8466706afd601e564d1aebbd60e62a6301372e6e
[WebKit-https.git] / Source / WebCore / platform / network / mac / ResourceHandleMac.mm
1 /*
2  * Copyright (C) 2004, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #import "config.h"
27 #import "ResourceHandleInternal.h"
28
29 #import "AuthenticationChallenge.h"
30 #import "AuthenticationMac.h"
31 #import "BlockExceptions.h"
32 #import "CookieStorage.h"
33 #import "CredentialStorage.h"
34 #import "CachedResourceLoader.h"
35 #import "FormDataStreamMac.h"
36 #import "Frame.h"
37 #import "FrameLoader.h"
38 #import "Logging.h"
39 #import "MIMETypeRegistry.h"
40 #import "NetworkingContext.h"
41 #import "Page.h"
42 #import "ResourceError.h"
43 #import "ResourceResponse.h"
44 #import "Settings.h"
45 #import "SharedBuffer.h"
46 #import "SubresourceLoader.h"
47 #import "WebCoreResourceHandleAsDelegate.h"
48 #import "WebCoreResourceHandleAsOperationQueueDelegate.h"
49 #import "SynchronousLoaderClient.h"
50 #import "WebCoreSystemInterface.h"
51 #import "WebCoreURLResponse.h"
52 #import <wtf/Ref.h>
53 #import <wtf/SchedulePair.h>
54 #import <wtf/text/Base64.h>
55 #import <wtf/text/CString.h>
56
57 #if __has_include(<Foundation/NSURLConnectionPrivate.h>)
58 #import <Foundation/NSURLConnectionPrivate.h>
59 #else
60 @interface NSURLConnection (TimingData)
61 + (void)_setCollectsTimingData:(BOOL)collect;
62 - (NSDictionary *)_timingData;
63 @end
64 #endif
65
66 #if PLATFORM(IOS)
67 #import <CFNetwork/CFURLRequest.h>
68
69 #import "RuntimeApplicationChecksIOS.h"
70 #import "WebCoreThreadRun.h"
71
72 @interface NSURLRequest (iOSDetails)
73 - (CFURLRequestRef) _CFURLRequest;
74 @end
75 #endif
76
77 #if USE(QUICK_LOOK)
78 #import "QuickLook.h"
79 #endif
80
81 using namespace WebCore;
82
83 @interface NSURLConnection (Details)
84 -(id)_initWithRequest:(NSURLRequest *)request delegate:(id)delegate usesCache:(BOOL)usesCacheFlag maxContentLength:(long long)maxContentLength startImmediately:(BOOL)startImmediately connectionProperties:(NSDictionary *)connectionProperties;
85 @end
86
87 namespace WebCore {
88     
89 #if !USE(CFNETWORK)
90     
91 static void applyBasicAuthorizationHeader(ResourceRequest& request, const Credential& credential)
92 {
93     String authenticationHeader = "Basic " + base64Encode(String(credential.user() + ":" + credential.password()).utf8());
94     request.clearHTTPAuthorization(); // FIXME: Should addHTTPHeaderField be smart enough to not build comma-separated lists in headers like Authorization?
95     request.addHTTPHeaderField("Authorization", authenticationHeader);
96 }
97
98 static NSOperationQueue *operationQueueForAsyncClients()
99 {
100     static NSOperationQueue *queue;
101     if (!queue) {
102         queue = [[NSOperationQueue alloc] init];
103         // Default concurrent operation count depends on current system workload, but delegate methods are mostly idling in IPC, so we can run as many as needed.
104         [queue setMaxConcurrentOperationCount:NSOperationQueueDefaultMaxConcurrentOperationCount];
105     }
106     return queue;
107 }
108
109 ResourceHandleInternal::~ResourceHandleInternal()
110 {
111 }
112
113 ResourceHandle::~ResourceHandle()
114 {
115     releaseDelegate();
116     d->m_currentWebChallenge.setAuthenticationClient(0);
117
118     LOG(Network, "Handle %p destroyed", this);
119 }
120
121 #if PLATFORM(IOS)
122 static bool synchronousWillSendRequestEnabled()
123 {
124     static bool disabled = [[NSUserDefaults standardUserDefaults] boolForKey:@"WebKitDisableSynchronousWillSendRequestPreferenceKey"];
125     return !disabled;
126 }
127 #endif
128
129 #if !PLATFORM(IOS)
130 void ResourceHandle::createNSURLConnection(id delegate, bool shouldUseCredentialStorage, bool shouldContentSniff, SchedulingBehavior schedulingBehavior)
131 #else
132 void ResourceHandle::createNSURLConnection(id delegate, bool shouldUseCredentialStorage, bool shouldContentSniff, SchedulingBehavior schedulingBehavior, NSDictionary *connectionProperties)
133 #endif
134 {
135     // Credentials for ftp can only be passed in URL, the connection:didReceiveAuthenticationChallenge: delegate call won't be made.
136     if ((!d->m_user.isEmpty() || !d->m_pass.isEmpty()) && !firstRequest().url().protocolIsInHTTPFamily()) {
137         URL urlWithCredentials(firstRequest().url());
138         urlWithCredentials.setUser(d->m_user);
139         urlWithCredentials.setPass(d->m_pass);
140         firstRequest().setURL(urlWithCredentials);
141     }
142
143     if (shouldUseCredentialStorage && firstRequest().url().protocolIsInHTTPFamily()) {
144         if (d->m_user.isEmpty() && d->m_pass.isEmpty()) {
145             // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, 
146             // try and reuse the credential preemptively, as allowed by RFC 2617.
147             d->m_initialCredential = CredentialStorage::get(firstRequest().url());
148         } else {
149             // If there is already a protection space known for the URL, update stored credentials before sending a request.
150             // This makes it possible to implement logout by sending an XMLHttpRequest with known incorrect credentials, and aborting it immediately
151             // (so that an authentication dialog doesn't pop up).
152             CredentialStorage::set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url());
153         }
154     }
155         
156     if (!d->m_initialCredential.isEmpty()) {
157         // FIXME: Support Digest authentication, and Proxy-Authorization.
158         applyBasicAuthorizationHeader(firstRequest(), d->m_initialCredential);
159     }
160
161     NSURLRequest *nsRequest = firstRequest().nsURLRequest(UpdateHTTPBody);
162     if (!shouldContentSniff) {
163         NSMutableURLRequest *mutableRequest = [[nsRequest mutableCopy] autorelease];
164         wkSetNSURLRequestShouldContentSniff(mutableRequest, NO);
165         nsRequest = mutableRequest;
166     }
167
168     if (d->m_storageSession)
169         nsRequest = [wkCopyRequestWithStorageSession(d->m_storageSession.get(), nsRequest) autorelease];
170
171     ASSERT([NSURLConnection instancesRespondToSelector:@selector(_initWithRequest:delegate:usesCache:maxContentLength:startImmediately:connectionProperties:)]);
172
173 #if PLATFORM(IOS)
174     // FIXME: This code is different from iOS code in ResourceHandleCFNet.cpp in that here we respect stream properties that were present in client properties.
175     NSDictionary *streamPropertiesFromClient = [connectionProperties objectForKey:@"kCFURLConnectionSocketStreamProperties"];
176     NSMutableDictionary *streamProperties = streamPropertiesFromClient ? [[streamPropertiesFromClient mutableCopy] autorelease] : [NSMutableDictionary dictionary];
177 #else
178     NSMutableDictionary *streamProperties = [NSMutableDictionary dictionary];
179 #endif
180
181     if (!shouldUseCredentialStorage) {
182         // Avoid using existing connections, because they may be already authenticated.
183         [streamProperties setObject:@"WebKitPrivateSession" forKey:@"_kCFURLConnectionSessionID"];
184     }
185
186     if (schedulingBehavior == SchedulingBehavior::Synchronous) {
187         // Synchronous requests should not be subject to regular connection count limit to avoid deadlocks.
188         // If we are using all available connections for async requests, and make a sync request, then prior
189         // requests may get stuck waiting for delegate calls while we are in nested run loop, and the sync
190         // request won't start because there are no available connections.
191         // Connections are grouped by their socket stream properties, with each group having a separate count.
192         [streamProperties setObject:@TRUE forKey:@"_WebKitSynchronousRequest"];
193     }
194
195 #if PLATFORM(IOS) || __MAC_OS_X_VERSION_MIN_REQUIRED >= 1090
196     RetainPtr<CFDataRef> sourceApplicationAuditData = d->m_context->sourceApplicationAuditData();
197     if (sourceApplicationAuditData)
198         [streamProperties setObject:(NSData *)sourceApplicationAuditData.get() forKey:@"kCFStreamPropertySourceApplication"];
199 #endif
200
201 #if PLATFORM(IOS)
202     NSMutableDictionary *propertyDictionary = [NSMutableDictionary dictionaryWithDictionary:connectionProperties];
203     [propertyDictionary setObject:streamProperties forKey:@"kCFURLConnectionSocketStreamProperties"];
204     const bool usesCache = false;
205     if (synchronousWillSendRequestEnabled())
206         CFURLRequestSetShouldStartSynchronously([nsRequest _CFURLRequest], 1);
207 #else
208     NSDictionary *propertyDictionary = [NSDictionary dictionaryWithObject:streamProperties forKey:@"kCFURLConnectionSocketStreamProperties"];
209     const bool usesCache = true;
210 #endif
211     d->m_connection = adoptNS([[NSURLConnection alloc] _initWithRequest:nsRequest delegate:delegate usesCache:usesCache maxContentLength:0 startImmediately:NO connectionProperties:propertyDictionary]);
212 #if ENABLE(WEB_TIMING)
213     [NSURLConnection _setCollectsTimingData:YES];
214 #endif
215 }
216
217 bool ResourceHandle::start()
218 {
219     if (!d->m_context)
220         return false;
221
222     BEGIN_BLOCK_OBJC_EXCEPTIONS;
223
224     // If NetworkingContext is invalid then we are no longer attached to a Page,
225     // this must be an attempted load from an unload event handler, so let's just block it.
226     if (!d->m_context->isValid())
227         return false;
228
229     d->m_storageSession = d->m_context->storageSession().platformSession();
230
231     // FIXME: Do not use the sync version of shouldUseCredentialStorage when the client returns true from usesAsyncCallbacks.
232     bool shouldUseCredentialStorage = !client() || client()->shouldUseCredentialStorage(this);
233
234     d->m_needsSiteSpecificQuirks = d->m_context->needsSiteSpecificQuirks();
235
236 #if !PLATFORM(IOS)
237     createNSURLConnection(
238         ResourceHandle::makeDelegate(shouldUseCredentialStorage),
239         shouldUseCredentialStorage,
240         d->m_shouldContentSniff || d->m_context->localFileContentSniffingEnabled(),
241         SchedulingBehavior::Asynchronous);
242 #else
243     createNSURLConnection(
244         d->m_proxy.get(),
245         shouldUseCredentialStorage,
246         d->m_shouldContentSniff || d->m_context->localFileContentSniffingEnabled(),
247         SchedulingBehavior::Asynchronous,
248         (NSDictionary *)client()->connectionProperties(this));
249 #endif
250
251 #if PLATFORM(IOS)
252     NSURLConnection *urlConnection = connection();
253     [urlConnection scheduleInRunLoop:WebThreadNSRunLoop() forMode:NSDefaultRunLoopMode];
254     [urlConnection start];
255 #else
256     bool scheduled = false;
257     if (SchedulePairHashSet* scheduledPairs = d->m_context->scheduledRunLoopPairs()) {
258         SchedulePairHashSet::iterator end = scheduledPairs->end();
259         for (SchedulePairHashSet::iterator it = scheduledPairs->begin(); it != end; ++it) {
260             if (NSRunLoop *runLoop = (*it)->nsRunLoop()) {
261                 [connection() scheduleInRunLoop:runLoop forMode:(NSString *)(*it)->mode()];
262                 scheduled = true;
263             }
264         }
265     }
266
267     if (client() && client()->usesAsyncCallbacks()) {
268         ASSERT(!scheduled);
269         [connection() setDelegateQueue:operationQueueForAsyncClients()];
270         scheduled = true;
271     }
272
273     // Start the connection if we did schedule with at least one runloop.
274     // We can't start the connection until we have one runloop scheduled.
275     if (scheduled)
276         [connection() start];
277     else
278         d->m_startWhenScheduled = true;
279 #endif
280
281     LOG(Network, "Handle %p starting connection %p for %@", this, connection(), firstRequest().nsURLRequest(DoNotUpdateHTTPBody));
282     
283     if (d->m_connection) {
284         if (d->m_defersLoading)
285             wkSetNSURLConnectionDefersCallbacks(connection(), YES);
286
287         return true;
288     }
289
290     END_BLOCK_OBJC_EXCEPTIONS;
291
292     return false;
293 }
294
295 void ResourceHandle::cancel()
296 {
297     LOG(Network, "Handle %p cancel connection %p", this, d->m_connection.get());
298
299     // Leaks were seen on HTTP tests without this; can be removed once <rdar://problem/6886937> is fixed.
300     if (d->m_currentMacChallenge)
301         [[d->m_currentMacChallenge sender] cancelAuthenticationChallenge:d->m_currentMacChallenge];
302
303     [d->m_connection.get() cancel];
304 }
305
306 void ResourceHandle::platformSetDefersLoading(bool defers)
307 {
308     if (d->m_connection)
309         wkSetNSURLConnectionDefersCallbacks(d->m_connection.get(), defers);
310 }
311
312 #if PLATFORM(MAC)
313
314 void ResourceHandle::schedule(SchedulePair& pair)
315 {
316     NSRunLoop *runLoop = pair.nsRunLoop();
317     if (!runLoop)
318         return;
319     [d->m_connection.get() scheduleInRunLoop:runLoop forMode:(NSString *)pair.mode()];
320     if (d->m_startWhenScheduled) {
321         [d->m_connection.get() start];
322         d->m_startWhenScheduled = false;
323     }
324 }
325
326 void ResourceHandle::unschedule(SchedulePair& pair)
327 {
328     if (NSRunLoop *runLoop = pair.nsRunLoop())
329         [d->m_connection.get() unscheduleFromRunLoop:runLoop forMode:(NSString *)pair.mode()];
330 }
331
332 #endif
333
334 id ResourceHandle::makeDelegate(bool shouldUseCredentialStorage)
335 {
336     ASSERT(!d->m_delegate);
337
338     id <NSURLConnectionDelegate> delegate;
339     if (client() && client()->usesAsyncCallbacks()) {
340         if (shouldUseCredentialStorage)
341             delegate = [[WebCoreResourceHandleAsOperationQueueDelegate alloc] initWithHandle:this];
342         else
343             delegate = [[WebCoreResourceHandleWithCredentialStorageAsOperationQueueDelegate alloc] initWithHandle:this];
344     } else
345         delegate = [[WebCoreResourceHandleAsDelegate alloc] initWithHandle:this];
346
347     d->m_delegate = delegate;
348     [delegate release];
349
350     return d->m_delegate.get();
351 }
352
353 id ResourceHandle::delegate()
354 {
355     if (!d->m_delegate)
356         return makeDelegate(false);
357     return d->m_delegate.get();
358 }
359
360 void ResourceHandle::releaseDelegate()
361 {
362     if (!d->m_delegate)
363         return;
364     [d->m_delegate.get() detachHandle];
365     d->m_delegate = nil;
366 }
367
368 NSURLConnection *ResourceHandle::connection() const
369 {
370     return d->m_connection.get();
371 }
372     
373 bool ResourceHandle::loadsBlocked()
374 {
375     return false;
376 }
377
378 CFStringRef ResourceHandle::synchronousLoadRunLoopMode()
379 {
380     return CFSTR("WebCoreSynchronousLoaderRunLoopMode");
381 }
382
383 void ResourceHandle::platformLoadResourceSynchronously(NetworkingContext* context, const ResourceRequest& request, StoredCredentials storedCredentials, ResourceError& error, ResourceResponse& response, Vector<char>& data)
384 {
385     LOG(Network, "ResourceHandle::platformLoadResourceSynchronously:%@ allowStoredCredentials:%u", request.nsURLRequest(DoNotUpdateHTTPBody), storedCredentials);
386
387     ASSERT(!request.isEmpty());
388     
389     OwnPtr<SynchronousLoaderClient> client = SynchronousLoaderClient::create();
390     client->setAllowStoredCredentials(storedCredentials == AllowStoredCredentials);
391
392     RefPtr<ResourceHandle> handle = adoptRef(new ResourceHandle(context, request, client.get(), false /*defersLoading*/, true /*shouldContentSniff*/));
393
394     handle->d->m_storageSession = context->storageSession().platformSession();
395
396     if (context && handle->d->m_scheduledFailureType != NoFailure) {
397         error = context->blockedError(request);
398         return;
399     }
400
401 #if !PLATFORM(IOS)
402     bool shouldUseCredentialStorage = storedCredentials == AllowStoredCredentials;
403     handle->createNSURLConnection(
404         handle->makeDelegate(shouldUseCredentialStorage),
405         shouldUseCredentialStorage,
406         handle->shouldContentSniff() || context->localFileContentSniffingEnabled(),
407         SchedulingBehavior::Synchronous);
408 #else
409     handle->createNSURLConnection(
410         handle->delegate(), // A synchronous request cannot turn into a download, so there is no need to proxy the delegate.
411         storedCredentials == AllowStoredCredentials,
412         handle->shouldContentSniff() || (context && context->localFileContentSniffingEnabled()),
413         SchedulingBehavior::Synchronous,
414         (NSDictionary *)handle->client()->connectionProperties(handle.get()));
415 #endif
416
417     [handle->connection() scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:(NSString *)synchronousLoadRunLoopMode()];
418     [handle->connection() start];
419     
420     while (!client->isDone())
421         [[NSRunLoop currentRunLoop] runMode:(NSString *)synchronousLoadRunLoopMode() beforeDate:[NSDate distantFuture]];
422
423     error = client->error();
424     
425     [handle->connection() cancel];
426
427     if (error.isNull())
428         response = client->response();
429
430     data.swap(client->mutableData());
431 }
432
433 void ResourceHandle::willSendRequest(ResourceRequest& request, const ResourceResponse& redirectResponse)
434 {
435     ASSERT(!redirectResponse.isNull());
436
437     if (redirectResponse.httpStatusCode() == 307) {
438         String lastHTTPMethod = d->m_lastHTTPMethod;
439         if (!equalIgnoringCase(lastHTTPMethod, request.httpMethod())) {
440             request.setHTTPMethod(lastHTTPMethod);
441     
442             FormData* body = d->m_firstRequest.httpBody();
443             if (!equalIgnoringCase(lastHTTPMethod, "GET") && body && !body->isEmpty())
444                 request.setHTTPBody(body);
445
446             String originalContentType = d->m_firstRequest.httpContentType();
447             if (!originalContentType.isEmpty())
448                 request.setHTTPHeaderField("Content-Type", originalContentType);
449         }
450     }
451
452     // Should not set Referer after a redirect from a secure resource to non-secure one.
453     if (!request.url().protocolIs("https") && protocolIs(request.httpReferrer(), "https") && d->m_context->shouldClearReferrerOnHTTPSToHTTPRedirect())
454         request.clearHTTPReferrer();
455
456     const URL& url = request.url();
457     d->m_user = url.user();
458     d->m_pass = url.pass();
459     d->m_lastHTTPMethod = request.httpMethod();
460     request.removeCredentials();
461
462     if (!protocolHostAndPortAreEqual(request.url(), redirectResponse.url())) {
463         // If the network layer carries over authentication headers from the original request
464         // in a cross-origin redirect, we want to clear those headers here.
465         // As of Lion, CFNetwork no longer does this.
466         request.clearHTTPAuthorization();
467     } else {
468         // Only consider applying authentication credentials if this is actually a redirect and the redirect
469         // URL didn't include credentials of its own.
470         if (d->m_user.isEmpty() && d->m_pass.isEmpty() && !redirectResponse.isNull()) {
471             Credential credential = CredentialStorage::get(request.url());
472             if (!credential.isEmpty()) {
473                 d->m_initialCredential = credential;
474                 
475                 // FIXME: Support Digest authentication, and Proxy-Authorization.
476                 applyBasicAuthorizationHeader(request, d->m_initialCredential);
477             }
478         }
479     }
480
481     if (client()->usesAsyncCallbacks()) {
482         client()->willSendRequestAsync(this, request, redirectResponse);
483     } else {
484         Ref<ResourceHandle> protect(*this);
485         client()->willSendRequest(this, request, redirectResponse);
486
487         // Client call may not preserve the session, especially if the request is sent over IPC.
488         if (!request.isNull())
489             request.setStorageSession(d->m_storageSession.get());
490     }
491 }
492
493 void ResourceHandle::continueWillSendRequest(const ResourceRequest& request)
494 {
495     ASSERT(client());
496     ASSERT(client()->usesAsyncCallbacks());
497
498     // Client call may not preserve the session, especially if the request is sent over IPC.
499     ResourceRequest newRequest = request;
500     if (!newRequest.isNull())
501         newRequest.setStorageSession(d->m_storageSession.get());
502     [(id)delegate() continueWillSendRequest:newRequest.nsURLRequest(UpdateHTTPBody)];
503 }
504
505 void ResourceHandle::continueDidReceiveResponse()
506 {
507     ASSERT(client());
508     ASSERT(client()->usesAsyncCallbacks());
509
510     [delegate() continueDidReceiveResponse];
511 }
512
513 bool ResourceHandle::shouldUseCredentialStorage()
514 {
515     ASSERT(!client()->usesAsyncCallbacks());
516     return client() && client()->shouldUseCredentialStorage(this);
517 }
518
519 void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
520 {
521     ASSERT(!d->m_currentMacChallenge);
522     ASSERT(d->m_currentWebChallenge.isNull());
523     // Since NSURLConnection networking relies on keeping a reference to the original NSURLAuthenticationChallenge,
524     // we make sure that is actually present
525     ASSERT(challenge.nsURLAuthenticationChallenge());
526
527     // Proxy authentication is handled by CFNetwork internally. We can get here if the user cancels
528     // CFNetwork authentication dialog, and we shouldn't ask the client to display another one in that case.
529     if (challenge.protectionSpace().isProxy()) {
530         // Cannot use receivedRequestToContinueWithoutCredential(), because current challenge is not yet set.
531         [challenge.sender() continueWithoutCredentialForAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()];
532         return;
533     }
534
535     if (!d->m_user.isNull() && !d->m_pass.isNull()) {
536         NSURLCredential *credential = [[NSURLCredential alloc] initWithUser:d->m_user
537                                                                    password:d->m_pass
538                                                                 persistence:NSURLCredentialPersistenceForSession];
539         d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge();
540         d->m_currentWebChallenge = challenge;
541         receivedCredential(challenge, core(credential));
542         [credential release];
543         // FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly.
544         d->m_user = String();
545         d->m_pass = String();
546         return;
547     }
548
549     // FIXME: Do not use the sync version of shouldUseCredentialStorage when the client returns true from usesAsyncCallbacks.
550     if (!client() || client()->shouldUseCredentialStorage(this)) {
551         if (!d->m_initialCredential.isEmpty() || challenge.previousFailureCount()) {
552             // The stored credential wasn't accepted, stop using it.
553             // There is a race condition here, since a different credential might have already been stored by another ResourceHandle,
554             // but the observable effect should be very minor, if any.
555             CredentialStorage::remove(challenge.protectionSpace());
556         }
557
558         if (!challenge.previousFailureCount()) {
559             Credential credential = CredentialStorage::get(challenge.protectionSpace());
560             if (!credential.isEmpty() && credential != d->m_initialCredential) {
561                 ASSERT(credential.persistence() == CredentialPersistenceNone);
562                 if (challenge.failureResponse().httpStatusCode() == 401) {
563                     // Store the credential back, possibly adding it as a default for this directory.
564                     CredentialStorage::set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
565                 }
566                 [challenge.sender() useCredential:mac(credential) forAuthenticationChallenge:mac(challenge)];
567                 return;
568             }
569         }
570     }
571
572 #if PLATFORM(IOS)
573     // If the challenge is for a proxy protection space, look for default credentials in
574     // the keychain.  CFNetwork used to handle this until WebCore was changed to always
575     // return NO to -connectionShouldUseCredentialStorage: for <rdar://problem/7704943>.
576     if (!challenge.previousFailureCount() && challenge.protectionSpace().isProxy()) {
577         NSURLAuthenticationChallenge *macChallenge = mac(challenge);
578         if (NSURLCredential *credential = [[NSURLCredentialStorage sharedCredentialStorage] defaultCredentialForProtectionSpace:[macChallenge protectionSpace]]) {
579             [challenge.sender() useCredential:credential forAuthenticationChallenge:macChallenge];
580             return;
581         }
582     }
583 #endif // PLATFORM(IOS)
584
585     d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge();
586     d->m_currentWebChallenge = core(d->m_currentMacChallenge);
587     d->m_currentWebChallenge.setAuthenticationClient(this);
588
589     // FIXME: Several concurrent requests can return with the an authentication challenge for the same protection space.
590     // We should avoid making additional client calls for the same protection space when already waiting for the user,
591     // because typing the same credentials several times is annoying.
592     if (client())
593         client()->didReceiveAuthenticationChallenge(this, d->m_currentWebChallenge);
594 }
595
596 void ResourceHandle::didCancelAuthenticationChallenge(const AuthenticationChallenge& challenge)
597 {
598     ASSERT(d->m_currentMacChallenge);
599     ASSERT(d->m_currentMacChallenge == challenge.nsURLAuthenticationChallenge());
600     ASSERT(!d->m_currentWebChallenge.isNull());
601
602     if (client())
603         client()->didCancelAuthenticationChallenge(this, challenge);
604 }
605
606 #if USE(PROTECTION_SPACE_AUTH_CALLBACK)
607 bool ResourceHandle::canAuthenticateAgainstProtectionSpace(const ProtectionSpace& protectionSpace)
608 {
609     if (client()->usesAsyncCallbacks()) {
610         if (client())
611             client()->canAuthenticateAgainstProtectionSpaceAsync(this, protectionSpace);
612         else
613             continueCanAuthenticateAgainstProtectionSpace(false);
614         return false; // Ignored by caller.
615     } else
616         return client() && client()->canAuthenticateAgainstProtectionSpace(this, protectionSpace);
617 }
618
619 void ResourceHandle::continueCanAuthenticateAgainstProtectionSpace(bool result)
620 {
621     ASSERT(client());
622     ASSERT(client()->usesAsyncCallbacks());
623
624     [(id)delegate() continueCanAuthenticateAgainstProtectionSpace:result];
625 }
626 #endif
627
628 void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge, const Credential& credential)
629 {
630     LOG(Network, "Handle %p receivedCredential", this);
631
632     ASSERT(!challenge.isNull());
633     if (challenge != d->m_currentWebChallenge)
634         return;
635
636     // FIXME: Support empty credentials. Currently, an empty credential cannot be stored in WebCore credential storage, as that's empty value for its map.
637     if (credential.isEmpty()) {
638         receivedRequestToContinueWithoutCredential(challenge);
639         return;
640     }
641
642     if (credential.persistence() == CredentialPersistenceForSession && (!d->m_needsSiteSpecificQuirks || ![[[mac(challenge) protectionSpace] host] isEqualToString:@"gallery.me.com"])) {
643         // Manage per-session credentials internally, because once NSURLCredentialPersistenceForSession is used, there is no way
644         // to ignore it for a particular request (short of removing it altogether).
645         // <rdar://problem/6867598> gallery.me.com is temporarily whitelisted, so that QuickTime plug-in could see the credentials.
646         Credential webCredential(credential, CredentialPersistenceNone);
647         URL urlToStore;
648         if (challenge.failureResponse().httpStatusCode() == 401)
649             urlToStore = challenge.failureResponse().url();
650         CredentialStorage::set(webCredential, core([d->m_currentMacChallenge protectionSpace]), urlToStore);
651         [[d->m_currentMacChallenge sender] useCredential:mac(webCredential) forAuthenticationChallenge:d->m_currentMacChallenge];
652     } else
653         [[d->m_currentMacChallenge sender] useCredential:mac(credential) forAuthenticationChallenge:d->m_currentMacChallenge];
654
655     clearAuthentication();
656 }
657
658 void ResourceHandle::receivedRequestToContinueWithoutCredential(const AuthenticationChallenge& challenge)
659 {
660     LOG(Network, "Handle %p receivedRequestToContinueWithoutCredential", this);
661
662     ASSERT(!challenge.isNull());
663     if (challenge != d->m_currentWebChallenge)
664         return;
665
666     [[d->m_currentMacChallenge sender] continueWithoutCredentialForAuthenticationChallenge:d->m_currentMacChallenge];
667
668     clearAuthentication();
669 }
670
671 void ResourceHandle::receivedCancellation(const AuthenticationChallenge& challenge)
672 {
673     LOG(Network, "Handle %p receivedCancellation", this);
674
675     if (challenge != d->m_currentWebChallenge)
676         return;
677
678     if (client())
679         client()->receivedCancellation(this, challenge);
680 }
681
682 void ResourceHandle::continueWillCacheResponse(NSCachedURLResponse *response)
683 {
684     ASSERT(client());
685     ASSERT(client()->usesAsyncCallbacks());
686
687     [(id)delegate() continueWillCacheResponse:response];
688 }
689     
690 #endif // !USE(CFNETWORK)
691     
692 #if ENABLE(WEB_TIMING)
693     
694 void ResourceHandle::getConnectionTimingData(NSDictionary *timingData, ResourceLoadTiming& timing)
695 {
696     if (!timingData)
697         return;
698
699     // This is not the navigationStart time in monotonic time, but the other times are relative to this time
700     // and only the differences between times are stored.
701     double referenceStart = [[timingData valueForKey:@"_kCFNTimingDataTimingDataInit"] doubleValue];
702             
703     double domainLookupStart = [[timingData valueForKey:@"_kCFNTimingDataDomainLookupStart"] doubleValue];
704     double domainLookupEnd = [[timingData valueForKey:@"_kCFNTimingDataDomainLookupEnd"] doubleValue];
705     double connectStart = [[timingData valueForKey:@"_kCFNTimingDataConnectStart"] doubleValue];
706     double secureConnectionStart = [[timingData valueForKey:@"_kCFNTimingDataSecureConnectionStart"] doubleValue];
707     double connectEnd = [[timingData valueForKey:@"_kCFNTimingDataConnectEnd"] doubleValue];
708     double requestStart = [[timingData valueForKey:@"_kCFNTimingDataRequestStart"] doubleValue];
709     double responseStart = [[timingData valueForKey:@"_kCFNTimingDataResponseStart"] doubleValue];
710         
711     timing.domainLookupStart = domainLookupStart <= 0 ? -1 : (domainLookupStart - referenceStart) * 1000;
712     timing.domainLookupEnd = domainLookupEnd <= 0 ? -1 : (domainLookupEnd - referenceStart) * 1000;
713     timing.connectStart = connectStart <= 0 ? -1 : (connectStart - referenceStart) * 1000;
714     timing.secureConnectionStart = secureConnectionStart <= 0 ? -1 : (secureConnectionStart - referenceStart) * 1000;
715     timing.connectEnd = connectEnd <= 0 ? -1 : (connectEnd - referenceStart) * 1000;
716     timing.requestStart = requestStart <= 0 ? 0 : (requestStart - referenceStart) * 1000;
717     timing.responseStart = responseStart <= 0 ? 0 : (responseStart - referenceStart) * 1000;
718 }
719     
720 #if USE(CFNETWORK)
721     
722 void ResourceHandle::setCollectsTimingData()
723 {
724     [NSURLConnection _setCollectsTimingData:YES];
725 }
726     
727 void ResourceHandle::getConnectionTimingData(CFURLConnectionRef connection, ResourceLoadTiming& timing)
728 {
729     getConnectionTimingData((__bridge NSDictionary*)(adoptCF(_CFURLConnectionCopyTimingData(connection)).get()), timing);
730 }
731     
732 #else
733     
734 void ResourceHandle::getConnectionTimingData(NSURLConnection *connection, ResourceLoadTiming& timing)
735 {
736     getConnectionTimingData([connection _timingData], timing);
737 }
738     
739 #endif
740     
741 #endif // ENABLE(WEB_TIMING)
742
743 } // namespace WebCore
744