[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.16-1409-g5afdf4d
agolden at apple.com
agolden at apple.com
Thu Dec 3 13:39:19 UTC 2009
The following commit has been merged in the webkit-1.1 branch:
commit ec2f21bf82c5dc39d60ec012c3b821304828962a
Author: agolden at apple.com <agolden at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Nov 18 21:54:55 2009 +0000
Add support for certificates to WebCore::Credential so we can convert between NSURLCredential
objects and WebCore::Credential objects without losing certificate information.
Reviewed by Alexey Proskuryakov
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@51131 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 6737a4b..0e690d9 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,22 @@
+2009-11-18 Aaron Golden <agolden at apple.com>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Add support for certificates to WebCore::Credential so we can convert between NSURLCredential
+ objects and WebCore::Credential objects without losing certificate information.
+
+ * platform/network/Credential.cpp:
+ (WebCore::Credential::Credential): Adding a constructor that takes an identity argument and a certificate chain argument
+ (WebCore::Credential::isEmpty): Modifying isEmpty to support certificate based credentials (which don't have a username or password)
+ (WebCore::Credential::identity): Accessor for the m_identity property
+ (WebCore::Credential::certificates): Accessor for the m_certificates property
+ (WebCore::Credential::type): Accessor for the m_type property
+ (WebCore::operator==): Modifying == to compare the identity and certificate chains of certificate based credentials.
+ * platform/network/Credential.h: Adding new fields to WebCore::Credential to support certificate based credentials.
+ * platform/network/mac/AuthenticationMac.mm:
+ (WebCore::mac): Modifying the mac() conversion method to correctly convert certificate based WebCore::Credential objects.
+ (WebCore::core): Modifying the core() conversion method to correctly convert certificate based NSURLCredential objects.
+
2009-11-18 Dmitry Titov <dimich at chromium.org>
Reviewed by Eric Seidel.
diff --git a/WebCore/platform/network/Credential.cpp b/WebCore/platform/network/Credential.cpp
index f905743..13a1fa0 100644
--- a/WebCore/platform/network/Credential.cpp
+++ b/WebCore/platform/network/Credential.cpp
@@ -33,6 +33,9 @@ Credential::Credential()
: m_user("")
, m_password("")
, m_persistence(CredentialPersistenceNone)
+#if CERTIFICATE_CREDENTIALS_SUPPORTED
+ , m_type(CredentialTypePassword)
+#endif
{
}
@@ -42,11 +45,19 @@ Credential::Credential(const String& user, const String& password, CredentialPer
: m_user(user.length() ? user : "")
, m_password(password.length() ? password : "")
, m_persistence(persistence)
+#if CERTIFICATE_CREDENTIALS_SUPPORTED
+ , m_type(CredentialTypePassword)
+#endif
{
}
bool Credential::isEmpty() const
{
+#if CERTIFICATE_CREDENTIALS_SUPPORTED
+ if (m_type == CredentialTypeClientCertificate && (m_identity || m_certificates))
+ return false;
+#endif
+
return m_user.isEmpty() && m_password.isEmpty();
}
@@ -69,15 +80,68 @@ CredentialPersistence Credential::persistence() const
{
return m_persistence;
}
+
+#if CERTIFICATE_CREDENTIALS_SUPPORTED
+Credential::Credential(SecIdentityRef identity, CFArrayRef certificates, CredentialPersistence persistence)
+ : m_user("")
+ , m_password("")
+ , m_persistence(persistence)
+ , m_identity(identity)
+ , m_certificates(certificates)
+ , m_type(CredentialTypeClientCertificate)
+{
+}
+
+SecIdentityRef Credential::identity() const
+{
+ return m_identity.get();
+}
+
+CFArrayRef Credential::certificates() const
+{
+ return m_certificates.get();
+}
+
+const CredentialType Credential::type() const
+{
+ return m_type;
+}
+#endif
bool operator==(const Credential& a, const Credential& b)
{
+ // Check persistence first since all credential types
+ // have the persistence property.
+ if (a.persistence() != b.persistence())
+ return false;
+
+#if CERTIFICATE_CREDENTIALS_SUPPORTED
+ CredentialType aType = a.type();
+ if (aType != b.type())
+ return false;
+
+ // Comparing identity and certificate chain pointers is valid only
+ // for client certificate type credentials.
+ //
+ // FIXME: Is pointer comparison of the identity and certificates properties sufficient?
+ if (aType == CredentialTypeClientCertificate) {
+ if (a.identity() != b.identity())
+ return false;
+ if (a.certificates() != b.certificates())
+ return false;
+
+ // We only need to check identity and certificates to compare
+ // client certificate based credentials.
+ return true;
+ }
+
+ ASSERT(a.type() == CredentialTypePassword && b.type() == CredentialTypePassword);
+#endif
+
if (a.user() != b.user())
return false;
if (a.password() != b.password())
return false;
- if (a.persistence() != b.persistence())
- return false;
return true;
}
diff --git a/WebCore/platform/network/Credential.h b/WebCore/platform/network/Credential.h
index 0471fbc..a3e1164 100644
--- a/WebCore/platform/network/Credential.h
+++ b/WebCore/platform/network/Credential.h
@@ -27,6 +27,13 @@
#include "PlatformString.h"
+#define CERTIFICATE_CREDENTIALS_SUPPORTED ((PLATFORM(MAC) || PLATFORM(IPHONE)) && !defined(BUILDING_ON_TIGER) && !defined(BUILDING_ON_LEOPARD))
+
+#if CERTIFICATE_CREDENTIALS_SUPPORTED
+#include <WTF/RetainPtr.h>
+#include <Security/SecBase.h>
+#endif
+
namespace WebCore {
enum CredentialPersistence {
@@ -34,12 +41,22 @@ enum CredentialPersistence {
CredentialPersistenceForSession,
CredentialPersistencePermanent
};
-
+
+#if CERTIFICATE_CREDENTIALS_SUPPORTED
+enum CredentialType {
+ CredentialTypePassword,
+ CredentialTypeClientCertificate
+};
+#endif
+
class Credential {
public:
Credential();
Credential(const String& user, const String& password, CredentialPersistence);
+#if CERTIFICATE_CREDENTIALS_SUPPORTED
+ Credential(SecIdentityRef identity, CFArrayRef certificates, CredentialPersistence);
+#endif
bool isEmpty() const;
@@ -48,10 +65,21 @@ public:
bool hasPassword() const;
CredentialPersistence persistence() const;
+#if CERTIFICATE_CREDENTIALS_SUPPORTED
+ SecIdentityRef identity() const;
+ CFArrayRef certificates() const;
+ const CredentialType type() const;
+#endif
+
private:
String m_user;
String m_password;
CredentialPersistence m_persistence;
+#if CERTIFICATE_CREDENTIALS_SUPPORTED
+ RetainPtr<SecIdentityRef> m_identity;
+ RetainPtr<CFArrayRef> m_certificates;
+ CredentialType m_type;
+#endif
};
bool operator==(const Credential& a, const Credential& b);
diff --git a/WebCore/platform/network/mac/AuthenticationMac.mm b/WebCore/platform/network/mac/AuthenticationMac.mm
index 60c998c..ea06ecd 100644
--- a/WebCore/platform/network/mac/AuthenticationMac.mm
+++ b/WebCore/platform/network/mac/AuthenticationMac.mm
@@ -229,6 +229,15 @@ NSURLCredential *mac(const Credential& coreCredential)
ASSERT_NOT_REACHED();
}
+#if CERTIFICATE_CREDENTIALS_SUPPORTED
+ if (coreCredential.type() == CredentialTypeClientCertificate) {
+ return [[[NSURLCredential alloc] initWithIdentity:coreCredential.identity()
+ certificates:(NSArray *)coreCredential.certificates()
+ persistence:persistence]
+ autorelease];
+ }
+#endif
+
return [[[NSURLCredential alloc] initWithUser:coreCredential.user()
password:coreCredential.password()
persistence:persistence]
@@ -306,6 +315,12 @@ Credential core(NSURLCredential *macCredential)
default:
ASSERT_NOT_REACHED();
}
+
+#if CERTIFICATE_CREDENTIALS_SUPPORTED
+ SecIdentityRef identity = [macCredential identity];
+ if (identity)
+ return Credential(identity, (CFArrayRef)[macCredential certificates], persistence);
+#endif
return Credential([macCredential user], [macCredential password], persistence);
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list