[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
cblu
cblu at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 08:17:05 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit 2bce65f220e9b4d5f3b0e9e69dc49c5010f4731a
Author: cblu <cblu at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Dec 9 21:52:36 2003 +0000
WebKit:
Fixed: <rdar://problem/3504237>: add downloaded certificates to keychain
Reviewed by darin.
* WebCoreSupport.subproj/WebKeyGeneration.cpp:
(signedPublicKeyAndChallengeString):
(addCertificateToKeyChainFromData): new
(addCertificateToKeyChainFromFile): new
* WebCoreSupport.subproj/WebKeyGeneration.h:
* WebCoreSupport.subproj/WebKeyGenerator.h:
* WebCoreSupport.subproj/WebKeyGenerator.m:
(-[WebKeyGenerator addCertificateToKeyChainFromFileAtPath:]): new
* WebKit.exp:
* WebKit.pbproj/project.pbxproj: made WebKeyGenerator.h private
WebBrowser:
Fixed: <rdar://problem/3504237>: add downloaded certificates to keychain
Reviewed by darin.
* DownloadProgressEntry.m:
(-[DownloadProgressEntry _addCertificateToKeyChain]): new, calls [WebKeyGenerator addCertificateToKeyChainFromFileAtPath:]
(-[DownloadProgressEntry autoOpen]): call _addCertificateToKeyChain
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@5727 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebKit/ChangeLog b/WebKit/ChangeLog
index b547bcd..538f247 100644
--- a/WebKit/ChangeLog
+++ b/WebKit/ChangeLog
@@ -1,3 +1,20 @@
+2003-12-09 Chris Blumenberg <cblu at apple.com>
+
+ Fixed: <rdar://problem/3504237>: add downloaded certificates to keychain
+
+ Reviewed by darin.
+
+ * WebCoreSupport.subproj/WebKeyGeneration.cpp:
+ (signedPublicKeyAndChallengeString):
+ (addCertificateToKeyChainFromData): new
+ (addCertificateToKeyChainFromFile): new
+ * WebCoreSupport.subproj/WebKeyGeneration.h:
+ * WebCoreSupport.subproj/WebKeyGenerator.h:
+ * WebCoreSupport.subproj/WebKeyGenerator.m:
+ (-[WebKeyGenerator addCertificateToKeyChainFromFileAtPath:]): new
+ * WebKit.exp:
+ * WebKit.pbproj/project.pbxproj: made WebKeyGenerator.h private
+
2003-12-09 John Sullivan <sullivan at apple.com>
- fixed <rdar://problem/3504907>: REGRESSION (100-116):
diff --git a/WebKit/WebCoreSupport.subproj/WebKeyGeneration.cpp b/WebKit/WebCoreSupport.subproj/WebKeyGeneration.cpp
index 67ec436..0bd89e8 100644
--- a/WebKit/WebCoreSupport.subproj/WebKeyGeneration.cpp
+++ b/WebKit/WebCoreSupport.subproj/WebKeyGeneration.cpp
@@ -1,11 +1,10 @@
/*
- * parseNetscapeCerts - parse a blob containing one or more
- * downloaded netscape certificates.
+ * WebKeyGeneration.cpp
+ * WebKit
*
- * Requires Apple-private API in libCdsaUtils.a and libnssasn1.a.
- * NOT FOR USE OUTSIDE OF APPLE COMTPUTER.
+ * Created by Chris Blumenberg on Mon Dec 08 2003.
+ * Copyright (c) 2003 Apple Computer. All rights reserved.
*
- * Created 12/4/03 by dmitch
*/
#import <WebKit/WebKeyGeneration.h>
@@ -385,4 +384,96 @@ errOut:
CFRelease(privKey);
}
return spkcB64;
-}
\ No newline at end of file
+}
+
+/*
+* Per-cert processing, called for each cert we extract from the
+ * incoming blob.
+ */
+bool addCertificateToKeyChainFromData(const unsigned char *certData,
+ unsigned certDataLen,
+ unsigned certNum)
+{
+ CSSM_DATA cert = {certDataLen, (uint8 *)certData};
+ SecCertificateRef certRef;
+
+ /* Make a SecCertificateRef */
+ OSStatus ortn = SecCertificateCreateFromData(&cert,
+ CSSM_CERT_X_509v3,
+ CSSM_CERT_ENCODING_DER,
+ &certRef);
+ if (ortn) {
+ ERROR("SecCertificateCreateFromData returned %d", (int)ortn);
+ return false;
+ }
+
+ /*
+ * Add it to default keychain.
+ * Many people will be surprised that this op works without
+ * the user having to unlock the keychain.
+ */
+ ortn = SecCertificateAddToKeychain(certRef, nil);
+
+ /* Free the cert in any case */
+ CFRelease(certRef);
+ switch(ortn) {
+ case noErr:
+ break;
+ case errSecDuplicateItem:
+ /* Not uncommon, definitely not an error */
+ ERROR("cert %u already present in keychain", certNum);
+ break;
+ default:
+ ERROR("SecCertificateAddToKeychain returned %d", (int)ortn);
+ return false;
+ }
+
+ return true;
+}
+
+bool addCertificateToKeyChainFromFile(const char *path)
+{
+ bool result = false;
+
+ /* read inFile */
+ unsigned char *inFile = NULL;
+ unsigned inFileLen = 0;
+ if (readFile(path, &inFile, &inFileLen)) {
+ return false;
+ }
+
+ /* DER-decode, first as NetscapeCertSequence */
+ SecNssCoder coder;
+ NetscapeCertSequence certSeq;
+
+ memset(&certSeq, 0, sizeof(certSeq));
+ PRErrorCode perr = coder.decode(inFile, inFileLen, NetscapeCertSequenceTemplate, &certSeq);
+ if (perr == 0) {
+ /*
+ * Probably should verify (contentType == netscape-cert-sequence)
+ */
+ /*
+ * Last cert is a root, which we do NOT want to add
+ * to the user's keychain.
+ */
+ unsigned numCerts = nssArraySize((const void **)certSeq.certs) - 1;
+ for (unsigned i=0; i<numCerts; i++) {
+ CSSM_DATA *cert = certSeq.certs[i];
+ result = addCertificateToKeyChainFromData(cert->Data, cert->Length, i);
+ if (!result) {
+ break;
+ }
+ }
+ } else {
+ /*
+ * Didn't appear to be a NetscapeCertSequence; assume it's just
+ * a cert. FIXME: Netscape spec says the blob might also be PKCS7
+ * format, which we're not handling here.
+ */
+ result = addCertificateToKeyChainFromData(inFile, inFileLen, 0);
+ }
+
+ /* this was mallocd by readFile() */
+ free(inFile);
+ return result;
+}
\ No newline at end of file
diff --git a/WebKit/WebCoreSupport.subproj/WebKeyGeneration.h b/WebKit/WebCoreSupport.subproj/WebKeyGeneration.h
index 1466800..7187df8 100644
--- a/WebKit/WebCoreSupport.subproj/WebKeyGeneration.h
+++ b/WebKit/WebCoreSupport.subproj/WebKeyGeneration.h
@@ -3,7 +3,7 @@
* WebKit
*
* Created by Chris Blumenberg on Mon Dec 08 2003.
- * Copyright (c) 2003 __MyCompanyName__. All rights reserved.
+ * Copyright (c) 2003 Apple Computer. All rights reserved.
*
*/
@@ -68,6 +68,7 @@ extern "C" {
extern const SEC_ASN1Template SignedPublicKeyAndChallengeTemplate[];
char *signedPublicKeyAndChallengeString(unsigned keySize, const char *challenge);
+ bool addCertificateToKeyChainFromFile(const char *path);
#ifdef __cplusplus
}
diff --git a/WebKit/WebCoreSupport.subproj/WebKeyGenerator.h b/WebKit/WebCoreSupport.subproj/WebKeyGenerator.h
index 73b6fad..7cd67f5 100644
--- a/WebKit/WebCoreSupport.subproj/WebKeyGenerator.h
+++ b/WebKit/WebCoreSupport.subproj/WebKeyGenerator.h
@@ -14,4 +14,5 @@
NSArray *strengthMenuItemTitles;
}
+ (void)createSharedGenerator;
+- (BOOL)addCertificateToKeyChainFromFileAtPath:(NSString *)path;
@end
diff --git a/WebKit/WebCoreSupport.subproj/WebKeyGenerator.m b/WebKit/WebCoreSupport.subproj/WebKeyGenerator.m
index df85e06..1ce7c64 100644
--- a/WebKit/WebCoreSupport.subproj/WebKeyGenerator.m
+++ b/WebKit/WebCoreSupport.subproj/WebKeyGenerator.m
@@ -1,5 +1,5 @@
//
-// WebKeyGenerationFactory.m
+// WebKeyGenerator.m
// WebKit
//
// Created by Chris Blumenberg on Thu Nov 20 2003.
@@ -64,4 +64,9 @@
return result;
}
+- (BOOL)addCertificateToKeyChainFromFileAtPath:(NSString *)path
+{
+ return addCertificateToKeyChainFromFile([path fileSystemRepresentation]);
+}
+
@end
diff --git a/WebKit/WebKit.exp b/WebKit/WebKit.exp
index 918f824..2fcea20 100644
--- a/WebKit/WebKit.exp
+++ b/WebKit/WebKit.exp
@@ -15,6 +15,7 @@
.objc_class_name_WebIconDatabase
.objc_class_name_WebIconLoader
.objc_class_name_WebJavaScriptTextInputPanel
+.objc_class_name_WebKeyGenerator
.objc_class_name_WebKitStatistics
.objc_class_name_WebPreferences
.objc_class_name_WebRenderNode
diff --git a/WebKit/WebKit.pbproj/project.pbxproj b/WebKit/WebKit.pbproj/project.pbxproj
index c0a2a84..c59a204 100644
--- a/WebKit/WebKit.pbproj/project.pbxproj
+++ b/WebKit/WebKit.pbproj/project.pbxproj
@@ -2170,6 +2170,9 @@
fileRef = 84723BE3056D719E0044BFEA;
isa = PBXBuildFile;
settings = {
+ ATTRIBUTES = (
+ Private,
+ );
};
};
84723BE6056D719E0044BFEA = {
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list