7bf3610d811bf1b572ffeb485048386d7615d3f2
[WebKit-https.git] / Source / WebCore / platform / network / mac / ResourceHandleMac.mm
1 /*
2  * Copyright (C) 2004-2017 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #import "config.h"
27 #import "ResourceHandleInternal.h"
28
29 #import "AuthenticationChallenge.h"
30 #import "AuthenticationMac.h"
31 #import "CachedResourceLoader.h"
32 #import "CookieStorage.h"
33 #import "CredentialStorage.h"
34 #import "FormDataStreamMac.h"
35 #import "Frame.h"
36 #import "FrameLoader.h"
37 #import "HTTPHeaderNames.h"
38 #import "Logging.h"
39 #import "MIMETypeRegistry.h"
40 #import "NetworkStorageSession.h"
41 #import "NetworkingContext.h"
42 #import "ResourceError.h"
43 #import "ResourceResponse.h"
44 #import "SharedBuffer.h"
45 #import "SubresourceLoader.h"
46 #import "SynchronousLoaderClient.h"
47 #import "WebCoreResourceHandleAsDelegate.h"
48 #import "WebCoreResourceHandleAsOperationQueueDelegate.h"
49 #import "WebCoreSystemInterface.h"
50 #import "WebCoreURLResponse.h"
51 #import <pal/spi/cf/CFNetworkSPI.h>
52 #import <pal/spi/cocoa/NSURLConnectionSPI.h>
53 #import <wtf/BlockObjCExceptions.h>
54 #import <wtf/Ref.h>
55 #import <wtf/SchedulePair.h>
56 #import <wtf/text/Base64.h>
57 #import <wtf/text/CString.h>
58
59 #if USE(CFURLCONNECTION)
60 #if USE(APPLE_INTERNAL_SDK)
61 #import <CFNetwork/CFURLConnectionPriv.h>
62 #endif
63 typedef struct _CFURLConnection* CFURLConnectionRef;
64 extern "C" {
65 CFDictionaryRef _CFURLConnectionCopyTimingData(CFURLConnectionRef);
66 }
67 #endif // USE(CFURLCONNECTION)
68
69 #if PLATFORM(IOS)
70 #import "RuntimeApplicationChecks.h"
71 #import "WebCoreThreadRun.h"
72 #endif
73
74 using namespace WebCore;
75
76 @interface NSURLConnection ()
77 -(id)_initWithRequest:(NSURLRequest *)request delegate:(id)delegate usesCache:(BOOL)usesCacheFlag maxContentLength:(long long)maxContentLength startImmediately:(BOOL)startImmediately connectionProperties:(NSDictionary *)connectionProperties;
78 @end
79
80 namespace WebCore {
81     
82 #if !USE(CFURLCONNECTION)
83     
84 static void applyBasicAuthorizationHeader(ResourceRequest& request, const Credential& credential)
85 {
86     String authenticationHeader = "Basic " + base64Encode(String(credential.user() + ":" + credential.password()).utf8());
87
88     request.setHTTPHeaderField(HTTPHeaderName::Authorization, authenticationHeader);
89 }
90
91 static NSOperationQueue *operationQueueForAsyncClients()
92 {
93     static NSOperationQueue *queue;
94     if (!queue) {
95         queue = [[NSOperationQueue alloc] init];
96         // Default concurrent operation count depends on current system workload, but delegate methods are mostly idling in IPC, so we can run as many as needed.
97         [queue setMaxConcurrentOperationCount:NSOperationQueueDefaultMaxConcurrentOperationCount];
98     }
99     return queue;
100 }
101
102 ResourceHandleInternal::~ResourceHandleInternal()
103 {
104 }
105
106 ResourceHandle::~ResourceHandle()
107 {
108     releaseDelegate();
109     d->m_currentWebChallenge.setAuthenticationClient(0);
110
111     LOG(Network, "Handle %p destroyed", this);
112 }
113
114 #if PLATFORM(IOS)
115 static bool synchronousWillSendRequestEnabled()
116 {
117 #if PLATFORM(IOS)
118     static bool disabled = [[NSUserDefaults standardUserDefaults] boolForKey:@"WebKitDisableSynchronousWillSendRequestPreferenceKey"] || IOSApplication::isIBooks();
119 #else
120     static bool disabled = [[NSUserDefaults standardUserDefaults] boolForKey:@"WebKitDisableSynchronousWillSendRequestPreferenceKey"];
121 #endif
122
123     return !disabled;
124 }
125 #endif
126
127 #if !PLATFORM(IOS)
128 void ResourceHandle::createNSURLConnection(id delegate, bool shouldUseCredentialStorage, bool shouldContentSniff, SchedulingBehavior schedulingBehavior)
129 #else
130 void ResourceHandle::createNSURLConnection(id delegate, bool shouldUseCredentialStorage, bool shouldContentSniff, SchedulingBehavior schedulingBehavior, NSDictionary *connectionProperties)
131 #endif
132 {
133 #if !HAVE(TIMINGDATAOPTIONS)
134     setCollectsTimingData();
135 #endif
136
137     // Credentials for ftp can only be passed in URL, the connection:didReceiveAuthenticationChallenge: delegate call won't be made.
138     if ((!d->m_user.isEmpty() || !d->m_pass.isEmpty()) && !firstRequest().url().protocolIsInHTTPFamily()) {
139         URL urlWithCredentials(firstRequest().url());
140         urlWithCredentials.setUser(d->m_user);
141         urlWithCredentials.setPass(d->m_pass);
142         firstRequest().setURL(urlWithCredentials);
143     }
144
145     if (shouldUseCredentialStorage && firstRequest().url().protocolIsInHTTPFamily()) {
146         if (d->m_user.isEmpty() && d->m_pass.isEmpty()) {
147             // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, 
148             // try and reuse the credential preemptively, as allowed by RFC 2617.
149             d->m_initialCredential = d->m_context->storageSession().credentialStorage().get(firstRequest().cachePartition(), firstRequest().url());
150         } else {
151             // If there is already a protection space known for the URL, update stored credentials before sending a request.
152             // This makes it possible to implement logout by sending an XMLHttpRequest with known incorrect credentials, and aborting it immediately
153             // (so that an authentication dialog doesn't pop up).
154             d->m_context->storageSession().credentialStorage().set(firstRequest().cachePartition(), Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url());
155         }
156     }
157         
158     if (!d->m_initialCredential.isEmpty()) {
159         // FIXME: Support Digest authentication, and Proxy-Authorization.
160         applyBasicAuthorizationHeader(firstRequest(), d->m_initialCredential);
161     }
162
163     NSURLRequest *nsRequest = firstRequest().nsURLRequest(UpdateHTTPBody);
164     if (!shouldContentSniff) {
165         NSMutableURLRequest *mutableRequest = [[nsRequest mutableCopy] autorelease];
166         [mutableRequest _setProperty:@(NO) forKey:(NSString *)_kCFURLConnectionPropertyShouldSniff];
167         nsRequest = mutableRequest;
168     }
169
170 #if HAVE(CFNETWORK_STORAGE_PARTITIONING)
171     String storagePartition = d->m_context->storageSession().cookieStoragePartition(firstRequest());
172     if (!storagePartition.isEmpty()) {
173         NSMutableURLRequest *mutableRequest = [[nsRequest mutableCopy] autorelease];
174         [mutableRequest _setProperty:storagePartition forKey:@"__STORAGE_PARTITION_IDENTIFIER"];
175         nsRequest = mutableRequest;
176     }
177 #endif
178
179     if (d->m_storageSession)
180         nsRequest = [copyRequestWithStorageSession(d->m_storageSession.get(), nsRequest) autorelease];
181
182     ASSERT([NSURLConnection instancesRespondToSelector:@selector(_initWithRequest:delegate:usesCache:maxContentLength:startImmediately:connectionProperties:)]);
183
184 #if PLATFORM(IOS)
185     // FIXME: This code is different from iOS code in ResourceHandleCFNet.cpp in that here we respect stream properties that were present in client properties.
186     NSDictionary *streamPropertiesFromClient = [connectionProperties objectForKey:@"kCFURLConnectionSocketStreamProperties"];
187     NSMutableDictionary *streamProperties = streamPropertiesFromClient ? [[streamPropertiesFromClient mutableCopy] autorelease] : [NSMutableDictionary dictionary];
188 #else
189     NSMutableDictionary *streamProperties = [NSMutableDictionary dictionary];
190 #endif
191
192     if (!shouldUseCredentialStorage) {
193         // Avoid using existing connections, because they may be already authenticated.
194         [streamProperties setObject:@"WebKitPrivateSession" forKey:@"_kCFURLConnectionSessionID"];
195     }
196
197     if (schedulingBehavior == SchedulingBehavior::Synchronous) {
198         // Synchronous requests should not be subject to regular connection count limit to avoid deadlocks.
199         // If we are using all available connections for async requests, and make a sync request, then prior
200         // requests may get stuck waiting for delegate calls while we are in nested run loop, and the sync
201         // request won't start because there are no available connections.
202         // Connections are grouped by their socket stream properties, with each group having a separate count.
203         [streamProperties setObject:@TRUE forKey:@"_WebKitSynchronousRequest"];
204     }
205
206     RetainPtr<CFDataRef> sourceApplicationAuditData = d->m_context->sourceApplicationAuditData();
207     if (sourceApplicationAuditData)
208         [streamProperties setObject:(NSData *)sourceApplicationAuditData.get() forKey:@"kCFStreamPropertySourceApplication"];
209
210 #if PLATFORM(IOS)
211     NSMutableDictionary *propertyDictionary = [NSMutableDictionary dictionaryWithDictionary:connectionProperties];
212     [propertyDictionary setObject:streamProperties forKey:@"kCFURLConnectionSocketStreamProperties"];
213     const bool usesCache = false;
214     if (synchronousWillSendRequestEnabled())
215         CFURLRequestSetShouldStartSynchronously([nsRequest _CFURLRequest], 1);
216 #else
217     NSMutableDictionary *propertyDictionary = [NSMutableDictionary dictionaryWithObject:streamProperties forKey:@"kCFURLConnectionSocketStreamProperties"];
218     const bool usesCache = true;
219 #endif
220 #if HAVE(TIMINGDATAOPTIONS)
221     [propertyDictionary setObject:@{@"_kCFURLConnectionPropertyTimingDataOptions": @(_TimingDataOptionsEnableW3CNavigationTiming)} forKey:@"kCFURLConnectionURLConnectionProperties"];
222 #endif
223
224     // This is used to signal that to CFNetwork that this connection should be considered
225     // web content for purposes of App Transport Security.
226     [propertyDictionary setObject:@{@"NSAllowsArbitraryLoadsInWebContent": @YES} forKey:@"_kCFURLConnectionPropertyATSFrameworkOverrides"];
227
228     d->m_connection = adoptNS([[NSURLConnection alloc] _initWithRequest:nsRequest delegate:delegate usesCache:usesCache maxContentLength:0 startImmediately:NO connectionProperties:propertyDictionary]);
229 }
230
231 bool ResourceHandle::start()
232 {
233     if (!d->m_context)
234         return false;
235
236     BEGIN_BLOCK_OBJC_EXCEPTIONS;
237
238     // If NetworkingContext is invalid then we are no longer attached to a Page,
239     // this must be an attempted load from an unload event handler, so let's just block it.
240     if (!d->m_context->isValid())
241         return false;
242
243     d->m_storageSession = d->m_context->storageSession().platformSession();
244
245     // FIXME: Do not use the sync version of shouldUseCredentialStorage when the client returns true from usesAsyncCallbacks.
246     bool shouldUseCredentialStorage = !client() || client()->shouldUseCredentialStorage(this);
247
248     SchedulingBehavior schedulingBehavior = client() && client()->loadingSynchronousXHR() ? SchedulingBehavior::Synchronous : SchedulingBehavior::Asynchronous;
249
250 #if !PLATFORM(IOS)
251     createNSURLConnection(
252         ResourceHandle::makeDelegate(shouldUseCredentialStorage),
253         shouldUseCredentialStorage,
254         d->m_shouldContentSniff || d->m_context->localFileContentSniffingEnabled(),
255         schedulingBehavior);
256 #else
257     createNSURLConnection(
258         ResourceHandle::makeDelegate(shouldUseCredentialStorage),
259         shouldUseCredentialStorage,
260         d->m_shouldContentSniff || d->m_context->localFileContentSniffingEnabled(),
261         schedulingBehavior,
262         (NSDictionary *)client()->connectionProperties(this).get());
263 #endif
264
265     bool scheduled = false;
266     if (SchedulePairHashSet* scheduledPairs = d->m_context->scheduledRunLoopPairs()) {
267         SchedulePairHashSet::iterator end = scheduledPairs->end();
268         for (SchedulePairHashSet::iterator it = scheduledPairs->begin(); it != end; ++it) {
269             if (NSRunLoop *runLoop = (*it)->nsRunLoop()) {
270                 [connection() scheduleInRunLoop:runLoop forMode:(NSString *)(*it)->mode()];
271                 scheduled = true;
272             }
273         }
274     }
275
276     if (d->m_usesAsyncCallbacks) {
277         ASSERT(!scheduled);
278         [connection() setDelegateQueue:operationQueueForAsyncClients()];
279         scheduled = true;
280     }
281 #if PLATFORM(IOS)
282     else {
283         [connection() scheduleInRunLoop:WebThreadNSRunLoop() forMode:NSDefaultRunLoopMode];
284         scheduled = true;
285     }
286 #endif
287
288     // Start the connection if we did schedule with at least one runloop.
289     // We can't start the connection until we have one runloop scheduled.
290     if (scheduled)
291         [connection() start];
292     else
293         d->m_startWhenScheduled = true;
294
295     LOG(Network, "Handle %p starting connection %p for %@", this, connection(), firstRequest().nsURLRequest(DoNotUpdateHTTPBody));
296     
297     if (d->m_connection) {
298         if (d->m_defersLoading)
299             connection().defersCallbacks = YES;
300
301         return true;
302     }
303
304     END_BLOCK_OBJC_EXCEPTIONS;
305
306     return false;
307 }
308
309 void ResourceHandle::cancel()
310 {
311     LOG(Network, "Handle %p cancel connection %p", this, d->m_connection.get());
312
313     // Leaks were seen on HTTP tests without this; can be removed once <rdar://problem/6886937> is fixed.
314     if (d->m_currentMacChallenge)
315         [[d->m_currentMacChallenge sender] cancelAuthenticationChallenge:d->m_currentMacChallenge];
316
317     [d->m_connection.get() cancel];
318 }
319
320 void ResourceHandle::platformSetDefersLoading(bool defers)
321 {
322     if (d->m_connection)
323         [d->m_connection setDefersCallbacks:defers];
324 }
325
326 #if !USE(CFURLCONNECTION)
327
328 void ResourceHandle::schedule(SchedulePair& pair)
329 {
330     NSRunLoop *runLoop = pair.nsRunLoop();
331     if (!runLoop)
332         return;
333     [d->m_connection.get() scheduleInRunLoop:runLoop forMode:(NSString *)pair.mode()];
334     if (d->m_startWhenScheduled) {
335         [d->m_connection.get() start];
336         d->m_startWhenScheduled = false;
337     }
338 }
339
340 void ResourceHandle::unschedule(SchedulePair& pair)
341 {
342     if (NSRunLoop *runLoop = pair.nsRunLoop())
343         [d->m_connection.get() unscheduleFromRunLoop:runLoop forMode:(NSString *)pair.mode()];
344 }
345
346 #endif
347
348 id ResourceHandle::makeDelegate(bool shouldUseCredentialStorage)
349 {
350     ASSERT(!d->m_delegate);
351
352     id <NSURLConnectionDelegate> delegate;
353     if (d->m_usesAsyncCallbacks) {
354         if (shouldUseCredentialStorage)
355             delegate = [[WebCoreResourceHandleAsOperationQueueDelegate alloc] initWithHandle:this];
356         else
357             delegate = [[WebCoreResourceHandleWithCredentialStorageAsOperationQueueDelegate alloc] initWithHandle:this];
358     } else
359         delegate = [[WebCoreResourceHandleAsDelegate alloc] initWithHandle:this];
360
361     d->m_delegate = delegate;
362     [delegate release];
363
364     return d->m_delegate.get();
365 }
366
367 id ResourceHandle::delegate()
368 {
369     if (!d->m_delegate)
370         return makeDelegate(false);
371     return d->m_delegate.get();
372 }
373
374 void ResourceHandle::releaseDelegate()
375 {
376     if (!d->m_delegate)
377         return;
378     [d->m_delegate.get() detachHandle];
379     d->m_delegate = nil;
380 }
381
382 NSURLConnection *ResourceHandle::connection() const
383 {
384     return d->m_connection.get();
385 }
386     
387 CFStringRef ResourceHandle::synchronousLoadRunLoopMode()
388 {
389     return CFSTR("WebCoreSynchronousLoaderRunLoopMode");
390 }
391
392 void ResourceHandle::platformLoadResourceSynchronously(NetworkingContext* context, const ResourceRequest& request, StoredCredentialsPolicy storedCredentialsPolicy, ResourceError& error, ResourceResponse& response, Vector<char>& data)
393 {
394     LOG(Network, "ResourceHandle::platformLoadResourceSynchronously:%@ storedCredentialsPolicy:%u", request.nsURLRequest(DoNotUpdateHTTPBody), static_cast<unsigned>(storedCredentialsPolicy));
395
396     ASSERT(!request.isEmpty());
397     
398     SynchronousLoaderClient client;
399     client.setAllowStoredCredentials(storedCredentialsPolicy == StoredCredentialsPolicy::Use);
400
401     RefPtr<ResourceHandle> handle = adoptRef(new ResourceHandle(context, request, &client, false /*defersLoading*/, true /*shouldContentSniff*/));
402
403     handle->d->m_storageSession = context->storageSession().platformSession();
404
405     if (context && handle->d->m_scheduledFailureType != NoFailure) {
406         error = context->blockedError(request);
407         return;
408     }
409
410     bool shouldUseCredentialStorage = storedCredentialsPolicy == StoredCredentialsPolicy::Use;
411 #if !PLATFORM(IOS)
412     handle->createNSURLConnection(
413         handle->makeDelegate(shouldUseCredentialStorage),
414         shouldUseCredentialStorage,
415         handle->shouldContentSniff() || context->localFileContentSniffingEnabled(),
416         SchedulingBehavior::Synchronous);
417 #else
418     handle->createNSURLConnection(
419         handle->makeDelegate(shouldUseCredentialStorage), // A synchronous request cannot turn into a download, so there is no need to proxy the delegate.
420         shouldUseCredentialStorage,
421         handle->shouldContentSniff() || (context && context->localFileContentSniffingEnabled()),
422         SchedulingBehavior::Synchronous,
423         (NSDictionary *)handle->client()->connectionProperties(handle.get()).get());
424 #endif
425
426     [handle->connection() scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:(NSString *)synchronousLoadRunLoopMode()];
427     [handle->connection() start];
428     
429     while (!client.isDone())
430         [[NSRunLoop currentRunLoop] runMode:(NSString *)synchronousLoadRunLoopMode() beforeDate:[NSDate distantFuture]];
431
432     error = client.error();
433     
434     [handle->connection() cancel];
435
436     if (error.isNull())
437         response = client.response();
438
439     data.swap(client.mutableData());
440 }
441
442 ResourceRequest ResourceHandle::willSendRequest(ResourceRequest&& request, ResourceResponse&& redirectResponse)
443 {
444     ASSERT(!redirectResponse.isNull());
445
446     if (redirectResponse.httpStatusCode() == 307) {
447         String lastHTTPMethod = d->m_lastHTTPMethod;
448         if (!equalIgnoringASCIICase(lastHTTPMethod, request.httpMethod())) {
449             request.setHTTPMethod(lastHTTPMethod);
450     
451             FormData* body = d->m_firstRequest.httpBody();
452             if (!equalLettersIgnoringASCIICase(lastHTTPMethod, "get") && body && !body->isEmpty())
453                 request.setHTTPBody(body);
454
455             String originalContentType = d->m_firstRequest.httpContentType();
456             if (!originalContentType.isEmpty())
457                 request.setHTTPHeaderField(HTTPHeaderName::ContentType, originalContentType);
458         }
459     }
460
461     // Should not set Referer after a redirect from a secure resource to non-secure one.
462     if (!request.url().protocolIs("https") && protocolIs(request.httpReferrer(), "https") && d->m_context->shouldClearReferrerOnHTTPSToHTTPRedirect())
463         request.clearHTTPReferrer();
464
465     const URL& url = request.url();
466     d->m_user = url.user();
467     d->m_pass = url.pass();
468     d->m_lastHTTPMethod = request.httpMethod();
469     request.removeCredentials();
470
471     if (!protocolHostAndPortAreEqual(request.url(), redirectResponse.url())) {
472         // The network layer might carry over some headers from the original request that
473         // we want to strip here because the redirect is cross-origin.
474         request.clearHTTPAuthorization();
475         request.clearHTTPOrigin();
476     } else {
477         // Only consider applying authentication credentials if this is actually a redirect and the redirect
478         // URL didn't include credentials of its own.
479         if (d->m_user.isEmpty() && d->m_pass.isEmpty() && !redirectResponse.isNull()) {
480             Credential credential = d->m_context->storageSession().credentialStorage().get(request.cachePartition(), request.url());
481             if (!credential.isEmpty()) {
482                 d->m_initialCredential = credential;
483                 
484                 // FIXME: Support Digest authentication, and Proxy-Authorization.
485                 applyBasicAuthorizationHeader(request, d->m_initialCredential);
486             }
487         }
488     }
489
490     if (d->m_usesAsyncCallbacks) {
491         client()->willSendRequestAsync(this, WTFMove(request), WTFMove(redirectResponse));
492         return { };
493     }
494
495     Ref<ResourceHandle> protectedThis(*this);
496     auto newRequest = client()->willSendRequest(this, WTFMove(request), WTFMove(redirectResponse));
497
498     // Client call may not preserve the session, especially if the request is sent over IPC.
499     if (!newRequest.isNull())
500         newRequest.setStorageSession(d->m_storageSession.get());
501     return newRequest;
502 }
503
504 void ResourceHandle::continueWillSendRequest(ResourceRequest&& newRequest)
505 {
506     ASSERT(d->m_usesAsyncCallbacks);
507
508     // Client call may not preserve the session, especially if the request is sent over IPC.
509     if (!newRequest.isNull())
510         newRequest.setStorageSession(d->m_storageSession.get());
511     [(id)delegate() continueWillSendRequest:newRequest.nsURLRequest(UpdateHTTPBody)];
512 }
513
514 void ResourceHandle::continueDidReceiveResponse()
515 {
516     ASSERT(d->m_usesAsyncCallbacks);
517
518     [delegate() continueDidReceiveResponse];
519 }
520
521 bool ResourceHandle::shouldUseCredentialStorage()
522 {
523     ASSERT(!d->m_usesAsyncCallbacks);
524     return client() && client()->shouldUseCredentialStorage(this);
525 }
526
527 void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
528 {
529     ASSERT(!d->m_currentMacChallenge);
530     ASSERT(d->m_currentWebChallenge.isNull());
531     // Since NSURLConnection networking relies on keeping a reference to the original NSURLAuthenticationChallenge,
532     // we make sure that is actually present
533     ASSERT(challenge.nsURLAuthenticationChallenge());
534
535     // Proxy authentication is handled by CFNetwork internally. We can get here if the user cancels
536     // CFNetwork authentication dialog, and we shouldn't ask the client to display another one in that case.
537     if (challenge.protectionSpace().isProxy()) {
538         // Cannot use receivedRequestToContinueWithoutCredential(), because current challenge is not yet set.
539         [challenge.sender() continueWithoutCredentialForAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()];
540         return;
541     }
542
543     if (tryHandlePasswordBasedAuthentication(challenge))
544         return;
545
546 #if PLATFORM(IOS)
547     // If the challenge is for a proxy protection space, look for default credentials in
548     // the keychain.  CFNetwork used to handle this until WebCore was changed to always
549     // return NO to -connectionShouldUseCredentialStorage: for <rdar://problem/7704943>.
550     if (!challenge.previousFailureCount() && challenge.protectionSpace().isProxy()) {
551         NSURLAuthenticationChallenge *macChallenge = mac(challenge);
552         if (NSURLCredential *credential = [[NSURLCredentialStorage sharedCredentialStorage] defaultCredentialForProtectionSpace:[macChallenge protectionSpace]]) {
553             [challenge.sender() useCredential:credential forAuthenticationChallenge:macChallenge];
554             return;
555         }
556     }
557 #endif // PLATFORM(IOS)
558
559     d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge();
560     d->m_currentWebChallenge = core(d->m_currentMacChallenge);
561     d->m_currentWebChallenge.setAuthenticationClient(this);
562
563     // FIXME: Several concurrent requests can return with the an authentication challenge for the same protection space.
564     // We should avoid making additional client calls for the same protection space when already waiting for the user,
565     // because typing the same credentials several times is annoying.
566     if (client())
567         client()->didReceiveAuthenticationChallenge(this, d->m_currentWebChallenge);
568     else {
569         clearAuthentication();
570         [challenge.sender() performDefaultHandlingForAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()];
571     }
572 }
573
574 bool ResourceHandle::tryHandlePasswordBasedAuthentication(const AuthenticationChallenge& challenge)
575 {
576     if (!challenge.protectionSpace().isPasswordBased())
577         return false;
578
579     if (!d->m_user.isNull() && !d->m_pass.isNull()) {
580         NSURLCredential *credential = [[NSURLCredential alloc] initWithUser:d->m_user
581                                                                    password:d->m_pass
582                                                                 persistence:NSURLCredentialPersistenceForSession];
583         d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge();
584         d->m_currentWebChallenge = challenge;
585         receivedCredential(challenge, Credential(credential));
586         [credential release];
587         // FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly.
588         d->m_user = String();
589         d->m_pass = String();
590         return true;
591     }
592
593     // FIXME: Do not use the sync version of shouldUseCredentialStorage when the client returns true from usesAsyncCallbacks.
594     if (!client() || client()->shouldUseCredentialStorage(this)) {
595         if (!d->m_initialCredential.isEmpty() || challenge.previousFailureCount()) {
596             // The stored credential wasn't accepted, stop using it.
597             // There is a race condition here, since a different credential might have already been stored by another ResourceHandle,
598             // but the observable effect should be very minor, if any.
599             d->m_context->storageSession().credentialStorage().remove(d->m_partition, challenge.protectionSpace());
600         }
601
602         if (!challenge.previousFailureCount()) {
603             Credential credential = d->m_context->storageSession().credentialStorage().get(d->m_partition, challenge.protectionSpace());
604             if (!credential.isEmpty() && credential != d->m_initialCredential) {
605                 ASSERT(credential.persistence() == CredentialPersistenceNone);
606                 if (challenge.failureResponse().httpStatusCode() == 401) {
607                     // Store the credential back, possibly adding it as a default for this directory.
608                     d->m_context->storageSession().credentialStorage().set(d->m_partition, credential, challenge.protectionSpace(), challenge.failureResponse().url());
609                 }
610                 [challenge.sender() useCredential:credential.nsCredential() forAuthenticationChallenge:mac(challenge)];
611                 return true;
612             }
613         }
614     }
615
616     return false;
617 }
618
619 #if USE(PROTECTION_SPACE_AUTH_CALLBACK)
620 bool ResourceHandle::canAuthenticateAgainstProtectionSpace(const ProtectionSpace& protectionSpace)
621 {
622     ResourceHandleClient* client = this->client();
623     if (d->m_usesAsyncCallbacks) {
624         if (client)
625             client->canAuthenticateAgainstProtectionSpaceAsync(this, protectionSpace);
626         else
627             continueCanAuthenticateAgainstProtectionSpace(false);
628         return false; // Ignored by caller.
629     }
630
631     return client && client->canAuthenticateAgainstProtectionSpace(this, protectionSpace);
632 }
633
634 void ResourceHandle::continueCanAuthenticateAgainstProtectionSpace(bool result)
635 {
636     ASSERT(d->m_usesAsyncCallbacks);
637
638     [(id)delegate() continueCanAuthenticateAgainstProtectionSpace:result];
639 }
640 #endif
641
642 void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge, const Credential& credential)
643 {
644     LOG(Network, "Handle %p receivedCredential", this);
645
646     ASSERT(!challenge.isNull());
647     if (challenge != d->m_currentWebChallenge)
648         return;
649
650     // FIXME: Support empty credentials. Currently, an empty credential cannot be stored in WebCore credential storage, as that's empty value for its map.
651     if (credential.isEmpty()) {
652         receivedRequestToContinueWithoutCredential(challenge);
653         return;
654     }
655
656     if (credential.persistence() == CredentialPersistenceForSession && challenge.protectionSpace().authenticationScheme() != ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
657         // Manage per-session credentials internally, because once NSURLCredentialPersistenceForSession is used, there is no way
658         // to ignore it for a particular request (short of removing it altogether).
659         Credential webCredential(credential, CredentialPersistenceNone);
660         URL urlToStore;
661         if (challenge.failureResponse().httpStatusCode() == 401)
662             urlToStore = challenge.failureResponse().url();
663         d->m_context->storageSession().credentialStorage().set(d->m_partition, webCredential, ProtectionSpace([d->m_currentMacChallenge protectionSpace]), urlToStore);
664         [[d->m_currentMacChallenge sender] useCredential:webCredential.nsCredential() forAuthenticationChallenge:d->m_currentMacChallenge];
665     } else
666         [[d->m_currentMacChallenge sender] useCredential:credential.nsCredential() forAuthenticationChallenge:d->m_currentMacChallenge];
667
668     clearAuthentication();
669 }
670
671 void ResourceHandle::receivedRequestToContinueWithoutCredential(const AuthenticationChallenge& challenge)
672 {
673     LOG(Network, "Handle %p receivedRequestToContinueWithoutCredential", this);
674
675     ASSERT(!challenge.isNull());
676     if (challenge != d->m_currentWebChallenge)
677         return;
678
679     [[d->m_currentMacChallenge sender] continueWithoutCredentialForAuthenticationChallenge:d->m_currentMacChallenge];
680
681     clearAuthentication();
682 }
683
684 void ResourceHandle::receivedCancellation(const AuthenticationChallenge& challenge)
685 {
686     LOG(Network, "Handle %p receivedCancellation", this);
687
688     if (challenge != d->m_currentWebChallenge)
689         return;
690
691     if (client())
692         client()->receivedCancellation(this, challenge);
693 }
694
695 void ResourceHandle::receivedRequestToPerformDefaultHandling(const AuthenticationChallenge& challenge)
696 {
697     LOG(Network, "Handle %p receivedRequestToPerformDefaultHandling", this);
698
699     ASSERT(!challenge.isNull());
700     if (challenge != d->m_currentWebChallenge)
701         return;
702
703     [[d->m_currentMacChallenge sender] performDefaultHandlingForAuthenticationChallenge:d->m_currentMacChallenge];
704
705     clearAuthentication();
706 }
707
708 void ResourceHandle::receivedChallengeRejection(const AuthenticationChallenge& challenge)
709 {
710     LOG(Network, "Handle %p receivedChallengeRejection", this);
711
712     ASSERT(!challenge.isNull());
713     if (challenge != d->m_currentWebChallenge)
714         return;
715
716     [[d->m_currentMacChallenge sender] rejectProtectionSpaceAndContinueWithChallenge:d->m_currentMacChallenge];
717
718     clearAuthentication();
719 }
720
721 void ResourceHandle::continueWillCacheResponse(NSCachedURLResponse *response)
722 {
723     ASSERT(d->m_usesAsyncCallbacks);
724
725     [(id)delegate() continueWillCacheResponse:response];
726 }
727
728 #endif // !USE(CFURLCONNECTION)
729
730 #if USE(CFURLCONNECTION)
731
732 void ResourceHandle::getConnectionTimingData(CFURLConnectionRef connection, NetworkLoadMetrics& timing)
733 {
734     copyTimingData((__bridge NSDictionary*)adoptCF(_CFURLConnectionCopyTimingData(connection)).get(), timing);
735 }
736
737 #else
738
739 void ResourceHandle::getConnectionTimingData(NSURLConnection *connection, NetworkLoadMetrics& timing)
740 {
741     copyTimingData([connection _timingData], timing);
742 }
743
744 #endif
745
746 } // namespace WebCore