/WebKeyGenerator.m:
+        (-[WebKeyGenerator signedPublicKeyAndChallengeStringWithStrengthIndex:challenge:pageURL:]):
+        (-[WebKeyGenerator addCertificatesToKeychainFromData:]):
+        * WebCoreSupport.subproj/WebNewKeyGeneration.c: Removed.
+        * WebCoreSupport.subproj/WebNewKeyGeneration.h: Removed.
+        * WebKit.pbproj/project.pbxproj:
+
 2005-06-05  Darin Adler  <darin@apple.com>
 
         - added appropriate license headers to most files and updated copyright to reflect publication dates
index 8126b917eff013275920a4c931814ffccadfc43b..c441ffb64f19819eb8530a38be54ad11ae97b138 100644 (file)
 
 #import <WebKit/WebAssertions.h>
 #import <WebKit/WebLocalizableStrings.h>
-
-#ifdef USE_NEW_KEY_GENERATION
-#import <WebKit/WebNewKeyGeneration.h>
-#else 
-#import <WebKit/WebKeyGeneration.h>
-#endif
+#import <WebKitSystemInterface.h>
 
 @implementation WebKeyGenerator
 
     }
     
     NSString *keyDescription = [NSString stringWithFormat:UI_STRING("Key from %@", "name of keychain key generated by the KEYGEN tag"), [pageURL host]];
-    return [(NSString *)signedPublicKeyAndChallengeString(keySize, (CFStringRef)challenge, (CFStringRef)keyDescription) autorelease];
+    return [(NSString *)WKSignedPublicKeyAndChallengeString(keySize, (CFStringRef)challenge, (CFStringRef)keyDescription) autorelease];
 }
 
 - (WebCertificateParseResult)addCertificatesToKeychainFromData:(NSData *)data
 {
-    return addCertificatesToKeychainFromData([data bytes], [data length]);
+    return WKAddCertificatesToKeychainFromData([data bytes], [data length]);
 }
 
 @end
diff --git a/WebKit/WebCoreSupport.subproj/WebNewKeyGeneration.c b/WebKit/WebCoreSupport.subproj/WebNewKeyGeneration.c
deleted file mode 100644 (file)
index 146b117..0000000
+++ /dev/null
@@ -1,606 +0,0 @@
-/*
- * Copyright (C) 2005 Apple Computer, Inc.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1.  Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer. 
- * 2.  Redistributions in binary form must reproduce the above copyright
- *     notice, this list of conditions and the following disclaimer in the
- *     documentation and/or other materials provided with the distribution. 
- * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
- *     its contributors may be used to endorse or promote products derived
- *     from this software without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#import <WebKit/WebNewKeyGeneration.h>
-
-#ifdef USE_NEW_KEY_GENERATION
-
-#import <Security/asn1Templates.h>
-#import <Security/SecAsn1Coder.h>
-#import <Security/secasn1t.h>
-#import <Security/Security.h>
-
-/*
- * Netscape Certifiate Sequence is defined by Netscape as a PKCS7
- * ContentInfo with a contentType of netscape-cert-sequence and a content
- * consisting of a sequence of certificates.
- *
- * For simplicity - i.e., to avoid the general purpose ContentInfo
- * polymorphism - we'll just hard-code this particular type right here.
- *
- * Inside the ContentInfo is an array of standard X509 certificates.
- * We don't need to parse the certs themselves so they remain as
- * opaque data blobs.
- */
-typedef struct {
-  CSSM_OID              contentType;            // netscape-cert-sequence
-  CSSM_DATA             **certs;
-} NetscapeCertSequence;
-
-extern const SecAsn1Template NetscapeCertSequenceTemplate[];
-
-/*
- * Public key/challenge, to send to CA.
- *
- * PublicKeyAndChallenge ::= SEQUENCE {
- *
- * ???\200?     spki SubjectPublicKeyInfo,
- *      challenge IA5STRING
- * }
- *
- * SignedPublicKeyAndChallenge ::= SEQUENCE {
- *              publicKeyAndChallenge PublicKeyAndChallenge,
- *              signatureAlgorithm AlgorithmIdentifier,
- *              signature BIT STRING
- * }
- */
-typedef struct {
-  CSSM_X509_SUBJECT_PUBLIC_KEY_INFO     spki;
-  CSSM_DATA                                                     challenge;      // ASCII
-} PublicKeyAndChallenge;
-
-typedef struct {
-  PublicKeyAndChallenge                         pubKeyAndChallenge;
-  CSSM_X509_ALGORITHM_IDENTIFIER                algId;
-  CSSM_DATA                                                     signature; // length in BITS
-} SignedPublicKeyAndChallenge;
-
-extern const SecAsn1Template PublicKeyAndChallengeTemplate[];
-extern const SecAsn1Template SignedPublicKeyAndChallengeTemplate[];
-
-
-#import <WebKit/WebAssertions.h>
-
-#import <Security/keyTemplates.h>
-#import <Security/SecKeyPriv.h>                /* Security.framework SPI */
-
-#import <security_cdsa_utils/cuEnc64.h>
-
-/* hard coded params, some of which may come from the user in real life */
-#define GNR_KEY_ALG                    CSSM_ALGID_RSA
-#define GNR_SIG_ALG                    CSSM_ALGID_MD5WithRSA
-#define GNR_SIG_ALGOID                  CSSMOID_MD5WithRSA
-
-const SecAsn1Template NetscapeCertSequenceTemplate[] = {
-{ SEC_ASN1_SEQUENCE,
-    0, NULL, sizeof(NetscapeCertSequence) },
-{ SEC_ASN1_OBJECT_ID,
-    offsetof(NetscapeCertSequence, contentType), 0, 0 },
-{ SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 
-    SEC_ASN1_CONTEXT_SPECIFIC | 0 , 
-    offsetof(NetscapeCertSequence, certs),
-    kSecAsn1SequenceOfAnyTemplate, 0 },
-{ 0, 0, 0, 0 }
-};
-
-const SecAsn1Template PublicKeyAndChallengeTemplate[] = {
-    { SEC_ASN1_SEQUENCE,
-        0, NULL, sizeof(PublicKeyAndChallenge) },
-    { SEC_ASN1_INLINE,
-        offsetof(PublicKeyAndChallenge, spki),
-        kSecAsn1SubjectPublicKeyInfoTemplate, 0},
-    { SEC_ASN1_INLINE,
-        offsetof(PublicKeyAndChallenge, challenge),
-        kSecAsn1IA5StringTemplate, 0 },
-    { 0, 0, 0, 0}
-};
-
-const SecAsn1Template SignedPublicKeyAndChallengeTemplate[] = {
-    { SEC_ASN1_SEQUENCE,
-        0, NULL, sizeof(SignedPublicKeyAndChallenge) },
-    { SEC_ASN1_INLINE,
-        offsetof(SignedPublicKeyAndChallenge, pubKeyAndChallenge),
-        PublicKeyAndChallengeTemplate, 0 },
-    { SEC_ASN1_INLINE,
-        offsetof(SignedPublicKeyAndChallenge, algId),
-        kSecAsn1AlgorithmIDTemplate, 0 },
-    { SEC_ASN1_BIT_STRING,
-        offsetof(SignedPublicKeyAndChallenge, signature), 0, 0 },
-    { 0, 0, 0, 0 }
-};
-
-void gnrNullAlgParams(CSSM_X509_ALGORITHM_IDENTIFIER *algId);
-CSSM_RETURN gnrSign(CSSM_CSP_HANDLE            cspHand,
-                    const CSSM_DATA            *plainText,
-                    SecKeyRef                  privKey,
-                    CSSM_ALGORITHMS            sigAlg,         // e.g., CSSM_ALGID_SHA1WithRSA
-                    CSSM_DATA                  *sig);
-unsigned nssArraySize(const void **array);
-bool addCertificateToKeychainFromData(const unsigned char *certData,
-                                      unsigned certDataLen,
-                                      unsigned certNum);
-
-/*
- * Given a context specified via a CSSM_CC_HANDLE, add a new
- * CSSM_CONTEXT_ATTRIBUTE to the context as specified by AttributeType,
- * AttributeLength, and an untyped pointer.
- *
- * This is currently used to add a second CSSM_KEY attribute when performing
- * ops with algorithm CSSM_ALGID_FEED and CSSM_ALGID_FEECFILE.
- */
-static CSSM_RETURN gnrAddContextAttribute(CSSM_CC_HANDLE CCHandle,
-                                          uint32 AttributeType,
-                                          uint32 AttributeLength,
-                                          const void *AttributePtr)
-{
-    CSSM_CONTEXT_ATTRIBUTE             newAttr;        
-    CSSM_RETURN                                        crtn;
-    
-    newAttr.AttributeType     = AttributeType;
-    newAttr.AttributeLength   = AttributeLength;
-    newAttr.Attribute.Data    = (CSSM_DATA_PTR)AttributePtr;
-    crtn = CSSM_UpdateContextAttributes(CCHandle, 1, &newAttr);
-    if(crtn) {
-        ERROR("CSSM_UpdateContextAttributes", crtn);
-    }
-    return crtn;
-}
-
-/*
- * Given a public key as a SecKeyRef, obtain the key material in
- * SubjectPublicKeyInfo format. This entails a NULL wrap to format
- * in CSSM_KEYBLOB_RAW_FORMAT_X509 form. Caller must eventually
- * free the returned key via CSSM_FreeKey().
- */
-static OSStatus gnrGetSubjPubKey(
-                                 CSSM_CSP_HANDLE       cspHand,
-                                 SecKeyRef secKey,
-                                 CSSM_KEY_PTR subjPubKey)              // RETURNED
-{
-    CSSM_CC_HANDLE             ccHand;
-    CSSM_RETURN                        crtn;
-    CSSM_ACCESS_CREDENTIALS    creds;
-    const CSSM_KEY             *refPubKey;
-    OSStatus                   ortn;
-    
-    /* Get public key in CSSM form */
-    ortn = SecKeyGetCSSMKey(secKey, &refPubKey);
-    if(ortn) {
-        ERROR("SecKeyGetCSSMKey", ortn);
-        return ortn;
-    }
-    
-    /* NULL wrap via CSPDL */
-    memset(subjPubKey, 0, sizeof(CSSM_KEY));
-    memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
-    crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
-                                           CSSM_ALGID_NONE,
-                                           CSSM_ALGMODE_NONE,
-                                           &creds,                             // passPhrase
-                                           NULL,                               // wrapping key
-                                           NULL,                               // init vector
-                                           CSSM_PADDING_NONE,  // Padding
-                                           0,                                  // Params
-                                           &ccHand);
-    if(crtn) {
-        ERROR("gnrGetSubjPubKey CSSM_CSP_CreateSymmetricContext", 
-                     crtn);
-        return crtn;
-    }
-    
-    /*
-     * Specify X509 format' that is NOT the default for RSA (PKCS1 is)
-     */
-    crtn = gnrAddContextAttribute(ccHand,
-                                  CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT,
-                                  sizeof(uint32),
-                                  (void *)CSSM_KEYBLOB_RAW_FORMAT_X509);
-    if(crtn) {
-        ERROR("gnrAddContextAttribute", crtn);
-        goto errOut;
-    }
-    
-    crtn = CSSM_WrapKey(ccHand,
-                        &creds,
-                        refPubKey,
-                        NULL,                  // DescriptiveData
-                        subjPubKey);
-    if(crtn) {
-        ERROR("CSSM_WrapKey", crtn);
-    }
-errOut:
-        CSSM_DeleteContext(ccHand);
-    return crtn;
-}
-
-/* 
-* Set up a encoded NULL for CSSM_X509_ALGORITHM_IDENTIFIER.parameters.
- */
-void gnrNullAlgParams(CSSM_X509_ALGORITHM_IDENTIFIER *algId)
-{
-    static const uint8 encNull[2] = { SEC_ASN1_NULL, 0 };
-    algId->parameters.Data = (uint8 *)encNull;
-    algId->parameters.Length = 2;
-}
-
-/*
- * Sign specified plaintext. Caller must free signature data via
- * gnrFreeCssmData().
- */
-CSSM_RETURN gnrSign(CSSM_CSP_HANDLE            cspHand,
-                    const CSSM_DATA            *plainText,
-                    SecKeyRef                  privKey,
-                    CSSM_ALGORITHMS            sigAlg,         // e.g., CSSM_ALGID_SHA1WithRSA
-                    CSSM_DATA                  *sig)           // allocated by CSP and RETURNED
-{
-    CSSM_CC_HANDLE             ccHand;
-    CSSM_RETURN                        crtn;
-    const CSSM_KEY             *refPrivKey;
-    OSStatus                   ortn;
-    const CSSM_ACCESS_CREDENTIALS *creds;
-    
-    /* Get private key in CSSM form */
-    ortn = SecKeyGetCSSMKey(privKey, &refPrivKey);
-    if(ortn) {
-        ERROR("SecKeyGetCSSMKey", ortn);
-        return ortn;
-    }
-    
-    /* Get appropriate access credentials */
-    ortn = SecKeyGetCredentials(privKey,
-                                CSSM_ACL_AUTHORIZATION_SIGN,
-                                kSecCredentialTypeDefault,
-                                &creds);
-    if(ortn) {
-        ERROR("SecKeyGetCredentials", ortn);
-        return ortn;
-    }
-    
-    /* cook up signature context */
-    crtn = CSSM_CSP_CreateSignatureContext(cspHand,
-                                           sigAlg,
-                                           creds,      
-                                           refPrivKey,
-                                           &ccHand);
-    if(crtn) {
-        ERROR("CSSM_CSP_CreateSignatureContext", ortn);
-        return crtn;
-    }
-    
-    /* go for it */
-    sig->Data = NULL;
-    sig->Length = 0;
-    crtn = CSSM_SignData(ccHand,
-                         plainText,
-                         1,
-                         CSSM_ALGID_NONE,
-                         sig);
-    if(crtn) {
-        ERROR("CSSM_SignData", ortn);
-    }
-    CSSM_DeleteContext(ccHand);
-    return crtn;
-}
-
-/*
- * Free data mallocd on app's behalf by a CSSM module.
- */
-static void gnrFreeCssmData(
-                            CSSM_HANDLE                modHand,
-                            CSSM_DATA          *cdata)
-{
-    CSSM_API_MEMORY_FUNCS memFuncs;
-    CSSM_RETURN crtn = CSSM_GetAPIMemoryFunctions(modHand, &memFuncs);
-    if(crtn) {
-        ERROR("CSSM_GetAPIMemoryFunctions", crtn);
-        /* oh well, leak and continue */
-    }
-    else {
-        memFuncs.free_func(cdata->Data, memFuncs.AllocRef);
-    }
-    return;
-}
-
-unsigned nssArraySize(const void **array)
-{
-    unsigned count = 0;
-    if (array) {
-        while (*array++) {
-            count++;
-        }
-    }
-    return count;
-}
-
-CFStringRef signedPublicKeyAndChallengeString(unsigned keySize, CFStringRef challenge, CFStringRef keyDescription)
-{
-    OSStatus           ortn;
-    CSSM_RETURN                crtn;
-    SecKeyRef          pubKey = NULL;
-    SecKeyRef          privKey = NULL;
-    CSSM_KEY           subjectPubKey;
-    bool                freeSubjPubKey = false;
-    CSSM_CSP_HANDLE    cspHand;
-    SecAsn1CoderRef     coder = NULL;
-    SignedPublicKeyAndChallenge        spkc;
-    PublicKeyAndChallenge              *pkc = &spkc.pubKeyAndChallenge;
-    /* DER encoded spkc.pubKeyAndChallenge and spkc */
-    CSSM_DATA          encodedPkc = {0, NULL};         
-    CSSM_DATA          encodedSpkc = {0, NULL};
-    CSSM_DATA          signature = {0, NULL};
-    unsigned char      *spkcB64 = NULL;                // base64 encoded encodedSpkc
-    unsigned           spkcB64Len;
-    SecAccessRef        accessRef;
-    CFArrayRef          acls;
-    SecACLRef           acl;
-    CFStringRef         result = NULL;
-    
-    ortn = SecAccessCreate(keyDescription, NULL, &accessRef);
-    if (ortn) {
-        ERROR("***SecAccessCreate %d", ortn);
-        goto errOut;
-    }
-    ortn = SecAccessCopySelectedACLList(accessRef, CSSM_ACL_AUTHORIZATION_DECRYPT, &acls);
-    if (ortn) {
-        ERROR("***SecAccessCopySelectedACLList %d", ortn);
-        goto errOut;
-    }
-    acl = (SecACLRef)CFArrayGetValueAtIndex(acls, 0);
-    CFRelease(acls);
-    ortn = SecACLSetSimpleContents(acl, NULL, keyDescription, NULL);
-    if (ortn) {
-        ERROR("***SecACLSetSimpleContents %d", ortn);
-        goto errOut;
-    }
-    
-    // Cook up a key pair, just use any old params for now
-    ortn = SecKeyCreatePair(nil,                                        // in default KC
-                            GNR_KEY_ALG,                                // normally spec'd by user
-                            keySize,                                    // key size, ditto
-                            0,                                          // ContextHandle
-                            CSSM_KEYUSE_ANY,                            // might want to restrict this
-                            CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_EXTRACTABLE | 
-                            CSSM_KEYATTR_RETURN_REF,                    // pub attrs
-                            CSSM_KEYUSE_ANY,                           // might want to restrict this
-                            CSSM_KEYATTR_SENSITIVE | CSSM_KEYATTR_RETURN_REF |
-                            CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_EXTRACTABLE,
-                            accessRef,
-                            &pubKey,
-                            &privKey);
-    if (ortn != noErr) {
-        ERROR("***SecKeyCreatePair %d", ortn);
-        goto errOut;
-    }
-    
-    /* get handle of CSPDL for crypto ops */
-    ortn = SecKeyGetCSPHandle(privKey, &cspHand);
-    if (ortn != noErr) {
-        ERROR("***SecKeyGetCSPHandle", ortn);
-        goto errOut;
-    }
-    
-    /*
-     * Get the public key in encoded SubjectPublicKeyInfo form.
-     */
-    ortn = gnrGetSubjPubKey(cspHand, pubKey, &subjectPubKey);
-    if (ortn != noErr) {
-        goto errOut;
-    }
-    freeSubjPubKey = true;
-    
-    ortn = SecAsn1CoderCreate(&coder);
-    if (ortn != noErr) {
-        ERROR("***SecAsn1CoderCreate", ortn);
-        goto errOut;
-    }
-    
-    /*
-     * Cook up PublicKeyAndChallenge and DER-encode it.
-     * First, DER-decode the key's SubjectPublicKeyInfo.
-     */
-    memset(&spkc, 0, sizeof(spkc));
-    
-    ortn = SecAsn1DecodeData(coder, &subjectPubKey.KeyData, kSecAsn1SubjectPublicKeyInfoTemplate, &pkc->spki);
-    if (ortn != noErr) {
-        /* should never happen */
-        ERROR("***Error decoding subject public key info\n");
-        goto errOut;
-    }
-    
-    pkc->challenge.Length = CFStringGetLength(challenge);
-    if (pkc->challenge.Length == 0) {
-        pkc->challenge.Length = 1;
-        pkc->challenge.Data = (uint8 *)strdup("\0");
-    } else {
-        pkc->challenge.Data = (uint8 *)malloc(pkc->challenge.Length + 1);
-        CFStringGetCString(challenge,  (char *)pkc->challenge.Data, pkc->challenge.Length + 1, kCFStringEncodingASCII);
-    }
-    ortn = SecAsn1EncodeItem(coder, pkc, PublicKeyAndChallengeTemplate, &encodedPkc);
-    if (ortn != noErr) {
-        /* should never happen */
-        ERROR("***Error encoding PublicKeyAndChallenge\n");
-        goto errOut;
-    }
-    
-    /*
-     * Sign the encoded PublicKeyAndChallenge.
-     */
-    crtn = gnrSign(cspHand, &encodedPkc, privKey, GNR_SIG_ALG, &signature);
-    if (crtn) {
-        goto errOut;
-    }
-    
-    /*
-     * Cook up SignedPublicKeyAndChallenge, DER-encode that. 
-     * The PublicKeyAndChallenge stays in place where we originally
-     * created it before we signed it. Now we just add the algId
-     * and the signature proper.
-     */
-    spkc.algId.algorithm = GNR_SIG_ALGOID;
-    gnrNullAlgParams(&spkc.algId);
-    spkc.signature = signature;
-    /* convert to BIT length */
-    spkc.signature.Length *= 8;
-    ortn = SecAsn1EncodeItem(coder, &spkc, SignedPublicKeyAndChallengeTemplate, &encodedSpkc);
-    if (ortn != noErr) {
-        /* should never happen */
-        ERROR("***Error encoding SignedPublicKeyAndChallenge\n");
-        goto errOut;
-    }
-    
-    /*
-     * Finally base64 the result and write that to outFile.
-     * cuEnc64() gives us a NULL-terminated string; we strip off the NULL.
-     */
-    spkcB64 = cuEnc64(encodedSpkc.Data, encodedSpkc.Length, &spkcB64Len);
-    if (spkcB64 == NULL) {
-        /* should never happen */
-        FATAL("***Error base64-encoding the result\n");
-        goto errOut;
-    }
-    
-errOut:
-    if (coder != NULL) {
-        SecAsn1CoderRelease(coder);
-    }
-    if (freeSubjPubKey) {
-        CSSM_FreeKey(cspHand, NULL, &subjectPubKey, CSSM_FALSE);
-    }
-    if (signature.Data) {
-        gnrFreeCssmData(cspHand, &signature);
-    }
-    if (pubKey) {
-        CFRelease(pubKey);
-    }
-    if (privKey) {
-        CFRelease(privKey);
-    }
-    if (accessRef) {
-        CFRelease(accessRef);
-    }    
-    if (pkc->challenge.Data) {
-        free(pkc->challenge.Data);
-    }
-    if (spkcB64) {
-        result = CFStringCreateWithCString(NULL, (const char *)spkcB64, kCFStringEncodingASCII);
-        free(spkcB64);
-    }
-    return result;
-}
-
-/* 
-* Per-cert processing, called for each cert we extract from the 
- * incoming blob.
- */
-bool addCertificateToKeychainFromData(const unsigned char *certData,
-                                      unsigned certDataLen,
-                                      unsigned certNum)
-{
-    CSSM_DATA cert = {certDataLen, (uint8 *)certData};
-    SecCertificateRef certRef;
-    
-    /* Make a SecCertificateRef */
-    OSStatus ortn = SecCertificateCreateFromData(&cert, 
-                                                 CSSM_CERT_X_509v3,
-                                                 CSSM_CERT_ENCODING_DER,
-                                                 &certRef);
-    if (ortn != noErr) {
-        ERROR("SecCertificateCreateFromData returned %d", (int)ortn);
-        return false;
-    }
-    
-    /* 
-        * Add it to default keychain.
-        * Many people will be surprised that this op works without
-        * the user having to unlock the keychain. 
-        */
-    ortn = SecCertificateAddToKeychain(certRef, nil);
-    
-    /* Free the cert in any case */
-    CFRelease(certRef);
-    switch(ortn) {
-        case noErr:
-            break;
-        case errSecDuplicateItem:
-            /* Not uncommon, definitely not an error */
-            ERROR("cert %u already present in keychain", certNum);
-            break;
-        default:
-            ERROR("SecCertificateAddToKeychain returned %d", (int)ortn);
-            return false;
-    }
-
-    return true;
-}
-
-WebCertificateParseResult addCertificatesToKeychainFromData(const void *bytes, unsigned length)
-{   
-    WebCertificateParseResult result = WebCertificateParseResultFailed;
-
-    /* DER-decode, first as NetscapeCertSequence */
-    SecAsn1CoderRef coder = NULL;
-    NetscapeCertSequence certSeq;
-    OSErr ortn;
-    
-    ortn = SecAsn1CoderCreate(&coder);
-    if (ortn == noErr) {
-        memset(&certSeq, 0, sizeof(certSeq));
-        ortn = SecAsn1Decode(coder, bytes, length, NetscapeCertSequenceTemplate, &certSeq);
-        if (ortn == noErr) {
-            if (certSeq.contentType.Length == CSSMOID_PKCS7_SignedData.Length &&
-                memcmp(certSeq.contentType.Data, CSSMOID_PKCS7_SignedData.Data, certSeq.contentType.Length) == 0) {
-                return WebCertificateParseResultPKCS7;
-            }
-            /*
-             * Last cert is a root, which we do NOT want to add
-             * to the user's keychain.
-             */
-            unsigned numCerts = nssArraySize((const void **)certSeq.certs) - 1;
-            unsigned i;
-            for (i=0; i<numCerts; i++) {
-                CSSM_DATA *cert = certSeq.certs[i];
-                result = addCertificateToKeychainFromData(cert->Data, cert->Length, i) ? WebCertificateParseResultSucceeded : WebCertificateParseResultFailed;
-            } 
-        } else {
-            /*
-             * Didn't appear to be a NetscapeCertSequence; assume it's just 
-             * a cert. FIXME: Netscape spec says the blob might also be PKCS7
-             * format, which we're not handling here.
-             */
-            result = addCertificateToKeychainFromData(bytes, length, 0) ? WebCertificateParseResultSucceeded : WebCertificateParseResultFailed;
-        }
-    }
-    
-    if (coder != NULL) {
-        SecAsn1CoderRelease(coder);
-    }
-
-    return result;
-}
-
-#endif /* USE_NEW_KEY_GENERATION */
diff --git a/WebKit/WebCoreSupport.subproj/WebNewKeyGeneration.h b/WebKit/WebCoreSupport.subproj/WebNewKeyGeneration.h
deleted file mode 100644 (file)
index 9532350..0000000
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (C) 2005 Apple Computer, Inc.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1.  Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer. 
- * 2.  Redistributions in binary form must reproduce the above copyright
- *     notice, this list of conditions and the following disclaimer in the
- *     documentation and/or other materials provided with the distribution. 
- * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
- *     its contributors may be used to endorse or promote products derived
- *     from this software without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef        WEB_KEY_GENERATION_H
-#define WEB_KEY_GENERATION_H
-
-#import <WebKit/WebKeyGenerator.h>
-
-#ifdef USE_NEW_KEY_GENERATION
-
-#import <CoreFoundation/CoreFoundation.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-    CFStringRef signedPublicKeyAndChallengeString(unsigned keySize, CFStringRef challenge, CFStringRef keyDescription);
-    WebCertificateParseResult addCertificatesToKeychainFromData(const void *bytes, unsigned length);
-    
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* USE_NEW_KEY_GENERATION */
-
-#endif /* WEB_KEY_GENERATION_H */
index ee3e7bcf06b624271779f4173e1d78687b4870b0..6293c4b82bd919ea961e08f9847168134fb6db56 100644 (file)
                        refType = 4;
                        sourceTree = "<group>";
                };
-               83634A7106DA5ECD0026E290 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       lastKnownFileType = sourcecode.c.c;
-                       path = WebNewKeyGeneration.c;
-                       refType = 4;
-                       sourceTree = "<group>";
-               };
-               83634A7206DA5ECD0026E290 = {
-                       fileEncoding = 30;
-                       isa = PBXFileReference;
-                       lastKnownFileType = sourcecode.c.h;
-                       path = WebNewKeyGeneration.h;
-                       refType = 4;
-                       sourceTree = "<group>";
-               };
                83730F9803FB1E660004736E = {
                        fileEncoding = 4;
                        isa = PBXFileReference;
                                939811300824BF01008DF038,
                                933932420825A64800AADA6B,
                                9339323E0825A64200AADA6B,
-                               93AF496408253CC7005D0156,
                                93AF52D608254E2D005D0156,
                                933932460825A65300AADA6B,
-                               9398100C0824BF01008DF038,
                                9398100D0824BF01008DF038,
                                939810B20824BF01008DF038,
                                939810BB0824BF01008DF038,
                                DYLIB_COMPATIBILITY_VERSION = 1;
                                DYLIB_CURRENT_VERSION = 1;
                                EXPORTED_SYMBOLS_FILE = WebKit.exp;
-                               FRAMEWORK_SEARCH_PATHS = "/System/Library/Frameworks/WebKit.framework/Frameworks /System/Library/Frameworks/ApplicationServices.framework/Frameworks $(SYSTEM_LIBRARY_DIR)/Frameworks/Carbon.framework/Frameworks /System/Library/PrivateFrameworks /usr/local/SecurityPieces/Frameworks $(DERIVED_FILE_DIR)";
+                               FRAMEWORK_SEARCH_PATHS = "/System/Library/Frameworks/WebKit.framework/Frameworks /System/Library/Frameworks/ApplicationServices.framework/Frameworks $(SYSTEM_LIBRARY_DIR)/Frameworks/Carbon.framework/Frameworks /System/Library/PrivateFrameworks $(DERIVED_FILE_DIR)";
                                GCC_ENABLE_OBJC_GC = YES;
                                GCC_FAST_OBJC_DISPATCH = YES;
                                GCC_OPTIMIZATION_LEVEL = s;
                                JAVASCRIPTCORE_PRIVATE_HEADERS_DIR = "$(UMBRELLA_FRAMEWORKS_DIR)/JavaScriptCore.framework/PrivateHeaders";
                                OTHER_CFLAGS = "-Wbad-function-cast -Wmissing-declarations -Wnested-externs";
                                OTHER_CPLUSPLUSFLAGS = "";
-                               OTHER_LDFLAGS = "$(STYLE_LDFLAGS) $(OBJECT_FILE_DIR)/WebKitSecurity.a -framework security_cdsa_utils-WebKit";
+                               OTHER_LDFLAGS = "$(STYLE_LDFLAGS)";
                                PRODUCT_NAME = WebKit;
                                SECTORDER_FLAGS = "-sectorder __TEXT __text /AppleInternal/OrderFiles/WebKit.order";
                                STYLE_LDFLAGS = "-sub_umbrella WebCore -sub_umbrella JavaScriptCore";
                        productReference = 939811330824BF01008DF038;
                        productType = "com.apple.product-type.framework";
                };
-               9398100C0824BF01008DF038 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                       );
-                       inputPaths = (
-                               WebKitSecurityDummy.c,
-                       );
-                       isa = PBXShellScriptBuildPhase;
-                       name = WebKitSecurity.a;
-                       outputPaths = (
-                               "$(OBJECT_FILE_DIR)/WebKitSecurity.a",
-                       );
-                       runOnlyForDeploymentPostprocessing = 0;
-                       shellPath = /bin/sh;
-                       shellScript = "mkdir -p \"$OBJECT_FILE_DIR\"\nif [ -f /usr/local/lib/libnssasn1.a ]\nthen\n\tlibtool -static -o \"$OBJECT_FILE_DIR/WebKitSecurity.a\" /usr/local/lib/libnssasn1.a /usr/local/lib/libCdsaUtils.a\nelse\n\tgcc -c WebKitSecurityDummy.c -o \"$TEMP_DIR/WebKitSecurityDummy.o\"\n\tlibtool -static -o \"$OBJECT_FILE_DIR/WebKitSecurity.a\" \"$TEMP_DIR/WebKitSecurityDummy.o\"\nfi";
-               };
                9398100D0824BF01008DF038 = {
                        buildActionMask = 2147483647;
                        files = (
                                939810A20824BF01008DF038,
                                939810A40824BF01008DF038,
                                939810A50824BF01008DF038,
-                               939810A60824BF01008DF038,
                                939810A70824BF01008DF038,
                                939810A80824BF01008DF038,
                                939810A90824BF01008DF038,
                        settings = {
                        };
                };
-               939810A60824BF01008DF038 = {
-                       fileRef = 83634A7206DA5ECD0026E290;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
                939810A70824BF01008DF038 = {
                        fileRef = 93B641FA06E292BC0055F610;
                        isa = PBXBuildFile;
                                9398111D0824BF01008DF038,
                                9398111E0824BF01008DF038,
                                9398111F0824BF01008DF038,
-                               939811200824BF01008DF038,
                                939811210824BF01008DF038,
                                939811220824BF01008DF038,
                                939811230824BF01008DF038,
                        settings = {
                        };
                };
-               939811200824BF01008DF038 = {
-                       fileRef = 83634A7106DA5ECD0026E290;
-                       isa = PBXBuildFile;
-                       settings = {
-                       };
-               };
                939811210824BF01008DF038 = {
                        fileRef = 93B641F906E292BC0055F610;
                        isa = PBXBuildFile;
                        refType = 4;
                        sourceTree = "<group>";
                };
-               93AF496408253CC7005D0156 = {
-                       buildActionMask = 2147483647;
-                       files = (
-                       );
-                       inputPaths = (
-                               /usr/local/SecurityPieces/Frameworks/security_cdsa_utils.framework/security_cdsa_utils,
-                               /System/Library/Frameworks/System.framework,
-                       );
-                       isa = PBXShellScriptBuildPhase;
-                       name = "security_cdsa_utils-WebKit.framework";
-                       outputPaths = (
-                               "$(DERIVED_FILE_DIR)/security_cdsa_utils-WebKit.stamp",
-                       );
-                       runOnlyForDeploymentPostprocessing = 0;
-                       shellPath = /bin/sh;
-                       shellScript = "rm -rf \"$DERIVED_FILE_DIR/security_cdsa_utils-WebKit.framework\"\nmkdir \"$DERIVED_FILE_DIR/security_cdsa_utils-WebKit.framework\"\nif [ -f /usr/local/SecurityPieces/Frameworks/security_cdsa_utils.framework/security_cdsa_utils ]\n    then ln -s /usr/local/SecurityPieces/Frameworks/security_cdsa_utils.framework/security_cdsa_utils \"$DERIVED_FILE_DIR/security_cdsa_utils-WebKit.framework/security_cdsa_utils-WebKit\"\n    else ln -s /System/Library/Frameworks/System.framework \"$DERIVED_FILE_DIR/security_cdsa_utils-WebKit.framework/security_cdsa_utils-WebKit\"\nfi\ntouch \"$DERIVED_FILE_DIR/security_cdsa_utils-WebKit.stamp\"";
-               };
                93AF528708254B33005D0156 = {
                        buildActionMask = 2147483647;
                        files = (
                                9345D4EB0365C5B2008635CE,
                                830E81830585375700AD0891,
                                830E81840585375700AD0891,
-                               83634A7206DA5ECD0026E290,
-                               83634A7106DA5ECD0026E290,
                                84723BE3056D719E0044BFEA,
                                84723BE4056D719E0044BFEA,
                                F5E0E10802BC45F8018635CA,