246379 – REGRESSION(255206@main): [curl] WKProtectionSpaceCopyCertificateInfo is defunct

Bug 246379 - REGRESSION(255206@main): [curl] WKProtectionSpaceCopyCertificateInfo is defunct

Summary: REGRESSION(255206@main): [curl] WKProtectionSpaceCopyCertificateInfo is defunct

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Page Loading (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Fujii Hironori

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2022-10-11 18:44 PDT by Fujii Hironori
Modified:	2022-10-13 14:23 PDT (History)
CC List:	8 users (show)

See Also:

Attachments
Patch (13.14 KB, patch) 2022-10-11 22:43 PDT, Fujii Hironori	ews-feeder: commit-queue-	Details \| Formatted Diff \| Diff
Patch (23.86 KB, patch) 2022-10-11 23:51 PDT, Fujii Hironori	no flags	Details \| Formatted Diff \| Diff
Patch (17.13 KB, patch) 2022-10-11 23:55 PDT, Fujii Hironori	no flags	Details \| Formatted Diff \| Diff
Patch (7.24 KB, patch) 2022-10-12 14:12 PDT, Fujii Hironori	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Fujii Hironori 2022-10-11 18:44:11 PDT

[WinCairo WK2 MiniBrowser] crashing in bad cert site

1. Start WinCairo WK2 MiniBrowser
2. Go to https://badssl.com/
3. Click "expired"
4. Crash

> WebKit2.dll!WTF::RawPtrTraits<WTF::StringImpl>::unwrap(WTF::StringImpl * const & ptr) Line 44	C++
> WebKit2.dll!WTF::RefPtr<WTF::StringImpl,WTF::RawPtrTraits<WTF::StringImpl>,WTF::DefaultRefDerefTraits<WTF::StringImpl>>::get() Line 76	C++
> WebKit2.dll!WTF::String::impl() Line 115	C++
> WebKit2.dll!WTF::StringView::StringView(const WTF::String & string) Line 410	C++
> WebKit2.dll!API::String::stringView() Line 54	C++
> WebKit2.dll!WKStringGetLength(const OpaqueWKString * stringRef) Line 53	C++
> MiniBrowserLib.dll!createString(const OpaqueWKString * wkString) Line 33	C++
> MiniBrowserLib.dll!WebKitBrowserWindow::canTrustServerCertificate(const OpaqueWKProtectionSpace * protectionSpace) Line 482	C++
> MiniBrowserLib.dll!WebKitBrowserWindow::didReceiveAuthenticationChallenge(const OpaqueWKPage * page, const OpaqueWKAuthenticationChallenge * challenge, const void * clientInfo) Line 455	C++
> WebKit2.dll!`WKPageSetPageNavigationClient'::`2'::NavigationClient::didReceiveAuthenticationChallenge(WebKit::WebPageProxy & page, WebKit::AuthenticationChallengeProxy & authenticationChallenge) Line 2297	C++
> WebKit2.dll!WebKit::WebPageProxy::didReceiveAuthenticationChallengeProxy(WTF::Ref<WebKit::AuthenticationChallengeProxy,WTF::RawPtrTraits<WebKit::AuthenticationChallengeProxy>> && authenticationChallenge, WebKit::NegotiatedLegacyTLS negotiatedLegacyTLS) Line 8818	C++
> WebKit2.dll!WebKit::NetworkProcessProxy::didReceiveAuthenticationChallenge(PAL::SessionID sessionID, WTF::ObjectIdentifier<enum WebKit::WebPageProxyIdentifierType> pageID, const std::optional<WebCore::SecurityOriginData> & topOrigin, WebCore::AuthenticationChallenge && coreChallenge, bool negotiatedLegacyTLS, WTF::ObjectIdentifier<enum WebKit::AuthenticationChallengeIdentifierType> challengeID) Line 512	C++
> WebKit2.dll!IPC::callMemberFunctionImpl<WebKit::NetworkProcessProxy,void (__cdecl WebKit::NetworkProcessProxy::*)(PAL::SessionID,WTF::ObjectIdentifier<enum WebKit::WebPageProxyIdentifierType>,std::optional<WebCore::SecurityOriginData> const &,WebCore::AuthenticationChallenge &&,bool,WTF::ObjectIdentifier<enum WebKit::AuthenticationChallengeIdentifierType>),std::tuple<PAL::SessionID,WTF::ObjectIdentifier<enum WebKit::WebPageProxyIdentifierType>,std::optional<WebCore::SecurityOriginData>,WebCore::AuthenticationChallenge,bool,WTF::ObjectIdentifier<enum WebKit::AuthenticationChallengeIdentifierType>>,0,1,2,3,4,5>(WebKit::NetworkProcessProxy * object, void(WebKit::NetworkProcessProxy::*)(PAL::SessionID, WTF::ObjectIdentifier<enum WebKit::WebPageProxyIdentifierType>, const std::optional<WebCore::SecurityOriginData> &, WebCore::AuthenticationChallenge &&, bool, WTF::ObjectIdentifier<enum WebKit::AuthenticationChallengeIdentifierType>) function, std::tuple<PAL::SessionID,WTF::ObjectIdentifier<enum WebKit::WebPageProxyIdentifierType>,std::optional<WebCore::SecurityOriginData>,WebCore::AuthenticationChallenge,bool,WTF::ObjectIdentifier<enum WebKit::AuthenticationChallengeIdentifierType>> && args, std::integer_sequence<unsigned __int64,0,1,2,3,4,5> __formal) Line 132	C++
> WebKit2.dll!IPC::callMemberFunction<WebKit::NetworkProcessProxy,void (__cdecl WebKit::NetworkProcessProxy::*)(PAL::SessionID,WTF::ObjectIdentifier<enum WebKit::WebPageProxyIdentifierType>,std::optional<WebCore::SecurityOriginData> const &,WebCore::AuthenticationChallenge &&,bool,WTF::ObjectIdentifier<enum WebKit::AuthenticationChallengeIdentifierType>),std::tuple<PAL::SessionID,WTF::ObjectIdentifier<enum WebKit::WebPageProxyIdentifierType>,std::optional<WebCore::SecurityOriginData>,WebCore::AuthenticationChallenge,bool,WTF::ObjectIdentifier<enum WebKit::AuthenticationChallengeIdentifierType>>,std::integer_sequence<unsigned __int64,0,1,2,3,4,5>>(std::tuple<PAL::SessionID,WTF::ObjectIdentifier<enum WebKit::WebPageProxyIdentifierType>,std::optional<WebCore::SecurityOriginData>,WebCore::AuthenticationChallenge,bool,WTF::ObjectIdentifier<enum WebKit::AuthenticationChallengeIdentifierType>> && args, WebKit::NetworkProcessProxy * object, void(WebKit::NetworkProcessProxy::*)(PAL::SessionID, WTF::ObjectIdentifier<enum WebKit::WebPageProxyIdentifierType>, const std::optional<WebCore::SecurityOriginData> &, WebCore::AuthenticationChallenge &&, bool, WTF::ObjectIdentifier<enum WebKit::AuthenticationChallengeIdentifierType>) function) Line 138	C++
> WebKit2.dll!IPC::handleMessage<Messages::NetworkProcessProxy::DidReceiveAuthenticationChallenge,WebKit::NetworkProcessProxy,void (__cdecl WebKit::NetworkProcessProxy::*)(PAL::SessionID,WTF::ObjectIdentifier<enum WebKit::WebPageProxyIdentifierType>,std::optional<WebCore::SecurityOriginData> const &,WebCore::AuthenticationChallenge &&,bool,WTF::ObjectIdentifier<enum WebKit::AuthenticationChallengeIdentifierType>)>(IPC::Connection & connection, IPC::Decoder & decoder, WebKit::NetworkProcessProxy * object, void(WebKit::NetworkProcessProxy::*)(PAL::SessionID, WTF::ObjectIdentifier<enum WebKit::WebPageProxyIdentifierType>, const std::optional<WebCore::SecurityOriginData> &, WebCore::AuthenticationChallenge &&, bool, WTF::ObjectIdentifier<enum WebKit::AuthenticationChallengeIdentifierType>) function) Line 260	C++
> WebKit2.dll!WebKit::NetworkProcessProxy::didReceiveNetworkProcessProxyMessage(IPC::Connection & connection, IPC::Decoder & decoder) Line 344	C++
> WebKit2.dll!WebKit::NetworkProcessProxy::didReceiveMessage(IPC::Connection & connection, IPC::Decoder & decoder) Line 451	C++
> WebKit2.dll!IPC::Connection::dispatchMessage(IPC::Decoder & decoder) Line 1158	C++
> WebKit2.dll!IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder,std::default_delete<IPC::Decoder>> message) Line 1204	C++
> WebKit2.dll!IPC::Connection::dispatchOneIncomingMessage() Line 1272	C++
> WebKit2.dll!IPC::Connection::enqueueIncomingMessage::__l2::<lambda_1>::operator()() Line 1121	C++
> WebKit2.dll!WTF::Detail::CallableWrapper<`IPC::Connection::enqueueIncomingMessage'::`2'::<lambda_1>,void>::call() Line 53	C++
> WTF.dll!WTF::Function<void __cdecl(void)>::operator()() Line 83	C++
> WTF.dll!WTF::RunLoop::performWork() Line 147	C++
> WTF.dll!WTF::RunLoop::wndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 57	C++
> WTF.dll!WTF::RunLoop::RunLoopWndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 39	C++
> [External Code]	
> MiniBrowserLib.dll!wWinMain(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpstrCmdLine, int nCmdShow) Line 120	C++
> MiniBrowserLib.dll!dllLauncherEntryPoint(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpstrCmdLine, int nCmdShow) Line 140	C++
> MiniBrowser.exe!wWinMain(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpstrCmdLine, int nCmdShow) Line 225	C++
> [External Code]	

WKProtectionSpaceCopyCertificateInfo returned nullptr.

Comment 1 Fujii Hironori 2022-10-11 18:58:41 PDT

Since 255206@main (bug#245997)

Comment 2 Fujii Hironori 2022-10-11 22:43:46 PDT

Created attachment 462932 [details]
Patch

Comment 3 Fujii Hironori 2022-10-11 23:51:05 PDT

Created attachment 462934 [details]
Patch

Comment 4 Fujii Hironori 2022-10-11 23:55:06 PDT

Created attachment 462935 [details]
Patch

Comment 5 Darin Adler 2022-10-12 09:30:19 PDT

Comment on attachment 462935 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=462935&action=review

> COMMIT_MESSAGE:8
> +255206@main deprecated WKProtectionSpaceCopyCertificateInfo API and
> +WKCertificateInfoRef. But, WinCairo and PlayStation ports are using
> +it. Reverted the part of the change.

Can we find a way to preserve deprecation warnings for uses of these on Apple ports? This is quite valuable to the Apple WebKit team. I suggest we create a variant of WK_C_API_DEPRECATED for cases like this where we want this on some ports but not others. Maybe a "Windows-only" version, or a "non-Apple-ports-only" version, depending on what people maintaining other ports want.

Comment 6 Alex Christensen 2022-10-12 09:36:20 PDT

Comment on attachment 462935 [details]
Patch

Rather than re-introduce the abstraction of WebCertificateInfo, let's add a function like this instead:
WKArrayRef WKProtectionSpaceCopyCertificateChain(WKProtectionSpaceRef protectionSpace);

Comment 7 Alex Christensen 2022-10-12 12:10:29 PDT

Something like this.  I haven't gotten it compiling and it has a small piece that still needs implementing, but I think this is a better design:

diff --git a/Source/WebKit/UIProcess/API/C/curl/WKProtectionSpaceCurl.cpp b/Source/WebKit/UIProcess/API/C/curl/WKProtectionSpaceCurl.cpp
index 03ae616a37c6..18e795cf5573 100644
--- a/Source/WebKit/UIProcess/API/C/curl/WKProtectionSpaceCurl.cpp
+++ b/Source/WebKit/UIProcess/API/C/curl/WKProtectionSpaceCurl.cpp
@@ -36,3 +36,22 @@ WKCertificateInfoRef WKProtectionSpaceCopyCertificateInfo(WKProtectionSpaceRef p
 {
     return nullptr;
 }
+
+WKArrayRef WKProtectionSpaceCopyCertificateChain(WKProtectionSpaceRef protectionSpace)
+{
+    auto& certificateInfo = toImpl(protectionSpaceRef)->protectionSpace().certificateInfo();
+    (void)certificateInfo; // FIXME: Get the data of each certificate here.
+    return nullptr;
+}
+
+int WKProtectionSpaceGetCertificateVerificationError(WKProtectionSpaceRef protectionSpace)
+{
+    auto& certificateInfo = toImpl(protectionSpaceRef)->protectionSpace().certificateInfo();
+    return certificateInfo.verificationError();
+}
+
+WK_EXPORT WKStringRef WKProtectionSpaceCopyCertificateVerificationErrorDescription(WKProtectionSpaceRef protectionSpace)
+{
+    auto& certificateInfo = toImpl(protectionSpaceRef)->protectionSpace().certificateInfo();
+    return WebKit::toCopiedAPI(certificateInfo.verificationErrorDescription());
+}
diff --git a/Source/WebKit/UIProcess/API/C/curl/WKProtectionSpaceCurl.h b/Source/WebKit/UIProcess/API/C/curl/WKProtectionSpaceCurl.h
index 3161fc290cdf..c7d88217a738 100644
--- a/Source/WebKit/UIProcess/API/C/curl/WKProtectionSpaceCurl.h
+++ b/Source/WebKit/UIProcess/API/C/curl/WKProtectionSpaceCurl.h
@@ -33,6 +33,9 @@ extern "C" {
 #endif
 
 WK_EXPORT WKCertificateInfoRef WKProtectionSpaceCopyCertificateInfo(WKProtectionSpaceRef) WK_C_API_DEPRECATED;
+WK_EXPORT WKArrayRef WKProtectionSpaceCopyCertificateChain(WKProtectionSpaceRef protectionSpace);
+WK_EXPORT int WKProtectionSpaceGetCertificateVerificationError(WKProtectionSpaceRef protectionSpace);
+WK_EXPORT WKStringRef WKProtectionSpaceCopyCertificateVerificationErrorDescription(WKProtectionSpaceRef protectionSpace);
 
 #ifdef __cplusplus
 }
diff --git a/Tools/MiniBrowser/win/WebKitBrowserWindow.cpp b/Tools/MiniBrowser/win/WebKitBrowserWindow.cpp
index 50565a2e540a..c312d116ec97 100644
--- a/Tools/MiniBrowser/win/WebKitBrowserWindow.cpp
+++ b/Tools/MiniBrowser/win/WebKitBrowserWindow.cpp
@@ -61,16 +61,16 @@ std::string createUTF8String(const wchar_t* src, size_t srcLength)
     return { buffer.data(), actualLength };
 }
 
-std::wstring createPEMString(WKCertificateInfoRef certificateInfo)
+std::wstring createPEMString(WKProtectionSpaceRef protectionSpace)
 {
-    auto chainSize = WKCertificateInfoGetCertificateChainSize(certificateInfo);
+    auto chain = adoptWK(WKProtectionSpaceCopyCertificateChain(protectionSpace));
 
     std::wstring pems;
 
-    for (auto i = 0; i < chainSize; i++) {
-        auto certificate = adoptWK(WKCertificateInfoCopyCertificateAtIndex(certificateInfo, i));
-        auto size = WKDataGetSize(certificate.get());
-        auto data = WKDataGetBytes(certificate.get());
+    for (auto i = 0; i < WKArrayGetSize(chain.get()); i++) {
+        auto certificate = WKArrayGetItemAtIndex(chain.get(), i);
+        auto size = WKDataGetSize(certificate);
+        auto data = WKDataGetBytes(certificate);
 
         for (size_t i = 0; i < size; i++)
             pems.push_back(data[i]);
@@ -477,9 +477,9 @@ void WebKitBrowserWindow::didReceiveAuthenticationChallenge(WKPageRef page, WKAu
 bool WebKitBrowserWindow::canTrustServerCertificate(WKProtectionSpaceRef protectionSpace)
 {
     auto host = createString(adoptWK(WKProtectionSpaceCopyHost(protectionSpace)).get());
-    auto certificateInfo = adoptWK(WKProtectionSpaceCopyCertificateInfo(protectionSpace));
-    auto verificationError = WKCertificateInfoGetVerificationError(certificateInfo.get());
-    auto description = createString(adoptWK(WKCertificateInfoCopyVerificationErrorDescription(certificateInfo.get())).get());
+    auto verificationError = WKProtectionSpaceGetCertificateVerificationError(protectionSpace);
+    auto verificationError = WKProtectionSpaceCopyCertificateVerificationErrorDescription(protectionSpace);
+    auto description = createString(adoptWK(WKProtectionSpaceCopyCertificateVerificationErrorDescription(protectionSpace)).get());
     auto pem = createPEMString(certificateInfo.get());
 
     auto it = m_acceptedServerTrustCerts.find(host);

Comment 8 Fujii Hironori 2022-10-12 14:12:42 PDT

Created attachment 462947 [details]
Patch

Comment 9 Alex Christensen 2022-10-13 13:54:45 PDT

Thanks!  This is closer to the API shape of certificate chains on other platforms.

Comment 10 EWS 2022-10-13 14:22:43 PDT

Committed 255505@main (9fa349553d3f): <https://commits.webkit.org/255505@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 462947 [details].

Comment 11 Radar WebKit Bug Importer 2022-10-13 14:23:19 PDT

<rdar://problem/101143266>