Diff
Modified: trunk/LayoutTests/ChangeLog (243653 => 243654)
--- trunk/LayoutTests/ChangeLog 2019-03-29 18:39:51 UTC (rev 243653)
+++ trunk/LayoutTests/ChangeLog 2019-03-29 19:03:16 UTC (rev 243654)
@@ -1,3 +1,13 @@
+2019-03-29 Takashi Komori <takashi.kom...@sony.com>
+
+ [Curl] Add Server Trust Evaluation Support.
+ https://bugs.webkit.org/show_bug.cgi?id=191646
+
+ Reviewed by Fujii Hironori.
+
+ * platform/wincairo-wk1/TestExpectations:
+ * platform/wincairo/TestExpectations:
+
2019-03-29 Ryosuke Niwa <rn...@webkit.org>
Pasting a table from Confluence strip of table cell content
Modified: trunk/LayoutTests/platform/wincairo/TestExpectations (243653 => 243654)
--- trunk/LayoutTests/platform/wincairo/TestExpectations 2019-03-29 18:39:51 UTC (rev 243653)
+++ trunk/LayoutTests/platform/wincairo/TestExpectations 2019-03-29 19:03:16 UTC (rev 243654)
@@ -949,10 +949,6 @@
http/tests/security/cookies/third-party-cookie-blocking-user-action.html [ Pass ]
http/tests/security/cookies/third-party-cookie-blocking-xslt.xml [ Pass ]
-http/tests/ssl/iframe-upgrade.https.html [ Skip ]
-http/tests/ssl/mixedContent/insecure-websocket.html [ Failure ]
-http/tests/ssl/upgrade-origin-usage.html [ Failure ]
-
http/tests/ssl/media-stream [ Skip ]
[ Debug ] http/tests/storage/callbacks-are-called-in-correct-context.html [ Skip ]
Modified: trunk/LayoutTests/platform/wincairo-wk1/TestExpectations (243653 => 243654)
--- trunk/LayoutTests/platform/wincairo-wk1/TestExpectations 2019-03-29 18:39:51 UTC (rev 243653)
+++ trunk/LayoutTests/platform/wincairo-wk1/TestExpectations 2019-03-29 19:03:16 UTC (rev 243654)
@@ -20,5 +20,10 @@
http/tests/security/cookies/third-party-cookie-blocking-user-action.html [ Skip ]
http/tests/security/cookies/third-party-cookie-blocking-xslt.xml [ Skip ]
+# Server trust evaluation only supported in WK2.
+http/tests/ssl/iframe-upgrade.https.html [ Skip ]
+http/tests/ssl/mixedContent/insecure-websocket.html [ Failure ]
+http/tests/ssl/upgrade-origin-usage.html [ Failure ]
+
# There is not NetworkProcess in WK1, so it can't crash.
http/tests/websocket/tests/hybi/network-process-crash-error.html [ Skip ]
Modified: trunk/Source/WebCore/ChangeLog (243653 => 243654)
--- trunk/Source/WebCore/ChangeLog 2019-03-29 18:39:51 UTC (rev 243653)
+++ trunk/Source/WebCore/ChangeLog 2019-03-29 19:03:16 UTC (rev 243654)
@@ -1,3 +1,28 @@
+2019-03-29 Takashi Komori <takashi.kom...@sony.com>
+
+ [Curl] Add Server Trust Evaluation Support.
+ https://bugs.webkit.org/show_bug.cgi?id=191646
+
+ Reviewed by Fujii Hironori.
+
+ Tests: http/tests/ssl/iframe-upgrade.https.html
+ http/tests/ssl/mixedContent/insecure-websocket.html
+ http/tests/ssl/upgrade-origin-usage.html
+
+ * platform/network/curl/AuthenticationChallenge.h:
+ * platform/network/curl/AuthenticationChallengeCurl.cpp:
+ (WebCore::AuthenticationChallenge::AuthenticationChallenge):
+ (WebCore::AuthenticationChallenge::protectionSpaceForPasswordBased):
+ (WebCore::AuthenticationChallenge::protectionSpaceForServerTrust):
+ (WebCore::AuthenticationChallenge::protectionSpaceFromHandle): Deleted.
+ * platform/network/curl/CurlContext.cpp:
+ (WebCore::CurlHandle::disableServerTrustEvaluation):
+ * platform/network/curl/CurlContext.h:
+ * platform/network/curl/CurlRequest.cpp:
+ (WebCore::CurlRequest::setupTransfer):
+ * platform/network/curl/CurlRequest.h:
+ (WebCore::CurlRequest::disableServerTrustEvaluation):
+
2019-03-29 Ryosuke Niwa <rn...@webkit.org>
Pasting a table from Confluence strip of table cell content
Modified: trunk/Source/WebCore/platform/network/curl/AuthenticationChallenge.h (243653 => 243654)
--- trunk/Source/WebCore/platform/network/curl/AuthenticationChallenge.h 2019-03-29 18:39:51 UTC (rev 243653)
+++ trunk/Source/WebCore/platform/network/curl/AuthenticationChallenge.h 2019-03-29 19:03:16 UTC (rev 243654)
@@ -45,11 +45,14 @@
}
AuthenticationChallenge(const CurlResponse&, unsigned, const ResourceResponse&, AuthenticationClient* = nullptr);
+ AuthenticationChallenge(const URL&, const CertificateInfo&, const ResourceError&, AuthenticationClient* = nullptr);
+
AuthenticationClient* authenticationClient() const { return m_authenticationClient.get(); }
private:
ProtectionSpaceServerType protectionSpaceServerTypeFromURI(const URL&, bool isForProxy);
- ProtectionSpace protectionSpaceFromHandle(const CurlResponse&, const ResourceResponse&);
+ ProtectionSpace protectionSpaceForPasswordBased(const CurlResponse&, const ResourceResponse&);
+ ProtectionSpace protectionSpaceForServerTrust(const URL&, const CertificateInfo&);
Optional<uint16_t> determineProxyPort(const URL&);
ProtectionSpaceAuthenticationScheme authenticationSchemeFromCurlAuth(long);
String parseRealm(const ResourceResponse&);
Modified: trunk/Source/WebCore/platform/network/curl/AuthenticationChallengeCurl.cpp (243653 => 243654)
--- trunk/Source/WebCore/platform/network/curl/AuthenticationChallengeCurl.cpp 2019-03-29 18:39:51 UTC (rev 243653)
+++ trunk/Source/WebCore/platform/network/curl/AuthenticationChallengeCurl.cpp 2019-03-29 19:03:16 UTC (rev 243654)
@@ -35,11 +35,17 @@
namespace WebCore {
AuthenticationChallenge::AuthenticationChallenge(const CurlResponse& curlResponse, unsigned previousFailureCount, const ResourceResponse& response, AuthenticationClient* client)
- : AuthenticationChallengeBase(protectionSpaceFromHandle(curlResponse, response), Credential(), previousFailureCount, response, ResourceError())
+ : AuthenticationChallengeBase(protectionSpaceForPasswordBased(curlResponse, response), Credential(), previousFailureCount, response, ResourceError())
, m_authenticationClient(client)
{
}
+AuthenticationChallenge::AuthenticationChallenge(const URL& url, const CertificateInfo& certificateInfo, const ResourceError& resourceError, AuthenticationClient* client)
+ : AuthenticationChallengeBase(protectionSpaceForServerTrust(url, certificateInfo), Credential(), 0, ResourceResponse(), resourceError)
+ , m_authenticationClient(client)
+{
+}
+
ProtectionSpaceServerType AuthenticationChallenge::protectionSpaceServerTypeFromURI(const URL& url, bool isForProxy)
{
if (url.protocolIs("https"))
@@ -51,7 +57,7 @@
return isForProxy ? ProtectionSpaceProxyHTTP : ProtectionSpaceServerHTTP;
}
-ProtectionSpace AuthenticationChallenge::protectionSpaceFromHandle(const CurlResponse& curlResponse, const ResourceResponse& response)
+ProtectionSpace AuthenticationChallenge::protectionSpaceForPasswordBased(const CurlResponse& curlResponse, const ResourceResponse& response)
{
if (!response.isUnauthorized() && !response.isProxyAuthenticationRequired())
return ProtectionSpace();
@@ -62,9 +68,18 @@
auto serverType = protectionSpaceServerTypeFromURI(url, isProxyAuth);
auto authenticationScheme = authenticationSchemeFromCurlAuth(isProxyAuth ? curlResponse.availableProxyAuth : curlResponse.availableHttpAuth);
- return ProtectionSpace(url.host().toString(), static_cast<int>(port ? *port : 0), serverType, parseRealm(response), authenticationScheme);
+ return ProtectionSpace(url.host().toString(), static_cast<int>(port.valueOr(0)), serverType, parseRealm(response), authenticationScheme);
}
+ProtectionSpace AuthenticationChallenge::protectionSpaceForServerTrust(const URL& url, const CertificateInfo& certificateInfo)
+{
+ auto port = determineProxyPort(url);
+ auto serverType = protectionSpaceServerTypeFromURI(url, false);
+ auto authenticationScheme = ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested;
+
+ return ProtectionSpace(url.host().toString(), static_cast<int>(port.valueOr(0)), serverType, String(), authenticationScheme, certificateInfo);
+}
+
Optional<uint16_t> AuthenticationChallenge::determineProxyPort(const URL& url)
{
static const uint16_t socksPort = 1080;
Modified: trunk/Source/WebCore/platform/network/curl/CurlContext.cpp (243653 => 243654)
--- trunk/Source/WebCore/platform/network/curl/CurlContext.cpp 2019-03-29 18:39:51 UTC (rev 243653)
+++ trunk/Source/WebCore/platform/network/curl/CurlContext.cpp 2019-03-29 19:03:16 UTC (rev 243654)
@@ -324,6 +324,12 @@
setCACertPath(path->utf8().data());
}
+void CurlHandle::disableServerTrustEvaluation()
+{
+ setSslVerifyPeer(CurlHandle::VerifyPeer::Disable);
+ setSslVerifyHost(CurlHandle::VerifyHost::LooseNameCheck);
+}
+
CURLcode CurlHandle::willSetupSslCtx(void* sslCtx)
{
if (!sslCtx)
Modified: trunk/Source/WebCore/platform/network/curl/CurlContext.h (243653 => 243654)
--- trunk/Source/WebCore/platform/network/curl/CurlContext.h 2019-03-29 18:39:51 UTC (rev 243653)
+++ trunk/Source/WebCore/platform/network/curl/CurlContext.h 2019-03-29 19:03:16 UTC (rev 243654)
@@ -253,6 +253,7 @@
void setHttpAuthUserPass(const String&, const String&, long authType = CURLAUTH_ANY);
+ void disableServerTrustEvaluation();
void setCACertPath(const char*);
void setSslVerifyPeer(VerifyPeer);
void setSslVerifyHost(VerifyHost);
Modified: trunk/Source/WebCore/platform/network/curl/CurlRequest.cpp (243653 => 243654)
--- trunk/Source/WebCore/platform/network/curl/CurlRequest.cpp 2019-03-29 18:39:51 UTC (rev 243653)
+++ trunk/Source/WebCore/platform/network/curl/CurlRequest.cpp 2019-03-29 19:03:16 UTC (rev 243654)
@@ -213,6 +213,9 @@
m_curlHandle->setHttpAuthUserPass(m_user, m_password, m_authType);
}
+ if (m_shouldDisableServerTrustEvaluation)
+ m_curlHandle->disableServerTrustEvaluation();
+
m_curlHandle->setHeaderCallbackFunction(didReceiveHeaderCallback, this);
m_curlHandle->setWriteCallbackFunction(didReceiveDataCallback, this);
Modified: trunk/Source/WebCore/platform/network/curl/CurlRequest.h (243653 => 243654)
--- trunk/Source/WebCore/platform/network/curl/CurlRequest.h 2019-03-29 18:39:51 UTC (rev 243653)
+++ trunk/Source/WebCore/platform/network/curl/CurlRequest.h 2019-03-29 19:03:16 UTC (rev 243654)
@@ -31,7 +31,6 @@
#include "CurlMultipartHandleClient.h"
#include "CurlRequestSchedulerClient.h"
#include "CurlResponse.h"
-#include "CurlSSLVerifier.h"
#include "NetworkLoadMetrics.h"
#include "ProtectionSpace.h"
#include "ResourceRequest.h"
@@ -75,6 +74,7 @@
void invalidateClient();
WEBCORE_EXPORT void setAuthenticationScheme(ProtectionSpaceAuthenticationScheme);
WEBCORE_EXPORT void setUserPass(const String&, const String&);
+ void disableServerTrustEvaluation() { m_shouldDisableServerTrustEvaluation = true; }
void setStartTime(const MonotonicTime& startTime) { m_requestStartTime = startTime; }
void start();
@@ -173,6 +173,7 @@
String m_user;
String m_password;
unsigned long m_authType { CURLAUTH_ANY };
+ bool m_shouldDisableServerTrustEvaluation { false };
bool m_shouldSuspend { false };
bool m_enableMultipart { false };
Modified: trunk/Source/WebKit/ChangeLog (243653 => 243654)
--- trunk/Source/WebKit/ChangeLog 2019-03-29 18:39:51 UTC (rev 243653)
+++ trunk/Source/WebKit/ChangeLog 2019-03-29 19:03:16 UTC (rev 243654)
@@ -1,3 +1,20 @@
+2019-03-29 Takashi Komori <takashi.kom...@sony.com>
+
+ [Curl] Add Server Trust Evaluation Support.
+ https://bugs.webkit.org/show_bug.cgi?id=191646
+
+ Reviewed by Fujii Hironori.
+
+ Tests: http/tests/ssl/iframe-upgrade.https.html
+ http/tests/ssl/mixedContent/insecure-websocket.html
+ http/tests/ssl/upgrade-origin-usage.html
+
+ * NetworkProcess/curl/NetworkDataTaskCurl.cpp:
+ (WebKit::NetworkDataTaskCurl::curlDidFailWithError):
+ (WebKit::NetworkDataTaskCurl::tryServerTrustEvaluation):
+ (WebKit::NetworkDataTaskCurl::restartWithCredential):
+ * NetworkProcess/curl/NetworkDataTaskCurl.h:
+
2019-03-29 Cathie Chen <cathiec...@igalia.com>
Implement ResizeObserver.
Modified: trunk/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp (243653 => 243654)
--- trunk/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp 2019-03-29 18:39:51 UTC (rev 243653)
+++ trunk/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp 2019-03-29 19:03:16 UTC (rev 243654)
@@ -189,11 +189,16 @@
m_client->didCompleteWithError({ }, m_response.deprecatedNetworkLoadMetrics());
}
-void NetworkDataTaskCurl::curlDidFailWithError(CurlRequest&, const ResourceError& resourceError)
+void NetworkDataTaskCurl::curlDidFailWithError(CurlRequest& request, const ResourceError& resourceError)
{
if (state() == State::Canceling || state() == State::Completed || (!m_client && !isDownload()))
return;
+ if (resourceError.isSSLCertVerificationError()) {
+ tryServerTrustEvaluation(AuthenticationChallenge(request.resourceRequest().url(), request.certificateInfo(), resourceError));
+ return;
+ }
+
m_client->didCompleteWithError(resourceError);
}
@@ -398,6 +403,23 @@
});
}
+void NetworkDataTaskCurl::tryServerTrustEvaluation(AuthenticationChallenge&& challenge)
+{
+ m_client->didReceiveChallenge(AuthenticationChallenge(challenge), [this, protectedThis = makeRef(*this), challenge](AuthenticationChallengeDisposition disposition, const Credential& credential) {
+ if (m_state == State::Canceling || m_state == State::Completed)
+ return;
+
+ if (disposition == AuthenticationChallengeDisposition::UseCredential && !credential.isEmpty()) {
+ auto requestCredential = m_curlRequest ? Credential(m_curlRequest->user(), m_curlRequest->password(), CredentialPersistenceNone) : Credential();
+ restartWithCredential(challenge.protectionSpace(), requestCredential);
+ return;
+ }
+
+ cancel();
+ m_client->didCompleteWithError(challenge.error());
+ });
+}
+
void NetworkDataTaskCurl::restartWithCredential(const ProtectionSpace& protectionSpace, const Credential& credential)
{
ASSERT(m_curlRequest);
@@ -408,6 +430,8 @@
m_curlRequest = createCurlRequest(WTFMove(previousRequest), RequestStatus::ReusedRequest);
m_curlRequest->setAuthenticationScheme(protectionSpace.authenticationScheme());
m_curlRequest->setUserPass(credential.user(), credential.password());
+ if (protectionSpace.authenticationScheme() == ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested)
+ m_curlRequest->disableServerTrustEvaluation();
m_curlRequest->setStartTime(m_startTime);
m_curlRequest->start();
Modified: trunk/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.h (243653 => 243654)
--- trunk/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.h 2019-03-29 18:39:51 UTC (rev 243653)
+++ trunk/Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.h 2019-03-29 19:03:16 UTC (rev 243654)
@@ -78,6 +78,8 @@
void tryProxyAuthentication(WebCore::AuthenticationChallenge&&);
void restartWithCredential(const WebCore::ProtectionSpace&, const WebCore::Credential&);
+ void tryServerTrustEvaluation(WebCore::AuthenticationChallenge&&);
+
void appendCookieHeader(WebCore::ResourceRequest&);
void handleCookieHeaders(const WebCore::ResourceRequest&, const WebCore::CurlResponse&);
Modified: trunk/Tools/ChangeLog (243653 => 243654)
--- trunk/Tools/ChangeLog 2019-03-29 18:39:51 UTC (rev 243653)
+++ trunk/Tools/ChangeLog 2019-03-29 19:03:16 UTC (rev 243654)
@@ -1,3 +1,24 @@
+2019-03-29 Takashi Komori <takashi.kom...@sony.com>
+
+ [Curl] Add Server Trust Evaluation Support.
+ https://bugs.webkit.org/show_bug.cgi?id=191646
+
+ Reviewed by Fujii Hironori.
+
+ Implemented MiniBrowser UI for asking if user trusts the server.
+
+ * MiniBrowser/win/Common.cpp:
+ (askServerTrustEvaluation):
+ (replaceString):
+ * MiniBrowser/win/Common.h:
+ * MiniBrowser/win/MiniBrowserLib.rc:
+ * MiniBrowser/win/MiniBrowserLibResource.h:
+ * MiniBrowser/win/WebKitBrowserWindow.cpp:
+ (createPEMString):
+ (WebKitBrowserWindow::didReceiveAuthenticationChallenge):
+ (WebKitBrowserWindow::canTrustServerCertificate):
+ * MiniBrowser/win/WebKitBrowserWindow.h:
+
2019-03-29 Cathie Chen <cathiec...@igalia.com>
Implement ResizeObserver.
Modified: trunk/Tools/MiniBrowser/win/Common.cpp (243653 => 243654)
--- trunk/Tools/MiniBrowser/win/Common.cpp 2019-03-29 18:39:51 UTC (rev 243653)
+++ trunk/Tools/MiniBrowser/win/Common.cpp 2019-03-29 19:03:16 UTC (rev 243654)
@@ -231,6 +231,34 @@
return WTF::nullopt;
}
+bool askServerTrustEvaluation(HWND hwnd, const std::wstring& pems)
+{
+ class ServerTrustEvaluationDialog : public Dialog {
+ public:
+ ServerTrustEvaluationDialog(const std::wstring& pems)
+ : m_pems { pems }
+ {
+ SendMessage(GetDlgItem(this->hDlg(), IDC_SERVER_TRUST_TEXT), WM_SETFONT, (WPARAM)GetStockObject(ANSI_FIXED_FONT), TRUE);
+ }
+
+ protected:
+ std::wstring m_pems;
+
+ void setup()
+ {
+ setText(IDC_SERVER_TRUST_TEXT, m_pems);
+ }
+
+ void ok() final
+ {
+
+ }
+ };
+
+ ServerTrustEvaluationDialog dialog { pems };
+ return dialog.run(hInst, hwnd, IDD_SERVER_TRUST);
+}
+
CommandLineOptions parseCommandLine()
{
CommandLineOptions options;
@@ -256,3 +284,17 @@
return options;
}
+
+std::wstring replaceString(std::wstring src, const std::wstring& oldValue, const std::wstring& newValue)
+{
+ if (src.empty() || oldValue.empty())
+ return src;
+
+ size_t pos = 0;
+ while ((pos = src.find(oldValue, pos)) != src.npos) {
+ src.replace(pos, oldValue.length(), newValue);
+ pos += newValue.length();
+ }
+
+ return src;
+}
Modified: trunk/Tools/MiniBrowser/win/Common.h (243653 => 243654)
--- trunk/Tools/MiniBrowser/win/Common.h 2019-03-29 18:39:51 UTC (rev 243653)
+++ trunk/Tools/MiniBrowser/win/Common.h 2019-03-29 19:03:16 UTC (rev 243654)
@@ -70,6 +70,9 @@
Optional<Credential> askCredential(HWND, const std::wstring& realm);
bool askProxySettings(HWND, ProxySettings&);
+bool askServerTrustEvaluation(HWND, const std::wstring& pems);
+std::wstring replaceString(std::wstring src, const std::wstring& oldValue, const std::wstring& newValue);
+
extern HINSTANCE hInst;
extern POINT s_windowPosition;
extern SIZE s_windowSize;
Modified: trunk/Tools/MiniBrowser/win/MiniBrowserLib.rc (243653 => 243654)
--- trunk/Tools/MiniBrowser/win/MiniBrowserLib.rc 2019-03-29 18:39:51 UTC (rev 243653)
+++ trunk/Tools/MiniBrowser/win/MiniBrowserLib.rc 2019-03-29 19:03:16 UTC (rev 243654)
@@ -280,7 +280,18 @@
LTEXT "Comma separated hostnames.",IDC_STATIC,80,101,194,8
END
+IDD_SERVER_TRUST DIALOGEX 0, 0, 319, 184
+STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "Server Trust Evaluation Request"
+FONT 8, "MS Shell Dlg", 400, 0, 0x1
+BEGIN
+ DEFPUSHBUTTON "Yes",IDOK,197,163,50,14
+ PUSHBUTTON "No",IDCANCEL,262,163,50,14
+ LTEXT "Certificate information",IDC_STATIC,7,7,294,17
+ EDITTEXT IDC_SERVER_TRUST_TEXT,7,24,305,130,ES_MULTILINE | ES_READONLY | WS_VSCROLL | WS_HSCROLL | NOT WS_TABSTOP
+END
+
#ifdef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
@@ -357,6 +368,14 @@
TOPMARGIN, 7
BOTTOMMARGIN, 169
END
+
+ IDD_SERVER_TRUST, DIALOG
+ BEGIN
+ LEFTMARGIN, 7
+ RIGHTMARGIN, 312
+ TOPMARGIN, 7
+ BOTTOMMARGIN, 177
+ END
END
#endif // APSTUDIO_INVOKED
Modified: trunk/Tools/MiniBrowser/win/MiniBrowserLibResource.h (243653 => 243654)
--- trunk/Tools/MiniBrowser/win/MiniBrowserLibResource.h 2019-03-29 18:39:51 UTC (rev 243653)
+++ trunk/Tools/MiniBrowser/win/MiniBrowserLibResource.h 2019-03-29 19:03:16 UTC (rev 243654)
@@ -57,6 +57,7 @@
#define IDD_AUTH 176
#define IDM_DEBUG_INFO_LAYER 177
#define IDD_PROXY 178
+#define IDD_SERVER_TRUST 179
#define IDC_EMPTY_URL_CACHE 1000
#define IDC_RETURN_FREE_MEMORY 1001
#define IDC_EMPTY_WEBCORE_CACHE 1002
@@ -118,6 +119,7 @@
#define IDC_PROXY_CUSTOM 1059
#define IDC_PROXY_EXCLUDE 1060
#define IDC_PROXY_DISABLE 1061
+#define IDC_SERVER_TRUST_TEXT 1062
#define IDM_NEW_WEBKIT_WINDOW 32776
#define IDM_NEW_WEBKITLEGACY_WINDOW 32777
#define IDM_PROXY_SETTINGS 32778
@@ -124,13 +126,13 @@
#define IDC_STATIC -1
// Next default values for new objects
-//
+//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NO_MFC 1
-#define _APS_NEXT_RESOURCE_VALUE 179
+#define _APS_NEXT_RESOURCE_VALUE 180
#define _APS_NEXT_COMMAND_VALUE 32779
-#define _APS_NEXT_CONTROL_VALUE 1062
+#define _APS_NEXT_CONTROL_VALUE 1063
#define _APS_NEXT_SYMED_VALUE 110
#endif
#endif
Modified: trunk/Tools/MiniBrowser/win/WebKitBrowserWindow.cpp (243653 => 243654)
--- trunk/Tools/MiniBrowser/win/WebKitBrowserWindow.cpp 2019-03-29 18:39:51 UTC (rev 243653)
+++ trunk/Tools/MiniBrowser/win/WebKitBrowserWindow.cpp 2019-03-29 19:03:16 UTC (rev 243654)
@@ -29,9 +29,11 @@
#include "common.h"
#include <WebKit/WKAuthenticationChallenge.h>
#include <WebKit/WKAuthenticationDecisionListener.h>
+#include <WebKit/WKCertificateInfoCurl.h>
#include <WebKit/WKCredential.h>
#include <WebKit/WKInspector.h>
#include <WebKit/WKProtectionSpace.h>
+#include <WebKit/WKProtectionSpaceCurl.h>
#include <WebKit/WKWebsiteDataStoreRefCurl.h>
#include <vector>
@@ -58,6 +60,25 @@
return { buffer.data(), actualLength };
}
+std::wstring createPEMString(WKProtectionSpaceRef protectionSpace)
+{
+ auto certificateInfo = WKProtectionSpaceCopyCertificateInfo(protectionSpace);
+ auto chainSize = WKCertificateInfoGetCertificateChainSize(certificateInfo);
+
+ std::wstring pems;
+
+ for (auto i = 0; i < chainSize; i++) {
+ auto certificate = adoptWK(WKCertificateInfoCopyCertificateAtIndex(certificateInfo, i));
+ auto size = WKDataGetSize(certificate.get());
+ auto data = ""
+
+ for (size_t i = 0; i < size; i++)
+ pems.push_back(data[i]);
+ }
+
+ return replaceString(pems, L"\n", L"\r\n");
+}
+
WKRetainPtr<WKStringRef> createWKString(_bstr_t str)
{
auto utf8 = createUTF8String(str, str.length());
@@ -286,19 +307,48 @@
auto& thisWindow = toWebKitBrowserWindow(clientInfo);
auto protectionSpace = WKAuthenticationChallengeGetProtectionSpace(challenge);
auto decisionListener = WKAuthenticationChallengeGetDecisionListener(challenge);
+ auto authenticationScheme = WKProtectionSpaceGetAuthenticationScheme(protectionSpace);
- WKRetainPtr<WKStringRef> realm(WKProtectionSpaceCopyRealm(protectionSpace));
- if (auto credential = askCredential(thisWindow.hwnd(), createString(realm.get()))) {
- WKRetainPtr<WKStringRef> username = createWKString(credential->username);
- WKRetainPtr<WKStringRef> password = createWKString(credential->password);
- WKRetainPtr<WKCredentialRef> wkCredential(AdoptWK, WKCredentialCreate(username.get(), password.get(), kWKCredentialPersistenceForSession));
- WKAuthenticationDecisionListenerUseCredential(decisionListener, wkCredential.get());
- return;
+ if (authenticationScheme == kWKProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
+ if (thisWindow.canTrustServerCertificate(protectionSpace)) {
+ WKRetainPtr<WKStringRef> username = createWKString("accept server trust");
+ WKRetainPtr<WKStringRef> password = createWKString("");
+ WKRetainPtr<WKCredentialRef> wkCredential(AdoptWK, WKCredentialCreate(username.get(), password.get(), kWKCredentialPersistenceForSession));
+ WKAuthenticationDecisionListenerUseCredential(decisionListener, wkCredential.get());
+ return;
+ }
+ } else {
+ WKRetainPtr<WKStringRef> realm(WKProtectionSpaceCopyRealm(protectionSpace));
+
+ if (auto credential = askCredential(thisWindow.hwnd(), createString(realm.get()))) {
+ WKRetainPtr<WKStringRef> username = createWKString(credential->username);
+ WKRetainPtr<WKStringRef> password = createWKString(credential->password);
+ WKRetainPtr<WKCredentialRef> wkCredential(AdoptWK, WKCredentialCreate(username.get(), password.get(), kWKCredentialPersistenceForSession));
+ WKAuthenticationDecisionListenerUseCredential(decisionListener, wkCredential.get());
+ return;
+ }
}
WKAuthenticationDecisionListenerUseCredential(decisionListener, nullptr);
}
+bool WebKitBrowserWindow::canTrustServerCertificate(WKProtectionSpaceRef protectionSpace)
+{
+ auto host = createString(adoptWK(WKProtectionSpaceCopyHost(protectionSpace)).get());
+ auto pem = createPEMString(protectionSpace);
+
+ auto it = m_acceptedServerTrustCerts.find(host);
+ if (it != m_acceptedServerTrustCerts.end() && it->second == pem)
+ return true;
+
+ if (askServerTrustEvaluation(hwnd(), pem)) {
+ m_acceptedServerTrustCerts.emplace(host, pem);
+ return true;
+ }
+
+ return false;
+}
+
WKPageRef WebKitBrowserWindow::createNewPage(WKPageRef page, WKPageConfigurationRef configuration, WKNavigationActionRef navigationAction, WKWindowFeaturesRef windowFeatures, const void *clientInfo)
{
auto& newWindow = MainWindow::create().leakRef();
Modified: trunk/Tools/MiniBrowser/win/WebKitBrowserWindow.h (243653 => 243654)
--- trunk/Tools/MiniBrowser/win/WebKitBrowserWindow.h 2019-03-29 18:39:51 UTC (rev 243653)
+++ trunk/Tools/MiniBrowser/win/WebKitBrowserWindow.h 2019-03-29 19:03:16 UTC (rev 243654)
@@ -28,6 +28,7 @@
#include "Common.h"
#include <WebKit/WKRetainPtr.h>
#include <WebKit/WebKit2_C.h>
+#include <unordered_map>
class WebKitBrowserWindow : public BrowserWindow {
public:
@@ -61,6 +62,8 @@
void updateProxySettings();
+ bool canTrustServerCertificate(WKProtectionSpaceRef);
+
static void didFinishNavigation(WKPageRef, WKNavigationRef, WKTypeRef, const void*);
static void didCommitNavigation(WKPageRef, WKNavigationRef, WKTypeRef, const void*);
static void didReceiveAuthenticationChallenge(WKPageRef, WKAuthenticationChallengeRef, const void*);
@@ -70,4 +73,5 @@
HWND m_hMainWnd { nullptr };
HWND m_urlBarWnd { nullptr };
ProxySettings m_proxy { };
+ std::unordered_map<std::wstring, std::wstring> m_acceptedServerTrustCerts;
};
