[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677

cblu cblu at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 08:17:46 UTC 2009 

The following commit has been merged in the debian/unstable branch:
commit d567c06438eb74cdbe7b104df66933de7ffc6bc2
Author: cblu <cblu at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu Dec 11 00:34:01 2003 +0000

    WebKit:
    
    	Fixed: <rdar://problem/3505537>: certificates downloaded from Verisign are multipart/mixed, must be parsed out
    
            Reviewed by kocienda.
    
            * WebCoreSupport.subproj/WebKeyGeneration.cpp:
            (signedPublicKeyAndChallengeString): tweak
            (addCertificateToKeychainFromData): renamed to use lowercase "c" in "keychain"
            (addCertificatesToKeychainFromData): take data instead of a path to a file
            * WebCoreSupport.subproj/WebKeyGeneration.h:
            * WebCoreSupport.subproj/WebKeyGenerator.h:
            * WebCoreSupport.subproj/WebKeyGenerator.m:
            (-[WebKeyGenerator signedPublicKeyAndChallengeStringWithStrengthIndex:challenge:]): added temporary workaround for 3396936
    
    WebBrowser:
    
    	Fixed: <rdar://problem/3505537>: certificates downloaded from Verisign are multipart/mixed, must be parsed out
    
            Reviewed by me, kocienda.
    
            * BrowserNSDataExtras.h:
            * BrowserNSDataExtras.m: new categories implemented by kocienda.
            (-[NSData indexOfCharacterInCString:]):
            (-[NSData indexOfCString:]):
            (-[NSData indexOfCString:startOffset:]):
            (-[NSData indexOfByteString:length:]):
            (-[NSData indexOfByteString:length:startOffset:]):
            (-[NSData certificateFromMultipartData]): extracts the cert
            * DownloadProgressEntry.m:
            (-[DownloadProgressEntry _addCertificateToKeyChain]): if the file is multipart/mixed, attempt to extract the cert using certificateFromMultipartData
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@5748 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebKit/ChangeLog b/WebKit/ChangeLog
index 538f247..ce30149 100644
--- a/WebKit/ChangeLog
+++ b/WebKit/ChangeLog
@@ -1,3 +1,18 @@
+2003-12-10  Chris Blumenberg  <cblu at apple.com>
+
+	Fixed: <rdar://problem/3505537>: certificates downloaded from Verisign are multipart/mixed, must be parsed out
+
+        Reviewed by kocienda.
+
+        * WebCoreSupport.subproj/WebKeyGeneration.cpp:
+        (signedPublicKeyAndChallengeString): tweak
+        (addCertificateToKeychainFromData): renamed to use lowercase "c" in "keychain"
+        (addCertificatesToKeychainFromData): take data instead of a path to a file
+        * WebCoreSupport.subproj/WebKeyGeneration.h:
+        * WebCoreSupport.subproj/WebKeyGenerator.h:
+        * WebCoreSupport.subproj/WebKeyGenerator.m:
+        (-[WebKeyGenerator signedPublicKeyAndChallengeStringWithStrengthIndex:challenge:]): added temporary workaround for 3396936
+
 2003-12-09  Chris Blumenberg  <cblu at apple.com>
 
 	Fixed: <rdar://problem/3504237>: add downloaded certificates to keychain
diff --git a/WebKit/WebCoreSupport.subproj/WebKeyGeneration.cpp b/WebKit/WebCoreSupport.subproj/WebKeyGeneration.cpp
index 0bd89e8..aa7753c 100644
--- a/WebKit/WebCoreSupport.subproj/WebKeyGeneration.cpp
+++ b/WebKit/WebCoreSupport.subproj/WebKeyGeneration.cpp
@@ -275,7 +275,7 @@ char *signedPublicKeyAndChallengeString(unsigned keySize, const char *challenge)
                             CSSM_KEYATTR_RETURN_REF,	// pub attrs
                             CSSM_KEYUSE_ANY,				// might want to restrict this
                             CSSM_KEYATTR_SENSITIVE | CSSM_KEYATTR_RETURN_REF |
-                            CSSM_KEYATTR_PERMANENT |CSSM_KEYATTR_EXTRACTABLE,
+                            CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_EXTRACTABLE,
                             /*
                              * FIXME: should have a non-NULL initialAccess here, but
                              * I do not know any easy way of doing that. Ask Perry
@@ -318,11 +318,10 @@ char *signedPublicKeyAndChallengeString(unsigned keySize, const char *challenge)
         ERROR("***Error decoding subject public key info\n");
         goto errOut;
     }
+    
     pkc->challenge.Data = (uint8 *)challenge;
     pkc->challenge.Length = strlen(challenge);
-    perr = coder.encodeItem(pkc, 
-                            PublicKeyAndChallengeTemplate,
-                            encodedPkc);
+    perr = coder.encodeItem(pkc, PublicKeyAndChallengeTemplate, encodedPkc);
     if (perr) {
         /* should never happen */
         ERROR("***Error enccoding PublicKeyAndChallenge\n");
@@ -332,8 +331,7 @@ char *signedPublicKeyAndChallengeString(unsigned keySize, const char *challenge)
     /*
      * Sign the encoded PublicKeyAndChallenge.
      */
-    crtn = gnrSign(cspHand, &encodedPkc, privKey,
-                   GNR_SIG_ALG, &signature);
+    crtn = gnrSign(cspHand, &encodedPkc, privKey, GNR_SIG_ALG, &signature);
     if (crtn) {
         goto errOut;
     }
@@ -390,7 +388,7 @@ errOut:
 * Per-cert processing, called for each cert we extract from the 
  * incoming blob.
  */
-bool addCertificateToKeyChainFromData(const unsigned char *certData,
+bool addCertificateToKeychainFromData(const unsigned char *certData,
                                       unsigned certDataLen,
                                       unsigned certNum)
 {
@@ -431,27 +429,21 @@ bool addCertificateToKeyChainFromData(const unsigned char *certData,
     return true;
 }
 
-bool addCertificateToKeyChainFromFile(const char *path)
+bool addCertificatesToKeychainFromData(const void *bytes, unsigned length)
 {   
     bool result = false;
-    
-    /* read inFile */
-    unsigned char *inFile = NULL;
-    unsigned inFileLen = 0;
-    if (readFile(path, &inFile, &inFileLen)) {
-        return false;
-    }
-    
+
     /* DER-decode, first as NetscapeCertSequence */
     SecNssCoder coder;
     NetscapeCertSequence certSeq;
     
     memset(&certSeq, 0, sizeof(certSeq));
-    PRErrorCode perr = coder.decode(inFile, inFileLen, NetscapeCertSequenceTemplate, &certSeq);
+    PRErrorCode perr = coder.decode(bytes, length, NetscapeCertSequenceTemplate, &certSeq);
     if (perr == 0) {
-        /*
-         * Probably should verify (contentType == netscape-cert-sequence)
-         */
+        if (memcmp(certSeq.contentType.Data, CSSMOID_PKCS7_SignedData.Data, certSeq.contentType.Length) == 0) {
+            // FIXME: <rdar://problem/3506645>: decode PKCS7 encoded certificates downloaded from Verisign
+            return false;
+        }
         /*
          * Last cert is a root, which we do NOT want to add
          * to the user's keychain.
@@ -459,7 +451,7 @@ bool addCertificateToKeyChainFromFile(const char *path)
         unsigned numCerts = nssArraySize((const void **)certSeq.certs) - 1;
         for (unsigned i=0; i<numCerts; i++) {
             CSSM_DATA *cert = certSeq.certs[i];
-            result = addCertificateToKeyChainFromData(cert->Data, cert->Length, i);
+            result = addCertificateToKeychainFromData(cert->Data, cert->Length, i);
             if (!result) {
                 break;
             }
@@ -470,10 +462,8 @@ bool addCertificateToKeyChainFromFile(const char *path)
          * a cert. FIXME: Netscape spec says the blob might also be PKCS7
          * format, which we're not handling here.
          */
-        result = addCertificateToKeyChainFromData(inFile, inFileLen, 0); 
+        result = addCertificateToKeychainFromData(bytes, length, 0); 
     }
-    
-    /* this was mallocd by readFile() */
-    free(inFile);
+
     return result;
 }
\ No newline at end of file
diff --git a/WebKit/WebCoreSupport.subproj/WebKeyGeneration.h b/WebKit/WebCoreSupport.subproj/WebKeyGeneration.h
index 7187df8..7b5007a 100644
--- a/WebKit/WebCoreSupport.subproj/WebKeyGeneration.h
+++ b/WebKit/WebCoreSupport.subproj/WebKeyGeneration.h
@@ -68,7 +68,7 @@ extern "C" {
     extern const SEC_ASN1Template SignedPublicKeyAndChallengeTemplate[];
 
     char *signedPublicKeyAndChallengeString(unsigned keySize, const char *challenge);
-    bool addCertificateToKeyChainFromFile(const char *path);
+    bool addCertificatesToKeychainFromData(const void *bytes, unsigned length);
     
 #ifdef __cplusplus
 }
diff --git a/WebKit/WebCoreSupport.subproj/WebKeyGenerator.h b/WebKit/WebCoreSupport.subproj/WebKeyGenerator.h
index 7cd67f5..1a2be4b 100644
--- a/WebKit/WebCoreSupport.subproj/WebKeyGenerator.h
+++ b/WebKit/WebCoreSupport.subproj/WebKeyGenerator.h
@@ -14,5 +14,5 @@
     NSArray *strengthMenuItemTitles;
 }
 + (void)createSharedGenerator;
-- (BOOL)addCertificateToKeyChainFromFileAtPath:(NSString *)path;
+- (BOOL)addCertificatesToKeychainFromData:(NSData *)data;
 @end
diff --git a/WebKit/WebCoreSupport.subproj/WebKeyGenerator.m b/WebKit/WebCoreSupport.subproj/WebKeyGenerator.m
index 1ce7c64..ac577b7 100644
--- a/WebKit/WebCoreSupport.subproj/WebKeyGenerator.m
+++ b/WebKit/WebCoreSupport.subproj/WebKeyGenerator.m
@@ -57,6 +57,11 @@
             return nil;
     }
     
+    // FIXME: This is a very temporary workaround for <rdar://problem/3396936>: can't obtain a digital ID from Verisign, form submission fails
+    if ([challenge length] == 0) {
+        challenge = @"foo";
+    }
+    
     char *key = signedPublicKeyAndChallengeString(keySize, [challenge cString]);
     NSString *result = key ? [NSString stringWithCString:key] : nil;
     free(key);
@@ -64,9 +69,9 @@
     return result;
 }
 
-- (BOOL)addCertificateToKeyChainFromFileAtPath:(NSString *)path
+- (BOOL)addCertificatesToKeychainFromData:(NSData *)data;
 {
-    return addCertificateToKeyChainFromFile([path fileSystemRepresentation]);
+    return addCertificatesToKeychainFromData([data bytes], [data length]);
 }
 
 @end

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list