#include "config.h"
#include "CurlSSLHandle.h"
#if USE(CURL)
#if USE(CF)
#if OS(WINDOWS)
#include "WebCoreBundleWin.h"
#endif
#include <wtf/RetainPtr.h>
#endif
namespace WebCore {
CurlSSLHandle::CurlSSLHandle()
: m_caCertPath(getCACertPathEnv())
{
char* ignoreSSLErrors = getenv("WEBKIT_IGNORE_SSL_ERRORS");
if (ignoreSSLErrors)
m_ignoreSSLErrors = true;
}
CString CurlSSLHandle::getCACertPathEnv()
{
char* envPath = getenv("CURL_CA_BUNDLE_PATH");
if (envPath)
return envPath;
#if USE(CF)
CFBundleRef webKitBundleRef = webKitBundle();
if (webKitBundleRef) {
RetainPtr<CFURLRef> certURLRef = adoptCF(CFBundleCopyResourceURL(webKitBundleRef, CFSTR("cacert"), CFSTR("pem"), CFSTR("certificates")));
if (certURLRef) {
char path[MAX_PATH];
CFURLGetFileSystemRepresentation(certURLRef.get(), false, reinterpret_cast<UInt8*>(path), MAX_PATH);
return path;
}
}
#endif
return CString();
}
void CurlSSLHandle::setHostAllowsAnyHTTPSCertificate(const String& hostName)
{
LockHolder mutex(m_mutex);
ListHashSet<String> certificates;
m_allowedHosts.set(hostName, certificates);
}
bool CurlSSLHandle::isAllowedHTTPSCertificateHost(const String& hostName)
{
LockHolder mutex(m_mutex);
auto it = m_allowedHosts.find(hostName);
return (it != m_allowedHosts.end());
}
bool CurlSSLHandle::canIgnoredHTTPSCertificate(const String& hostName, const ListHashSet<String>& certificates)
{
LockHolder mutex(m_mutex);
auto found = m_allowedHosts.find(hostName);
if (found == m_allowedHosts.end())
return false;
auto& value = found->value;
if (value.isEmpty()) {
value = certificates;
return true;
}
return std::equal(certificates.begin(), certificates.end(), value.begin());
}
void CurlSSLHandle::setClientCertificateInfo(const String& hostName, const String& certificate, const String& key)
{
LockHolder mutex(m_mutex);
ClientCertificate clientInfo(certificate, key);
m_allowedClientHosts.set(hostName, clientInfo);
}
std::optional<CurlSSLHandle::ClientCertificate> CurlSSLHandle::getSSLClientCertificate(const String& hostName)
{
LockHolder mutex(m_mutex);
auto it = m_allowedClientHosts.find(hostName);
if (it == m_allowedClientHosts.end())
return std::nullopt;
return it->value;
}
}
#endif