Diff
Modified: trunk/Source/WTF/ChangeLog (232164 => 232165)
--- trunk/Source/WTF/ChangeLog 2018-05-24 21:03:44 UTC (rev 232164)
+++ trunk/Source/WTF/ChangeLog 2018-05-24 21:47:20 UTC (rev 232165)
@@ -1,3 +1,15 @@
+2018-05-24 Jiewen Tan <[email protected]>
+
+ Adopt SecKeyProxy SPI in certificate based challenge response code
+ https://bugs.webkit.org/show_bug.cgi?id=185848
+ <rdar://problem/34586181>
+
+ Reviewed by Alex Christensen.
+
+ Add a condition macro to determine if SecKeyProxy SPI exists.
+
+ * wtf/Platform.h:
+
2018-05-23 Eric Carlson <[email protected]>
Avoid loading AVFoundation to check supported MIME types if possible
Modified: trunk/Source/WTF/wtf/Platform.h (232164 => 232165)
--- trunk/Source/WTF/wtf/Platform.h 2018-05-24 21:03:44 UTC (rev 232164)
+++ trunk/Source/WTF/wtf/Platform.h 2018-05-24 21:47:20 UTC (rev 232165)
@@ -1314,6 +1314,7 @@
#if (PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 120000) || (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400)
#define ENABLE_ACCESSIBILITY_EVENTS 1
+#define HAVE_SEC_KEY_PROXY 1
#endif
#endif /* WTF_Platform_h */
Modified: trunk/Source/WebCore/PAL/ChangeLog (232164 => 232165)
--- trunk/Source/WebCore/PAL/ChangeLog 2018-05-24 21:03:44 UTC (rev 232164)
+++ trunk/Source/WebCore/PAL/ChangeLog 2018-05-24 21:47:20 UTC (rev 232165)
@@ -1,3 +1,17 @@
+2018-05-24 Jiewen Tan <[email protected]>
+
+ Adopt SecKeyProxy SPI in certificate based challenge response code
+ https://bugs.webkit.org/show_bug.cgi?id=185848
+ <rdar://problem/34586181>
+
+ Reviewed by Alex Christensen.
+
+ Add SPIs to support SecKeyProxy and convert xpc_endpoint_t to NSXPCListenerEndpoint vice versa.
+
+ * PAL.xcodeproj/project.pbxproj:
+ * pal/spi/cocoa/NSXPCConnectionSPI.h: Added.
+ * pal/spi/cocoa/SecKeyProxySPI.h: Added.
+
2018-05-24 Chris Dumez <[email protected]>
Some of the work in initializeLogChannelsIfNecessary() is unnecessary for release builds
Modified: trunk/Source/WebCore/PAL/PAL.xcodeproj/project.pbxproj (232164 => 232165)
--- trunk/Source/WebCore/PAL/PAL.xcodeproj/project.pbxproj 2018-05-24 21:03:44 UTC (rev 232164)
+++ trunk/Source/WebCore/PAL/PAL.xcodeproj/project.pbxproj 2018-05-24 21:47:20 UTC (rev 232165)
@@ -108,6 +108,8 @@
1C4876E01F8D837500CCEEBD /* LoggingCocoa.mm in Sources */ = {isa = PBXBuildFile; fileRef = 1C4876DF1F8D837500CCEEBD /* LoggingCocoa.mm */; };
2D02E93C2056FAA700A13797 /* AudioToolboxSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 2D02E93B2056FAA700A13797 /* AudioToolboxSPI.h */; };
31308B1420A21705003FB929 /* SystemPreviewSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 31308B1320A21705003FB929 /* SystemPreviewSPI.h */; };
+ 570AB8F120AE2E8D00B8BE87 /* SecKeyProxySPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 570AB8F020AE2E8D00B8BE87 /* SecKeyProxySPI.h */; };
+ 570AB8F920AF6E3D00B8BE87 /* NSXPCConnectionSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 570AB8F820AF6E3D00B8BE87 /* NSXPCConnectionSPI.h */; };
57F12518205787D7001AB8A6 /* DeviceIdentitySPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 57F12517205787C8001AB8A6 /* DeviceIdentitySPI.h */; };
7A1656441F97B2B900BA3CE4 /* NSKeyedArchiverSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 7A1656431F97B2B800BA3CE4 /* NSKeyedArchiverSPI.h */; };
A10265871F56746100B4C844 /* FoundationSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = A10265861F56746100B4C844 /* FoundationSPI.h */; };
@@ -255,6 +257,8 @@
1C67CEA21E32EE2600F80F2E /* Version.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = Version.xcconfig; sourceTree = "<group>"; };
2D02E93B2056FAA700A13797 /* AudioToolboxSPI.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AudioToolboxSPI.h; sourceTree = "<group>"; };
31308B1320A21705003FB929 /* SystemPreviewSPI.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SystemPreviewSPI.h; sourceTree = "<group>"; };
+ 570AB8F020AE2E8D00B8BE87 /* SecKeyProxySPI.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecKeyProxySPI.h; sourceTree = "<group>"; };
+ 570AB8F820AF6E3D00B8BE87 /* NSXPCConnectionSPI.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = NSXPCConnectionSPI.h; sourceTree = "<group>"; };
57F12517205787C8001AB8A6 /* DeviceIdentitySPI.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = DeviceIdentitySPI.h; sourceTree = "<group>"; };
7A1656431F97B2B800BA3CE4 /* NSKeyedArchiverSPI.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NSKeyedArchiverSPI.h; sourceTree = "<group>"; };
93E5909C1F93BF1E0067F8CF /* UnencodableHandling.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = UnencodableHandling.h; sourceTree = "<group>"; };
@@ -383,9 +387,11 @@
0C2DA1361F3BEB4900DBC317 /* NSURLConnectionSPI.h */,
0C2DA1371F3BEB4900DBC317 /* NSURLDownloadSPI.h */,
0C2DA1381F3BEB4900DBC317 /* NSURLFileTypeMappingsSPI.h */,
+ 570AB8F820AF6E3D00B8BE87 /* NSXPCConnectionSPI.h */,
0C2DA1391F3BEB4900DBC317 /* PassKitSPI.h */,
0C2DA13A1F3BEB4900DBC317 /* pthreadSPI.h */,
0C2DA13B1F3BEB4900DBC317 /* QuartzCoreSPI.h */,
+ 570AB8F020AE2E8D00B8BE87 /* SecKeyProxySPI.h */,
0C2DA13C1F3BEB4900DBC317 /* ServersSPI.h */,
0C2DA12B1F3BEB4900DBC317 /* URLFormattingSPI.h */,
0C2DA13D1F3BEB4900DBC317 /* WebFilterEvaluatorSPI.h */,
@@ -691,6 +697,7 @@
0C2DA1541F3BEB4900DBC317 /* NSURLFileTypeMappingsSPI.h in Headers */,
0C77859C1F45130F00F4EBB6 /* NSViewSPI.h in Headers */,
0C77859D1F45130F00F4EBB6 /* NSWindowSPI.h in Headers */,
+ 570AB8F920AF6E3D00B8BE87 /* NSXPCConnectionSPI.h in Headers */,
0C5AF91F1F43A4C7002EAC02 /* OpenGLESSPI.h in Headers */,
0C2DA1551F3BEB4900DBC317 /* PassKitSPI.h in Headers */,
0C77859E1F45130F00F4EBB6 /* PIPSPI.h in Headers */,
@@ -701,6 +708,7 @@
A102658B1F56748C00B4C844 /* QuickDrawSPI.h in Headers */,
0C7785A01F45130F00F4EBB6 /* QuickLookMacSPI.h in Headers */,
0C5AF9201F43A4C7002EAC02 /* QuickLookSPI.h in Headers */,
+ 570AB8F120AE2E8D00B8BE87 /* SecKeyProxySPI.h in Headers */,
0C2DA1581F3BEB4900DBC317 /* ServersSPI.h in Headers */,
A3C66CDD1F462D6A009E6EE9 /* SessionID.h in Headers */,
A3AB6E561F3D1DDB009C14B1 /* SleepDisabler.h in Headers */,
Added: trunk/Source/WebCore/PAL/pal/spi/cocoa/NSXPCConnectionSPI.h (0 => 232165)
--- trunk/Source/WebCore/PAL/pal/spi/cocoa/NSXPCConnectionSPI.h (rev 0)
+++ trunk/Source/WebCore/PAL/pal/spi/cocoa/NSXPCConnectionSPI.h 2018-05-24 21:47:20 UTC (rev 232165)
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2018 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#if USE(APPLE_INTERNAL_SDK)
+
+#import <Foundation/NSXPCConnection_Private.h>
+
+#else
+
+#import <Foundation/NSXPCConnection.h>
+#import <xpc/xpc.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+@interface NSXPCListenerEndpoint (NSPrivate)
+- (xpc_endpoint_t)_endpoint API_AVAILABLE(macos(10.8), ios(6.0), watchos(2.0), tvos(9.0));
+- (void)_setEndpoint:(xpc_endpoint_t)endpoint API_AVAILABLE(macos(10.9), ios(7.0), watchos(2.0), tvos(9.0));
+@end
+
+NS_ASSUME_NONNULL_END
+
+#endif // USE(APPLE_INTERNAL_SDK)
Added: trunk/Source/WebCore/PAL/pal/spi/cocoa/SecKeyProxySPI.h (0 => 232165)
--- trunk/Source/WebCore/PAL/pal/spi/cocoa/SecKeyProxySPI.h (rev 0)
+++ trunk/Source/WebCore/PAL/pal/spi/cocoa/SecKeyProxySPI.h 2018-05-24 21:47:20 UTC (rev 232165)
@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) 2018 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#if HAVE(SEC_KEY_PROXY)
+
+#if USE(APPLE_INTERNAL_SDK)
+
+#import <Security/SecKeyProxy.h>
+
+#else
+
+#import <Foundation/Foundation.h>
+#include <Security/SecBase.h>
+#include <Security/SecKey.h>
+
+NS_ASSUME_NONNULL_BEGIN
+@interface SecKeyProxy : NSObject {
+@private
+ id _key;
+ NSData * _Nullable _certificate;
+ NSXPCListener *_listener;
+}
+// Creates new proxy instance. Proxy holds reference to the target key or identity and allows remote access to that target key as long as the proxy instance is kept alive.
+- (instancetype)initWithKey:(SecKeyRef)key;
+- (instancetype)initWithIdentity:(SecIdentityRef)identity;
+// Retrieve endpoint to this proxy instance. Endpoint can be transferred over NSXPCConnection and passed to +[createKeyFromEndpoint:error:] method.
+@property (readonly, nonatomic) NSXPCListenerEndpoint *endpoint;
+// Invalidates all connections to this proxy.
+- (void)invalidate;
+// Creates new SecKey/SecIdentity object which forwards all operations to the target SecKey identified by endpoint. Returned SecKeyRef can be used as long as target SecKeyProxy instance is kept alive.
++ (nullable SecKeyRef)createKeyFromEndpoint:(NSXPCListenerEndpoint *)endpoint error:(NSError **)error;
++ (nullable SecIdentityRef)createIdentityFromEndpoint:(NSXPCListenerEndpoint *)endpoint error:(NSError **)error;
+@end
+NS_ASSUME_NONNULL_END
+
+#endif // USE(APPLE_INTERNAL_SDK)
+
+#endif // HAVE(SEC_KEY_PROXY)
Modified: trunk/Source/WebKit/ChangeLog (232164 => 232165)
--- trunk/Source/WebKit/ChangeLog 2018-05-24 21:03:44 UTC (rev 232164)
+++ trunk/Source/WebKit/ChangeLog 2018-05-24 21:47:20 UTC (rev 232165)
@@ -1,3 +1,60 @@
+2018-05-24 Jiewen Tan <[email protected]>
+
+ Adopt SecKeyProxy SPI in certificate based challenge response code
+ https://bugs.webkit.org/show_bug.cgi?id=185848
+ <rdar://problem/34586181>
+
+ Reviewed by Alex Christensen.
+
+ This patch adopts SecKeyProxy SPI in HTTPS client certificate authentication code.
+ 1) SecKeyProxy is a new SPI to relay crypto operations from one process to another. The owner process of the proxy
+ will behave like a server, and other owners of the SecKeys created from the proxy's endpoints will then behave
+ like clients. This client-server model allows more restricted sandbox for client processes, and meanwhile permits
+ them to relay crypto operations to the server process while maintaining the same SecKey interfaces as used for local operations.
+ 2) Because of the client-server model, the server process, i.e. the UI Process in our case, needs to keep the proxy
+ object alive long enough for the client process, i.e. Network Processes in our case, to finish all operations, and then destroy
+ the proxy object afterward. The ideal place to hold such a proxy is WebsiteDataStore such that proxies could live with the
+ corresponding network session.
+ 3) A new class called SecKeyProxyStore is then created to bind the lifetime of SecKeyProxy to the WebsiteDataStore while initializing
+ it correctly. At the time the authentication process reaches WebPageProxy::didReceiveAuthenticationChallengeProxy where we have
+ accesses to the WebsiteDataStore, we haven't yet been able to determine the Credential to authenticate the challenge. Therefore, we
+ have to reserve a place in the WebsiteDataStore ahead and then fill it with the right Credential. That's why SecKeyProxyStore exists.
+ In WebPageProxy::didReceiveAuthenticationChallengeProxy, we create a strong reference of SecKeyProxyStore which will eventually hold
+ a strong reference of the SecKeyProxy, and move it to the WebsiteDataStore. We also create a weak reference to SecKeyProxyStore
+ and move it to the AuthenticationChallenge. In this way, we indirectly bind the lifetime of SecKeyProxy to the WebsiteDataStore through
+ the strong reference and also we can initialize the proxy through the weak reference while a credential is finally determined.
+ 4) Endpoints of the SecKeyProxy will be passed to the Network Process for creating the 'remote' SecKey. However, those endpoints are
+ of NSXPCListenerEndpoint type, which can only be passed with xpc connections and are not compatible with our IPC mechanism. In order
+ to pass endpoints around, this patch reuses the xpc connection that is used to bootstrap Network Processes from the UI Process. To do
+ so, it sends xpc messages at the place where original IPC messages are sent and overwrites the boostrap listener of the xpc connection
+ when Network Process is initialized. From the listener, it continues the original authentication code path.
+ 5) Tests, again, are manually covered by tlstestwebkit.org. Noted, the prompting Keychain dialog in macOS should say Safari instead of
+ "com.apple.WebKit.Networking*" now.
+
+ * Shared/AuthenticationManagerCocoa.mm: Added.
+ (WebKit::AuthenticationManager::initializeConnection):
+ * Shared/Authentication/cocoa/AuthenticationManager.h:
+ * Shared/Authentication/cocoa/ClientCertificateAuthenticationXPCConstants.h:
+ * UIProcess/Authentication/AuthenticationChallengeProxy.cpp:
+ (WebKit::AuthenticationChallengeProxy::useCredential):
+ (WebKit::AuthenticationChallengeProxy::setSecKeyProxyStore):
+ * UIProcess/Authentication/AuthenticationChallengeProxy.h:
+ * UIProcess/Authentication/cocoa/AuthenticationChallengeProxyCocoa.mm: Added.
+ (WebKit::AuthenticationChallengeProxy::sendClientCertificateCredentialOverXpc const):
+ * UIProcess/Authentication/cocoa/SecKeyProxyStore.h: Added.
+ (WebKit::SecKeyProxyStore::create):
+ (WebKit::SecKeyProxyStore::isInitialized const):
+ (WebKit::SecKeyProxyStore::get const):
+ (WebKit::SecKeyProxyStore::weakPtrFactory const):
+ * UIProcess/Authentication/cocoa/SecKeyProxyStore.mm: Added.
+ (WebKit::SecKeyProxyStore::initialize):
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::didReceiveAuthenticationChallengeProxy):
+ * UIProcess/WebsiteData/WebsiteDataStore.cpp:
+ (WebKit::WebsiteDataStore::addSecKeyProxyStore):
+ * UIProcess/WebsiteData/WebsiteDataStore.h:
+ * WebKit.xcodeproj/project.pbxproj:
+
2018-05-24 Megan Gardner <[email protected]>
Fix Issues with Loupe Gesture
Modified: trunk/Source/WebKit/Shared/Authentication/AuthenticationManager.h (232164 => 232165)
--- trunk/Source/WebKit/Shared/Authentication/AuthenticationManager.h 2018-05-24 21:03:44 UTC (rev 232164)
+++ trunk/Source/WebKit/Shared/Authentication/AuthenticationManager.h 2018-05-24 21:47:20 UTC (rev 232165)
@@ -33,6 +33,7 @@
#include <wtf/CompletionHandler.h>
#include <wtf/Forward.h>
#include <wtf/HashMap.h>
+#include <wtf/WeakPtr.h>
namespace IPC {
class MessageSender;
@@ -91,6 +92,11 @@
WebCore::AuthenticationChallenge challenge;
ChallengeCompletionHandler completionHandler;
};
+
+#if HAVE(SEC_KEY_PROXY)
+ // NetworkProcessSupplement
+ void initializeConnection(IPC::Connection*) final;
+#endif
// IPC::MessageReceiver
void didReceiveMessage(IPC::Connection&, IPC::Decoder&) override;
@@ -109,6 +115,8 @@
ChildProcess& m_process;
HashMap<uint64_t, Challenge> m_challenges;
+
+ WeakPtrFactory<AuthenticationManager> m_weakPtrFactory;
};
} // namespace WebKit
Added: trunk/Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm (0 => 232165)
--- trunk/Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm (rev 0)
+++ trunk/Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm 2018-05-24 21:47:20 UTC (rev 232165)
@@ -0,0 +1,100 @@
+/*
+ * Copyright (C) 2018 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+#import "AuthenticationManager.h"
+
+#if HAVE(SEC_KEY_PROXY)
+
+#import "ClientCertificateAuthenticationXPCConstants.h"
+#import "Connection.h"
+#import <pal/spi/cocoa/NSXPCConnectionSPI.h>
+#import <pal/spi/cocoa/SecKeyProxySPI.h>
+#import <wtf/MainThread.h>
+
+namespace WebKit {
+
+void AuthenticationManager::initializeConnection(IPC::Connection* connection)
+{
+ ASSERT(isMainThread());
+
+ auto weakThis = m_weakPtrFactory.createWeakPtr(*this);
+ // The following xpc event handler overwrites the boostrap event handler and is only used
+ // to capture client certificate credential.
+ xpc_connection_set_event_handler(connection->xpcConnection(), ^(xpc_object_t event) {
+ ASSERT(isMainThread());
+
+ xpc_type_t type = xpc_get_type(event);
+ if (type == XPC_TYPE_ERROR || !weakThis)
+ return;
+
+ if (type != XPC_TYPE_DICTIONARY || strcmp(xpc_dictionary_get_string(event, clientCertificateAuthenticationXPCMessageNameKey), clientCertificateAuthenticationXPCMessageNameValue)) {
+ ASSERT_NOT_REACHED();
+ return;
+ }
+
+ auto challengeID = xpc_dictionary_get_uint64(event, clientCertificateAuthenticationXPCChallengeIDKey);
+ if (!challengeID)
+ return;
+
+ auto xpcEndPoint = xpc_dictionary_get_value(event, clientCertificateAuthenticationXPCSecKeyProxyEndpointKey);
+ if (!xpcEndPoint || xpc_get_type(xpcEndPoint) != XPC_TYPE_ENDPOINT)
+ return;
+ auto endPoint = adoptNS([[NSXPCListenerEndpoint alloc] init]);
+ [endPoint _setEndpoint:xpcEndPoint];
+ NSError *error = nil;
+ auto identity = adoptCF([SecKeyProxy createIdentityFromEndpoint:endPoint.get() error:&error]);
+ if (!identity || error) {
+ LOG_ERROR("Couldn't create identity from end point: %@", error);
+ return;
+ }
+
+ auto certificateDataArray = xpc_dictionary_get_array(event, clientCertificateAuthenticationXPCCertificatesKey);
+ if (!certificateDataArray)
+ return;
+ NSMutableArray *certificates = nil;
+ if (auto total = xpc_array_get_count(certificateDataArray)) {
+ certificates = [NSMutableArray arrayWithCapacity:total];
+ for (size_t i = 0; i < total; i++) {
+ auto certificateData = xpc_array_get_value(certificateDataArray, i);
+ auto cfData = adoptCF(CFDataCreate(nullptr, reinterpret_cast<const UInt8*>(xpc_data_get_bytes_ptr(certificateData)), xpc_data_get_length(certificateData)));
+ auto certificate = adoptCF(SecCertificateCreateWithData(nullptr, cfData.get()));
+ if (!certificate)
+ return;
+ [certificates addObject:(id)certificate.get()];
+ }
+ }
+
+ auto persistence = xpc_dictionary_get_uint64(event, clientCertificateAuthenticationXPCPersistenceKey);
+ if (persistence > static_cast<uint64_t>(NSURLCredentialPersistenceSynchronizable))
+ return;
+
+ weakThis->useCredentialForChallenge(challengeID, WebCore::Credential(adoptNS([[NSURLCredential alloc] initWithIdentity:identity.get() certificates:certificates persistence:(NSURLCredentialPersistence)persistence]).get()));
+ });
+}
+
+} // namespace WebKit
+
+#endif
Added: trunk/Source/WebKit/Shared/Authentication/cocoa/ClientCertificateAuthenticationXPCConstants.h (0 => 232165)
--- trunk/Source/WebKit/Shared/Authentication/cocoa/ClientCertificateAuthenticationXPCConstants.h (rev 0)
+++ trunk/Source/WebKit/Shared/Authentication/cocoa/ClientCertificateAuthenticationXPCConstants.h 2018-05-24 21:47:20 UTC (rev 232165)
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2018 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#if HAVE(SEC_KEY_PROXY)
+
+namespace WebKit {
+
+const char clientCertificateAuthenticationXPCMessageNameKey[] = "message-name";
+const char clientCertificateAuthenticationXPCMessageNameValue[] = "client-certificate-credential";
+const char clientCertificateAuthenticationXPCChallengeIDKey[] = "challenge-id";
+const char clientCertificateAuthenticationXPCSecKeyProxyEndpointKey[] = "sec-key-proxy-endpoint";
+const char clientCertificateAuthenticationXPCCertificatesKey[] = "certificates";
+const char clientCertificateAuthenticationXPCPersistenceKey[] = "persistence";
+
+} // namespace WebKit
+
+#endif
Modified: trunk/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.cpp (232164 => 232165)
--- trunk/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.cpp 2018-05-24 21:03:44 UTC (rev 232164)
+++ trunk/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.cpp 2018-05-24 21:47:20 UTC (rev 232165)
@@ -35,6 +35,10 @@
#include "WebProcessProxy.h"
#include "WebProtectionSpace.h"
+#if HAVE(SEC_KEY_PROXY)
+#include "SecKeyProxyStore.h"
+#endif
+
namespace WebKit {
AuthenticationChallengeProxy::AuthenticationChallengeProxy(WebCore::AuthenticationChallenge&& authenticationChallenge, uint64_t challengeID, IPC::Connection* connection)
@@ -70,6 +74,17 @@
return;
}
+#if HAVE(SEC_KEY_PROXY)
+ if (protectionSpace()->authenticationScheme() == WebCore::ProtectionSpaceAuthenticationSchemeClientCertificateRequested) {
+ if (!m_secKeyProxyStore) {
+ m_connection->send(Messages::AuthenticationManager::ContinueWithoutCredentialForChallenge(challengeID), 0);
+ return;
+ }
+ m_secKeyProxyStore->initialize(credential->credential());
+ sendClientCertificateCredentialOverXpc(challengeID, credential->credential());
+ return;
+ }
+#endif
m_connection->send(Messages::AuthenticationManager::UseCredentialForChallenge(challengeID, credential->credential()), 0);
}
@@ -119,4 +134,11 @@
return m_webProtectionSpace.get();
}
+#if HAVE(SEC_KEY_PROXY)
+void AuthenticationChallengeProxy::setSecKeyProxyStore(SecKeyProxyStore& store)
+{
+ m_secKeyProxyStore = makeWeakPtr(store);
+}
+#endif
+
} // namespace WebKit
Modified: trunk/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.h (232164 => 232165)
--- trunk/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.h 2018-05-24 21:03:44 UTC (rev 232164)
+++ trunk/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.h 2018-05-24 21:47:20 UTC (rev 232165)
@@ -27,6 +27,7 @@
#include "APIObject.h"
#include <WebCore/AuthenticationChallenge.h>
+#include <wtf/WeakPtr.h>
namespace IPC {
class Connection;
@@ -36,6 +37,7 @@
class AuthenticationDecisionListener;
class ChildProcessProxy;
+class SecKeyProxyStore;
class WebCredential;
class WebProtectionSpace;
@@ -59,9 +61,17 @@
int previousFailureCount() const { return m_coreAuthenticationChallenge.previousFailureCount(); }
const WebCore::AuthenticationChallenge& core() { return m_coreAuthenticationChallenge; }
+#if HAVE(SEC_KEY_PROXY)
+ void setSecKeyProxyStore(SecKeyProxyStore&);
+#endif
+
private:
AuthenticationChallengeProxy(WebCore::AuthenticationChallenge&&, uint64_t challengeID, IPC::Connection*);
+#if HAVE(SEC_KEY_PROXY)
+ void sendClientCertificateCredentialOverXpc(uint64_t challengeID, const WebCore::Credential&) const;
+#endif
+
WebCore::AuthenticationChallenge m_coreAuthenticationChallenge;
uint64_t m_challengeID;
RefPtr<IPC::Connection> m_connection;
@@ -68,6 +78,10 @@
RefPtr<AuthenticationDecisionListener> m_listener;
mutable RefPtr<WebCredential> m_webCredential;
mutable RefPtr<WebProtectionSpace> m_webProtectionSpace;
+
+#if HAVE(SEC_KEY_PROXY)
+ WeakPtr<SecKeyProxyStore> m_secKeyProxyStore;
+#endif
};
} // namespace WebKit
Added: trunk/Source/WebKit/UIProcess/Authentication/cocoa/AuthenticationChallengeProxyCocoa.mm (0 => 232165)
--- trunk/Source/WebKit/UIProcess/Authentication/cocoa/AuthenticationChallengeProxyCocoa.mm (rev 0)
+++ trunk/Source/WebKit/UIProcess/Authentication/cocoa/AuthenticationChallengeProxyCocoa.mm 2018-05-24 21:47:20 UTC (rev 232165)
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2018 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+#import "AuthenticationChallengeProxy.h"
+
+#if HAVE(SEC_KEY_PROXY)
+
+#import "ClientCertificateAuthenticationXPCConstants.h"
+#import "Connection.h"
+#import "SecKeyProxyStore.h"
+#import <pal/spi/cocoa/NSXPCConnectionSPI.h>
+#import <pal/spi/cocoa/SecKeyProxySPI.h>
+
+namespace WebKit {
+
+void AuthenticationChallengeProxy::sendClientCertificateCredentialOverXpc(uint64_t challengeID, const WebCore::Credential& credential) const
+{
+ ASSERT(m_secKeyProxyStore);
+ ASSERT(m_secKeyProxyStore->isInitialized());
+
+ auto message = adoptOSObject(xpc_dictionary_create(nullptr, nullptr, 0));
+ xpc_dictionary_set_string(message.get(), clientCertificateAuthenticationXPCMessageNameKey, clientCertificateAuthenticationXPCMessageNameValue);
+ xpc_dictionary_set_uint64(message.get(), clientCertificateAuthenticationXPCChallengeIDKey, challengeID);
+ xpc_dictionary_set_value(message.get(), clientCertificateAuthenticationXPCSecKeyProxyEndpointKey, m_secKeyProxyStore->get().endpoint._endpoint);
+ auto certificateDataArray = adoptOSObject(xpc_array_create(nullptr, 0));
+ for (id certificate in credential.nsCredential().certificates) {
+ auto data = ""
+ xpc_array_append_value(certificateDataArray.get(), adoptOSObject(xpc_data_create(CFDataGetBytePtr(data.get()), CFDataGetLength(data.get()))).get());
+ }
+ xpc_dictionary_set_value(message.get(), clientCertificateAuthenticationXPCCertificatesKey, certificateDataArray.get());
+ xpc_dictionary_set_uint64(message.get(), clientCertificateAuthenticationXPCPersistenceKey, static_cast<uint64_t>(credential.nsCredential().persistence));
+
+ xpc_connection_send_message(m_connection->xpcConnection(), message.get());
+}
+
+} // namespace WebKit
+
+#endif
Added: trunk/Source/WebKit/UIProcess/Authentication/cocoa/SecKeyProxyStore.h (0 => 232165)
--- trunk/Source/WebKit/UIProcess/Authentication/cocoa/SecKeyProxyStore.h (rev 0)
+++ trunk/Source/WebKit/UIProcess/Authentication/cocoa/SecKeyProxyStore.h 2018-05-24 21:47:20 UTC (rev 232165)
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2018 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#if HAVE(SEC_KEY_PROXY)
+
+#include <wtf/RefCounted.h>
+#include <wtf/RetainPtr.h>
+#include <wtf/WeakPtr.h>
+
+OBJC_CLASS SecKeyProxy;
+
+namespace WebCore {
+class Credential;
+}
+
+namespace WebKit {
+
+class SecKeyProxyStore : public RefCounted<SecKeyProxyStore> {
+public:
+ static Ref<SecKeyProxyStore> create() { return adoptRef(* new SecKeyProxyStore()); }
+
+ void initialize(const WebCore::Credential&);
+ bool isInitialized() const { return !!m_secKeyProxy; }
+
+ auto* get() const { return m_secKeyProxy.get(); }
+ auto& weakPtrFactory() const { return m_weakPtrFactory; }
+
+private:
+ SecKeyProxyStore() = default;
+
+ WeakPtrFactory<SecKeyProxyStore> m_weakPtrFactory;
+ RetainPtr<SecKeyProxy> m_secKeyProxy;
+};
+
+} // namespace WebKit
+
+#endif // HAVE(SEC_KEY_PROXY)
Added: trunk/Source/WebKit/UIProcess/Authentication/cocoa/SecKeyProxyStore.mm (0 => 232165)
--- trunk/Source/WebKit/UIProcess/Authentication/cocoa/SecKeyProxyStore.mm (rev 0)
+++ trunk/Source/WebKit/UIProcess/Authentication/cocoa/SecKeyProxyStore.mm 2018-05-24 21:47:20 UTC (rev 232165)
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2018 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+#import "SecKeyProxyStore.h"
+
+#if HAVE(SEC_KEY_PROXY)
+
+#import <WebCore/Credential.h>
+#import <pal/spi/cocoa/SecKeyProxySPI.h>
+
+namespace WebKit {
+
+void SecKeyProxyStore::initialize(const WebCore::Credential& credential)
+{
+ if (!credential.isEmpty() && credential.nsCredential().identity)
+ m_secKeyProxy = adoptNS([[SecKeyProxy alloc] initWithIdentity:credential.nsCredential().identity]);
+}
+
+} // namespace WebKit
+
+#endif // HAVE(SEC_KEY_PROXY)
Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.cpp (232164 => 232165)
--- trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2018-05-24 21:03:44 UTC (rev 232164)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2018-05-24 21:47:20 UTC (rev 232165)
@@ -208,6 +208,10 @@
#include "WebResourceLoadStatisticsStore.h"
#endif
+#if HAVE(SEC_KEY_PROXY)
+#include "SecKeyProxyStore.h"
+#endif
+
// This controls what strategy we use for mouse wheel coalescing.
#define MERGE_WHEEL_EVENTS 1
@@ -6197,6 +6201,15 @@
WebFrameProxy* frame = m_process->webFrame(frameID);
MESSAGE_CHECK(frame);
+#if HAVE(SEC_KEY_PROXY)
+ ASSERT(authenticationChallenge->protectionSpace());
+ if (authenticationChallenge->protectionSpace()->authenticationScheme() == ProtectionSpaceAuthenticationSchemeClientCertificateRequested) {
+ auto secKeyProxyStore = SecKeyProxyStore::create();
+ authenticationChallenge->setSecKeyProxyStore(secKeyProxyStore);
+ m_websiteDataStore->addSecKeyProxyStore(WTFMove(secKeyProxyStore));
+ }
+#endif
+
if (m_navigationClient)
m_navigationClient->didReceiveAuthenticationChallenge(*this, authenticationChallenge.get());
else
Modified: trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp (232164 => 232165)
--- trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp 2018-05-24 21:03:44 UTC (rev 232164)
+++ trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp 2018-05-24 21:47:20 UTC (rev 232165)
@@ -55,6 +55,10 @@
#include "PluginProcessManager.h"
#endif
+#if HAVE(SEC_KEY_PROXY)
+#include "SecKeyProxyStore.h"
+#endif
+
namespace WebKit {
static bool allowsWebsiteDataRecordsForAllOrigins;
@@ -1539,4 +1543,11 @@
}
#endif
+#if HAVE(SEC_KEY_PROXY)
+void WebsiteDataStore::addSecKeyProxyStore(Ref<SecKeyProxyStore>&& store)
+{
+ m_secKeyProxyStores.append(WTFMove(store));
}
+#endif
+
+}
Modified: trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h (232164 => 232165)
--- trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h 2018-05-24 21:03:44 UTC (rev 232164)
+++ trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h 2018-05-24 21:47:20 UTC (rev 232165)
@@ -50,6 +50,7 @@
namespace WebKit {
+class SecKeyProxyStore;
class StorageManager;
class WebPageProxy;
class WebProcessPool;
@@ -177,6 +178,10 @@
static void allowWebsiteDataRecordsForAllOrigins();
+#if HAVE(SEC_KEY_PROXY)
+ void addSecKeyProxyStore(Ref<SecKeyProxyStore>&&);
+#endif
+
private:
explicit WebsiteDataStore(PAL::SessionID);
explicit WebsiteDataStore(Configuration, PAL::SessionID);
@@ -228,6 +233,10 @@
String m_boundInterfaceIdentifier;
AllowsCellularAccess m_allowsCellularAccess { AllowsCellularAccess::Yes };
+
+#if HAVE(SEC_KEY_PROXY)
+ Vector<Ref<SecKeyProxyStore>> m_secKeyProxyStores;
+#endif
};
}
Modified: trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj (232164 => 232165)
--- trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj 2018-05-24 21:03:44 UTC (rev 232164)
+++ trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj 2018-05-24 21:47:20 UTC (rev 232165)
@@ -1217,6 +1217,9 @@
53BA47D01DC2EF5E004DF4AD /* NetworkDataTaskBlob.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 539EB5461DC2EE40009D48CF /* NetworkDataTaskBlob.cpp */; };
53BA47D11DC2EF5E004DF4AD /* NetworkDataTaskBlob.h in Headers */ = {isa = PBXBuildFile; fileRef = 539EB5471DC2EE40009D48CF /* NetworkDataTaskBlob.h */; };
53DEA3661DDE423100E82648 /* json.hpp in Headers */ = {isa = PBXBuildFile; fileRef = 53DEA3651DDE422E00E82648 /* json.hpp */; };
+ 570AB8F320AE3BD700B8BE87 /* SecKeyProxyStore.h in Headers */ = {isa = PBXBuildFile; fileRef = 570AB8F220AE3BD700B8BE87 /* SecKeyProxyStore.h */; };
+ 570AB90220B2517400B8BE87 /* AuthenticationChallengeProxyCocoa.mm in Sources */ = {isa = PBXBuildFile; fileRef = 570AB90020B2517400B8BE87 /* AuthenticationChallengeProxyCocoa.mm */; };
+ 570AB90420B2541D00B8BE87 /* SecKeyProxyStore.mm in Sources */ = {isa = PBXBuildFile; fileRef = 570AB90320B2541C00B8BE87 /* SecKeyProxyStore.mm */; };
575075A820AB8DE100693EA9 /* WebCredentialMac.mm in Sources */ = {isa = PBXBuildFile; fileRef = 575075A720AB763600693EA9 /* WebCredentialMac.mm */; };
5760828E2029895E00116678 /* WebCredentialsMessenger.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5760828C2029854200116678 /* WebCredentialsMessenger.cpp */; };
57608298202BD8BA00116678 /* WebCredentialsMessengerProxy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 57608296202BD8BA00116678 /* WebCredentialsMessengerProxy.cpp */; };
@@ -1224,6 +1227,8 @@
5760829D202D2C4000116678 /* WebCredentialsMessengerMessages.h in Headers */ = {isa = PBXBuildFile; fileRef = 5760828F20298FBD00116678 /* WebCredentialsMessengerMessages.h */; };
5760829E202D2C4300116678 /* WebCredentialsMessengerProxyMessageReceiver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5760829A202BEE5A00116678 /* WebCredentialsMessengerProxyMessageReceiver.cpp */; };
5760829F202D2C4600116678 /* WebCredentialsMessengerProxyMessages.h in Headers */ = {isa = PBXBuildFile; fileRef = 5760829B202BEE5A00116678 /* WebCredentialsMessengerProxyMessages.h */; };
+ 57B4B45F20B504AC00D4AD79 /* AuthenticationManagerCocoa.mm in Sources */ = {isa = PBXBuildFile; fileRef = 57B4B45D20B504AB00D4AD79 /* AuthenticationManagerCocoa.mm */; };
+ 57B4B46020B504AC00D4AD79 /* ClientCertificateAuthenticationXPCConstants.h in Headers */ = {isa = PBXBuildFile; fileRef = 57B4B45E20B504AB00D4AD79 /* ClientCertificateAuthenticationXPCConstants.h */; };
5C0B17781E7C880E00E9123C /* NetworkSocketStreamMessageReceiver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5C0B17741E7C879C00E9123C /* NetworkSocketStreamMessageReceiver.cpp */; };
5C0B17791E7C882100E9123C /* WebSocketStreamMessageReceiver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5C0B17761E7C879C00E9123C /* WebSocketStreamMessageReceiver.cpp */; };
5C0B177C1E7C885400E9123C /* WebSocketStream.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5C0B177A1E7C884F00E9123C /* WebSocketStream.cpp */; };
@@ -3656,6 +3661,9 @@
539EB5471DC2EE40009D48CF /* NetworkDataTaskBlob.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = NetworkDataTaskBlob.h; path = NetworkProcess/NetworkDataTaskBlob.h; sourceTree = "<group>"; };
53DEA3651DDE422E00E82648 /* json.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; name = json.hpp; path = NetworkProcess/capture/json.hpp; sourceTree = "<group>"; };
53F3CAA5206C443E0086490E /* NetworkActivityTracker.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = NetworkActivityTracker.cpp; path = NetworkProcess/NetworkActivityTracker.cpp; sourceTree = "<group>"; };
+ 570AB8F220AE3BD700B8BE87 /* SecKeyProxyStore.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecKeyProxyStore.h; sourceTree = "<group>"; };
+ 570AB90020B2517400B8BE87 /* AuthenticationChallengeProxyCocoa.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = AuthenticationChallengeProxyCocoa.mm; sourceTree = "<group>"; };
+ 570AB90320B2541C00B8BE87 /* SecKeyProxyStore.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = SecKeyProxyStore.mm; sourceTree = "<group>"; };
575075A720AB763600693EA9 /* WebCredentialMac.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = WebCredentialMac.mm; sourceTree = "<group>"; };
5750F32A2032D4E500389347 /* LocalAuthentication.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = LocalAuthentication.framework; path = System/Library/Frameworks/LocalAuthentication.framework; sourceTree = SDKROOT; };
5760828B2029854200116678 /* WebCredentialsMessenger.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WebCredentialsMessenger.h; sourceTree = "<group>"; };
@@ -3668,6 +3676,8 @@
57608299202BDAE200116678 /* WebCredentialsMessengerProxy.messages.in */ = {isa = PBXFileReference; lastKnownFileType = text; path = WebCredentialsMessengerProxy.messages.in; sourceTree = "<group>"; };
5760829A202BEE5A00116678 /* WebCredentialsMessengerProxyMessageReceiver.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WebCredentialsMessengerProxyMessageReceiver.cpp; sourceTree = "<group>"; };
5760829B202BEE5A00116678 /* WebCredentialsMessengerProxyMessages.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WebCredentialsMessengerProxyMessages.h; sourceTree = "<group>"; };
+ 57B4B45D20B504AB00D4AD79 /* AuthenticationManagerCocoa.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = AuthenticationManagerCocoa.mm; path = Authentication/cocoa/AuthenticationManagerCocoa.mm; sourceTree = "<group>"; };
+ 57B4B45E20B504AB00D4AD79 /* ClientCertificateAuthenticationXPCConstants.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ClientCertificateAuthenticationXPCConstants.h; path = Authentication/cocoa/ClientCertificateAuthenticationXPCConstants.h; sourceTree = "<group>"; };
5C0B17741E7C879C00E9123C /* NetworkSocketStreamMessageReceiver.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NetworkSocketStreamMessageReceiver.cpp; sourceTree = "<group>"; };
5C0B17751E7C879C00E9123C /* NetworkSocketStreamMessages.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NetworkSocketStreamMessages.h; sourceTree = "<group>"; };
5C0B17761E7C879C00E9123C /* WebSocketStreamMessageReceiver.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WebSocketStreamMessageReceiver.cpp; sourceTree = "<group>"; };
@@ -6525,6 +6535,7 @@
512F588D12A8836F00629530 /* Authentication */ = {
isa = PBXGroup;
children = (
+ 570AB8F620AE81AB00B8BE87 /* cocoa */,
575075A620AB75AB00693EA9 /* mac */,
512F588E12A8838800629530 /* AuthenticationChallengeProxy.cpp */,
512F588F12A8838800629530 /* AuthenticationChallengeProxy.h */,
@@ -6625,6 +6636,7 @@
518E8EF116B208F000E91429 /* Authentication */ = {
isa = PBXGroup;
children = (
+ 57B4B45C20B5048B00D4AD79 /* cocoa */,
518E8EF316B2091C00E91429 /* AuthenticationManager.cpp */,
518E8EF416B2091C00E91429 /* AuthenticationManager.h */,
518E8EF516B2091C00E91429 /* AuthenticationManager.messages.in */,
@@ -6751,6 +6763,16 @@
name = capture;
sourceTree = "<group>";
};
+ 570AB8F620AE81AB00B8BE87 /* cocoa */ = {
+ isa = PBXGroup;
+ children = (
+ 570AB90020B2517400B8BE87 /* AuthenticationChallengeProxyCocoa.mm */,
+ 570AB8F220AE3BD700B8BE87 /* SecKeyProxyStore.h */,
+ 570AB90320B2541C00B8BE87 /* SecKeyProxyStore.mm */,
+ );
+ path = cocoa;
+ sourceTree = "<group>";
+ };
575075A620AB75AB00693EA9 /* mac */ = {
isa = PBXGroup;
children = (
@@ -6787,6 +6809,15 @@
path = CredentialManagement;
sourceTree = "<group>";
};
+ 57B4B45C20B5048B00D4AD79 /* cocoa */ = {
+ isa = PBXGroup;
+ children = (
+ 57B4B45D20B504AB00D4AD79 /* AuthenticationManagerCocoa.mm */,
+ 57B4B45E20B504AB00D4AD79 /* ClientCertificateAuthenticationXPCConstants.h */,
+ );
+ name = cocoa;
+ sourceTree = "<group>";
+ };
5C1426F11C23F81700D41183 /* Downloads */ = {
isa = PBXGroup;
children = (
@@ -8874,6 +8905,7 @@
51FAEC3A1B0657630009C4E7 /* ChildProcessMessages.h in Headers */,
E1513C67166EABB200149FCB /* ChildProcessProxy.h in Headers */,
290F4272172A0C7400939FF0 /* ChildProcessSupplement.h in Headers */,
+ 57B4B46020B504AC00D4AD79 /* ClientCertificateAuthenticationXPCConstants.h in Headers */,
CE11AD521CBC482F00681EE5 /* CodeSigning.h in Headers */,
37BEC4E119491486008B4286 /* CompletionHandlerCallChecker.h in Headers */,
37C4E9F6131C6E7E0029BD5A /* config.h in Headers */,
@@ -9152,6 +9184,7 @@
511F8A7B138B460900A95F44 /* SecItemShimLibrary.h in Headers */,
E18E690C169B563F009B6670 /* SecItemShimProxy.h in Headers */,
E18E6918169B667B009B6670 /* SecItemShimProxyMessages.h in Headers */,
+ 570AB8F320AE3BD700B8BE87 /* SecKeyProxyStore.h in Headers */,
514D9F5719119D35000063A7 /* ServicesController.h in Headers */,
414DEDD71F9EDDE50047C40D /* ServiceWorkerProcessProxy.h in Headers */,
1AFDE65A1954A42B00C48FFA /* SessionState.h in Headers */,
@@ -10503,8 +10536,10 @@
BCEE966C112FAF57006BCC24 /* Attachment.cpp in Sources */,
E1A31735134CEA80007C9A4F /* AttributedString.mm in Sources */,
512F589612A8838800629530 /* AuthenticationChallengeProxy.cpp in Sources */,
+ 570AB90220B2517400B8BE87 /* AuthenticationChallengeProxyCocoa.mm in Sources */,
512F589812A8838800629530 /* AuthenticationDecisionListener.cpp in Sources */,
518E8EF816B2091C00E91429 /* AuthenticationManager.cpp in Sources */,
+ 57B4B45F20B504AC00D4AD79 /* AuthenticationManagerCocoa.mm in Sources */,
512F58A212A883AD00629530 /* AuthenticationManagerMessageReceiver.cpp in Sources */,
9955A6F41C7986DC00EB6A93 /* AutomationBackendDispatchers.cpp in Sources */,
99C81D591C20E1E5005C4C82 /* AutomationClient.mm in Sources */,
@@ -10829,6 +10864,7 @@
E179088D169BAA62006904C7 /* SecItemShim.cpp in Sources */,
E18E690B169B563F009B6670 /* SecItemShimProxy.cpp in Sources */,
E18E6917169B667B009B6670 /* SecItemShimProxyMessageReceiver.cpp in Sources */,
+ 570AB90420B2541D00B8BE87 /* SecKeyProxyStore.mm in Sources */,
514D9F5819119D35000063A7 /* ServicesController.mm in Sources */,
4131F3D11F96BCCC0059995A /* ServiceWorkerClientFetch.cpp in Sources */,
617A52D81F43A9DA00DCDC0A /* ServiceWorkerClientFetchMessageReceiver.cpp in Sources */,
