Bug 61334 - Should shim a few SecKeychainItem* methods on SnowLeopard
Summary: Should shim a few SecKeychainItem* methods on SnowLeopard
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: 528+ (Nightly build)
Hardware: Macintosh All
: P2 Normal
Assignee: Brady Eidson
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2011-05-23 18:21 PDT by Brady Eidson
Modified: 2011-05-24 15:54 PDT (History)
1 user (show)

See Also:


Attachments
Refactoring-prep v1 - Move the current SecItem shims into their own implementation file for non-SnowLeopard builds. (28.66 KB, patch)
2011-05-23 18:28 PDT, Brady Eidson
sam: review+
beidson: commit-queue-
Details | Formatted Diff | Diff
Refactoring-prep v2 - Keep the shim callbacks in the WebKit2 framework, and the shims in the WebProcessShim (27.38 KB, patch)
2011-05-23 19:10 PDT, Brady Eidson
sam: review+
beidson: commit-queue-
Details | Formatted Diff | Diff
Patch v1 (59.27 KB, patch)
2011-05-24 13:15 PDT, Brady Eidson
darin: review+
beidson: commit-queue-
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Brady Eidson 2011-05-23 18:21:40 PDT
Should shim a few SecKeychainItem* methods on SnowLeopard

In radar as <rdar://problem/9434311>
Comment 1 Brady Eidson 2011-05-23 18:28:34 PDT
Created attachment 94536 [details]
Refactoring-prep v1 - Move the current SecItem shims into their own implementation file for non-SnowLeopard builds.
Comment 2 Sam Weinig 2011-05-23 18:37:46 PDT
Comment on attachment 94536 [details]
Refactoring-prep v1 - Move the current SecItem shims into their own implementation file for non-SnowLeopard builds.

View in context: https://bugs.webkit.org/attachment.cgi?id=94536&action=review

> Source/WebKit2/WebProcess/mac/WebProcessSecItemShim.mm:41
> +static bool UseSecItemShim = false;

This should not start with a capital letter. There is no need to initialize it to false.

> Source/WebKit2/WebProcess/mac/WebProcessSecItemShim.mm:48
> +struct SecItemAPIContext
> +{

{ should be on previous line.
Comment 3 Brady Eidson 2011-05-23 19:10:30 PDT
Created attachment 94546 [details]
Refactoring-prep v2 - Keep the shim callbacks in the WebKit2 framework, and the shims in the WebProcessShim

Had to rework this a bit because of the WebProcess / WebProcessShim divide.

Totally moved that bracket, though!
Comment 4 WebKit Commit Bot 2011-05-24 00:01:41 PDT
Comment on attachment 94546 [details]
Refactoring-prep v2 - Keep the shim callbacks in the WebKit2 framework, and the shims in the WebProcessShim

Attachment 94546 [details] did not pass mac-ews (mac):
Output: http://queues.webkit.org/results/8727507
Comment 5 Brady Eidson 2011-05-24 13:15:19 PDT
Created attachment 94671 [details]
Patch v1
Comment 6 WebKit Review Bot 2011-05-24 13:18:43 PDT
Attachment 94671 [details] did not pass style-queue:

Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'Source/WebKit2/ChangeLog', u'Source/WebKit..." exit_code: 1

Source/WebKit2/Shared/mac/KeychainAttribute.cpp:45:  Use 0 instead of NULL.  [readability/null] [5]
Source/WebKit2/Shared/mac/SecKeychainItemRequestData.h:36:  Code inside a namespace should not be indented.  [whitespace/indent] [4]
Source/WebKit2/Shared/mac/SecKeychainItemResponseData.h:35:  Code inside a namespace should not be indented.  [whitespace/indent] [4]
Source/WebKit2/Shared/mac/KeychainAttribute.h:30:  Alphabetical sorting problem.  [build/include_order] [4]
Total errors found: 4 in 16 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 7 Darin Adler 2011-05-24 13:25:11 PDT
Comment on attachment 94671 [details]
Patch v1

View in context: https://bugs.webkit.org/attachment.cgi?id=94671&action=review

I’m concerned about the global data structures that should be per-web-process instead. Otherwise looks fine.

> Source/WebKit2/Shared/mac/KeychainAttribute.cpp:45
> +    data.adoptCF(CFDataCreate(NULL, (UInt8*)secKeychainAttribute.data, secKeychainAttribute.length));

Why is a cast needed here? Why a C-style cast? Why NULL instead of 0?

> Source/WebKit2/Shared/mac/KeychainAttribute.cpp:73
> +    attribute.tag = attributeTag;

Why do this at the bottom of the function instead of just after decoding it?

> Source/WebKit2/Shared/mac/SecKeychainItemRequestData.cpp:104
> +    m_attributeList = (SecKeychainAttributeList*)calloc(1, sizeof(SecKeychainAttributeList));

How about a C++ style cast instead of C-style?

How about using new instead of malloc so you could use OwnPtr, making it harder to make lifetime mistakes? It’s easy to zero out the object afterward. Nothing magic about calloc in that respect.

> Source/WebKit2/Shared/mac/SecKeychainItemRequestData.cpp:106
> +    m_attributeList->attr = (SecKeychainAttribute*)calloc(m_attributeList->count, sizeof(SecKeychainAttribute));

How about a C++ style cast instead of C-style?

How about using new instead of malloc so you could use OwnArrayPtr, making it harder to make lifetime mistakes?

> Source/WebKit2/Shared/mac/SecKeychainItemRequestData.cpp:114
> +        m_attributeList->attr[i].data = (void*)CFDataGetBytePtr(m_attributes[i].data.get());

How about a C++ style cast instead of C-style?

> Source/WebKit2/Shared/mac/SecKeychainItemRequestData.cpp:161
> +    secKeychainItemRequestData.m_itemClass = (SecItemClass)itemClass;

How about a C++ cast instead of a C cast?

> Source/WebKit2/Shared/mac/SecKeychainItemRequestData.h:42
> +class SecKeychainItemRequestData {

This should be noncopyable. That would happen automatically if you used OwnPtr or OwnArrayPtr for any of the data members.

> Source/WebKit2/UIProcess/mac/WebProcessProxyMac.mm:90
> +    RetainPtr<CFDataRef> data(AdoptCF, CFDataCreate(0, (const UInt8*)outData, length));

How about a C++ cast instead of a C cast?

> Source/WebKit2/UIProcess/mac/WebProcessProxyMac.mm:101
> +    OSStatus resultCode = SecKeychainItemCreateFromContent(request.itemClass(), request.attributeList(), request.length(), request.data(), 
> +                                                           NULL, NULL, &keychainItem);

Not the way we usually line things up.

> Source/WebKit2/UIProcess/mac/WebProcessProxyMac.mm:110
> +    response = SecKeychainItemResponseData(resultCode);

No need for the explicit conversion here, unless you make this constructor explicit above.

> Source/WebKit2/WebProcess/mac/KeychainItemShimMethods.mm:41
> +static HashSet<SecKeychainAttributeList*>& shimManagedAttributeLists()

I think this needs to be a per-web-process data structure, not a single global one.

> Source/WebKit2/WebProcess/mac/KeychainItemShimMethods.mm:83
> +        CFDataGetBytes(cfData, CFRangeMake(0, length), (UInt8*)attrList->attr[i].data);

How about a C++ style cast here?

> Source/WebKit2/WebProcess/mac/KeychainItemShimMethods.mm:92
> +// Methods to allow the shim to manage memory for its own KeychainItem content data.
> +static HashSet<void*>& shimManagedKeychainItemContents()
> +{
> +    DEFINE_STATIC_LOCAL(HashSet<void*>, set, ());
> +    return set;
> +}

I think this needs to be a per-web-process data structure, not a single global one.

> Source/WebKit2/WebProcess/mac/KeychainItemShimMethods.mm:197
> +        ASSERT_NOT_REACHED();

Seems inappropriate to assert here. This could happen if the other process died, for example.

> Source/WebKit2/WebProcess/mac/KeychainItemShimMethods.mm:296
> +    WebProcessKeychainItemShimInitializeFunc func = reinterpret_cast<WebProcessKeychainItemShimInitializeFunc>(dlsym(RTLD_DEFAULT, "WebKitWebProcessKeychainItemShimInitialize"));
> +    func(callbacks);

I’d prefer that you not abbreviate to fund here.
Comment 8 Brady Eidson 2011-05-24 14:17:28 PDT
(In reply to comment #7)
> (From update of attachment 94671 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=94671&action=review
> 
> I’m concerned about the global data structures that should be per-web-process instead. Otherwise looks fine.

Since it's possibly relevant in the future, I'll fix that up now.

> > Source/WebKit2/Shared/mac/KeychainAttribute.cpp:45
> > +    data.adoptCF(CFDataCreate(NULL, (UInt8*)secKeychainAttribute.data, secKeychainAttribute.length));
> 
> Why is a cast needed here? Why a C-style cast? Why NULL instead of 0?

Cast is needed because strict warnings make the compiler choke on "void*" -> "UInt8*".  I can make it c++-style, as with all the others.

NULL because I thought our style was to use NULL in C-API methods.  I guess I was wrong.
> 
> > Source/WebKit2/Shared/mac/KeychainAttribute.cpp:73
> > +    attribute.tag = attributeTag;
> 
> Why do this at the bottom of the function instead of just after decoding it?

WIll change.

> 
> > Source/WebKit2/Shared/mac/SecKeychainItemRequestData.cpp:104
> > +    m_attributeList = (SecKeychainAttributeList*)calloc(1, sizeof(SecKeychainAttributeList));
> 
> How about a C++ style cast instead of C-style?
> 
> How about using new instead of malloc so you could use OwnPtr, making it harder to make lifetime mistakes? It’s easy to zero out the object afterward. Nothing magic about calloc in that respect.

Reasonable.

> 
> > Source/WebKit2/Shared/mac/SecKeychainItemRequestData.cpp:106
> > +    m_attributeList->attr = (SecKeychainAttribute*)calloc(m_attributeList->count, sizeof(SecKeychainAttribute));
> 
> How about a C++ style cast instead of C-style?
> 
> How about using new instead of malloc so you could use OwnArrayPtr, making it harder to make lifetime mistakes?
> 

Reasonable

> 
> > Source/WebKit2/Shared/mac/SecKeychainItemRequestData.h:42
> > +class SecKeychainItemRequestData {
> 
> This should be noncopyable. That would happen automatically if you used OwnPtr or OwnArrayPtr for any of the data members.

Okay!

> 
> > Source/WebKit2/UIProcess/mac/WebProcessProxyMac.mm:101
> > +    OSStatus resultCode = SecKeychainItemCreateFromContent(request.itemClass(), request.attributeList(), request.length(), request.data(), 
> > +                                                           NULL, NULL, &keychainItem);
> 
> Not the way we usually line things up.

Didn't do that on purpose - will fix.

> 
> > Source/WebKit2/UIProcess/mac/WebProcessProxyMac.mm:110
> > +    response = SecKeychainItemResponseData(resultCode);
> 
> No need for the explicit conversion here, unless you make this constructor explicit above.


> 
> > Source/WebKit2/WebProcess/mac/KeychainItemShimMethods.mm:197
> > +        ASSERT_NOT_REACHED();
> 
> Seems inappropriate to assert here. This could happen if the other process died, for example.

If the UIProcess dies, we don't care about the sanctity of the WebProcess anymore.  The ASSERT helped me catch encode/decode mistakes, and I'd like to leave it to catch future ones if this code changes much.

> 
> > Source/WebKit2/WebProcess/mac/KeychainItemShimMethods.mm:296
> > +    WebProcessKeychainItemShimInitializeFunc func = reinterpret_cast<WebProcessKeychainItemShimInitializeFunc>(dlsym(RTLD_DEFAULT, "WebKitWebProcessKeychainItemShimInitialize"));
> > +    func(callbacks);
> 
> I’d prefer that you not abbreviate to fund here.

Okay!
Comment 9 Brady Eidson 2011-05-24 14:47:50 PDT
(In reply to comment #8)
> (In reply to comment #7)
> > (From update of attachment 94671 [details] [details])
> > View in context: https://bugs.webkit.org/attachment.cgi?id=94671&action=review
> > 
> > I’m concerned about the global data structures that should be per-web-process instead. Otherwise looks fine.
> 
> Since it's possibly relevant in the future, I'll fix that up now.
>

Oh duh, this is already in the WebProcess.  :)
Comment 10 Brady Eidson 2011-05-24 15:54:31 PDT
First patch landed in r87153 and r87154.

Second patch landed in r87221.