diff options
Diffstat (limited to 'Source/WebKit2/WebProcess/Authentication')
4 files changed, 307 insertions, 0 deletions
diff --git a/Source/WebKit2/WebProcess/Authentication/AuthenticationManager.cpp b/Source/WebKit2/WebProcess/Authentication/AuthenticationManager.cpp new file mode 100644 index 000000000..aa76a29ca --- /dev/null +++ b/Source/WebKit2/WebProcess/Authentication/AuthenticationManager.cpp @@ -0,0 +1,139 @@ +/* + * Copyright (C) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + * THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" +#include "AuthenticationManager.h" + +#include "Download.h" +#include "DownloadProxyMessages.h" +#include "MessageID.h" +#include "WebCoreArgumentCoders.h" +#include "WebFrame.h" +#include "WebPage.h" +#include "WebPageProxyMessages.h" +#include "WebProcess.h" +#include <WebCore/AuthenticationChallenge.h> +#include <WebCore/AuthenticationClient.h> + +using namespace WebCore; + +namespace WebKit { + +static uint64_t generateAuthenticationChallengeID() +{ + static uint64_t uniqueAuthenticationChallengeID = 1; + return uniqueAuthenticationChallengeID++; +} + +AuthenticationManager& AuthenticationManager::shared() +{ + static AuthenticationManager& manager = *new AuthenticationManager; + return manager; +} + +AuthenticationManager::AuthenticationManager() +{ +} + +void AuthenticationManager::didReceiveMessage(CoreIPC::Connection* connection, CoreIPC::MessageID messageID, CoreIPC::ArgumentDecoder* arguments) +{ + didReceiveAuthenticationManagerMessage(connection, messageID, arguments); +} + +void AuthenticationManager::didReceiveAuthenticationChallenge(WebFrame* frame, const AuthenticationChallenge& authenticationChallenge) +{ + ASSERT(frame); + ASSERT(frame->page()); + + uint64_t challengeID = generateAuthenticationChallengeID(); + m_challenges.set(challengeID, authenticationChallenge); + + WebProcess::shared().connection()->send(Messages::WebPageProxy::DidReceiveAuthenticationChallenge(frame->frameID(), authenticationChallenge, challengeID), frame->page()->pageID()); +} + +void AuthenticationManager::didReceiveAuthenticationChallenge(Download* download, const AuthenticationChallenge& authenticationChallenge) +{ + uint64_t challengeID = generateAuthenticationChallengeID(); + m_challenges.set(challengeID, authenticationChallenge); + + download->send(Messages::DownloadProxy::DidReceiveAuthenticationChallenge(authenticationChallenge, challengeID)); +} + +// Currently, only Mac knows how to respond to authentication challenges with certificate info. +#if !PLATFORM(MAC) +bool AuthenticationManager::tryUsePlatformCertificateInfoForChallenge(const WebCore::AuthenticationChallenge&, const PlatformCertificateInfo&) +{ + return false; +} +#endif + +void AuthenticationManager::useCredentialForChallenge(uint64_t challengeID, const Credential& credential, const PlatformCertificateInfo& certificateInfo) +{ + AuthenticationChallenge challenge = m_challenges.take(challengeID); + ASSERT(!challenge.isNull()); + + if (tryUsePlatformCertificateInfoForChallenge(challenge, certificateInfo)) + return; + + AuthenticationClient* coreClient = challenge.authenticationClient(); + if (!coreClient) { + // This authentication challenge comes from a download. + Download::receivedCredential(challenge, credential); + return; + + } + + coreClient->receivedCredential(challenge, credential); +} + +void AuthenticationManager::continueWithoutCredentialForChallenge(uint64_t challengeID) +{ + AuthenticationChallenge challenge = m_challenges.take(challengeID); + ASSERT(!challenge.isNull()); + AuthenticationClient* coreClient = challenge.authenticationClient(); + if (!coreClient) { + // This authentication challenge comes from a download. + Download::receivedRequestToContinueWithoutCredential(challenge); + return; + } + + coreClient->receivedRequestToContinueWithoutCredential(challenge); +} + +void AuthenticationManager::cancelChallenge(uint64_t challengeID) +{ + AuthenticationChallenge challenge = m_challenges.take(challengeID); + ASSERT(!challenge.isNull()); + AuthenticationClient* coreClient = challenge.authenticationClient(); + if (!coreClient) { + // This authentication challenge comes from a download. + Download::receivedCancellation(challenge); + return; + } + + coreClient->receivedCancellation(challenge); +} + +} // namespace WebKit diff --git a/Source/WebKit2/WebProcess/Authentication/AuthenticationManager.h b/Source/WebKit2/WebProcess/Authentication/AuthenticationManager.h new file mode 100644 index 000000000..192c91aef --- /dev/null +++ b/Source/WebKit2/WebProcess/Authentication/AuthenticationManager.h @@ -0,0 +1,76 @@ +/* + * Copyright (C) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + * THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef AuthenticationManager_h +#define AuthenticationManager_h + +#include <wtf/HashMap.h> + +namespace CoreIPC { + class ArgumentDecoder; + class Connection; + class MessageID; +} + +namespace WebCore { + class AuthenticationChallenge; + class Credential; +} + +namespace WebKit { + +class Download; +class PlatformCertificateInfo; +class WebFrame; + +class AuthenticationManager { + WTF_MAKE_NONCOPYABLE(AuthenticationManager); + +public: + static AuthenticationManager& shared(); + + void didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*); + + void didReceiveAuthenticationChallenge(WebFrame*, const WebCore::AuthenticationChallenge&); + void didReceiveAuthenticationChallenge(Download*, const WebCore::AuthenticationChallenge&); + + void useCredentialForChallenge(uint64_t challengeID, const WebCore::Credential&, const PlatformCertificateInfo&); + void continueWithoutCredentialForChallenge(uint64_t challengeID); + void cancelChallenge(uint64_t challengeID); + +private: + AuthenticationManager(); + + void didReceiveAuthenticationManagerMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*); + + bool tryUsePlatformCertificateInfoForChallenge(const WebCore::AuthenticationChallenge&, const PlatformCertificateInfo&); + + typedef HashMap<uint64_t, WebCore::AuthenticationChallenge> AuthenticationChallengeMap; + AuthenticationChallengeMap m_challenges; +}; + +} // namespace WebKit + +#endif // AuthenticationManager_h diff --git a/Source/WebKit2/WebProcess/Authentication/AuthenticationManager.messages.in b/Source/WebKit2/WebProcess/Authentication/AuthenticationManager.messages.in new file mode 100644 index 000000000..bb1cc30ca --- /dev/null +++ b/Source/WebKit2/WebProcess/Authentication/AuthenticationManager.messages.in @@ -0,0 +1,27 @@ +# Copyright (C) 2010 Apple Inc. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS BE LIABLE FOR +# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +messages -> AuthenticationManager { + void UseCredentialForChallenge(uint64_t challengeID, WebCore::Credential credential, WebKit::PlatformCertificateInfo certificate); + void ContinueWithoutCredentialForChallenge(uint64_t challengeID); + void CancelChallenge(uint64_t challengeID); +} diff --git a/Source/WebKit2/WebProcess/Authentication/mac/AuthenticationManager.mac.mm b/Source/WebKit2/WebProcess/Authentication/mac/AuthenticationManager.mac.mm new file mode 100644 index 000000000..091ad40c0 --- /dev/null +++ b/Source/WebKit2/WebProcess/Authentication/mac/AuthenticationManager.mac.mm @@ -0,0 +1,65 @@ +/* + * Copyright (C) 2011 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + * THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" +#include "AuthenticationManager.h" + +#include "PlatformCertificateInfo.h" +#include <Security/SecIdentity.h> +#include <WebCore/AuthenticationChallenge.h> + +using namespace WebCore; + +namespace WebKit { + +bool AuthenticationManager::tryUsePlatformCertificateInfoForChallenge(const AuthenticationChallenge& challenge, const PlatformCertificateInfo& certificateInfo) +{ + CFArrayRef chain = certificateInfo.certificateChain(); + if (!chain) + return false; + + ASSERT(CFArrayGetCount(chain)); + + // The passed-in certificate chain includes the identity certificate at index 0, and additional certificates starting at index 1. + SecIdentityRef identity; + OSStatus result = SecIdentityCreateWithCertificate(NULL, (SecCertificateRef)CFArrayGetValueAtIndex(chain, 0), &identity); + if (result != errSecSuccess) { + LOG_ERROR("Unable to create SecIdentityRef with certificate - %i", result); + [challenge.sender() cancelAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()]; + return true; + } + + CFIndex chainCount = CFArrayGetCount(chain); + NSArray *nsChain = chainCount > 1 ? [(NSArray *)chain subarrayWithRange:NSMakeRange(1, chainCount - 1)] : nil; + + NSURLCredential *credential = [NSURLCredential credentialWithIdentity:identity + certificates:nsChain + persistence:NSURLCredentialPersistenceNone]; + + [challenge.sender() useCredential:credential forAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()]; + return true; +} + +} // namespace WebKit |