WebKit Bugzilla
Attachment 369609 Details for
Bug 197800
: Add a unit test for client certificate authentication
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-197800-20190510160245.patch (text/plain), 42.07 KB, created by
Alex Christensen
on 2019-05-10 16:02:46 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Alex Christensen
Created:
2019-05-10 16:02:46 PDT
Size:
42.07 KB
patch
obsolete
>Index: Source/WTF/ChangeLog >=================================================================== >--- Source/WTF/ChangeLog (revision 245172) >+++ Source/WTF/ChangeLog (working copy) >@@ -1,3 +1,13 @@ >+2019-05-10 Alex Christensen <achristensen@webkit.org> >+ >+ Add a unit test for client certificate authentication >+ https://bugs.webkit.org/show_bug.cgi?id=197800 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * wtf/spi/cocoa/SecuritySPI.h: >+ Move declarations from ArgumentCodersCF.cpp so they can be shared. >+ > 2019-05-08 Zan Dobersek <zdobersek@igalia.com> > > [GLib] Rework WPE RunLoopSourcePriority values >Index: Source/WTF/wtf/spi/cocoa/SecuritySPI.h >=================================================================== >--- Source/WTF/wtf/spi/cocoa/SecuritySPI.h (revision 245172) >+++ Source/WTF/wtf/spi/cocoa/SecuritySPI.h (working copy) >@@ -27,7 +27,10 @@ > > #if USE(APPLE_INTERNAL_SDK) > >+#include <Security/SecAccessControlPriv.h> > #include <Security/SecCertificatePriv.h> >+#include <Security/SecIdentityPriv.h> >+#include <Security/SecKeyPriv.h> > #include <Security/SecTask.h> > #include <Security/SecTrustPriv.h> > >@@ -60,14 +63,21 @@ WTF_EXTERN_C_END > > #endif > >-typedef struct __SecTask *SecTaskRef; >-typedef struct __SecTrust *SecTrustRef; >+typedef struct __SecKey* SecKeyRef; >+typedef struct __SecTask* SecTaskRef; >+typedef struct __SecTrust* SecTrustRef; >+typedef struct __SecIdentity* SecIdentityRef; >+typedef struct __SecCertificate* SecCertificateRef; > > WTF_EXTERN_C_BEGIN > > SecTaskRef SecTaskCreateWithAuditToken(CFAllocatorRef, audit_token_t); > SecTaskRef SecTaskCreateFromSelf(CFAllocatorRef); >-CFTypeRef SecTaskCopyValueForEntitlement(SecTaskRef, CFStringRef entitlement, CFErrorRef *); >+CFTypeRef SecTaskCopyValueForEntitlement(SecTaskRef, CFStringRef entitlement, CFErrorRef*); >+SecIdentityRef SecIdentityCreate(CFAllocatorRef, SecCertificateRef, SecKeyRef); >+OSStatus SecKeyFindWithPersistentRef(CFDataRef persistentRef, SecKeyRef* lookedUpData); >+SecAccessControlRef SecAccessControlCreateFromData(CFAllocatorRef, CFDataRef, CFErrorRef*); >+CFDataRef SecAccessControlCopyData(SecAccessControlRef); > > #if PLATFORM(MAC) > #include <Security/SecAsn1Types.h> >Index: Source/WebKit/ChangeLog >=================================================================== >--- Source/WebKit/ChangeLog (revision 245172) >+++ Source/WebKit/ChangeLog (working copy) >@@ -1,3 +1,13 @@ >+2019-05-10 Alex Christensen <achristensen@webkit.org> >+ >+ Add a unit test for client certificate authentication >+ https://bugs.webkit.org/show_bug.cgi?id=197800 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * Shared/cf/ArgumentCodersCF.cpp: >+ Move SPI declarations to SecuritySPI.h. >+ > 2019-05-09 Rob Buis <rbuis@igalia.com> > > Limit number of prefetches of a given page >Index: Source/WebKit/Shared/cf/ArgumentCodersCF.cpp >=================================================================== >--- Source/WebKit/Shared/cf/ArgumentCodersCF.cpp (revision 245172) >+++ Source/WebKit/Shared/cf/ArgumentCodersCF.cpp (working copy) >@@ -41,29 +41,6 @@ > #import <Foundation/Foundation.h> > #endif > >-#if USE(APPLE_INTERNAL_SDK) >-#include <Security/SecIdentityPriv.h> >-#endif >- >-extern "C" SecIdentityRef SecIdentityCreate(CFAllocatorRef allocator, SecCertificateRef certificate, SecKeyRef privateKey); >- >-#if PLATFORM(IOS_FAMILY) >-#if USE(APPLE_INTERNAL_SDK) >-#include <Security/SecKeyPriv.h> >-#endif >- >-extern "C" OSStatus SecKeyFindWithPersistentRef(CFDataRef persistentRef, SecKeyRef* lookedUpData); >-#endif >- >-#if HAVE(SEC_ACCESS_CONTROL) >-#if USE(APPLE_INTERNAL_SDK) >-#include <Security/SecAccessControlPriv.h> >-#endif >- >-extern "C" SecAccessControlRef SecAccessControlCreateFromData(CFAllocatorRef allocator, CFDataRef data, CFErrorRef *error); >-extern "C" CFDataRef SecAccessControlCopyData(SecAccessControlRef access_control); >-#endif >- > namespace IPC { > using namespace WebCore; > >Index: Tools/ChangeLog >=================================================================== >--- Tools/ChangeLog (revision 245197) >+++ Tools/ChangeLog (working copy) >@@ -1,3 +1,42 @@ >+2019-05-10 Alex Christensen <achristensen@webkit.org> >+ >+ Add a unit test for client certificate authentication >+ https://bugs.webkit.org/show_bug.cgi?id=197800 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Make better abstractions for reading and writing from/to TCPServer. >+ Add a unit test that causes a client certificate authentication challenge to happen. >+ >+ * TestWebKitAPI/TCPServer.cpp: >+ (TestWebKitAPI::TCPServer::TCPServer): >+ (TestWebKitAPI::TCPServer::read): >+ (TestWebKitAPI::TCPServer::write): >+ (TestWebKitAPI::TCPServer::respondWithChallengeThenOK): >+ (TestWebKitAPI::TCPServer::respondWithOK): >+ * TestWebKitAPI/TCPServer.h: >+ * TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm: >+ (credentialWithIdentity): >+ (-[ChallengeDelegate webView:didReceiveAuthenticationChallenge:completionHandler:]): >+ (TEST): >+ (-[ClientCertificateDelegate webView:didFinishNavigation:]): >+ (-[ClientCertificateDelegate webView:didReceiveAuthenticationChallenge:completionHandler:]): >+ (-[ClientCertificateDelegate challengeCount]): >+ (TestWebKitAPI::TEST): >+ (respondWithChallengeThenOK): Deleted. >+ (credentialWithIdentityAndKeychainPath): Deleted. >+ * TestWebKitAPI/Tests/WebKitCocoa/PDFLinkReferrer.mm: >+ (TEST): >+ * TestWebKitAPI/Tests/WebKitCocoa/Proxy.mm: >+ (TestWebKitAPI::TEST): >+ * TestWebKitAPI/Tests/WebKitCocoa/WKNavigationResponse.mm: >+ (TEST): >+ (readRequest): Deleted. >+ (writeResponse): Deleted. >+ * TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm: >+ (TestWebKitAPI::TEST): >+ (TestWebKitAPI::respondWithChallengeThenOK): Deleted. >+ > 2019-05-10 Chris Dumez <cdumez@apple.com> > > Do not wait until requestPermission() is called to fire deviceorientation events if permission was already granted >Index: Tools/TestWebKitAPI/TCPServer.cpp >=================================================================== >--- Tools/TestWebKitAPI/TCPServer.cpp (revision 245172) >+++ Tools/TestWebKitAPI/TCPServer.cpp (working copy) >@@ -30,6 +30,7 @@ > #include <thread> > #include <unistd.h> > #include <wtf/Optional.h> >+#include <wtf/text/Base64.h> > > extern "C" { > >@@ -38,6 +39,10 @@ struct X509; > struct SSL_CTX; > struct EVP_PKEY; > struct SSL_METHOD; >+struct X509_STORE_CTX { >+ void* unused; >+ X509 *cert; >+}; > struct pem_password_cb; > int BIO_free(BIO*); > int SSL_free(SSL*); >@@ -56,6 +61,15 @@ int SSL_CTX_use_PrivateKey(SSL_CTX*, EVP > SSL* SSL_new(SSL_CTX*); > int SSL_accept(SSL*); > int SSL_set_fd(SSL*, int); >+void SSL_CTX_set_verify(SSL_CTX*, int, int (*)(int, X509_STORE_CTX *)); >+void SSL_CTX_set_cert_verify_callback(SSL_CTX*, int (*)(X509_STORE_CTX*, void*), void*); >+int SSL_get_error(const SSL*, int); >+int SSL_read(SSL*, void*, int); >+int SSL_write(SSL*, const void*, int); >+int i2d_X509(X509*, unsigned char**); >+void OPENSSL_free(void*); >+#define SSL_VERIFY_PEER 0x01 >+#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 > > } // extern "C" > >@@ -92,6 +106,12 @@ template<> struct deleter<EVP_PKEY> { > EVP_PKEY_free(key); > } > }; >+template<> struct deleter<uint8_t[]> { >+ void operator()(uint8_t* buffer) >+ { >+ OPENSSL_free(buffer); >+ } >+}; > > TCPServer::TCPServer(Function<void(Socket)>&& connectionHandler, size_t connections) > : m_connectionHandler(WTFMove(connectionHandler)) >@@ -101,7 +121,7 @@ TCPServer::TCPServer(Function<void(Socke > > TCPServer::TCPServer(Protocol protocol, Function<void(SSL*)>&& secureConnectionHandler) > { >- auto startSecureConnection = [secureConnectionHandler = WTFMove(secureConnectionHandler)] (Socket socket) { >+ auto startSecureConnection = [secureConnectionHandler = WTFMove(secureConnectionHandler), protocol] (Socket socket) { > SSL_library_init(); > > std::unique_ptr<SSL_CTX, deleter<SSL_CTX>> ctx(SSL_CTX_new(SSLv23_server_method())); >@@ -129,6 +149,20 @@ TCPServer::TCPServer(Protocol protocol, > ASSERT(certX509); > SSL_CTX_use_certificate(ctx.get(), certX509.get()); > >+ if (protocol == Protocol::HTTPSWithClientCertificateRequest) { >+ SSL_CTX_set_verify(ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr); >+ SSL_CTX_set_cert_verify_callback(ctx.get(), [] (X509_STORE_CTX* store_ctx, void*) -> int { >+ uint8_t* bufferPointer = nullptr; >+ auto length = i2d_X509(store_ctx->cert, &bufferPointer); >+ std::unique_ptr<uint8_t[], deleter<uint8_t[]>> buffer(bufferPointer); >+ auto expectedCert = testCertificate(); >+ EXPECT_EQ(static_cast<int>(expectedCert.size()), length); >+ for (int i = 0; i < length; ++i) >+ EXPECT_EQ(buffer.get()[i], expectedCert[i]); >+ return 1; >+ }, nullptr); >+ } >+ > // This is a test key from BoringSSL. > char kKeyPEM[] = > "-----BEGIN RSA PRIVATE KEY-----\n" >@@ -164,6 +198,7 @@ TCPServer::TCPServer(Protocol protocol, > > switch (protocol) { > case Protocol::HTTPS: >+ case Protocol::HTTPSWithClientCertificateRequest: > m_connectionHandler = WTFMove(startSecureConnection); > break; > case Protocol::HTTPSProxy: >@@ -239,4 +274,182 @@ auto TCPServer::socketBindListen(size_t > return WTF::nullopt; > } > >+template<> Vector<uint8_t> TCPServer::read(Socket socket) >+{ >+ uint8_t buffer[1000]; >+ auto bytesRead = ::read(socket, buffer, sizeof(buffer)); >+ EXPECT_GT(bytesRead, 0); >+ EXPECT_TRUE(static_cast<size_t>(bytesRead) < sizeof(buffer)); >+ >+ Vector<uint8_t> vector; >+ vector.append(buffer, bytesRead); >+ return vector; >+} >+ >+template<> void TCPServer::write(Socket socket, const void* response, size_t length) >+{ >+ auto bytesWritten = ::write(socket, response, length); >+ EXPECT_EQ(static_cast<size_t>(bytesWritten), length); >+} >+ >+template<> Vector<uint8_t> TCPServer::read(SSL* ssl) >+{ >+ uint8_t buffer[1000]; >+ auto bytesRead = SSL_read(ssl, buffer, sizeof(buffer)); >+ EXPECT_GT(bytesRead, 0); >+ EXPECT_TRUE(static_cast<size_t>(bytesRead) < sizeof(buffer)); >+ >+ Vector<uint8_t> vector; >+ vector.append(buffer, bytesRead); >+ return vector; >+} >+ >+template<> void TCPServer::write(SSL* ssl, const void* response, size_t length) >+{ >+ auto bytesWritten = SSL_write(ssl, response, length); >+ EXPECT_EQ(static_cast<size_t>(bytesWritten), length); >+} >+ >+void TCPServer::respondWithChallengeThenOK(Socket socket) >+{ >+ read(socket); >+ >+ const char* challengeHeader = >+ "HTTP/1.1 401 Unauthorized\r\n" >+ "Date: Sat, 23 Mar 2019 06:29:01 GMT\r\n" >+ "Content-Length: 0\r\n" >+ "WWW-Authenticate: Basic realm=\"testrealm\"\r\n\r\n"; >+ write(socket, challengeHeader, strlen(challengeHeader)); >+ >+ read(socket); >+ >+ const char* responseHeader = >+ "HTTP/1.1 200 OK\r\n" >+ "Content-Length: 13\r\n\r\n" >+ "Hello, World!"; >+ write(socket, responseHeader, strlen(responseHeader)); >+} >+ >+void TCPServer::respondWithOK(SSL* ssl) >+{ >+ read(ssl); >+ >+ const char* reply = "" >+ "HTTP/1.1 200 OK\r\n" >+ "Content-Length: 34\r\n\r\n" >+ "<script>alert('success!')</script>"; >+ write(ssl, reply, strlen(reply)); >+} >+ >+Vector<uint8_t> TCPServer::testCertificate() >+{ >+ // Certificate and private key were generated by running this command: >+ // openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes >+ // and entering this information: >+ /* >+ Country Name (2 letter code) []:US >+ State or Province Name (full name) []:New Mexico >+ Locality Name (eg, city) []:Santa Fe >+ Organization Name (eg, company) []:Self >+ Organizational Unit Name (eg, section) []:Myself >+ Common Name (eg, fully qualified host name) []:Me >+ Email Address []:me@example.com >+ */ >+ >+ String pemEncodedCertificate("" >+ "MIIFgDCCA2gCCQCKHiPRU5MQuDANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMC" >+ "VVMxEzARBgNVBAgMCk5ldyBNZXhpY28xETAPBgNVBAcMCFNhbnRhIEZlMQ0wCwYD" >+ "VQQKDARTZWxmMQ8wDQYDVQQLDAZNeXNlbGYxCzAJBgNVBAMMAk1lMR0wGwYJKoZI" >+ "hvcNAQkBFg5tZUBleGFtcGxlLmNvbTAeFw0xOTAzMjMwNTUwMTRaFw0yMDAzMjIw" >+ "NTUwMTRaMIGBMQswCQYDVQQGEwJVUzETMBEGA1UECAwKTmV3IE1leGljbzERMA8G" >+ "A1UEBwwIU2FudGEgRmUxDTALBgNVBAoMBFNlbGYxDzANBgNVBAsMBk15c2VsZjEL" >+ "MAkGA1UEAwwCTWUxHTAbBgkqhkiG9w0BCQEWDm1lQGV4YW1wbGUuY29tMIICIjAN" >+ "BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3rhN4SPg8VY/PtGDNKY3T9JISgby" >+ "8YGMJx0vO+YZFZm3G3fsTUsyvDyEHwqp5abCZRB/By1PwWkNrfxn/XP8P034JPlE" >+ "6irViuAYQrqUh6k7ZR8CpOM5GEcRZgAUJGGQwNlOkEwaHnMGc8SsHurgDPh5XBpg" >+ "bDytd7BJuB1NoI/KJmhcajkAuV3varS+uPLofPHNqe+cL8hNnjZQwHWarP45ks4e" >+ "BcOD7twqxuHnVm/FWErpY8Ws5s1MrPThUdDahjEMf+YfDJ9KL8y304yS8J8feCxY" >+ "fcH4BvgLtJmBNHJgj3eND/EMZjJgz2FsBjrJk8kKD31cw+4Wp8UF4skWXCf46+mN" >+ "OHp13PeSCZLyF4ZAHazUVknDPcc2YNrWVV1i6n3T15kI0T5Z7bstdmALuSkE2cuJ" >+ "SVNO6gR+ZsVRTneuQxwWTU0MNEhAPFOX2BhGP5eisgEUzknxMJddFDn9Wxklu1Jh" >+ "gkzASA/+3AmlrFZMPhOhjEul0zjgNR5RBl1G8Hz92LAx5UEDBtdLg71I+I8AzQOh" >+ "d6LtBekECxA16pSappg5vcW9Z/8N6ZlsHnZ2FztA0nCOflkoO9iejOpcuFN4EVYD" >+ "xItwctKw1LCeND/s4kmoRRnXbX7k9O6cI1UUWM595Gsu5tPa33M5AZFCav2gOVuY" >+ "djppS0HOfo5hv6cCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAY8EWaAFEfw7OV+oD" >+ "XUZSIYXq3EH2E5p3q38AhIOLRjBuB+utyu7Q6rxMMHuw2TtsN+zbAR7yrjfsseA3" >+ "4TM1xe4Nk7NVNHRoZQ+C0Iqf9fvcioMvT1tTrma0MhKSjFQpx+PvyLVbD7YdP86L" >+ "meehKqU7h1pLGAiGwjoaZ9Ybh6Kuq/MTAHy3D8+wk7B36VBxF6diVlUPZJZQWKJy" >+ "MKy9G3sze1ZGt9WeE0AMvkN2HIef0HTKCUZ3eBvecOMijxL0WhWo5Qyf5k6ylCaU" >+ "2fx+M8DfDcwFo7tSgLxSK3GCFpxPfiDt6Qk8c9tQn5S1gY3t6LJuwVCFwUIXlNkB" >+ "JD7+cZ1Z/tCrEhzj3YCk0uUU8CifoU+4FG+HGFP+SPztsYE055mSj3+Esh+oyoVB" >+ "gBH90sE2T1i0eNI8f61oSgwYFeHsf7fC71XEXLFR+GwNdmwqlmwlDZEpTu7BoNN+" >+ "q7+Tfk1MRkJlL1PH6Yu/IPhZiNh4tyIqDOtlYfzp577A+OUU+q5PPRFRIsqheOxt" >+ "mNlHx4Uzd4U3ITfmogJazjqwYO2viBZY4jUQmyZs75eH/jiUFHWRsha3AdnW5LWa" >+ "G3PFnYbW8urH0NSJG/W+/9DA+Y7Aa0cs4TPpuBGZ0NU1W94OoCMo4lkO6H/y6Leu" >+ "3vjZD3y9kZk7mre9XHwkI8MdK5s="); >+ >+ Vector<uint8_t> vector; >+ base64Decode(pemEncodedCertificate, vector, WTF::Base64DecodeOptions::Base64Default); >+ return vector; >+} >+ >+Vector<uint8_t> TCPServer::testPrivateKey() >+{ >+ String pemEncodedPrivateKey("" >+ "MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDeuE3hI+DxVj8+" >+ "0YM0pjdP0khKBvLxgYwnHS875hkVmbcbd+xNSzK8PIQfCqnlpsJlEH8HLU/BaQ2t" >+ "/Gf9c/w/Tfgk+UTqKtWK4BhCupSHqTtlHwKk4zkYRxFmABQkYZDA2U6QTBoecwZz" >+ "xKwe6uAM+HlcGmBsPK13sEm4HU2gj8omaFxqOQC5Xe9qtL648uh88c2p75wvyE2e" >+ "NlDAdZqs/jmSzh4Fw4Pu3CrG4edWb8VYSuljxazmzUys9OFR0NqGMQx/5h8Mn0ov" >+ "zLfTjJLwnx94LFh9wfgG+Au0mYE0cmCPd40P8QxmMmDPYWwGOsmTyQoPfVzD7han" >+ "xQXiyRZcJ/jr6Y04enXc95IJkvIXhkAdrNRWScM9xzZg2tZVXWLqfdPXmQjRPlnt" >+ "uy12YAu5KQTZy4lJU07qBH5mxVFOd65DHBZNTQw0SEA8U5fYGEY/l6KyARTOSfEw" >+ "l10UOf1bGSW7UmGCTMBID/7cCaWsVkw+E6GMS6XTOOA1HlEGXUbwfP3YsDHlQQMG" >+ "10uDvUj4jwDNA6F3ou0F6QQLEDXqlJqmmDm9xb1n/w3pmWwednYXO0DScI5+WSg7" >+ "2J6M6ly4U3gRVgPEi3By0rDUsJ40P+ziSahFGddtfuT07pwjVRRYzn3kay7m09rf" >+ "czkBkUJq/aA5W5h2OmlLQc5+jmG/pwIDAQABAoICAGra/Cp/f0Xqvk9ST+Prt2/p" >+ "kNtLeDXclLSTcP0JCZHufQaFw+7VnFLpqe4GvLq9Bllcz8VOvQwrbe/CwNW+VxC8" >+ "RMjge2rqACgwGhOx1t87l46NkUQw7Ey0lCle8kr+MGgGGoZqrMFdKIRUoMv4nmQ6" >+ "tmc1FHv5pLRe9Q+Lp5nYQwGoYmZoUOueoOaOL08m49pGXQkiN8pJDMxSfO3Jvtsu" >+ "4cqIb6kOQ/dO1Is1CTvURld1IYLH7YuShi4ZEx2g2ac2Uyvt6YmxxvMmAjBSKpGd" >+ "loiepho3/NrDGUKdv3q9QYyzrA8w9GT32LDGqgBXJi1scBI8cExkp6P4iDllhv7s" >+ "vZsspvobRJa3O1zk863LHXa24JCnyuzimqezZ2Olh7l4olHoYD6UFC9jfd4KcHRg" >+ "1c4syqt/n8AK/1s1eBfS9dzb5Cfjt9MtKYslxvLzq1WwOINwz8rIYuRi0PcLm9hs" >+ "l+U0u/zB37eMgv6+iwDXk1fSjbuYsE/bETWYknKGNFFL5JSiKV7WCpmgNTTrrE4K" >+ "S8E6hR9uPOAaow7vPCCt4xLX/48l2EI6Zeq6qOpq1lJ2qcy8r4tyuQgNRLQMkZg1" >+ "AxQl6vnQ8Cu4iu+NIhef0y9Z7qkfNvZeCj5GlFB9c2YjV8Y2mdWfJB4qWK3Z/+MJ" >+ "QOTCKRz7/LxLNBUepRjJAoIBAQD3ZsV5tWU9ZSKcVJ9DC7TZk0P+lhcisZr0nL0t" >+ "PQuQO+pHvPI1MqRnNskHJhyPnqVCi+dp89tK/It590ULl8os6UC1FhytBPoT1YPd" >+ "WGWep2pOc7bVpi4ip31y+ImfgeZyJtMATdme3kBPAOe5NGE9Gig/l5nqLyb02sd1" >+ "QW7O0GdqLx3DpLw4SLlhMf6aE0uGRS8sfB085e4DGn54O2wEVuSZqZl5NNEf35Rz" >+ "Xgim3h+RWF1ZFSQzjB/smN0Zh+v3Iz7vEJ1h0ywV6o+GzvHkP9HE6gLIhtyV8OEw" >+ "vlyYk1Ga7pUVGRh8o8OMe6RR9DQi7JqC4eI7GckmBzaqzJcDAoIBAQDmde6ATew3" >+ "H9bQK6xnbMIncz/COpIISdlcFb23AHGEb4b4VhJFBNwxrNL6tHKSFLeYZFLhTdhx" >+ "PfXyULHNf5ozdEkl0WrleroDdogbCyWg5uJp9/Q68sbwbGr8CAlO7ZHYTrjuQf1K" >+ "AS9pCm77KP3k2d3UlG+pelDjXLoBziXq0NjxJpMz45vrIx8rSWzFNjMGjXT3fXaS" >+ "962k/0AXei5/bfuhBxlm7Pni0bQJIWFkeaUuGlrOaHDRxUiX1r9IZS9wv5lk1Ptg" >+ "idpbcWyw18cFGTvjdKhRbZH8EsbmzmNNsCGdgCMqFkKYsW16QKoCj/NAovI3n0qn" >+ "6VoRa0sGmTGNAoIBACl/mqZEsBuxSDHy29gSMZ7BXglpQa43HmfjlrPs5nCmLDEm" >+ "V3Zm7T7G6MeDNA0/LjdQYlvaZLFaVUb7HCDKsEYCRjFZ6St4hz4mdXz+Y+VN7b4F" >+ "GOkTe++iKp/LYsJXtsD1FDWb2WIVo7Hc1AGz8I+gQJoSIuYuTJmLzSM0+5JDUOV1" >+ "y8dSbaP/RuEv0qYjkGqQVk5e70SUyOzKV+ZxCThdHvFLiovTOTTgevUzE75xydfG" >+ "e7oCmtTurzgvl/69Vu5Ygij1n4CWPHHcq4CQW/DOZ7BhFGBwhrW79voHJF8PbwPO" >+ "+0DTudDGY3nAD5sTnF8zUuObYihJtfzj/t59fOMCggEBAIYuuBUASb62zQ4bv5/g" >+ "VRM/KSpfi9NDnEjfZ7x7h5zCiuVgx/ZjpAlQRO8vzV18roEOOKtx9cnJd8AEd+Hc" >+ "n93BoS1hx0mhsVh+1TRZwyjyBXYJpqwD2wz1Mz1XOIQ6EqbM/yPKTD2gfwg7yO53" >+ "qYxrxZsWagVVcG9Q+ARBERatTwLpoN+fcJLxuh4r/Ca/LepsxmOrKzTa/MGK1LhW" >+ "rWgIk2/ogEPLSptj2d1PEDO+GAzFz4VKjhW1NlUh9fGi6IJPLHLnBw3odbi0S8KT" >+ "gA9Z5+LBc5clotAP5rtQA8Wh/ZCEoPTKTTA2bjW2HMatJcbGmR0FpCQr3AM0Y1SO" >+ "MakCggEALru6QZ6YUwJJG45H1eq/rPdDY8tqqjJVViKoBVvzKj/XfJZYEVQiIw5p" >+ "uoGhDoyFuFUeIh/d1Jc2Iruy2WjoOkiQYtIugDHHxRrkLdQcjPhlCTCE/mmySJt+" >+ "bkUbiHIbQ8dJ5yj8SKr0bHzqEtOy9/JeRjkYGHC6bVWpq5FA2MBhf4dNjJ4UDlnT" >+ "vuePcTjr7nnfY1sztvfVl9D8dmgT+TBnOOV6yWj1gm5bS1DxQSLgNmtKxJ8tAh2u" >+ "dEObvcpShP22ItOVjSampRuAuRG26ZemEbGCI3J6Mqx3y6m+6HwultsgtdzDgrFe" >+ "qJfU8bbdbu2pi47Y4FdJK0HLffl5Rw=="); >+ >+ Vector<uint8_t> vector; >+ base64Decode(pemEncodedPrivateKey, vector, WTF::Base64DecodeOptions::Base64Default); >+ return vector; >+} >+ > } // namespace TestWebKitAPI >Index: Tools/TestWebKitAPI/TCPServer.h >=================================================================== >--- Tools/TestWebKitAPI/TCPServer.h (revision 245172) >+++ Tools/TestWebKitAPI/TCPServer.h (working copy) >@@ -29,11 +29,7 @@ > #include <wtf/Function.h> > #include <wtf/Vector.h> > >-extern "C" { > struct SSL; >-int SSL_read(SSL*, void*, int); >-int SSL_write(SSL*, const void*, int); >-} > > namespace TestWebKitAPI { > >@@ -44,14 +40,25 @@ public: > static constexpr Port InvalidPort = 0; > > TCPServer(Function<void(Socket)>&&, size_t connections = 1); >- enum class Protocol : bool { >- HTTPS, HTTPSProxy >+ enum class Protocol : uint8_t { >+ HTTPS, >+ HTTPSProxy, >+ HTTPSWithClientCertificateRequest, > }; > TCPServer(Protocol, Function<void(SSL*)>&&); > ~TCPServer(); > > Port port() const { return m_port; } > >+ static void respondWithOK(SSL*); >+ static void respondWithChallengeThenOK(Socket); >+ >+ template<typename T> static Vector<uint8_t> read(T); >+ template<typename T> static void write(T, const void*, size_t); >+ >+ static Vector<uint8_t> testPrivateKey(); >+ static Vector<uint8_t> testCertificate(); >+ > private: > Optional<Socket> socketBindListen(size_t connections); > void listenForConnections(size_t connections); >Index: Tools/TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm >=================================================================== >--- Tools/TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm (revision 245172) >+++ Tools/TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm (working copy) >@@ -33,141 +33,17 @@ > #import <WebKit/WKProcessPoolPrivate.h> > #import <WebKit/WKWebsiteDataRecordPrivate.h> > #import <wtf/RetainPtr.h> >+#import <wtf/spi/cocoa/SecuritySPI.h> > > static bool navigationFinished; > >-static void respondWithChallengeThenOK(int socket) >+static RetainPtr<NSURLCredential> credentialWithIdentity() > { >- char readBuffer[1000]; >- auto bytesRead = ::read(socket, readBuffer, sizeof(readBuffer)); >- EXPECT_GT(bytesRead, 0); >- EXPECT_TRUE(static_cast<size_t>(bytesRead) < sizeof(readBuffer)); >+ Vector<uint8_t> certificateBytes = TestWebKitAPI::TCPServer::testCertificate(); >+ RetainPtr<SecCertificateRef> certificate = adoptCF(SecCertificateCreateWithData(nullptr, (__bridge CFDataRef)[NSData dataWithBytes:certificateBytes.data() length:certificateBytes.size()])); > >- const char* challengeHeader = >- "HTTP/1.1 401 Unauthorized\r\n" >- "Date: Sat, 23 Mar 2019 06:29:01 GMT\r\n" >- "Content-Length: 0\r\n" >- "WWW-Authenticate: Basic realm=\"testrealm\"\r\n\r\n"; >- auto bytesWritten = ::write(socket, challengeHeader, strlen(challengeHeader)); >- EXPECT_EQ(static_cast<size_t>(bytesWritten), strlen(challengeHeader)); >- >- bytesRead = ::read(socket, readBuffer, sizeof(readBuffer)); >- EXPECT_GT(bytesRead, 0); >- EXPECT_TRUE(static_cast<size_t>(bytesRead) < sizeof(readBuffer)); >- >- const char* responseHeader = >- "HTTP/1.1 200 OK\r\n" >- "Content-Length: 13\r\n\r\n" >- "Hello, World!"; >- bytesWritten = ::write(socket, responseHeader, strlen(responseHeader)); >- EXPECT_EQ(static_cast<size_t>(bytesWritten), strlen(responseHeader)); >-} >- >-#if PLATFORM(MAC) >- >-static std::pair<RetainPtr<NSURLCredential>, RetainPtr<NSString>> credentialWithIdentityAndKeychainPath() >-{ >- // Certificate and private key were generated by running this command: >- // openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes >- // and entering this information: >- /* >- Country Name (2 letter code) []:US >- State or Province Name (full name) []:New Mexico >- Locality Name (eg, city) []:Santa Fe >- Organization Name (eg, company) []:Self >- Organizational Unit Name (eg, section) []:Myself >- Common Name (eg, fully qualified host name) []:Me >- Email Address []:me@example.com >- */ >- >- NSString *pemEncodedCertificate = @"" >- "MIIFgDCCA2gCCQCKHiPRU5MQuDANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMC" >- "VVMxEzARBgNVBAgMCk5ldyBNZXhpY28xETAPBgNVBAcMCFNhbnRhIEZlMQ0wCwYD" >- "VQQKDARTZWxmMQ8wDQYDVQQLDAZNeXNlbGYxCzAJBgNVBAMMAk1lMR0wGwYJKoZI" >- "hvcNAQkBFg5tZUBleGFtcGxlLmNvbTAeFw0xOTAzMjMwNTUwMTRaFw0yMDAzMjIw" >- "NTUwMTRaMIGBMQswCQYDVQQGEwJVUzETMBEGA1UECAwKTmV3IE1leGljbzERMA8G" >- "A1UEBwwIU2FudGEgRmUxDTALBgNVBAoMBFNlbGYxDzANBgNVBAsMBk15c2VsZjEL" >- "MAkGA1UEAwwCTWUxHTAbBgkqhkiG9w0BCQEWDm1lQGV4YW1wbGUuY29tMIICIjAN" >- "BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3rhN4SPg8VY/PtGDNKY3T9JISgby" >- "8YGMJx0vO+YZFZm3G3fsTUsyvDyEHwqp5abCZRB/By1PwWkNrfxn/XP8P034JPlE" >- "6irViuAYQrqUh6k7ZR8CpOM5GEcRZgAUJGGQwNlOkEwaHnMGc8SsHurgDPh5XBpg" >- "bDytd7BJuB1NoI/KJmhcajkAuV3varS+uPLofPHNqe+cL8hNnjZQwHWarP45ks4e" >- "BcOD7twqxuHnVm/FWErpY8Ws5s1MrPThUdDahjEMf+YfDJ9KL8y304yS8J8feCxY" >- "fcH4BvgLtJmBNHJgj3eND/EMZjJgz2FsBjrJk8kKD31cw+4Wp8UF4skWXCf46+mN" >- "OHp13PeSCZLyF4ZAHazUVknDPcc2YNrWVV1i6n3T15kI0T5Z7bstdmALuSkE2cuJ" >- "SVNO6gR+ZsVRTneuQxwWTU0MNEhAPFOX2BhGP5eisgEUzknxMJddFDn9Wxklu1Jh" >- "gkzASA/+3AmlrFZMPhOhjEul0zjgNR5RBl1G8Hz92LAx5UEDBtdLg71I+I8AzQOh" >- "d6LtBekECxA16pSappg5vcW9Z/8N6ZlsHnZ2FztA0nCOflkoO9iejOpcuFN4EVYD" >- "xItwctKw1LCeND/s4kmoRRnXbX7k9O6cI1UUWM595Gsu5tPa33M5AZFCav2gOVuY" >- "djppS0HOfo5hv6cCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAY8EWaAFEfw7OV+oD" >- "XUZSIYXq3EH2E5p3q38AhIOLRjBuB+utyu7Q6rxMMHuw2TtsN+zbAR7yrjfsseA3" >- "4TM1xe4Nk7NVNHRoZQ+C0Iqf9fvcioMvT1tTrma0MhKSjFQpx+PvyLVbD7YdP86L" >- "meehKqU7h1pLGAiGwjoaZ9Ybh6Kuq/MTAHy3D8+wk7B36VBxF6diVlUPZJZQWKJy" >- "MKy9G3sze1ZGt9WeE0AMvkN2HIef0HTKCUZ3eBvecOMijxL0WhWo5Qyf5k6ylCaU" >- "2fx+M8DfDcwFo7tSgLxSK3GCFpxPfiDt6Qk8c9tQn5S1gY3t6LJuwVCFwUIXlNkB" >- "JD7+cZ1Z/tCrEhzj3YCk0uUU8CifoU+4FG+HGFP+SPztsYE055mSj3+Esh+oyoVB" >- "gBH90sE2T1i0eNI8f61oSgwYFeHsf7fC71XEXLFR+GwNdmwqlmwlDZEpTu7BoNN+" >- "q7+Tfk1MRkJlL1PH6Yu/IPhZiNh4tyIqDOtlYfzp577A+OUU+q5PPRFRIsqheOxt" >- "mNlHx4Uzd4U3ITfmogJazjqwYO2viBZY4jUQmyZs75eH/jiUFHWRsha3AdnW5LWa" >- "G3PFnYbW8urH0NSJG/W+/9DA+Y7Aa0cs4TPpuBGZ0NU1W94OoCMo4lkO6H/y6Leu" >- "3vjZD3y9kZk7mre9XHwkI8MdK5s="; >- >- NSString *pemEncodedPrivateKey = @"" >- "MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDeuE3hI+DxVj8+" >- "0YM0pjdP0khKBvLxgYwnHS875hkVmbcbd+xNSzK8PIQfCqnlpsJlEH8HLU/BaQ2t" >- "/Gf9c/w/Tfgk+UTqKtWK4BhCupSHqTtlHwKk4zkYRxFmABQkYZDA2U6QTBoecwZz" >- "xKwe6uAM+HlcGmBsPK13sEm4HU2gj8omaFxqOQC5Xe9qtL648uh88c2p75wvyE2e" >- "NlDAdZqs/jmSzh4Fw4Pu3CrG4edWb8VYSuljxazmzUys9OFR0NqGMQx/5h8Mn0ov" >- "zLfTjJLwnx94LFh9wfgG+Au0mYE0cmCPd40P8QxmMmDPYWwGOsmTyQoPfVzD7han" >- "xQXiyRZcJ/jr6Y04enXc95IJkvIXhkAdrNRWScM9xzZg2tZVXWLqfdPXmQjRPlnt" >- "uy12YAu5KQTZy4lJU07qBH5mxVFOd65DHBZNTQw0SEA8U5fYGEY/l6KyARTOSfEw" >- "l10UOf1bGSW7UmGCTMBID/7cCaWsVkw+E6GMS6XTOOA1HlEGXUbwfP3YsDHlQQMG" >- "10uDvUj4jwDNA6F3ou0F6QQLEDXqlJqmmDm9xb1n/w3pmWwednYXO0DScI5+WSg7" >- "2J6M6ly4U3gRVgPEi3By0rDUsJ40P+ziSahFGddtfuT07pwjVRRYzn3kay7m09rf" >- "czkBkUJq/aA5W5h2OmlLQc5+jmG/pwIDAQABAoICAGra/Cp/f0Xqvk9ST+Prt2/p" >- "kNtLeDXclLSTcP0JCZHufQaFw+7VnFLpqe4GvLq9Bllcz8VOvQwrbe/CwNW+VxC8" >- "RMjge2rqACgwGhOx1t87l46NkUQw7Ey0lCle8kr+MGgGGoZqrMFdKIRUoMv4nmQ6" >- "tmc1FHv5pLRe9Q+Lp5nYQwGoYmZoUOueoOaOL08m49pGXQkiN8pJDMxSfO3Jvtsu" >- "4cqIb6kOQ/dO1Is1CTvURld1IYLH7YuShi4ZEx2g2ac2Uyvt6YmxxvMmAjBSKpGd" >- "loiepho3/NrDGUKdv3q9QYyzrA8w9GT32LDGqgBXJi1scBI8cExkp6P4iDllhv7s" >- "vZsspvobRJa3O1zk863LHXa24JCnyuzimqezZ2Olh7l4olHoYD6UFC9jfd4KcHRg" >- "1c4syqt/n8AK/1s1eBfS9dzb5Cfjt9MtKYslxvLzq1WwOINwz8rIYuRi0PcLm9hs" >- "l+U0u/zB37eMgv6+iwDXk1fSjbuYsE/bETWYknKGNFFL5JSiKV7WCpmgNTTrrE4K" >- "S8E6hR9uPOAaow7vPCCt4xLX/48l2EI6Zeq6qOpq1lJ2qcy8r4tyuQgNRLQMkZg1" >- "AxQl6vnQ8Cu4iu+NIhef0y9Z7qkfNvZeCj5GlFB9c2YjV8Y2mdWfJB4qWK3Z/+MJ" >- "QOTCKRz7/LxLNBUepRjJAoIBAQD3ZsV5tWU9ZSKcVJ9DC7TZk0P+lhcisZr0nL0t" >- "PQuQO+pHvPI1MqRnNskHJhyPnqVCi+dp89tK/It590ULl8os6UC1FhytBPoT1YPd" >- "WGWep2pOc7bVpi4ip31y+ImfgeZyJtMATdme3kBPAOe5NGE9Gig/l5nqLyb02sd1" >- "QW7O0GdqLx3DpLw4SLlhMf6aE0uGRS8sfB085e4DGn54O2wEVuSZqZl5NNEf35Rz" >- "Xgim3h+RWF1ZFSQzjB/smN0Zh+v3Iz7vEJ1h0ywV6o+GzvHkP9HE6gLIhtyV8OEw" >- "vlyYk1Ga7pUVGRh8o8OMe6RR9DQi7JqC4eI7GckmBzaqzJcDAoIBAQDmde6ATew3" >- "H9bQK6xnbMIncz/COpIISdlcFb23AHGEb4b4VhJFBNwxrNL6tHKSFLeYZFLhTdhx" >- "PfXyULHNf5ozdEkl0WrleroDdogbCyWg5uJp9/Q68sbwbGr8CAlO7ZHYTrjuQf1K" >- "AS9pCm77KP3k2d3UlG+pelDjXLoBziXq0NjxJpMz45vrIx8rSWzFNjMGjXT3fXaS" >- "962k/0AXei5/bfuhBxlm7Pni0bQJIWFkeaUuGlrOaHDRxUiX1r9IZS9wv5lk1Ptg" >- "idpbcWyw18cFGTvjdKhRbZH8EsbmzmNNsCGdgCMqFkKYsW16QKoCj/NAovI3n0qn" >- "6VoRa0sGmTGNAoIBACl/mqZEsBuxSDHy29gSMZ7BXglpQa43HmfjlrPs5nCmLDEm" >- "V3Zm7T7G6MeDNA0/LjdQYlvaZLFaVUb7HCDKsEYCRjFZ6St4hz4mdXz+Y+VN7b4F" >- "GOkTe++iKp/LYsJXtsD1FDWb2WIVo7Hc1AGz8I+gQJoSIuYuTJmLzSM0+5JDUOV1" >- "y8dSbaP/RuEv0qYjkGqQVk5e70SUyOzKV+ZxCThdHvFLiovTOTTgevUzE75xydfG" >- "e7oCmtTurzgvl/69Vu5Ygij1n4CWPHHcq4CQW/DOZ7BhFGBwhrW79voHJF8PbwPO" >- "+0DTudDGY3nAD5sTnF8zUuObYihJtfzj/t59fOMCggEBAIYuuBUASb62zQ4bv5/g" >- "VRM/KSpfi9NDnEjfZ7x7h5zCiuVgx/ZjpAlQRO8vzV18roEOOKtx9cnJd8AEd+Hc" >- "n93BoS1hx0mhsVh+1TRZwyjyBXYJpqwD2wz1Mz1XOIQ6EqbM/yPKTD2gfwg7yO53" >- "qYxrxZsWagVVcG9Q+ARBERatTwLpoN+fcJLxuh4r/Ca/LepsxmOrKzTa/MGK1LhW" >- "rWgIk2/ogEPLSptj2d1PEDO+GAzFz4VKjhW1NlUh9fGi6IJPLHLnBw3odbi0S8KT" >- "gA9Z5+LBc5clotAP5rtQA8Wh/ZCEoPTKTTA2bjW2HMatJcbGmR0FpCQr3AM0Y1SO" >- "MakCggEALru6QZ6YUwJJG45H1eq/rPdDY8tqqjJVViKoBVvzKj/XfJZYEVQiIw5p" >- "uoGhDoyFuFUeIh/d1Jc2Iruy2WjoOkiQYtIugDHHxRrkLdQcjPhlCTCE/mmySJt+" >- "bkUbiHIbQ8dJ5yj8SKr0bHzqEtOy9/JeRjkYGHC6bVWpq5FA2MBhf4dNjJ4UDlnT" >- "vuePcTjr7nnfY1sztvfVl9D8dmgT+TBnOOV6yWj1gm5bS1DxQSLgNmtKxJ8tAh2u" >- "dEObvcpShP22ItOVjSampRuAuRG26ZemEbGCI3J6Mqx3y6m+6HwultsgtdzDgrFe" >- "qJfU8bbdbu2pi47Y4FdJK0HLffl5Rw=="; >- >- NSData *derEncodedCertificate = [[[NSData alloc] initWithBase64EncodedString:pemEncodedCertificate options:0] autorelease]; >- RetainPtr<SecCertificateRef> certificate = adoptCF(SecCertificateCreateWithData(nullptr, (__bridge CFDataRef)derEncodedCertificate)); >- >- NSData *derEncodedPrivateKey = [[[NSData alloc] initWithBase64EncodedString:pemEncodedPrivateKey options:0] autorelease]; >+ Vector<uint8_t> privateKeyBytes = TestWebKitAPI::TCPServer::testPrivateKey(); >+ NSData *derEncodedPrivateKey = [NSData dataWithBytes:privateKeyBytes.data() length:privateKeyBytes.size()]; > NSDictionary* options = @{ > (id)kSecAttrKeyType: (id)kSecAttrKeyTypeRSA, > (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate, >@@ -179,32 +55,12 @@ static std::pair<RetainPtr<NSURLCredenti > EXPECT_NULL(error); > EXPECT_NOT_NULL(privateKey.get()); > >- SecKeychainRef keychainRef = nullptr; >- const char* keychainPassword = "testpassword"; >- NSString *keychainPath = [NSTemporaryDirectory() stringByAppendingPathComponent:@"TestKeychain"]; >- OSStatus status = SecKeychainCreate([keychainPath UTF8String], strlen(keychainPassword), keychainPassword, NO, nullptr, &keychainRef); >- EXPECT_TRUE(status == errSecSuccess); >- RetainPtr<SecKeychainRef> keychain = adoptCF(keychainRef); >- EXPECT_NOT_NULL(keychain); >- >- SecExternalItemType type = kSecItemTypePrivateKey; >- status = SecItemImport((__bridge CFDataRef)derEncodedPrivateKey, nullptr, nullptr, &type, 0, nullptr, keychain.get(), nullptr); >- EXPECT_TRUE(status == errSecSuccess); >- >- SecIdentityRef identityRef = nullptr; >- status = SecIdentityCreateWithCertificate(keychain.get(), certificate.get(), &identityRef); >- EXPECT_NOT_NULL(identityRef); >- EXPECT_TRUE(status == errSecSuccess); >- RetainPtr<SecIdentityRef> identity = adoptCF(identityRef); >+ RetainPtr<SecIdentityRef> identity = adoptCF(SecIdentityCreate(kCFAllocatorDefault, certificate.get(), privateKey.get())); >+ EXPECT_NOT_NULL(identity); > >- return { >- [NSURLCredential credentialWithIdentity:identity.get() certificates:@[(id)certificate.get()] persistence:NSURLCredentialPersistenceNone], >- keychainPath >- }; >+ return [NSURLCredential credentialWithIdentity:identity.get() certificates:@[(id)certificate.get()] persistence:NSURLCredentialPersistenceNone]; > } > >-static RetainPtr<NSString> keychainPath; >- > @interface ChallengeDelegate : NSObject <WKNavigationDelegate> > @end > >@@ -229,18 +85,15 @@ - (void)webView:(WKWebView *)webView did > EXPECT_TRUE([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic]); > EXPECT_EQ([(NSHTTPURLResponse *)challenge.failureResponse statusCode], 401); > >- auto pair = credentialWithIdentityAndKeychainPath(); >- completionHandler(NSURLSessionAuthChallengeUseCredential, pair.first.get()); >- keychainPath = WTFMove(pair.second); >+ completionHandler(NSURLSessionAuthChallengeUseCredential, credentialWithIdentity().get()); > } > > @end > >-namespace TestWebKitAPI { >- > TEST(Challenge, SecIdentity) > { >- TCPServer server(respondWithChallengeThenOK); >+ using namespace TestWebKitAPI; >+ TCPServer server(TCPServer::respondWithChallengeThenOK); > > auto webView = adoptNS([WKWebView new]); > auto delegate = adoptNS([ChallengeDelegate new]); >@@ -248,16 +101,60 @@ TEST(Challenge, SecIdentity) > [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:[NSString stringWithFormat:@"http://127.0.0.1:%d/", server.port()]]]]; > > Util::run(&navigationFinished); >+} >+ >+@interface ClientCertificateDelegate : NSObject <WKNavigationDelegate> { >+ size_t _challengeCount; >+ bool _receivedClientCertificateChallenge; >+} >+- (size_t)challengeCount; >+- (bool)receivedClientCertificateChallenge; >+@end >+ >+@implementation ClientCertificateDelegate >+ >+- (void)webView:(WKWebView *)webView didFinishNavigation:(null_unspecified WKNavigation *)navigation >+{ >+ navigationFinished = true; >+} >+ >+- (void)webView:(WKWebView *)webView didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential *))completionHandler >+{ >+ _challengeCount++; >+ >+ if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) >+ return completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]); > >- EXPECT_NOT_NULL(keychainPath.get()); >- NSError *error = nil; >- [[NSFileManager defaultManager] removeItemAtPath:keychainPath.get() error:&error]; >- EXPECT_NULL(error); >+ EXPECT_TRUE([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodClientCertificate]); >+ _receivedClientCertificateChallenge = true; >+ completionHandler(NSURLSessionAuthChallengeUseCredential, credentialWithIdentity().get()); > } > >-} // namespace TestWebKitAPI >+- (size_t)challengeCount >+{ >+ return _challengeCount; >+} >+ >+- (bool)receivedClientCertificateChallenge >+{ >+ return _receivedClientCertificateChallenge; >+} > >-#endif >+@end >+ >+TEST(Challenge, ClientCertificate) >+{ >+ using namespace TestWebKitAPI; >+ TCPServer server(TCPServer::Protocol::HTTPSWithClientCertificateRequest, TCPServer::respondWithOK); >+ >+ auto webView = adoptNS([WKWebView new]); >+ auto delegate = adoptNS([ClientCertificateDelegate new]); >+ [webView setNavigationDelegate:delegate.get()]; >+ [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:[NSString stringWithFormat:@"https://127.0.0.1:%d/", server.port()]]]]; >+ >+ Util::run(&navigationFinished); >+ EXPECT_EQ([delegate challengeCount], 2ull); >+} > > static bool receivedSecondChallenge; > static RetainPtr<NSURLCredential> persistentCredential; >@@ -290,7 +187,7 @@ - (void)webView:(WKWebView *)webView did > TEST(Challenge, BasicProposedCredential) > { > using namespace TestWebKitAPI; >- TCPServer server(respondWithChallengeThenOK, 2); >+ TCPServer server(TCPServer::respondWithChallengeThenOK, 2); > auto configuration = retainPtr([WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"BasicProposedCredentialPlugIn"]); > auto webView = adoptNS([[WKWebView alloc] initWithFrame:CGRectZero configuration:configuration.get()]); > auto delegate = adoptNS([ProposedCredentialDelegate new]); >@@ -406,16 +303,13 @@ namespace TestWebKitAPI { > TEST(WebKit, ServerTrust) > { > TCPServer server(TCPServer::Protocol::HTTPS, [] (SSL* ssl) { >- char requestBuffer[1000]; >- auto readResult = SSL_read(ssl, requestBuffer, sizeof(requestBuffer)); >- ASSERT_UNUSED(readResult, readResult > 0); >+ TCPServer::read(ssl); > > const char* reply = "" > "HTTP/1.1 200 OK\r\n" > "Content-Length: 13\r\n\r\n" > "Hello, World!"; >- auto writeResult = SSL_write(ssl, reply, strlen(reply)); >- ASSERT_UNUSED(writeResult, writeResult == static_cast<int>(strlen(reply))); >+ TCPServer::write(ssl, reply, strlen(reply)); > }); > > auto webView = adoptNS([WKWebView new]); >Index: Tools/TestWebKitAPI/Tests/WebKitCocoa/PDFLinkReferrer.mm >=================================================================== >--- Tools/TestWebKitAPI/Tests/WebKitCocoa/PDFLinkReferrer.mm (revision 245172) >+++ Tools/TestWebKitAPI/Tests/WebKitCocoa/PDFLinkReferrer.mm (working copy) >@@ -72,26 +72,24 @@ static RetainPtr<NSData> createPDFWithLi > > TEST(WebKit, PDFLinkReferrer) > { >- TestWebKitAPI::TCPServer server([] (int socket) { >- char readBuffer[1000]; >- memset(readBuffer, 0, 1000); >- >+ using namespace TestWebKitAPI; >+ TCPServer server([] (int socket) { > // This assumes all the data from the HTTP request is available to be read at once, > // which is probably an okay assumption. >- ::read(socket, readBuffer, 999); >+ Vector<uint8_t> request = TCPServer::read(socket); > > // Look for a referer header. >- char* currentLine = readBuffer; >+ const char* currentLine = reinterpret_cast<char*>(request.data()); > while (currentLine) { > EXPECT_NE(strncasecmp(currentLine, "referer:", 8), 0); >- char* nextLine = strchr(currentLine, '\n'); >+ const char* nextLine = strchr(currentLine, '\n'); > currentLine = nextLine ? nextLine + 1 : 0; > } > > const char* responseHeader = > "HTTP/1.1 200 OK\r\n" > "Content-Length: 0\r\n\r\n"; >- ::write(socket, responseHeader, strlen(responseHeader)); >+ TCPServer::write(socket, responseHeader, strlen(responseHeader)); > }); > > RetainPtr<TestWKWebView> webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600)]); >Index: Tools/TestWebKitAPI/Tests/WebKitCocoa/Proxy.mm >=================================================================== >--- Tools/TestWebKitAPI/Tests/WebKitCocoa/Proxy.mm (revision 245172) >+++ Tools/TestWebKitAPI/Tests/WebKitCocoa/Proxy.mm (working copy) >@@ -57,18 +57,7 @@ namespace TestWebKitAPI { > > TEST(WebKit, HTTPSProxy) > { >- TCPServer server(TCPServer::Protocol::HTTPSProxy, [] (SSL* ssl) { >- char requestBuffer[1000]; >- auto readResult = SSL_read(ssl, requestBuffer, sizeof(requestBuffer)); >- ASSERT_UNUSED(readResult, readResult > 0); >- >- const char* reply = "" >- "HTTP/1.1 200 OK\r\n" >- "Content-Length: 34\r\n\r\n" >- "<script>alert('success!')</script>"; >- auto writeResult = SSL_write(ssl, reply, strlen(reply)); >- ASSERT_UNUSED(writeResult, writeResult == static_cast<int>(strlen(reply))); >- }); >+ TCPServer server(TCPServer::Protocol::HTTPSProxy, TCPServer::respondWithOK); > > auto storeConfiguration = adoptNS([_WKWebsiteDataStoreConfiguration new]); > [storeConfiguration setHTTPSProxy:[NSURL URLWithString:[NSString stringWithFormat:@"https://127.0.0.1:%d/", server.port()]]]; >Index: Tools/TestWebKitAPI/Tests/WebKitCocoa/WKNavigationResponse.mm >=================================================================== >--- Tools/TestWebKitAPI/Tests/WebKitCocoa/WKNavigationResponse.mm (revision 245172) >+++ Tools/TestWebKitAPI/Tests/WebKitCocoa/WKNavigationResponse.mm (working copy) >@@ -195,41 +195,28 @@ - (void)webView:(WKWebView *)webView dec > > @end > >-static void readRequest(int socket) >-{ >- char readBuffer[1000]; >- auto bytesRead = ::read(socket, readBuffer, sizeof(readBuffer)); >- EXPECT_GT(bytesRead, 0); >- EXPECT_TRUE(static_cast<size_t>(bytesRead) < sizeof(readBuffer)); >-} >- >-static void writeResponse(int socket, NSString *response) >-{ >- const char* bytes = response.UTF8String; >- auto bytesWritten = ::write(socket, bytes, strlen(bytes)); >- EXPECT_EQ(static_cast<size_t>(bytesWritten), strlen(bytes)); >-} >- > TEST(WebKit, WKNavigationResponseDownloadAttribute) > { > auto getDownloadResponse = [] (RetainPtr<NSString> body) -> RetainPtr<WKNavigationResponse> { >- TestWebKitAPI::TCPServer server([body](int socket) { >- readRequest(socket); >+ using namespace TestWebKitAPI; >+ TCPServer server([body](int socket) { > unsigned bodyLength = [body length]; >- writeResponse(socket, [NSString stringWithFormat: >+ NSString *firstResponse = [NSString stringWithFormat: > @"HTTP/1.1 200 OK\r\n" > "Content-Length: %d\r\n\r\n" > "%@", > bodyLength, > body.get() >- ]); >- readRequest(socket); >- writeResponse(socket, >- @"HTTP/1.1 200 OK\r\n" >+ ]; >+ NSString *secondResponse = @"HTTP/1.1 200 OK\r\n" > "Content-Length: 6\r\n" > "Content-Disposition: attachment; filename=fromHeader.txt;\r\n\r\n" >- "Hello!" >- ); >+ "Hello!"; >+ >+ TCPServer::read(socket); >+ TCPServer::write(socket, firstResponse.UTF8String, firstResponse.length); >+ TCPServer::read(socket); >+ TCPServer::write(socket, secondResponse.UTF8String, secondResponse.length); > }); > auto delegate = adoptNS([NavigationResponseTestDelegate new]); > auto webView = adoptNS([WKWebView new]); >Index: Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm >=================================================================== >--- Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm (revision 245172) >+++ Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm (working copy) >@@ -110,36 +110,9 @@ TEST(WKWebsiteDataStore, RemoveEphemeral > TestWebKitAPI::Util::run(&done); > } > >-static void respondWithChallengeThenOK(int socket) >-{ >- char readBuffer[1000]; >- auto bytesRead = ::read(socket, readBuffer, sizeof(readBuffer)); >- EXPECT_GT(bytesRead, 0); >- EXPECT_TRUE(static_cast<size_t>(bytesRead) < sizeof(readBuffer)); >- >- const char* challengeHeader = >- "HTTP/1.1 401 Unauthorized\r\n" >- "Date: Sat, 23 Mar 2019 06:29:01 GMT\r\n" >- "Content-Length: 0\r\n" >- "WWW-Authenticate: Basic realm=\"testrealm\"\r\n\r\n"; >- auto bytesWritten = ::write(socket, challengeHeader, strlen(challengeHeader)); >- EXPECT_EQ(static_cast<size_t>(bytesWritten), strlen(challengeHeader)); >- >- bytesRead = ::read(socket, readBuffer, sizeof(readBuffer)); >- EXPECT_GT(bytesRead, 0); >- EXPECT_TRUE(static_cast<size_t>(bytesRead) < sizeof(readBuffer)); >- >- const char* responseHeader = >- "HTTP/1.1 200 OK\r\n" >- "Content-Length: 13\r\n\r\n" >- "Hello, World!"; >- bytesWritten = ::write(socket, responseHeader, strlen(responseHeader)); >- EXPECT_EQ(static_cast<size_t>(bytesWritten), strlen(responseHeader)); >-} >- > TEST(WKWebsiteDataStore, FetchNonPersistentCredentials) > { >- TCPServer server(respondWithChallengeThenOK); >+ TCPServer server(TCPServer::respondWithChallengeThenOK); > > usePersistentCredentialStorage = false; > auto configuration = adoptNS([WKWebViewConfiguration new]); >@@ -164,7 +137,7 @@ TEST(WKWebsiteDataStore, FetchNonPersist > > TEST(WKWebsiteDataStore, FetchPersistentCredentials) > { >- TCPServer server(respondWithChallengeThenOK); >+ TCPServer server(TCPServer::respondWithChallengeThenOK); > > usePersistentCredentialStorage = true; > auto websiteDataStore = [WKWebsiteDataStore defaultDataStore]; >@@ -202,7 +175,7 @@ TEST(WKWebsiteDataStore, FetchPersistent > > TEST(WKWebsiteDataStore, RemovePersistentCredentials) > { >- TCPServer server(respondWithChallengeThenOK); >+ TCPServer server(TCPServer::respondWithChallengeThenOK); > > usePersistentCredentialStorage = true; > auto websiteDataStore = [WKWebsiteDataStore defaultDataStore]; >@@ -253,7 +226,7 @@ TEST(WKWebsiteDataStore, RemovePersisten > > TEST(WKWebsiteDataStore, RemoveNonPersistentCredentials) > { >- TCPServer server(respondWithChallengeThenOK); >+ TCPServer server(TCPServer::respondWithChallengeThenOK); > > usePersistentCredentialStorage = false; > auto configuration = adoptNS([WKWebViewConfiguration new]);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=369609">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 197800
:
369609
|
369610
|
369630
|
369849
|
370070