1 /* 2 * Copyright (C) 2010 Apple Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' 14 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 15 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS 17 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 18 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 19 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 20 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 21 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 22 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 23 * THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26 #include "config.h" 27 #include "PlatformCertificateInfo.h" 28 29 #include "ArgumentDecoder.h" 30 #include "ArgumentEncoder.h" 31 #include <WebCore/ResourceResponse.h> 32 33 #if USE(CG) 34 #include <WebKitSystemInterface/WebKitSystemInterface.h> 35 #endif 36 37 using namespace WebCore; 38 39 namespace WebKit { 40 41 PlatformCertificateInfo::PlatformCertificateInfo() 42 { 43 } 44 45 PlatformCertificateInfo::PlatformCertificateInfo(const ResourceResponse& response) 46 { 47 CFURLResponseRef cfResponse = response.cfURLResponse(); 48 if (!cfResponse) 49 return; 50 51 #if USE(CG) 52 CFDictionaryRef certificateInfo = wkGetSSLCertificateInfo(cfResponse); 53 if (!certificateInfo) 54 return; 55 56 void* data = wkGetSSLCertificateChainContext(certificateInfo); 57 if (!data) 58 return; 59 60 PCCERT_CHAIN_CONTEXT chainContext = static_cast<PCCERT_CHAIN_CONTEXT>(data); 61 if (chainContext->cChain < 1) 62 return; 63 64 // The first simple chain starts with the leaf certificate and ends with a trusted root or self-signed certificate. 65 PCERT_SIMPLE_CHAIN firstSimpleChain = chainContext->rgpChain[0]; 66 for (unsigned i = 0; i < firstSimpleChain->cElement; ++i) { 67 PCCERT_CONTEXT certificateContext = firstSimpleChain->rgpElement[i]->pCertContext; 68 PCCERT_CONTEXT certificateContextCopy = ::CertDuplicateCertificateContext(certificateContext); 69 m_certificateChain.append(certificateContextCopy); 70 } 71 #else 72 // FIXME: WinCairo implementation 73 #endif 74 } 75 76 PlatformCertificateInfo::PlatformCertificateInfo(PCCERT_CONTEXT certificateContext) 77 { 78 if (!certificateContext) 79 return; 80 81 PCCERT_CONTEXT certificateContextCopy = ::CertDuplicateCertificateContext(certificateContext); 82 m_certificateChain.append(certificateContextCopy); 83 } 84 85 PlatformCertificateInfo::~PlatformCertificateInfo() 86 { 87 clearCertificateChain(); 88 } 89 90 PlatformCertificateInfo::PlatformCertificateInfo(const PlatformCertificateInfo& other) 91 { 92 for (size_t i = 0; i < other.m_certificateChain.size(); ++i) { 93 PCCERT_CONTEXT certificateContextCopy = ::CertDuplicateCertificateContext(other.m_certificateChain[i]); 94 m_certificateChain.append(certificateContextCopy); 95 } 96 } 97 98 PlatformCertificateInfo& PlatformCertificateInfo::operator=(const PlatformCertificateInfo& other) 99 { 100 clearCertificateChain(); 101 for (size_t i = 0; i < other.m_certificateChain.size(); ++i) { 102 PCCERT_CONTEXT certificateContextCopy = ::CertDuplicateCertificateContext(other.m_certificateChain[i]); 103 m_certificateChain.append(certificateContextCopy); 104 } 105 return *this; 106 } 107 108 void PlatformCertificateInfo::encode(CoreIPC::ArgumentEncoder* encoder) const 109 { 110 // Special case no certificates 111 if (m_certificateChain.isEmpty()) { 112 encoder->encodeUInt64(std::numeric_limits<uint64_t>::max()); 113 return; 114 } 115 116 uint64_t length = m_certificateChain.size(); 117 encoder->encodeUInt64(length); 118 119 for (size_t i = 0; i < length; ++i) 120 encoder->encodeBytes(static_cast<uint8_t*>(m_certificateChain[i]->pbCertEncoded), m_certificateChain[i]->cbCertEncoded); 121 } 122 123 bool PlatformCertificateInfo::decode(CoreIPC::ArgumentDecoder* decoder, PlatformCertificateInfo& c) 124 { 125 uint64_t length; 126 if (!decoder->decode(length)) 127 return false; 128 129 if (length == std::numeric_limits<uint64_t>::max()) { 130 // This is the no certificates case. 131 return true; 132 } 133 134 for (size_t i = 0; i < length; ++i) { 135 Vector<uint8_t> bytes; 136 if (!decoder->decodeBytes(bytes)) { 137 c.clearCertificateChain(); 138 return false; 139 } 140 141 PCCERT_CONTEXT certificateContext = ::CertCreateCertificateContext(PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, bytes.data(), bytes.size()); 142 if (!certificateContext) { 143 c.clearCertificateChain(); 144 return false; 145 } 146 147 c.m_certificateChain.append(certificateContext); 148 } 149 150 return true; 151 } 152 153 void PlatformCertificateInfo::clearCertificateChain() 154 { 155 for (size_t i = 0; i < m_certificateChain.size(); ++i) 156 ::CertFreeCertificateContext(m_certificateChain[i]); 157 m_certificateChain.clear(); 158 } 159 160 } // namespace WebKit 161
