[Resource Timing] Gather timing information with reliable responseEnd time
[WebKit-https.git] / Source / WebCore / platform / network / mac / ResourceHandleMac.mm
1 /*
2  * Copyright (C) 2004-2017 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #import "config.h"
27 #import "ResourceHandleInternal.h"
28
29 #import "AuthenticationChallenge.h"
30 #import "AuthenticationMac.h"
31 #import "CFNetworkSPI.h"
32 #import "CookieStorage.h"
33 #import "CredentialStorage.h"
34 #import "CachedResourceLoader.h"
35 #import "FormDataStreamMac.h"
36 #import "Frame.h"
37 #import "FrameLoader.h"
38 #import "HTTPHeaderNames.h"
39 #import "Logging.h"
40 #import "MIMETypeRegistry.h"
41 #import "NSURLConnectionSPI.h"
42 #import "NetworkStorageSession.h"
43 #import "NetworkingContext.h"
44 #import "ResourceError.h"
45 #import "ResourceResponse.h"
46 #import "SharedBuffer.h"
47 #import "SubresourceLoader.h"
48 #import "WebCoreResourceHandleAsDelegate.h"
49 #import "WebCoreResourceHandleAsOperationQueueDelegate.h"
50 #import "SynchronousLoaderClient.h"
51 #import "WebCoreSystemInterface.h"
52 #import "WebCoreURLResponse.h"
53 #import <wtf/BlockObjCExceptions.h>
54 #import <wtf/Ref.h>
55 #import <wtf/SchedulePair.h>
56 #import <wtf/text/Base64.h>
57 #import <wtf/text/CString.h>
58
59 #if USE(CFURLCONNECTION)
60 #if USE(APPLE_INTERNAL_SDK)
61 #import <CFNetwork/CFURLConnectionPriv.h>
62 #endif
63 typedef struct _CFURLConnection* CFURLConnectionRef;
64 extern "C" {
65 CFDictionaryRef _CFURLConnectionCopyTimingData(CFURLConnectionRef);
66 }
67 #endif // USE(CFURLCONNECTION)
68
69 #if PLATFORM(IOS)
70 #import "CFNetworkSPI.h"
71 #import "RuntimeApplicationChecks.h"
72 #import "WebCoreThreadRun.h"
73
74 @interface NSURLRequest ()
75 - (CFURLRequestRef) _CFURLRequest;
76 @end
77 #endif
78
79 using namespace WebCore;
80
81 @interface NSURLConnection ()
82 -(id)_initWithRequest:(NSURLRequest *)request delegate:(id)delegate usesCache:(BOOL)usesCacheFlag maxContentLength:(long long)maxContentLength startImmediately:(BOOL)startImmediately connectionProperties:(NSDictionary *)connectionProperties;
83 @end
84
85 namespace WebCore {
86     
87 #if !USE(CFURLCONNECTION)
88     
89 static void applyBasicAuthorizationHeader(ResourceRequest& request, const Credential& credential)
90 {
91     String authenticationHeader = "Basic " + base64Encode(String(credential.user() + ":" + credential.password()).utf8());
92
93     request.setHTTPHeaderField(HTTPHeaderName::Authorization, authenticationHeader);
94 }
95
96 static NSOperationQueue *operationQueueForAsyncClients()
97 {
98     static NSOperationQueue *queue;
99     if (!queue) {
100         queue = [[NSOperationQueue alloc] init];
101         // Default concurrent operation count depends on current system workload, but delegate methods are mostly idling in IPC, so we can run as many as needed.
102         [queue setMaxConcurrentOperationCount:NSOperationQueueDefaultMaxConcurrentOperationCount];
103     }
104     return queue;
105 }
106
107 ResourceHandleInternal::~ResourceHandleInternal()
108 {
109 }
110
111 ResourceHandle::~ResourceHandle()
112 {
113     releaseDelegate();
114     d->m_currentWebChallenge.setAuthenticationClient(0);
115
116     LOG(Network, "Handle %p destroyed", this);
117 }
118
119 #if PLATFORM(IOS)
120 static bool synchronousWillSendRequestEnabled()
121 {
122 #if PLATFORM(IOS)
123     static bool disabled = [[NSUserDefaults standardUserDefaults] boolForKey:@"WebKitDisableSynchronousWillSendRequestPreferenceKey"] || IOSApplication::isIBooks();
124 #else
125     static bool disabled = [[NSUserDefaults standardUserDefaults] boolForKey:@"WebKitDisableSynchronousWillSendRequestPreferenceKey"];
126 #endif
127
128     return !disabled;
129 }
130 #endif
131
132 #if !PLATFORM(IOS)
133 void ResourceHandle::createNSURLConnection(id delegate, bool shouldUseCredentialStorage, bool shouldContentSniff, SchedulingBehavior schedulingBehavior)
134 #else
135 void ResourceHandle::createNSURLConnection(id delegate, bool shouldUseCredentialStorage, bool shouldContentSniff, SchedulingBehavior schedulingBehavior, NSDictionary *connectionProperties)
136 #endif
137 {
138 #if ENABLE(WEB_TIMING) && !HAVE(TIMINGDATAOPTIONS)
139     setCollectsTimingData();
140 #endif
141
142     // Credentials for ftp can only be passed in URL, the connection:didReceiveAuthenticationChallenge: delegate call won't be made.
143     if ((!d->m_user.isEmpty() || !d->m_pass.isEmpty()) && !firstRequest().url().protocolIsInHTTPFamily()) {
144         URL urlWithCredentials(firstRequest().url());
145         urlWithCredentials.setUser(d->m_user);
146         urlWithCredentials.setPass(d->m_pass);
147         firstRequest().setURL(urlWithCredentials);
148     }
149
150     if (shouldUseCredentialStorage && firstRequest().url().protocolIsInHTTPFamily()) {
151         if (d->m_user.isEmpty() && d->m_pass.isEmpty()) {
152             // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, 
153             // try and reuse the credential preemptively, as allowed by RFC 2617.
154             d->m_initialCredential = d->m_context->storageSession().credentialStorage().get(firstRequest().cachePartition(), firstRequest().url());
155         } else {
156             // If there is already a protection space known for the URL, update stored credentials before sending a request.
157             // This makes it possible to implement logout by sending an XMLHttpRequest with known incorrect credentials, and aborting it immediately
158             // (so that an authentication dialog doesn't pop up).
159             d->m_context->storageSession().credentialStorage().set(firstRequest().cachePartition(), Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url());
160         }
161     }
162         
163     if (!d->m_initialCredential.isEmpty()) {
164         // FIXME: Support Digest authentication, and Proxy-Authorization.
165         applyBasicAuthorizationHeader(firstRequest(), d->m_initialCredential);
166     }
167
168     NSURLRequest *nsRequest = firstRequest().nsURLRequest(UpdateHTTPBody);
169     if (!shouldContentSniff) {
170         NSMutableURLRequest *mutableRequest = [[nsRequest mutableCopy] autorelease];
171         [mutableRequest _setProperty:@(NO) forKey:(NSString *)_kCFURLConnectionPropertyShouldSniff];
172         nsRequest = mutableRequest;
173     }
174
175 #if HAVE(CFNETWORK_STORAGE_PARTITIONING)
176     String storagePartition = cookieStoragePartition(firstRequest());
177     if (!storagePartition.isEmpty()) {
178         NSMutableURLRequest *mutableRequest = [[nsRequest mutableCopy] autorelease];
179         [mutableRequest _setProperty:storagePartition forKey:@"__STORAGE_PARTITION_IDENTIFIER"];
180         nsRequest = mutableRequest;
181     }
182 #endif
183
184     if (d->m_storageSession)
185         nsRequest = [wkCopyRequestWithStorageSession(d->m_storageSession.get(), nsRequest) autorelease];
186
187     ASSERT([NSURLConnection instancesRespondToSelector:@selector(_initWithRequest:delegate:usesCache:maxContentLength:startImmediately:connectionProperties:)]);
188
189 #if PLATFORM(IOS)
190     // FIXME: This code is different from iOS code in ResourceHandleCFNet.cpp in that here we respect stream properties that were present in client properties.
191     NSDictionary *streamPropertiesFromClient = [connectionProperties objectForKey:@"kCFURLConnectionSocketStreamProperties"];
192     NSMutableDictionary *streamProperties = streamPropertiesFromClient ? [[streamPropertiesFromClient mutableCopy] autorelease] : [NSMutableDictionary dictionary];
193 #else
194     NSMutableDictionary *streamProperties = [NSMutableDictionary dictionary];
195 #endif
196
197     if (!shouldUseCredentialStorage) {
198         // Avoid using existing connections, because they may be already authenticated.
199         [streamProperties setObject:@"WebKitPrivateSession" forKey:@"_kCFURLConnectionSessionID"];
200     }
201
202     if (schedulingBehavior == SchedulingBehavior::Synchronous) {
203         // Synchronous requests should not be subject to regular connection count limit to avoid deadlocks.
204         // If we are using all available connections for async requests, and make a sync request, then prior
205         // requests may get stuck waiting for delegate calls while we are in nested run loop, and the sync
206         // request won't start because there are no available connections.
207         // Connections are grouped by their socket stream properties, with each group having a separate count.
208         [streamProperties setObject:@TRUE forKey:@"_WebKitSynchronousRequest"];
209     }
210
211     RetainPtr<CFDataRef> sourceApplicationAuditData = d->m_context->sourceApplicationAuditData();
212     if (sourceApplicationAuditData)
213         [streamProperties setObject:(NSData *)sourceApplicationAuditData.get() forKey:@"kCFStreamPropertySourceApplication"];
214
215 #if PLATFORM(IOS)
216     NSMutableDictionary *propertyDictionary = [NSMutableDictionary dictionaryWithDictionary:connectionProperties];
217     [propertyDictionary setObject:streamProperties forKey:@"kCFURLConnectionSocketStreamProperties"];
218     const bool usesCache = false;
219     if (synchronousWillSendRequestEnabled())
220         CFURLRequestSetShouldStartSynchronously([nsRequest _CFURLRequest], 1);
221 #else
222     NSMutableDictionary *propertyDictionary = [NSMutableDictionary dictionaryWithObject:streamProperties forKey:@"kCFURLConnectionSocketStreamProperties"];
223     const bool usesCache = true;
224 #endif
225 #if HAVE(TIMINGDATAOPTIONS)
226     [propertyDictionary setObject:@{@"_kCFURLConnectionPropertyTimingDataOptions": @(_TimingDataOptionsEnableW3CNavigationTiming)} forKey:@"kCFURLConnectionURLConnectionProperties"];
227 #endif
228
229     // This is used to signal that to CFNetwork that this connection should be considered
230     // web content for purposes of App Transport Security.
231     [propertyDictionary setObject:@{@"NSAllowsArbitraryLoadsInWebContent": @YES} forKey:@"_kCFURLConnectionPropertyATSFrameworkOverrides"];
232
233     d->m_connection = adoptNS([[NSURLConnection alloc] _initWithRequest:nsRequest delegate:delegate usesCache:usesCache maxContentLength:0 startImmediately:NO connectionProperties:propertyDictionary]);
234 }
235
236 bool ResourceHandle::start()
237 {
238     if (!d->m_context)
239         return false;
240
241     BEGIN_BLOCK_OBJC_EXCEPTIONS;
242
243     // If NetworkingContext is invalid then we are no longer attached to a Page,
244     // this must be an attempted load from an unload event handler, so let's just block it.
245     if (!d->m_context->isValid())
246         return false;
247
248     d->m_storageSession = d->m_context->storageSession().platformSession();
249
250     // FIXME: Do not use the sync version of shouldUseCredentialStorage when the client returns true from usesAsyncCallbacks.
251     bool shouldUseCredentialStorage = !client() || client()->shouldUseCredentialStorage(this);
252
253     SchedulingBehavior schedulingBehavior = client() && client()->loadingSynchronousXHR() ? SchedulingBehavior::Synchronous : SchedulingBehavior::Asynchronous;
254
255 #if !PLATFORM(IOS)
256     createNSURLConnection(
257         ResourceHandle::makeDelegate(shouldUseCredentialStorage),
258         shouldUseCredentialStorage,
259         d->m_shouldContentSniff || d->m_context->localFileContentSniffingEnabled(),
260         schedulingBehavior);
261 #else
262     createNSURLConnection(
263         ResourceHandle::makeDelegate(shouldUseCredentialStorage),
264         shouldUseCredentialStorage,
265         d->m_shouldContentSniff || d->m_context->localFileContentSniffingEnabled(),
266         schedulingBehavior,
267         (NSDictionary *)client()->connectionProperties(this).get());
268 #endif
269
270     bool scheduled = false;
271     if (SchedulePairHashSet* scheduledPairs = d->m_context->scheduledRunLoopPairs()) {
272         SchedulePairHashSet::iterator end = scheduledPairs->end();
273         for (SchedulePairHashSet::iterator it = scheduledPairs->begin(); it != end; ++it) {
274             if (NSRunLoop *runLoop = (*it)->nsRunLoop()) {
275                 [connection() scheduleInRunLoop:runLoop forMode:(NSString *)(*it)->mode()];
276                 scheduled = true;
277             }
278         }
279     }
280
281     if (d->m_usesAsyncCallbacks) {
282         ASSERT(!scheduled);
283         [connection() setDelegateQueue:operationQueueForAsyncClients()];
284         scheduled = true;
285     }
286 #if PLATFORM(IOS)
287     else {
288         [connection() scheduleInRunLoop:WebThreadNSRunLoop() forMode:NSDefaultRunLoopMode];
289         scheduled = true;
290     }
291 #endif
292
293     // Start the connection if we did schedule with at least one runloop.
294     // We can't start the connection until we have one runloop scheduled.
295     if (scheduled)
296         [connection() start];
297     else
298         d->m_startWhenScheduled = true;
299
300     LOG(Network, "Handle %p starting connection %p for %@", this, connection(), firstRequest().nsURLRequest(DoNotUpdateHTTPBody));
301     
302     if (d->m_connection) {
303         if (d->m_defersLoading)
304             connection().defersCallbacks = YES;
305
306         return true;
307     }
308
309     END_BLOCK_OBJC_EXCEPTIONS;
310
311     return false;
312 }
313
314 void ResourceHandle::cancel()
315 {
316     LOG(Network, "Handle %p cancel connection %p", this, d->m_connection.get());
317
318     // Leaks were seen on HTTP tests without this; can be removed once <rdar://problem/6886937> is fixed.
319     if (d->m_currentMacChallenge)
320         [[d->m_currentMacChallenge sender] cancelAuthenticationChallenge:d->m_currentMacChallenge];
321
322     [d->m_connection.get() cancel];
323 }
324
325 void ResourceHandle::platformSetDefersLoading(bool defers)
326 {
327     if (d->m_connection)
328         [d->m_connection setDefersCallbacks:defers];
329 }
330
331 #if !USE(CFURLCONNECTION)
332
333 void ResourceHandle::schedule(SchedulePair& pair)
334 {
335     NSRunLoop *runLoop = pair.nsRunLoop();
336     if (!runLoop)
337         return;
338     [d->m_connection.get() scheduleInRunLoop:runLoop forMode:(NSString *)pair.mode()];
339     if (d->m_startWhenScheduled) {
340         [d->m_connection.get() start];
341         d->m_startWhenScheduled = false;
342     }
343 }
344
345 void ResourceHandle::unschedule(SchedulePair& pair)
346 {
347     if (NSRunLoop *runLoop = pair.nsRunLoop())
348         [d->m_connection.get() unscheduleFromRunLoop:runLoop forMode:(NSString *)pair.mode()];
349 }
350
351 #endif
352
353 id ResourceHandle::makeDelegate(bool shouldUseCredentialStorage)
354 {
355     ASSERT(!d->m_delegate);
356
357     id <NSURLConnectionDelegate> delegate;
358     if (d->m_usesAsyncCallbacks) {
359         if (shouldUseCredentialStorage)
360             delegate = [[WebCoreResourceHandleAsOperationQueueDelegate alloc] initWithHandle:this];
361         else
362             delegate = [[WebCoreResourceHandleWithCredentialStorageAsOperationQueueDelegate alloc] initWithHandle:this];
363     } else
364         delegate = [[WebCoreResourceHandleAsDelegate alloc] initWithHandle:this];
365
366     d->m_delegate = delegate;
367     [delegate release];
368
369     return d->m_delegate.get();
370 }
371
372 id ResourceHandle::delegate()
373 {
374     if (!d->m_delegate)
375         return makeDelegate(false);
376     return d->m_delegate.get();
377 }
378
379 void ResourceHandle::releaseDelegate()
380 {
381     if (!d->m_delegate)
382         return;
383     [d->m_delegate.get() detachHandle];
384     d->m_delegate = nil;
385 }
386
387 NSURLConnection *ResourceHandle::connection() const
388 {
389     return d->m_connection.get();
390 }
391     
392 CFStringRef ResourceHandle::synchronousLoadRunLoopMode()
393 {
394     return CFSTR("WebCoreSynchronousLoaderRunLoopMode");
395 }
396
397 void ResourceHandle::platformLoadResourceSynchronously(NetworkingContext* context, const ResourceRequest& request, StoredCredentials storedCredentials, ResourceError& error, ResourceResponse& response, Vector<char>& data)
398 {
399     LOG(Network, "ResourceHandle::platformLoadResourceSynchronously:%@ allowStoredCredentials:%u", request.nsURLRequest(DoNotUpdateHTTPBody), storedCredentials);
400
401     ASSERT(!request.isEmpty());
402     
403     SynchronousLoaderClient client;
404     client.setAllowStoredCredentials(storedCredentials == AllowStoredCredentials);
405
406     RefPtr<ResourceHandle> handle = adoptRef(new ResourceHandle(context, request, &client, false /*defersLoading*/, true /*shouldContentSniff*/));
407
408     handle->d->m_storageSession = context->storageSession().platformSession();
409
410     if (context && handle->d->m_scheduledFailureType != NoFailure) {
411         error = context->blockedError(request);
412         return;
413     }
414
415     bool shouldUseCredentialStorage = storedCredentials == AllowStoredCredentials;
416 #if !PLATFORM(IOS)
417     handle->createNSURLConnection(
418         handle->makeDelegate(shouldUseCredentialStorage),
419         shouldUseCredentialStorage,
420         handle->shouldContentSniff() || context->localFileContentSniffingEnabled(),
421         SchedulingBehavior::Synchronous);
422 #else
423     handle->createNSURLConnection(
424         handle->makeDelegate(shouldUseCredentialStorage), // A synchronous request cannot turn into a download, so there is no need to proxy the delegate.
425         shouldUseCredentialStorage,
426         handle->shouldContentSniff() || (context && context->localFileContentSniffingEnabled()),
427         SchedulingBehavior::Synchronous,
428         (NSDictionary *)handle->client()->connectionProperties(handle.get()).get());
429 #endif
430
431     [handle->connection() scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:(NSString *)synchronousLoadRunLoopMode()];
432     [handle->connection() start];
433     
434     while (!client.isDone())
435         [[NSRunLoop currentRunLoop] runMode:(NSString *)synchronousLoadRunLoopMode() beforeDate:[NSDate distantFuture]];
436
437     error = client.error();
438     
439     [handle->connection() cancel];
440
441     if (error.isNull())
442         response = client.response();
443
444     data.swap(client.mutableData());
445 }
446
447 ResourceRequest ResourceHandle::willSendRequest(ResourceRequest&& request, ResourceResponse&& redirectResponse)
448 {
449     ASSERT(!redirectResponse.isNull());
450
451     if (redirectResponse.httpStatusCode() == 307) {
452         String lastHTTPMethod = d->m_lastHTTPMethod;
453         if (!equalIgnoringASCIICase(lastHTTPMethod, request.httpMethod())) {
454             request.setHTTPMethod(lastHTTPMethod);
455     
456             FormData* body = d->m_firstRequest.httpBody();
457             if (!equalLettersIgnoringASCIICase(lastHTTPMethod, "get") && body && !body->isEmpty())
458                 request.setHTTPBody(body);
459
460             String originalContentType = d->m_firstRequest.httpContentType();
461             if (!originalContentType.isEmpty())
462                 request.setHTTPHeaderField(HTTPHeaderName::ContentType, originalContentType);
463         }
464     }
465
466     // Should not set Referer after a redirect from a secure resource to non-secure one.
467     if (!request.url().protocolIs("https") && protocolIs(request.httpReferrer(), "https") && d->m_context->shouldClearReferrerOnHTTPSToHTTPRedirect())
468         request.clearHTTPReferrer();
469
470     const URL& url = request.url();
471     d->m_user = url.user();
472     d->m_pass = url.pass();
473     d->m_lastHTTPMethod = request.httpMethod();
474     request.removeCredentials();
475
476     if (!protocolHostAndPortAreEqual(request.url(), redirectResponse.url())) {
477         // The network layer might carry over some headers from the original request that
478         // we want to strip here because the redirect is cross-origin.
479         request.clearHTTPAuthorization();
480         request.clearHTTPOrigin();
481     } else {
482         // Only consider applying authentication credentials if this is actually a redirect and the redirect
483         // URL didn't include credentials of its own.
484         if (d->m_user.isEmpty() && d->m_pass.isEmpty() && !redirectResponse.isNull()) {
485             Credential credential = d->m_context->storageSession().credentialStorage().get(request.cachePartition(), request.url());
486             if (!credential.isEmpty()) {
487                 d->m_initialCredential = credential;
488                 
489                 // FIXME: Support Digest authentication, and Proxy-Authorization.
490                 applyBasicAuthorizationHeader(request, d->m_initialCredential);
491             }
492         }
493     }
494
495     if (d->m_usesAsyncCallbacks) {
496         client()->willSendRequestAsync(this, WTFMove(request), WTFMove(redirectResponse));
497         return { };
498     }
499
500     Ref<ResourceHandle> protectedThis(*this);
501     auto newRequest = client()->willSendRequest(this, WTFMove(request), WTFMove(redirectResponse));
502
503     // Client call may not preserve the session, especially if the request is sent over IPC.
504     if (!newRequest.isNull())
505         newRequest.setStorageSession(d->m_storageSession.get());
506     return newRequest;
507 }
508
509 void ResourceHandle::continueWillSendRequest(ResourceRequest&& newRequest)
510 {
511     ASSERT(d->m_usesAsyncCallbacks);
512
513     // Client call may not preserve the session, especially if the request is sent over IPC.
514     if (!newRequest.isNull())
515         newRequest.setStorageSession(d->m_storageSession.get());
516     [(id)delegate() continueWillSendRequest:newRequest.nsURLRequest(UpdateHTTPBody)];
517 }
518
519 void ResourceHandle::continueDidReceiveResponse()
520 {
521     ASSERT(d->m_usesAsyncCallbacks);
522
523     [delegate() continueDidReceiveResponse];
524 }
525
526 bool ResourceHandle::shouldUseCredentialStorage()
527 {
528     ASSERT(!d->m_usesAsyncCallbacks);
529     return client() && client()->shouldUseCredentialStorage(this);
530 }
531
532 void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
533 {
534     ASSERT(!d->m_currentMacChallenge);
535     ASSERT(d->m_currentWebChallenge.isNull());
536     // Since NSURLConnection networking relies on keeping a reference to the original NSURLAuthenticationChallenge,
537     // we make sure that is actually present
538     ASSERT(challenge.nsURLAuthenticationChallenge());
539
540     // Proxy authentication is handled by CFNetwork internally. We can get here if the user cancels
541     // CFNetwork authentication dialog, and we shouldn't ask the client to display another one in that case.
542     if (challenge.protectionSpace().isProxy()) {
543         // Cannot use receivedRequestToContinueWithoutCredential(), because current challenge is not yet set.
544         [challenge.sender() continueWithoutCredentialForAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()];
545         return;
546     }
547
548     if (tryHandlePasswordBasedAuthentication(challenge))
549         return;
550
551 #if PLATFORM(IOS)
552     // If the challenge is for a proxy protection space, look for default credentials in
553     // the keychain.  CFNetwork used to handle this until WebCore was changed to always
554     // return NO to -connectionShouldUseCredentialStorage: for <rdar://problem/7704943>.
555     if (!challenge.previousFailureCount() && challenge.protectionSpace().isProxy()) {
556         NSURLAuthenticationChallenge *macChallenge = mac(challenge);
557         if (NSURLCredential *credential = [[NSURLCredentialStorage sharedCredentialStorage] defaultCredentialForProtectionSpace:[macChallenge protectionSpace]]) {
558             [challenge.sender() useCredential:credential forAuthenticationChallenge:macChallenge];
559             return;
560         }
561     }
562 #endif // PLATFORM(IOS)
563
564     d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge();
565     d->m_currentWebChallenge = core(d->m_currentMacChallenge);
566     d->m_currentWebChallenge.setAuthenticationClient(this);
567
568     // FIXME: Several concurrent requests can return with the an authentication challenge for the same protection space.
569     // We should avoid making additional client calls for the same protection space when already waiting for the user,
570     // because typing the same credentials several times is annoying.
571     if (client())
572         client()->didReceiveAuthenticationChallenge(this, d->m_currentWebChallenge);
573     else {
574         clearAuthentication();
575         [challenge.sender() performDefaultHandlingForAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()];
576     }
577 }
578
579 bool ResourceHandle::tryHandlePasswordBasedAuthentication(const AuthenticationChallenge& challenge)
580 {
581     if (!challenge.protectionSpace().isPasswordBased())
582         return false;
583
584     if (!d->m_user.isNull() && !d->m_pass.isNull()) {
585         NSURLCredential *credential = [[NSURLCredential alloc] initWithUser:d->m_user
586                                                                    password:d->m_pass
587                                                                 persistence:NSURLCredentialPersistenceForSession];
588         d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge();
589         d->m_currentWebChallenge = challenge;
590         receivedCredential(challenge, Credential(credential));
591         [credential release];
592         // FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly.
593         d->m_user = String();
594         d->m_pass = String();
595         return true;
596     }
597
598     // FIXME: Do not use the sync version of shouldUseCredentialStorage when the client returns true from usesAsyncCallbacks.
599     if (!client() || client()->shouldUseCredentialStorage(this)) {
600         if (!d->m_initialCredential.isEmpty() || challenge.previousFailureCount()) {
601             // The stored credential wasn't accepted, stop using it.
602             // There is a race condition here, since a different credential might have already been stored by another ResourceHandle,
603             // but the observable effect should be very minor, if any.
604             d->m_context->storageSession().credentialStorage().remove(d->m_partition, challenge.protectionSpace());
605         }
606
607         if (!challenge.previousFailureCount()) {
608             Credential credential = d->m_context->storageSession().credentialStorage().get(d->m_partition, challenge.protectionSpace());
609             if (!credential.isEmpty() && credential != d->m_initialCredential) {
610                 ASSERT(credential.persistence() == CredentialPersistenceNone);
611                 if (challenge.failureResponse().httpStatusCode() == 401) {
612                     // Store the credential back, possibly adding it as a default for this directory.
613                     d->m_context->storageSession().credentialStorage().set(d->m_partition, credential, challenge.protectionSpace(), challenge.failureResponse().url());
614                 }
615                 [challenge.sender() useCredential:credential.nsCredential() forAuthenticationChallenge:mac(challenge)];
616                 return true;
617             }
618         }
619     }
620
621     return false;
622 }
623
624 #if USE(PROTECTION_SPACE_AUTH_CALLBACK)
625 bool ResourceHandle::canAuthenticateAgainstProtectionSpace(const ProtectionSpace& protectionSpace)
626 {
627     ResourceHandleClient* client = this->client();
628     if (d->m_usesAsyncCallbacks) {
629         if (client)
630             client->canAuthenticateAgainstProtectionSpaceAsync(this, protectionSpace);
631         else
632             continueCanAuthenticateAgainstProtectionSpace(false);
633         return false; // Ignored by caller.
634     }
635
636     return client && client->canAuthenticateAgainstProtectionSpace(this, protectionSpace);
637 }
638
639 void ResourceHandle::continueCanAuthenticateAgainstProtectionSpace(bool result)
640 {
641     ASSERT(d->m_usesAsyncCallbacks);
642
643     [(id)delegate() continueCanAuthenticateAgainstProtectionSpace:result];
644 }
645 #endif
646
647 void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge, const Credential& credential)
648 {
649     LOG(Network, "Handle %p receivedCredential", this);
650
651     ASSERT(!challenge.isNull());
652     if (challenge != d->m_currentWebChallenge)
653         return;
654
655     // FIXME: Support empty credentials. Currently, an empty credential cannot be stored in WebCore credential storage, as that's empty value for its map.
656     if (credential.isEmpty()) {
657         receivedRequestToContinueWithoutCredential(challenge);
658         return;
659     }
660
661     if (credential.persistence() == CredentialPersistenceForSession && challenge.protectionSpace().authenticationScheme() != ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
662         // Manage per-session credentials internally, because once NSURLCredentialPersistenceForSession is used, there is no way
663         // to ignore it for a particular request (short of removing it altogether).
664         Credential webCredential(credential, CredentialPersistenceNone);
665         URL urlToStore;
666         if (challenge.failureResponse().httpStatusCode() == 401)
667             urlToStore = challenge.failureResponse().url();
668         d->m_context->storageSession().credentialStorage().set(d->m_partition, webCredential, ProtectionSpace([d->m_currentMacChallenge protectionSpace]), urlToStore);
669         [[d->m_currentMacChallenge sender] useCredential:webCredential.nsCredential() forAuthenticationChallenge:d->m_currentMacChallenge];
670     } else
671         [[d->m_currentMacChallenge sender] useCredential:credential.nsCredential() forAuthenticationChallenge:d->m_currentMacChallenge];
672
673     clearAuthentication();
674 }
675
676 void ResourceHandle::receivedRequestToContinueWithoutCredential(const AuthenticationChallenge& challenge)
677 {
678     LOG(Network, "Handle %p receivedRequestToContinueWithoutCredential", this);
679
680     ASSERT(!challenge.isNull());
681     if (challenge != d->m_currentWebChallenge)
682         return;
683
684     [[d->m_currentMacChallenge sender] continueWithoutCredentialForAuthenticationChallenge:d->m_currentMacChallenge];
685
686     clearAuthentication();
687 }
688
689 void ResourceHandle::receivedCancellation(const AuthenticationChallenge& challenge)
690 {
691     LOG(Network, "Handle %p receivedCancellation", this);
692
693     if (challenge != d->m_currentWebChallenge)
694         return;
695
696     if (client())
697         client()->receivedCancellation(this, challenge);
698 }
699
700 void ResourceHandle::receivedRequestToPerformDefaultHandling(const AuthenticationChallenge& challenge)
701 {
702     LOG(Network, "Handle %p receivedRequestToPerformDefaultHandling", this);
703
704     ASSERT(!challenge.isNull());
705     if (challenge != d->m_currentWebChallenge)
706         return;
707
708     [[d->m_currentMacChallenge sender] performDefaultHandlingForAuthenticationChallenge:d->m_currentMacChallenge];
709
710     clearAuthentication();
711 }
712
713 void ResourceHandle::receivedChallengeRejection(const AuthenticationChallenge& challenge)
714 {
715     LOG(Network, "Handle %p receivedChallengeRejection", this);
716
717     ASSERT(!challenge.isNull());
718     if (challenge != d->m_currentWebChallenge)
719         return;
720
721     [[d->m_currentMacChallenge sender] rejectProtectionSpaceAndContinueWithChallenge:d->m_currentMacChallenge];
722
723     clearAuthentication();
724 }
725
726 void ResourceHandle::continueWillCacheResponse(NSCachedURLResponse *response)
727 {
728     ASSERT(d->m_usesAsyncCallbacks);
729
730     [(id)delegate() continueWillCacheResponse:response];
731 }
732     
733 #endif // !USE(CFURLCONNECTION)
734     
735 #if ENABLE(WEB_TIMING)
736
737 #if USE(CFURLCONNECTION)
738     
739 void ResourceHandle::getConnectionTimingData(CFURLConnectionRef connection, NetworkLoadMetrics& timing)
740 {
741     copyTimingData((__bridge NSDictionary*)adoptCF(_CFURLConnectionCopyTimingData(connection)).get(), timing);
742 }
743     
744 #else
745     
746 void ResourceHandle::getConnectionTimingData(NSURLConnection *connection, NetworkLoadMetrics& timing)
747 {
748     copyTimingData([connection _timingData], timing);
749 }
750     
751 #endif
752     
753 #endif // ENABLE(WEB_TIMING)
754
755 } // namespace WebCore
756