[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
cblu
cblu at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 08:18:47 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit 5d86a29edf326991d2b012915ced3eec428b2c6e
Author: cblu <cblu at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Sat Dec 13 00:57:46 2003 +0000
WebCore:
Fixed: <rdar://problem/3505208>: keys added to keychain from KEYGEN need better UI names
Reviewed by rjw.
* khtml/html/html_formimpl.cpp:
(HTMLKeygenElementImpl::encoding): pass the page URL to signedPublicKeyAndChallengeString
* kwq/KWQKSSLKeyGen.h:
* kwq/KWQKSSLKeyGen.mm:
(KSSLKeyGen::signedPublicKeyAndChallengeString): take a URL
* kwq/WebCoreKeyGenerator.h:
* kwq/WebCoreKeyGenerator.m:
(-[WebCoreKeyGenerator signedPublicKeyAndChallengeStringWithStrengthIndex:challenge:pageURL:]): take a URL
WebKit:
Fixed:
<rdar://problem/3396936>: can't obtain a digital ID from Verisign, form submission fails
<rdar://problem/3505208>: keys added to keychain from KEYGEN need better UI names
Reviewed by rjw.
* English.lproj/Localizable.strings:
* WebCoreSupport.subproj/WebKeyGeneration.cpp:
(signedPublicKeyAndChallengeString): take a key description arg and use it, take and return CFStrings, handle the empty string case
(addCertificatesToKeychainFromData): return a WebCertificateParseResult so WB knows how to handle the cert
* WebCoreSupport.subproj/WebKeyGeneration.h:
* WebCoreSupport.subproj/WebKeyGenerator.h:
* WebCoreSupport.subproj/WebKeyGenerator.m:
(-[WebKeyGenerator signedPublicKeyAndChallengeStringWithStrengthIndex:challenge:pageURL:]): take a page URL so we can use its host name in the key description
* WebKit.pbproj/project.pbxproj:
WebBrowser:
Fixed: <rdar://problem/3506645>: open PKCS7 encoded certificates downloaded from Verisign in Keychain Access
Reviewed by rjw.
* DownloadProgressEntry.m:
(-[DownloadProgressEntry _addCertificateToKeyChain]): open PKCS7 files in Keychain Access
* English.lproj/StringsNotToBeLocalized.txt:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@5786 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index 9486b8c..c6c3a31 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,18 @@
+2003-12-12 Chris Blumenberg <cblu at apple.com>
+
+ Fixed: <rdar://problem/3505208>: keys added to keychain from KEYGEN need better UI names
+
+ Reviewed by rjw.
+
+ * khtml/html/html_formimpl.cpp:
+ (HTMLKeygenElementImpl::encoding): pass the page URL to signedPublicKeyAndChallengeString
+ * kwq/KWQKSSLKeyGen.h:
+ * kwq/KWQKSSLKeyGen.mm:
+ (KSSLKeyGen::signedPublicKeyAndChallengeString): take a URL
+ * kwq/WebCoreKeyGenerator.h:
+ * kwq/WebCoreKeyGenerator.m:
+ (-[WebCoreKeyGenerator signedPublicKeyAndChallengeStringWithStrengthIndex:challenge:pageURL:]): take a URL
+
2003-12-12 David Hyatt <hyatt at apple.com>
Fix for 3254534, CSS background-image style should be loaded lazily only when used.
diff --git a/WebCore/khtml/html/html_formimpl.cpp b/WebCore/khtml/html/html_formimpl.cpp
index b6db093..38a0945 100644
--- a/WebCore/khtml/html/html_formimpl.cpp
+++ b/WebCore/khtml/html/html_formimpl.cpp
@@ -2421,7 +2421,7 @@ bool HTMLKeygenElementImpl::encoding(const QTextCodec* codec, khtml::encodingLis
if (!m_keyType.isNull() && m_keyType.lower() != "rsa") {
return false;
}
- QString value = KSSLKeyGen::signedPublicKeyAndChallengeString((unsigned)selectedIndex(), m_challenge.string());
+ QString value = KSSLKeyGen::signedPublicKeyAndChallengeString((unsigned)selectedIndex(), m_challenge.string(), getDocument()->part()->baseURL());
if (!value.isNull()) {
encoded_values += enc_name;
encoded_values += value.utf8();
diff --git a/WebCore/kwq/KWQKSSLKeyGen.h b/WebCore/kwq/KWQKSSLKeyGen.h
index 9892637..5617a38 100644
--- a/WebCore/kwq/KWQKSSLKeyGen.h
+++ b/WebCore/kwq/KWQKSSLKeyGen.h
@@ -33,7 +33,7 @@ class KSSLKeyGen
{
public:
static QStringList supportedKeySizes();
- static QString signedPublicKeyAndChallengeString(unsigned keySizeIndex, const QString &challengeString);
+ static QString signedPublicKeyAndChallengeString(unsigned keySizeIndex, const QString &challengeString, const KURL &url);
};
#endif
diff --git a/WebCore/kwq/KWQKSSLKeyGen.mm b/WebCore/kwq/KWQKSSLKeyGen.mm
index 23d3261..3aa75a7 100644
--- a/WebCore/kwq/KWQKSSLKeyGen.mm
+++ b/WebCore/kwq/KWQKSSLKeyGen.mm
@@ -25,6 +25,7 @@
#import "KWQKSSLKeyGen.h"
+#import "KWQKURL.h"
#import "KWQString.h"
#import "WebCoreKeyGenerator.h"
@@ -39,7 +40,9 @@ QStringList KSSLKeyGen::supportedKeySizes()
return supportedKeySizes;
}
-QString KSSLKeyGen::signedPublicKeyAndChallengeString(unsigned keySizeIndex, const QString &challengeString)
+QString KSSLKeyGen::signedPublicKeyAndChallengeString(unsigned keySizeIndex, const QString &challengeString, const KURL &url)
{
- return QString::fromNSString([[WebCoreKeyGenerator sharedGenerator] signedPublicKeyAndChallengeStringWithStrengthIndex:keySizeIndex challenge:challengeString.getNSString()]);
+ return QString::fromNSString([[WebCoreKeyGenerator sharedGenerator] signedPublicKeyAndChallengeStringWithStrengthIndex:keySizeIndex
+ challenge:challengeString.getNSString()
+ pageURL:url.getNSURL()]);
}
diff --git a/WebCore/kwq/WebCoreKeyGenerator.h b/WebCore/kwq/WebCoreKeyGenerator.h
index 9a9f55d..545fa95 100644
--- a/WebCore/kwq/WebCoreKeyGenerator.h
+++ b/WebCore/kwq/WebCoreKeyGenerator.h
@@ -29,6 +29,6 @@
+ (WebCoreKeyGenerator *)sharedGenerator;
- (NSArray *)strengthMenuItemTitles;
-- (NSString *)signedPublicKeyAndChallengeStringWithStrengthIndex:(unsigned)index challenge:(NSString *)challenge;
+- (NSString *)signedPublicKeyAndChallengeStringWithStrengthIndex:(unsigned)index challenge:(NSString *)challenge pageURL:(NSURL *)pageURL;
@end
diff --git a/WebCore/kwq/WebCoreKeyGenerator.m b/WebCore/kwq/WebCoreKeyGenerator.m
index 7672ba1..722d123 100644
--- a/WebCore/kwq/WebCoreKeyGenerator.m
+++ b/WebCore/kwq/WebCoreKeyGenerator.m
@@ -49,7 +49,7 @@ static WebCoreKeyGenerator *sharedGenerator;
return nil;
}
-- (NSString *)signedPublicKeyAndChallengeStringWithStrengthIndex:(unsigned)index challenge:(NSString *)challenge
+- (NSString *)signedPublicKeyAndChallengeStringWithStrengthIndex:(unsigned)index challenge:(NSString *)challenge pageURL:(NSURL *)pageURL
{
return nil;
}
diff --git a/WebKit/ChangeLog b/WebKit/ChangeLog
index 0a6399f..5d7ddcf 100644
--- a/WebKit/ChangeLog
+++ b/WebKit/ChangeLog
@@ -1,3 +1,21 @@
+2003-12-12 Chris Blumenberg <cblu at apple.com>
+
+ Fixed:
+ <rdar://problem/3396936>: can't obtain a digital ID from Verisign, form submission fails
+ <rdar://problem/3505208>: keys added to keychain from KEYGEN need better UI names
+
+ Reviewed by rjw.
+
+ * English.lproj/Localizable.strings:
+ * WebCoreSupport.subproj/WebKeyGeneration.cpp:
+ (signedPublicKeyAndChallengeString): take a key description arg and use it, take and return CFStrings, handle the empty string case
+ (addCertificatesToKeychainFromData): return a WebCertificateParseResult so WB knows how to handle the cert
+ * WebCoreSupport.subproj/WebKeyGeneration.h:
+ * WebCoreSupport.subproj/WebKeyGenerator.h:
+ * WebCoreSupport.subproj/WebKeyGenerator.m:
+ (-[WebKeyGenerator signedPublicKeyAndChallengeStringWithStrengthIndex:challenge:pageURL:]): take a page URL so we can use its host name in the key description
+ * WebKit.pbproj/project.pbxproj:
+
2003-12-12 Vicki Murley <vicki at apple.com>
Reviewed by NOBODY (OOPS!).
diff --git a/WebKit/English.lproj/Localizable.strings b/WebKit/English.lproj/Localizable.strings
index eb8c7a7..f8ef768 100644
Binary files a/WebKit/English.lproj/Localizable.strings and b/WebKit/English.lproj/Localizable.strings differ
diff --git a/WebKit/WebCoreSupport.subproj/WebKeyGeneration.cpp b/WebKit/WebCoreSupport.subproj/WebKeyGeneration.cpp
index f6ae685..92ade9e 100644
--- a/WebKit/WebCoreSupport.subproj/WebKeyGeneration.cpp
+++ b/WebKit/WebCoreSupport.subproj/WebKeyGeneration.cpp
@@ -245,14 +245,14 @@ static void gnrFreeCssmData(
return;
}
-char *signedPublicKeyAndChallengeString(unsigned keySize, const char *challenge)
+CFStringRef signedPublicKeyAndChallengeString(unsigned keySize, CFStringRef challenge, CFStringRef keyDescription)
{
OSStatus ortn;
CSSM_RETURN crtn;
SecKeyRef pubKey = NULL;
SecKeyRef privKey = NULL;
CSSM_KEY subjectPubKey;
- bool freeSubjPubKey = false;
+ bool freeSubjPubKey = false;
CSSM_CSP_HANDLE cspHand;
SecNssCoder coder;
SignedPublicKeyAndChallenge spkc;
@@ -264,7 +264,14 @@ char *signedPublicKeyAndChallengeString(unsigned keySize, const char *challenge)
PRErrorCode perr;
unsigned char *spkcB64 = NULL; // base64 encoded encodedSpkc
unsigned spkcB64Len;
+ SecAccessRef accessRef;
+ CFStringRef result = NULL;
+ ortn = SecAccessCreate(keyDescription, NULL, &accessRef);
+ if (ortn) {
+ ERROR("***SecAccessCreate %d", ortn);
+ goto errOut;
+ }
/* Cook up a key pair, just use any old params for now */
ortn = SecKeyCreatePair(nil, // in default KC
GNR_KEY_ALG, // normally spec'd by user
@@ -276,16 +283,11 @@ char *signedPublicKeyAndChallengeString(unsigned keySize, const char *challenge)
CSSM_KEYUSE_ANY, // might want to restrict this
CSSM_KEYATTR_SENSITIVE | CSSM_KEYATTR_RETURN_REF |
CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_EXTRACTABLE,
- /*
- * FIXME: should have a non-NULL initialAccess here, but
- * I do not know any easy way of doing that. Ask Perry
- * (perry at apple.com) or MIchael (mb at apple.com).
- */
- NULL,
+ accessRef,
&pubKey,
&privKey);
if (ortn) {
- ERROR("***SecKeyCreatePair", ortn);
+ ERROR("***SecKeyCreatePair %d", ortn);
goto errOut;
}
@@ -310,21 +312,25 @@ char *signedPublicKeyAndChallengeString(unsigned keySize, const char *challenge)
* First, DER-decode the key's SubjectPublicKeyInfo.
*/
memset(&spkc, 0, sizeof(spkc));
- perr = coder.decodeItem(subjectPubKey.KeyData,
- NSS_SubjectPublicKeyInfoTemplate,
- &pkc->spki);
+ perr = coder.decodeItem(subjectPubKey.KeyData, SS_SubjectPublicKeyInfoTemplate, &pkc->spki);
if (perr) {
/* should never happen */
ERROR("***Error decoding subject public key info\n");
goto errOut;
}
- pkc->challenge.Data = (uint8 *)challenge;
- pkc->challenge.Length = strlen(challenge);
+ pkc->challenge.Length = CFStringGetLength(challenge);
+ if (pkc->challenge.Length == 0) {
+ pkc->challenge.Length = 1;
+ pkc->challenge.Data = (uint8 *)strdup("\0");
+ } else {
+ pkc->challenge.Data = (uint8 *)malloc(pkc->challenge.Length + 1);
+ CFStringGetCString(challenge, (char *)pkc->challenge.Data, pkc->challenge.Length + 1, kCFStringEncodingASCII);
+ }
perr = coder.encodeItem(pkc, PublicKeyAndChallengeTemplate, encodedPkc);
if (perr) {
/* should never happen */
- ERROR("***Error enccoding PublicKeyAndChallenge\n");
+ ERROR("***Error encoding PublicKeyAndChallenge\n");
goto errOut;
}
@@ -381,7 +387,17 @@ errOut:
if (privKey) {
CFRelease(privKey);
}
- return reinterpret_cast<char *>(spkcB64);
+ if (accessRef) {
+ CFRelease(accessRef);
+ }
+ if (pkc->challenge.Data) {
+ free(pkc->challenge.Data);
+ }
+ if (spkcB64) {
+ result = CFStringCreateWithCString(NULL, (const char *)spkcB64, kCFStringEncodingASCII);
+ free(spkcB64);
+ }
+ return result;
}
/*
@@ -429,9 +445,9 @@ bool addCertificateToKeychainFromData(const unsigned char *certData,
return true;
}
-bool addCertificatesToKeychainFromData(const void *bytes, unsigned length)
+WebCertificateParseResult addCertificatesToKeychainFromData(const void *bytes, unsigned length)
{
- bool result = false;
+ WebCertificateParseResult result = WebCertificateParseResultFailed;
/* DER-decode, first as NetscapeCertSequence */
SecNssCoder coder;
@@ -440,9 +456,9 @@ bool addCertificatesToKeychainFromData(const void *bytes, unsigned length)
memset(&certSeq, 0, sizeof(certSeq));
PRErrorCode perr = coder.decode(bytes, length, NetscapeCertSequenceTemplate, &certSeq);
if (perr == 0) {
- if (memcmp(certSeq.contentType.Data, CSSMOID_PKCS7_SignedData.Data, certSeq.contentType.Length) == 0) {
- // FIXME: <rdar://problem/3506645>: decode PKCS7 encoded certificates downloaded from Verisign
- return false;
+ if (certSeq.contentType.Length == CSSMOID_PKCS7_SignedData.Length &&
+ memcmp(certSeq.contentType.Data, CSSMOID_PKCS7_SignedData.Data, certSeq.contentType.Length) == 0) {
+ return WebCertificateParseResultPKCS7;
}
/*
* Last cert is a root, which we do NOT want to add
@@ -451,10 +467,7 @@ bool addCertificatesToKeychainFromData(const void *bytes, unsigned length)
unsigned numCerts = nssArraySize((const void **)certSeq.certs) - 1;
for (unsigned i=0; i<numCerts; i++) {
CSSM_DATA *cert = certSeq.certs[i];
- result = addCertificateToKeychainFromData(cert->Data, cert->Length, i);
- if (!result) {
- break;
- }
+ result = addCertificateToKeychainFromData(cert->Data, cert->Length, i) ? WebCertificateParseResultSucceeded : WebCertificateParseResultFailed;
}
} else {
/*
@@ -462,7 +475,7 @@ bool addCertificatesToKeychainFromData(const void *bytes, unsigned length)
* a cert. FIXME: Netscape spec says the blob might also be PKCS7
* format, which we're not handling here.
*/
- result = addCertificateToKeychainFromData(static_cast<const unsigned char *>(bytes), length, 0);
+ result = addCertificateToKeychainFromData(static_cast<const unsigned char *>(bytes), length, 0) ? WebCertificateParseResultSucceeded : WebCertificateParseResultFailed;
}
return result;
diff --git a/WebKit/WebCoreSupport.subproj/WebKeyGeneration.h b/WebKit/WebCoreSupport.subproj/WebKeyGeneration.h
index 7b5007a..94d4b77 100644
--- a/WebKit/WebCoreSupport.subproj/WebKeyGeneration.h
+++ b/WebKit/WebCoreSupport.subproj/WebKeyGeneration.h
@@ -10,6 +10,10 @@
#ifndef _WEB_KEY_GENERATION_
#define _WEB_KEY_GENERATION_
+#import <WebKit/WebKeyGenerator.h>
+
+#import <CoreFoundation/CoreFoundation.h>
+
#include <SecurityNssAsn1/secasn1t.h>
#include <Security/cssmtype.h>
#include <SecurityNssAsn1/X509Templates.h>
@@ -67,8 +71,8 @@ extern "C" {
extern const SEC_ASN1Template PublicKeyAndChallengeTemplate[];
extern const SEC_ASN1Template SignedPublicKeyAndChallengeTemplate[];
- char *signedPublicKeyAndChallengeString(unsigned keySize, const char *challenge);
- bool addCertificatesToKeychainFromData(const void *bytes, unsigned length);
+ CFStringRef signedPublicKeyAndChallengeString(unsigned keySize, CFStringRef challenge, CFStringRef keyDescription);
+ WebCertificateParseResult addCertificatesToKeychainFromData(const void *bytes, unsigned length);
#ifdef __cplusplus
}
diff --git a/WebKit/WebCoreSupport.subproj/WebKeyGenerator.h b/WebKit/WebCoreSupport.subproj/WebKeyGenerator.h
index 1a2be4b..377a6e4 100644
--- a/WebKit/WebCoreSupport.subproj/WebKeyGenerator.h
+++ b/WebKit/WebCoreSupport.subproj/WebKeyGenerator.h
@@ -6,13 +6,22 @@
// Copyright (c) 2003 Apple Computer, Inc. All rights reserved.
//
-#import <WebCore/WebCoreKeyGenerator.h>
+typedef enum {
+ WebCertificateParseResultSucceeded = 0,
+ WebCertificateParseResultFailed = 1,
+ WebCertificateParseResultPKCS7 = 2,
+} WebCertificateParseResult;
+
+#ifdef __OBJC__
+#import <WebCore/WebCoreKeyGenerator.h>
@interface WebKeyGenerator : WebCoreKeyGenerator
{
NSArray *strengthMenuItemTitles;
}
+ (void)createSharedGenerator;
-- (BOOL)addCertificatesToKeychainFromData:(NSData *)data;
+- (WebCertificateParseResult)addCertificatesToKeychainFromData:(NSData *)data;
@end
+
+#endif
diff --git a/WebKit/WebCoreSupport.subproj/WebKeyGenerator.m b/WebKit/WebCoreSupport.subproj/WebKeyGenerator.m
index ac577b7..beeae19 100644
--- a/WebKit/WebCoreSupport.subproj/WebKeyGenerator.m
+++ b/WebKit/WebCoreSupport.subproj/WebKeyGenerator.m
@@ -39,7 +39,7 @@
return strengthMenuItemTitles;
}
-- (NSString *)signedPublicKeyAndChallengeStringWithStrengthIndex:(unsigned)index challenge:(NSString *)challenge
+- (NSString *)signedPublicKeyAndChallengeStringWithStrengthIndex:(unsigned)index challenge:(NSString *)challenge pageURL:(NSURL *)pageURL
{
// This switch statement must always be synced with the UI strings returned by strengthMenuItemTitles.
uint32 keySize;
@@ -57,19 +57,11 @@
return nil;
}
- // FIXME: This is a very temporary workaround for <rdar://problem/3396936>: can't obtain a digital ID from Verisign, form submission fails
- if ([challenge length] == 0) {
- challenge = @"foo";
- }
-
- char *key = signedPublicKeyAndChallengeString(keySize, [challenge cString]);
- NSString *result = key ? [NSString stringWithCString:key] : nil;
- free(key);
-
- return result;
+ NSString *keyDescription = [NSString stringWithFormat:UI_STRING("Key from %@", "name of keychain key generated by the KEYGEN tag"), [pageURL host]];
+ return [(NSString *)signedPublicKeyAndChallengeString(keySize, (CFStringRef)challenge, (CFStringRef)keyDescription) autorelease];
}
-- (BOOL)addCertificatesToKeychainFromData:(NSData *)data;
+- (WebCertificateParseResult)addCertificatesToKeychainFromData:(NSData *)data;
{
return addCertificatesToKeychainFromData([data bytes], [data length]);
}
diff --git a/WebKit/WebKit.pbproj/project.pbxproj b/WebKit/WebKit.pbproj/project.pbxproj
index 5cf6261..fd2a2d7 100644
--- a/WebKit/WebKit.pbproj/project.pbxproj
+++ b/WebKit/WebKit.pbproj/project.pbxproj
@@ -3816,9 +3816,10 @@
expectedFileType = sourcecode.c.objc;
fileEncoding = 4;
isa = PBXFileReference;
- path = WebTextRenderer.m;
- refType = 4;
- sourceTree = "<group>";
+ name = WebTextRenderer.m;
+ path = WebCoreSupport.subproj/WebTextRenderer.m;
+ refType = 2;
+ sourceTree = SOURCE_ROOT;
};
F5B36B430281DF55018635CB = {
fileRef = F5B36B410281DF55018635CB;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list