133527 2014-06-04 16:44:54 -0700 [iOS] Client-certificate authentication isn’t working 2014-06-06 13:35:24 -0700 1 1 1 Unclassified WebKit WebKit2 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED InRadar P1 Normal --- 1 mitz mitz ap oldest_to_newest 1013409 0 mitz 2014-06-04 16:44:54 -0700 <rdar://problem/17095692> Responding to an authentication challenge with an identity-based credential just fails. 1013420 1 232511 mitz 2014-06-04 17:17:56 -0700 Created attachment 232511 Add encoding support for credentials with identities 1013423 2 232511 darin 2014-06-04 17:23:33 -0700 Comment on attachment 232511 Add encoding support for credentials with identities View in context: https://bugs.webkit.org/attachment.cgi?id=232511&action=review > Source/WebCore/WebCore.exp.in:2919 > +#if PLATFORM(COCOA) This file is only used for PLATFORM(COCOA), so I suggest removing this #if and re-sorting the file. > Source/WebKit2/Shared/WebCoreArgumentCoders.cpp:488 > +#endif > encoder << credential.user() << credential.password(); I suggest adding a blank line here. > Source/WebKit2/Shared/WebCoreArgumentCoders.cpp:505 > + RetainPtr<CFArrayRef> certificates; I’d move this down past the decoding of hasCertificates. > Source/WebKit2/Shared/WebCoreArgumentCoders.cpp:522 > +#endif > String user; I suggest adding a blank line here. > Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp:587 > + SecIdentityCopyCertificate(identity, &certificate); Can this ever fail? If so, the CFRelease below will crash. Same pattern happens 3 times. Is crashing the right behavior or do we want something else? 1013457 3 232511 ap 2014-06-04 21:20:40 -0700 Comment on attachment 232511 Add encoding support for credentials with identities I'm unsure about the status of code in AuthenticationManager::tryUseCertificateInfoForChallenge. Is it still needed, now that actual identities are being passed? 1013458 4 mitz 2014-06-04 21:30:50 -0700 (In reply to comment #3) > (From update of attachment 232511 [details]) > I'm unsure about the status of code in AuthenticationManager::tryUseCertificateInfoForChallenge. Is it still needed, now that actual identities are being passed? At least for now, yes, it is still needed, because of the C SPI. Clients of the C SPI pass an identity by creating a WKCredential with a WKCretificateInfoRef, which they create from certificates they extract from the identity (a key reference isn’t passed at all, the Network process resorts to looking it up based on the certificate). We don’t have a way to create a WKCredentialRef from a SecIdentityRef. 1013796 5 232511 mitz 2014-06-06 09:21:27 -0700 Comment on attachment 232511 Add encoding support for credentials with identities View in context: https://bugs.webkit.org/attachment.cgi?id=232511&action=review >> Source/WebCore/WebCore.exp.in:2919 >> +#if PLATFORM(COCOA) > > This file is only used for PLATFORM(COCOA), so I suggest removing this #if and re-sorting the file. I don’t know what I was thinking. >> Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp:587 >> + SecIdentityCopyCertificate(identity, &certificate); > > Can this ever fail? If so, the CFRelease below will crash. Same pattern happens 3 times. Is crashing the right behavior or do we want something else? This one and the next one can’t fail, as far as I can tell, but the third one can fail. I think in that case we should avoid crashing, and encode something that decodes as a null identity, and make sure that we don’t crash on the receiving side when the identity is null. 1013834 6 mitz 2014-06-06 12:04:53 -0700 Fixed in <http://trac.webkit.org/r169655>. 1013843 7 ap 2014-06-06 13:08:23 -0700 Attempted a build fix in <http://trac.webkit.org/changeset/169657>. 1013844 8 ap 2014-06-06 13:35:24 -0700 More build fix in <http://trac.webkit.org/r169658> - this code only builds on iOS. 232511 2014-06-04 17:17:56 -0700 2014-06-06 09:21:27 -0700 Add encoding support for credentials with identities bug-133527-20140604171732.patch text/plain 9842 mitz SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDE2OTYwMykKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDEyIEBACisyMDE0LTA2LTA0ICBEYW4gQmVy bnN0ZWluICA8bWl0ekBhcHBsZS5jb20+CisKKyAgICAgICAgV2ViQ29yZSBwYXJ0IG9mIDxyZGFy Oi8vcHJvYmxlbS8xNzA5NTY5Mj4gW2lPU10gQ2xpZW50LWNlcnRpZmljYXRlIGF1dGhlbnRpY2F0 aW9uIGlzbuKAmXQgd29ya2luZworICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93 X2J1Zy5jZ2k/aWQ9MTMzNTI3CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISku CisKKyAgICAgICAgKiBXZWJDb3JlLmV4cC5pbjogRXhwb3J0ZWQgc29tZSBDcmVkZW50aWFsIG1l bWJlciBmdW5jdGlvbnMuCisKIDIwMTQtMDYtMDQgIEJlbmphbWluIFBvdWxhaW4gIDxicG91bGFp bkBhcHBsZS5jb20+CiAKICAgICAgICAgW2lPU11bV0syXSBSZXN0b3JlIHRoZSB2aXN1YWwgc2Ny b2xsIHBvc2l0aW9uIGluc3RlYWQgb2YgdGhlIGRvbSBzY3JvbGwgcG9zaXRpb24gd2hlbiByZXN0 b3Jpbmcgc3RhdGVzIGZyb20gdGhlIGhpc3RvcnkKSW5kZXg6IFNvdXJjZS9XZWJDb3JlL1dlYkNv cmUuZXhwLmluCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJDb3JlL1dlYkNvcmUuZXhwLmluCShy ZXZpc2lvbiAxNjk1OTQpCisrKyBTb3VyY2UvV2ViQ29yZS9XZWJDb3JlLmV4cC5pbgkod29ya2lu ZyBjb3B5KQpAQCAtMjkxNiw2ICsyOTE2LDEzIEBAIF93a1NldFJlcXVlc3RTdG9yYWdlU2Vzc2lv bgogX19aTjdXZWJDb3JlMTRSZXNvdXJjZUhhbmRsZTI1Y29udGludWVXaWxsQ2FjaGVSZXNwb25z ZUVQMTlOU0NhY2hlZFVSTFJlc3BvbnNlCiAjZW5kaWYKIAorI2lmIFBMQVRGT1JNKENPQ09BKQor X19aTjdXZWJDb3JlMTBDcmVkZW50aWFsQzFFUDEzX19TZWNJZGVudGl0eVBLOV9fQ0ZBcnJheU5T XzIxQ3JlZGVudGlhbFBlcnNpc3RlbmNlRQorX19aTks3V2ViQ29yZTEwQ3JlZGVudGlhbDEyY2Vy dGlmaWNhdGVzRXYKK19fWk5LN1dlYkNvcmUxMENyZWRlbnRpYWw0dHlwZUV2CitfX1pOSzdXZWJD b3JlMTBDcmVkZW50aWFsOGlkZW50aXR5RXYKKyNlbmRpZgorCiAjaWYgRU5BQkxFKENPTlRFWFRf TUVOVVMpCiBfX1pON1dlYkNvcmUxMUNvbnRleHRNZW51MjJzZXRQbGF0Zm9ybURlc2NyaXB0aW9u RVAxNE5TTXV0YWJsZUFycmF5CiBfX1pON1dlYkNvcmUxMkV2ZW50SGFuZGxlcjIwc2VuZENvbnRl eHRNZW51RXZlbnRFUktOU18xOFBsYXRmb3JtTW91c2VFdmVudEUKSW5kZXg6IFNvdXJjZS9XZWJL aXQyL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cJKHJl dmlzaW9uIDE2OTYwMykKKysrIFNvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZwkod29ya2luZyBjb3B5 KQpAQCAtMSwzICsxLDI4IEBACisyMDE0LTA2LTA0ICBEYW4gQmVybnN0ZWluICA8bWl0ekBhcHBs ZS5jb20+CisKKyAgICAgICAgPHJkYXI6Ly9wcm9ibGVtLzE3MDk1NjkyPiBbaU9TXSBDbGllbnQt Y2VydGlmaWNhdGUgYXV0aGVudGljYXRpb24gaXNu4oCZdCB3b3JraW5nCisgICAgICAgIGh0dHBz Oi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xMzM1MjcKKworICAgICAgICBSZXZp ZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICAqIENvbmZpZ3VyYXRpb25zL05ldHdv cmstaU9TLmVudGl0bGVtZW50czogRW5hYmxlZCB0aGUgTmV0d29yayBwcm9jZXNzIHRvIGFjY2Vz cyB0aGUga2V5cworICAgICAgICBuZWVkZWQgdG8gY3JlYXRlIGlkZW50aXRpZXMgdG8gYXV0aGVu dGljYXRlIHdpdGguCisKKyAgICAgICAgKiBTaGFyZWQvV2ViQ29yZUFyZ3VtZW50Q29kZXJzLmNw cDoKKyAgICAgICAgKElQQzo6QXJndW1lbnRDb2RlcjxDcmVkZW50aWFsPjo6ZW5jb2RlKTogRW5j b2RlIHRoZSBjcmVkZW50aWFsIHR5cGUsIGFuZCBpZiBpdCBpcyBhIGNsaWVudAorICAgICAgICBj ZXJ0aWZpY2F0ZSwgZW5jb2RlIHRoZSBpZGVudGl0eSBhbmQgdGhlIGNlcnRpZmljYXRlcy4KKyAg ICAgICAgKElQQzo6QXJndW1lbnRDb2RlcjxDcmVkZW50aWFsPjo6ZGVjb2RlKTogRGVjb2RlIHRo ZSBjcmVkZW50aWFsIHR5cGUuIElmIGl0IGlzIGEgY2xpZW50CisgICAgICAgIGNlcnRpZmljYXRl LCBkZWNvZGUgdGhlIGlkZW50aXR5IGFuZCB0aGUgY2VydGlmaWNhdGVzIGFuZCB1c2UgdGhlIHBy b3BlciBDcmVkZW50aWFsCisgICAgICAgIGNvbnN0cnVjdG9yLgorCisgICAgICAgICogU2hhcmVk L2NmL0FyZ3VtZW50Q29kZXJzQ0YuY3BwOgorICAgICAgICAoSVBDOjp0eXBlRnJvbUNGVHlwZVJl Zik6IEhhbmRsZSBTZWNJZGVudGl0eVJlZi4KKyAgICAgICAgKElQQzo6ZW5jb2RlKTogRW5jb2Rl IGFuIGlkZW50aXR5IGJ5IGVuY29kaW5nIGl0cyBjZXJ0aWZpY2F0ZSBhbmQgYSBwZXJzaXN0ZW50 IHJlZmVyZW5jZSB0bworICAgICAgICBpdHMga2V5LgorICAgICAgICAoSVBDOjpkZWNvZGUpOiBE ZWNvZGUgYSBjZXJ0aWZpY2F0ZSBhbmQgYSBwZXJzaXN0ZW50IHJlZmVyZW5jZSB0byBhIGtleSwg ZmluZCB0aGUga2V5LCBhbmQKKyAgICAgICAgY3JlYXRlIGFuIGlkZW50aXR5LgorICAgICAgICAq IFNoYXJlZC9jZi9Bcmd1bWVudENvZGVyc0NGLmg6CisKIDIwMTQtMDYtMDQgIEJlbmphbWluIFBv dWxhaW4gIDxicG91bGFpbkBhcHBsZS5jb20+CiAKICAgICAgICAgW2lPU11bV0syXSBSZXN0b3Jl IHRoZSB2aXN1YWwgc2Nyb2xsIHBvc2l0aW9uIGluc3RlYWQgb2YgdGhlIGRvbSBzY3JvbGwgcG9z aXRpb24gd2hlbiByZXN0b3Jpbmcgc3RhdGVzIGZyb20gdGhlIGhpc3RvcnkKSW5kZXg6IFNvdXJj ZS9XZWJLaXQyL0NvbmZpZ3VyYXRpb25zL05ldHdvcmstaU9TLmVudGl0bGVtZW50cwo9PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09Ci0tLSBTb3VyY2UvV2ViS2l0Mi9Db25maWd1cmF0aW9ucy9OZXR3b3JrLWlPUy5lbnRpdGxl bWVudHMJKHJldmlzaW9uIDE2OTUxOSkKKysrIFNvdXJjZS9XZWJLaXQyL0NvbmZpZ3VyYXRpb25z L05ldHdvcmstaU9TLmVudGl0bGVtZW50cwkod29ya2luZyBjb3B5KQpAQCAtNCw1ICs0LDkgQEAK IDxkaWN0PgogCTxrZXk+Y29tLmFwcGxlLnByaXZhdGUubmV0d29yay5zb2NrZXQtZGVsZWdhdGU8 L2tleT4KIAk8dHJ1ZS8+CisJPGtleT5rZXljaGFpbi1hY2Nlc3MtZ3JvdXBzPC9rZXk+CisJPGFy cmF5PgorCQk8c3RyaW5nPmNvbS5hcHBsZS5pZGVudGl0aWVzPC9zdHJpbmc+CisJPC9hcnJheT4K IDwvZGljdD4KIDwvcGxpc3Q+CkluZGV4OiBTb3VyY2UvV2ViS2l0Mi9TaGFyZWQvV2ViQ29yZUFy Z3VtZW50Q29kZXJzLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViS2l0Mi9TaGFyZWQvV2Vi Q29yZUFyZ3VtZW50Q29kZXJzLmNwcAkocmV2aXNpb24gMTY5NTE5KQorKysgU291cmNlL1dlYktp dDIvU2hhcmVkL1dlYkNvcmVBcmd1bWVudENvZGVycy5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTY5 LDYgKzY5LDEwIEBACiAjaW5jbHVkZSA8d3RmL3RleHQvQ1N0cmluZy5oPgogI2luY2x1ZGUgPHd0 Zi90ZXh0L1N0cmluZ0hhc2guaD4KIAorI2lmIFBMQVRGT1JNKENPQ09BKQorI2luY2x1ZGUgIkFy Z3VtZW50Q29kZXJzQ0YuaCIKKyNlbmRpZgorCiAjaWYgUExBVEZPUk0oSU9TKQogI2luY2x1ZGUg PFdlYkNvcmUvRmxvYXRRdWFkLmg+CiAjaW5jbHVkZSA8V2ViQ29yZS9QYXN0ZWJvYXJkLmg+CkBA IC00NjcsMTIgKzQ3MSw1NCBAQCBib29sIEFyZ3VtZW50Q29kZXI8UHJvdGVjdGlvblNwYWNlPjo6 ZGVjCiAKIHZvaWQgQXJndW1lbnRDb2RlcjxDcmVkZW50aWFsPjo6ZW5jb2RlKEFyZ3VtZW50RW5j b2RlciYgZW5jb2RlciwgY29uc3QgQ3JlZGVudGlhbCYgY3JlZGVudGlhbCkKIHsKKyNpZiBDRVJU SUZJQ0FURV9DUkVERU5USUFMU19TVVBQT1JURUQKKyAgICBlbmNvZGVyLmVuY29kZUVudW0oY3Jl ZGVudGlhbC50eXBlKCkpOworCisgICAgaWYgKGNyZWRlbnRpYWwudHlwZSgpID09IENyZWRlbnRp YWxUeXBlQ2xpZW50Q2VydGlmaWNhdGUpIHsKKyAgICAgICAgSVBDOjplbmNvZGUoZW5jb2Rlciwg Y3JlZGVudGlhbC5pZGVudGl0eSgpKTsKKworICAgICAgICBlbmNvZGVyIDw8ICEhY3JlZGVudGlh bC5jZXJ0aWZpY2F0ZXMoKTsKKyAgICAgICAgaWYgKGNyZWRlbnRpYWwuY2VydGlmaWNhdGVzKCkp CisgICAgICAgICAgICBJUEM6OmVuY29kZShlbmNvZGVyLCBjcmVkZW50aWFsLmNlcnRpZmljYXRl cygpKTsKKworICAgICAgICBlbmNvZGVyLmVuY29kZUVudW0oY3JlZGVudGlhbC5wZXJzaXN0ZW5j ZSgpKTsKKyAgICAgICAgcmV0dXJuOworICAgIH0KKyNlbmRpZgogICAgIGVuY29kZXIgPDwgY3Jl ZGVudGlhbC51c2VyKCkgPDwgY3JlZGVudGlhbC5wYXNzd29yZCgpOwogICAgIGVuY29kZXIuZW5j b2RlRW51bShjcmVkZW50aWFsLnBlcnNpc3RlbmNlKCkpOwogfQogCiBib29sIEFyZ3VtZW50Q29k ZXI8Q3JlZGVudGlhbD46OmRlY29kZShBcmd1bWVudERlY29kZXImIGRlY29kZXIsIENyZWRlbnRp YWwmIGNyZWRlbnRpYWwpCiB7CisjaWYgQ0VSVElGSUNBVEVfQ1JFREVOVElBTFNfU1VQUE9SVEVE CisgICAgQ3JlZGVudGlhbFR5cGUgdHlwZTsKKworICAgIGlmICghZGVjb2Rlci5kZWNvZGVFbnVt KHR5cGUpKQorICAgICAgICByZXR1cm4gZmFsc2U7CisKKyAgICBpZiAodHlwZSA9PSBDcmVkZW50 aWFsVHlwZUNsaWVudENlcnRpZmljYXRlKSB7CisgICAgICAgIFJldGFpblB0cjxTZWNJZGVudGl0 eVJlZj4gaWRlbnRpdHk7CisgICAgICAgIGlmICghSVBDOjpkZWNvZGUoZGVjb2RlciwgaWRlbnRp dHkpKQorICAgICAgICAgICAgcmV0dXJuIGZhbHNlOworCisgICAgICAgIFJldGFpblB0cjxDRkFy cmF5UmVmPiBjZXJ0aWZpY2F0ZXM7CisgICAgICAgIGJvb2wgaGFzQ2VydGlmaWNhdGVzOworICAg ICAgICBpZiAoIWRlY29kZXIuZGVjb2RlKGhhc0NlcnRpZmljYXRlcykpCisgICAgICAgICAgICBy ZXR1cm4gZmFsc2U7CisgICAgICAgIGlmIChoYXNDZXJ0aWZpY2F0ZXMpIHsKKyAgICAgICAgICAg IGlmICghSVBDOjpkZWNvZGUoZGVjb2RlciwgY2VydGlmaWNhdGVzKSkKKyAgICAgICAgICAgICAg ICByZXR1cm4gZmFsc2U7CisgICAgICAgIH0KKworICAgICAgICBDcmVkZW50aWFsUGVyc2lzdGVu Y2UgcGVyc2lzdGVuY2U7CisgICAgICAgIGlmICghZGVjb2Rlci5kZWNvZGVFbnVtKHBlcnNpc3Rl bmNlKSkKKyAgICAgICAgICAgIHJldHVybiBmYWxzZTsKKworICAgICAgICBjcmVkZW50aWFsID0g Q3JlZGVudGlhbChpZGVudGl0eS5nZXQoKSwgY2VydGlmaWNhdGVzLmdldCgpLCBwZXJzaXN0ZW5j ZSk7CisgICAgICAgIHJldHVybiB0cnVlOworICAgIH0KKyNlbmRpZgogICAgIFN0cmluZyB1c2Vy OwogICAgIGlmICghZGVjb2Rlci5kZWNvZGUodXNlcikpCiAgICAgICAgIHJldHVybiBmYWxzZTsK SW5kZXg6IFNvdXJjZS9XZWJLaXQyL1NoYXJlZC9jZi9Bcmd1bWVudENvZGVyc0NGLmNwcAo9PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09Ci0tLSBTb3VyY2UvV2ViS2l0Mi9TaGFyZWQvY2YvQXJndW1lbnRDb2RlcnNDRi5jcHAJ KHJldmlzaW9uIDE2OTUxOSkKKysrIFNvdXJjZS9XZWJLaXQyL1NoYXJlZC9jZi9Bcmd1bWVudENv ZGVyc0NGLmNwcAkod29ya2luZyBjb3B5KQpAQCAtMzYsNiArMzYsMTkgQEAKICNpbXBvcnQgPEZv dW5kYXRpb24vRm91bmRhdGlvbi5oPgogI2VuZGlmCiAKKyNpZiBkZWZpbmVkKF9faGFzX2luY2x1 ZGUpICYmIF9faGFzX2luY2x1ZGUoPFNlY3VyaXR5L1NlY0lkZW50aXR5UHJpdi5oPikKKyNpbmNs dWRlIDxTZWN1cml0eS9TZWNJZGVudGl0eVByaXYuaD4KKyNlbmRpZgorCitleHRlcm4gIkMiIFNl Y0lkZW50aXR5UmVmIFNlY0lkZW50aXR5Q3JlYXRlKENGQWxsb2NhdG9yUmVmIGFsbG9jYXRvciwg U2VjQ2VydGlmaWNhdGVSZWYgY2VydGlmaWNhdGUsIFNlY0tleVJlZiBwcml2YXRlS2V5KTsKKwor I2lmIGRlZmluZWQoX19oYXNfaW5jbHVkZSkgJiYgX19oYXNfaW5jbHVkZSg8U2VjdXJpdHkvU2Vj S2V5UHJpdi5oPikKKyNpbmNsdWRlIDxTZWN1cml0eS9TZWNLZXlQcml2Lmg+CisjZW5kaWYKKwor ZXh0ZXJuICJDIiBPU1N0YXR1cyBTZWNLZXlDb3B5UGVyc2lzdGVudFJlZihTZWNLZXlSZWYga2V5 LCBDRkRhdGFSZWYqIHBlcnNpc3RlbnRSZWYpOworZXh0ZXJuICJDIiBPU1N0YXR1cyBTZWNLZXlG aW5kV2l0aFBlcnNpc3RlbnRSZWYoQ0ZEYXRhUmVmIHBlcnNpc3RlbnRSZWYsIFNlY0tleVJlZiog bG9va2VkVXBEYXRhKTsKKwogdXNpbmcgbmFtZXNwYWNlIFdlYkNvcmU7CiAKIG5hbWVzcGFjZSBJ UEMgewpAQCAtNTcsNiArNzAsNyBAQCBlbnVtIENGVHlwZSB7CiAgICAgQ0ZTdHJpbmcsCiAgICAg Q0ZVUkwsCiAgICAgU2VjQ2VydGlmaWNhdGUsCisgICAgU2VjSWRlbnRpdHksCiAjaWYgSEFWRShT RUNfS0VZQ0hBSU4pCiAgICAgU2VjS2V5Y2hhaW5JdGVtLAogI2VuZGlmCkBAIC05Miw2ICsxMDYs OCBAQCBzdGF0aWMgQ0ZUeXBlIHR5cGVGcm9tQ0ZUeXBlUmVmKENGVHlwZVJlCiAgICAgICAgIHJl dHVybiBDRlVSTDsKICAgICBpZiAodHlwZUlEID09IFNlY0NlcnRpZmljYXRlR2V0VHlwZUlEKCkp CiAgICAgICAgIHJldHVybiBTZWNDZXJ0aWZpY2F0ZTsKKyAgICBpZiAodHlwZUlEID09IFNlY0lk ZW50aXR5R2V0VHlwZUlEKCkpCisgICAgICAgIHJldHVybiBTZWNJZGVudGl0eTsKICNpZiBIQVZF KFNFQ19LRVlDSEFJTikKICAgICBpZiAodHlwZUlEID09IFNlY0tleWNoYWluSXRlbUdldFR5cGVJ RCgpKQogICAgICAgICByZXR1cm4gU2VjS2V5Y2hhaW5JdGVtOwpAQCAtMTM2LDYgKzE1Miw5IEBA IHZvaWQgZW5jb2RlKEFyZ3VtZW50RW5jb2RlciYgZW5jb2RlciwgQ0YKICAgICBjYXNlIFNlY0Nl cnRpZmljYXRlOgogICAgICAgICBlbmNvZGUoZW5jb2RlciwgKFNlY0NlcnRpZmljYXRlUmVmKXR5 cGVSZWYpOwogICAgICAgICByZXR1cm47CisgICAgY2FzZSBTZWNJZGVudGl0eToKKyAgICAgICAg ZW5jb2RlKGVuY29kZXIsIChTZWNJZGVudGl0eVJlZikodHlwZVJlZikpOworICAgICAgICByZXR1 cm47CiAjaWYgSEFWRShTRUNfS0VZQ0hBSU4pCiAgICAgY2FzZSBTZWNLZXljaGFpbkl0ZW06CiAg ICAgICAgIGVuY29kZShlbmNvZGVyLCAoU2VjS2V5Y2hhaW5JdGVtUmVmKXR5cGVSZWYpOwpAQCAt MjIzLDYgKzI0MiwxMyBAQCBib29sIGRlY29kZShBcmd1bWVudERlY29kZXImIGRlY29kZXIsIFJl CiAgICAgICAgIHJlc3VsdCA9IGFkb3B0Q0YoY2VydGlmaWNhdGUubGVha1JlZigpKTsKICAgICAg ICAgcmV0dXJuIHRydWU7CiAgICAgfQorICAgIGNhc2UgU2VjSWRlbnRpdHk6IHsKKyAgICAgICAg UmV0YWluUHRyPFNlY0lkZW50aXR5UmVmPiBpZGVudGl0eTsKKyAgICAgICAgaWYgKCFkZWNvZGUo ZGVjb2RlciwgaWRlbnRpdHkpKQorICAgICAgICAgICAgcmV0dXJuIGZhbHNlOworICAgICAgICBy ZXN1bHQgPSBhZG9wdENGKGlkZW50aXR5LmxlYWtSZWYoKSk7CisgICAgICAgIHJldHVybiB0cnVl OworICAgIH0KICNpZiBIQVZFKFNFQ19LRVlDSEFJTikKICAgICBjYXNlIFNlY0tleWNoYWluSXRl bTogewogICAgICAgICBSZXRhaW5QdHI8U2VjS2V5Y2hhaW5JdGVtUmVmPiBrZXljaGFpbkl0ZW07 CkBAIC01NTUsNiArNTgxLDQ0IEBAIGJvb2wgZGVjb2RlKEFyZ3VtZW50RGVjb2RlciYgZGVjb2Rl ciwgUmUKICAgICByZXR1cm4gdHJ1ZTsKIH0KIAordm9pZCBlbmNvZGUoQXJndW1lbnRFbmNvZGVy JiBlbmNvZGVyLCBTZWNJZGVudGl0eVJlZiBpZGVudGl0eSkKK3sKKyAgICBTZWNDZXJ0aWZpY2F0 ZVJlZiBjZXJ0aWZpY2F0ZSA9IG51bGxwdHI7CisgICAgU2VjSWRlbnRpdHlDb3B5Q2VydGlmaWNh dGUoaWRlbnRpdHksICZjZXJ0aWZpY2F0ZSk7CisgICAgZW5jb2RlKGVuY29kZXIsIGNlcnRpZmlj YXRlKTsKKyAgICBDRlJlbGVhc2UoY2VydGlmaWNhdGUpOworCisgICAgU2VjS2V5UmVmIGtleSA9 IG51bGxwdHI7CisgICAgU2VjSWRlbnRpdHlDb3B5UHJpdmF0ZUtleShpZGVudGl0eSwgJmtleSk7 CisKKyAgICBDRkRhdGFSZWYga2V5RGF0YSA9IG51bGxwdHI7CisgICAgU2VjS2V5Q29weVBlcnNp c3RlbnRSZWYoa2V5LCAma2V5RGF0YSk7CisgICAgQ0ZSZWxlYXNlKGtleSk7CisKKyAgICBlbmNv ZGUoZW5jb2Rlciwga2V5RGF0YSk7CisgICAgQ0ZSZWxlYXNlKGtleURhdGEpOworfQorCitib29s IGRlY29kZShBcmd1bWVudERlY29kZXImIGRlY29kZXIsIFJldGFpblB0cjxTZWNJZGVudGl0eVJl Zj4mIHJlc3VsdCkKK3sKKyAgICBSZXRhaW5QdHI8U2VjQ2VydGlmaWNhdGVSZWY+IGNlcnRpZmlj YXRlOworICAgIGlmICghZGVjb2RlKGRlY29kZXIsIGNlcnRpZmljYXRlKSkKKyAgICAgICAgcmV0 dXJuIGZhbHNlOworCisgICAgUmV0YWluUHRyPENGRGF0YVJlZj4ga2V5RGF0YTsKKyAgICBpZiAo IWRlY29kZShkZWNvZGVyLCBrZXlEYXRhKSkKKyAgICAgICAgcmV0dXJuIGZhbHNlOworCisgICAg U2VjS2V5UmVmIGtleSA9IG51bGxwdHI7CisgICAgaWYgKFNlY0tleUZpbmRXaXRoUGVyc2lzdGVu dFJlZihrZXlEYXRhLmdldCgpLCAma2V5KSkKKyAgICAgICAgcmV0dXJuIGZhbHNlOworCisgICAg cmVzdWx0ID0gYWRvcHRDRihTZWNJZGVudGl0eUNyZWF0ZShrQ0ZBbGxvY2F0b3JEZWZhdWx0LCBj ZXJ0aWZpY2F0ZS5nZXQoKSwga2V5KSk7CisgICAgQ0ZSZWxlYXNlKGtleSk7CisKKyAgICByZXR1 cm4gdHJ1ZTsKK30KKwogI2lmIEhBVkUoU0VDX0tFWUNIQUlOKQogdm9pZCBlbmNvZGUoQXJndW1l bnRFbmNvZGVyJiBlbmNvZGVyLCBTZWNLZXljaGFpbkl0ZW1SZWYga2V5Y2hhaW5JdGVtKQogewpJ bmRleDogU291cmNlL1dlYktpdDIvU2hhcmVkL2NmL0FyZ3VtZW50Q29kZXJzQ0YuaAo9PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09Ci0tLSBTb3VyY2UvV2ViS2l0Mi9TaGFyZWQvY2YvQXJndW1lbnRDb2RlcnNDRi5oCShyZXZp c2lvbiAxNjk1MTkpCisrKyBTb3VyY2UvV2ViS2l0Mi9TaGFyZWQvY2YvQXJndW1lbnRDb2RlcnND Ri5oCSh3b3JraW5nIGNvcHkpCkBAIC03OCw2ICs3OCwxMCBAQCBib29sIGRlY29kZShBcmd1bWVu dERlY29kZXImLCBSZXRhaW5QdHI8CiB2b2lkIGVuY29kZShBcmd1bWVudEVuY29kZXImLCBTZWND ZXJ0aWZpY2F0ZVJlZik7CiBib29sIGRlY29kZShBcmd1bWVudERlY29kZXImLCBSZXRhaW5QdHI8 U2VjQ2VydGlmaWNhdGVSZWY+JiByZXN1bHQpOwogCisvLyBTZWNJZGVudGl0eVJlZgordm9pZCBl bmNvZGUoQXJndW1lbnRFbmNvZGVyJiwgU2VjSWRlbnRpdHlSZWYpOworYm9vbCBkZWNvZGUoQXJn dW1lbnREZWNvZGVyJiwgUmV0YWluUHRyPFNlY0lkZW50aXR5UmVmPiYgcmVzdWx0KTsKKwogI2lm IEhBVkUoU0VDX0tFWUNIQUlOKQogLy8gU2VjS2V5Y2hhaW5JdGVtUmVmCiB2b2lkIGVuY29kZShB cmd1bWVudEVuY29kZXImLCBTZWNLZXljaGFpbkl0ZW1SZWYpOwo=