Diff
Modified: trunk/Source/WTF/ChangeLog (278589 => 278590)
--- trunk/Source/WTF/ChangeLog 2021-06-08 01:53:46 UTC (rev 278589)
+++ trunk/Source/WTF/ChangeLog 2021-06-08 02:25:49 UTC (rev 278590)
@@ -1,3 +1,14 @@
+2021-06-07 Alex Christensen <[email protected]>
+
+ Adopt SecTrustGetCertificateAtIndex replacement where available
+ https://bugs.webkit.org/show_bug.cgi?id=225893
+
+ Reviewed by Chris Dumez.
+
+ rdar://74752046 introduced a new way to access the same thing.
+
+ * wtf/PlatformHave.h:
+
2021-06-07 Chris Dumez <[email protected]>
Drop legacy MainThreadTaskQueue & EventLoopTaskQueue classes
Modified: trunk/Source/WTF/wtf/PlatformHave.h (278589 => 278590)
--- trunk/Source/WTF/wtf/PlatformHave.h 2021-06-08 01:53:46 UTC (rev 278589)
+++ trunk/Source/WTF/wtf/PlatformHave.h 2021-06-08 02:25:49 UTC (rev 278590)
@@ -804,6 +804,7 @@
|| (PLATFORM(WATCHOS) && __WATCH_OS_VERSION_MIN_REQUIRED >= 80000) \
|| (PLATFORM(APPLETV) && __TV_OS_VERSION_MIN_REQUIRED >= 150000)
#define HAVE_NETWORK_LOADER 1
+#define HAVE_SEC_TRUST_COPY_CERTIFICATE_CHAIN 1
#endif
#if PLATFORM(MACCATALYST) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 140000
Modified: trunk/Source/WebCore/ChangeLog (278589 => 278590)
--- trunk/Source/WebCore/ChangeLog 2021-06-08 01:53:46 UTC (rev 278589)
+++ trunk/Source/WebCore/ChangeLog 2021-06-08 02:25:49 UTC (rev 278590)
@@ -1,3 +1,17 @@
+2021-06-07 Alex Christensen <[email protected]>
+
+ Adopt SecTrustGetCertificateAtIndex replacement where available
+ https://bugs.webkit.org/show_bug.cgi?id=225893
+
+ Reviewed by Chris Dumez.
+
+ * platform/network/cf/CertificateInfoCFNet.cpp:
+ (WebCore::certificatesMatch):
+ (WebCore::CertificateInfo::certificateChainFromSecTrust):
+ (WebCore::CertificateInfo::containsNonRootSHA1SignedCertificate const):
+ * platform/network/cocoa/CertificateInfoCocoa.mm:
+ (WebCore::CertificateInfo::dump const):
+
2021-06-07 Alexey Shvayka <[email protected]>
Unreviewed, reland r276592 with a fix for put() override in prototype chain of a JSProxy
Modified: trunk/Source/WebCore/platform/network/cf/CertificateInfoCFNet.cpp (278589 => 278590)
--- trunk/Source/WebCore/platform/network/cf/CertificateInfoCFNet.cpp 2021-06-08 01:53:46 UTC (rev 278589)
+++ trunk/Source/WebCore/platform/network/cf/CertificateInfoCFNet.cpp 2021-06-08 02:25:49 UTC (rev 278590)
@@ -38,6 +38,11 @@
if (!trust1 || !trust2)
return false;
+#if HAVE(SEC_TRUST_COPY_CERTIFICATE_CHAIN)
+ auto chain1 = adoptCF(SecTrustCopyCertificateChain(trust1));
+ auto chain2 = adoptCF(SecTrustCopyCertificateChain(trust2));
+#endif
+
CFIndex count1 = SecTrustGetCertificateCount(trust1);
CFIndex count2 = SecTrustGetCertificateCount(trust2);
if (count1 != count2)
@@ -44,11 +49,13 @@
return false;
for (CFIndex i = 0; i < count1; i++) {
- // FIXME: Adopt replacement where available.
- ALLOW_DEPRECATED_DECLARATIONS_BEGIN
+#if HAVE(SEC_TRUST_COPY_CERTIFICATE_CHAIN)
+ auto cert1 = CFArrayGetValueAtIndex(chain1.get(), i);
+ auto cert2 = CFArrayGetValueAtIndex(chain2.get(), i);
+#else
auto cert1 = SecTrustGetCertificateAtIndex(trust1, i);
auto cert2 = SecTrustGetCertificateAtIndex(trust2, i);
- ALLOW_DEPRECATED_DECLARATIONS_END
+#endif
RELEASE_ASSERT(cert1);
RELEASE_ASSERT(cert2);
if (!CFEqual(cert1, cert2))
@@ -60,14 +67,15 @@
RetainPtr<CFArrayRef> CertificateInfo::certificateChainFromSecTrust(SecTrustRef trust)
{
+#if HAVE(SEC_TRUST_COPY_CERTIFICATE_CHAIN)
+ return adoptCF(SecTrustCopyCertificateChain(trust));
+#else
auto count = SecTrustGetCertificateCount(trust);
auto certificateChain = adoptCF(CFArrayCreateMutable(0, count, &kCFTypeArrayCallBacks));
- // FIXME: Adopt replacement where available.
- ALLOW_DEPRECATED_DECLARATIONS_BEGIN
for (CFIndex i = 0; i < count; i++)
CFArrayAppendValue(certificateChain.get(), SecTrustGetCertificateAtIndex(trust, i));
- ALLOW_DEPRECATED_DECLARATIONS_END
return certificateChain;
+#endif
}
#endif
@@ -99,12 +107,16 @@
{
#if HAVE(SEC_TRUST_SERIALIZATION)
if (m_trust) {
+#if HAVE(SEC_TRUST_COPY_CERTIFICATE_CHAIN)
+ auto chain = adoptCF(SecTrustCopyCertificateChain(trust()));
+#endif
// Allow only the root certificate (the last in the chain) to be SHA1.
for (CFIndex i = 0, size = SecTrustGetCertificateCount(trust()) - 1; i < size; ++i) {
- // FIXME: Adopt replacement where available.
- ALLOW_DEPRECATED_DECLARATIONS_BEGIN
+#if HAVE(SEC_TRUST_COPY_CERTIFICATE_CHAIN)
+ auto certificate = checked_cf_cast<SecCertificateRef>(CFArrayGetValueAtIndex(chain.get(), i));
+#else
auto certificate = SecTrustGetCertificateAtIndex(trust(), i);
- ALLOW_DEPRECATED_DECLARATIONS_END
+#endif
if (SecCertificateGetSignatureHashAlgorithm(certificate) == kSecSignatureHashAlgorithmSHA1)
return true;
}
@@ -111,7 +123,7 @@
return false;
}
-#endif
+#endif // HAVE(SEC_TRUST_SERIALIZATION)
#if PLATFORM(COCOA)
if (m_certificateChain) {
Modified: trunk/Source/WebCore/platform/network/cocoa/CertificateInfoCocoa.mm (278589 => 278590)
--- trunk/Source/WebCore/platform/network/cocoa/CertificateInfoCocoa.mm 2021-06-08 01:53:46 UTC (rev 278589)
+++ trunk/Source/WebCore/platform/network/cocoa/CertificateInfoCocoa.mm 2021-06-08 02:25:49 UTC (rev 278590)
@@ -37,11 +37,15 @@
NSLog(@"CertificateInfo SecTrust\n");
NSLog(@" Entries: %ld\n", entries);
+#if HAVE(SEC_TRUST_COPY_CERTIFICATE_CHAIN)
+ auto chain = adoptCF(SecTrustCopyCertificateChain(trust()));
+#endif
for (CFIndex i = 0; i < entries; ++i) {
- // FIXME: Adopt replacement where available.
- ALLOW_DEPRECATED_DECLARATIONS_BEGIN
+#if HAVE(SEC_TRUST_COPY_CERTIFICATE_CHAIN)
+ RetainPtr<CFStringRef> summary = adoptCF(SecCertificateCopySubjectSummary(checked_cf_cast<SecCertificateRef>(CFArrayGetValueAtIndex(chain.get(), i))));
+#else
RetainPtr<CFStringRef> summary = adoptCF(SecCertificateCopySubjectSummary(SecTrustGetCertificateAtIndex(trust(), i)));
- ALLOW_DEPRECATED_DECLARATIONS_END
+#endif
NSLog(@" %@", (__bridge NSString *)summary.get());
}
Modified: trunk/Source/WebKit/ChangeLog (278589 => 278590)
--- trunk/Source/WebKit/ChangeLog 2021-06-08 01:53:46 UTC (rev 278589)
+++ trunk/Source/WebKit/ChangeLog 2021-06-08 02:25:49 UTC (rev 278590)
@@ -1,3 +1,17 @@
+2021-06-07 Alex Christensen <[email protected]>
+
+ Adopt SecTrustGetCertificateAtIndex replacement where available
+ https://bugs.webkit.org/show_bug.cgi?id=225893
+
+ Reviewed by Chris Dumez.
+
+ * Shared/mac/WebCoreArgumentCodersMac.mm:
+ (IPC::encodeNSError):
+ * UIProcess/Authentication/mac/WebCredentialMac.mm:
+ (WebKit::leafCertificate):
+ (WebKit::chain):
+ (WebKit::WebCredential::WebCredential):
+
2021-06-07 Alexey Shvayka <[email protected]>
Unreviewed, reland r276592 with a fix for put() override in prototype chain of a JSProxy
Modified: trunk/Source/WebKit/Shared/mac/WebCoreArgumentCodersMac.mm (278589 => 278590)
--- trunk/Source/WebKit/Shared/mac/WebCoreArgumentCodersMac.mm 2021-06-08 01:53:46 UTC (rev 278589)
+++ trunk/Source/WebKit/Shared/mac/WebCoreArgumentCodersMac.mm 2021-06-08 02:25:49 UTC (rev 278590)
@@ -148,13 +148,14 @@
id peerCertificateChain = [userInfo objectForKey:@"NSErrorPeerCertificateChainKey"];
if (!peerCertificateChain) {
if (SecTrustRef peerTrust = (__bridge SecTrustRef)[userInfo objectForKey:NSURLErrorFailingURLPeerTrustErrorKey]) {
+#if HAVE(SEC_TRUST_COPY_CERTIFICATE_CHAIN)
+ peerCertificateChain = (__bridge NSArray *)adoptCF(SecTrustCopyCertificateChain(peerTrust)).autorelease();
+#else
CFIndex count = SecTrustGetCertificateCount(peerTrust);
peerCertificateChain = [NSMutableArray arrayWithCapacity:count];
- // FIXME: Adopt replacement where available.
- ALLOW_DEPRECATED_DECLARATIONS_BEGIN
for (CFIndex i = 0; i < count; ++i)
[peerCertificateChain addObject:(__bridge id)SecTrustGetCertificateAtIndex(peerTrust, i)];
- ALLOW_DEPRECATED_DECLARATIONS_END
+#endif
}
}
ASSERT(!peerCertificateChain || [peerCertificateChain isKindOfClass:[NSArray class]]);
Modified: trunk/Source/WebKit/UIProcess/Authentication/mac/WebCredentialMac.mm (278589 => 278590)
--- trunk/Source/WebKit/UIProcess/Authentication/mac/WebCredentialMac.mm 2021-06-08 01:53:46 UTC (rev 278589)
+++ trunk/Source/WebKit/UIProcess/Authentication/mac/WebCredentialMac.mm 2021-06-08 02:25:49 UTC (rev 278590)
@@ -36,15 +36,19 @@
namespace WebKit {
using namespace WebCore;
-static SecCertificateRef leafCertificate(const CertificateInfo& certificateInfo)
+static RetainPtr<SecCertificateRef> leafCertificate(const CertificateInfo& certificateInfo)
{
#if HAVE(SEC_TRUST_SERIALIZATION)
- // FIXME: Adopt replacement where available.
- ALLOW_DEPRECATED_DECLARATIONS_BEGIN
+
+#if HAVE(SEC_TRUST_COPY_CERTIFICATE_CHAIN)
if (certificateInfo.type() == CertificateInfo::Type::Trust)
+ return checked_cf_cast<SecCertificateRef>(CFArrayGetValueAtIndex(adoptCF(SecTrustCopyCertificateChain(certificateInfo.trust())).get(), 0));
+#else
+ if (certificateInfo.type() == CertificateInfo::Type::Trust)
return SecTrustGetCertificateAtIndex(certificateInfo.trust(), 0);
- ALLOW_DEPRECATED_DECLARATIONS_END
-#endif
+#endif // HAVE(SEC_TRUST_COPY_CERTIFICATE_CHAIN)
+
+#endif // HAVE(SEC_TRUST_SERIALIZATION)
ASSERT(certificateInfo.type() == CertificateInfo::Type::CertificateChain);
ASSERT(CFArrayGetCount(certificateInfo.certificateChain()));
return checked_cf_cast<SecCertificateRef>(CFArrayGetValueAtIndex(certificateInfo.certificateChain(), 0));
@@ -58,16 +62,17 @@
if (count < 2)
return nil;
+#if HAVE(SEC_TRUST_COPY_CERTIFICATE_CHAIN)
+ return (__bridge NSArray *)adoptCF(SecTrustCopyCertificateChain(certificateInfo.trust())).autorelease();
+#else
NSMutableArray *array = [NSMutableArray array];
- // FIXME: Adopt replacement where available.
- ALLOW_DEPRECATED_DECLARATIONS_BEGIN
for (CFIndex i = 1; i < count; ++i)
[array addObject:(id)SecTrustGetCertificateAtIndex(certificateInfo.trust(), i)];
- ALLOW_DEPRECATED_DECLARATIONS_END
return array;
+#endif // HAVE(SEC_TRUST_COPY_CERTIFICATE_CHAIN)
}
-#endif
+#endif // HAVE(SEC_TRUST_SERIALIZATION)
ASSERT(certificateInfo.type() == CertificateInfo::Type::CertificateChain);
CFIndex chainCount = CFArrayGetCount(certificateInfo.certificateChain());
return chainCount > 1 ? [(__bridge NSArray *)certificateInfo.certificateChain() subarrayWithRange:NSMakeRange(1, chainCount - 1)] : nil;
@@ -80,7 +85,7 @@
// The passed-in certificate chain includes the identity certificate at index 0, and additional certificates starting at index 1.
SecIdentityRef identity;
- OSStatus result = SecIdentityCreateWithCertificate(NULL, leafCertificate(certificateInfo->certificateInfo()), &identity);
+ OSStatus result = SecIdentityCreateWithCertificate(NULL, leafCertificate(certificateInfo->certificateInfo()).get(), &identity);
if (result != errSecSuccess) {
LOG_ERROR("Unable to create SecIdentityRef with certificate - %i", result);
return;
Modified: trunk/Tools/ChangeLog (278589 => 278590)
--- trunk/Tools/ChangeLog 2021-06-08 01:53:46 UTC (rev 278589)
+++ trunk/Tools/ChangeLog 2021-06-08 02:25:49 UTC (rev 278590)
@@ -1,3 +1,14 @@
+2021-06-07 Alex Christensen <[email protected]>
+
+ Adopt SecTrustGetCertificateAtIndex replacement where available
+ https://bugs.webkit.org/show_bug.cgi?id=225893
+
+ Reviewed by Chris Dumez.
+
+ * TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm:
+ (verifyCertificateAndPublicKey):
+ * TestWebKitAPI/Tests/WebKitCocoa/ServiceWorkerBasic.mm:
+
2021-06-07 Wenson Hsieh <[email protected]>
Upstream WebKit support for Live Text
Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm (278589 => 278590)
--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm 2021-06-08 01:53:46 UTC (rev 278589)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm 2021-06-08 02:25:49 UTC (rev 278590)
@@ -424,10 +424,12 @@
});
EXPECT_EQ(1, SecTrustGetCertificateCount(trust));
- // FIXME: Adopt replacement where available.
- ALLOW_DEPRECATED_DECLARATIONS_BEGIN
+
+#if HAVE(SEC_TRUST_COPY_CERTIFICATE_CHAIN)
+ auto certificate = adoptCF(CFArrayGetValueAtIndex(adoptCF(SecTrustCopyCertificateChain(trust)).get(), 0));
+#else
auto certificate = adoptCF(SecCertificateCopyData(SecTrustGetCertificateAtIndex(trust, 0)));
- ALLOW_DEPRECATED_DECLARATIONS_END
+#endif
compareData(certificate, {
0x30, 0x82, 0x02, 0x58, 0x30, 0x82, 0x01, 0xc1, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
0xfb, 0xb0, 0x4c, 0x2e, 0xab, 0x10, 0x9b, 0x0c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/ServiceWorkerBasic.mm (278589 => 278590)
--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/ServiceWorkerBasic.mm 2021-06-08 01:53:46 UTC (rev 278589)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/ServiceWorkerBasic.mm 2021-06-08 02:25:49 UTC (rev 278590)
@@ -32,6 +32,7 @@
#import "TestNavigationDelegate.h"
#import "TestUIDelegate.h"
#import "TestWKWebView.h"
+#import <WebCore/CertificateInfo.h>
#import <WebKit/WKPreferencesPrivate.h>
#import <WebKit/WKProcessPoolPrivate.h>
#import <WebKit/WKURLSchemeHandler.h>
@@ -2112,11 +2113,16 @@
return false;
if (SecTrustGetCertificateCount(trust) != 1)
return false;
- // FIXME: Adopt replacement where available.
- ALLOW_DEPRECATED_DECLARATIONS_BEGIN
- if (![adoptNS((NSString *)SecCertificateCopySubjectSummary(SecTrustGetCertificateAtIndex(trust, 0))) isEqualToString:@"Me"])
+
+#if HAVE(SEC_TRUST_COPY_CERTIFICATE_CHAIN)
+ auto chain = adoptCF(SecTrustCopyCertificateChain(trust));
+ auto certificate = checked_cf_cast<SecCertificateRef>(CFArrayGetValueAtIndex(chain.get(), 0));
+#else
+ auto certificate = SecTrustGetCertificateAtIndex(trust, 0);
+#endif
+ if (![adoptNS((NSString *)SecCertificateCopySubjectSummary(certificate)) isEqualToString:@"Me"])
return false;
- ALLOW_DEPRECATED_DECLARATIONS_END
+
return true;
}
