Attachment 340928 Details for Bug 185848 – Patch

[patch] Patch

bug-185848-20180521171601.patch (text/plain), 43.91 KB, created by Jiewen Tan on 2018-05-21 17:16:02 PDT

(hide)

Description:

Filename:

MIME Type:

Creator: Jiewen Tan

Created: 2018-05-21 17:16:02 PDT

Size: 43.91 KB

patch

obsolete

>Subversion Revision: 231917
>diff --git a/Source/WTF/ChangeLog b/Source/WTF/ChangeLog
>index fa290f04f914c02cb356c1b31a0500767546bea3..1e328ac7f82eae00fe90ee61f0ce5802daaf81f2 100644
>--- a/Source/WTF/ChangeLog
>+++ b/Source/WTF/ChangeLog
>@@ -1,3 +1,15 @@
>+2018-05-21  Jiewen Tan  <jiewen_tan@apple.com>
>+
>+        Adopt SecKeyProxy SPI in certificate based challenge response code
>+        https://bugs.webkit.org/show_bug.cgi?id=185848
>+        <rdar://problem/34586181>
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Add a condition macro to determine if SecKeyProxy SPI exists.
>+
>+        * wtf/Platform.h:
>+
> 2018-05-17  Jiewen Tan  <jiewen_tan@apple.com>
> 
>         Convert CertificateInfo into Credential in UI Process instead of Networking Process
>diff --git a/Source/WebCore/PAL/ChangeLog b/Source/WebCore/PAL/ChangeLog
>index 0b97a9b9e84962e6d9b2e8126bdca13efe8858d2..6205c6a18e008c78157e7f47e71288b0229f3e5d 100644
>--- a/Source/WebCore/PAL/ChangeLog
>+++ b/Source/WebCore/PAL/ChangeLog
>@@ -1,3 +1,17 @@
>+2018-05-21  Jiewen Tan  <jiewen_tan@apple.com>
>+
>+        Adopt SecKeyProxy SPI in certificate based challenge response code
>+        https://bugs.webkit.org/show_bug.cgi?id=185848
>+        <rdar://problem/34586181>
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Add SPIs to support SecKeyProxy and convert xpc_endpoint_t to NSXPCListenerEndpoint vice versa.
>+
>+        * PAL.xcodeproj/project.pbxproj:
>+        * pal/spi/cocoa/NSXPCConnectionSPI.h: Added.
>+        * pal/spi/cocoa/SecKeyProxySPI.h: Added.
>+
> 2018-05-16  Andy VanWagoner  <andy@vanwagoner.family>
> 
>         Add support for Intl NumberFormat formatToParts
>diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
>index f996e971c73784d0c99f24262e4e83031a62e6de..c8b4b2b280c63b1dffe7d665dc672dd9cede08bc 100644
>--- a/Source/WebKit/ChangeLog
>+++ b/Source/WebKit/ChangeLog
>@@ -1,3 +1,59 @@
>+2018-05-21  Jiewen Tan  <jiewen_tan@apple.com>
>+
>+        Adopt SecKeyProxy SPI in certificate based challenge response code
>+        https://bugs.webkit.org/show_bug.cgi?id=185848
>+        <rdar://problem/34586181>
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        This patch adopts SecKeyProxy SPI in HTTPS client certificate authentication code.
>+        1) SecKeyProxy is a new SPI to relay crypto operations from one process to another. The owner process of the proxy
>+        will behave like a server, and other owners of the SecKeys created from the proxy's endpoints will then behave
>+        like clients. This client-server model allows more restricted sandbox for client processes, and meanwhile permits
>+        them to relay crypto operations to the server process while maintaining the same SecKey interfaces alike local operations.
>+        2) Because of the client-server model, the server process, i.e. the UI Process in our case, needs to keep the proxy
>+        object alive long enough for the client process, i.e. Network Processes in our case, to finish all operations, and destroys
>+        the proxy object afterwards. The ideal place to hold such a proxy is WebsiteDataStore such that proxies could live with the
>+        corresponding network session.
>+        3) A new class called SecKeyProxyStore is then created to bind the lifetime of SecKeyProxy to the WebsiteDataStore while initializes
>+        it correctly. The time while the authentication process reaches WebPageProxy::didReceiveAuthenticationChallengeProxy where we have
>+        accesses to the WebsiteDataStore, we haven't yet be able to determine the Credential to authenticate the challenge. Therefore, we
>+        have to reserve a place in the WebsiteDataStore ahead and then fill it with the right Credential. That's why SecKeyProxyStore exists.
>+        In WebPageProxy::didReceiveAuthenticationChallengeProxy, we create a strong reference of SecKeyProxyStore which will eventually hold
>+        a strong reference of the SecKeyProxy, and move it to the WebsiteDataStore. And then we create a weak reference of SecKeyProxyStore
>+        and move it to the AuthenticationChallenge. Such that we indirectly bind the lifetime of SecKeyProxy to the WebsiteDataStore through
>+        the strong reference and also we can initialize the proxy through the weak reference while a credential is finally determined.
>+        4) Endpoints of the SecKeyProxy will be passed to the Network Process for creating the 'remote' SecKey. However, those endpoints are
>+        of NSXPCListenerEndpoint type, which can only be passed with xpc connections and are not compatible with our IPC mechanism. In order
>+        to pass endpoints around, this patch reuses the xpc connection that is used to bootstrap Network Processes from the UI Process. To do
>+        so, it sends xpc messages at the palace where original IPC messages are sent and overwrites the boostrap listener of the xpc connection
>+        when Network Process is initialized. From the listener, it continues the original authentication code path.
>+        5) Tests, again, are manually covered by tlstestwebkit.org. Noted, the prompting Keychain dialog in macOS should say Safari instead of
>+        "com.apple.WebKit.Networking*" now.
>+
>+        * Shared/Authentication/AuthenticationManager.h:
>+        * Shared/AuthenticationManagerCocoa.mm: Added.
>+        (WebKit::AuthenticationManager::initializeConnection):
>+        * UIProcess/Authentication/AuthenticationChallengeProxy.cpp:
>+        (WebKit::AuthenticationChallengeProxy::useCredential):
>+        (WebKit::AuthenticationChallengeProxy::setSecKeyProxyStore):
>+        * UIProcess/Authentication/AuthenticationChallengeProxy.h:
>+        * UIProcess/Authentication/cocoa/AuthenticationChallengeProxyCocoa.mm: Added.
>+        (WebKit::AuthenticationChallengeProxy::sendClientCertificateCredentialOverXpc const):
>+        * UIProcess/Authentication/cocoa/SecKeyProxyStore.h: Added.
>+        (WebKit::SecKeyProxyStore::create):
>+        (WebKit::SecKeyProxyStore::isInitialized const):
>+        (WebKit::SecKeyProxyStore::get const):
>+        (WebKit::SecKeyProxyStore::weakPtrFactory const):
>+        * UIProcess/Authentication/cocoa/SecKeyProxyStore.mm: Added.
>+        (WebKit::SecKeyProxyStore::initialize):
>+        * UIProcess/WebPageProxy.cpp:
>+        (WebKit::WebPageProxy::didReceiveAuthenticationChallengeProxy):
>+        * UIProcess/WebsiteData/WebsiteDataStore.cpp:
>+        (WebKit::WebsiteDataStore::addSecKeyProxyStore):
>+        * UIProcess/WebsiteData/WebsiteDataStore.h:
>+        * WebKit.xcodeproj/project.pbxproj:
>+
> 2018-05-17  Carlos Alberto Lopez Perez  <clopez@igalia.com>
> 
>         [WPE] Implement and enable FULLSCREEN_API
>diff --git a/Source/WTF/wtf/Platform.h b/Source/WTF/wtf/Platform.h
>index 0fa30bebd83202faca01ad94e8e230ead1f8dc45..23d5bae9804d25fbb9962dfd7f840f67e629b7e0 100644
>--- a/Source/WTF/wtf/Platform.h
>+++ b/Source/WTF/wtf/Platform.h
>@@ -1319,6 +1319,7 @@
> 
> #if (PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 120000) || (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400)
> #define ENABLE_ACCESSIBILITY_EVENTS 1
>+#define HAVE_SEC_KEY_PROXY 1
> #endif
> 
> #endif /* WTF_Platform_h */
>diff --git a/Source/WebCore/PAL/PAL.xcodeproj/project.pbxproj b/Source/WebCore/PAL/PAL.xcodeproj/project.pbxproj
>index 6f9e744a4a9c233fdd1f81c155b3f3b52831110d..8109bf5ace3b831ef191f4d3dd27f6c5596a4859 100644
>--- a/Source/WebCore/PAL/PAL.xcodeproj/project.pbxproj
>+++ b/Source/WebCore/PAL/PAL.xcodeproj/project.pbxproj
>@@ -108,6 +108,8 @@
> 		1C4876E01F8D837500CCEEBD /* LoggingCocoa.mm in Sources */ = {isa = PBXBuildFile; fileRef = 1C4876DF1F8D837500CCEEBD /* LoggingCocoa.mm */; };
> 		2D02E93C2056FAA700A13797 /* AudioToolboxSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 2D02E93B2056FAA700A13797 /* AudioToolboxSPI.h */; };
> 		31308B1420A21705003FB929 /* SystemPreviewSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 31308B1320A21705003FB929 /* SystemPreviewSPI.h */; };
>+		570AB8F120AE2E8D00B8BE87 /* SecKeyProxySPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 570AB8F020AE2E8D00B8BE87 /* SecKeyProxySPI.h */; };
>+		570AB8F920AF6E3D00B8BE87 /* NSXPCConnectionSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 570AB8F820AF6E3D00B8BE87 /* NSXPCConnectionSPI.h */; };
> 		57F12518205787D7001AB8A6 /* DeviceIdentitySPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 57F12517205787C8001AB8A6 /* DeviceIdentitySPI.h */; };
> 		7A1656441F97B2B900BA3CE4 /* NSKeyedArchiverSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 7A1656431F97B2B800BA3CE4 /* NSKeyedArchiverSPI.h */; };
> 		A10265871F56746100B4C844 /* FoundationSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = A10265861F56746100B4C844 /* FoundationSPI.h */; };
>@@ -255,6 +257,8 @@
> 		1C67CEA21E32EE2600F80F2E /* Version.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = Version.xcconfig; sourceTree = "<group>"; };
> 		2D02E93B2056FAA700A13797 /* AudioToolboxSPI.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AudioToolboxSPI.h; sourceTree = "<group>"; };
> 		31308B1320A21705003FB929 /* SystemPreviewSPI.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SystemPreviewSPI.h; sourceTree = "<group>"; };
>+		570AB8F020AE2E8D00B8BE87 /* SecKeyProxySPI.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecKeyProxySPI.h; sourceTree = "<group>"; };
>+		570AB8F820AF6E3D00B8BE87 /* NSXPCConnectionSPI.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = NSXPCConnectionSPI.h; sourceTree = "<group>"; };
> 		57F12517205787C8001AB8A6 /* DeviceIdentitySPI.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = DeviceIdentitySPI.h; sourceTree = "<group>"; };
> 		7A1656431F97B2B800BA3CE4 /* NSKeyedArchiverSPI.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NSKeyedArchiverSPI.h; sourceTree = "<group>"; };
> 		93E5909C1F93BF1E0067F8CF /* UnencodableHandling.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = UnencodableHandling.h; sourceTree = "<group>"; };
>@@ -383,9 +387,11 @@
> 				0C2DA1361F3BEB4900DBC317 /* NSURLConnectionSPI.h */,
> 				0C2DA1371F3BEB4900DBC317 /* NSURLDownloadSPI.h */,
> 				0C2DA1381F3BEB4900DBC317 /* NSURLFileTypeMappingsSPI.h */,
>+				570AB8F820AF6E3D00B8BE87 /* NSXPCConnectionSPI.h */,
> 				0C2DA1391F3BEB4900DBC317 /* PassKitSPI.h */,
> 				0C2DA13A1F3BEB4900DBC317 /* pthreadSPI.h */,
> 				0C2DA13B1F3BEB4900DBC317 /* QuartzCoreSPI.h */,
>+				570AB8F020AE2E8D00B8BE87 /* SecKeyProxySPI.h */,
> 				0C2DA13C1F3BEB4900DBC317 /* ServersSPI.h */,
> 				0C2DA12B1F3BEB4900DBC317 /* URLFormattingSPI.h */,
> 				0C2DA13D1F3BEB4900DBC317 /* WebFilterEvaluatorSPI.h */,
>@@ -691,6 +697,7 @@
> 				0C2DA1541F3BEB4900DBC317 /* NSURLFileTypeMappingsSPI.h in Headers */,
> 				0C77859C1F45130F00F4EBB6 /* NSViewSPI.h in Headers */,
> 				0C77859D1F45130F00F4EBB6 /* NSWindowSPI.h in Headers */,
>+				570AB8F920AF6E3D00B8BE87 /* NSXPCConnectionSPI.h in Headers */,
> 				0C5AF91F1F43A4C7002EAC02 /* OpenGLESSPI.h in Headers */,
> 				0C2DA1551F3BEB4900DBC317 /* PassKitSPI.h in Headers */,
> 				0C77859E1F45130F00F4EBB6 /* PIPSPI.h in Headers */,
>@@ -701,6 +708,7 @@
> 				A102658B1F56748C00B4C844 /* QuickDrawSPI.h in Headers */,
> 				0C7785A01F45130F00F4EBB6 /* QuickLookMacSPI.h in Headers */,
> 				0C5AF9201F43A4C7002EAC02 /* QuickLookSPI.h in Headers */,
>+				570AB8F120AE2E8D00B8BE87 /* SecKeyProxySPI.h in Headers */,
> 				0C2DA1581F3BEB4900DBC317 /* ServersSPI.h in Headers */,
> 				A3C66CDD1F462D6A009E6EE9 /* SessionID.h in Headers */,
> 				A3AB6E561F3D1DDB009C14B1 /* SleepDisabler.h in Headers */,
>diff --git a/Source/WebCore/PAL/pal/spi/cocoa/NSXPCConnectionSPI.h b/Source/WebCore/PAL/pal/spi/cocoa/NSXPCConnectionSPI.h
>new file mode 100644
>index 0000000000000000000000000000000000000000..0b62a364aecb0b76d4548b52b4122533d02ff123
>--- /dev/null
>+++ b/Source/WebCore/PAL/pal/spi/cocoa/NSXPCConnectionSPI.h
>@@ -0,0 +1,46 @@
>+/*
>+ * Copyright (C) 2018 Apple Inc. All rights reserved.
>+ *
>+ * Redistribution and use in source and binary forms, with or without
>+ * modification, are permitted provided that the following conditions
>+ * are met:
>+ * 1. Redistributions of source code must retain the above copyright
>+ *    notice, this list of conditions and the following disclaimer.
>+ * 2. Redistributions in binary form must reproduce the above copyright
>+ *    notice, this list of conditions and the following disclaimer in the
>+ *    documentation and/or other materials provided with the distribution.
>+ *
>+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
>+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
>+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
>+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
>+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
>+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
>+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
>+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
>+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
>+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
>+ * THE POSSIBILITY OF SUCH DAMAGE.
>+ */
>+
>+#pragma once
>+
>+#if USE(APPLE_INTERNAL_SDK)
>+
>+#import <Foundation/NSXPCConnection_Private.h>
>+
>+#else
>+
>+#import <Foundation/NSXPCConnection.h>
>+#import <xpc/xpc.h>
>+
>+NS_ASSUME_NONNULL_BEGIN
>+
>+@interface NSXPCListenerEndpoint (NSPrivate)
>+- (xpc_endpoint_t)_endpoint API_AVAILABLE(macos(10.8), ios(6.0), watchos(2.0), tvos(9.0));
>+- (void)_setEndpoint:(xpc_endpoint_t)endpoint API_AVAILABLE(macos(10.9), ios(7.0), watchos(2.0), tvos(9.0));
>+@end
>+
>+NS_ASSUME_NONNULL_END
>+
>+#endif // USE(APPLE_INTERNAL_SDK)
>diff --git a/Source/WebCore/PAL/pal/spi/cocoa/SecKeyProxySPI.h b/Source/WebCore/PAL/pal/spi/cocoa/SecKeyProxySPI.h
>new file mode 100644
>index 0000000000000000000000000000000000000000..85b2837e259105db4dda97ada44a7729f4417640
>--- /dev/null
>+++ b/Source/WebCore/PAL/pal/spi/cocoa/SecKeyProxySPI.h
>@@ -0,0 +1,62 @@
>+/*
>+ * Copyright (C) 2018 Apple Inc. All rights reserved.
>+ *
>+ * Redistribution and use in source and binary forms, with or without
>+ * modification, are permitted provided that the following conditions
>+ * are met:
>+ * 1. Redistributions of source code must retain the above copyright
>+ *    notice, this list of conditions and the following disclaimer.
>+ * 2. Redistributions in binary form must reproduce the above copyright
>+ *    notice, this list of conditions and the following disclaimer in the
>+ *    documentation and/or other materials provided with the distribution.
>+ *
>+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
>+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
>+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
>+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
>+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
>+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
>+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
>+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
>+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
>+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
>+ * THE POSSIBILITY OF SUCH DAMAGE.
>+ */
>+
>+#pragma once
>+
>+#if HAVE(SEC_KEY_PROXY)
>+
>+#if USE(APPLE_INTERNAL_SDK)
>+
>+#import <Security/SecKeyProxy.h>
>+
>+#else
>+
>+#import <Foundation/Foundation.h>
>+#include <Security/SecBase.h>
>+#include <Security/SecKey.h>
>+
>+NS_ASSUME_NONNULL_BEGIN
>+@interface SecKeyProxy : NSObject {
>+@private
>+    id _key;
>+    NSData * _Nullable _certificate;
>+    NSXPCListener *_listener;
>+}
>+// Creates new proxy instance. Proxy holds reference to the target key or identity and allows remote access to that target key as long as the proxy instance is kept alive.
>+- (instancetype)initWithKey:(SecKeyRef)key;
>+- (instancetype)initWithIdentity:(SecIdentityRef)identity;
>+// Retrieve endpoint to this proxy instance. Endpoint can be transferred over NSXPCConnection and passed to +[createKeyFromEndpoint:error:] method.
>+@property (readonly, nonatomic) NSXPCListenerEndpoint *endpoint;
>+// Invalidates all connections to this proxy.
>+- (void)invalidate;
>+// Creates new SecKey/SecIdentity object which forwards all operations to the target SecKey identified by endpoint. Returned SecKeyRef can be used as long as target SecKeyProxy instance is kept alive.
>++ (nullable SecKeyRef)createKeyFromEndpoint:(NSXPCListenerEndpoint *)endpoint error:(NSError **)error;
>++ (nullable SecIdentityRef)createIdentityFromEndpoint:(NSXPCListenerEndpoint *)endpoint error:(NSError **)error;
>+@end
>+NS_ASSUME_NONNULL_END
>+
>+#endif // USE(APPLE_INTERNAL_SDK)
>+
>+#endif // HAVE(SEC_KEY_PROXY)
>diff --git a/Source/WebKit/Shared/Authentication/AuthenticationManager.h b/Source/WebKit/Shared/Authentication/AuthenticationManager.h
>index 2c669bafe19168373b95c26bf76b1ab47ab7d8a2..4b14ddeddcfbb73eb8efebf47a8bcc21565641ac 100644
>--- a/Source/WebKit/Shared/Authentication/AuthenticationManager.h
>+++ b/Source/WebKit/Shared/Authentication/AuthenticationManager.h
>@@ -33,6 +33,7 @@
> #include <wtf/CompletionHandler.h>
> #include <wtf/Forward.h>
> #include <wtf/HashMap.h>
>+#include <wtf/WeakPtr.h>
> 
> namespace IPC {
> class MessageSender;
>@@ -91,6 +92,11 @@ private:
>         WebCore::AuthenticationChallenge challenge;
>         ChallengeCompletionHandler completionHandler;
>     };
>+
>+#if HAVE(SEC_KEY_PROXY)
>+    // NetworkProcessSupplement
>+    void initializeConnection(IPC::Connection*) final;
>+#endif
>     
>     // IPC::MessageReceiver
>     void didReceiveMessage(IPC::Connection&, IPC::Decoder&) override;
>@@ -109,6 +115,8 @@ private:
>     ChildProcess& m_process;
> 
>     HashMap<uint64_t, Challenge> m_challenges;
>+
>+    WeakPtrFactory<AuthenticationManager> m_weakPtrFactory;
> };
> 
> } // namespace WebKit
>diff --git a/Source/WebKit/Shared/AuthenticationManagerCocoa.mm b/Source/WebKit/Shared/AuthenticationManagerCocoa.mm
>new file mode 100644
>index 0000000000000000000000000000000000000000..c7415ba178038a091aa20daea1ea00f7cea22d59
>--- /dev/null
>+++ b/Source/WebKit/Shared/AuthenticationManagerCocoa.mm
>@@ -0,0 +1,91 @@
>+/*
>+ * Copyright (C) 2018 Apple Inc. All rights reserved.
>+ *
>+ * Redistribution and use in source and binary forms, with or without
>+ * modification, are permitted provided that the following conditions
>+ * are met:
>+ * 1. Redistributions of source code must retain the above copyright
>+ *    notice, this list of conditions and the following disclaimer.
>+ * 2. Redistributions in binary form must reproduce the above copyright
>+ *    notice, this list of conditions and the following disclaimer in the
>+ *    documentation and/or other materials provided with the distribution.
>+ *
>+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
>+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
>+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
>+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
>+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
>+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
>+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
>+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
>+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
>+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
>+ * THE POSSIBILITY OF SUCH DAMAGE.
>+ */
>+
>+#import "config.h"
>+#import "AuthenticationManager.h"
>+
>+#if HAVE(SEC_KEY_PROXY)
>+
>+#import "Connection.h"
>+#import <pal/spi/cocoa/NSXPCConnectionSPI.h>
>+#import <pal/spi/cocoa/SecKeyProxySPI.h>
>+#import <wtf/MainThread.h>
>+
>+namespace WebKit {
>+
>+void AuthenticationManager::initializeConnection(IPC::Connection* connection)
>+{
>+    ASSERT(isMainThread());
>+
>+    auto weakThis = m_weakPtrFactory.createWeakPtr(*this);
>+    // The following xpc event handler overwrites the boostrap event handler and is only used
>+    // to capture client certificate credential.
>+    xpc_connection_set_event_handler(connection->xpcConnection(), ^(xpc_object_t event) {
>+        ASSERT(isMainThread());
>+
>+        xpc_type_t type = xpc_get_type(event);
>+        if (type != XPC_TYPE_ERROR && weakThis) {
>+            ASSERT(type == XPC_TYPE_DICTIONARY);
>+            ASSERT(!strcmp(xpc_dictionary_get_string(event, "message-name"), "client-certificate-credential"));
>+
>+            auto challengeID = xpc_dictionary_get_uint64(event, "challenge-id");
>+
>+            SecIdentityRef identity = NULL;
>+            {
>+                auto endPoint = adoptNS([[NSXPCListenerEndpoint alloc] init]);
>+                [endPoint _setEndpoint:xpc_dictionary_get_value(event, "sec-key-proxy-endpoint")];
>+                NSError *error = nil;
>+                identity = [SecKeyProxy createIdentityFromEndpoint:endPoint.get() error:&error];
>+                auto retainError = adoptNS(error);
>+                if (error) {
>+                    weakThis->useCredentialForChallenge(challengeID, WebCore::Credential());
>+                    return;
>+                }
>+            }
>+
>+            NSMutableArray *certificates = nil;
>+            {
>+                auto certificateDataArray = xpc_dictionary_get_array(event, "certificates");
>+                auto total = xpc_array_get_count(certificateDataArray);
>+                if (total)
>+                    certificates = [NSMutableArray arrayWithCapacity:total];
>+                for (size_t i = 0; i < total; i++) {
>+                    auto certificateData = xpc_array_get_value(certificateDataArray, i);
>+                    auto cfData = adoptCF(CFDataCreate(NULL, reinterpret_cast<const UInt8*>(xpc_data_get_bytes_ptr(certificateData)), xpc_data_get_length(certificateData)));
>+                    auto certificate = SecCertificateCreateWithData(NULL, cfData.get());
>+                    [certificates addObject:(id)certificate];
>+                }
>+            }
>+
>+            auto persistence = xpc_dictionary_get_uint64(event, "persistence");
>+
>+            weakThis->useCredentialForChallenge(challengeID, WebCore::Credential(adoptNS([[NSURLCredential alloc] initWithIdentity:identity certificates:certificates persistence:(NSURLCredentialPersistence)persistence]).get()));
>+        }
>+    });
>+}
>+
>+} // namespace WebKit
>+
>+#endif
>diff --git a/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.cpp b/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.cpp
>index b9a137594e319d628ec95664edb6d4fdb217932c..eee367009cb252768812c358fce677fc21a07a6a 100644
>--- a/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.cpp
>+++ b/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.cpp
>@@ -29,6 +29,7 @@
> #include "AuthenticationDecisionListener.h"
> #include "AuthenticationManagerMessages.h"
> #include "ChildProcessProxy.h"
>+#include "SecKeyProxyStore.h"
> #include "WebCertificateInfo.h"
> #include "WebCoreArgumentCoders.h"
> #include "WebCredential.h"
>@@ -70,6 +71,17 @@ void AuthenticationChallengeProxy::useCredential(WebCredential* credential)
>         return;
>     }
> 
>+#if HAVE(SEC_KEY_PROXY)
>+    if (protectionSpace()->authenticationScheme() == WebCore::ProtectionSpaceAuthenticationSchemeClientCertificateRequested) {
>+        if (!m_secKeyProxyStore) {
>+            m_connection->send(Messages::AuthenticationManager::ContinueWithoutCredentialForChallenge(challengeID), 0);
>+            return;
>+        }
>+        m_secKeyProxyStore->initialize(credential->credential());
>+        sendClientCertificateCredentialOverXpc(challengeID, credential->credential());
>+        return;
>+    }
>+#endif
>     m_connection->send(Messages::AuthenticationManager::UseCredentialForChallenge(challengeID, credential->credential()), 0);
> }
> 
>@@ -119,4 +131,11 @@ WebProtectionSpace* AuthenticationChallengeProxy::protectionSpace() const
>     return m_webProtectionSpace.get();
> }
> 
>+#if HAVE(SEC_KEY_PROXY)
>+void AuthenticationChallengeProxy::setSecKeyProxyStore(SecKeyProxyStore& store)
>+{
>+    m_secKeyProxyStore = makeWeakPtr(store);
>+}
>+#endif
>+
> } // namespace WebKit
>diff --git a/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.h b/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.h
>index 0c5be5e446d875955dd982e52577a98852ad1abe..98fdf872a7684549288647037f9756545e064a63 100644
>--- a/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.h
>+++ b/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.h
>@@ -27,6 +27,7 @@
> 
> #include "APIObject.h"
> #include <WebCore/AuthenticationChallenge.h>
>+#include <wtf/WeakPtr.h>
> 
> namespace IPC {
> class Connection;
>@@ -36,6 +37,7 @@ namespace WebKit {
> 
> class AuthenticationDecisionListener;
> class ChildProcessProxy;
>+class SecKeyProxyStore;
> class WebCredential;
> class WebProtectionSpace;
> 
>@@ -59,15 +61,27 @@ public:
>     int previousFailureCount() const { return m_coreAuthenticationChallenge.previousFailureCount(); }
>     const WebCore::AuthenticationChallenge& core() { return m_coreAuthenticationChallenge; }
> 
>+#if HAVE(SEC_KEY_PROXY)
>+    void setSecKeyProxyStore(SecKeyProxyStore&);
>+#endif
>+
> private:
>     AuthenticationChallengeProxy(WebCore::AuthenticationChallenge&&, uint64_t challengeID, IPC::Connection*);
> 
>+#if HAVE(SEC_KEY_PROXY)
>+    void sendClientCertificateCredentialOverXpc(uint64_t challengeID, const WebCore::Credential&) const;
>+#endif
>+
>     WebCore::AuthenticationChallenge m_coreAuthenticationChallenge;
>     uint64_t m_challengeID;
>     RefPtr<IPC::Connection> m_connection;
>     RefPtr<AuthenticationDecisionListener> m_listener;
>     mutable RefPtr<WebCredential> m_webCredential;
>     mutable RefPtr<WebProtectionSpace> m_webProtectionSpace;
>+
>+#if HAVE(SEC_KEY_PROXY)
>+    WeakPtr<SecKeyProxyStore> m_secKeyProxyStore;
>+#endif
> };
> 
> } // namespace WebKit
>diff --git a/Source/WebKit/UIProcess/Authentication/cocoa/AuthenticationChallengeProxyCocoa.mm b/Source/WebKit/UIProcess/Authentication/cocoa/AuthenticationChallengeProxyCocoa.mm
>new file mode 100644
>index 0000000000000000000000000000000000000000..354344bcbb745a766871164fde6093ebcbcd55da
>--- /dev/null
>+++ b/Source/WebKit/UIProcess/Authentication/cocoa/AuthenticationChallengeProxyCocoa.mm
>@@ -0,0 +1,60 @@
>+/*
>+ * Copyright (C) 2018 Apple Inc. All rights reserved.
>+ *
>+ * Redistribution and use in source and binary forms, with or without
>+ * modification, are permitted provided that the following conditions
>+ * are met:
>+ * 1. Redistributions of source code must retain the above copyright
>+ *    notice, this list of conditions and the following disclaimer.
>+ * 2. Redistributions in binary form must reproduce the above copyright
>+ *    notice, this list of conditions and the following disclaimer in the
>+ *    documentation and/or other materials provided with the distribution.
>+ *
>+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
>+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
>+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
>+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
>+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
>+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
>+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
>+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
>+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
>+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
>+ * THE POSSIBILITY OF SUCH DAMAGE.
>+ */
>+
>+#import "config.h"
>+#import "AuthenticationChallengeProxy.h"
>+
>+#if HAVE(SEC_KEY_PROXY)
>+
>+#import "Connection.h"
>+#import "SecKeyProxyStore.h"
>+#import <pal/spi/cocoa/NSXPCConnectionSPI.h>
>+#import <pal/spi/cocoa/SecKeyProxySPI.h>
>+
>+namespace WebKit {
>+
>+void AuthenticationChallengeProxy::sendClientCertificateCredentialOverXpc(uint64_t challengeID, const WebCore::Credential& credential) const
>+{
>+    ASSERT(m_secKeyProxyStore);
>+    ASSERT(m_secKeyProxyStore->isInitialized());
>+
>+    auto message = adoptOSObject(xpc_dictionary_create(nullptr, nullptr, 0));
>+    xpc_dictionary_set_string(message.get(), "message-name", "client-certificate-credential");
>+    xpc_dictionary_set_uint64(message.get(), "challenge-id", challengeID);
>+    xpc_dictionary_set_value(message.get(), "sec-key-proxy-endpoint", m_secKeyProxyStore->get().endpoint._endpoint);
>+    auto certificateDataArray = adoptOSObject(xpc_array_create(nullptr, 0));
>+    for (id certificate in credential.nsCredential().certificates) {
>+        auto data = adoptCF(SecCertificateCopyData((SecCertificateRef)certificate));
>+        xpc_array_append_value(certificateDataArray.get(), adoptOSObject(xpc_data_create(CFDataGetBytePtr(data.get()), CFDataGetLength(data.get()))).get());
>+    }
>+    xpc_dictionary_set_value(message.get(), "certificates", certificateDataArray.get());
>+    xpc_dictionary_set_uint64(message.get(), "persistence", static_cast<uint64_t>(credential.nsCredential().persistence));
>+
>+    xpc_connection_send_message(m_connection->xpcConnection(), message.get());
>+}
>+
>+} // namespace WebKit
>+
>+#endif
>diff --git a/Source/WebKit/UIProcess/Authentication/cocoa/SecKeyProxyStore.h b/Source/WebKit/UIProcess/Authentication/cocoa/SecKeyProxyStore.h
>new file mode 100644
>index 0000000000000000000000000000000000000000..29d38a175ffe4ec53558bbb3ecae8e63cfc65135
>--- /dev/null
>+++ b/Source/WebKit/UIProcess/Authentication/cocoa/SecKeyProxyStore.h
>@@ -0,0 +1,61 @@
>+/*
>+ * Copyright (C) 2018 Apple Inc. All rights reserved.
>+ *
>+ * Redistribution and use in source and binary forms, with or without
>+ * modification, are permitted provided that the following conditions
>+ * are met:
>+ * 1. Redistributions of source code must retain the above copyright
>+ *    notice, this list of conditions and the following disclaimer.
>+ * 2. Redistributions in binary form must reproduce the above copyright
>+ *    notice, this list of conditions and the following disclaimer in the
>+ *    documentation and/or other materials provided with the distribution.
>+ *
>+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
>+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
>+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
>+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
>+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
>+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
>+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
>+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
>+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
>+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
>+ * THE POSSIBILITY OF SUCH DAMAGE.
>+ */
>+
>+#pragma once
>+
>+#if HAVE(SEC_KEY_PROXY)
>+
>+#include <wtf/RefCounted.h>
>+#include <wtf/RetainPtr.h>
>+#include <wtf/WeakPtr.h>
>+
>+OBJC_CLASS SecKeyProxy;
>+
>+namespace WebCore {
>+class Credential;
>+}
>+
>+namespace WebKit {
>+
>+class SecKeyProxyStore : public RefCounted<SecKeyProxyStore> {
>+public:
>+    static Ref<SecKeyProxyStore> create() { return adoptRef(* new SecKeyProxyStore()); }
>+
>+    void initialize(const WebCore::Credential&);
>+    bool isInitialized() const { return !!m_secKeyProxy; }
>+
>+    auto* get() const { return m_secKeyProxy.get(); }
>+    auto& weakPtrFactory() const { return m_weakPtrFactory; }
>+
>+private:
>+    SecKeyProxyStore() = default;
>+
>+    WeakPtrFactory<SecKeyProxyStore> m_weakPtrFactory;
>+    RetainPtr<SecKeyProxy> m_secKeyProxy;
>+};
>+
>+} // namespace WebKit
>+
>+#endif // HAVE(SEC_KEY_PROXY)
>diff --git a/Source/WebKit/UIProcess/Authentication/cocoa/SecKeyProxyStore.mm b/Source/WebKit/UIProcess/Authentication/cocoa/SecKeyProxyStore.mm
>new file mode 100644
>index 0000000000000000000000000000000000000000..090d5212adb1cda802fe1ec2e6413233629621fd
>--- /dev/null
>+++ b/Source/WebKit/UIProcess/Authentication/cocoa/SecKeyProxyStore.mm
>@@ -0,0 +1,44 @@
>+/*
>+ * Copyright (C) 2018 Apple Inc. All rights reserved.
>+ *
>+ * Redistribution and use in source and binary forms, with or without
>+ * modification, are permitted provided that the following conditions
>+ * are met:
>+ * 1. Redistributions of source code must retain the above copyright
>+ *    notice, this list of conditions and the following disclaimer.
>+ * 2. Redistributions in binary form must reproduce the above copyright
>+ *    notice, this list of conditions and the following disclaimer in the
>+ *    documentation and/or other materials provided with the distribution.
>+ *
>+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
>+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
>+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
>+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
>+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
>+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
>+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
>+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
>+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
>+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
>+ * THE POSSIBILITY OF SUCH DAMAGE.
>+ */
>+
>+#import "config.h"
>+#import "SecKeyProxyStore.h"
>+
>+#if HAVE(SEC_KEY_PROXY)
>+
>+#import <WebCore/Credential.h>
>+#import <pal/spi/cocoa/SecKeyProxySPI.h>
>+
>+namespace WebKit {
>+
>+void SecKeyProxyStore::initialize(const WebCore::Credential& credential)
>+{
>+    if (!credential.isEmpty() && credential.nsCredential().identity)
>+        m_secKeyProxy = adoptNS([[SecKeyProxy alloc] initWithIdentity:credential.nsCredential().identity]);
>+}
>+
>+} // namespace WebKit
>+
>+#endif // HAVE(SEC_KEY_PROXY)
>diff --git a/Source/WebKit/UIProcess/WebPageProxy.cpp b/Source/WebKit/UIProcess/WebPageProxy.cpp
>index cde1000c4edb846700f0915fe8a28013eb7fca63..615574ab7965a86e678d01ffd2c4fb17c9104e80 100644
>--- a/Source/WebKit/UIProcess/WebPageProxy.cpp
>+++ b/Source/WebKit/UIProcess/WebPageProxy.cpp
>@@ -75,6 +75,7 @@
> #include "PluginInformation.h"
> #include "PluginProcessManager.h"
> #include "PrintInfo.h"
>+#include "SecKeyProxyStore.h"
> #include "TextChecker.h"
> #include "TextCheckerState.h"
> #include "UIMessagePortChannelProvider.h"
>@@ -6200,6 +6201,15 @@ void WebPageProxy::didReceiveAuthenticationChallengeProxy(uint64_t frameID, Ref<
>     WebFrameProxy* frame = m_process->webFrame(frameID);
>     MESSAGE_CHECK(frame);
> 
>+#if HAVE(SEC_KEY_PROXY)
>+    ASSERT(authenticationChallenge->protectionSpace());
>+    if (authenticationChallenge->protectionSpace()->authenticationScheme() == ProtectionSpaceAuthenticationSchemeClientCertificateRequested) {
>+        auto secKeyProxyStore = SecKeyProxyStore::create();
>+        authenticationChallenge->setSecKeyProxyStore(secKeyProxyStore);
>+        m_websiteDataStore->addSecKeyProxyStore(WTFMove(secKeyProxyStore));
>+    }
>+#endif
>+
>     if (m_navigationClient)
>         m_navigationClient->didReceiveAuthenticationChallenge(*this, authenticationChallenge.get());
>     else
>diff --git a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp
>index 0db39b498edb0ed1e9b4881c2d5d8977029a04ea..4c2ed5575688eb4b8233289a50c5c8fbdd7c94d8 100644
>--- a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp
>+++ b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp
>@@ -30,6 +30,7 @@
> #include "APIWebsiteDataRecord.h"
> #include "APIWebsiteDataStore.h"
> #include "NetworkProcessMessages.h"
>+#include "SecKeyProxyStore.h"
> #include "StorageManager.h"
> #include "StorageProcessCreationParameters.h"
> #include "WebCookieManagerProxy.h"
>@@ -1539,4 +1540,11 @@ WebsiteDataStoreParameters WebsiteDataStore::parameters()
> }
> #endif
> 
>+#if HAVE(SEC_KEY_PROXY)
>+void WebsiteDataStore::addSecKeyProxyStore(RefPtr<SecKeyProxyStore>&& store)
>+{
>+    m_secKeyProxyStores.append(WTFMove(store));
>+}
>+#endif
>+
> }
>diff --git a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h
>index aecdacaae360e054803ba02fb7ef9b52cbea9780..58d05991734f96b2c42b09b92c0e905b13efbf0d 100644
>--- a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h
>+++ b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h
>@@ -50,6 +50,7 @@ class SecurityOrigin;
> 
> namespace WebKit {
> 
>+class SecKeyProxyStore;
> class StorageManager;
> class WebPageProxy;
> class WebProcessPool;
>@@ -177,6 +178,10 @@ public:
>     
>     static void allowWebsiteDataRecordsForAllOrigins();
> 
>+#if HAVE(SEC_KEY_PROXY)
>+    void addSecKeyProxyStore(RefPtr<SecKeyProxyStore>&&);
>+#endif
>+
> private:
>     explicit WebsiteDataStore(PAL::SessionID);
>     explicit WebsiteDataStore(Configuration, PAL::SessionID);
>@@ -228,6 +233,10 @@ private:
>     
>     String m_boundInterfaceIdentifier;
>     AllowsCellularAccess m_allowsCellularAccess { AllowsCellularAccess::Yes };
>+
>+#if HAVE(SEC_KEY_PROXY)
>+    Vector<RefPtr<SecKeyProxyStore>> m_secKeyProxyStores;
>+#endif
> };
> 
> }
>diff --git a/Source/WebKit/WebKit.xcodeproj/project.pbxproj b/Source/WebKit/WebKit.xcodeproj/project.pbxproj
>index f175622fb5e495fe8980a7462b83613af3a359d4..f2d3c15a36c29e81594851655a16b10a8aeee502 100644
>--- a/Source/WebKit/WebKit.xcodeproj/project.pbxproj
>+++ b/Source/WebKit/WebKit.xcodeproj/project.pbxproj
>@@ -1218,6 +1218,10 @@
> 		53BA47D01DC2EF5E004DF4AD /* NetworkDataTaskBlob.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 539EB5461DC2EE40009D48CF /* NetworkDataTaskBlob.cpp */; };
> 		53BA47D11DC2EF5E004DF4AD /* NetworkDataTaskBlob.h in Headers */ = {isa = PBXBuildFile; fileRef = 539EB5471DC2EE40009D48CF /* NetworkDataTaskBlob.h */; };
> 		53DEA3661DDE423100E82648 /* json.hpp in Headers */ = {isa = PBXBuildFile; fileRef = 53DEA3651DDE422E00E82648 /* json.hpp */; };
>+		570AB8F320AE3BD700B8BE87 /* SecKeyProxyStore.h in Headers */ = {isa = PBXBuildFile; fileRef = 570AB8F220AE3BD700B8BE87 /* SecKeyProxyStore.h */; };
>+		570AB8FE20AF898700B8BE87 /* AuthenticationManagerCocoa.mm in Sources */ = {isa = PBXBuildFile; fileRef = 570AB8FC20AF898700B8BE87 /* AuthenticationManagerCocoa.mm */; };
>+		570AB90220B2517400B8BE87 /* AuthenticationChallengeProxyCocoa.mm in Sources */ = {isa = PBXBuildFile; fileRef = 570AB90020B2517400B8BE87 /* AuthenticationChallengeProxyCocoa.mm */; };
>+		570AB90420B2541D00B8BE87 /* SecKeyProxyStore.mm in Sources */ = {isa = PBXBuildFile; fileRef = 570AB90320B2541C00B8BE87 /* SecKeyProxyStore.mm */; };
> 		575075A820AB8DE100693EA9 /* WebCredentialMac.mm in Sources */ = {isa = PBXBuildFile; fileRef = 575075A720AB763600693EA9 /* WebCredentialMac.mm */; };
> 		5760828E2029895E00116678 /* WebCredentialsMessenger.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5760828C2029854200116678 /* WebCredentialsMessenger.cpp */; };
> 		57608298202BD8BA00116678 /* WebCredentialsMessengerProxy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 57608296202BD8BA00116678 /* WebCredentialsMessengerProxy.cpp */; };
>@@ -3658,6 +3662,10 @@
> 		539EB5471DC2EE40009D48CF /* NetworkDataTaskBlob.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = NetworkDataTaskBlob.h; path = NetworkProcess/NetworkDataTaskBlob.h; sourceTree = "<group>"; };
> 		53DEA3651DDE422E00E82648 /* json.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; name = json.hpp; path = NetworkProcess/capture/json.hpp; sourceTree = "<group>"; };
> 		53F3CAA5206C443E0086490E /* NetworkActivityTracker.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = NetworkActivityTracker.cpp; path = NetworkProcess/NetworkActivityTracker.cpp; sourceTree = "<group>"; };
>+		570AB8F220AE3BD700B8BE87 /* SecKeyProxyStore.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecKeyProxyStore.h; sourceTree = "<group>"; };
>+		570AB8FC20AF898700B8BE87 /* AuthenticationManagerCocoa.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = AuthenticationManagerCocoa.mm; sourceTree = "<group>"; };
>+		570AB90020B2517400B8BE87 /* AuthenticationChallengeProxyCocoa.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = AuthenticationChallengeProxyCocoa.mm; sourceTree = "<group>"; };
>+		570AB90320B2541C00B8BE87 /* SecKeyProxyStore.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = SecKeyProxyStore.mm; sourceTree = "<group>"; };
> 		575075A720AB763600693EA9 /* WebCredentialMac.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = WebCredentialMac.mm; sourceTree = "<group>"; };
> 		5750F32A2032D4E500389347 /* LocalAuthentication.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = LocalAuthentication.framework; path = System/Library/Frameworks/LocalAuthentication.framework; sourceTree = SDKROOT; };
> 		5760828B2029854200116678 /* WebCredentialsMessenger.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WebCredentialsMessenger.h; sourceTree = "<group>"; };
>@@ -6527,6 +6535,7 @@
> 		512F588D12A8836F00629530 /* Authentication */ = {
> 			isa = PBXGroup;
> 			children = (
>+				570AB8F620AE81AB00B8BE87 /* cocoa */,
> 				575075A620AB75AB00693EA9 /* mac */,
> 				512F588E12A8838800629530 /* AuthenticationChallengeProxy.cpp */,
> 				512F588F12A8838800629530 /* AuthenticationChallengeProxy.h */,
>@@ -6627,6 +6636,7 @@
> 		518E8EF116B208F000E91429 /* Authentication */ = {
> 			isa = PBXGroup;
> 			children = (
>+				570AB8FA20AF894900B8BE87 /* cocoa */,
> 				518E8EF316B2091C00E91429 /* AuthenticationManager.cpp */,
> 				518E8EF416B2091C00E91429 /* AuthenticationManager.h */,
> 				518E8EF516B2091C00E91429 /* AuthenticationManager.messages.in */,
>@@ -6753,6 +6763,24 @@
> 			name = capture;
> 			sourceTree = "<group>";
> 		};
>+		570AB8F620AE81AB00B8BE87 /* cocoa */ = {
>+			isa = PBXGroup;
>+			children = (
>+				570AB90020B2517400B8BE87 /* AuthenticationChallengeProxyCocoa.mm */,
>+				570AB8F220AE3BD700B8BE87 /* SecKeyProxyStore.h */,
>+				570AB90320B2541C00B8BE87 /* SecKeyProxyStore.mm */,
>+			);
>+			path = cocoa;
>+			sourceTree = "<group>";
>+		};
>+		570AB8FA20AF894900B8BE87 /* cocoa */ = {
>+			isa = PBXGroup;
>+			children = (
>+				570AB8FC20AF898700B8BE87 /* AuthenticationManagerCocoa.mm */,
>+			);
>+			name = cocoa;
>+			sourceTree = "<group>";
>+		};
> 		575075A620AB75AB00693EA9 /* mac */ = {
> 			isa = PBXGroup;
> 			children = (
>@@ -9155,6 +9183,7 @@
> 				511F8A7B138B460900A95F44 /* SecItemShimLibrary.h in Headers */,
> 				E18E690C169B563F009B6670 /* SecItemShimProxy.h in Headers */,
> 				E18E6918169B667B009B6670 /* SecItemShimProxyMessages.h in Headers */,
>+				570AB8F320AE3BD700B8BE87 /* SecKeyProxyStore.h in Headers */,
> 				514D9F5719119D35000063A7 /* ServicesController.h in Headers */,
> 				414DEDD71F9EDDE50047C40D /* ServiceWorkerProcessProxy.h in Headers */,
> 				1AFDE65A1954A42B00C48FFA /* SessionState.h in Headers */,
>@@ -10507,8 +10536,10 @@
> 				BCEE966C112FAF57006BCC24 /* Attachment.cpp in Sources */,
> 				E1A31735134CEA80007C9A4F /* AttributedString.mm in Sources */,
> 				512F589612A8838800629530 /* AuthenticationChallengeProxy.cpp in Sources */,
>+				570AB90220B2517400B8BE87 /* AuthenticationChallengeProxyCocoa.mm in Sources */,
> 				512F589812A8838800629530 /* AuthenticationDecisionListener.cpp in Sources */,
> 				518E8EF816B2091C00E91429 /* AuthenticationManager.cpp in Sources */,
>+				570AB8FE20AF898700B8BE87 /* AuthenticationManagerCocoa.mm in Sources */,
> 				512F58A212A883AD00629530 /* AuthenticationManagerMessageReceiver.cpp in Sources */,
> 				9955A6F41C7986DC00EB6A93 /* AutomationBackendDispatchers.cpp in Sources */,
> 				99C81D591C20E1E5005C4C82 /* AutomationClient.mm in Sources */,
>@@ -10833,6 +10864,7 @@
> 				E179088D169BAA62006904C7 /* SecItemShim.cpp in Sources */,
> 				E18E690B169B563F009B6670 /* SecItemShimProxy.cpp in Sources */,
> 				E18E6917169B667B009B6670 /* SecItemShimProxyMessageReceiver.cpp in Sources */,
>+				570AB90420B2541D00B8BE87 /* SecKeyProxyStore.mm in Sources */,
> 				514D9F5819119D35000063A7 /* ServicesController.mm in Sources */,
> 				4131F3D11F96BCCC0059995A /* ServiceWorkerClientFetch.cpp in Sources */,
> 				617A52D81F43A9DA00DCDC0A /* ServiceWorkerClientFetchMessageReceiver.cpp in Sources */,

Actions: View | Formatted Diff | Diff

Attachments on bug 185848: 340928 | 341009 | 341047 | 341058 | 341144