Remove WebCoreSystemInterface
[WebKit-https.git] / Source / WebCore / platform / network / mac / ResourceHandleMac.mm
1 /*
2  * Copyright (C) 2004-2017 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #import "config.h"
27 #import "ResourceHandleInternal.h"
28
29 #import "AuthenticationChallenge.h"
30 #import "AuthenticationMac.h"
31 #import "CachedResourceLoader.h"
32 #import "CookieStorage.h"
33 #import "CredentialStorage.h"
34 #import "FormDataStreamMac.h"
35 #import "Frame.h"
36 #import "FrameLoader.h"
37 #import "HTTPHeaderNames.h"
38 #import "Logging.h"
39 #import "MIMETypeRegistry.h"
40 #import "NetworkStorageSession.h"
41 #import "NetworkingContext.h"
42 #import "ResourceError.h"
43 #import "ResourceResponse.h"
44 #import "SharedBuffer.h"
45 #import "SubresourceLoader.h"
46 #import "SynchronousLoaderClient.h"
47 #import "WebCoreResourceHandleAsDelegate.h"
48 #import "WebCoreResourceHandleAsOperationQueueDelegate.h"
49 #import "WebCoreURLResponse.h"
50 #import <pal/spi/cf/CFNetworkSPI.h>
51 #import <pal/spi/cocoa/NSURLConnectionSPI.h>
52 #import <wtf/BlockObjCExceptions.h>
53 #import <wtf/Ref.h>
54 #import <wtf/SchedulePair.h>
55 #import <wtf/text/Base64.h>
56 #import <wtf/text/CString.h>
57
58 #if USE(CFURLCONNECTION)
59 #if USE(APPLE_INTERNAL_SDK)
60 #import <CFNetwork/CFURLConnectionPriv.h>
61 #endif
62 typedef struct _CFURLConnection* CFURLConnectionRef;
63 extern "C" {
64 CFDictionaryRef _CFURLConnectionCopyTimingData(CFURLConnectionRef);
65 }
66 #endif // USE(CFURLCONNECTION)
67
68 #if PLATFORM(IOS)
69 #import "RuntimeApplicationChecks.h"
70 #import "WebCoreThreadRun.h"
71 #endif
72
73 using namespace WebCore;
74
75 @interface NSURLConnection ()
76 -(id)_initWithRequest:(NSURLRequest *)request delegate:(id)delegate usesCache:(BOOL)usesCacheFlag maxContentLength:(long long)maxContentLength startImmediately:(BOOL)startImmediately connectionProperties:(NSDictionary *)connectionProperties;
77 @end
78
79 namespace WebCore {
80     
81 #if !USE(CFURLCONNECTION)
82     
83 static void applyBasicAuthorizationHeader(ResourceRequest& request, const Credential& credential)
84 {
85     String authenticationHeader = "Basic " + base64Encode(String(credential.user() + ":" + credential.password()).utf8());
86
87     request.setHTTPHeaderField(HTTPHeaderName::Authorization, authenticationHeader);
88 }
89
90 static NSOperationQueue *operationQueueForAsyncClients()
91 {
92     static NSOperationQueue *queue;
93     if (!queue) {
94         queue = [[NSOperationQueue alloc] init];
95         // Default concurrent operation count depends on current system workload, but delegate methods are mostly idling in IPC, so we can run as many as needed.
96         [queue setMaxConcurrentOperationCount:NSOperationQueueDefaultMaxConcurrentOperationCount];
97     }
98     return queue;
99 }
100
101 ResourceHandleInternal::~ResourceHandleInternal()
102 {
103 }
104
105 ResourceHandle::~ResourceHandle()
106 {
107     releaseDelegate();
108     d->m_currentWebChallenge.setAuthenticationClient(0);
109
110     LOG(Network, "Handle %p destroyed", this);
111 }
112
113 #if PLATFORM(IOS)
114 static bool synchronousWillSendRequestEnabled()
115 {
116 #if PLATFORM(IOS)
117     static bool disabled = [[NSUserDefaults standardUserDefaults] boolForKey:@"WebKitDisableSynchronousWillSendRequestPreferenceKey"] || IOSApplication::isIBooks();
118 #else
119     static bool disabled = [[NSUserDefaults standardUserDefaults] boolForKey:@"WebKitDisableSynchronousWillSendRequestPreferenceKey"];
120 #endif
121
122     return !disabled;
123 }
124 #endif
125
126 #if !PLATFORM(IOS)
127 void ResourceHandle::createNSURLConnection(id delegate, bool shouldUseCredentialStorage, bool shouldContentSniff, SchedulingBehavior schedulingBehavior)
128 #else
129 void ResourceHandle::createNSURLConnection(id delegate, bool shouldUseCredentialStorage, bool shouldContentSniff, SchedulingBehavior schedulingBehavior, NSDictionary *connectionProperties)
130 #endif
131 {
132 #if !HAVE(TIMINGDATAOPTIONS)
133     setCollectsTimingData();
134 #endif
135
136     // Credentials for ftp can only be passed in URL, the connection:didReceiveAuthenticationChallenge: delegate call won't be made.
137     if ((!d->m_user.isEmpty() || !d->m_pass.isEmpty()) && !firstRequest().url().protocolIsInHTTPFamily()) {
138         URL urlWithCredentials(firstRequest().url());
139         urlWithCredentials.setUser(d->m_user);
140         urlWithCredentials.setPass(d->m_pass);
141         firstRequest().setURL(urlWithCredentials);
142     }
143
144     if (shouldUseCredentialStorage && firstRequest().url().protocolIsInHTTPFamily()) {
145         if (d->m_user.isEmpty() && d->m_pass.isEmpty()) {
146             // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, 
147             // try and reuse the credential preemptively, as allowed by RFC 2617.
148             d->m_initialCredential = d->m_context->storageSession().credentialStorage().get(firstRequest().cachePartition(), firstRequest().url());
149         } else {
150             // If there is already a protection space known for the URL, update stored credentials before sending a request.
151             // This makes it possible to implement logout by sending an XMLHttpRequest with known incorrect credentials, and aborting it immediately
152             // (so that an authentication dialog doesn't pop up).
153             d->m_context->storageSession().credentialStorage().set(firstRequest().cachePartition(), Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url());
154         }
155     }
156         
157     if (!d->m_initialCredential.isEmpty()) {
158         // FIXME: Support Digest authentication, and Proxy-Authorization.
159         applyBasicAuthorizationHeader(firstRequest(), d->m_initialCredential);
160     }
161
162     NSURLRequest *nsRequest = firstRequest().nsURLRequest(UpdateHTTPBody);
163     if (!shouldContentSniff) {
164         NSMutableURLRequest *mutableRequest = [[nsRequest mutableCopy] autorelease];
165         [mutableRequest _setProperty:@(NO) forKey:(NSString *)_kCFURLConnectionPropertyShouldSniff];
166         nsRequest = mutableRequest;
167     }
168
169 #if HAVE(CFNETWORK_STORAGE_PARTITIONING)
170     String storagePartition = d->m_context->storageSession().cookieStoragePartition(firstRequest());
171     if (!storagePartition.isEmpty()) {
172         NSMutableURLRequest *mutableRequest = [[nsRequest mutableCopy] autorelease];
173         [mutableRequest _setProperty:storagePartition forKey:@"__STORAGE_PARTITION_IDENTIFIER"];
174         nsRequest = mutableRequest;
175     }
176 #endif
177
178     if (d->m_storageSession)
179         nsRequest = [copyRequestWithStorageSession(d->m_storageSession.get(), nsRequest) autorelease];
180
181     ASSERT([NSURLConnection instancesRespondToSelector:@selector(_initWithRequest:delegate:usesCache:maxContentLength:startImmediately:connectionProperties:)]);
182
183 #if PLATFORM(IOS)
184     // FIXME: This code is different from iOS code in ResourceHandleCFNet.cpp in that here we respect stream properties that were present in client properties.
185     NSDictionary *streamPropertiesFromClient = [connectionProperties objectForKey:@"kCFURLConnectionSocketStreamProperties"];
186     NSMutableDictionary *streamProperties = streamPropertiesFromClient ? [[streamPropertiesFromClient mutableCopy] autorelease] : [NSMutableDictionary dictionary];
187 #else
188     NSMutableDictionary *streamProperties = [NSMutableDictionary dictionary];
189 #endif
190
191     if (!shouldUseCredentialStorage) {
192         // Avoid using existing connections, because they may be already authenticated.
193         [streamProperties setObject:@"WebKitPrivateSession" forKey:@"_kCFURLConnectionSessionID"];
194     }
195
196     if (schedulingBehavior == SchedulingBehavior::Synchronous) {
197         // Synchronous requests should not be subject to regular connection count limit to avoid deadlocks.
198         // If we are using all available connections for async requests, and make a sync request, then prior
199         // requests may get stuck waiting for delegate calls while we are in nested run loop, and the sync
200         // request won't start because there are no available connections.
201         // Connections are grouped by their socket stream properties, with each group having a separate count.
202         [streamProperties setObject:@TRUE forKey:@"_WebKitSynchronousRequest"];
203     }
204
205     RetainPtr<CFDataRef> sourceApplicationAuditData = d->m_context->sourceApplicationAuditData();
206     if (sourceApplicationAuditData)
207         [streamProperties setObject:(NSData *)sourceApplicationAuditData.get() forKey:@"kCFStreamPropertySourceApplication"];
208
209 #if PLATFORM(IOS)
210     NSMutableDictionary *propertyDictionary = [NSMutableDictionary dictionaryWithDictionary:connectionProperties];
211     [propertyDictionary setObject:streamProperties forKey:@"kCFURLConnectionSocketStreamProperties"];
212     const bool usesCache = false;
213     if (synchronousWillSendRequestEnabled())
214         CFURLRequestSetShouldStartSynchronously([nsRequest _CFURLRequest], 1);
215 #else
216     NSMutableDictionary *propertyDictionary = [NSMutableDictionary dictionaryWithObject:streamProperties forKey:@"kCFURLConnectionSocketStreamProperties"];
217     const bool usesCache = true;
218 #endif
219 #if HAVE(TIMINGDATAOPTIONS)
220     [propertyDictionary setObject:@{@"_kCFURLConnectionPropertyTimingDataOptions": @(_TimingDataOptionsEnableW3CNavigationTiming)} forKey:@"kCFURLConnectionURLConnectionProperties"];
221 #endif
222
223     // This is used to signal that to CFNetwork that this connection should be considered
224     // web content for purposes of App Transport Security.
225     [propertyDictionary setObject:@{@"NSAllowsArbitraryLoadsInWebContent": @YES} forKey:@"_kCFURLConnectionPropertyATSFrameworkOverrides"];
226
227     d->m_connection = adoptNS([[NSURLConnection alloc] _initWithRequest:nsRequest delegate:delegate usesCache:usesCache maxContentLength:0 startImmediately:NO connectionProperties:propertyDictionary]);
228 }
229
230 bool ResourceHandle::start()
231 {
232     if (!d->m_context)
233         return false;
234
235     BEGIN_BLOCK_OBJC_EXCEPTIONS;
236
237     // If NetworkingContext is invalid then we are no longer attached to a Page,
238     // this must be an attempted load from an unload event handler, so let's just block it.
239     if (!d->m_context->isValid())
240         return false;
241
242     d->m_storageSession = d->m_context->storageSession().platformSession();
243
244     // FIXME: Do not use the sync version of shouldUseCredentialStorage when the client returns true from usesAsyncCallbacks.
245     bool shouldUseCredentialStorage = !client() || client()->shouldUseCredentialStorage(this);
246
247     SchedulingBehavior schedulingBehavior = client() && client()->loadingSynchronousXHR() ? SchedulingBehavior::Synchronous : SchedulingBehavior::Asynchronous;
248
249 #if !PLATFORM(IOS)
250     createNSURLConnection(
251         ResourceHandle::makeDelegate(shouldUseCredentialStorage),
252         shouldUseCredentialStorage,
253         d->m_shouldContentSniff || d->m_context->localFileContentSniffingEnabled(),
254         schedulingBehavior);
255 #else
256     createNSURLConnection(
257         ResourceHandle::makeDelegate(shouldUseCredentialStorage),
258         shouldUseCredentialStorage,
259         d->m_shouldContentSniff || d->m_context->localFileContentSniffingEnabled(),
260         schedulingBehavior,
261         (NSDictionary *)client()->connectionProperties(this).get());
262 #endif
263
264     bool scheduled = false;
265     if (SchedulePairHashSet* scheduledPairs = d->m_context->scheduledRunLoopPairs()) {
266         SchedulePairHashSet::iterator end = scheduledPairs->end();
267         for (SchedulePairHashSet::iterator it = scheduledPairs->begin(); it != end; ++it) {
268             if (NSRunLoop *runLoop = (*it)->nsRunLoop()) {
269                 [connection() scheduleInRunLoop:runLoop forMode:(NSString *)(*it)->mode()];
270                 scheduled = true;
271             }
272         }
273     }
274
275     if (d->m_usesAsyncCallbacks) {
276         ASSERT(!scheduled);
277         [connection() setDelegateQueue:operationQueueForAsyncClients()];
278         scheduled = true;
279     }
280 #if PLATFORM(IOS)
281     else {
282         [connection() scheduleInRunLoop:WebThreadNSRunLoop() forMode:NSDefaultRunLoopMode];
283         scheduled = true;
284     }
285 #endif
286
287     // Start the connection if we did schedule with at least one runloop.
288     // We can't start the connection until we have one runloop scheduled.
289     if (scheduled)
290         [connection() start];
291     else
292         d->m_startWhenScheduled = true;
293
294     LOG(Network, "Handle %p starting connection %p for %@", this, connection(), firstRequest().nsURLRequest(DoNotUpdateHTTPBody));
295     
296     if (d->m_connection) {
297         if (d->m_defersLoading)
298             connection().defersCallbacks = YES;
299
300         return true;
301     }
302
303     END_BLOCK_OBJC_EXCEPTIONS;
304
305     return false;
306 }
307
308 void ResourceHandle::cancel()
309 {
310     LOG(Network, "Handle %p cancel connection %p", this, d->m_connection.get());
311
312     // Leaks were seen on HTTP tests without this; can be removed once <rdar://problem/6886937> is fixed.
313     if (d->m_currentMacChallenge)
314         [[d->m_currentMacChallenge sender] cancelAuthenticationChallenge:d->m_currentMacChallenge];
315
316     [d->m_connection.get() cancel];
317 }
318
319 void ResourceHandle::platformSetDefersLoading(bool defers)
320 {
321     if (d->m_connection)
322         [d->m_connection setDefersCallbacks:defers];
323 }
324
325 #if !USE(CFURLCONNECTION)
326
327 void ResourceHandle::schedule(SchedulePair& pair)
328 {
329     NSRunLoop *runLoop = pair.nsRunLoop();
330     if (!runLoop)
331         return;
332     [d->m_connection.get() scheduleInRunLoop:runLoop forMode:(NSString *)pair.mode()];
333     if (d->m_startWhenScheduled) {
334         [d->m_connection.get() start];
335         d->m_startWhenScheduled = false;
336     }
337 }
338
339 void ResourceHandle::unschedule(SchedulePair& pair)
340 {
341     if (NSRunLoop *runLoop = pair.nsRunLoop())
342         [d->m_connection.get() unscheduleFromRunLoop:runLoop forMode:(NSString *)pair.mode()];
343 }
344
345 #endif
346
347 id ResourceHandle::makeDelegate(bool shouldUseCredentialStorage)
348 {
349     ASSERT(!d->m_delegate);
350
351     id <NSURLConnectionDelegate> delegate;
352     if (d->m_usesAsyncCallbacks) {
353         if (shouldUseCredentialStorage)
354             delegate = [[WebCoreResourceHandleAsOperationQueueDelegate alloc] initWithHandle:this];
355         else
356             delegate = [[WebCoreResourceHandleWithCredentialStorageAsOperationQueueDelegate alloc] initWithHandle:this];
357     } else
358         delegate = [[WebCoreResourceHandleAsDelegate alloc] initWithHandle:this];
359
360     d->m_delegate = delegate;
361     [delegate release];
362
363     return d->m_delegate.get();
364 }
365
366 id ResourceHandle::delegate()
367 {
368     if (!d->m_delegate)
369         return makeDelegate(false);
370     return d->m_delegate.get();
371 }
372
373 void ResourceHandle::releaseDelegate()
374 {
375     if (!d->m_delegate)
376         return;
377     [d->m_delegate.get() detachHandle];
378     d->m_delegate = nil;
379 }
380
381 NSURLConnection *ResourceHandle::connection() const
382 {
383     return d->m_connection.get();
384 }
385     
386 CFStringRef ResourceHandle::synchronousLoadRunLoopMode()
387 {
388     return CFSTR("WebCoreSynchronousLoaderRunLoopMode");
389 }
390
391 void ResourceHandle::platformLoadResourceSynchronously(NetworkingContext* context, const ResourceRequest& request, StoredCredentialsPolicy storedCredentialsPolicy, ResourceError& error, ResourceResponse& response, Vector<char>& data)
392 {
393     LOG(Network, "ResourceHandle::platformLoadResourceSynchronously:%@ storedCredentialsPolicy:%u", request.nsURLRequest(DoNotUpdateHTTPBody), static_cast<unsigned>(storedCredentialsPolicy));
394
395     ASSERT(!request.isEmpty());
396     
397     SynchronousLoaderClient client;
398     client.setAllowStoredCredentials(storedCredentialsPolicy == StoredCredentialsPolicy::Use);
399
400     RefPtr<ResourceHandle> handle = adoptRef(new ResourceHandle(context, request, &client, false /*defersLoading*/, true /*shouldContentSniff*/));
401
402     handle->d->m_storageSession = context->storageSession().platformSession();
403
404     if (context && handle->d->m_scheduledFailureType != NoFailure) {
405         error = context->blockedError(request);
406         return;
407     }
408
409     bool shouldUseCredentialStorage = storedCredentialsPolicy == StoredCredentialsPolicy::Use;
410 #if !PLATFORM(IOS)
411     handle->createNSURLConnection(
412         handle->makeDelegate(shouldUseCredentialStorage),
413         shouldUseCredentialStorage,
414         handle->shouldContentSniff() || context->localFileContentSniffingEnabled(),
415         SchedulingBehavior::Synchronous);
416 #else
417     handle->createNSURLConnection(
418         handle->makeDelegate(shouldUseCredentialStorage), // A synchronous request cannot turn into a download, so there is no need to proxy the delegate.
419         shouldUseCredentialStorage,
420         handle->shouldContentSniff() || (context && context->localFileContentSniffingEnabled()),
421         SchedulingBehavior::Synchronous,
422         (NSDictionary *)handle->client()->connectionProperties(handle.get()).get());
423 #endif
424
425     [handle->connection() scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:(NSString *)synchronousLoadRunLoopMode()];
426     [handle->connection() start];
427     
428     while (!client.isDone())
429         [[NSRunLoop currentRunLoop] runMode:(NSString *)synchronousLoadRunLoopMode() beforeDate:[NSDate distantFuture]];
430
431     error = client.error();
432     
433     [handle->connection() cancel];
434
435     if (error.isNull())
436         response = client.response();
437
438     data.swap(client.mutableData());
439 }
440
441 ResourceRequest ResourceHandle::willSendRequest(ResourceRequest&& request, ResourceResponse&& redirectResponse)
442 {
443     ASSERT(!redirectResponse.isNull());
444
445     if (redirectResponse.httpStatusCode() == 307) {
446         String lastHTTPMethod = d->m_lastHTTPMethod;
447         if (!equalIgnoringASCIICase(lastHTTPMethod, request.httpMethod())) {
448             request.setHTTPMethod(lastHTTPMethod);
449     
450             FormData* body = d->m_firstRequest.httpBody();
451             if (!equalLettersIgnoringASCIICase(lastHTTPMethod, "get") && body && !body->isEmpty())
452                 request.setHTTPBody(body);
453
454             String originalContentType = d->m_firstRequest.httpContentType();
455             if (!originalContentType.isEmpty())
456                 request.setHTTPHeaderField(HTTPHeaderName::ContentType, originalContentType);
457         }
458     }
459
460     // Should not set Referer after a redirect from a secure resource to non-secure one.
461     if (!request.url().protocolIs("https") && protocolIs(request.httpReferrer(), "https") && d->m_context->shouldClearReferrerOnHTTPSToHTTPRedirect())
462         request.clearHTTPReferrer();
463
464     const URL& url = request.url();
465     d->m_user = url.user();
466     d->m_pass = url.pass();
467     d->m_lastHTTPMethod = request.httpMethod();
468     request.removeCredentials();
469
470     if (!protocolHostAndPortAreEqual(request.url(), redirectResponse.url())) {
471         // The network layer might carry over some headers from the original request that
472         // we want to strip here because the redirect is cross-origin.
473         request.clearHTTPAuthorization();
474         request.clearHTTPOrigin();
475     } else {
476         // Only consider applying authentication credentials if this is actually a redirect and the redirect
477         // URL didn't include credentials of its own.
478         if (d->m_user.isEmpty() && d->m_pass.isEmpty() && !redirectResponse.isNull()) {
479             Credential credential = d->m_context->storageSession().credentialStorage().get(request.cachePartition(), request.url());
480             if (!credential.isEmpty()) {
481                 d->m_initialCredential = credential;
482                 
483                 // FIXME: Support Digest authentication, and Proxy-Authorization.
484                 applyBasicAuthorizationHeader(request, d->m_initialCredential);
485             }
486         }
487     }
488
489     if (d->m_usesAsyncCallbacks) {
490         client()->willSendRequestAsync(this, WTFMove(request), WTFMove(redirectResponse));
491         return { };
492     }
493
494     Ref<ResourceHandle> protectedThis(*this);
495     auto newRequest = client()->willSendRequest(this, WTFMove(request), WTFMove(redirectResponse));
496
497     // Client call may not preserve the session, especially if the request is sent over IPC.
498     if (!newRequest.isNull())
499         newRequest.setStorageSession(d->m_storageSession.get());
500     return newRequest;
501 }
502
503 void ResourceHandle::continueWillSendRequest(ResourceRequest&& newRequest)
504 {
505     ASSERT(d->m_usesAsyncCallbacks);
506
507     // Client call may not preserve the session, especially if the request is sent over IPC.
508     if (!newRequest.isNull())
509         newRequest.setStorageSession(d->m_storageSession.get());
510     [(id)delegate() continueWillSendRequest:newRequest.nsURLRequest(UpdateHTTPBody)];
511 }
512
513 void ResourceHandle::continueDidReceiveResponse()
514 {
515     ASSERT(d->m_usesAsyncCallbacks);
516
517     [delegate() continueDidReceiveResponse];
518 }
519
520 bool ResourceHandle::shouldUseCredentialStorage()
521 {
522     ASSERT(!d->m_usesAsyncCallbacks);
523     return client() && client()->shouldUseCredentialStorage(this);
524 }
525
526 void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
527 {
528     ASSERT(!d->m_currentMacChallenge);
529     ASSERT(d->m_currentWebChallenge.isNull());
530     // Since NSURLConnection networking relies on keeping a reference to the original NSURLAuthenticationChallenge,
531     // we make sure that is actually present
532     ASSERT(challenge.nsURLAuthenticationChallenge());
533
534     // Proxy authentication is handled by CFNetwork internally. We can get here if the user cancels
535     // CFNetwork authentication dialog, and we shouldn't ask the client to display another one in that case.
536     if (challenge.protectionSpace().isProxy()) {
537         // Cannot use receivedRequestToContinueWithoutCredential(), because current challenge is not yet set.
538         [challenge.sender() continueWithoutCredentialForAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()];
539         return;
540     }
541
542     if (tryHandlePasswordBasedAuthentication(challenge))
543         return;
544
545 #if PLATFORM(IOS)
546     // If the challenge is for a proxy protection space, look for default credentials in
547     // the keychain.  CFNetwork used to handle this until WebCore was changed to always
548     // return NO to -connectionShouldUseCredentialStorage: for <rdar://problem/7704943>.
549     if (!challenge.previousFailureCount() && challenge.protectionSpace().isProxy()) {
550         NSURLAuthenticationChallenge *macChallenge = mac(challenge);
551         if (NSURLCredential *credential = [[NSURLCredentialStorage sharedCredentialStorage] defaultCredentialForProtectionSpace:[macChallenge protectionSpace]]) {
552             [challenge.sender() useCredential:credential forAuthenticationChallenge:macChallenge];
553             return;
554         }
555     }
556 #endif // PLATFORM(IOS)
557
558     d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge();
559     d->m_currentWebChallenge = core(d->m_currentMacChallenge);
560     d->m_currentWebChallenge.setAuthenticationClient(this);
561
562     // FIXME: Several concurrent requests can return with the an authentication challenge for the same protection space.
563     // We should avoid making additional client calls for the same protection space when already waiting for the user,
564     // because typing the same credentials several times is annoying.
565     if (client())
566         client()->didReceiveAuthenticationChallenge(this, d->m_currentWebChallenge);
567     else {
568         clearAuthentication();
569         [challenge.sender() performDefaultHandlingForAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()];
570     }
571 }
572
573 bool ResourceHandle::tryHandlePasswordBasedAuthentication(const AuthenticationChallenge& challenge)
574 {
575     if (!challenge.protectionSpace().isPasswordBased())
576         return false;
577
578     if (!d->m_user.isNull() && !d->m_pass.isNull()) {
579         NSURLCredential *credential = [[NSURLCredential alloc] initWithUser:d->m_user
580                                                                    password:d->m_pass
581                                                                 persistence:NSURLCredentialPersistenceForSession];
582         d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge();
583         d->m_currentWebChallenge = challenge;
584         receivedCredential(challenge, Credential(credential));
585         [credential release];
586         // FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly.
587         d->m_user = String();
588         d->m_pass = String();
589         return true;
590     }
591
592     // FIXME: Do not use the sync version of shouldUseCredentialStorage when the client returns true from usesAsyncCallbacks.
593     if (!client() || client()->shouldUseCredentialStorage(this)) {
594         if (!d->m_initialCredential.isEmpty() || challenge.previousFailureCount()) {
595             // The stored credential wasn't accepted, stop using it.
596             // There is a race condition here, since a different credential might have already been stored by another ResourceHandle,
597             // but the observable effect should be very minor, if any.
598             d->m_context->storageSession().credentialStorage().remove(d->m_partition, challenge.protectionSpace());
599         }
600
601         if (!challenge.previousFailureCount()) {
602             Credential credential = d->m_context->storageSession().credentialStorage().get(d->m_partition, challenge.protectionSpace());
603             if (!credential.isEmpty() && credential != d->m_initialCredential) {
604                 ASSERT(credential.persistence() == CredentialPersistenceNone);
605                 if (challenge.failureResponse().httpStatusCode() == 401) {
606                     // Store the credential back, possibly adding it as a default for this directory.
607                     d->m_context->storageSession().credentialStorage().set(d->m_partition, credential, challenge.protectionSpace(), challenge.failureResponse().url());
608                 }
609                 [challenge.sender() useCredential:credential.nsCredential() forAuthenticationChallenge:mac(challenge)];
610                 return true;
611             }
612         }
613     }
614
615     return false;
616 }
617
618 #if USE(PROTECTION_SPACE_AUTH_CALLBACK)
619 bool ResourceHandle::canAuthenticateAgainstProtectionSpace(const ProtectionSpace& protectionSpace)
620 {
621     ResourceHandleClient* client = this->client();
622     if (d->m_usesAsyncCallbacks) {
623         if (client)
624             client->canAuthenticateAgainstProtectionSpaceAsync(this, protectionSpace);
625         else
626             continueCanAuthenticateAgainstProtectionSpace(false);
627         return false; // Ignored by caller.
628     }
629
630     return client && client->canAuthenticateAgainstProtectionSpace(this, protectionSpace);
631 }
632
633 void ResourceHandle::continueCanAuthenticateAgainstProtectionSpace(bool result)
634 {
635     ASSERT(d->m_usesAsyncCallbacks);
636
637     [(id)delegate() continueCanAuthenticateAgainstProtectionSpace:result];
638 }
639 #endif
640
641 void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge, const Credential& credential)
642 {
643     LOG(Network, "Handle %p receivedCredential", this);
644
645     ASSERT(!challenge.isNull());
646     if (challenge != d->m_currentWebChallenge)
647         return;
648
649     // FIXME: Support empty credentials. Currently, an empty credential cannot be stored in WebCore credential storage, as that's empty value for its map.
650     if (credential.isEmpty()) {
651         receivedRequestToContinueWithoutCredential(challenge);
652         return;
653     }
654
655     if (credential.persistence() == CredentialPersistenceForSession && challenge.protectionSpace().authenticationScheme() != ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
656         // Manage per-session credentials internally, because once NSURLCredentialPersistenceForSession is used, there is no way
657         // to ignore it for a particular request (short of removing it altogether).
658         Credential webCredential(credential, CredentialPersistenceNone);
659         URL urlToStore;
660         if (challenge.failureResponse().httpStatusCode() == 401)
661             urlToStore = challenge.failureResponse().url();
662         d->m_context->storageSession().credentialStorage().set(d->m_partition, webCredential, ProtectionSpace([d->m_currentMacChallenge protectionSpace]), urlToStore);
663         [[d->m_currentMacChallenge sender] useCredential:webCredential.nsCredential() forAuthenticationChallenge:d->m_currentMacChallenge];
664     } else
665         [[d->m_currentMacChallenge sender] useCredential:credential.nsCredential() forAuthenticationChallenge:d->m_currentMacChallenge];
666
667     clearAuthentication();
668 }
669
670 void ResourceHandle::receivedRequestToContinueWithoutCredential(const AuthenticationChallenge& challenge)
671 {
672     LOG(Network, "Handle %p receivedRequestToContinueWithoutCredential", this);
673
674     ASSERT(!challenge.isNull());
675     if (challenge != d->m_currentWebChallenge)
676         return;
677
678     [[d->m_currentMacChallenge sender] continueWithoutCredentialForAuthenticationChallenge:d->m_currentMacChallenge];
679
680     clearAuthentication();
681 }
682
683 void ResourceHandle::receivedCancellation(const AuthenticationChallenge& challenge)
684 {
685     LOG(Network, "Handle %p receivedCancellation", this);
686
687     if (challenge != d->m_currentWebChallenge)
688         return;
689
690     if (client())
691         client()->receivedCancellation(this, challenge);
692 }
693
694 void ResourceHandle::receivedRequestToPerformDefaultHandling(const AuthenticationChallenge& challenge)
695 {
696     LOG(Network, "Handle %p receivedRequestToPerformDefaultHandling", this);
697
698     ASSERT(!challenge.isNull());
699     if (challenge != d->m_currentWebChallenge)
700         return;
701
702     [[d->m_currentMacChallenge sender] performDefaultHandlingForAuthenticationChallenge:d->m_currentMacChallenge];
703
704     clearAuthentication();
705 }
706
707 void ResourceHandle::receivedChallengeRejection(const AuthenticationChallenge& challenge)
708 {
709     LOG(Network, "Handle %p receivedChallengeRejection", this);
710
711     ASSERT(!challenge.isNull());
712     if (challenge != d->m_currentWebChallenge)
713         return;
714
715     [[d->m_currentMacChallenge sender] rejectProtectionSpaceAndContinueWithChallenge:d->m_currentMacChallenge];
716
717     clearAuthentication();
718 }
719
720 void ResourceHandle::continueWillCacheResponse(NSCachedURLResponse *response)
721 {
722     ASSERT(d->m_usesAsyncCallbacks);
723
724     [(id)delegate() continueWillCacheResponse:response];
725 }
726
727 #endif // !USE(CFURLCONNECTION)
728
729 #if USE(CFURLCONNECTION)
730
731 void ResourceHandle::getConnectionTimingData(CFURLConnectionRef connection, NetworkLoadMetrics& timing)
732 {
733     copyTimingData((__bridge NSDictionary*)adoptCF(_CFURLConnectionCopyTimingData(connection)).get(), timing);
734 }
735
736 #else
737
738 void ResourceHandle::getConnectionTimingData(NSURLConnection *connection, NetworkLoadMetrics& timing)
739 {
740     copyTimingData([connection _timingData], timing);
741 }
742
743 #endif
744
745 } // namespace WebCore