/*
* Copyright (C) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
* THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "config.h"
#include "PlatformCertificateInfo.h"
#include "ArgumentDecoder.h"
#include "ArgumentEncoder.h"
#include <WebCore/ResourceResponse.h>
#if USE(CG)
#include <WebKitSystemInterface/WebKitSystemInterface.h>
#endif
using namespace WebCore;
namespace WebKit {
PlatformCertificateInfo::PlatformCertificateInfo()
{
}
PlatformCertificateInfo::PlatformCertificateInfo(const ResourceResponse& response)
{
CFURLResponseRef cfResponse = response.cfURLResponse();
if (!cfResponse)
return;
#if USE(CG)
CFDictionaryRef certificateInfo = wkGetSSLCertificateInfo(cfResponse);
if (!certificateInfo)
return;
void* data = wkGetSSLCertificateChainContext(certificateInfo);
if (!data)
return;
PCCERT_CHAIN_CONTEXT chainContext = static_cast<PCCERT_CHAIN_CONTEXT>(data);
if (chainContext->cChain < 1)
return;
// The first simple chain starts with the leaf certificate and ends with a trusted root or self-signed certificate.
PCERT_SIMPLE_CHAIN firstSimpleChain = chainContext->rgpChain[0];
for (unsigned i = 0; i < firstSimpleChain->cElement; ++i) {
PCCERT_CONTEXT certificateContext = firstSimpleChain->rgpElement[i]->pCertContext;
PCCERT_CONTEXT certificateContextCopy = ::CertDuplicateCertificateContext(certificateContext);
m_certificateChain.append(certificateContextCopy);
}
#else
// FIXME: WinCairo implementation
#endif
}
PlatformCertificateInfo::PlatformCertificateInfo(PCCERT_CONTEXT certificateContext)
{
if (!certificateContext)
return;
PCCERT_CONTEXT certificateContextCopy = ::CertDuplicateCertificateContext(certificateContext);
m_certificateChain.append(certificateContextCopy);
}
PlatformCertificateInfo::~PlatformCertificateInfo()
{
clearCertificateChain();
}
PlatformCertificateInfo::PlatformCertificateInfo(const PlatformCertificateInfo& other)
{
for (size_t i = 0; i < other.m_certificateChain.size(); ++i) {
PCCERT_CONTEXT certificateContextCopy = ::CertDuplicateCertificateContext(other.m_certificateChain[i]);
m_certificateChain.append(certificateContextCopy);
}
}
PlatformCertificateInfo& PlatformCertificateInfo::operator=(const PlatformCertificateInfo& other)
{
clearCertificateChain();
for (size_t i = 0; i < other.m_certificateChain.size(); ++i) {
PCCERT_CONTEXT certificateContextCopy = ::CertDuplicateCertificateContext(other.m_certificateChain[i]);
m_certificateChain.append(certificateContextCopy);
}
return *this;
}
void PlatformCertificateInfo::encode(CoreIPC::ArgumentEncoder* encoder) const
{
// Special case no certificates
if (m_certificateChain.isEmpty()) {
encoder->encodeUInt64(std::numeric_limits<uint64_t>::max());
return;
}
uint64_t length = m_certificateChain.size();
encoder->encodeUInt64(length);
for (size_t i = 0; i < length; ++i)
encoder->encodeBytes(static_cast<uint8_t*>(m_certificateChain[i]->pbCertEncoded), m_certificateChain[i]->cbCertEncoded);
}
bool PlatformCertificateInfo::decode(CoreIPC::ArgumentDecoder* decoder, PlatformCertificateInfo& c)
{
uint64_t length;
if (!decoder->decode(length))
return false;
if (length == std::numeric_limits<uint64_t>::max()) {
// This is the no certificates case.
return true;
}
for (size_t i = 0; i < length; ++i) {
Vector<uint8_t> bytes;
if (!decoder->decodeBytes(bytes)) {
c.clearCertificateChain();
return false;
}
PCCERT_CONTEXT certificateContext = ::CertCreateCertificateContext(PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, bytes.data(), bytes.size());
if (!certificateContext) {
c.clearCertificateChain();
return false;
}
c.m_certificateChain.append(certificateContext);
}
return true;
}
void PlatformCertificateInfo::clearCertificateChain()
{
for (size_t i = 0; i < m_certificateChain.size(); ++i)
::CertFreeCertificateContext(m_certificateChain[i]);
m_certificateChain.clear();
}
} // namespace WebKit