[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
cblu
cblu at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 08:17:46 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit d567c06438eb74cdbe7b104df66933de7ffc6bc2
Author: cblu <cblu at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu Dec 11 00:34:01 2003 +0000
WebKit:
Fixed: <rdar://problem/3505537>: certificates downloaded from Verisign are multipart/mixed, must be parsed out
Reviewed by kocienda.
* WebCoreSupport.subproj/WebKeyGeneration.cpp:
(signedPublicKeyAndChallengeString): tweak
(addCertificateToKeychainFromData): renamed to use lowercase "c" in "keychain"
(addCertificatesToKeychainFromData): take data instead of a path to a file
* WebCoreSupport.subproj/WebKeyGeneration.h:
* WebCoreSupport.subproj/WebKeyGenerator.h:
* WebCoreSupport.subproj/WebKeyGenerator.m:
(-[WebKeyGenerator signedPublicKeyAndChallengeStringWithStrengthIndex:challenge:]): added temporary workaround for 3396936
WebBrowser:
Fixed: <rdar://problem/3505537>: certificates downloaded from Verisign are multipart/mixed, must be parsed out
Reviewed by me, kocienda.
* BrowserNSDataExtras.h:
* BrowserNSDataExtras.m: new categories implemented by kocienda.
(-[NSData indexOfCharacterInCString:]):
(-[NSData indexOfCString:]):
(-[NSData indexOfCString:startOffset:]):
(-[NSData indexOfByteString:length:]):
(-[NSData indexOfByteString:length:startOffset:]):
(-[NSData certificateFromMultipartData]): extracts the cert
* DownloadProgressEntry.m:
(-[DownloadProgressEntry _addCertificateToKeyChain]): if the file is multipart/mixed, attempt to extract the cert using certificateFromMultipartData
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@5748 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebKit/ChangeLog b/WebKit/ChangeLog
index 538f247..ce30149 100644
--- a/WebKit/ChangeLog
+++ b/WebKit/ChangeLog
@@ -1,3 +1,18 @@
+2003-12-10 Chris Blumenberg <cblu at apple.com>
+
+ Fixed: <rdar://problem/3505537>: certificates downloaded from Verisign are multipart/mixed, must be parsed out
+
+ Reviewed by kocienda.
+
+ * WebCoreSupport.subproj/WebKeyGeneration.cpp:
+ (signedPublicKeyAndChallengeString): tweak
+ (addCertificateToKeychainFromData): renamed to use lowercase "c" in "keychain"
+ (addCertificatesToKeychainFromData): take data instead of a path to a file
+ * WebCoreSupport.subproj/WebKeyGeneration.h:
+ * WebCoreSupport.subproj/WebKeyGenerator.h:
+ * WebCoreSupport.subproj/WebKeyGenerator.m:
+ (-[WebKeyGenerator signedPublicKeyAndChallengeStringWithStrengthIndex:challenge:]): added temporary workaround for 3396936
+
2003-12-09 Chris Blumenberg <cblu at apple.com>
Fixed: <rdar://problem/3504237>: add downloaded certificates to keychain
diff --git a/WebKit/WebCoreSupport.subproj/WebKeyGeneration.cpp b/WebKit/WebCoreSupport.subproj/WebKeyGeneration.cpp
index 0bd89e8..aa7753c 100644
--- a/WebKit/WebCoreSupport.subproj/WebKeyGeneration.cpp
+++ b/WebKit/WebCoreSupport.subproj/WebKeyGeneration.cpp
@@ -275,7 +275,7 @@ char *signedPublicKeyAndChallengeString(unsigned keySize, const char *challenge)
CSSM_KEYATTR_RETURN_REF, // pub attrs
CSSM_KEYUSE_ANY, // might want to restrict this
CSSM_KEYATTR_SENSITIVE | CSSM_KEYATTR_RETURN_REF |
- CSSM_KEYATTR_PERMANENT |CSSM_KEYATTR_EXTRACTABLE,
+ CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_EXTRACTABLE,
/*
* FIXME: should have a non-NULL initialAccess here, but
* I do not know any easy way of doing that. Ask Perry
@@ -318,11 +318,10 @@ char *signedPublicKeyAndChallengeString(unsigned keySize, const char *challenge)
ERROR("***Error decoding subject public key info\n");
goto errOut;
}
+
pkc->challenge.Data = (uint8 *)challenge;
pkc->challenge.Length = strlen(challenge);
- perr = coder.encodeItem(pkc,
- PublicKeyAndChallengeTemplate,
- encodedPkc);
+ perr = coder.encodeItem(pkc, PublicKeyAndChallengeTemplate, encodedPkc);
if (perr) {
/* should never happen */
ERROR("***Error enccoding PublicKeyAndChallenge\n");
@@ -332,8 +331,7 @@ char *signedPublicKeyAndChallengeString(unsigned keySize, const char *challenge)
/*
* Sign the encoded PublicKeyAndChallenge.
*/
- crtn = gnrSign(cspHand, &encodedPkc, privKey,
- GNR_SIG_ALG, &signature);
+ crtn = gnrSign(cspHand, &encodedPkc, privKey, GNR_SIG_ALG, &signature);
if (crtn) {
goto errOut;
}
@@ -390,7 +388,7 @@ errOut:
* Per-cert processing, called for each cert we extract from the
* incoming blob.
*/
-bool addCertificateToKeyChainFromData(const unsigned char *certData,
+bool addCertificateToKeychainFromData(const unsigned char *certData,
unsigned certDataLen,
unsigned certNum)
{
@@ -431,27 +429,21 @@ bool addCertificateToKeyChainFromData(const unsigned char *certData,
return true;
}
-bool addCertificateToKeyChainFromFile(const char *path)
+bool addCertificatesToKeychainFromData(const void *bytes, unsigned length)
{
bool result = false;
-
- /* read inFile */
- unsigned char *inFile = NULL;
- unsigned inFileLen = 0;
- if (readFile(path, &inFile, &inFileLen)) {
- return false;
- }
-
+
/* DER-decode, first as NetscapeCertSequence */
SecNssCoder coder;
NetscapeCertSequence certSeq;
memset(&certSeq, 0, sizeof(certSeq));
- PRErrorCode perr = coder.decode(inFile, inFileLen, NetscapeCertSequenceTemplate, &certSeq);
+ PRErrorCode perr = coder.decode(bytes, length, NetscapeCertSequenceTemplate, &certSeq);
if (perr == 0) {
- /*
- * Probably should verify (contentType == netscape-cert-sequence)
- */
+ if (memcmp(certSeq.contentType.Data, CSSMOID_PKCS7_SignedData.Data, certSeq.contentType.Length) == 0) {
+ // FIXME: <rdar://problem/3506645>: decode PKCS7 encoded certificates downloaded from Verisign
+ return false;
+ }
/*
* Last cert is a root, which we do NOT want to add
* to the user's keychain.
@@ -459,7 +451,7 @@ bool addCertificateToKeyChainFromFile(const char *path)
unsigned numCerts = nssArraySize((const void **)certSeq.certs) - 1;
for (unsigned i=0; i<numCerts; i++) {
CSSM_DATA *cert = certSeq.certs[i];
- result = addCertificateToKeyChainFromData(cert->Data, cert->Length, i);
+ result = addCertificateToKeychainFromData(cert->Data, cert->Length, i);
if (!result) {
break;
}
@@ -470,10 +462,8 @@ bool addCertificateToKeyChainFromFile(const char *path)
* a cert. FIXME: Netscape spec says the blob might also be PKCS7
* format, which we're not handling here.
*/
- result = addCertificateToKeyChainFromData(inFile, inFileLen, 0);
+ result = addCertificateToKeychainFromData(bytes, length, 0);
}
-
- /* this was mallocd by readFile() */
- free(inFile);
+
return result;
}
\ No newline at end of file
diff --git a/WebKit/WebCoreSupport.subproj/WebKeyGeneration.h b/WebKit/WebCoreSupport.subproj/WebKeyGeneration.h
index 7187df8..7b5007a 100644
--- a/WebKit/WebCoreSupport.subproj/WebKeyGeneration.h
+++ b/WebKit/WebCoreSupport.subproj/WebKeyGeneration.h
@@ -68,7 +68,7 @@ extern "C" {
extern const SEC_ASN1Template SignedPublicKeyAndChallengeTemplate[];
char *signedPublicKeyAndChallengeString(unsigned keySize, const char *challenge);
- bool addCertificateToKeyChainFromFile(const char *path);
+ bool addCertificatesToKeychainFromData(const void *bytes, unsigned length);
#ifdef __cplusplus
}
diff --git a/WebKit/WebCoreSupport.subproj/WebKeyGenerator.h b/WebKit/WebCoreSupport.subproj/WebKeyGenerator.h
index 7cd67f5..1a2be4b 100644
--- a/WebKit/WebCoreSupport.subproj/WebKeyGenerator.h
+++ b/WebKit/WebCoreSupport.subproj/WebKeyGenerator.h
@@ -14,5 +14,5 @@
NSArray *strengthMenuItemTitles;
}
+ (void)createSharedGenerator;
-- (BOOL)addCertificateToKeyChainFromFileAtPath:(NSString *)path;
+- (BOOL)addCertificatesToKeychainFromData:(NSData *)data;
@end
diff --git a/WebKit/WebCoreSupport.subproj/WebKeyGenerator.m b/WebKit/WebCoreSupport.subproj/WebKeyGenerator.m
index 1ce7c64..ac577b7 100644
--- a/WebKit/WebCoreSupport.subproj/WebKeyGenerator.m
+++ b/WebKit/WebCoreSupport.subproj/WebKeyGenerator.m
@@ -57,6 +57,11 @@
return nil;
}
+ // FIXME: This is a very temporary workaround for <rdar://problem/3396936>: can't obtain a digital ID from Verisign, form submission fails
+ if ([challenge length] == 0) {
+ challenge = @"foo";
+ }
+
char *key = signedPublicKeyAndChallengeString(keySize, [challenge cString]);
NSString *result = key ? [NSString stringWithCString:key] : nil;
free(key);
@@ -64,9 +69,9 @@
return result;
}
-- (BOOL)addCertificateToKeyChainFromFileAtPath:(NSString *)path
+- (BOOL)addCertificatesToKeychainFromData:(NSData *)data;
{
- return addCertificateToKeyChainFromFile([path fileSystemRepresentation]);
+ return addCertificatesToKeychainFromData([data bytes], [data length]);
}
@end
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list