Diff
Modified: trunk/LayoutTests/ChangeLog (240688 => 240689)
--- trunk/LayoutTests/ChangeLog 2019-01-30 00:14:44 UTC (rev 240688)
+++ trunk/LayoutTests/ChangeLog 2019-01-30 00:16:39 UTC (rev 240689)
@@ -1,3 +1,13 @@
+2019-01-29 Youenn Fablet <[email protected]>
+
+ Adopt new SPI to evaluate server certificate trust
+ https://bugs.webkit.org/show_bug.cgi?id=193355
+
+ Reviewed by Alex Christensen.
+
+ * http/tests/ssl/certificate-validation-expected.txt: Added.
+ * http/tests/ssl/certificate-validation.html: Added.
+
2019-01-29 Shawn Roberts <[email protected]>
[ Mac WK2 ] Layout Test http/tests/cache-storage/cache-clearing-origin.https.html is flaky
Added: trunk/LayoutTests/http/tests/ssl/certificate-validation-expected.txt (0 => 240689)
--- trunk/LayoutTests/http/tests/ssl/certificate-validation-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/ssl/certificate-validation-expected.txt 2019-01-30 00:16:39 UTC (rev 240689)
@@ -0,0 +1,3 @@
+
+PASS Certificate validation in Network Process
+
Added: trunk/LayoutTests/http/tests/ssl/certificate-validation.html (0 => 240689)
--- trunk/LayoutTests/http/tests/ssl/certificate-validation.html (rev 0)
+++ trunk/LayoutTests/http/tests/ssl/certificate-validation.html 2019-01-30 00:16:39 UTC (rev 240689)
@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Certificate validation in Network Process</title>
+<script src=""
+<script src=""
+</head>
+<body>
+<script>
+function with_iframe(url) {
+ return new Promise(function(resolve) {
+ var frame = document.createElement('iframe');
+ frame.className = 'test-iframe';
+ frame.src = ""
+ frame._onload_ = function() { resolve(frame); };
+ document.body.appendChild(frame);
+ });
+}
+
+async function doTest()
+{
+ assert_true(!!window.testRunner, "Test requires testRunner");
+
+ if (!window.testRunner.canDoServerTrustEvaluationInNetworkProcess)
+ return;
+
+ window.testRunner.setAllowsAnySSLCertificate(false);
+ // This should trigger network process server trust evaluation.
+ window.testRunner.setCanHandleHTTPSServerTrustEvaluation(false);
+
+ // Crash network process to make sure we create new HTTPS connections.
+ window.testRunner.terminateNetworkProcess();
+
+ const currentCallbackCounts = window.testRunner.serverTrustEvaluationCallbackCallsCount;
+
+ const iframe = await with_iframe("https://localhost:8443");
+ iframe.remove();
+
+ assert_equals(window.testRunner.serverTrustEvaluationCallbackCallsCount - currentCallbackCounts, 1);
+}
+
+doTest().then(done, (e) => { assert_unreached("test failed: " + e); done(); });
+
+</script>
+</body>
+</html>
Modified: trunk/Source/WTF/wtf/Platform.h (240688 => 240689)
--- trunk/Source/WTF/wtf/Platform.h 2019-01-30 00:14:44 UTC (rev 240688)
+++ trunk/Source/WTF/wtf/Platform.h 2019-01-30 00:16:39 UTC (rev 240689)
@@ -1484,5 +1484,9 @@
#endif
#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500) || (PLATFORM(IOS_FAMILY) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 130000)
+#define HAVE_CFNETWORK_NSURLSESSION_STRICTRUSTEVALUATE 1
+#endif
+
+#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500) || (PLATFORM(IOS_FAMILY) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 130000)
#define HAVE_CFNETWORK_NEGOTIATED_SSL_PROTOCOL_CIPHER 1
#endif
Modified: trunk/Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h (240688 => 240689)
--- trunk/Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h 2019-01-30 00:14:44 UTC (rev 240688)
+++ trunk/Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h 2019-01-30 00:16:39 UTC (rev 240689)
@@ -231,6 +231,12 @@
@end
#endif
+#if HAVE(CFNETWORK_NSURLSESSION_STRICTRUSTEVALUATE)
+@interface NSURLSession (SPI)
++ (void)_strictTrustEvaluate:(NSURLAuthenticationChallenge *)challenge queue:(dispatch_queue_t)queue completionHandler:(void (^)(NSURLAuthenticationChallenge *challenge, OSStatus trustResult))cb;
+@end
+#endif
+
extern NSString * const NSURLAuthenticationMethodOAuth;
#endif // defined(__OBJC__)
Modified: trunk/Source/WebKit/ChangeLog (240688 => 240689)
--- trunk/Source/WebKit/ChangeLog 2019-01-30 00:14:44 UTC (rev 240688)
+++ trunk/Source/WebKit/ChangeLog 2019-01-30 00:16:39 UTC (rev 240689)
@@ -1,3 +1,20 @@
+2019-01-29 Youenn Fablet <[email protected]>
+
+ Adopt new SPI to evaluate server certificate trust
+ https://bugs.webkit.org/show_bug.cgi?id=193355
+
+ Reviewed by Alex Christensen.
+
+ Use new SPI provided in NSURLSession to evaluate server certificates.
+ If successful, let loading proceed as usual.
+ Otherwise, go to the UIProcess to ask for a decision on continuing the load or not.
+
+ * NetworkProcess/cocoa/NetworkSessionCocoa.h:
+ * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+ (canNSURLSessionTrustEvaluate):
+ (-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
+ (WebKit::NetworkSessionCocoa::continueDidReceiveChallenge):
+
2019-01-29 Tim Horton <[email protected]>
Fix the build
Modified: trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h (240688 => 240689)
--- trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h 2019-01-30 00:14:44 UTC (rev 240688)
+++ trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h 2019-01-30 00:16:39 UTC (rev 240689)
@@ -62,6 +62,8 @@
static bool allowsSpecificHTTPSCertificateForHost(const WebCore::AuthenticationChallenge&);
+ void continueDidReceiveChallenge(const WebCore::AuthenticationChallenge&, NetworkDataTaskCocoa::TaskIdentifier, NetworkDataTaskCocoa*, CompletionHandler<void(WebKit::AuthenticationChallengeDisposition, const WebCore::Credential&)>&&);
+
private:
NetworkSessionCocoa(NetworkProcess&, NetworkSessionCreationParameters&&);
Modified: trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm (240688 => 240689)
--- trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2019-01-30 00:14:44 UTC (rev 240688)
+++ trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2019-01-30 00:16:39 UTC (rev 240689)
@@ -521,6 +521,30 @@
completionHandler(proposedResponse);
}
+#if HAVE(CFNETWORK_NSURLSESSION_STRICTRUSTEVALUATE)
+static bool canNSURLSessionTrustEvaluate()
+{
+ return [NSURLSession respondsToSelector:@selector(_strictTrustEvaluate: queue: completionHandler:)];
+}
+
+static inline void processServerTrustEvaluation(NetworkSessionCocoa *session, NSURLAuthenticationChallenge *challenge, OSStatus trustResult, NetworkDataTaskCocoa::TaskIdentifier taskIdentifier, NetworkDataTaskCocoa* networkDataTask, CompletionHandler<void(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential)>&& completionHandler)
+{
+ if (trustResult == noErr) {
+ completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
+ return;
+ }
+
+ session->continueDidReceiveChallenge(challenge, taskIdentifier, networkDataTask, [completionHandler = WTFMove(completionHandler), secTrust = retainPtr(challenge.protectionSpace.serverTrust)] (WebKit::AuthenticationChallengeDisposition disposition, const WebCore::Credential& credential) mutable {
+ // FIXME: UIProcess should send us back non nil credentials but the credential IPC encoder currently only serializes ns credentials for username/password.
+ if (disposition == WebKit::AuthenticationChallengeDisposition::UseCredential && !credential.nsCredential()) {
+ completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust: secTrust.get()]);
+ return;
+ }
+ completionHandler(toNSURLSessionAuthChallengeDisposition(disposition), credential.nsCredential());
+ });
+}
+#endif
+
- (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler
{
if (!_session) {
@@ -543,61 +567,23 @@
return completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
// Handle server trust evaluation at platform-level if requested, for performance reasons and to use ATS defaults.
- if (!_session->networkProcess().canHandleHTTPSServerTrustEvaluation())
- return completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace, nil);
- }
-
- if (auto* networkDataTask = [self existingTask:task]) {
- WebCore::AuthenticationChallenge authenticationChallenge(challenge);
- auto completionHandlerCopy = Block_copy(completionHandler);
- auto sessionID = _session->sessionID();
- auto challengeCompletionHandler = [networkProcess = makeRef(_session->networkProcess()), completionHandlerCopy, sessionID, authenticationChallenge, taskIdentifier, partition = networkDataTask->partition()](WebKit::AuthenticationChallengeDisposition disposition, const WebCore::Credential& credential)
- {
-#if !LOG_DISABLED
- LOG(NetworkSession, "%llu didReceiveChallenge completionHandler %d", taskIdentifier, disposition);
-#else
- UNUSED_PARAM(taskIdentifier);
-#endif
-#if !USE(CREDENTIAL_STORAGE_WITH_NETWORK_SESSION)
- UNUSED_PARAM(sessionID);
- UNUSED_PARAM(authenticationChallenge);
-#else
- if (credential.persistence() == WebCore::CredentialPersistenceForSession && authenticationChallenge.protectionSpace().isPasswordBased()) {
-
- WebCore::Credential nonPersistentCredential(credential.user(), credential.password(), WebCore::CredentialPersistenceNone);
- URL urlToStore;
- if (authenticationChallenge.failureResponse().httpStatusCode() == 401)
- urlToStore = authenticationChallenge.failureResponse().url();
- if (auto storageSession = networkProcess->storageSession(sessionID))
- storageSession->credentialStorage().set(partition, nonPersistentCredential, authenticationChallenge.protectionSpace(), urlToStore);
- else
- ASSERT_NOT_REACHED();
-
- completionHandlerCopy(toNSURLSessionAuthChallengeDisposition(disposition), nonPersistentCredential.nsCredential());
- } else
-#endif
- completionHandlerCopy(toNSURLSessionAuthChallengeDisposition(disposition), credential.nsCredential());
- Block_release(completionHandlerCopy);
- };
- networkDataTask->didReceiveChallenge(challenge, WTFMove(challengeCompletionHandler));
- } else {
- auto downloadID = _session->downloadID(taskIdentifier);
- if (downloadID.downloadID()) {
- if (auto* download = _session->networkProcess().downloadManager().download(downloadID)) {
- // Received an authentication challenge for a download being resumed.
- WebCore::AuthenticationChallenge authenticationChallenge { challenge };
- auto completionHandlerCopy = Block_copy(completionHandler);
- auto challengeCompletionHandler = [completionHandlerCopy, authenticationChallenge](WebKit::AuthenticationChallengeDisposition disposition, const WebCore::Credential& credential) {
- completionHandlerCopy(toNSURLSessionAuthChallengeDisposition(disposition), credential.nsCredential());
- Block_release(completionHandlerCopy);
- };
- download->didReceiveChallenge(challenge, WTFMove(challengeCompletionHandler));
+ if (!_session->networkProcess().canHandleHTTPSServerTrustEvaluation()) {
+#if HAVE(CFNETWORK_NSURLSESSION_STRICTRUSTEVALUATE)
+ if (canNSURLSessionTrustEvaluate()) {
+ auto* networkDataTask = [self existingTask:task];
+ auto decisionHandler = makeBlockPtr([_session = _session.copyRef(), completionHandler = makeBlockPtr(completionHandler), taskIdentifier, networkDataTask = RefPtr<NetworkDataTaskCocoa>(networkDataTask)](NSURLAuthenticationChallenge *challenge, OSStatus trustResult) mutable {
+ processServerTrustEvaluation(_session.get(), challenge, trustResult, taskIdentifier, networkDataTask.get(), WTFMove(completionHandler));
+ });
+ [NSURLSession _strictTrustEvaluate:challenge queue:[NSOperationQueue mainQueue].underlyingQueue completionHandler:decisionHandler.get()];
return;
}
+#endif
+ return completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace, nil);
}
- LOG(NetworkSession, "%llu didReceiveChallenge completionHandler (cancel)", taskIdentifier);
- completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, nil);
}
+ _session->continueDidReceiveChallenge(challenge, taskIdentifier, [self existingTask:task], [completionHandler = makeBlockPtr(completionHandler)] (WebKit::AuthenticationChallengeDisposition disposition, const WebCore::Credential& credential) mutable {
+ completionHandler(toNSURLSessionAuthChallengeDisposition(disposition), credential.nsCredential());
+ });
}
- (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task didCompleteWithError:(NSError *)error
@@ -1053,4 +1039,52 @@
return certificatesMatch(trust.get(), challenge.nsURLAuthenticationChallenge().protectionSpace.serverTrust);
}
+void NetworkSessionCocoa::continueDidReceiveChallenge(const WebCore::AuthenticationChallenge& challenge, NetworkDataTaskCocoa::TaskIdentifier taskIdentifier, NetworkDataTaskCocoa* networkDataTask, CompletionHandler<void(WebKit::AuthenticationChallengeDisposition, const WebCore::Credential&)>&& completionHandler)
+{
+ if (!networkDataTask) {
+ auto downloadID = this->downloadID(taskIdentifier);
+ if (downloadID.downloadID()) {
+ if (auto* download = networkProcess().downloadManager().download(downloadID)) {
+ WebCore::AuthenticationChallenge authenticationChallenge { challenge };
+ // Received an authentication challenge for a download being resumed.
+ download->didReceiveChallenge(authenticationChallenge, WTFMove(completionHandler));
+ return;
+ }
+ }
+ LOG(NetworkSession, "%llu didReceiveChallenge completionHandler (cancel)", taskIdentifier);
+ completionHandler(AuthenticationChallengeDisposition::Cancel, { });
+ return;
+ }
+
+ auto sessionID = this->sessionID();
+ WebCore::AuthenticationChallenge authenticationChallenge { challenge };
+ auto challengeCompletionHandler = [completionHandler = WTFMove(completionHandler), networkProcess = makeRef(networkProcess()), sessionID, authenticationChallenge, taskIdentifier, partition = networkDataTask->partition()](WebKit::AuthenticationChallengeDisposition disposition, const WebCore::Credential& credential) mutable {
+#if !LOG_DISABLED
+ LOG(NetworkSession, "%llu didReceiveChallenge completionHandler %d", taskIdentifier, disposition);
+#else
+ UNUSED_PARAM(taskIdentifier);
+#endif
+#if !USE(CREDENTIAL_STORAGE_WITH_NETWORK_SESSION)
+ UNUSED_PARAM(sessionID);
+ UNUSED_PARAM(authenticationChallenge);
+#else
+ if (credential.persistence() == WebCore::CredentialPersistenceForSession && authenticationChallenge.protectionSpace().isPasswordBased()) {
+ WebCore::Credential nonPersistentCredential(credential.user(), credential.password(), WebCore::CredentialPersistenceNone);
+ URL urlToStore;
+ if (authenticationChallenge.failureResponse().httpStatusCode() == 401)
+ urlToStore = authenticationChallenge.failureResponse().url();
+ if (auto storageSession = networkProcess->storageSession(sessionID))
+ storageSession->credentialStorage().set(partition, nonPersistentCredential, authenticationChallenge.protectionSpace(), urlToStore);
+ else
+ ASSERT_NOT_REACHED();
+
+ completionHandler(disposition, nonPersistentCredential);
+ return;
+ }
+#endif
+ completionHandler(disposition, credential);
+ };
+ networkDataTask->didReceiveChallenge(WTFMove(authenticationChallenge), WTFMove(challengeCompletionHandler));
}
+
+}
Modified: trunk/Tools/ChangeLog (240688 => 240689)
--- trunk/Tools/ChangeLog 2019-01-30 00:14:44 UTC (rev 240688)
+++ trunk/Tools/ChangeLog 2019-01-30 00:16:39 UTC (rev 240689)
@@ -1,3 +1,29 @@
+2019-01-29 Youenn Fablet <[email protected]>
+
+ Adopt new SPI to evaluate server certificate trust
+ https://bugs.webkit.org/show_bug.cgi?id=193355
+
+ Reviewed by Alex Christensen.
+
+ Add infrastructure to handle HTTPS server trust evaluation testing.
+
+ * WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
+ * WebKitTestRunner/InjectedBundle/TestRunner.cpp:
+ (WTR::TestRunner::setCanHandleHTTPSServerTrustEvaluation):
+ (WTR::TestRunner::canDoServerTrustEvaluationInNetworkProcess):
+ (WTR::TestRunner::serverTrustEvaluationCallbackCallsCount):
+ * WebKitTestRunner/InjectedBundle/TestRunner.h:
+ * WebKitTestRunner/TestController.cpp:
+ (WTR::TestController::resetPreferencesToConsistentValues):
+ (WTR::TestController::didReceiveAuthenticationChallenge):
+ (WTR::TestController::canDoServerTrustEvaluationInNetworkProcess const):
+ * WebKitTestRunner/TestController.h:
+ (WTR::TestController::serverTrustEvaluationCallbackCallsCount const):
+ * WebKitTestRunner/TestInvocation.cpp:
+ (WTR::TestInvocation::didReceiveSynchronousMessageFromInjectedBundle):
+ * WebKitTestRunner/cocoa/TestControllerCocoa.mm:
+ (WTR::TestController::canDoServerTrustEvaluationInNetworkProcess const):
+
2019-01-29 Aakash Jain <[email protected]>
[ews-build] Add build step to print bot Configuration
Modified: trunk/Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl (240688 => 240689)
--- trunk/Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl 2019-01-30 00:14:44 UTC (rev 240688)
+++ trunk/Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl 2019-01-30 00:16:39 UTC (rev 240689)
@@ -338,6 +338,10 @@
void terminateNetworkProcess();
void terminateServiceWorkerProcess();
+ void setCanHandleHTTPSServerTrustEvaluation(boolean canHandle);
+ readonly attribute boolean canDoServerTrustEvaluationInNetworkProcess;
+ readonly attribute unsigned long serverTrustEvaluationCallbackCallsCount;
+
readonly attribute boolean didCancelClientRedirect;
void removeAllSessionCredentials(object callback);
Modified: trunk/Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp (240688 => 240689)
--- trunk/Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp 2019-01-30 00:14:44 UTC (rev 240688)
+++ trunk/Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp 2019-01-30 00:16:39 UTC (rev 240689)
@@ -2690,4 +2690,29 @@
return WKBooleanGetValue(adoptWK(static_cast<WKBooleanRef>(returnData)).get());
}
+void TestRunner::setCanHandleHTTPSServerTrustEvaluation(bool canHandle)
+{
+ WKRetainPtr<WKStringRef> messageName(AdoptWK, WKStringCreateWithUTF8CString("SetCanHandleHTTPSServerTrustEvaluation"));
+ WKRetainPtr<WKBooleanRef> messageBody(AdoptWK, WKBooleanCreate(canHandle));
+ WKBundlePostSynchronousMessage(InjectedBundle::singleton().bundle(), messageName.get(), messageBody.get(), nullptr);
+}
+
+bool TestRunner::canDoServerTrustEvaluationInNetworkProcess()
+{
+ WKRetainPtr<WKStringRef> messageName(AdoptWK, WKStringCreateWithUTF8CString("CanDoServerTrustEvaluationInNetworkProcess"));
+ WKTypeRef returnData = nullptr;
+ WKBundlePagePostSynchronousMessageForTesting(InjectedBundle::singleton().page()->page(), messageName.get(), nullptr, &returnData);
+ ASSERT(WKGetTypeID(returnData) == WKBooleanGetTypeID());
+ return WKBooleanGetValue(adoptWK(static_cast<WKBooleanRef>(returnData)).get());
+}
+
+unsigned long TestRunner::serverTrustEvaluationCallbackCallsCount()
+{
+ WKRetainPtr<WKStringRef> messageName(AdoptWK, WKStringCreateWithUTF8CString("ServerTrustEvaluationCallbackCallsCount"));
+ WKTypeRef returnData = nullptr;
+ WKBundlePagePostSynchronousMessageForTesting(InjectedBundle::singleton().page()->page(), messageName.get(), nullptr, &returnData);
+ ASSERT(WKGetTypeID(returnData) == WKUInt64GetTypeID());
+ return WKUInt64GetValue(adoptWK(static_cast<WKUInt64Ref>(returnData)).get());
+}
+
} // namespace WTR
Modified: trunk/Tools/WebKitTestRunner/InjectedBundle/TestRunner.h (240688 => 240689)
--- trunk/Tools/WebKitTestRunner/InjectedBundle/TestRunner.h 2019-01-30 00:14:44 UTC (rev 240688)
+++ trunk/Tools/WebKitTestRunner/InjectedBundle/TestRunner.h 2019-01-30 00:16:39 UTC (rev 240689)
@@ -481,6 +481,10 @@
void cleanUpKeychain(JSStringRef attrLabel);
bool keyExistsInKeychain(JSStringRef attrLabel, JSStringRef applicationTagBase64);
+ void setCanHandleHTTPSServerTrustEvaluation(bool canHandle);
+ bool canDoServerTrustEvaluationInNetworkProcess();
+ unsigned long serverTrustEvaluationCallbackCallsCount();
+
private:
TestRunner();
Modified: trunk/Tools/WebKitTestRunner/TestController.cpp (240688 => 240689)
--- trunk/Tools/WebKitTestRunner/TestController.cpp 2019-01-30 00:14:44 UTC (rev 240688)
+++ trunk/Tools/WebKitTestRunner/TestController.cpp 2019-01-30 00:16:39 UTC (rev 240689)
@@ -824,6 +824,8 @@
WKPreferencesSetWebSQLDisabled(preferences, false);
+ m_serverTrustEvaluationCallbackCallsCount = 0;
+
platformResetPreferencesToConsistentValues();
}
@@ -2060,6 +2062,8 @@
// Any non-empty credential signals to accept the server trust. Since the cross-platform API
// doesn't expose a way to create a credential from server trust, we use a password credential.
+ m_serverTrustEvaluationCallbackCallsCount++;
+
WKRetainPtr<WKCredentialRef> credential = adoptWK(WKCredentialCreate(toWK("accept server trust").get(), toWK("").get(), kWKCredentialPersistenceNone));
WKAuthenticationDecisionListenerUseCredential(decisionListener, credential.get());
return;
@@ -3223,6 +3227,12 @@
{
return false;
}
+
+bool TestController::canDoServerTrustEvaluationInNetworkProcess() const
+{
+ return false;
+}
+
#endif
void TestController::sendDisplayConfigurationChangedMessageForTesting()
Modified: trunk/Tools/WebKitTestRunner/TestController.h (240688 => 240689)
--- trunk/Tools/WebKitTestRunner/TestController.h 2019-01-30 00:14:44 UTC (rev 240688)
+++ trunk/Tools/WebKitTestRunner/TestController.h 2019-01-30 00:16:39 UTC (rev 240689)
@@ -281,6 +281,9 @@
UIKeyboardInputMode *overriddenKeyboardInputMode() const { return m_overriddenKeyboardInputMode.get(); }
#endif
+ bool canDoServerTrustEvaluationInNetworkProcess() const;
+ uint64_t serverTrustEvaluationCallbackCallsCount() const { return m_serverTrustEvaluationCallbackCallsCount; }
+
private:
WKRetainPtr<WKPageConfigurationRef> generatePageConfiguration(WKContextConfigurationRef);
WKRetainPtr<WKContextConfigurationRef> generateContextConfiguration() const;
@@ -534,6 +537,8 @@
{ }
};
HashMap<uint64_t, AbandonedDocumentInfo> m_abandonedDocumentInfo;
+
+ uint64_t m_serverTrustEvaluationCallbackCallsCount { 0 };
};
struct TestCommand {
Modified: trunk/Tools/WebKitTestRunner/TestInvocation.cpp (240688 => 240689)
--- trunk/Tools/WebKitTestRunner/TestInvocation.cpp 2019-01-30 00:14:44 UTC (rev 240688)
+++ trunk/Tools/WebKitTestRunner/TestInvocation.cpp 2019-01-30 00:16:39 UTC (rev 240689)
@@ -1522,6 +1522,23 @@
return result;
}
+ if (WKStringIsEqualToUTF8CString(messageName, "SetCanHandleHTTPSServerTrustEvaluation")) {
+ ASSERT(WKGetTypeID(messageBody) == WKBooleanGetTypeID());
+ auto canHandle = WKBooleanGetValue(static_cast<WKBooleanRef>(messageBody));
+ WKContextSetCanHandleHTTPSServerTrustEvaluation(TestController::singleton().context(), canHandle);
+ return nullptr;
+ }
+
+ if (WKStringIsEqualToUTF8CString(messageName, "CanDoServerTrustEvaluationInNetworkProcess")) {
+ WKRetainPtr<WKTypeRef> result(AdoptWK, WKBooleanCreate(TestController::singleton().canDoServerTrustEvaluationInNetworkProcess()));
+ return result;
+ }
+
+ if (WKStringIsEqualToUTF8CString(messageName, "ServerTrustEvaluationCallbackCallsCount")) {
+ WKRetainPtr<WKTypeRef> result(AdoptWK, WKUInt64Create(TestController::singleton().serverTrustEvaluationCallbackCallsCount()));
+ return result;
+ }
+
ASSERT_NOT_REACHED();
return nullptr;
}
Modified: trunk/Tools/WebKitTestRunner/cocoa/TestControllerCocoa.mm (240688 => 240689)
--- trunk/Tools/WebKitTestRunner/cocoa/TestControllerCocoa.mm 2019-01-30 00:14:44 UTC (rev 240688)
+++ trunk/Tools/WebKitTestRunner/cocoa/TestControllerCocoa.mm 2019-01-30 00:16:39 UTC (rev 240689)
@@ -405,4 +405,13 @@
#endif
}
+bool TestController::canDoServerTrustEvaluationInNetworkProcess() const
+{
+#if HAVE(CFNETWORK_NSURLSESSION_STRICTRUSTEVALUATE)
+ return true;
+#else
+ return false;
+#endif
+}
+
} // namespace WTR
