WebKit Bugzilla
Attachment 340928 Details for
Bug 185848
: Adopt SecKeyProxy SPI in certificate based challenge response code
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-185848-20180521171601.patch (text/plain), 43.91 KB, created by
Jiewen Tan
on 2018-05-21 17:16:02 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Jiewen Tan
Created:
2018-05-21 17:16:02 PDT
Size:
43.91 KB
patch
obsolete
>Subversion Revision: 231917 >diff --git a/Source/WTF/ChangeLog b/Source/WTF/ChangeLog >index fa290f04f914c02cb356c1b31a0500767546bea3..1e328ac7f82eae00fe90ee61f0ce5802daaf81f2 100644 >--- a/Source/WTF/ChangeLog >+++ b/Source/WTF/ChangeLog >@@ -1,3 +1,15 @@ >+2018-05-21 Jiewen Tan <jiewen_tan@apple.com> >+ >+ Adopt SecKeyProxy SPI in certificate based challenge response code >+ https://bugs.webkit.org/show_bug.cgi?id=185848 >+ <rdar://problem/34586181> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Add a condition macro to determine if SecKeyProxy SPI exists. >+ >+ * wtf/Platform.h: >+ > 2018-05-17 Jiewen Tan <jiewen_tan@apple.com> > > Convert CertificateInfo into Credential in UI Process instead of Networking Process >diff --git a/Source/WebCore/PAL/ChangeLog b/Source/WebCore/PAL/ChangeLog >index 0b97a9b9e84962e6d9b2e8126bdca13efe8858d2..6205c6a18e008c78157e7f47e71288b0229f3e5d 100644 >--- a/Source/WebCore/PAL/ChangeLog >+++ b/Source/WebCore/PAL/ChangeLog >@@ -1,3 +1,17 @@ >+2018-05-21 Jiewen Tan <jiewen_tan@apple.com> >+ >+ Adopt SecKeyProxy SPI in certificate based challenge response code >+ https://bugs.webkit.org/show_bug.cgi?id=185848 >+ <rdar://problem/34586181> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Add SPIs to support SecKeyProxy and convert xpc_endpoint_t to NSXPCListenerEndpoint vice versa. >+ >+ * PAL.xcodeproj/project.pbxproj: >+ * pal/spi/cocoa/NSXPCConnectionSPI.h: Added. >+ * pal/spi/cocoa/SecKeyProxySPI.h: Added. >+ > 2018-05-16 Andy VanWagoner <andy@vanwagoner.family> > > Add support for Intl NumberFormat formatToParts >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index f996e971c73784d0c99f24262e4e83031a62e6de..c8b4b2b280c63b1dffe7d665dc672dd9cede08bc 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,59 @@ >+2018-05-21 Jiewen Tan <jiewen_tan@apple.com> >+ >+ Adopt SecKeyProxy SPI in certificate based challenge response code >+ https://bugs.webkit.org/show_bug.cgi?id=185848 >+ <rdar://problem/34586181> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ This patch adopts SecKeyProxy SPI in HTTPS client certificate authentication code. >+ 1) SecKeyProxy is a new SPI to relay crypto operations from one process to another. The owner process of the proxy >+ will behave like a server, and other owners of the SecKeys created from the proxy's endpoints will then behave >+ like clients. This client-server model allows more restricted sandbox for client processes, and meanwhile permits >+ them to relay crypto operations to the server process while maintaining the same SecKey interfaces alike local operations. >+ 2) Because of the client-server model, the server process, i.e. the UI Process in our case, needs to keep the proxy >+ object alive long enough for the client process, i.e. Network Processes in our case, to finish all operations, and destroys >+ the proxy object afterwards. The ideal place to hold such a proxy is WebsiteDataStore such that proxies could live with the >+ corresponding network session. >+ 3) A new class called SecKeyProxyStore is then created to bind the lifetime of SecKeyProxy to the WebsiteDataStore while initializes >+ it correctly. The time while the authentication process reaches WebPageProxy::didReceiveAuthenticationChallengeProxy where we have >+ accesses to the WebsiteDataStore, we haven't yet be able to determine the Credential to authenticate the challenge. Therefore, we >+ have to reserve a place in the WebsiteDataStore ahead and then fill it with the right Credential. That's why SecKeyProxyStore exists. >+ In WebPageProxy::didReceiveAuthenticationChallengeProxy, we create a strong reference of SecKeyProxyStore which will eventually hold >+ a strong reference of the SecKeyProxy, and move it to the WebsiteDataStore. And then we create a weak reference of SecKeyProxyStore >+ and move it to the AuthenticationChallenge. Such that we indirectly bind the lifetime of SecKeyProxy to the WebsiteDataStore through >+ the strong reference and also we can initialize the proxy through the weak reference while a credential is finally determined. >+ 4) Endpoints of the SecKeyProxy will be passed to the Network Process for creating the 'remote' SecKey. However, those endpoints are >+ of NSXPCListenerEndpoint type, which can only be passed with xpc connections and are not compatible with our IPC mechanism. In order >+ to pass endpoints around, this patch reuses the xpc connection that is used to bootstrap Network Processes from the UI Process. To do >+ so, it sends xpc messages at the palace where original IPC messages are sent and overwrites the boostrap listener of the xpc connection >+ when Network Process is initialized. From the listener, it continues the original authentication code path. >+ 5) Tests, again, are manually covered by tlstestwebkit.org. Noted, the prompting Keychain dialog in macOS should say Safari instead of >+ "com.apple.WebKit.Networking*" now. >+ >+ * Shared/Authentication/AuthenticationManager.h: >+ * Shared/AuthenticationManagerCocoa.mm: Added. >+ (WebKit::AuthenticationManager::initializeConnection): >+ * UIProcess/Authentication/AuthenticationChallengeProxy.cpp: >+ (WebKit::AuthenticationChallengeProxy::useCredential): >+ (WebKit::AuthenticationChallengeProxy::setSecKeyProxyStore): >+ * UIProcess/Authentication/AuthenticationChallengeProxy.h: >+ * UIProcess/Authentication/cocoa/AuthenticationChallengeProxyCocoa.mm: Added. >+ (WebKit::AuthenticationChallengeProxy::sendClientCertificateCredentialOverXpc const): >+ * UIProcess/Authentication/cocoa/SecKeyProxyStore.h: Added. >+ (WebKit::SecKeyProxyStore::create): >+ (WebKit::SecKeyProxyStore::isInitialized const): >+ (WebKit::SecKeyProxyStore::get const): >+ (WebKit::SecKeyProxyStore::weakPtrFactory const): >+ * UIProcess/Authentication/cocoa/SecKeyProxyStore.mm: Added. >+ (WebKit::SecKeyProxyStore::initialize): >+ * UIProcess/WebPageProxy.cpp: >+ (WebKit::WebPageProxy::didReceiveAuthenticationChallengeProxy): >+ * UIProcess/WebsiteData/WebsiteDataStore.cpp: >+ (WebKit::WebsiteDataStore::addSecKeyProxyStore): >+ * UIProcess/WebsiteData/WebsiteDataStore.h: >+ * WebKit.xcodeproj/project.pbxproj: >+ > 2018-05-17 Carlos Alberto Lopez Perez <clopez@igalia.com> > > [WPE] Implement and enable FULLSCREEN_API >diff --git a/Source/WTF/wtf/Platform.h b/Source/WTF/wtf/Platform.h >index 0fa30bebd83202faca01ad94e8e230ead1f8dc45..23d5bae9804d25fbb9962dfd7f840f67e629b7e0 100644 >--- a/Source/WTF/wtf/Platform.h >+++ b/Source/WTF/wtf/Platform.h >@@ -1319,6 +1319,7 @@ > > #if (PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 120000) || (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400) > #define ENABLE_ACCESSIBILITY_EVENTS 1 >+#define HAVE_SEC_KEY_PROXY 1 > #endif > > #endif /* WTF_Platform_h */ >diff --git a/Source/WebCore/PAL/PAL.xcodeproj/project.pbxproj b/Source/WebCore/PAL/PAL.xcodeproj/project.pbxproj >index 6f9e744a4a9c233fdd1f81c155b3f3b52831110d..8109bf5ace3b831ef191f4d3dd27f6c5596a4859 100644 >--- a/Source/WebCore/PAL/PAL.xcodeproj/project.pbxproj >+++ b/Source/WebCore/PAL/PAL.xcodeproj/project.pbxproj >@@ -108,6 +108,8 @@ > 1C4876E01F8D837500CCEEBD /* LoggingCocoa.mm in Sources */ = {isa = PBXBuildFile; fileRef = 1C4876DF1F8D837500CCEEBD /* LoggingCocoa.mm */; }; > 2D02E93C2056FAA700A13797 /* AudioToolboxSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 2D02E93B2056FAA700A13797 /* AudioToolboxSPI.h */; }; > 31308B1420A21705003FB929 /* SystemPreviewSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 31308B1320A21705003FB929 /* SystemPreviewSPI.h */; }; >+ 570AB8F120AE2E8D00B8BE87 /* SecKeyProxySPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 570AB8F020AE2E8D00B8BE87 /* SecKeyProxySPI.h */; }; >+ 570AB8F920AF6E3D00B8BE87 /* NSXPCConnectionSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 570AB8F820AF6E3D00B8BE87 /* NSXPCConnectionSPI.h */; }; > 57F12518205787D7001AB8A6 /* DeviceIdentitySPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 57F12517205787C8001AB8A6 /* DeviceIdentitySPI.h */; }; > 7A1656441F97B2B900BA3CE4 /* NSKeyedArchiverSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 7A1656431F97B2B800BA3CE4 /* NSKeyedArchiverSPI.h */; }; > A10265871F56746100B4C844 /* FoundationSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = A10265861F56746100B4C844 /* FoundationSPI.h */; }; >@@ -255,6 +257,8 @@ > 1C67CEA21E32EE2600F80F2E /* Version.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = Version.xcconfig; sourceTree = "<group>"; }; > 2D02E93B2056FAA700A13797 /* AudioToolboxSPI.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AudioToolboxSPI.h; sourceTree = "<group>"; }; > 31308B1320A21705003FB929 /* SystemPreviewSPI.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SystemPreviewSPI.h; sourceTree = "<group>"; }; >+ 570AB8F020AE2E8D00B8BE87 /* SecKeyProxySPI.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecKeyProxySPI.h; sourceTree = "<group>"; }; >+ 570AB8F820AF6E3D00B8BE87 /* NSXPCConnectionSPI.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = NSXPCConnectionSPI.h; sourceTree = "<group>"; }; > 57F12517205787C8001AB8A6 /* DeviceIdentitySPI.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = DeviceIdentitySPI.h; sourceTree = "<group>"; }; > 7A1656431F97B2B800BA3CE4 /* NSKeyedArchiverSPI.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NSKeyedArchiverSPI.h; sourceTree = "<group>"; }; > 93E5909C1F93BF1E0067F8CF /* UnencodableHandling.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = UnencodableHandling.h; sourceTree = "<group>"; }; >@@ -383,9 +387,11 @@ > 0C2DA1361F3BEB4900DBC317 /* NSURLConnectionSPI.h */, > 0C2DA1371F3BEB4900DBC317 /* NSURLDownloadSPI.h */, > 0C2DA1381F3BEB4900DBC317 /* NSURLFileTypeMappingsSPI.h */, >+ 570AB8F820AF6E3D00B8BE87 /* NSXPCConnectionSPI.h */, > 0C2DA1391F3BEB4900DBC317 /* PassKitSPI.h */, > 0C2DA13A1F3BEB4900DBC317 /* pthreadSPI.h */, > 0C2DA13B1F3BEB4900DBC317 /* QuartzCoreSPI.h */, >+ 570AB8F020AE2E8D00B8BE87 /* SecKeyProxySPI.h */, > 0C2DA13C1F3BEB4900DBC317 /* ServersSPI.h */, > 0C2DA12B1F3BEB4900DBC317 /* URLFormattingSPI.h */, > 0C2DA13D1F3BEB4900DBC317 /* WebFilterEvaluatorSPI.h */, >@@ -691,6 +697,7 @@ > 0C2DA1541F3BEB4900DBC317 /* NSURLFileTypeMappingsSPI.h in Headers */, > 0C77859C1F45130F00F4EBB6 /* NSViewSPI.h in Headers */, > 0C77859D1F45130F00F4EBB6 /* NSWindowSPI.h in Headers */, >+ 570AB8F920AF6E3D00B8BE87 /* NSXPCConnectionSPI.h in Headers */, > 0C5AF91F1F43A4C7002EAC02 /* OpenGLESSPI.h in Headers */, > 0C2DA1551F3BEB4900DBC317 /* PassKitSPI.h in Headers */, > 0C77859E1F45130F00F4EBB6 /* PIPSPI.h in Headers */, >@@ -701,6 +708,7 @@ > A102658B1F56748C00B4C844 /* QuickDrawSPI.h in Headers */, > 0C7785A01F45130F00F4EBB6 /* QuickLookMacSPI.h in Headers */, > 0C5AF9201F43A4C7002EAC02 /* QuickLookSPI.h in Headers */, >+ 570AB8F120AE2E8D00B8BE87 /* SecKeyProxySPI.h in Headers */, > 0C2DA1581F3BEB4900DBC317 /* ServersSPI.h in Headers */, > A3C66CDD1F462D6A009E6EE9 /* SessionID.h in Headers */, > A3AB6E561F3D1DDB009C14B1 /* SleepDisabler.h in Headers */, >diff --git a/Source/WebCore/PAL/pal/spi/cocoa/NSXPCConnectionSPI.h b/Source/WebCore/PAL/pal/spi/cocoa/NSXPCConnectionSPI.h >new file mode 100644 >index 0000000000000000000000000000000000000000..0b62a364aecb0b76d4548b52b4122533d02ff123 >--- /dev/null >+++ b/Source/WebCore/PAL/pal/spi/cocoa/NSXPCConnectionSPI.h >@@ -0,0 +1,46 @@ >+/* >+ * Copyright (C) 2018 Apple Inc. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' >+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, >+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS >+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR >+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF >+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS >+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN >+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) >+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF >+ * THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#pragma once >+ >+#if USE(APPLE_INTERNAL_SDK) >+ >+#import <Foundation/NSXPCConnection_Private.h> >+ >+#else >+ >+#import <Foundation/NSXPCConnection.h> >+#import <xpc/xpc.h> >+ >+NS_ASSUME_NONNULL_BEGIN >+ >+@interface NSXPCListenerEndpoint (NSPrivate) >+- (xpc_endpoint_t)_endpoint API_AVAILABLE(macos(10.8), ios(6.0), watchos(2.0), tvos(9.0)); >+- (void)_setEndpoint:(xpc_endpoint_t)endpoint API_AVAILABLE(macos(10.9), ios(7.0), watchos(2.0), tvos(9.0)); >+@end >+ >+NS_ASSUME_NONNULL_END >+ >+#endif // USE(APPLE_INTERNAL_SDK) >diff --git a/Source/WebCore/PAL/pal/spi/cocoa/SecKeyProxySPI.h b/Source/WebCore/PAL/pal/spi/cocoa/SecKeyProxySPI.h >new file mode 100644 >index 0000000000000000000000000000000000000000..85b2837e259105db4dda97ada44a7729f4417640 >--- /dev/null >+++ b/Source/WebCore/PAL/pal/spi/cocoa/SecKeyProxySPI.h >@@ -0,0 +1,62 @@ >+/* >+ * Copyright (C) 2018 Apple Inc. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' >+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, >+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS >+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR >+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF >+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS >+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN >+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) >+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF >+ * THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#pragma once >+ >+#if HAVE(SEC_KEY_PROXY) >+ >+#if USE(APPLE_INTERNAL_SDK) >+ >+#import <Security/SecKeyProxy.h> >+ >+#else >+ >+#import <Foundation/Foundation.h> >+#include <Security/SecBase.h> >+#include <Security/SecKey.h> >+ >+NS_ASSUME_NONNULL_BEGIN >+@interface SecKeyProxy : NSObject { >+@private >+ id _key; >+ NSData * _Nullable _certificate; >+ NSXPCListener *_listener; >+} >+// Creates new proxy instance. Proxy holds reference to the target key or identity and allows remote access to that target key as long as the proxy instance is kept alive. >+- (instancetype)initWithKey:(SecKeyRef)key; >+- (instancetype)initWithIdentity:(SecIdentityRef)identity; >+// Retrieve endpoint to this proxy instance. Endpoint can be transferred over NSXPCConnection and passed to +[createKeyFromEndpoint:error:] method. >+@property (readonly, nonatomic) NSXPCListenerEndpoint *endpoint; >+// Invalidates all connections to this proxy. >+- (void)invalidate; >+// Creates new SecKey/SecIdentity object which forwards all operations to the target SecKey identified by endpoint. Returned SecKeyRef can be used as long as target SecKeyProxy instance is kept alive. >++ (nullable SecKeyRef)createKeyFromEndpoint:(NSXPCListenerEndpoint *)endpoint error:(NSError **)error; >++ (nullable SecIdentityRef)createIdentityFromEndpoint:(NSXPCListenerEndpoint *)endpoint error:(NSError **)error; >+@end >+NS_ASSUME_NONNULL_END >+ >+#endif // USE(APPLE_INTERNAL_SDK) >+ >+#endif // HAVE(SEC_KEY_PROXY) >diff --git a/Source/WebKit/Shared/Authentication/AuthenticationManager.h b/Source/WebKit/Shared/Authentication/AuthenticationManager.h >index 2c669bafe19168373b95c26bf76b1ab47ab7d8a2..4b14ddeddcfbb73eb8efebf47a8bcc21565641ac 100644 >--- a/Source/WebKit/Shared/Authentication/AuthenticationManager.h >+++ b/Source/WebKit/Shared/Authentication/AuthenticationManager.h >@@ -33,6 +33,7 @@ > #include <wtf/CompletionHandler.h> > #include <wtf/Forward.h> > #include <wtf/HashMap.h> >+#include <wtf/WeakPtr.h> > > namespace IPC { > class MessageSender; >@@ -91,6 +92,11 @@ private: > WebCore::AuthenticationChallenge challenge; > ChallengeCompletionHandler completionHandler; > }; >+ >+#if HAVE(SEC_KEY_PROXY) >+ // NetworkProcessSupplement >+ void initializeConnection(IPC::Connection*) final; >+#endif > > // IPC::MessageReceiver > void didReceiveMessage(IPC::Connection&, IPC::Decoder&) override; >@@ -109,6 +115,8 @@ private: > ChildProcess& m_process; > > HashMap<uint64_t, Challenge> m_challenges; >+ >+ WeakPtrFactory<AuthenticationManager> m_weakPtrFactory; > }; > > } // namespace WebKit >diff --git a/Source/WebKit/Shared/AuthenticationManagerCocoa.mm b/Source/WebKit/Shared/AuthenticationManagerCocoa.mm >new file mode 100644 >index 0000000000000000000000000000000000000000..c7415ba178038a091aa20daea1ea00f7cea22d59 >--- /dev/null >+++ b/Source/WebKit/Shared/AuthenticationManagerCocoa.mm >@@ -0,0 +1,91 @@ >+/* >+ * Copyright (C) 2018 Apple Inc. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' >+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, >+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS >+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR >+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF >+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS >+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN >+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) >+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF >+ * THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#import "config.h" >+#import "AuthenticationManager.h" >+ >+#if HAVE(SEC_KEY_PROXY) >+ >+#import "Connection.h" >+#import <pal/spi/cocoa/NSXPCConnectionSPI.h> >+#import <pal/spi/cocoa/SecKeyProxySPI.h> >+#import <wtf/MainThread.h> >+ >+namespace WebKit { >+ >+void AuthenticationManager::initializeConnection(IPC::Connection* connection) >+{ >+ ASSERT(isMainThread()); >+ >+ auto weakThis = m_weakPtrFactory.createWeakPtr(*this); >+ // The following xpc event handler overwrites the boostrap event handler and is only used >+ // to capture client certificate credential. >+ xpc_connection_set_event_handler(connection->xpcConnection(), ^(xpc_object_t event) { >+ ASSERT(isMainThread()); >+ >+ xpc_type_t type = xpc_get_type(event); >+ if (type != XPC_TYPE_ERROR && weakThis) { >+ ASSERT(type == XPC_TYPE_DICTIONARY); >+ ASSERT(!strcmp(xpc_dictionary_get_string(event, "message-name"), "client-certificate-credential")); >+ >+ auto challengeID = xpc_dictionary_get_uint64(event, "challenge-id"); >+ >+ SecIdentityRef identity = NULL; >+ { >+ auto endPoint = adoptNS([[NSXPCListenerEndpoint alloc] init]); >+ [endPoint _setEndpoint:xpc_dictionary_get_value(event, "sec-key-proxy-endpoint")]; >+ NSError *error = nil; >+ identity = [SecKeyProxy createIdentityFromEndpoint:endPoint.get() error:&error]; >+ auto retainError = adoptNS(error); >+ if (error) { >+ weakThis->useCredentialForChallenge(challengeID, WebCore::Credential()); >+ return; >+ } >+ } >+ >+ NSMutableArray *certificates = nil; >+ { >+ auto certificateDataArray = xpc_dictionary_get_array(event, "certificates"); >+ auto total = xpc_array_get_count(certificateDataArray); >+ if (total) >+ certificates = [NSMutableArray arrayWithCapacity:total]; >+ for (size_t i = 0; i < total; i++) { >+ auto certificateData = xpc_array_get_value(certificateDataArray, i); >+ auto cfData = adoptCF(CFDataCreate(NULL, reinterpret_cast<const UInt8*>(xpc_data_get_bytes_ptr(certificateData)), xpc_data_get_length(certificateData))); >+ auto certificate = SecCertificateCreateWithData(NULL, cfData.get()); >+ [certificates addObject:(id)certificate]; >+ } >+ } >+ >+ auto persistence = xpc_dictionary_get_uint64(event, "persistence"); >+ >+ weakThis->useCredentialForChallenge(challengeID, WebCore::Credential(adoptNS([[NSURLCredential alloc] initWithIdentity:identity certificates:certificates persistence:(NSURLCredentialPersistence)persistence]).get())); >+ } >+ }); >+} >+ >+} // namespace WebKit >+ >+#endif >diff --git a/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.cpp b/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.cpp >index b9a137594e319d628ec95664edb6d4fdb217932c..eee367009cb252768812c358fce677fc21a07a6a 100644 >--- a/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.cpp >+++ b/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.cpp >@@ -29,6 +29,7 @@ > #include "AuthenticationDecisionListener.h" > #include "AuthenticationManagerMessages.h" > #include "ChildProcessProxy.h" >+#include "SecKeyProxyStore.h" > #include "WebCertificateInfo.h" > #include "WebCoreArgumentCoders.h" > #include "WebCredential.h" >@@ -70,6 +71,17 @@ void AuthenticationChallengeProxy::useCredential(WebCredential* credential) > return; > } > >+#if HAVE(SEC_KEY_PROXY) >+ if (protectionSpace()->authenticationScheme() == WebCore::ProtectionSpaceAuthenticationSchemeClientCertificateRequested) { >+ if (!m_secKeyProxyStore) { >+ m_connection->send(Messages::AuthenticationManager::ContinueWithoutCredentialForChallenge(challengeID), 0); >+ return; >+ } >+ m_secKeyProxyStore->initialize(credential->credential()); >+ sendClientCertificateCredentialOverXpc(challengeID, credential->credential()); >+ return; >+ } >+#endif > m_connection->send(Messages::AuthenticationManager::UseCredentialForChallenge(challengeID, credential->credential()), 0); > } > >@@ -119,4 +131,11 @@ WebProtectionSpace* AuthenticationChallengeProxy::protectionSpace() const > return m_webProtectionSpace.get(); > } > >+#if HAVE(SEC_KEY_PROXY) >+void AuthenticationChallengeProxy::setSecKeyProxyStore(SecKeyProxyStore& store) >+{ >+ m_secKeyProxyStore = makeWeakPtr(store); >+} >+#endif >+ > } // namespace WebKit >diff --git a/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.h b/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.h >index 0c5be5e446d875955dd982e52577a98852ad1abe..98fdf872a7684549288647037f9756545e064a63 100644 >--- a/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.h >+++ b/Source/WebKit/UIProcess/Authentication/AuthenticationChallengeProxy.h >@@ -27,6 +27,7 @@ > > #include "APIObject.h" > #include <WebCore/AuthenticationChallenge.h> >+#include <wtf/WeakPtr.h> > > namespace IPC { > class Connection; >@@ -36,6 +37,7 @@ namespace WebKit { > > class AuthenticationDecisionListener; > class ChildProcessProxy; >+class SecKeyProxyStore; > class WebCredential; > class WebProtectionSpace; > >@@ -59,15 +61,27 @@ public: > int previousFailureCount() const { return m_coreAuthenticationChallenge.previousFailureCount(); } > const WebCore::AuthenticationChallenge& core() { return m_coreAuthenticationChallenge; } > >+#if HAVE(SEC_KEY_PROXY) >+ void setSecKeyProxyStore(SecKeyProxyStore&); >+#endif >+ > private: > AuthenticationChallengeProxy(WebCore::AuthenticationChallenge&&, uint64_t challengeID, IPC::Connection*); > >+#if HAVE(SEC_KEY_PROXY) >+ void sendClientCertificateCredentialOverXpc(uint64_t challengeID, const WebCore::Credential&) const; >+#endif >+ > WebCore::AuthenticationChallenge m_coreAuthenticationChallenge; > uint64_t m_challengeID; > RefPtr<IPC::Connection> m_connection; > RefPtr<AuthenticationDecisionListener> m_listener; > mutable RefPtr<WebCredential> m_webCredential; > mutable RefPtr<WebProtectionSpace> m_webProtectionSpace; >+ >+#if HAVE(SEC_KEY_PROXY) >+ WeakPtr<SecKeyProxyStore> m_secKeyProxyStore; >+#endif > }; > > } // namespace WebKit >diff --git a/Source/WebKit/UIProcess/Authentication/cocoa/AuthenticationChallengeProxyCocoa.mm b/Source/WebKit/UIProcess/Authentication/cocoa/AuthenticationChallengeProxyCocoa.mm >new file mode 100644 >index 0000000000000000000000000000000000000000..354344bcbb745a766871164fde6093ebcbcd55da >--- /dev/null >+++ b/Source/WebKit/UIProcess/Authentication/cocoa/AuthenticationChallengeProxyCocoa.mm >@@ -0,0 +1,60 @@ >+/* >+ * Copyright (C) 2018 Apple Inc. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' >+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, >+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS >+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR >+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF >+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS >+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN >+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) >+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF >+ * THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#import "config.h" >+#import "AuthenticationChallengeProxy.h" >+ >+#if HAVE(SEC_KEY_PROXY) >+ >+#import "Connection.h" >+#import "SecKeyProxyStore.h" >+#import <pal/spi/cocoa/NSXPCConnectionSPI.h> >+#import <pal/spi/cocoa/SecKeyProxySPI.h> >+ >+namespace WebKit { >+ >+void AuthenticationChallengeProxy::sendClientCertificateCredentialOverXpc(uint64_t challengeID, const WebCore::Credential& credential) const >+{ >+ ASSERT(m_secKeyProxyStore); >+ ASSERT(m_secKeyProxyStore->isInitialized()); >+ >+ auto message = adoptOSObject(xpc_dictionary_create(nullptr, nullptr, 0)); >+ xpc_dictionary_set_string(message.get(), "message-name", "client-certificate-credential"); >+ xpc_dictionary_set_uint64(message.get(), "challenge-id", challengeID); >+ xpc_dictionary_set_value(message.get(), "sec-key-proxy-endpoint", m_secKeyProxyStore->get().endpoint._endpoint); >+ auto certificateDataArray = adoptOSObject(xpc_array_create(nullptr, 0)); >+ for (id certificate in credential.nsCredential().certificates) { >+ auto data = adoptCF(SecCertificateCopyData((SecCertificateRef)certificate)); >+ xpc_array_append_value(certificateDataArray.get(), adoptOSObject(xpc_data_create(CFDataGetBytePtr(data.get()), CFDataGetLength(data.get()))).get()); >+ } >+ xpc_dictionary_set_value(message.get(), "certificates", certificateDataArray.get()); >+ xpc_dictionary_set_uint64(message.get(), "persistence", static_cast<uint64_t>(credential.nsCredential().persistence)); >+ >+ xpc_connection_send_message(m_connection->xpcConnection(), message.get()); >+} >+ >+} // namespace WebKit >+ >+#endif >diff --git a/Source/WebKit/UIProcess/Authentication/cocoa/SecKeyProxyStore.h b/Source/WebKit/UIProcess/Authentication/cocoa/SecKeyProxyStore.h >new file mode 100644 >index 0000000000000000000000000000000000000000..29d38a175ffe4ec53558bbb3ecae8e63cfc65135 >--- /dev/null >+++ b/Source/WebKit/UIProcess/Authentication/cocoa/SecKeyProxyStore.h >@@ -0,0 +1,61 @@ >+/* >+ * Copyright (C) 2018 Apple Inc. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' >+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, >+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS >+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR >+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF >+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS >+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN >+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) >+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF >+ * THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#pragma once >+ >+#if HAVE(SEC_KEY_PROXY) >+ >+#include <wtf/RefCounted.h> >+#include <wtf/RetainPtr.h> >+#include <wtf/WeakPtr.h> >+ >+OBJC_CLASS SecKeyProxy; >+ >+namespace WebCore { >+class Credential; >+} >+ >+namespace WebKit { >+ >+class SecKeyProxyStore : public RefCounted<SecKeyProxyStore> { >+public: >+ static Ref<SecKeyProxyStore> create() { return adoptRef(* new SecKeyProxyStore()); } >+ >+ void initialize(const WebCore::Credential&); >+ bool isInitialized() const { return !!m_secKeyProxy; } >+ >+ auto* get() const { return m_secKeyProxy.get(); } >+ auto& weakPtrFactory() const { return m_weakPtrFactory; } >+ >+private: >+ SecKeyProxyStore() = default; >+ >+ WeakPtrFactory<SecKeyProxyStore> m_weakPtrFactory; >+ RetainPtr<SecKeyProxy> m_secKeyProxy; >+}; >+ >+} // namespace WebKit >+ >+#endif // HAVE(SEC_KEY_PROXY) >diff --git a/Source/WebKit/UIProcess/Authentication/cocoa/SecKeyProxyStore.mm b/Source/WebKit/UIProcess/Authentication/cocoa/SecKeyProxyStore.mm >new file mode 100644 >index 0000000000000000000000000000000000000000..090d5212adb1cda802fe1ec2e6413233629621fd >--- /dev/null >+++ b/Source/WebKit/UIProcess/Authentication/cocoa/SecKeyProxyStore.mm >@@ -0,0 +1,44 @@ >+/* >+ * Copyright (C) 2018 Apple Inc. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' >+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, >+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS >+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR >+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF >+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS >+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN >+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) >+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF >+ * THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#import "config.h" >+#import "SecKeyProxyStore.h" >+ >+#if HAVE(SEC_KEY_PROXY) >+ >+#import <WebCore/Credential.h> >+#import <pal/spi/cocoa/SecKeyProxySPI.h> >+ >+namespace WebKit { >+ >+void SecKeyProxyStore::initialize(const WebCore::Credential& credential) >+{ >+ if (!credential.isEmpty() && credential.nsCredential().identity) >+ m_secKeyProxy = adoptNS([[SecKeyProxy alloc] initWithIdentity:credential.nsCredential().identity]); >+} >+ >+} // namespace WebKit >+ >+#endif // HAVE(SEC_KEY_PROXY) >diff --git a/Source/WebKit/UIProcess/WebPageProxy.cpp b/Source/WebKit/UIProcess/WebPageProxy.cpp >index cde1000c4edb846700f0915fe8a28013eb7fca63..615574ab7965a86e678d01ffd2c4fb17c9104e80 100644 >--- a/Source/WebKit/UIProcess/WebPageProxy.cpp >+++ b/Source/WebKit/UIProcess/WebPageProxy.cpp >@@ -75,6 +75,7 @@ > #include "PluginInformation.h" > #include "PluginProcessManager.h" > #include "PrintInfo.h" >+#include "SecKeyProxyStore.h" > #include "TextChecker.h" > #include "TextCheckerState.h" > #include "UIMessagePortChannelProvider.h" >@@ -6200,6 +6201,15 @@ void WebPageProxy::didReceiveAuthenticationChallengeProxy(uint64_t frameID, Ref< > WebFrameProxy* frame = m_process->webFrame(frameID); > MESSAGE_CHECK(frame); > >+#if HAVE(SEC_KEY_PROXY) >+ ASSERT(authenticationChallenge->protectionSpace()); >+ if (authenticationChallenge->protectionSpace()->authenticationScheme() == ProtectionSpaceAuthenticationSchemeClientCertificateRequested) { >+ auto secKeyProxyStore = SecKeyProxyStore::create(); >+ authenticationChallenge->setSecKeyProxyStore(secKeyProxyStore); >+ m_websiteDataStore->addSecKeyProxyStore(WTFMove(secKeyProxyStore)); >+ } >+#endif >+ > if (m_navigationClient) > m_navigationClient->didReceiveAuthenticationChallenge(*this, authenticationChallenge.get()); > else >diff --git a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp >index 0db39b498edb0ed1e9b4881c2d5d8977029a04ea..4c2ed5575688eb4b8233289a50c5c8fbdd7c94d8 100644 >--- a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp >+++ b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp >@@ -30,6 +30,7 @@ > #include "APIWebsiteDataRecord.h" > #include "APIWebsiteDataStore.h" > #include "NetworkProcessMessages.h" >+#include "SecKeyProxyStore.h" > #include "StorageManager.h" > #include "StorageProcessCreationParameters.h" > #include "WebCookieManagerProxy.h" >@@ -1539,4 +1540,11 @@ WebsiteDataStoreParameters WebsiteDataStore::parameters() > } > #endif > >+#if HAVE(SEC_KEY_PROXY) >+void WebsiteDataStore::addSecKeyProxyStore(RefPtr<SecKeyProxyStore>&& store) >+{ >+ m_secKeyProxyStores.append(WTFMove(store)); >+} >+#endif >+ > } >diff --git a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h >index aecdacaae360e054803ba02fb7ef9b52cbea9780..58d05991734f96b2c42b09b92c0e905b13efbf0d 100644 >--- a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h >+++ b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h >@@ -50,6 +50,7 @@ class SecurityOrigin; > > namespace WebKit { > >+class SecKeyProxyStore; > class StorageManager; > class WebPageProxy; > class WebProcessPool; >@@ -177,6 +178,10 @@ public: > > static void allowWebsiteDataRecordsForAllOrigins(); > >+#if HAVE(SEC_KEY_PROXY) >+ void addSecKeyProxyStore(RefPtr<SecKeyProxyStore>&&); >+#endif >+ > private: > explicit WebsiteDataStore(PAL::SessionID); > explicit WebsiteDataStore(Configuration, PAL::SessionID); >@@ -228,6 +233,10 @@ private: > > String m_boundInterfaceIdentifier; > AllowsCellularAccess m_allowsCellularAccess { AllowsCellularAccess::Yes }; >+ >+#if HAVE(SEC_KEY_PROXY) >+ Vector<RefPtr<SecKeyProxyStore>> m_secKeyProxyStores; >+#endif > }; > > } >diff --git a/Source/WebKit/WebKit.xcodeproj/project.pbxproj b/Source/WebKit/WebKit.xcodeproj/project.pbxproj >index f175622fb5e495fe8980a7462b83613af3a359d4..f2d3c15a36c29e81594851655a16b10a8aeee502 100644 >--- a/Source/WebKit/WebKit.xcodeproj/project.pbxproj >+++ b/Source/WebKit/WebKit.xcodeproj/project.pbxproj >@@ -1218,6 +1218,10 @@ > 53BA47D01DC2EF5E004DF4AD /* NetworkDataTaskBlob.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 539EB5461DC2EE40009D48CF /* NetworkDataTaskBlob.cpp */; }; > 53BA47D11DC2EF5E004DF4AD /* NetworkDataTaskBlob.h in Headers */ = {isa = PBXBuildFile; fileRef = 539EB5471DC2EE40009D48CF /* NetworkDataTaskBlob.h */; }; > 53DEA3661DDE423100E82648 /* json.hpp in Headers */ = {isa = PBXBuildFile; fileRef = 53DEA3651DDE422E00E82648 /* json.hpp */; }; >+ 570AB8F320AE3BD700B8BE87 /* SecKeyProxyStore.h in Headers */ = {isa = PBXBuildFile; fileRef = 570AB8F220AE3BD700B8BE87 /* SecKeyProxyStore.h */; }; >+ 570AB8FE20AF898700B8BE87 /* AuthenticationManagerCocoa.mm in Sources */ = {isa = PBXBuildFile; fileRef = 570AB8FC20AF898700B8BE87 /* AuthenticationManagerCocoa.mm */; }; >+ 570AB90220B2517400B8BE87 /* AuthenticationChallengeProxyCocoa.mm in Sources */ = {isa = PBXBuildFile; fileRef = 570AB90020B2517400B8BE87 /* AuthenticationChallengeProxyCocoa.mm */; }; >+ 570AB90420B2541D00B8BE87 /* SecKeyProxyStore.mm in Sources */ = {isa = PBXBuildFile; fileRef = 570AB90320B2541C00B8BE87 /* SecKeyProxyStore.mm */; }; > 575075A820AB8DE100693EA9 /* WebCredentialMac.mm in Sources */ = {isa = PBXBuildFile; fileRef = 575075A720AB763600693EA9 /* WebCredentialMac.mm */; }; > 5760828E2029895E00116678 /* WebCredentialsMessenger.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5760828C2029854200116678 /* WebCredentialsMessenger.cpp */; }; > 57608298202BD8BA00116678 /* WebCredentialsMessengerProxy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 57608296202BD8BA00116678 /* WebCredentialsMessengerProxy.cpp */; }; >@@ -3658,6 +3662,10 @@ > 539EB5471DC2EE40009D48CF /* NetworkDataTaskBlob.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = NetworkDataTaskBlob.h; path = NetworkProcess/NetworkDataTaskBlob.h; sourceTree = "<group>"; }; > 53DEA3651DDE422E00E82648 /* json.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; name = json.hpp; path = NetworkProcess/capture/json.hpp; sourceTree = "<group>"; }; > 53F3CAA5206C443E0086490E /* NetworkActivityTracker.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = NetworkActivityTracker.cpp; path = NetworkProcess/NetworkActivityTracker.cpp; sourceTree = "<group>"; }; >+ 570AB8F220AE3BD700B8BE87 /* SecKeyProxyStore.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecKeyProxyStore.h; sourceTree = "<group>"; }; >+ 570AB8FC20AF898700B8BE87 /* AuthenticationManagerCocoa.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = AuthenticationManagerCocoa.mm; sourceTree = "<group>"; }; >+ 570AB90020B2517400B8BE87 /* AuthenticationChallengeProxyCocoa.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = AuthenticationChallengeProxyCocoa.mm; sourceTree = "<group>"; }; >+ 570AB90320B2541C00B8BE87 /* SecKeyProxyStore.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = SecKeyProxyStore.mm; sourceTree = "<group>"; }; > 575075A720AB763600693EA9 /* WebCredentialMac.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = WebCredentialMac.mm; sourceTree = "<group>"; }; > 5750F32A2032D4E500389347 /* LocalAuthentication.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = LocalAuthentication.framework; path = System/Library/Frameworks/LocalAuthentication.framework; sourceTree = SDKROOT; }; > 5760828B2029854200116678 /* WebCredentialsMessenger.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WebCredentialsMessenger.h; sourceTree = "<group>"; }; >@@ -6527,6 +6535,7 @@ > 512F588D12A8836F00629530 /* Authentication */ = { > isa = PBXGroup; > children = ( >+ 570AB8F620AE81AB00B8BE87 /* cocoa */, > 575075A620AB75AB00693EA9 /* mac */, > 512F588E12A8838800629530 /* AuthenticationChallengeProxy.cpp */, > 512F588F12A8838800629530 /* AuthenticationChallengeProxy.h */, >@@ -6627,6 +6636,7 @@ > 518E8EF116B208F000E91429 /* Authentication */ = { > isa = PBXGroup; > children = ( >+ 570AB8FA20AF894900B8BE87 /* cocoa */, > 518E8EF316B2091C00E91429 /* AuthenticationManager.cpp */, > 518E8EF416B2091C00E91429 /* AuthenticationManager.h */, > 518E8EF516B2091C00E91429 /* AuthenticationManager.messages.in */, >@@ -6753,6 +6763,24 @@ > name = capture; > sourceTree = "<group>"; > }; >+ 570AB8F620AE81AB00B8BE87 /* cocoa */ = { >+ isa = PBXGroup; >+ children = ( >+ 570AB90020B2517400B8BE87 /* AuthenticationChallengeProxyCocoa.mm */, >+ 570AB8F220AE3BD700B8BE87 /* SecKeyProxyStore.h */, >+ 570AB90320B2541C00B8BE87 /* SecKeyProxyStore.mm */, >+ ); >+ path = cocoa; >+ sourceTree = "<group>"; >+ }; >+ 570AB8FA20AF894900B8BE87 /* cocoa */ = { >+ isa = PBXGroup; >+ children = ( >+ 570AB8FC20AF898700B8BE87 /* AuthenticationManagerCocoa.mm */, >+ ); >+ name = cocoa; >+ sourceTree = "<group>"; >+ }; > 575075A620AB75AB00693EA9 /* mac */ = { > isa = PBXGroup; > children = ( >@@ -9155,6 +9183,7 @@ > 511F8A7B138B460900A95F44 /* SecItemShimLibrary.h in Headers */, > E18E690C169B563F009B6670 /* SecItemShimProxy.h in Headers */, > E18E6918169B667B009B6670 /* SecItemShimProxyMessages.h in Headers */, >+ 570AB8F320AE3BD700B8BE87 /* SecKeyProxyStore.h in Headers */, > 514D9F5719119D35000063A7 /* ServicesController.h in Headers */, > 414DEDD71F9EDDE50047C40D /* ServiceWorkerProcessProxy.h in Headers */, > 1AFDE65A1954A42B00C48FFA /* SessionState.h in Headers */, >@@ -10507,8 +10536,10 @@ > BCEE966C112FAF57006BCC24 /* Attachment.cpp in Sources */, > E1A31735134CEA80007C9A4F /* AttributedString.mm in Sources */, > 512F589612A8838800629530 /* AuthenticationChallengeProxy.cpp in Sources */, >+ 570AB90220B2517400B8BE87 /* AuthenticationChallengeProxyCocoa.mm in Sources */, > 512F589812A8838800629530 /* AuthenticationDecisionListener.cpp in Sources */, > 518E8EF816B2091C00E91429 /* AuthenticationManager.cpp in Sources */, >+ 570AB8FE20AF898700B8BE87 /* AuthenticationManagerCocoa.mm in Sources */, > 512F58A212A883AD00629530 /* AuthenticationManagerMessageReceiver.cpp in Sources */, > 9955A6F41C7986DC00EB6A93 /* AutomationBackendDispatchers.cpp in Sources */, > 99C81D591C20E1E5005C4C82 /* AutomationClient.mm in Sources */, >@@ -10833,6 +10864,7 @@ > E179088D169BAA62006904C7 /* SecItemShim.cpp in Sources */, > E18E690B169B563F009B6670 /* SecItemShimProxy.cpp in Sources */, > E18E6917169B667B009B6670 /* SecItemShimProxyMessageReceiver.cpp in Sources */, >+ 570AB90420B2541D00B8BE87 /* SecKeyProxyStore.mm in Sources */, > 514D9F5819119D35000063A7 /* ServicesController.mm in Sources */, > 4131F3D11F96BCCC0059995A /* ServiceWorkerClientFetch.cpp in Sources */, > 617A52D81F43A9DA00DCDC0A /* ServiceWorkerClientFetchMessageReceiver.cpp in Sources */,
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 185848
:
340928
|
341009
|
341047
|
341058
|
341144