[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
adachan at apple.com
adachan at apple.com
Wed Dec 22 14:38:57 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 8d9ca3d0ef007b456a4e827f662f33ee538d1c2f
Author: adachan at apple.com <adachan at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu Oct 14 21:03:49 2010 +0000
Reviewed by Sam Weinig.
WebKit2: Store the certificate chain in PlatformCertificateInfo.
https://bugs.webkit.org/show_bug.cgi?id=47603
* Shared/API/c/win/WKCertificateInfoWin.cpp:
(WKCertificateInfoGetCertificateChainLength):
(WKCertificateInfoGetCertificateContextAtIndex):
* Shared/API/c/win/WKCertificateInfoWin.h:
* Shared/win/PlatformCertificateInfo.cpp:
(WebKit::PlatformCertificateInfo::PlatformCertificateInfo): Get the chain context from the response and duplicate the certificate contexts
in the chain to store in m_certificateChain.
(WebKit::PlatformCertificateInfo::~PlatformCertificateInfo): Free all the certificate contexts in the chain.
(WebKit::PlatformCertificateInfo::operator=): Duplicate the certificate contexts from the other PlatformCertificateInfo's certificate chain
to store in m_certificateChain.
(WebKit::PlatformCertificateInfo::encode):
(WebKit::PlatformCertificateInfo::decode):
(WebKit::PlatformCertificateInfo::clearCertificateChain): Free all the certificate contexts in the chain and clear the vector.
* Shared/win/PlatformCertificateInfo.h:
(WebKit::PlatformCertificateInfo::certificateChain):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@69802 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebKit2/ChangeLog b/WebKit2/ChangeLog
index 5b861c5..d488afe 100644
--- a/WebKit2/ChangeLog
+++ b/WebKit2/ChangeLog
@@ -1,3 +1,26 @@
+2010-10-14 Ada Chan <adachan at apple.com>
+
+ Reviewed by Sam Weinig.
+
+ WebKit2: Store the certificate chain in PlatformCertificateInfo.
+ https://bugs.webkit.org/show_bug.cgi?id=47603
+
+ * Shared/API/c/win/WKCertificateInfoWin.cpp:
+ (WKCertificateInfoGetCertificateChainLength):
+ (WKCertificateInfoGetCertificateContextAtIndex):
+ * Shared/API/c/win/WKCertificateInfoWin.h:
+ * Shared/win/PlatformCertificateInfo.cpp:
+ (WebKit::PlatformCertificateInfo::PlatformCertificateInfo): Get the chain context from the response and duplicate the certificate contexts
+ in the chain to store in m_certificateChain.
+ (WebKit::PlatformCertificateInfo::~PlatformCertificateInfo): Free all the certificate contexts in the chain.
+ (WebKit::PlatformCertificateInfo::operator=): Duplicate the certificate contexts from the other PlatformCertificateInfo's certificate chain
+ to store in m_certificateChain.
+ (WebKit::PlatformCertificateInfo::encode):
+ (WebKit::PlatformCertificateInfo::decode):
+ (WebKit::PlatformCertificateInfo::clearCertificateChain): Free all the certificate contexts in the chain and clear the vector.
+ * Shared/win/PlatformCertificateInfo.h:
+ (WebKit::PlatformCertificateInfo::certificateChain):
+
2010-10-14 Adam Roben <aroben at apple.com>
Make sure WebKit2 only loads each plugin once
diff --git a/WebKit2/Shared/API/c/win/WKCertificateInfoWin.cpp b/WebKit2/Shared/API/c/win/WKCertificateInfoWin.cpp
index 04c5a0c..f4c7bb2 100644
--- a/WebKit2/Shared/API/c/win/WKCertificateInfoWin.cpp
+++ b/WebKit2/Shared/API/c/win/WKCertificateInfoWin.cpp
@@ -30,7 +30,15 @@
using namespace WebKit;
-PCCERT_CONTEXT WKCertificateInfoGetCertificateContext(WKCertificateInfoRef certificateInfoRef)
+size_t WKCertificateInfoGetCertificateChainLength(WKCertificateInfoRef certificateInfoRef)
{
- return toImpl(certificateInfoRef)->platformCertificateInfo().certificateContext();
+ return toImpl(certificateInfoRef)->platformCertificateInfo().certificateChain().size();
+}
+
+PCCERT_CONTEXT WKCertificateInfoGetCertificateContextAtIndex(WKCertificateInfoRef certificateInfoRef, size_t index)
+{
+ const Vector<PCCERT_CONTEXT>& certificateChain = toImpl(certificateInfoRef)->platformCertificateInfo().certificateChain();
+ if (index >= certificateChain.size())
+ return 0;
+ return certificateChain[index];
}
diff --git a/WebKit2/Shared/API/c/win/WKCertificateInfoWin.h b/WebKit2/Shared/API/c/win/WKCertificateInfoWin.h
index 1db425e..0fcd818 100644
--- a/WebKit2/Shared/API/c/win/WKCertificateInfoWin.h
+++ b/WebKit2/Shared/API/c/win/WKCertificateInfoWin.h
@@ -33,7 +33,8 @@
extern "C" {
#endif
-WK_EXPORT PCCERT_CONTEXT WKCertificateInfoGetCertificateContext(WKCertificateInfoRef certificateInfo);
+WK_EXPORT size_t WKCertificateInfoGetCertificateChainLength(WKCertificateInfoRef certificateInfo);
+WK_EXPORT PCCERT_CONTEXT WKCertificateInfoGetCertificateContextAtIndex(WKCertificateInfoRef certificateInfo, size_t index);
#ifdef __cplusplus
}
diff --git a/WebKit2/Shared/win/PlatformCertificateInfo.cpp b/WebKit2/Shared/win/PlatformCertificateInfo.cpp
index 69bda7d..b88a7ef 100644
--- a/WebKit2/Shared/win/PlatformCertificateInfo.cpp
+++ b/WebKit2/Shared/win/PlatformCertificateInfo.cpp
@@ -38,12 +38,10 @@ using namespace WebCore;
namespace WebKit {
PlatformCertificateInfo::PlatformCertificateInfo()
- : m_certificateContext(0)
{
}
PlatformCertificateInfo::PlatformCertificateInfo(const ResourceResponse& response)
- : m_certificateContext(0)
{
CFURLResponseRef cfResponse = response.cfURLResponse();
if (!cfResponse)
@@ -54,11 +52,21 @@ PlatformCertificateInfo::PlatformCertificateInfo(const ResourceResponse& respons
if (!certificateInfo)
return;
- void* data = wkGetSSLPeerCertificateData(certificateInfo);
+ void* data = wkGetSSLCertificateChainContext(certificateInfo);
if (!data)
return;
- m_certificateContext = ::CertDuplicateCertificateContext(static_cast<PCCERT_CONTEXT>(data));
+ PCCERT_CHAIN_CONTEXT chainContext = static_cast<PCCERT_CHAIN_CONTEXT>(data);
+ if (chainContext->cChain < 1)
+ return;
+
+ // The first simple chain starts with the leaf certificate and ends with a trusted root or self-signed certificate.
+ PCERT_SIMPLE_CHAIN firstSimpleChain = chainContext->rgpChain[0];
+ for (unsigned i = 0; i < firstSimpleChain->cElement; ++i) {
+ PCCERT_CONTEXT certificateContext = firstSimpleChain->rgpElement[i]->pCertContext;
+ ::CertDuplicateCertificateContext(certificateContext);
+ m_certificateChain.append(certificateContext);
+ }
#else
// FIXME: WinCairo implementation
#endif
@@ -66,56 +74,77 @@ PlatformCertificateInfo::PlatformCertificateInfo(const ResourceResponse& respons
PlatformCertificateInfo::~PlatformCertificateInfo()
{
- if (m_certificateContext)
- ::CertFreeCertificateContext(m_certificateContext);
+ clearCertificateChain();
}
PlatformCertificateInfo::PlatformCertificateInfo(const PlatformCertificateInfo& other)
- : m_certificateContext(::CertDuplicateCertificateContext(other.m_certificateContext))
{
+ for (size_t i = 0; i < other.m_certificateChain.size(); ++i) {
+ ::CertDuplicateCertificateContext(other.m_certificateChain[i]);
+ m_certificateChain.append(other.m_certificateChain[i]);
+ }
}
PlatformCertificateInfo& PlatformCertificateInfo::operator=(const PlatformCertificateInfo& other)
{
- ::CertDuplicateCertificateContext(other.m_certificateContext);
- if (m_certificateContext)
- ::CertFreeCertificateContext(m_certificateContext);
- m_certificateContext = other.m_certificateContext;
+ clearCertificateChain();
+ for (size_t i = 0; i < other.m_certificateChain.size(); ++i) {
+ ::CertDuplicateCertificateContext(other.m_certificateChain[i]);
+ m_certificateChain.append(other.m_certificateChain[i]);
+ }
return *this;
}
void PlatformCertificateInfo::encode(CoreIPC::ArgumentEncoder* encoder) const
{
- // FIXME: We should encode the no certificate context case in the
- // number of the bytes.
- if (!m_certificateContext) {
- encoder->encodeBool(true);
+ // Special case no certificates
+ if (m_certificateChain.isEmpty()) {
+ encoder->encodeUInt64(std::numeric_limits<uint64_t>::max());
return;
}
- encoder->encodeBool(false);
- encoder->encodeBytes(static_cast<uint8_t*>(m_certificateContext->pbCertEncoded), m_certificateContext->cbCertEncoded);
+ uint64_t length = m_certificateChain.size();
+ encoder->encodeUInt64(length);
+
+ for (size_t i = 0; i < length; ++i)
+ encoder->encodeBytes(static_cast<uint8_t*>(m_certificateChain[i]->pbCertEncoded), m_certificateChain[i]->cbCertEncoded);
}
bool PlatformCertificateInfo::decode(CoreIPC::ArgumentDecoder* decoder, PlatformCertificateInfo& c)
{
- bool noCertificate;
- if (!decoder->decode(noCertificate))
+ uint64_t length;
+ if (!decoder->decode(length))
return false;
- if (noCertificate)
+ if (length == std::numeric_limits<uint64_t>::max()) {
+ // This is the no certificates case.
return true;
+ }
- Vector<uint8_t> bytes;
- if (!decoder->decodeBytes(bytes))
- return false;
-
- PCCERT_CONTEXT certificateContext = ::CertCreateCertificateContext(PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, bytes.data(), bytes.size());
- if (!certificateContext)
- return false;
+ for (size_t i = 0; i < length; ++i) {
+ Vector<uint8_t> bytes;
+ if (!decoder->decodeBytes(bytes)) {
+ c.clearCertificateChain();
+ return false;
+ }
+
+ PCCERT_CONTEXT certificateContext = ::CertCreateCertificateContext(PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, bytes.data(), bytes.size());
+ if (!certificateContext) {
+ c.clearCertificateChain();
+ return false;
+ }
+
+ c.m_certificateChain.append(certificateContext);
+ }
- c.m_certificateContext = certificateContext;
return true;
}
+void PlatformCertificateInfo::clearCertificateChain()
+{
+ for (size_t i = 0; i < m_certificateChain.size(); ++i)
+ ::CertFreeCertificateContext(m_certificateChain[i]);
+ m_certificateChain.clear();
+}
+
} // namespace WebKit
diff --git a/WebKit2/Shared/win/PlatformCertificateInfo.h b/WebKit2/Shared/win/PlatformCertificateInfo.h
index b8d6d6d..e483d37 100644
--- a/WebKit2/Shared/win/PlatformCertificateInfo.h
+++ b/WebKit2/Shared/win/PlatformCertificateInfo.h
@@ -26,6 +26,8 @@
#ifndef PlatformCertificateInfo_h
#define PlatformCertificateInfo_h
+#include <wtf/Vector.h>
+
namespace CoreIPC {
class ArgumentDecoder;
class ArgumentEncoder;
@@ -46,13 +48,15 @@ public:
PlatformCertificateInfo(const PlatformCertificateInfo&);
PlatformCertificateInfo& operator=(const PlatformCertificateInfo&);
- PCCERT_CONTEXT certificateContext() const { return m_certificateContext; }
+ const Vector<PCCERT_CONTEXT>& certificateChain() const { return m_certificateChain; }
void encode(CoreIPC::ArgumentEncoder* encoder) const;
static bool decode(CoreIPC::ArgumentDecoder* decoder, PlatformCertificateInfo& t);
private:
- PCCERT_CONTEXT m_certificateContext;
+ void clearCertificateChain();
+
+ Vector<PCCERT_CONTEXT> m_certificateChain;
};
} // namespace WebKit
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list