Commit 5d86a29e authored by cblu's avatar cblu

WebCore:

	Fixed: <rdar://problem/3505208>: keys added to keychain from KEYGEN need better UI names

        Reviewed by rjw.

        * khtml/html/html_formimpl.cpp:
        (HTMLKeygenElementImpl::encoding): pass the page URL to signedPublicKeyAndChallengeString
        * kwq/KWQKSSLKeyGen.h:
        * kwq/KWQKSSLKeyGen.mm:
        (KSSLKeyGen::signedPublicKeyAndChallengeString): take a URL
        * kwq/WebCoreKeyGenerator.h:
        * kwq/WebCoreKeyGenerator.m:
        (-[WebCoreKeyGenerator signedPublicKeyAndChallengeStringWithStrengthIndex:challenge:pageURL:]): take a URL

WebKit:

	Fixed:
	<rdar://problem/3396936>: can't obtain a digital ID from Verisign, form submission fails
	<rdar://problem/3505208>: keys added to keychain from KEYGEN need better UI names

        Reviewed by rjw.

        * English.lproj/Localizable.strings:
        * WebCoreSupport.subproj/WebKeyGeneration.cpp:
        (signedPublicKeyAndChallengeString): take a key description arg and use it, take and return CFStrings, handle the empty string case
        (addCertificatesToKeychainFromData): return a WebCertificateParseResult so WB knows how to handle the cert
        * WebCoreSupport.subproj/WebKeyGeneration.h:
        * WebCoreSupport.subproj/WebKeyGenerator.h:
        * WebCoreSupport.subproj/WebKeyGenerator.m:
        (-[WebKeyGenerator signedPublicKeyAndChallengeStringWithStrengthIndex:challenge:pageURL:]): take a page URL so we can use its host name in the key description
        * WebKit.pbproj/project.pbxproj:

WebBrowser:

	Fixed: 	<rdar://problem/3506645>: open PKCS7 encoded certificates downloaded from Verisign in Keychain Access

        Reviewed by rjw.

        * DownloadProgressEntry.m:
        (-[DownloadProgressEntry _addCertificateToKeyChain]): open PKCS7 files in Keychain Access
        * English.lproj/StringsNotToBeLocalized.txt:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@5786 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 9d00487d
2003-12-12 Chris Blumenberg <cblu@apple.com>
Fixed: <rdar://problem/3505208>: keys added to keychain from KEYGEN need better UI names
Reviewed by rjw.
* khtml/html/html_formimpl.cpp:
(HTMLKeygenElementImpl::encoding): pass the page URL to signedPublicKeyAndChallengeString
* kwq/KWQKSSLKeyGen.h:
* kwq/KWQKSSLKeyGen.mm:
(KSSLKeyGen::signedPublicKeyAndChallengeString): take a URL
* kwq/WebCoreKeyGenerator.h:
* kwq/WebCoreKeyGenerator.m:
(-[WebCoreKeyGenerator signedPublicKeyAndChallengeStringWithStrengthIndex:challenge:pageURL:]): take a URL
2003-12-12 David Hyatt <hyatt@apple.com>
Fix for 3254534, CSS background-image style should be loaded lazily only when used.
......
......@@ -2421,7 +2421,7 @@ bool HTMLKeygenElementImpl::encoding(const QTextCodec* codec, khtml::encodingLis
if (!m_keyType.isNull() && m_keyType.lower() != "rsa") {
return false;
}
QString value = KSSLKeyGen::signedPublicKeyAndChallengeString((unsigned)selectedIndex(), m_challenge.string());
QString value = KSSLKeyGen::signedPublicKeyAndChallengeString((unsigned)selectedIndex(), m_challenge.string(), getDocument()->part()->baseURL());
if (!value.isNull()) {
encoded_values += enc_name;
encoded_values += value.utf8();
......
......@@ -33,7 +33,7 @@ class KSSLKeyGen
{
public:
static QStringList supportedKeySizes();
static QString signedPublicKeyAndChallengeString(unsigned keySizeIndex, const QString &challengeString);
static QString signedPublicKeyAndChallengeString(unsigned keySizeIndex, const QString &challengeString, const KURL &url);
};
#endif
......@@ -25,6 +25,7 @@
#import "KWQKSSLKeyGen.h"
#import "KWQKURL.h"
#import "KWQString.h"
#import "WebCoreKeyGenerator.h"
......@@ -39,7 +40,9 @@ QStringList KSSLKeyGen::supportedKeySizes()
return supportedKeySizes;
}
QString KSSLKeyGen::signedPublicKeyAndChallengeString(unsigned keySizeIndex, const QString &challengeString)
QString KSSLKeyGen::signedPublicKeyAndChallengeString(unsigned keySizeIndex, const QString &challengeString, const KURL &url)
{
return QString::fromNSString([[WebCoreKeyGenerator sharedGenerator] signedPublicKeyAndChallengeStringWithStrengthIndex:keySizeIndex challenge:challengeString.getNSString()]);
return QString::fromNSString([[WebCoreKeyGenerator sharedGenerator] signedPublicKeyAndChallengeStringWithStrengthIndex:keySizeIndex
challenge:challengeString.getNSString()
pageURL:url.getNSURL()]);
}
......@@ -29,6 +29,6 @@
+ (WebCoreKeyGenerator *)sharedGenerator;
- (NSArray *)strengthMenuItemTitles;
- (NSString *)signedPublicKeyAndChallengeStringWithStrengthIndex:(unsigned)index challenge:(NSString *)challenge;
- (NSString *)signedPublicKeyAndChallengeStringWithStrengthIndex:(unsigned)index challenge:(NSString *)challenge pageURL:(NSURL *)pageURL;
@end
......@@ -49,7 +49,7 @@ - (NSArray *)strengthMenuItemTitles
return nil;
}
- (NSString *)signedPublicKeyAndChallengeStringWithStrengthIndex:(unsigned)index challenge:(NSString *)challenge
- (NSString *)signedPublicKeyAndChallengeStringWithStrengthIndex:(unsigned)index challenge:(NSString *)challenge pageURL:(NSURL *)pageURL
{
return nil;
}
......
2003-12-12 Chris Blumenberg <cblu@apple.com>
Fixed:
<rdar://problem/3396936>: can't obtain a digital ID from Verisign, form submission fails
<rdar://problem/3505208>: keys added to keychain from KEYGEN need better UI names
Reviewed by rjw.
* English.lproj/Localizable.strings:
* WebCoreSupport.subproj/WebKeyGeneration.cpp:
(signedPublicKeyAndChallengeString): take a key description arg and use it, take and return CFStrings, handle the empty string case
(addCertificatesToKeychainFromData): return a WebCertificateParseResult so WB knows how to handle the cert
* WebCoreSupport.subproj/WebKeyGeneration.h:
* WebCoreSupport.subproj/WebKeyGenerator.h:
* WebCoreSupport.subproj/WebKeyGenerator.m:
(-[WebKeyGenerator signedPublicKeyAndChallengeStringWithStrengthIndex:challenge:pageURL:]): take a page URL so we can use its host name in the key description
* WebKit.pbproj/project.pbxproj:
2003-12-12 Vicki Murley <vicki@apple.com>
Reviewed by NOBODY (OOPS!).
......
B/* window title for a standalone image */
......
......@@ -245,14 +245,14 @@ static void gnrFreeCssmData(
return;
}
char *signedPublicKeyAndChallengeString(unsigned keySize, const char *challenge)
CFStringRef signedPublicKeyAndChallengeString(unsigned keySize, CFStringRef challenge, CFStringRef keyDescription)
{
OSStatus ortn;
CSSM_RETURN crtn;
SecKeyRef pubKey = NULL;
SecKeyRef privKey = NULL;
CSSM_KEY subjectPubKey;
bool freeSubjPubKey = false;
bool freeSubjPubKey = false;
CSSM_CSP_HANDLE cspHand;
SecNssCoder coder;
SignedPublicKeyAndChallenge spkc;
......@@ -264,7 +264,14 @@ char *signedPublicKeyAndChallengeString(unsigned keySize, const char *challenge)
PRErrorCode perr;
unsigned char *spkcB64 = NULL; // base64 encoded encodedSpkc
unsigned spkcB64Len;
SecAccessRef accessRef;
CFStringRef result = NULL;
ortn = SecAccessCreate(keyDescription, NULL, &accessRef);
if (ortn) {
ERROR("***SecAccessCreate %d", ortn);
goto errOut;
}
/* Cook up a key pair, just use any old params for now */
ortn = SecKeyCreatePair(nil, // in default KC
GNR_KEY_ALG, // normally spec'd by user
......@@ -276,16 +283,11 @@ char *signedPublicKeyAndChallengeString(unsigned keySize, const char *challenge)
CSSM_KEYUSE_ANY, // might want to restrict this
CSSM_KEYATTR_SENSITIVE | CSSM_KEYATTR_RETURN_REF |
CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_EXTRACTABLE,
/*
* FIXME: should have a non-NULL initialAccess here, but
* I do not know any easy way of doing that. Ask Perry
* (perry@apple.com) or MIchael (mb@apple.com).
*/
NULL,
accessRef,
&pubKey,
&privKey);
if (ortn) {
ERROR("***SecKeyCreatePair", ortn);
ERROR("***SecKeyCreatePair %d", ortn);
goto errOut;
}
......@@ -310,21 +312,25 @@ char *signedPublicKeyAndChallengeString(unsigned keySize, const char *challenge)
* First, DER-decode the key's SubjectPublicKeyInfo.
*/
memset(&spkc, 0, sizeof(spkc));
perr = coder.decodeItem(subjectPubKey.KeyData,
NSS_SubjectPublicKeyInfoTemplate,
&pkc->spki);
perr = coder.decodeItem(subjectPubKey.KeyData, SS_SubjectPublicKeyInfoTemplate, &pkc->spki);
if (perr) {
/* should never happen */
ERROR("***Error decoding subject public key info\n");
goto errOut;
}
pkc->challenge.Data = (uint8 *)challenge;
pkc->challenge.Length = strlen(challenge);
pkc->challenge.Length = CFStringGetLength(challenge);
if (pkc->challenge.Length == 0) {
pkc->challenge.Length = 1;
pkc->challenge.Data = (uint8 *)strdup("\0");
} else {
pkc->challenge.Data = (uint8 *)malloc(pkc->challenge.Length + 1);
CFStringGetCString(challenge, (char *)pkc->challenge.Data, pkc->challenge.Length + 1, kCFStringEncodingASCII);
}
perr = coder.encodeItem(pkc, PublicKeyAndChallengeTemplate, encodedPkc);
if (perr) {
/* should never happen */
ERROR("***Error enccoding PublicKeyAndChallenge\n");
ERROR("***Error encoding PublicKeyAndChallenge\n");
goto errOut;
}
......@@ -381,7 +387,17 @@ errOut:
if (privKey) {
CFRelease(privKey);
}
return reinterpret_cast<char *>(spkcB64);
if (accessRef) {
CFRelease(accessRef);
}
if (pkc->challenge.Data) {
free(pkc->challenge.Data);
}
if (spkcB64) {
result = CFStringCreateWithCString(NULL, (const char *)spkcB64, kCFStringEncodingASCII);
free(spkcB64);
}
return result;
}
/*
......@@ -429,9 +445,9 @@ bool addCertificateToKeychainFromData(const unsigned char *certData,
return true;
}
bool addCertificatesToKeychainFromData(const void *bytes, unsigned length)
WebCertificateParseResult addCertificatesToKeychainFromData(const void *bytes, unsigned length)
{
bool result = false;
WebCertificateParseResult result = WebCertificateParseResultFailed;
/* DER-decode, first as NetscapeCertSequence */
SecNssCoder coder;
......@@ -440,9 +456,9 @@ bool addCertificatesToKeychainFromData(const void *bytes, unsigned length)
memset(&certSeq, 0, sizeof(certSeq));
PRErrorCode perr = coder.decode(bytes, length, NetscapeCertSequenceTemplate, &certSeq);
if (perr == 0) {
if (memcmp(certSeq.contentType.Data, CSSMOID_PKCS7_SignedData.Data, certSeq.contentType.Length) == 0) {
// FIXME: <rdar://problem/3506645>: decode PKCS7 encoded certificates downloaded from Verisign
return false;
if (certSeq.contentType.Length == CSSMOID_PKCS7_SignedData.Length &&
memcmp(certSeq.contentType.Data, CSSMOID_PKCS7_SignedData.Data, certSeq.contentType.Length) == 0) {
return WebCertificateParseResultPKCS7;
}
/*
* Last cert is a root, which we do NOT want to add
......@@ -451,10 +467,7 @@ bool addCertificatesToKeychainFromData(const void *bytes, unsigned length)
unsigned numCerts = nssArraySize((const void **)certSeq.certs) - 1;
for (unsigned i=0; i<numCerts; i++) {
CSSM_DATA *cert = certSeq.certs[i];
result = addCertificateToKeychainFromData(cert->Data, cert->Length, i);
if (!result) {
break;
}
result = addCertificateToKeychainFromData(cert->Data, cert->Length, i) ? WebCertificateParseResultSucceeded : WebCertificateParseResultFailed;
}
} else {
/*
......@@ -462,7 +475,7 @@ bool addCertificatesToKeychainFromData(const void *bytes, unsigned length)
* a cert. FIXME: Netscape spec says the blob might also be PKCS7
* format, which we're not handling here.
*/
result = addCertificateToKeychainFromData(static_cast<const unsigned char *>(bytes), length, 0);
result = addCertificateToKeychainFromData(static_cast<const unsigned char *>(bytes), length, 0) ? WebCertificateParseResultSucceeded : WebCertificateParseResultFailed;
}
return result;
......
......@@ -10,6 +10,10 @@
#ifndef _WEB_KEY_GENERATION_
#define _WEB_KEY_GENERATION_
#import <WebKit/WebKeyGenerator.h>
#import <CoreFoundation/CoreFoundation.h>
#include <SecurityNssAsn1/secasn1t.h>
#include <Security/cssmtype.h>
#include <SecurityNssAsn1/X509Templates.h>
......@@ -67,8 +71,8 @@ extern "C" {
extern const SEC_ASN1Template PublicKeyAndChallengeTemplate[];
extern const SEC_ASN1Template SignedPublicKeyAndChallengeTemplate[];
char *signedPublicKeyAndChallengeString(unsigned keySize, const char *challenge);
bool addCertificatesToKeychainFromData(const void *bytes, unsigned length);
CFStringRef signedPublicKeyAndChallengeString(unsigned keySize, CFStringRef challenge, CFStringRef keyDescription);
WebCertificateParseResult addCertificatesToKeychainFromData(const void *bytes, unsigned length);
#ifdef __cplusplus
}
......
......@@ -6,13 +6,22 @@
// Copyright (c) 2003 Apple Computer, Inc. All rights reserved.
//
#import <WebCore/WebCoreKeyGenerator.h>
typedef enum {
WebCertificateParseResultSucceeded = 0,
WebCertificateParseResultFailed = 1,
WebCertificateParseResultPKCS7 = 2,
} WebCertificateParseResult;
#ifdef __OBJC__
#import <WebCore/WebCoreKeyGenerator.h>
@interface WebKeyGenerator : WebCoreKeyGenerator
{
NSArray *strengthMenuItemTitles;
}
+ (void)createSharedGenerator;
- (BOOL)addCertificatesToKeychainFromData:(NSData *)data;
- (WebCertificateParseResult)addCertificatesToKeychainFromData:(NSData *)data;
@end
#endif
......@@ -39,7 +39,7 @@ - (NSArray *)strengthMenuItemTitles
return strengthMenuItemTitles;
}
- (NSString *)signedPublicKeyAndChallengeStringWithStrengthIndex:(unsigned)index challenge:(NSString *)challenge
- (NSString *)signedPublicKeyAndChallengeStringWithStrengthIndex:(unsigned)index challenge:(NSString *)challenge pageURL:(NSURL *)pageURL
{
// This switch statement must always be synced with the UI strings returned by strengthMenuItemTitles.
uint32 keySize;
......@@ -57,19 +57,11 @@ - (NSString *)signedPublicKeyAndChallengeStringWithStrengthIndex:(unsigned)index
return nil;
}
// FIXME: This is a very temporary workaround for <rdar://problem/3396936>: can't obtain a digital ID from Verisign, form submission fails
if ([challenge length] == 0) {
challenge = @"foo";
}
char *key = signedPublicKeyAndChallengeString(keySize, [challenge cString]);
NSString *result = key ? [NSString stringWithCString:key] : nil;
free(key);
return result;
NSString *keyDescription = [NSString stringWithFormat:UI_STRING("Key from %@", "name of keychain key generated by the KEYGEN tag"), [pageURL host]];
return [(NSString *)signedPublicKeyAndChallengeString(keySize, (CFStringRef)challenge, (CFStringRef)keyDescription) autorelease];
}
- (BOOL)addCertificatesToKeychainFromData:(NSData *)data;
- (WebCertificateParseResult)addCertificatesToKeychainFromData:(NSData *)data;
{
return addCertificatesToKeychainFromData([data bytes], [data length]);
}
......
......@@ -3816,9 +3816,10 @@
expectedFileType = sourcecode.c.objc;
fileEncoding = 4;
isa = PBXFileReference;
path = WebTextRenderer.m;
refType = 4;
sourceTree = "<group>";
name = WebTextRenderer.m;
path = WebCoreSupport.subproj/WebTextRenderer.m;
refType = 2;
sourceTree = SOURCE_ROOT;
};
F5B36B430281DF55018635CB = {
fileRef = F5B36B410281DF55018635CB;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment