Add a unit test for client certificate authentication
https://bugs.webkit.org/show_bug.cgi?id=197800
Patch by Alex Christensen <achristensen@webkit.org> on 2019-05-16
Reviewed by Youenn Fablet.
Source/WebKit:
* Shared/cf/ArgumentCodersCF.cpp:
Move SPI declarations to SecuritySPI.h.
Source/WTF:
* wtf/spi/cocoa/SecuritySPI.h:
Move declarations from ArgumentCodersCF.cpp so they can be shared.
Tools:
Make better abstractions for reading and writing from/to TCPServer.
Add a unit test that causes a client certificate authentication challenge to happen.
* TestWebKitAPI/TCPServer.cpp:
(TestWebKitAPI::TCPServer::TCPServer):
(TestWebKitAPI::TCPServer::read):
(TestWebKitAPI::TCPServer::write):
(TestWebKitAPI::TCPServer::respondWithChallengeThenOK):
(TestWebKitAPI::TCPServer::respondWithOK):
* TestWebKitAPI/TCPServer.h:
* TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm:
(credentialWithIdentity):
(-[ChallengeDelegate webView:didReceiveAuthenticationChallenge:completionHandler:]):
(TEST):
(-[ClientCertificateDelegate webView:didFinishNavigation:]):
(-[ClientCertificateDelegate webView:didReceiveAuthenticationChallenge:completionHandler:]):
(-[ClientCertificateDelegate challengeCount]):
(TestWebKitAPI::TEST):
(respondWithChallengeThenOK): Deleted.
(credentialWithIdentityAndKeychainPath): Deleted.
* TestWebKitAPI/Tests/WebKitCocoa/PDFLinkReferrer.mm:
(TEST):
* TestWebKitAPI/Tests/WebKitCocoa/Proxy.mm:
(TestWebKitAPI::TEST):
* TestWebKitAPI/Tests/WebKitCocoa/WKNavigationResponse.mm:
(TEST):
(readRequest): Deleted.
(writeResponse): Deleted.
* TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm:
(TestWebKitAPI::TEST):
(TestWebKitAPI::respondWithChallengeThenOK): Deleted.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@245418 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WTF/ChangeLog b/Source/WTF/ChangeLog
index 6efab37..16876d1 100644
--- a/Source/WTF/ChangeLog
+++ b/Source/WTF/ChangeLog
@@ -1,3 +1,13 @@
+2019-05-16 Alex Christensen <achristensen@webkit.org>
+
+ Add a unit test for client certificate authentication
+ https://bugs.webkit.org/show_bug.cgi?id=197800
+
+ Reviewed by Youenn Fablet.
+
+ * wtf/spi/cocoa/SecuritySPI.h:
+ Move declarations from ArgumentCodersCF.cpp so they can be shared.
+
2019-05-16 Eike Rathke <erack@redhat.com>
Fix memcpy() call for big endian
diff --git a/Source/WTF/wtf/spi/cocoa/SecuritySPI.h b/Source/WTF/wtf/spi/cocoa/SecuritySPI.h
index 96e30a7..9357d0c 100644
--- a/Source/WTF/wtf/spi/cocoa/SecuritySPI.h
+++ b/Source/WTF/wtf/spi/cocoa/SecuritySPI.h
@@ -27,7 +27,10 @@
#if USE(APPLE_INTERNAL_SDK)
+#include <Security/SecAccessControlPriv.h>
#include <Security/SecCertificatePriv.h>
+#include <Security/SecIdentityPriv.h>
+#include <Security/SecKeyPriv.h>
#include <Security/SecTask.h>
#include <Security/SecTrustPriv.h>
@@ -67,7 +70,11 @@
SecTaskRef SecTaskCreateWithAuditToken(CFAllocatorRef, audit_token_t);
SecTaskRef SecTaskCreateFromSelf(CFAllocatorRef);
-CFTypeRef SecTaskCopyValueForEntitlement(SecTaskRef, CFStringRef entitlement, CFErrorRef *);
+CFTypeRef SecTaskCopyValueForEntitlement(SecTaskRef, CFStringRef entitlement, CFErrorRef*);
+SecIdentityRef SecIdentityCreate(CFAllocatorRef, SecCertificateRef, SecKeyRef);
+OSStatus SecKeyFindWithPersistentRef(CFDataRef persistentRef, SecKeyRef* lookedUpData);
+SecAccessControlRef SecAccessControlCreateFromData(CFAllocatorRef, CFDataRef, CFErrorRef*);
+CFDataRef SecAccessControlCopyData(SecAccessControlRef);
#if PLATFORM(MAC)
#include <Security/SecAsn1Types.h>
diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
index 59b4370..f843850 100644
--- a/Source/WebKit/ChangeLog
+++ b/Source/WebKit/ChangeLog
@@ -1,5 +1,15 @@
2019-05-16 Alex Christensen <achristensen@webkit.org>
+ Add a unit test for client certificate authentication
+ https://bugs.webkit.org/show_bug.cgi?id=197800
+
+ Reviewed by Youenn Fablet.
+
+ * Shared/cf/ArgumentCodersCF.cpp:
+ Move SPI declarations to SecuritySPI.h.
+
+2019-05-16 Alex Christensen <achristensen@webkit.org>
+
Add SPI to set a list of hosts to which to send custom header fields cross-origin
https://bugs.webkit.org/show_bug.cgi?id=197397
diff --git a/Source/WebKit/Shared/cf/ArgumentCodersCF.cpp b/Source/WebKit/Shared/cf/ArgumentCodersCF.cpp
index fdb8e88..d35925b 100644
--- a/Source/WebKit/Shared/cf/ArgumentCodersCF.cpp
+++ b/Source/WebKit/Shared/cf/ArgumentCodersCF.cpp
@@ -41,29 +41,6 @@
#import <Foundation/Foundation.h>
#endif
-#if USE(APPLE_INTERNAL_SDK)
-#include <Security/SecIdentityPriv.h>
-#endif
-
-extern "C" SecIdentityRef SecIdentityCreate(CFAllocatorRef allocator, SecCertificateRef certificate, SecKeyRef privateKey);
-
-#if PLATFORM(IOS_FAMILY)
-#if USE(APPLE_INTERNAL_SDK)
-#include <Security/SecKeyPriv.h>
-#endif
-
-extern "C" OSStatus SecKeyFindWithPersistentRef(CFDataRef persistentRef, SecKeyRef* lookedUpData);
-#endif
-
-#if HAVE(SEC_ACCESS_CONTROL)
-#if USE(APPLE_INTERNAL_SDK)
-#include <Security/SecAccessControlPriv.h>
-#endif
-
-extern "C" SecAccessControlRef SecAccessControlCreateFromData(CFAllocatorRef allocator, CFDataRef data, CFErrorRef *error);
-extern "C" CFDataRef SecAccessControlCopyData(SecAccessControlRef access_control);
-#endif
-
namespace IPC {
using namespace WebCore;
diff --git a/Tools/ChangeLog b/Tools/ChangeLog
index 80a3627..fe34eef 100644
--- a/Tools/ChangeLog
+++ b/Tools/ChangeLog
@@ -1,5 +1,44 @@
2019-05-16 Alex Christensen <achristensen@webkit.org>
+ Add a unit test for client certificate authentication
+ https://bugs.webkit.org/show_bug.cgi?id=197800
+
+ Reviewed by Youenn Fablet.
+
+ Make better abstractions for reading and writing from/to TCPServer.
+ Add a unit test that causes a client certificate authentication challenge to happen.
+
+ * TestWebKitAPI/TCPServer.cpp:
+ (TestWebKitAPI::TCPServer::TCPServer):
+ (TestWebKitAPI::TCPServer::read):
+ (TestWebKitAPI::TCPServer::write):
+ (TestWebKitAPI::TCPServer::respondWithChallengeThenOK):
+ (TestWebKitAPI::TCPServer::respondWithOK):
+ * TestWebKitAPI/TCPServer.h:
+ * TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm:
+ (credentialWithIdentity):
+ (-[ChallengeDelegate webView:didReceiveAuthenticationChallenge:completionHandler:]):
+ (TEST):
+ (-[ClientCertificateDelegate webView:didFinishNavigation:]):
+ (-[ClientCertificateDelegate webView:didReceiveAuthenticationChallenge:completionHandler:]):
+ (-[ClientCertificateDelegate challengeCount]):
+ (TestWebKitAPI::TEST):
+ (respondWithChallengeThenOK): Deleted.
+ (credentialWithIdentityAndKeychainPath): Deleted.
+ * TestWebKitAPI/Tests/WebKitCocoa/PDFLinkReferrer.mm:
+ (TEST):
+ * TestWebKitAPI/Tests/WebKitCocoa/Proxy.mm:
+ (TestWebKitAPI::TEST):
+ * TestWebKitAPI/Tests/WebKitCocoa/WKNavigationResponse.mm:
+ (TEST):
+ (readRequest): Deleted.
+ (writeResponse): Deleted.
+ * TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm:
+ (TestWebKitAPI::TEST):
+ (TestWebKitAPI::respondWithChallengeThenOK): Deleted.
+
+2019-05-16 Alex Christensen <achristensen@webkit.org>
+
Add SPI to set a list of hosts to which to send custom header fields cross-origin
https://bugs.webkit.org/show_bug.cgi?id=197397
diff --git a/Tools/TestWebKitAPI/TCPServer.cpp b/Tools/TestWebKitAPI/TCPServer.cpp
index 31b1470..2ba7a63 100644
--- a/Tools/TestWebKitAPI/TCPServer.cpp
+++ b/Tools/TestWebKitAPI/TCPServer.cpp
@@ -30,6 +30,7 @@
#include <thread>
#include <unistd.h>
#include <wtf/Optional.h>
+#include <wtf/text/Base64.h>
extern "C" {
@@ -38,6 +39,10 @@
struct SSL_CTX;
struct EVP_PKEY;
struct SSL_METHOD;
+struct X509_STORE_CTX {
+ void* unused;
+ X509* cert;
+};
struct pem_password_cb;
int BIO_free(BIO*);
int SSL_free(SSL*);
@@ -56,6 +61,15 @@
SSL* SSL_new(SSL_CTX*);
int SSL_accept(SSL*);
int SSL_set_fd(SSL*, int);
+void SSL_CTX_set_verify(SSL_CTX*, int, int (*)(int, X509_STORE_CTX*));
+void SSL_CTX_set_cert_verify_callback(SSL_CTX*, int (*)(X509_STORE_CTX*, void*), void*);
+int SSL_get_error(const SSL*, int);
+int SSL_read(SSL*, void*, int);
+int SSL_write(SSL*, const void*, int);
+int i2d_X509(X509*, unsigned char**);
+void OPENSSL_free(void*);
+#define SSL_VERIFY_PEER 0x01
+#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
} // extern "C"
@@ -92,6 +106,12 @@
EVP_PKEY_free(key);
}
};
+template<> struct deleter<uint8_t[]> {
+ void operator()(uint8_t* buffer)
+ {
+ OPENSSL_free(buffer);
+ }
+};
TCPServer::TCPServer(Function<void(Socket)>&& connectionHandler, size_t connections)
: m_connectionHandler(WTFMove(connectionHandler))
@@ -101,7 +121,7 @@
TCPServer::TCPServer(Protocol protocol, Function<void(SSL*)>&& secureConnectionHandler)
{
- auto startSecureConnection = [secureConnectionHandler = WTFMove(secureConnectionHandler)] (Socket socket) {
+ auto startSecureConnection = [secureConnectionHandler = WTFMove(secureConnectionHandler), protocol] (Socket socket) {
SSL_library_init();
std::unique_ptr<SSL_CTX, deleter<SSL_CTX>> ctx(SSL_CTX_new(SSLv23_server_method()));
@@ -129,6 +149,20 @@
ASSERT(certX509);
SSL_CTX_use_certificate(ctx.get(), certX509.get());
+ if (protocol == Protocol::HTTPSWithClientCertificateRequest) {
+ SSL_CTX_set_verify(ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
+ SSL_CTX_set_cert_verify_callback(ctx.get(), [] (X509_STORE_CTX* store_ctx, void*) -> int {
+ uint8_t* bufferPointer = nullptr;
+ auto length = i2d_X509(store_ctx->cert, &bufferPointer);
+ std::unique_ptr<uint8_t[], deleter<uint8_t[]>> buffer(bufferPointer);
+ auto expectedCert = testCertificate();
+ EXPECT_EQ(static_cast<int>(expectedCert.size()), length);
+ for (int i = 0; i < length; ++i)
+ EXPECT_EQ(buffer.get()[i], expectedCert[i]);
+ return 1;
+ }, nullptr);
+ }
+
// This is a test key from BoringSSL.
char kKeyPEM[] =
"-----BEGIN RSA PRIVATE KEY-----\n"
@@ -164,6 +198,7 @@
switch (protocol) {
case Protocol::HTTPS:
+ case Protocol::HTTPSWithClientCertificateRequest:
m_connectionHandler = WTFMove(startSecureConnection);
break;
case Protocol::HTTPSProxy:
@@ -239,4 +274,182 @@
return WTF::nullopt;
}
+template<> Vector<uint8_t> TCPServer::read(Socket socket)
+{
+ uint8_t buffer[1000];
+ auto bytesRead = ::read(socket, buffer, sizeof(buffer));
+ ASSERT_UNUSED(bytesRead, bytesRead > 0);
+ ASSERT(static_cast<size_t>(bytesRead) < sizeof(buffer));
+
+ Vector<uint8_t> vector;
+ vector.append(buffer, bytesRead);
+ return vector;
+}
+
+template<> void TCPServer::write(Socket socket, const void* response, size_t length)
+{
+ auto bytesWritten = ::write(socket, response, length);
+ EXPECT_EQ(static_cast<size_t>(bytesWritten), length);
+}
+
+template<> Vector<uint8_t> TCPServer::read(SSL* ssl)
+{
+ uint8_t buffer[1000];
+ auto bytesRead = SSL_read(ssl, buffer, sizeof(buffer));
+ ASSERT_UNUSED(bytesRead, bytesRead > 0);
+ ASSERT(static_cast<size_t>(bytesRead) < sizeof(buffer));
+
+ Vector<uint8_t> vector;
+ vector.append(buffer, bytesRead);
+ return vector;
+}
+
+template<> void TCPServer::write(SSL* ssl, const void* response, size_t length)
+{
+ auto bytesWritten = SSL_write(ssl, response, length);
+ EXPECT_EQ(static_cast<size_t>(bytesWritten), length);
+}
+
+void TCPServer::respondWithChallengeThenOK(Socket socket)
+{
+ read(socket);
+
+ const char* challengeHeader =
+ "HTTP/1.1 401 Unauthorized\r\n"
+ "Date: Sat, 23 Mar 2019 06:29:01 GMT\r\n"
+ "Content-Length: 0\r\n"
+ "WWW-Authenticate: Basic realm=\"testrealm\"\r\n\r\n";
+ write(socket, challengeHeader, strlen(challengeHeader));
+
+ read(socket);
+
+ const char* responseHeader =
+ "HTTP/1.1 200 OK\r\n"
+ "Content-Length: 13\r\n\r\n"
+ "Hello, World!";
+ write(socket, responseHeader, strlen(responseHeader));
+}
+
+void TCPServer::respondWithOK(SSL* ssl)
+{
+ read(ssl);
+
+ const char* reply = ""
+ "HTTP/1.1 200 OK\r\n"
+ "Content-Length: 34\r\n\r\n"
+ "<script>alert('success!')</script>";
+ write(ssl, reply, strlen(reply));
+}
+
+Vector<uint8_t> TCPServer::testCertificate()
+{
+ // Certificate and private key were generated by running this command:
+ // openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
+ // and entering this information:
+ /*
+ Country Name (2 letter code) []:US
+ State or Province Name (full name) []:New Mexico
+ Locality Name (eg, city) []:Santa Fe
+ Organization Name (eg, company) []:Self
+ Organizational Unit Name (eg, section) []:Myself
+ Common Name (eg, fully qualified host name) []:Me
+ Email Address []:me@example.com
+ */
+
+ String pemEncodedCertificate(""
+ "MIIFgDCCA2gCCQCKHiPRU5MQuDANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMC"
+ "VVMxEzARBgNVBAgMCk5ldyBNZXhpY28xETAPBgNVBAcMCFNhbnRhIEZlMQ0wCwYD"
+ "VQQKDARTZWxmMQ8wDQYDVQQLDAZNeXNlbGYxCzAJBgNVBAMMAk1lMR0wGwYJKoZI"
+ "hvcNAQkBFg5tZUBleGFtcGxlLmNvbTAeFw0xOTAzMjMwNTUwMTRaFw0yMDAzMjIw"
+ "NTUwMTRaMIGBMQswCQYDVQQGEwJVUzETMBEGA1UECAwKTmV3IE1leGljbzERMA8G"
+ "A1UEBwwIU2FudGEgRmUxDTALBgNVBAoMBFNlbGYxDzANBgNVBAsMBk15c2VsZjEL"
+ "MAkGA1UEAwwCTWUxHTAbBgkqhkiG9w0BCQEWDm1lQGV4YW1wbGUuY29tMIICIjAN"
+ "BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3rhN4SPg8VY/PtGDNKY3T9JISgby"
+ "8YGMJx0vO+YZFZm3G3fsTUsyvDyEHwqp5abCZRB/By1PwWkNrfxn/XP8P034JPlE"
+ "6irViuAYQrqUh6k7ZR8CpOM5GEcRZgAUJGGQwNlOkEwaHnMGc8SsHurgDPh5XBpg"
+ "bDytd7BJuB1NoI/KJmhcajkAuV3varS+uPLofPHNqe+cL8hNnjZQwHWarP45ks4e"
+ "BcOD7twqxuHnVm/FWErpY8Ws5s1MrPThUdDahjEMf+YfDJ9KL8y304yS8J8feCxY"
+ "fcH4BvgLtJmBNHJgj3eND/EMZjJgz2FsBjrJk8kKD31cw+4Wp8UF4skWXCf46+mN"
+ "OHp13PeSCZLyF4ZAHazUVknDPcc2YNrWVV1i6n3T15kI0T5Z7bstdmALuSkE2cuJ"
+ "SVNO6gR+ZsVRTneuQxwWTU0MNEhAPFOX2BhGP5eisgEUzknxMJddFDn9Wxklu1Jh"
+ "gkzASA/+3AmlrFZMPhOhjEul0zjgNR5RBl1G8Hz92LAx5UEDBtdLg71I+I8AzQOh"
+ "d6LtBekECxA16pSappg5vcW9Z/8N6ZlsHnZ2FztA0nCOflkoO9iejOpcuFN4EVYD"
+ "xItwctKw1LCeND/s4kmoRRnXbX7k9O6cI1UUWM595Gsu5tPa33M5AZFCav2gOVuY"
+ "djppS0HOfo5hv6cCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAY8EWaAFEfw7OV+oD"
+ "XUZSIYXq3EH2E5p3q38AhIOLRjBuB+utyu7Q6rxMMHuw2TtsN+zbAR7yrjfsseA3"
+ "4TM1xe4Nk7NVNHRoZQ+C0Iqf9fvcioMvT1tTrma0MhKSjFQpx+PvyLVbD7YdP86L"
+ "meehKqU7h1pLGAiGwjoaZ9Ybh6Kuq/MTAHy3D8+wk7B36VBxF6diVlUPZJZQWKJy"
+ "MKy9G3sze1ZGt9WeE0AMvkN2HIef0HTKCUZ3eBvecOMijxL0WhWo5Qyf5k6ylCaU"
+ "2fx+M8DfDcwFo7tSgLxSK3GCFpxPfiDt6Qk8c9tQn5S1gY3t6LJuwVCFwUIXlNkB"
+ "JD7+cZ1Z/tCrEhzj3YCk0uUU8CifoU+4FG+HGFP+SPztsYE055mSj3+Esh+oyoVB"
+ "gBH90sE2T1i0eNI8f61oSgwYFeHsf7fC71XEXLFR+GwNdmwqlmwlDZEpTu7BoNN+"
+ "q7+Tfk1MRkJlL1PH6Yu/IPhZiNh4tyIqDOtlYfzp577A+OUU+q5PPRFRIsqheOxt"
+ "mNlHx4Uzd4U3ITfmogJazjqwYO2viBZY4jUQmyZs75eH/jiUFHWRsha3AdnW5LWa"
+ "G3PFnYbW8urH0NSJG/W+/9DA+Y7Aa0cs4TPpuBGZ0NU1W94OoCMo4lkO6H/y6Leu"
+ "3vjZD3y9kZk7mre9XHwkI8MdK5s=");
+
+ Vector<uint8_t> vector;
+ base64Decode(pemEncodedCertificate, vector, WTF::Base64DecodeOptions::Base64Default);
+ return vector;
+}
+
+Vector<uint8_t> TCPServer::testPrivateKey()
+{
+ String pemEncodedPrivateKey(""
+ "MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDeuE3hI+DxVj8+"
+ "0YM0pjdP0khKBvLxgYwnHS875hkVmbcbd+xNSzK8PIQfCqnlpsJlEH8HLU/BaQ2t"
+ "/Gf9c/w/Tfgk+UTqKtWK4BhCupSHqTtlHwKk4zkYRxFmABQkYZDA2U6QTBoecwZz"
+ "xKwe6uAM+HlcGmBsPK13sEm4HU2gj8omaFxqOQC5Xe9qtL648uh88c2p75wvyE2e"
+ "NlDAdZqs/jmSzh4Fw4Pu3CrG4edWb8VYSuljxazmzUys9OFR0NqGMQx/5h8Mn0ov"
+ "zLfTjJLwnx94LFh9wfgG+Au0mYE0cmCPd40P8QxmMmDPYWwGOsmTyQoPfVzD7han"
+ "xQXiyRZcJ/jr6Y04enXc95IJkvIXhkAdrNRWScM9xzZg2tZVXWLqfdPXmQjRPlnt"
+ "uy12YAu5KQTZy4lJU07qBH5mxVFOd65DHBZNTQw0SEA8U5fYGEY/l6KyARTOSfEw"
+ "l10UOf1bGSW7UmGCTMBID/7cCaWsVkw+E6GMS6XTOOA1HlEGXUbwfP3YsDHlQQMG"
+ "10uDvUj4jwDNA6F3ou0F6QQLEDXqlJqmmDm9xb1n/w3pmWwednYXO0DScI5+WSg7"
+ "2J6M6ly4U3gRVgPEi3By0rDUsJ40P+ziSahFGddtfuT07pwjVRRYzn3kay7m09rf"
+ "czkBkUJq/aA5W5h2OmlLQc5+jmG/pwIDAQABAoICAGra/Cp/f0Xqvk9ST+Prt2/p"
+ "kNtLeDXclLSTcP0JCZHufQaFw+7VnFLpqe4GvLq9Bllcz8VOvQwrbe/CwNW+VxC8"
+ "RMjge2rqACgwGhOx1t87l46NkUQw7Ey0lCle8kr+MGgGGoZqrMFdKIRUoMv4nmQ6"
+ "tmc1FHv5pLRe9Q+Lp5nYQwGoYmZoUOueoOaOL08m49pGXQkiN8pJDMxSfO3Jvtsu"
+ "4cqIb6kOQ/dO1Is1CTvURld1IYLH7YuShi4ZEx2g2ac2Uyvt6YmxxvMmAjBSKpGd"
+ "loiepho3/NrDGUKdv3q9QYyzrA8w9GT32LDGqgBXJi1scBI8cExkp6P4iDllhv7s"
+ "vZsspvobRJa3O1zk863LHXa24JCnyuzimqezZ2Olh7l4olHoYD6UFC9jfd4KcHRg"
+ "1c4syqt/n8AK/1s1eBfS9dzb5Cfjt9MtKYslxvLzq1WwOINwz8rIYuRi0PcLm9hs"
+ "l+U0u/zB37eMgv6+iwDXk1fSjbuYsE/bETWYknKGNFFL5JSiKV7WCpmgNTTrrE4K"
+ "S8E6hR9uPOAaow7vPCCt4xLX/48l2EI6Zeq6qOpq1lJ2qcy8r4tyuQgNRLQMkZg1"
+ "AxQl6vnQ8Cu4iu+NIhef0y9Z7qkfNvZeCj5GlFB9c2YjV8Y2mdWfJB4qWK3Z/+MJ"
+ "QOTCKRz7/LxLNBUepRjJAoIBAQD3ZsV5tWU9ZSKcVJ9DC7TZk0P+lhcisZr0nL0t"
+ "PQuQO+pHvPI1MqRnNskHJhyPnqVCi+dp89tK/It590ULl8os6UC1FhytBPoT1YPd"
+ "WGWep2pOc7bVpi4ip31y+ImfgeZyJtMATdme3kBPAOe5NGE9Gig/l5nqLyb02sd1"
+ "QW7O0GdqLx3DpLw4SLlhMf6aE0uGRS8sfB085e4DGn54O2wEVuSZqZl5NNEf35Rz"
+ "Xgim3h+RWF1ZFSQzjB/smN0Zh+v3Iz7vEJ1h0ywV6o+GzvHkP9HE6gLIhtyV8OEw"
+ "vlyYk1Ga7pUVGRh8o8OMe6RR9DQi7JqC4eI7GckmBzaqzJcDAoIBAQDmde6ATew3"
+ "H9bQK6xnbMIncz/COpIISdlcFb23AHGEb4b4VhJFBNwxrNL6tHKSFLeYZFLhTdhx"
+ "PfXyULHNf5ozdEkl0WrleroDdogbCyWg5uJp9/Q68sbwbGr8CAlO7ZHYTrjuQf1K"
+ "AS9pCm77KP3k2d3UlG+pelDjXLoBziXq0NjxJpMz45vrIx8rSWzFNjMGjXT3fXaS"
+ "962k/0AXei5/bfuhBxlm7Pni0bQJIWFkeaUuGlrOaHDRxUiX1r9IZS9wv5lk1Ptg"
+ "idpbcWyw18cFGTvjdKhRbZH8EsbmzmNNsCGdgCMqFkKYsW16QKoCj/NAovI3n0qn"
+ "6VoRa0sGmTGNAoIBACl/mqZEsBuxSDHy29gSMZ7BXglpQa43HmfjlrPs5nCmLDEm"
+ "V3Zm7T7G6MeDNA0/LjdQYlvaZLFaVUb7HCDKsEYCRjFZ6St4hz4mdXz+Y+VN7b4F"
+ "GOkTe++iKp/LYsJXtsD1FDWb2WIVo7Hc1AGz8I+gQJoSIuYuTJmLzSM0+5JDUOV1"
+ "y8dSbaP/RuEv0qYjkGqQVk5e70SUyOzKV+ZxCThdHvFLiovTOTTgevUzE75xydfG"
+ "e7oCmtTurzgvl/69Vu5Ygij1n4CWPHHcq4CQW/DOZ7BhFGBwhrW79voHJF8PbwPO"
+ "+0DTudDGY3nAD5sTnF8zUuObYihJtfzj/t59fOMCggEBAIYuuBUASb62zQ4bv5/g"
+ "VRM/KSpfi9NDnEjfZ7x7h5zCiuVgx/ZjpAlQRO8vzV18roEOOKtx9cnJd8AEd+Hc"
+ "n93BoS1hx0mhsVh+1TRZwyjyBXYJpqwD2wz1Mz1XOIQ6EqbM/yPKTD2gfwg7yO53"
+ "qYxrxZsWagVVcG9Q+ARBERatTwLpoN+fcJLxuh4r/Ca/LepsxmOrKzTa/MGK1LhW"
+ "rWgIk2/ogEPLSptj2d1PEDO+GAzFz4VKjhW1NlUh9fGi6IJPLHLnBw3odbi0S8KT"
+ "gA9Z5+LBc5clotAP5rtQA8Wh/ZCEoPTKTTA2bjW2HMatJcbGmR0FpCQr3AM0Y1SO"
+ "MakCggEALru6QZ6YUwJJG45H1eq/rPdDY8tqqjJVViKoBVvzKj/XfJZYEVQiIw5p"
+ "uoGhDoyFuFUeIh/d1Jc2Iruy2WjoOkiQYtIugDHHxRrkLdQcjPhlCTCE/mmySJt+"
+ "bkUbiHIbQ8dJ5yj8SKr0bHzqEtOy9/JeRjkYGHC6bVWpq5FA2MBhf4dNjJ4UDlnT"
+ "vuePcTjr7nnfY1sztvfVl9D8dmgT+TBnOOV6yWj1gm5bS1DxQSLgNmtKxJ8tAh2u"
+ "dEObvcpShP22ItOVjSampRuAuRG26ZemEbGCI3J6Mqx3y6m+6HwultsgtdzDgrFe"
+ "qJfU8bbdbu2pi47Y4FdJK0HLffl5Rw==");
+
+ Vector<uint8_t> vector;
+ base64Decode(pemEncodedPrivateKey, vector, WTF::Base64DecodeOptions::Base64Default);
+ return vector;
+}
+
} // namespace TestWebKitAPI
diff --git a/Tools/TestWebKitAPI/TCPServer.h b/Tools/TestWebKitAPI/TCPServer.h
index fbe81a2..6668c73 100644
--- a/Tools/TestWebKitAPI/TCPServer.h
+++ b/Tools/TestWebKitAPI/TCPServer.h
@@ -29,11 +29,7 @@
#include <wtf/Function.h>
#include <wtf/Vector.h>
-extern "C" {
struct SSL;
-int SSL_read(SSL*, void*, int);
-int SSL_write(SSL*, const void*, int);
-}
namespace TestWebKitAPI {
@@ -44,14 +40,25 @@
static constexpr Port InvalidPort = 0;
TCPServer(Function<void(Socket)>&&, size_t connections = 1);
- enum class Protocol : bool {
- HTTPS, HTTPSProxy
+ enum class Protocol : uint8_t {
+ HTTPS,
+ HTTPSProxy,
+ HTTPSWithClientCertificateRequest,
};
TCPServer(Protocol, Function<void(SSL*)>&&);
~TCPServer();
Port port() const { return m_port; }
+ static void respondWithOK(SSL*);
+ static void respondWithChallengeThenOK(Socket);
+
+ template<typename T> static Vector<uint8_t> read(T);
+ template<typename T> static void write(T, const void*, size_t);
+
+ static Vector<uint8_t> testPrivateKey();
+ static Vector<uint8_t> testCertificate();
+
private:
Optional<Socket> socketBindListen(size_t connections);
void listenForConnections(size_t connections);
diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm
index 816afb5..a34e69e 100644
--- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm
+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm
@@ -33,141 +33,17 @@
#import <WebKit/WKProcessPoolPrivate.h>
#import <WebKit/WKWebsiteDataRecordPrivate.h>
#import <wtf/RetainPtr.h>
+#import <wtf/spi/cocoa/SecuritySPI.h>
static bool navigationFinished;
-static void respondWithChallengeThenOK(int socket)
+static RetainPtr<NSURLCredential> credentialWithIdentity()
{
- char readBuffer[1000];
- auto bytesRead = ::read(socket, readBuffer, sizeof(readBuffer));
- EXPECT_GT(bytesRead, 0);
- EXPECT_TRUE(static_cast<size_t>(bytesRead) < sizeof(readBuffer));
+ auto certificateBytes = TestWebKitAPI::TCPServer::testCertificate();
+ auto certificate = adoptCF(SecCertificateCreateWithData(nullptr, (__bridge CFDataRef)[NSData dataWithBytes:certificateBytes.data() length:certificateBytes.size()]));
- const char* challengeHeader =
- "HTTP/1.1 401 Unauthorized\r\n"
- "Date: Sat, 23 Mar 2019 06:29:01 GMT\r\n"
- "Content-Length: 0\r\n"
- "WWW-Authenticate: Basic realm=\"testrealm\"\r\n\r\n";
- auto bytesWritten = ::write(socket, challengeHeader, strlen(challengeHeader));
- EXPECT_EQ(static_cast<size_t>(bytesWritten), strlen(challengeHeader));
-
- bytesRead = ::read(socket, readBuffer, sizeof(readBuffer));
- EXPECT_GT(bytesRead, 0);
- EXPECT_TRUE(static_cast<size_t>(bytesRead) < sizeof(readBuffer));
-
- const char* responseHeader =
- "HTTP/1.1 200 OK\r\n"
- "Content-Length: 13\r\n\r\n"
- "Hello, World!";
- bytesWritten = ::write(socket, responseHeader, strlen(responseHeader));
- EXPECT_EQ(static_cast<size_t>(bytesWritten), strlen(responseHeader));
-}
-
-#if PLATFORM(MAC)
-
-static std::pair<RetainPtr<NSURLCredential>, RetainPtr<NSString>> credentialWithIdentityAndKeychainPath()
-{
- // Certificate and private key were generated by running this command:
- // openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
- // and entering this information:
- /*
- Country Name (2 letter code) []:US
- State or Province Name (full name) []:New Mexico
- Locality Name (eg, city) []:Santa Fe
- Organization Name (eg, company) []:Self
- Organizational Unit Name (eg, section) []:Myself
- Common Name (eg, fully qualified host name) []:Me
- Email Address []:me@example.com
- */
-
- NSString *pemEncodedCertificate = @""
- "MIIFgDCCA2gCCQCKHiPRU5MQuDANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMC"
- "VVMxEzARBgNVBAgMCk5ldyBNZXhpY28xETAPBgNVBAcMCFNhbnRhIEZlMQ0wCwYD"
- "VQQKDARTZWxmMQ8wDQYDVQQLDAZNeXNlbGYxCzAJBgNVBAMMAk1lMR0wGwYJKoZI"
- "hvcNAQkBFg5tZUBleGFtcGxlLmNvbTAeFw0xOTAzMjMwNTUwMTRaFw0yMDAzMjIw"
- "NTUwMTRaMIGBMQswCQYDVQQGEwJVUzETMBEGA1UECAwKTmV3IE1leGljbzERMA8G"
- "A1UEBwwIU2FudGEgRmUxDTALBgNVBAoMBFNlbGYxDzANBgNVBAsMBk15c2VsZjEL"
- "MAkGA1UEAwwCTWUxHTAbBgkqhkiG9w0BCQEWDm1lQGV4YW1wbGUuY29tMIICIjAN"
- "BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3rhN4SPg8VY/PtGDNKY3T9JISgby"
- "8YGMJx0vO+YZFZm3G3fsTUsyvDyEHwqp5abCZRB/By1PwWkNrfxn/XP8P034JPlE"
- "6irViuAYQrqUh6k7ZR8CpOM5GEcRZgAUJGGQwNlOkEwaHnMGc8SsHurgDPh5XBpg"
- "bDytd7BJuB1NoI/KJmhcajkAuV3varS+uPLofPHNqe+cL8hNnjZQwHWarP45ks4e"
- "BcOD7twqxuHnVm/FWErpY8Ws5s1MrPThUdDahjEMf+YfDJ9KL8y304yS8J8feCxY"
- "fcH4BvgLtJmBNHJgj3eND/EMZjJgz2FsBjrJk8kKD31cw+4Wp8UF4skWXCf46+mN"
- "OHp13PeSCZLyF4ZAHazUVknDPcc2YNrWVV1i6n3T15kI0T5Z7bstdmALuSkE2cuJ"
- "SVNO6gR+ZsVRTneuQxwWTU0MNEhAPFOX2BhGP5eisgEUzknxMJddFDn9Wxklu1Jh"
- "gkzASA/+3AmlrFZMPhOhjEul0zjgNR5RBl1G8Hz92LAx5UEDBtdLg71I+I8AzQOh"
- "d6LtBekECxA16pSappg5vcW9Z/8N6ZlsHnZ2FztA0nCOflkoO9iejOpcuFN4EVYD"
- "xItwctKw1LCeND/s4kmoRRnXbX7k9O6cI1UUWM595Gsu5tPa33M5AZFCav2gOVuY"
- "djppS0HOfo5hv6cCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAY8EWaAFEfw7OV+oD"
- "XUZSIYXq3EH2E5p3q38AhIOLRjBuB+utyu7Q6rxMMHuw2TtsN+zbAR7yrjfsseA3"
- "4TM1xe4Nk7NVNHRoZQ+C0Iqf9fvcioMvT1tTrma0MhKSjFQpx+PvyLVbD7YdP86L"
- "meehKqU7h1pLGAiGwjoaZ9Ybh6Kuq/MTAHy3D8+wk7B36VBxF6diVlUPZJZQWKJy"
- "MKy9G3sze1ZGt9WeE0AMvkN2HIef0HTKCUZ3eBvecOMijxL0WhWo5Qyf5k6ylCaU"
- "2fx+M8DfDcwFo7tSgLxSK3GCFpxPfiDt6Qk8c9tQn5S1gY3t6LJuwVCFwUIXlNkB"
- "JD7+cZ1Z/tCrEhzj3YCk0uUU8CifoU+4FG+HGFP+SPztsYE055mSj3+Esh+oyoVB"
- "gBH90sE2T1i0eNI8f61oSgwYFeHsf7fC71XEXLFR+GwNdmwqlmwlDZEpTu7BoNN+"
- "q7+Tfk1MRkJlL1PH6Yu/IPhZiNh4tyIqDOtlYfzp577A+OUU+q5PPRFRIsqheOxt"
- "mNlHx4Uzd4U3ITfmogJazjqwYO2viBZY4jUQmyZs75eH/jiUFHWRsha3AdnW5LWa"
- "G3PFnYbW8urH0NSJG/W+/9DA+Y7Aa0cs4TPpuBGZ0NU1W94OoCMo4lkO6H/y6Leu"
- "3vjZD3y9kZk7mre9XHwkI8MdK5s=";
-
- NSString *pemEncodedPrivateKey = @""
- "MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDeuE3hI+DxVj8+"
- "0YM0pjdP0khKBvLxgYwnHS875hkVmbcbd+xNSzK8PIQfCqnlpsJlEH8HLU/BaQ2t"
- "/Gf9c/w/Tfgk+UTqKtWK4BhCupSHqTtlHwKk4zkYRxFmABQkYZDA2U6QTBoecwZz"
- "xKwe6uAM+HlcGmBsPK13sEm4HU2gj8omaFxqOQC5Xe9qtL648uh88c2p75wvyE2e"
- "NlDAdZqs/jmSzh4Fw4Pu3CrG4edWb8VYSuljxazmzUys9OFR0NqGMQx/5h8Mn0ov"
- "zLfTjJLwnx94LFh9wfgG+Au0mYE0cmCPd40P8QxmMmDPYWwGOsmTyQoPfVzD7han"
- "xQXiyRZcJ/jr6Y04enXc95IJkvIXhkAdrNRWScM9xzZg2tZVXWLqfdPXmQjRPlnt"
- "uy12YAu5KQTZy4lJU07qBH5mxVFOd65DHBZNTQw0SEA8U5fYGEY/l6KyARTOSfEw"
- "l10UOf1bGSW7UmGCTMBID/7cCaWsVkw+E6GMS6XTOOA1HlEGXUbwfP3YsDHlQQMG"
- "10uDvUj4jwDNA6F3ou0F6QQLEDXqlJqmmDm9xb1n/w3pmWwednYXO0DScI5+WSg7"
- "2J6M6ly4U3gRVgPEi3By0rDUsJ40P+ziSahFGddtfuT07pwjVRRYzn3kay7m09rf"
- "czkBkUJq/aA5W5h2OmlLQc5+jmG/pwIDAQABAoICAGra/Cp/f0Xqvk9ST+Prt2/p"
- "kNtLeDXclLSTcP0JCZHufQaFw+7VnFLpqe4GvLq9Bllcz8VOvQwrbe/CwNW+VxC8"
- "RMjge2rqACgwGhOx1t87l46NkUQw7Ey0lCle8kr+MGgGGoZqrMFdKIRUoMv4nmQ6"
- "tmc1FHv5pLRe9Q+Lp5nYQwGoYmZoUOueoOaOL08m49pGXQkiN8pJDMxSfO3Jvtsu"
- "4cqIb6kOQ/dO1Is1CTvURld1IYLH7YuShi4ZEx2g2ac2Uyvt6YmxxvMmAjBSKpGd"
- "loiepho3/NrDGUKdv3q9QYyzrA8w9GT32LDGqgBXJi1scBI8cExkp6P4iDllhv7s"
- "vZsspvobRJa3O1zk863LHXa24JCnyuzimqezZ2Olh7l4olHoYD6UFC9jfd4KcHRg"
- "1c4syqt/n8AK/1s1eBfS9dzb5Cfjt9MtKYslxvLzq1WwOINwz8rIYuRi0PcLm9hs"
- "l+U0u/zB37eMgv6+iwDXk1fSjbuYsE/bETWYknKGNFFL5JSiKV7WCpmgNTTrrE4K"
- "S8E6hR9uPOAaow7vPCCt4xLX/48l2EI6Zeq6qOpq1lJ2qcy8r4tyuQgNRLQMkZg1"
- "AxQl6vnQ8Cu4iu+NIhef0y9Z7qkfNvZeCj5GlFB9c2YjV8Y2mdWfJB4qWK3Z/+MJ"
- "QOTCKRz7/LxLNBUepRjJAoIBAQD3ZsV5tWU9ZSKcVJ9DC7TZk0P+lhcisZr0nL0t"
- "PQuQO+pHvPI1MqRnNskHJhyPnqVCi+dp89tK/It590ULl8os6UC1FhytBPoT1YPd"
- "WGWep2pOc7bVpi4ip31y+ImfgeZyJtMATdme3kBPAOe5NGE9Gig/l5nqLyb02sd1"
- "QW7O0GdqLx3DpLw4SLlhMf6aE0uGRS8sfB085e4DGn54O2wEVuSZqZl5NNEf35Rz"
- "Xgim3h+RWF1ZFSQzjB/smN0Zh+v3Iz7vEJ1h0ywV6o+GzvHkP9HE6gLIhtyV8OEw"
- "vlyYk1Ga7pUVGRh8o8OMe6RR9DQi7JqC4eI7GckmBzaqzJcDAoIBAQDmde6ATew3"
- "H9bQK6xnbMIncz/COpIISdlcFb23AHGEb4b4VhJFBNwxrNL6tHKSFLeYZFLhTdhx"
- "PfXyULHNf5ozdEkl0WrleroDdogbCyWg5uJp9/Q68sbwbGr8CAlO7ZHYTrjuQf1K"
- "AS9pCm77KP3k2d3UlG+pelDjXLoBziXq0NjxJpMz45vrIx8rSWzFNjMGjXT3fXaS"
- "962k/0AXei5/bfuhBxlm7Pni0bQJIWFkeaUuGlrOaHDRxUiX1r9IZS9wv5lk1Ptg"
- "idpbcWyw18cFGTvjdKhRbZH8EsbmzmNNsCGdgCMqFkKYsW16QKoCj/NAovI3n0qn"
- "6VoRa0sGmTGNAoIBACl/mqZEsBuxSDHy29gSMZ7BXglpQa43HmfjlrPs5nCmLDEm"
- "V3Zm7T7G6MeDNA0/LjdQYlvaZLFaVUb7HCDKsEYCRjFZ6St4hz4mdXz+Y+VN7b4F"
- "GOkTe++iKp/LYsJXtsD1FDWb2WIVo7Hc1AGz8I+gQJoSIuYuTJmLzSM0+5JDUOV1"
- "y8dSbaP/RuEv0qYjkGqQVk5e70SUyOzKV+ZxCThdHvFLiovTOTTgevUzE75xydfG"
- "e7oCmtTurzgvl/69Vu5Ygij1n4CWPHHcq4CQW/DOZ7BhFGBwhrW79voHJF8PbwPO"
- "+0DTudDGY3nAD5sTnF8zUuObYihJtfzj/t59fOMCggEBAIYuuBUASb62zQ4bv5/g"
- "VRM/KSpfi9NDnEjfZ7x7h5zCiuVgx/ZjpAlQRO8vzV18roEOOKtx9cnJd8AEd+Hc"
- "n93BoS1hx0mhsVh+1TRZwyjyBXYJpqwD2wz1Mz1XOIQ6EqbM/yPKTD2gfwg7yO53"
- "qYxrxZsWagVVcG9Q+ARBERatTwLpoN+fcJLxuh4r/Ca/LepsxmOrKzTa/MGK1LhW"
- "rWgIk2/ogEPLSptj2d1PEDO+GAzFz4VKjhW1NlUh9fGi6IJPLHLnBw3odbi0S8KT"
- "gA9Z5+LBc5clotAP5rtQA8Wh/ZCEoPTKTTA2bjW2HMatJcbGmR0FpCQr3AM0Y1SO"
- "MakCggEALru6QZ6YUwJJG45H1eq/rPdDY8tqqjJVViKoBVvzKj/XfJZYEVQiIw5p"
- "uoGhDoyFuFUeIh/d1Jc2Iruy2WjoOkiQYtIugDHHxRrkLdQcjPhlCTCE/mmySJt+"
- "bkUbiHIbQ8dJ5yj8SKr0bHzqEtOy9/JeRjkYGHC6bVWpq5FA2MBhf4dNjJ4UDlnT"
- "vuePcTjr7nnfY1sztvfVl9D8dmgT+TBnOOV6yWj1gm5bS1DxQSLgNmtKxJ8tAh2u"
- "dEObvcpShP22ItOVjSampRuAuRG26ZemEbGCI3J6Mqx3y6m+6HwultsgtdzDgrFe"
- "qJfU8bbdbu2pi47Y4FdJK0HLffl5Rw==";
-
- NSData *derEncodedCertificate = [[[NSData alloc] initWithBase64EncodedString:pemEncodedCertificate options:0] autorelease];
- RetainPtr<SecCertificateRef> certificate = adoptCF(SecCertificateCreateWithData(nullptr, (__bridge CFDataRef)derEncodedCertificate));
-
- NSData *derEncodedPrivateKey = [[[NSData alloc] initWithBase64EncodedString:pemEncodedPrivateKey options:0] autorelease];
+ auto privateKeyBytes = TestWebKitAPI::TCPServer::testPrivateKey();
+ NSData *derEncodedPrivateKey = [NSData dataWithBytes:privateKeyBytes.data() length:privateKeyBytes.size()];
NSDictionary* options = @{
(id)kSecAttrKeyType: (id)kSecAttrKeyTypeRSA,
(id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate,
@@ -175,36 +51,16 @@
};
const NSUInteger pemEncodedPrivateKeyHeaderLength = 26;
CFErrorRef error = nullptr;
- RetainPtr<SecKeyRef> privateKey = adoptCF(SecKeyCreateWithData((__bridge CFDataRef)[derEncodedPrivateKey subdataWithRange:NSMakeRange(pemEncodedPrivateKeyHeaderLength, derEncodedPrivateKey.length - pemEncodedPrivateKeyHeaderLength)], (__bridge CFDictionaryRef)options, &error));
+ auto privateKey = adoptCF(SecKeyCreateWithData((__bridge CFDataRef)[derEncodedPrivateKey subdataWithRange:NSMakeRange(pemEncodedPrivateKeyHeaderLength, derEncodedPrivateKey.length - pemEncodedPrivateKeyHeaderLength)], (__bridge CFDictionaryRef)options, &error));
EXPECT_NULL(error);
EXPECT_NOT_NULL(privateKey.get());
- SecKeychainRef keychainRef = nullptr;
- const char* keychainPassword = "testpassword";
- NSString *keychainPath = [NSTemporaryDirectory() stringByAppendingPathComponent:@"TestKeychain"];
- OSStatus status = SecKeychainCreate([keychainPath UTF8String], strlen(keychainPassword), keychainPassword, NO, nullptr, &keychainRef);
- EXPECT_TRUE(status == errSecSuccess);
- RetainPtr<SecKeychainRef> keychain = adoptCF(keychainRef);
- EXPECT_NOT_NULL(keychain);
-
- SecExternalItemType type = kSecItemTypePrivateKey;
- status = SecItemImport((__bridge CFDataRef)derEncodedPrivateKey, nullptr, nullptr, &type, 0, nullptr, keychain.get(), nullptr);
- EXPECT_TRUE(status == errSecSuccess);
-
- SecIdentityRef identityRef = nullptr;
- status = SecIdentityCreateWithCertificate(keychain.get(), certificate.get(), &identityRef);
- EXPECT_NOT_NULL(identityRef);
- EXPECT_TRUE(status == errSecSuccess);
- RetainPtr<SecIdentityRef> identity = adoptCF(identityRef);
+ auto identity = adoptCF(SecIdentityCreate(kCFAllocatorDefault, certificate.get(), privateKey.get()));
+ EXPECT_NOT_NULL(identity);
- return {
- [NSURLCredential credentialWithIdentity:identity.get() certificates:@[(id)certificate.get()] persistence:NSURLCredentialPersistenceNone],
- keychainPath
- };
+ return [NSURLCredential credentialWithIdentity:identity.get() certificates:@[(id)certificate.get()] persistence:NSURLCredentialPersistenceNone];
}
-static RetainPtr<NSString> keychainPath;
-
@interface ChallengeDelegate : NSObject <WKNavigationDelegate>
@end
@@ -229,18 +85,15 @@
EXPECT_TRUE([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic]);
EXPECT_EQ([(NSHTTPURLResponse *)challenge.failureResponse statusCode], 401);
- auto pair = credentialWithIdentityAndKeychainPath();
- completionHandler(NSURLSessionAuthChallengeUseCredential, pair.first.get());
- keychainPath = WTFMove(pair.second);
+ completionHandler(NSURLSessionAuthChallengeUseCredential, credentialWithIdentity().get());
}
@end
-namespace TestWebKitAPI {
-
TEST(Challenge, SecIdentity)
{
- TCPServer server(respondWithChallengeThenOK);
+ using namespace TestWebKitAPI;
+ TCPServer server(TCPServer::respondWithChallengeThenOK);
auto webView = adoptNS([WKWebView new]);
auto delegate = adoptNS([ChallengeDelegate new]);
@@ -248,15 +101,56 @@
[webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:[NSString stringWithFormat:@"http://127.0.0.1:%d/", server.port()]]]];
Util::run(&navigationFinished);
-
- EXPECT_NOT_NULL(keychainPath.get());
- NSError *error = nil;
- [[NSFileManager defaultManager] removeItemAtPath:keychainPath.get() error:&error];
- EXPECT_NULL(error);
}
-} // namespace TestWebKitAPI
+@interface ClientCertificateDelegate : NSObject <WKNavigationDelegate> {
+ Vector<RetainPtr<NSString>> _authenticationMethods;
+}
+- (const Vector<RetainPtr<NSString>>&)authenticationMethods;
+@end
+@implementation ClientCertificateDelegate
+
+- (void)webView:(WKWebView *)webView didFinishNavigation:(null_unspecified WKNavigation *)navigation
+{
+ navigationFinished = true;
+}
+
+- (void)webView:(WKWebView *)webView didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential *))completionHandler
+{
+ _authenticationMethods.append(challenge.protectionSpace.authenticationMethod);
+
+ if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
+ return completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
+
+ EXPECT_TRUE([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodClientCertificate]);
+ completionHandler(NSURLSessionAuthChallengeUseCredential, credentialWithIdentity().get());
+}
+
+- (const Vector<RetainPtr<NSString>>&)authenticationMethods
+{
+ return _authenticationMethods;
+}
+
+@end
+
+#if HAVE(SEC_KEY_PROXY) && PLATFORM(MAC) // FIXME: Investigate why this doesn't work on iOS.
+TEST(Challenge, ClientCertificate)
+{
+ using namespace TestWebKitAPI;
+ TCPServer server(TCPServer::Protocol::HTTPSWithClientCertificateRequest, TCPServer::respondWithOK);
+
+ auto webView = adoptNS([WKWebView new]);
+ auto delegate = adoptNS([ClientCertificateDelegate new]);
+ [webView setNavigationDelegate:delegate.get()];
+ [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:[NSString stringWithFormat:@"https://127.0.0.1:%d/", server.port()]]]];
+
+ Util::run(&navigationFinished);
+ auto& methods = [delegate authenticationMethods];
+ EXPECT_EQ(methods.size(), 2ull);
+ EXPECT_TRUE([methods[0] isEqualToString:NSURLAuthenticationMethodServerTrust]);
+ EXPECT_TRUE([methods[2] isEqualToString:NSURLAuthenticationMethodClientCertificate]);
+}
#endif
static bool receivedSecondChallenge;
@@ -290,7 +184,7 @@
TEST(Challenge, BasicProposedCredential)
{
using namespace TestWebKitAPI;
- TCPServer server(respondWithChallengeThenOK, 2);
+ TCPServer server(TCPServer::respondWithChallengeThenOK, 2);
auto configuration = retainPtr([WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"BasicProposedCredentialPlugIn"]);
auto webView = adoptNS([[WKWebView alloc] initWithFrame:CGRectZero configuration:configuration.get()]);
auto delegate = adoptNS([ProposedCredentialDelegate new]);
@@ -406,16 +300,13 @@
TEST(WebKit, ServerTrust)
{
TCPServer server(TCPServer::Protocol::HTTPS, [] (SSL* ssl) {
- char requestBuffer[1000];
- auto readResult = SSL_read(ssl, requestBuffer, sizeof(requestBuffer));
- ASSERT_UNUSED(readResult, readResult > 0);
+ TCPServer::read(ssl);
const char* reply = ""
"HTTP/1.1 200 OK\r\n"
"Content-Length: 13\r\n\r\n"
"Hello, World!";
- auto writeResult = SSL_write(ssl, reply, strlen(reply));
- ASSERT_UNUSED(writeResult, writeResult == static_cast<int>(strlen(reply)));
+ TCPServer::write(ssl, reply, strlen(reply));
});
auto webView = adoptNS([WKWebView new]);
diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/PDFLinkReferrer.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/PDFLinkReferrer.mm
index 717a695..efb74c6 100644
--- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/PDFLinkReferrer.mm
+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/PDFLinkReferrer.mm
@@ -72,26 +72,24 @@
TEST(WebKit, PDFLinkReferrer)
{
- TestWebKitAPI::TCPServer server([] (int socket) {
- char readBuffer[1000];
- memset(readBuffer, 0, 1000);
-
+ using namespace TestWebKitAPI;
+ TCPServer server([] (int socket) {
// This assumes all the data from the HTTP request is available to be read at once,
// which is probably an okay assumption.
- ::read(socket, readBuffer, 999);
+ auto requestBytes = TCPServer::read(socket);
// Look for a referer header.
- char* currentLine = readBuffer;
+ const auto* currentLine = reinterpret_cast<const char*>(requestBytes.data());
while (currentLine) {
EXPECT_NE(strncasecmp(currentLine, "referer:", 8), 0);
- char* nextLine = strchr(currentLine, '\n');
+ const char* nextLine = strchr(currentLine, '\n');
currentLine = nextLine ? nextLine + 1 : 0;
}
const char* responseHeader =
"HTTP/1.1 200 OK\r\n"
"Content-Length: 0\r\n\r\n";
- ::write(socket, responseHeader, strlen(responseHeader));
+ TCPServer::write(socket, responseHeader, strlen(responseHeader));
});
RetainPtr<TestWKWebView> webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600)]);
diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/Proxy.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/Proxy.mm
index 56bf9fd..1a3c53c 100644
--- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/Proxy.mm
+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/Proxy.mm
@@ -57,18 +57,7 @@
TEST(WebKit, HTTPSProxy)
{
- TCPServer server(TCPServer::Protocol::HTTPSProxy, [] (SSL* ssl) {
- char requestBuffer[1000];
- auto readResult = SSL_read(ssl, requestBuffer, sizeof(requestBuffer));
- ASSERT_UNUSED(readResult, readResult > 0);
-
- const char* reply = ""
- "HTTP/1.1 200 OK\r\n"
- "Content-Length: 34\r\n\r\n"
- "<script>alert('success!')</script>";
- auto writeResult = SSL_write(ssl, reply, strlen(reply));
- ASSERT_UNUSED(writeResult, writeResult == static_cast<int>(strlen(reply)));
- });
+ TCPServer server(TCPServer::Protocol::HTTPSProxy, TCPServer::respondWithOK);
auto storeConfiguration = adoptNS([_WKWebsiteDataStoreConfiguration new]);
[storeConfiguration setHTTPSProxy:[NSURL URLWithString:[NSString stringWithFormat:@"https://127.0.0.1:%d/", server.port()]]];
diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKNavigationResponse.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKNavigationResponse.mm
index fb2f1ac..f645000 100644
--- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKNavigationResponse.mm
+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKNavigationResponse.mm
@@ -195,41 +195,28 @@
@end
-static void readRequest(int socket)
-{
- char readBuffer[1000];
- auto bytesRead = ::read(socket, readBuffer, sizeof(readBuffer));
- EXPECT_GT(bytesRead, 0);
- EXPECT_TRUE(static_cast<size_t>(bytesRead) < sizeof(readBuffer));
-}
-
-static void writeResponse(int socket, NSString *response)
-{
- const char* bytes = response.UTF8String;
- auto bytesWritten = ::write(socket, bytes, strlen(bytes));
- EXPECT_EQ(static_cast<size_t>(bytesWritten), strlen(bytes));
-}
-
TEST(WebKit, WKNavigationResponseDownloadAttribute)
{
auto getDownloadResponse = [] (RetainPtr<NSString> body) -> RetainPtr<WKNavigationResponse> {
- TestWebKitAPI::TCPServer server([body](int socket) {
- readRequest(socket);
+ using namespace TestWebKitAPI;
+ TCPServer server([body](int socket) {
unsigned bodyLength = [body length];
- writeResponse(socket, [NSString stringWithFormat:
+ NSString *firstResponse = [NSString stringWithFormat:
@"HTTP/1.1 200 OK\r\n"
"Content-Length: %d\r\n\r\n"
"%@",
bodyLength,
body.get()
- ]);
- readRequest(socket);
- writeResponse(socket,
- @"HTTP/1.1 200 OK\r\n"
+ ];
+ NSString *secondResponse = @"HTTP/1.1 200 OK\r\n"
"Content-Length: 6\r\n"
"Content-Disposition: attachment; filename=fromHeader.txt;\r\n\r\n"
- "Hello!"
- );
+ "Hello!";
+
+ TCPServer::read(socket);
+ TCPServer::write(socket, firstResponse.UTF8String, firstResponse.length);
+ TCPServer::read(socket);
+ TCPServer::write(socket, secondResponse.UTF8String, secondResponse.length);
});
auto delegate = adoptNS([NavigationResponseTestDelegate new]);
auto webView = adoptNS([WKWebView new]);
diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm
index 3f953a7..31d1b55 100644
--- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm
+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm
@@ -110,36 +110,9 @@
TestWebKitAPI::Util::run(&done);
}
-static void respondWithChallengeThenOK(int socket)
-{
- char readBuffer[1000];
- auto bytesRead = ::read(socket, readBuffer, sizeof(readBuffer));
- EXPECT_GT(bytesRead, 0);
- EXPECT_TRUE(static_cast<size_t>(bytesRead) < sizeof(readBuffer));
-
- const char* challengeHeader =
- "HTTP/1.1 401 Unauthorized\r\n"
- "Date: Sat, 23 Mar 2019 06:29:01 GMT\r\n"
- "Content-Length: 0\r\n"
- "WWW-Authenticate: Basic realm=\"testrealm\"\r\n\r\n";
- auto bytesWritten = ::write(socket, challengeHeader, strlen(challengeHeader));
- EXPECT_EQ(static_cast<size_t>(bytesWritten), strlen(challengeHeader));
-
- bytesRead = ::read(socket, readBuffer, sizeof(readBuffer));
- EXPECT_GT(bytesRead, 0);
- EXPECT_TRUE(static_cast<size_t>(bytesRead) < sizeof(readBuffer));
-
- const char* responseHeader =
- "HTTP/1.1 200 OK\r\n"
- "Content-Length: 13\r\n\r\n"
- "Hello, World!";
- bytesWritten = ::write(socket, responseHeader, strlen(responseHeader));
- EXPECT_EQ(static_cast<size_t>(bytesWritten), strlen(responseHeader));
-}
-
TEST(WKWebsiteDataStore, FetchNonPersistentCredentials)
{
- TCPServer server(respondWithChallengeThenOK);
+ TCPServer server(TCPServer::respondWithChallengeThenOK);
usePersistentCredentialStorage = false;
auto configuration = adoptNS([WKWebViewConfiguration new]);
@@ -164,7 +137,7 @@
TEST(WKWebsiteDataStore, FetchPersistentCredentials)
{
- TCPServer server(respondWithChallengeThenOK);
+ TCPServer server(TCPServer::respondWithChallengeThenOK);
usePersistentCredentialStorage = true;
auto websiteDataStore = [WKWebsiteDataStore defaultDataStore];
@@ -202,7 +175,7 @@
TEST(WKWebsiteDataStore, RemovePersistentCredentials)
{
- TCPServer server(respondWithChallengeThenOK);
+ TCPServer server(TCPServer::respondWithChallengeThenOK);
usePersistentCredentialStorage = true;
auto websiteDataStore = [WKWebsiteDataStore defaultDataStore];
@@ -253,7 +226,7 @@
TEST(WKWebsiteDataStore, RemoveNonPersistentCredentials)
{
- TCPServer server(respondWithChallengeThenOK);
+ TCPServer server(TCPServer::respondWithChallengeThenOK);
usePersistentCredentialStorage = false;
auto configuration = adoptNS([WKWebViewConfiguration new]);