<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[243487] trunk</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/243487">243487</a></dd>
<dt>Author</dt> <dd>commit-queue@webkit.org</dd>
<dt>Date</dt> <dd>2019-03-25 23:12:55 -0700 (Mon, 25 Mar 2019)</dd>
</dl>

<h3>Log Message</h3>
<pre>Do not terminate the NetworkProcess if a third party application sends a NSCredential with a SecIdentityRef
https://bugs.webkit.org/show_bug.cgi?id=196213

Patch by Alex Christensen <achristensen@webkit.org> on 2019-03-25
Reviewed by Geoff Garen.

Source/WebKit:

A release assertion added in <a href="http://trac.webkit.org/projects/webkit/changeset/230225">r230225</a> was reachable.  I reached it in a unit test that responds to a challenge
with a SecIdentityRef wrapped in an NSCredential.

* Shared/cf/ArgumentCodersCF.cpp:
(IPC::decode):

Tools:

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm: Added.
(credentialWithIdentityAndKeychainPath):
(-[ChallengeDelegate webView:didFinishNavigation:]):
(-[ChallengeDelegate webView:didReceiveAuthenticationChallenge:completionHandler:]):
(TestWebKitAPI::TEST):</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceWebKitChangeLog">trunk/Source/WebKit/ChangeLog</a></li>
<li><a href="#trunkSourceWebKitSharedcfArgumentCodersCFcpp">trunk/Source/WebKit/Shared/cf/ArgumentCodersCF.cpp</a></li>
<li><a href="#trunkToolsChangeLog">trunk/Tools/ChangeLog</a></li>
<li><a href="#trunkToolsTestWebKitAPITestWebKitAPIxcodeprojprojectpbxproj">trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj</a></li>
</ul>

<h3>Added Paths</h3>
<ul>
<li><a href="#trunkToolsTestWebKitAPITestsWebKitCocoaChallengemm">trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceWebKitChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/ChangeLog (243486 => 243487)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/ChangeLog    2019-03-26 05:53:57 UTC (rev 243486)
+++ trunk/Source/WebKit/ChangeLog       2019-03-26 06:12:55 UTC (rev 243487)
</span><span class="lines">@@ -1,3 +1,16 @@
</span><ins>+2019-03-25  Alex Christensen  <achristensen@webkit.org>
+
+        Do not terminate the NetworkProcess if a third party application sends a NSCredential with a SecIdentityRef
+        https://bugs.webkit.org/show_bug.cgi?id=196213
+
+        Reviewed by Geoff Garen.
+
+        A release assertion added in r230225 was reachable.  I reached it in a unit test that responds to a challenge
+        with a SecIdentityRef wrapped in an NSCredential.
+
+        * Shared/cf/ArgumentCodersCF.cpp:
+        (IPC::decode):
+
</ins><span class="cx"> 2019-03-25  Chris Dumez  <cdumez@apple.com>
</span><span class="cx"> 
</span><span class="cx">         Regression(r242369) Trying to change profile picture on linked in shows file picker, not the image picker
</span></span></pre></div>
<a id="trunkSourceWebKitSharedcfArgumentCodersCFcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/Shared/cf/ArgumentCodersCF.cpp (243486 => 243487)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/Shared/cf/ArgumentCodersCF.cpp       2019-03-26 05:53:57 UTC (rev 243486)
+++ trunk/Source/WebKit/Shared/cf/ArgumentCodersCF.cpp  2019-03-26 06:12:55 UTC (rev 243487)
</span><span class="lines">@@ -697,10 +697,6 @@
</span><span class="cx"> 
</span><span class="cx"> bool decode(Decoder& decoder, RetainPtr<SecIdentityRef>& result)
</span><span class="cx"> {
</span><del>-#if PLATFORM(COCOA)
-    RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanAccessCredentials));
-#endif
-
</del><span class="cx">     RetainPtr<SecCertificateRef> certificate;
</span><span class="cx">     if (!decode(decoder, certificate))
</span><span class="cx">         return false;
</span><span class="lines">@@ -716,6 +712,11 @@
</span><span class="cx">     if (!decode(decoder, keyData))
</span><span class="cx">         return false;
</span><span class="cx"> 
</span><ins>+#if PLATFORM(COCOA)
+    if (!hasProcessPrivilege(ProcessPrivilege::CanAccessCredentials))
+        return true;
+#endif
+
</ins><span class="cx">     SecKeyRef key = nullptr;
</span><span class="cx"> #if PLATFORM(IOS_FAMILY)
</span><span class="cx">     if (secKeyRefDecodingAllowed)
</span></span></pre></div>
<a id="trunkToolsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Tools/ChangeLog (243486 => 243487)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/ChangeLog    2019-03-26 05:53:57 UTC (rev 243486)
+++ trunk/Tools/ChangeLog       2019-03-26 06:12:55 UTC (rev 243487)
</span><span class="lines">@@ -1,5 +1,19 @@
</span><span class="cx"> 2019-03-25  Alex Christensen  <achristensen@webkit.org>
</span><span class="cx"> 
</span><ins>+        Do not terminate the NetworkProcess if a third party application sends a NSCredential with a SecIdentityRef
+        https://bugs.webkit.org/show_bug.cgi?id=196213
+
+        Reviewed by Geoff Garen.
+
+        * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+        * TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm: Added.
+        (credentialWithIdentityAndKeychainPath):
+        (-[ChallengeDelegate webView:didFinishNavigation:]):
+        (-[ChallengeDelegate webView:didReceiveAuthenticationChallenge:completionHandler:]):
+        (TestWebKitAPI::TEST):
+
+2019-03-25  Alex Christensen  <achristensen@webkit.org>
+
</ins><span class="cx">         Expected shouldn't assume its contained types are copyable
</span><span class="cx">         https://bugs.webkit.org/show_bug.cgi?id=195986
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkToolsTestWebKitAPITestWebKitAPIxcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (243486 => 243487)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj        2019-03-26 05:53:57 UTC (rev 243486)
+++ trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj   2019-03-26 06:12:55 UTC (rev 243487)
</span><span class="lines">@@ -311,6 +311,7 @@
</span><span class="cx">          5C0BF8941DD599C900B00328 /* MenuTypesForMouseEvents.mm in Sources */ = {isa = PBXBuildFile; fileRef = 7A99D9931AD4A29D00373141 /* MenuTypesForMouseEvents.mm */; };
</span><span class="cx">          5C0BF8951DD599CD00B00328 /* NavigatorLanguage.mm in Sources */ = {isa = PBXBuildFile; fileRef = E19DB9781B32137C00DB38D4 /* NavigatorLanguage.mm */; };
</span><span class="cx">          5C19A5241FD0F60100EEA323 /* CookiePrivateBrowsing.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5C19A5231FD0F32600EEA323 /* CookiePrivateBrowsing.mm */; };
</span><ins>+               5C23DF0B2246015800F454B6 /* Challenge.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5C23DF0A2245C9D700F454B6 /* Challenge.mm */; };
</ins><span class="cx">           5C2936931D5BF70D00DEAB1E /* CookieAcceptPolicy.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5C2936911D5BF63E00DEAB1E /* CookieAcceptPolicy.mm */; };
</span><span class="cx">          5C2936961D5C00ED00DEAB1E /* CookieMessage.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 5C2936941D5BFD1900DEAB1E /* CookieMessage.html */; };
</span><span class="cx">          5C4A84951F7EEFFC00ACFC54 /* Configuration.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5C4A84941F7EEFD400ACFC54 /* Configuration.mm */; };
</span><span class="lines">@@ -1720,6 +1721,7 @@
</span><span class="cx">          5C0BF88C1DD5957400B00328 /* MemoryPressureHandler.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = MemoryPressureHandler.mm; sourceTree = "<group>"; };
</span><span class="cx">          5C0BF88F1DD5999B00B00328 /* WebViewCanPasteZeroPng.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WebViewCanPasteZeroPng.mm; sourceTree = "<group>"; };
</span><span class="cx">          5C19A5231FD0F32600EEA323 /* CookiePrivateBrowsing.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = CookiePrivateBrowsing.mm; sourceTree = "<group>"; };
</span><ins>+               5C23DF0A2245C9D700F454B6 /* Challenge.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = Challenge.mm; sourceTree = "<group>"; };
</ins><span class="cx">           5C2936911D5BF63E00DEAB1E /* CookieAcceptPolicy.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = CookieAcceptPolicy.mm; sourceTree = "<group>"; };
</span><span class="cx">          5C2936941D5BFD1900DEAB1E /* CookieMessage.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = CookieMessage.html; sourceTree = "<group>"; };
</span><span class="cx">          5C4A84941F7EEFD400ACFC54 /* Configuration.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = Configuration.mm; sourceTree = "<group>"; };
</span><span class="lines">@@ -2530,6 +2532,7 @@
</span><span class="cx">                          5C75715F221249BD00B9E5AC /* BundleRetainPagePlugIn.mm */,
</span><span class="cx">                          1C2B817E1C891E4200A5529F /* CancelFontSubresource.mm */,
</span><span class="cx">                          1C2B81811C891EFA00A5529F /* CancelFontSubresourcePlugIn.mm */,
</span><ins>+                               5C23DF0A2245C9D700F454B6 /* Challenge.mm */,
</ins><span class="cx">                           5CB18BA71F5645B200EE23C4 /* ClickAutoFillButton.mm */,
</span><span class="cx">                          CDF92236216D186400647AA7 /* CloseWebViewAfterEnterFullscreen.mm */,
</span><span class="cx">                          CDF0B789216D484300421ECC /* CloseWebViewDuringEnterFullscreen.mm */,
</span><span class="lines">@@ -4026,6 +4029,7 @@
</span><span class="cx">                          57303BCB2008376500355965 /* CBORReaderTest.cpp in Sources */,
</span><span class="cx">                          57303BC9200824D300355965 /* CBORValueTest.cpp in Sources */,
</span><span class="cx">                          57303BCA20082C0100355965 /* CBORWriterTest.cpp in Sources */,
</span><ins>+                               5C23DF0B2246015800F454B6 /* Challenge.mm in Sources */,
</ins><span class="cx">                           F44A531221B8990A00DBB99C /* ClassMethodSwizzler.mm in Sources */,
</span><span class="cx">                          7CCE7EE61A411AE600447C4C /* CloseFromWithinCreatePage.cpp in Sources */,
</span><span class="cx">                          7CCE7EB71A411A7E00447C4C /* CloseNewWindowInNavigationPolicyDelegate.mm in Sources */,
</span></span></pre></div>
<a id="trunkToolsTestWebKitAPITestsWebKitCocoaChallengemm"></a>
<div class="addfile"><h4>Added: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm (0 => 243487)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm                         (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm    2019-03-26 06:12:55 UTC (rev 243487)
</span><span class="lines">@@ -0,0 +1,252 @@
</span><ins>+/*
+ * Copyright (C) 2019 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+
+#import "PlatformUtilities.h"
+#import "TCPServer.h"
+#import "Test.h"
+#import "TestWKWebView.h"
+
+#if PLATFORM(MAC)
+
+static std::pair<RetainPtr<NSURLCredential>, RetainPtr<NSString>> credentialWithIdentityAndKeychainPath()
+{
+    // Certificate and private key were generated by running this command:
+    // openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
+    // and entering this information:
+    /*
+     Country Name (2 letter code) []:US
+     State or Province Name (full name) []:New Mexico
+     Locality Name (eg, city) []:Santa Fe
+     Organization Name (eg, company) []:Self
+     Organizational Unit Name (eg, section) []:Myself
+     Common Name (eg, fully qualified host name) []:Me
+     Email Address []:me@example.com
+     */
+    
+    NSString *pemEncodedCertificate = @""
+    "MIIFgDCCA2gCCQCKHiPRU5MQuDANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMC"
+    "VVMxEzARBgNVBAgMCk5ldyBNZXhpY28xETAPBgNVBAcMCFNhbnRhIEZlMQ0wCwYD"
+    "VQQKDARTZWxmMQ8wDQYDVQQLDAZNeXNlbGYxCzAJBgNVBAMMAk1lMR0wGwYJKoZI"
+    "hvcNAQkBFg5tZUBleGFtcGxlLmNvbTAeFw0xOTAzMjMwNTUwMTRaFw0yMDAzMjIw"
+    "NTUwMTRaMIGBMQswCQYDVQQGEwJVUzETMBEGA1UECAwKTmV3IE1leGljbzERMA8G"
+    "A1UEBwwIU2FudGEgRmUxDTALBgNVBAoMBFNlbGYxDzANBgNVBAsMBk15c2VsZjEL"
+    "MAkGA1UEAwwCTWUxHTAbBgkqhkiG9w0BCQEWDm1lQGV4YW1wbGUuY29tMIICIjAN"
+    "BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3rhN4SPg8VY/PtGDNKY3T9JISgby"
+    "8YGMJx0vO+YZFZm3G3fsTUsyvDyEHwqp5abCZRB/By1PwWkNrfxn/XP8P034JPlE"
+    "6irViuAYQrqUh6k7ZR8CpOM5GEcRZgAUJGGQwNlOkEwaHnMGc8SsHurgDPh5XBpg"
+    "bDytd7BJuB1NoI/KJmhcajkAuV3varS+uPLofPHNqe+cL8hNnjZQwHWarP45ks4e"
+    "BcOD7twqxuHnVm/FWErpY8Ws5s1MrPThUdDahjEMf+YfDJ9KL8y304yS8J8feCxY"
+    "fcH4BvgLtJmBNHJgj3eND/EMZjJgz2FsBjrJk8kKD31cw+4Wp8UF4skWXCf46+mN"
+    "OHp13PeSCZLyF4ZAHazUVknDPcc2YNrWVV1i6n3T15kI0T5Z7bstdmALuSkE2cuJ"
+    "SVNO6gR+ZsVRTneuQxwWTU0MNEhAPFOX2BhGP5eisgEUzknxMJddFDn9Wxklu1Jh"
+    "gkzASA/+3AmlrFZMPhOhjEul0zjgNR5RBl1G8Hz92LAx5UEDBtdLg71I+I8AzQOh"
+    "d6LtBekECxA16pSappg5vcW9Z/8N6ZlsHnZ2FztA0nCOflkoO9iejOpcuFN4EVYD"
+    "xItwctKw1LCeND/s4kmoRRnXbX7k9O6cI1UUWM595Gsu5tPa33M5AZFCav2gOVuY"
+    "djppS0HOfo5hv6cCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAY8EWaAFEfw7OV+oD"
+    "XUZSIYXq3EH2E5p3q38AhIOLRjBuB+utyu7Q6rxMMHuw2TtsN+zbAR7yrjfsseA3"
+    "4TM1xe4Nk7NVNHRoZQ+C0Iqf9fvcioMvT1tTrma0MhKSjFQpx+PvyLVbD7YdP86L"
+    "meehKqU7h1pLGAiGwjoaZ9Ybh6Kuq/MTAHy3D8+wk7B36VBxF6diVlUPZJZQWKJy"
+    "MKy9G3sze1ZGt9WeE0AMvkN2HIef0HTKCUZ3eBvecOMijxL0WhWo5Qyf5k6ylCaU"
+    "2fx+M8DfDcwFo7tSgLxSK3GCFpxPfiDt6Qk8c9tQn5S1gY3t6LJuwVCFwUIXlNkB"
+    "JD7+cZ1Z/tCrEhzj3YCk0uUU8CifoU+4FG+HGFP+SPztsYE055mSj3+Esh+oyoVB"
+    "gBH90sE2T1i0eNI8f61oSgwYFeHsf7fC71XEXLFR+GwNdmwqlmwlDZEpTu7BoNN+"
+    "q7+Tfk1MRkJlL1PH6Yu/IPhZiNh4tyIqDOtlYfzp577A+OUU+q5PPRFRIsqheOxt"
+    "mNlHx4Uzd4U3ITfmogJazjqwYO2viBZY4jUQmyZs75eH/jiUFHWRsha3AdnW5LWa"
+    "G3PFnYbW8urH0NSJG/W+/9DA+Y7Aa0cs4TPpuBGZ0NU1W94OoCMo4lkO6H/y6Leu"
+    "3vjZD3y9kZk7mre9XHwkI8MdK5s=";
+    
+    NSString *pemEncodedPrivateKey = @""
+    "MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDeuE3hI+DxVj8+"
+    "0YM0pjdP0khKBvLxgYwnHS875hkVmbcbd+xNSzK8PIQfCqnlpsJlEH8HLU/BaQ2t"
+    "/Gf9c/w/Tfgk+UTqKtWK4BhCupSHqTtlHwKk4zkYRxFmABQkYZDA2U6QTBoecwZz"
+    "xKwe6uAM+HlcGmBsPK13sEm4HU2gj8omaFxqOQC5Xe9qtL648uh88c2p75wvyE2e"
+    "NlDAdZqs/jmSzh4Fw4Pu3CrG4edWb8VYSuljxazmzUys9OFR0NqGMQx/5h8Mn0ov"
+    "zLfTjJLwnx94LFh9wfgG+Au0mYE0cmCPd40P8QxmMmDPYWwGOsmTyQoPfVzD7han"
+    "xQXiyRZcJ/jr6Y04enXc95IJkvIXhkAdrNRWScM9xzZg2tZVXWLqfdPXmQjRPlnt"
+    "uy12YAu5KQTZy4lJU07qBH5mxVFOd65DHBZNTQw0SEA8U5fYGEY/l6KyARTOSfEw"
+    "l10UOf1bGSW7UmGCTMBID/7cCaWsVkw+E6GMS6XTOOA1HlEGXUbwfP3YsDHlQQMG"
+    "10uDvUj4jwDNA6F3ou0F6QQLEDXqlJqmmDm9xb1n/w3pmWwednYXO0DScI5+WSg7"
+    "2J6M6ly4U3gRVgPEi3By0rDUsJ40P+ziSahFGddtfuT07pwjVRRYzn3kay7m09rf"
+    "czkBkUJq/aA5W5h2OmlLQc5+jmG/pwIDAQABAoICAGra/Cp/f0Xqvk9ST+Prt2/p"
+    "kNtLeDXclLSTcP0JCZHufQaFw+7VnFLpqe4GvLq9Bllcz8VOvQwrbe/CwNW+VxC8"
+    "RMjge2rqACgwGhOx1t87l46NkUQw7Ey0lCle8kr+MGgGGoZqrMFdKIRUoMv4nmQ6"
+    "tmc1FHv5pLRe9Q+Lp5nYQwGoYmZoUOueoOaOL08m49pGXQkiN8pJDMxSfO3Jvtsu"
+    "4cqIb6kOQ/dO1Is1CTvURld1IYLH7YuShi4ZEx2g2ac2Uyvt6YmxxvMmAjBSKpGd"
+    "loiepho3/NrDGUKdv3q9QYyzrA8w9GT32LDGqgBXJi1scBI8cExkp6P4iDllhv7s"
+    "vZsspvobRJa3O1zk863LHXa24JCnyuzimqezZ2Olh7l4olHoYD6UFC9jfd4KcHRg"
+    "1c4syqt/n8AK/1s1eBfS9dzb5Cfjt9MtKYslxvLzq1WwOINwz8rIYuRi0PcLm9hs"
+    "l+U0u/zB37eMgv6+iwDXk1fSjbuYsE/bETWYknKGNFFL5JSiKV7WCpmgNTTrrE4K"
+    "S8E6hR9uPOAaow7vPCCt4xLX/48l2EI6Zeq6qOpq1lJ2qcy8r4tyuQgNRLQMkZg1"
+    "AxQl6vnQ8Cu4iu+NIhef0y9Z7qkfNvZeCj5GlFB9c2YjV8Y2mdWfJB4qWK3Z/+MJ"
+    "QOTCKRz7/LxLNBUepRjJAoIBAQD3ZsV5tWU9ZSKcVJ9DC7TZk0P+lhcisZr0nL0t"
+    "PQuQO+pHvPI1MqRnNskHJhyPnqVCi+dp89tK/It590ULl8os6UC1FhytBPoT1YPd"
+    "WGWep2pOc7bVpi4ip31y+ImfgeZyJtMATdme3kBPAOe5NGE9Gig/l5nqLyb02sd1"
+    "QW7O0GdqLx3DpLw4SLlhMf6aE0uGRS8sfB085e4DGn54O2wEVuSZqZl5NNEf35Rz"
+    "Xgim3h+RWF1ZFSQzjB/smN0Zh+v3Iz7vEJ1h0ywV6o+GzvHkP9HE6gLIhtyV8OEw"
+    "vlyYk1Ga7pUVGRh8o8OMe6RR9DQi7JqC4eI7GckmBzaqzJcDAoIBAQDmde6ATew3"
+    "H9bQK6xnbMIncz/COpIISdlcFb23AHGEb4b4VhJFBNwxrNL6tHKSFLeYZFLhTdhx"
+    "PfXyULHNf5ozdEkl0WrleroDdogbCyWg5uJp9/Q68sbwbGr8CAlO7ZHYTrjuQf1K"
+    "AS9pCm77KP3k2d3UlG+pelDjXLoBziXq0NjxJpMz45vrIx8rSWzFNjMGjXT3fXaS"
+    "962k/0AXei5/bfuhBxlm7Pni0bQJIWFkeaUuGlrOaHDRxUiX1r9IZS9wv5lk1Ptg"
+    "idpbcWyw18cFGTvjdKhRbZH8EsbmzmNNsCGdgCMqFkKYsW16QKoCj/NAovI3n0qn"
+    "6VoRa0sGmTGNAoIBACl/mqZEsBuxSDHy29gSMZ7BXglpQa43HmfjlrPs5nCmLDEm"
+    "V3Zm7T7G6MeDNA0/LjdQYlvaZLFaVUb7HCDKsEYCRjFZ6St4hz4mdXz+Y+VN7b4F"
+    "GOkTe++iKp/LYsJXtsD1FDWb2WIVo7Hc1AGz8I+gQJoSIuYuTJmLzSM0+5JDUOV1"
+    "y8dSbaP/RuEv0qYjkGqQVk5e70SUyOzKV+ZxCThdHvFLiovTOTTgevUzE75xydfG"
+    "e7oCmtTurzgvl/69Vu5Ygij1n4CWPHHcq4CQW/DOZ7BhFGBwhrW79voHJF8PbwPO"
+    "+0DTudDGY3nAD5sTnF8zUuObYihJtfzj/t59fOMCggEBAIYuuBUASb62zQ4bv5/g"
+    "VRM/KSpfi9NDnEjfZ7x7h5zCiuVgx/ZjpAlQRO8vzV18roEOOKtx9cnJd8AEd+Hc"
+    "n93BoS1hx0mhsVh+1TRZwyjyBXYJpqwD2wz1Mz1XOIQ6EqbM/yPKTD2gfwg7yO53"
+    "qYxrxZsWagVVcG9Q+ARBERatTwLpoN+fcJLxuh4r/Ca/LepsxmOrKzTa/MGK1LhW"
+    "rWgIk2/ogEPLSptj2d1PEDO+GAzFz4VKjhW1NlUh9fGi6IJPLHLnBw3odbi0S8KT"
+    "gA9Z5+LBc5clotAP5rtQA8Wh/ZCEoPTKTTA2bjW2HMatJcbGmR0FpCQr3AM0Y1SO"
+    "MakCggEALru6QZ6YUwJJG45H1eq/rPdDY8tqqjJVViKoBVvzKj/XfJZYEVQiIw5p"
+    "uoGhDoyFuFUeIh/d1Jc2Iruy2WjoOkiQYtIugDHHxRrkLdQcjPhlCTCE/mmySJt+"
+    "bkUbiHIbQ8dJ5yj8SKr0bHzqEtOy9/JeRjkYGHC6bVWpq5FA2MBhf4dNjJ4UDlnT"
+    "vuePcTjr7nnfY1sztvfVl9D8dmgT+TBnOOV6yWj1gm5bS1DxQSLgNmtKxJ8tAh2u"
+    "dEObvcpShP22ItOVjSampRuAuRG26ZemEbGCI3J6Mqx3y6m+6HwultsgtdzDgrFe"
+    "qJfU8bbdbu2pi47Y4FdJK0HLffl5Rw==";
+    
+    NSData *derEncodedCertificate = [[[NSData alloc] initWithBase64EncodedString:pemEncodedCertificate options:0] autorelease];
+    RetainPtr<SecCertificateRef> certificate = adoptCF(SecCertificateCreateWithData(nullptr, (__bridge CFDataRef)derEncodedCertificate));
+    
+    NSData *derEncodedPrivateKey = [[[NSData alloc] initWithBase64EncodedString:pemEncodedPrivateKey options:0] autorelease];
+    NSDictionary* options = @{
+        (id)kSecAttrKeyType: (id)kSecAttrKeyTypeRSA,
+        (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate,
+        (id)kSecAttrKeySizeInBits: @4096,
+    };
+    const NSUInteger pemEncodedPrivateKeyHeaderLength = 26;
+    CFErrorRef error = nullptr;
+    RetainPtr<SecKeyRef> privateKey = adoptCF(SecKeyCreateWithData((__bridge CFDataRef)[derEncodedPrivateKey subdataWithRange:NSMakeRange(pemEncodedPrivateKeyHeaderLength, derEncodedPrivateKey.length - pemEncodedPrivateKeyHeaderLength)], (__bridge CFDictionaryRef)options, &error));
+    EXPECT_NULL(error);
+    EXPECT_NOT_NULL(privateKey.get());
+
+    SecKeychainRef keychainRef = nullptr;
+    const char* keychainPassword = "testpassword";
+    NSString *keychainPath = [NSTemporaryDirectory() stringByAppendingPathComponent:@"TestKeychain"];
+    OSStatus status = SecKeychainCreate([keychainPath UTF8String], strlen(keychainPassword), keychainPassword, NO, nullptr, &keychainRef);
+    EXPECT_TRUE(status == errSecSuccess);
+    RetainPtr<SecKeychainRef> keychain = adoptCF(keychainRef);
+    EXPECT_NOT_NULL(keychain);
+
+    SecExternalItemType type = kSecItemTypePrivateKey;
+    status = SecItemImport((__bridge CFDataRef)derEncodedPrivateKey, nullptr, nullptr, &type, 0, nullptr, keychain.get(), nullptr);
+    EXPECT_TRUE(status == errSecSuccess);
+
+    SecIdentityRef identityRef = nullptr;
+    status = SecIdentityCreateWithCertificate(keychain.get(), certificate.get(), &identityRef);
+    EXPECT_NOT_NULL(identityRef);
+    EXPECT_TRUE(status == errSecSuccess);
+    RetainPtr<SecIdentityRef> identity = adoptCF(identityRef);
+    
+    return {
+        [NSURLCredential credentialWithIdentity:identity.get() certificates:@[(id)certificate.get()] persistence:NSURLCredentialPersistenceNone],
+        keychainPath
+    };
+}
+
+static bool navigationFinished;
+static RetainPtr<NSString> keychainPath;
+
+@interface ChallengeDelegate : NSObject <WKNavigationDelegate>
+@end
+
+@implementation ChallengeDelegate
+
+- (void)webView:(WKWebView *)webView didFinishNavigation:(null_unspecified WKNavigation *)navigation
+{
+    navigationFinished = true;
+}
+
+- (void)webView:(WKWebView *)webView didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential *))completionHandler
+{
+    NSURLProtectionSpace *protectionSpace = challenge.protectionSpace;
+    EXPECT_NULL(challenge.proposedCredential);
+    EXPECT_EQ(challenge.previousFailureCount, 0);
+    EXPECT_TRUE([protectionSpace.realm isEqualToString:@"testrealm"]);
+    EXPECT_FALSE(protectionSpace.receivesCredentialSecurely);
+    EXPECT_FALSE(protectionSpace.isProxy);
+    EXPECT_TRUE([protectionSpace.host isEqualToString:@"127.0.0.1"]);
+    EXPECT_NULL(protectionSpace.proxyType);
+    EXPECT_TRUE([protectionSpace.protocol isEqualToString:NSURLProtectionSpaceHTTP]);
+    EXPECT_TRUE([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic]);
+    EXPECT_EQ([(NSHTTPURLResponse *)challenge.failureResponse statusCode], 401);
+
+    auto pair = credentialWithIdentityAndKeychainPath();
+    completionHandler(NSURLSessionAuthChallengeUseCredential, pair.first.get());
+    keychainPath = WTFMove(pair.second);
+}
+
+@end
+
+namespace TestWebKitAPI {
+
+TEST(Challenge, SecIdentity)
+{
+    TCPServer server([] (auto socket) {
+        char readBuffer[1000];
+        auto bytesRead = ::read(socket, readBuffer, sizeof(readBuffer));
+        EXPECT_GT(bytesRead, 0);
+        EXPECT_TRUE(static_cast<size_t>(bytesRead) < sizeof(readBuffer));
+        
+        const char* challengeHeader =
+        "HTTP/1.1 401 Unauthorized\r\n"
+        "Date: Sat, 23 Mar 2019 06:29:01 GMT\r\n"
+        "Content-Length: 0\r\n"
+        "WWW-Authenticate: Basic realm=\"testrealm\"\r\n\r\n";
+        auto bytesWritten = ::write(socket, challengeHeader, strlen(challengeHeader));
+        EXPECT_EQ(static_cast<size_t>(bytesWritten), strlen(challengeHeader));
+        
+        bytesRead = ::read(socket, readBuffer, sizeof(readBuffer));
+        EXPECT_GT(bytesRead, 0);
+        EXPECT_TRUE(static_cast<size_t>(bytesRead) < sizeof(readBuffer));
+        
+        const char* responseHeader =
+        "HTTP/1.1 200 OK\r\n"
+        "Content-Length: 13\r\n\r\n"
+        "Hello, World!";
+        bytesWritten = ::write(socket, responseHeader, strlen(responseHeader));
+        EXPECT_EQ(static_cast<size_t>(bytesWritten), strlen(responseHeader));
+    });
+
+    auto webView = adoptNS([WKWebView new]);
+    auto delegate = adoptNS([ChallengeDelegate new]);
+    [webView setNavigationDelegate:delegate.get()];
+    [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:[NSString stringWithFormat:@"http://127.0.0.1:%d/", server.port()]]]];
+
+    Util::run(&navigationFinished);
+    
+    EXPECT_NOT_NULL(keychainPath.get());
+    NSError *error = nil;
+    [[NSFileManager defaultManager] removeItemAtPath:keychainPath.get() error:&error];
+    EXPECT_NULL(error);
+}
+
+} // namespace TestWebKitAPI
+
+#endif
</ins></span></pre>
</div>
</div>

</body>
</html>