Bug 145886

Summary: Make -[WKWebView _certificateChain] public.
Product: WebKit Reporter: Eugene But <eugenebut>
Component: WebKit2Assignee: mitz
Status: RESOLVED FIXED    
Severity: Normal CC: andersca, mitz, sam, stuartmorgan
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: iPhone / iPad   
OS: All   
Attachments:
Description Flags
Add a certificateChain property to WKWebView
sam: review+
Add a certificateChain property to WKWebView sam: review+

Eugene But
Reported 2015-06-11 11:09:29 PDT
Making _certificateChain API public will simplify implementation of security UI (https lock) for web browsers. In WebKit nightly build webView:didReceiveAuthenticationChallenge:completionHandler: provides certs chain. However it is not called on every navigation. It means that if app needs to know the certs of current page it has to maintain persistent cache: host-name: cert-chain. The certs are already cached by WebKit, so storing this cache twice is additional overhead. rdar://21342465
Attachments
Add a certificateChain property to WKWebView (17.12 KB, patch)
2015-06-20 16:16 PDT, mitz 		sam: review+
DetailsFormatted DiffDiff
Add a certificateChain property to WKWebView (16.71 KB, patch)
2015-06-21 09:46 PDT, mitz 		sam: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Eugene But
Comment 1 2015-06-12 13:05:30 PDT
webView:didReceiveAuthenticationChallenge:completionHandler: does not provide information about the frame which loads a resource. Hence caching certs, so they can be reused later for lock icon is not viable. Without certificateChain public API correct implementation of security lock is not possible.
mitz
Comment 2 2015-06-20 16:16:58 PDT
Created attachment 255301 [details] Add a certificateChain property to WKWebView
mitz
Comment 3 2015-06-21 09:46:55 PDT
Created attachment 255327 [details] Add a certificateChain property to WKWebView Revised to make the property non-nullable
mitz
Comment 4 2015-06-23 09:47:21 PDT
Fixed in <http://trac.webkit.org/r185876>.
Note You need to log in before you can comment on or make changes to this bug.