Shrink various loading-related enums to shrink CachedResource
[WebKit-https.git] / Source / WebCore / platform / network / mac / ResourceHandleMac.mm
1 /*
2  * Copyright (C) 2004-2018 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #import "config.h"
27 #import "ResourceHandleInternal.h"
28
29 #import "AuthenticationChallenge.h"
30 #import "AuthenticationMac.h"
31 #import "CachedResourceLoader.h"
32 #import "CookieStorage.h"
33 #import "CredentialStorage.h"
34 #import "FormDataStreamMac.h"
35 #import "Frame.h"
36 #import "FrameLoader.h"
37 #import "HTTPHeaderNames.h"
38 #import "Logging.h"
39 #import "MIMETypeRegistry.h"
40 #import "NetworkStorageSession.h"
41 #import "NetworkingContext.h"
42 #import "ResourceError.h"
43 #import "ResourceResponse.h"
44 #import "SharedBuffer.h"
45 #import "SubresourceLoader.h"
46 #import "SynchronousLoaderClient.h"
47 #import "WebCoreResourceHandleAsOperationQueueDelegate.h"
48 #import "WebCoreURLResponse.h"
49 #import <pal/spi/cf/CFNetworkSPI.h>
50 #import <pal/spi/cocoa/NSURLConnectionSPI.h>
51 #import <wtf/BlockObjCExceptions.h>
52 #import <wtf/CompletionHandler.h>
53 #import <wtf/ProcessPrivilege.h>
54 #import <wtf/Ref.h>
55 #import <wtf/SchedulePair.h>
56 #import <wtf/text/Base64.h>
57 #import <wtf/text/CString.h>
58
59 #if PLATFORM(IOS)
60 #import "RuntimeApplicationChecks.h"
61 #import "WebCoreThreadRun.h"
62 #endif
63
64 using namespace WebCore;
65
66 @interface NSURLConnection ()
67 -(id)_initWithRequest:(NSURLRequest *)request delegate:(id)delegate usesCache:(BOOL)usesCacheFlag maxContentLength:(long long)maxContentLength startImmediately:(BOOL)startImmediately connectionProperties:(NSDictionary *)connectionProperties;
68 @end
69
70 namespace WebCore {
71     
72 static void applyBasicAuthorizationHeader(ResourceRequest& request, const Credential& credential)
73 {
74     String authenticationHeader = "Basic " + base64Encode(String(credential.user() + ":" + credential.password()).utf8());
75
76     request.setHTTPHeaderField(HTTPHeaderName::Authorization, authenticationHeader);
77 }
78
79 static NSOperationQueue *operationQueueForAsyncClients()
80 {
81     static NSOperationQueue *queue;
82     if (!queue) {
83         queue = [[NSOperationQueue alloc] init];
84         // Default concurrent operation count depends on current system workload, but delegate methods are mostly idling in IPC, so we can run as many as needed.
85         [queue setMaxConcurrentOperationCount:NSOperationQueueDefaultMaxConcurrentOperationCount];
86     }
87     return queue;
88 }
89
90 ResourceHandleInternal::~ResourceHandleInternal()
91 {
92 }
93
94 ResourceHandle::~ResourceHandle()
95 {
96     releaseDelegate();
97     d->m_currentWebChallenge.setAuthenticationClient(0);
98
99     LOG(Network, "Handle %p destroyed", this);
100 }
101
102 #if PLATFORM(IOS)
103 static bool synchronousWillSendRequestEnabled()
104 {
105     static bool disabled = [[NSUserDefaults standardUserDefaults] boolForKey:@"WebKitDisableSynchronousWillSendRequestPreferenceKey"] || IOSApplication::isIBooks();
106     return !disabled;
107 }
108 #endif
109
110 #if PLATFORM(COCOA)
111 void ResourceHandle::applySniffingPoliciesAndStoragePartitionIfNeeded(NSURLRequest*& nsRequest, bool shouldContentSniff, bool shouldContentEncodingSniff)
112 {
113 #if !PLATFORM(MAC)
114     UNUSED_PARAM(shouldContentEncodingSniff);
115 #elif __MAC_OS_X_VERSION_MIN_REQUIRED < 101302
116     shouldContentEncodingSniff = true;
117 #endif
118 #if HAVE(CFNETWORK_STORAGE_PARTITIONING)
119     String storagePartition = d->m_context->storageSession().cookieStoragePartition(firstRequest(), std::nullopt, std::nullopt);
120 #else
121     String storagePartition;
122 #endif
123     if (shouldContentSniff && shouldContentEncodingSniff && storagePartition.isEmpty())
124         return;
125
126     auto mutableRequest = adoptNS([nsRequest mutableCopy]);
127
128 #if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101302
129     if (!shouldContentEncodingSniff)
130         [mutableRequest _setProperty:@(YES) forKey:(NSString *)kCFURLRequestContentDecoderSkipURLCheck];
131 #endif
132
133     if (!shouldContentSniff)
134         [mutableRequest _setProperty:@(NO) forKey:(NSString *)_kCFURLConnectionPropertyShouldSniff];
135
136 #if HAVE(CFNETWORK_STORAGE_PARTITIONING)
137     if (!storagePartition.isEmpty())
138         [mutableRequest _setProperty:storagePartition forKey:@"__STORAGE_PARTITION_IDENTIFIER"];
139 #endif
140
141     nsRequest = mutableRequest.autorelease();
142
143 }
144 #endif
145
146 #if !PLATFORM(IOS)
147 void ResourceHandle::createNSURLConnection(id delegate, bool shouldUseCredentialStorage, bool shouldContentSniff, bool shouldContentEncodingSniff, SchedulingBehavior schedulingBehavior)
148 #else
149 void ResourceHandle::createNSURLConnection(id delegate, bool shouldUseCredentialStorage, bool shouldContentSniff, bool shouldContentEncodingSniff, SchedulingBehavior schedulingBehavior, NSDictionary *connectionProperties)
150 #endif
151 {
152 #if !HAVE(TIMINGDATAOPTIONS)
153     setCollectsTimingData();
154 #endif
155
156     // Credentials for ftp can only be passed in URL, the connection:didReceiveAuthenticationChallenge: delegate call won't be made.
157     if ((!d->m_user.isEmpty() || !d->m_pass.isEmpty()) && !firstRequest().url().protocolIsInHTTPFamily()) {
158         URL urlWithCredentials(firstRequest().url());
159         urlWithCredentials.setUser(d->m_user);
160         urlWithCredentials.setPass(d->m_pass);
161         firstRequest().setURL(urlWithCredentials);
162     }
163
164     if (shouldUseCredentialStorage && firstRequest().url().protocolIsInHTTPFamily()) {
165         if (d->m_user.isEmpty() && d->m_pass.isEmpty()) {
166             // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, 
167             // try and reuse the credential preemptively, as allowed by RFC 2617.
168             d->m_initialCredential = d->m_context->storageSession().credentialStorage().get(firstRequest().cachePartition(), firstRequest().url());
169         } else {
170             // If there is already a protection space known for the URL, update stored credentials before sending a request.
171             // This makes it possible to implement logout by sending an XMLHttpRequest with known incorrect credentials, and aborting it immediately
172             // (so that an authentication dialog doesn't pop up).
173             d->m_context->storageSession().credentialStorage().set(firstRequest().cachePartition(), Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url());
174         }
175     }
176         
177     if (!d->m_initialCredential.isEmpty()) {
178         // FIXME: Support Digest authentication, and Proxy-Authorization.
179         applyBasicAuthorizationHeader(firstRequest(), d->m_initialCredential);
180     }
181
182     NSURLRequest *nsRequest = firstRequest().nsURLRequest(HTTPBodyUpdatePolicy::UpdateHTTPBody);
183     applySniffingPoliciesAndStoragePartitionIfNeeded(nsRequest, shouldContentSniff, shouldContentEncodingSniff);
184
185     if (d->m_storageSession)
186         nsRequest = [copyRequestWithStorageSession(d->m_storageSession.get(), nsRequest) autorelease];
187
188     ASSERT([NSURLConnection instancesRespondToSelector:@selector(_initWithRequest:delegate:usesCache:maxContentLength:startImmediately:connectionProperties:)]);
189
190 #if PLATFORM(IOS)
191     // FIXME: This code is different from iOS code in ResourceHandleCFNet.cpp in that here we respect stream properties that were present in client properties.
192     NSDictionary *streamPropertiesFromClient = [connectionProperties objectForKey:@"kCFURLConnectionSocketStreamProperties"];
193     NSMutableDictionary *streamProperties = streamPropertiesFromClient ? [[streamPropertiesFromClient mutableCopy] autorelease] : [NSMutableDictionary dictionary];
194 #else
195     NSMutableDictionary *streamProperties = [NSMutableDictionary dictionary];
196 #endif
197
198     if (!shouldUseCredentialStorage) {
199         // Avoid using existing connections, because they may be already authenticated.
200         [streamProperties setObject:@"WebKitPrivateSession" forKey:@"_kCFURLConnectionSessionID"];
201     }
202
203     if (schedulingBehavior == SchedulingBehavior::Synchronous) {
204         // Synchronous requests should not be subject to regular connection count limit to avoid deadlocks.
205         // If we are using all available connections for async requests, and make a sync request, then prior
206         // requests may get stuck waiting for delegate calls while we are in nested run loop, and the sync
207         // request won't start because there are no available connections.
208         // Connections are grouped by their socket stream properties, with each group having a separate count.
209         [streamProperties setObject:@TRUE forKey:@"_WebKitSynchronousRequest"];
210     }
211
212     RetainPtr<CFDataRef> sourceApplicationAuditData = d->m_context->sourceApplicationAuditData();
213     if (sourceApplicationAuditData)
214         [streamProperties setObject:(NSData *)sourceApplicationAuditData.get() forKey:@"kCFStreamPropertySourceApplication"];
215
216 #if PLATFORM(IOS)
217     NSMutableDictionary *propertyDictionary = [NSMutableDictionary dictionaryWithDictionary:connectionProperties];
218     [propertyDictionary setObject:streamProperties forKey:@"kCFURLConnectionSocketStreamProperties"];
219     const bool usesCache = false;
220     if (synchronousWillSendRequestEnabled())
221         CFURLRequestSetShouldStartSynchronously([nsRequest _CFURLRequest], 1);
222 #else
223     NSMutableDictionary *propertyDictionary = [NSMutableDictionary dictionaryWithObject:streamProperties forKey:@"kCFURLConnectionSocketStreamProperties"];
224     const bool usesCache = true;
225 #endif
226 #if HAVE(TIMINGDATAOPTIONS)
227     [propertyDictionary setObject:@{@"_kCFURLConnectionPropertyTimingDataOptions": @(_TimingDataOptionsEnableW3CNavigationTiming)} forKey:@"kCFURLConnectionURLConnectionProperties"];
228 #endif
229
230     // This is used to signal that to CFNetwork that this connection should be considered
231     // web content for purposes of App Transport Security.
232     [propertyDictionary setObject:@{@"NSAllowsArbitraryLoadsInWebContent": @YES} forKey:@"_kCFURLConnectionPropertyATSFrameworkOverrides"];
233
234     d->m_connection = adoptNS([[NSURLConnection alloc] _initWithRequest:nsRequest delegate:delegate usesCache:usesCache maxContentLength:0 startImmediately:NO connectionProperties:propertyDictionary]);
235 }
236
237 bool ResourceHandle::start()
238 {
239     if (!d->m_context)
240         return false;
241
242     BEGIN_BLOCK_OBJC_EXCEPTIONS;
243
244     // If NetworkingContext is invalid then we are no longer attached to a Page,
245     // this must be an attempted load from an unload event handler, so let's just block it.
246     if (!d->m_context->isValid())
247         return false;
248
249     d->m_storageSession = d->m_context->storageSession().platformSession();
250
251     // FIXME: Do not use the sync version of shouldUseCredentialStorage when the client returns true from usesAsyncCallbacks.
252     bool shouldUseCredentialStorage = !client() || client()->shouldUseCredentialStorage(this);
253
254     SchedulingBehavior schedulingBehavior = client() && client()->loadingSynchronousXHR() ? SchedulingBehavior::Synchronous : SchedulingBehavior::Asynchronous;
255
256 #if !PLATFORM(IOS)
257     createNSURLConnection(
258         ResourceHandle::makeDelegate(shouldUseCredentialStorage, nullptr),
259         shouldUseCredentialStorage,
260         d->m_shouldContentSniff || d->m_context->localFileContentSniffingEnabled(),
261         d->m_shouldContentEncodingSniff,
262         schedulingBehavior);
263 #else
264     createNSURLConnection(
265         ResourceHandle::makeDelegate(shouldUseCredentialStorage, nullptr),
266         shouldUseCredentialStorage,
267         d->m_shouldContentSniff || d->m_context->localFileContentSniffingEnabled(),
268         d->m_shouldContentEncodingSniff,
269         schedulingBehavior,
270         (NSDictionary *)client()->connectionProperties(this).get());
271 #endif
272
273     [connection() setDelegateQueue:operationQueueForAsyncClients()];
274     [connection() start];
275
276     LOG(Network, "Handle %p starting connection %p for %@", this, connection(), firstRequest().nsURLRequest(HTTPBodyUpdatePolicy::DoNotUpdateHTTPBody));
277     
278     if (d->m_connection) {
279         if (d->m_defersLoading)
280             connection().defersCallbacks = YES;
281
282         return true;
283     }
284
285     END_BLOCK_OBJC_EXCEPTIONS;
286
287     return false;
288 }
289
290 void ResourceHandle::cancel()
291 {
292     LOG(Network, "Handle %p cancel connection %p", this, d->m_connection.get());
293
294     // Leaks were seen on HTTP tests without this; can be removed once <rdar://problem/6886937> is fixed.
295     if (d->m_currentMacChallenge)
296         [[d->m_currentMacChallenge sender] cancelAuthenticationChallenge:d->m_currentMacChallenge];
297
298     [d->m_connection.get() cancel];
299 }
300
301 void ResourceHandle::platformSetDefersLoading(bool defers)
302 {
303     if (d->m_connection)
304         [d->m_connection setDefersCallbacks:defers];
305 }
306
307 void ResourceHandle::schedule(SchedulePair& pair)
308 {
309     NSRunLoop *runLoop = pair.nsRunLoop();
310     if (!runLoop)
311         return;
312     [d->m_connection.get() scheduleInRunLoop:runLoop forMode:(NSString *)pair.mode()];
313 }
314
315 void ResourceHandle::unschedule(SchedulePair& pair)
316 {
317     if (NSRunLoop *runLoop = pair.nsRunLoop())
318         [d->m_connection.get() unscheduleFromRunLoop:runLoop forMode:(NSString *)pair.mode()];
319 }
320
321 id ResourceHandle::makeDelegate(bool shouldUseCredentialStorage, MessageQueue<Function<void()>>* queue)
322 {
323     ASSERT(!d->m_delegate);
324
325     id <NSURLConnectionDelegate> delegate;
326     if (shouldUseCredentialStorage)
327         delegate = [[WebCoreResourceHandleAsOperationQueueDelegate alloc] initWithHandle:this messageQueue:queue];
328     else
329         delegate = [[WebCoreResourceHandleWithCredentialStorageAsOperationQueueDelegate alloc] initWithHandle:this messageQueue:queue];
330
331     d->m_delegate = delegate;
332     [delegate release];
333
334     return d->m_delegate.get();
335 }
336
337 id ResourceHandle::delegate()
338 {
339     if (!d->m_delegate)
340         return makeDelegate(false, nullptr);
341     return d->m_delegate.get();
342 }
343
344 void ResourceHandle::releaseDelegate()
345 {
346     if (!d->m_delegate)
347         return;
348     [d->m_delegate.get() detachHandle];
349     d->m_delegate = nil;
350 }
351
352 NSURLConnection *ResourceHandle::connection() const
353 {
354     return d->m_connection.get();
355 }
356     
357 CFStringRef ResourceHandle::synchronousLoadRunLoopMode()
358 {
359     return CFSTR("WebCoreSynchronousLoaderRunLoopMode");
360 }
361
362 void ResourceHandle::platformLoadResourceSynchronously(NetworkingContext* context, const ResourceRequest& request, StoredCredentialsPolicy storedCredentialsPolicy, ResourceError& error, ResourceResponse& response, Vector<char>& data)
363 {
364     LOG(Network, "ResourceHandle::platformLoadResourceSynchronously:%@ storedCredentialsPolicy:%u", request.nsURLRequest(HTTPBodyUpdatePolicy::DoNotUpdateHTTPBody), static_cast<unsigned>(storedCredentialsPolicy));
365
366     ASSERT(!request.isEmpty());
367     
368     SynchronousLoaderClient client;
369     client.setAllowStoredCredentials(storedCredentialsPolicy == StoredCredentialsPolicy::Use);
370
371     bool defersLoading = false;
372     bool shouldContentSniff = true;
373     bool shouldContentEncodingSniff = true;
374     RefPtr<ResourceHandle> handle = adoptRef(new ResourceHandle(context, request, &client, defersLoading, shouldContentSniff, shouldContentEncodingSniff));
375
376     handle->d->m_storageSession = context->storageSession().platformSession();
377
378     if (context && handle->d->m_scheduledFailureType != NoFailure) {
379         error = context->blockedError(request);
380         return;
381     }
382
383     bool shouldUseCredentialStorage = storedCredentialsPolicy == StoredCredentialsPolicy::Use;
384 #if !PLATFORM(IOS)
385     handle->createNSURLConnection(
386         handle->makeDelegate(shouldUseCredentialStorage, &client.messageQueue()),
387         shouldUseCredentialStorage,
388         handle->shouldContentSniff() || context->localFileContentSniffingEnabled(),
389         handle->shouldContentEncodingSniff(),
390         SchedulingBehavior::Synchronous);
391 #else
392     handle->createNSURLConnection(
393         handle->makeDelegate(shouldUseCredentialStorage, &client.messageQueue()), // A synchronous request cannot turn into a download, so there is no need to proxy the delegate.
394         shouldUseCredentialStorage,
395         handle->shouldContentSniff() || (context && context->localFileContentSniffingEnabled()),
396         handle->shouldContentEncodingSniff(),
397         SchedulingBehavior::Synchronous,
398         (NSDictionary *)handle->client()->connectionProperties(handle.get()).get());
399 #endif
400
401     [handle->connection() setDelegateQueue:operationQueueForAsyncClients()];
402     [handle->connection() start];
403     
404     do {
405         if (auto task = client.messageQueue().waitForMessage())
406             (*task)();
407     } while (!client.messageQueue().killed());
408
409     error = client.error();
410     
411     [handle->connection() cancel];
412
413     if (error.isNull())
414         response = client.response();
415
416     data.swap(client.mutableData());
417 }
418
419 void ResourceHandle::willSendRequest(ResourceRequest&& request, ResourceResponse&& redirectResponse, CompletionHandler<void(ResourceRequest&&)>&& completionHandler)
420 {
421     ASSERT(!redirectResponse.isNull());
422
423     if (redirectResponse.httpStatusCode() == 307) {
424         String lastHTTPMethod = d->m_lastHTTPMethod;
425         if (!equalIgnoringASCIICase(lastHTTPMethod, request.httpMethod())) {
426             request.setHTTPMethod(lastHTTPMethod);
427     
428             FormData* body = d->m_firstRequest.httpBody();
429             if (!equalLettersIgnoringASCIICase(lastHTTPMethod, "get") && body && !body->isEmpty())
430                 request.setHTTPBody(body);
431
432             String originalContentType = d->m_firstRequest.httpContentType();
433             if (!originalContentType.isEmpty())
434                 request.setHTTPHeaderField(HTTPHeaderName::ContentType, originalContentType);
435         }
436     }
437
438     // Should not set Referer after a redirect from a secure resource to non-secure one.
439     if (!request.url().protocolIs("https") && protocolIs(request.httpReferrer(), "https") && d->m_context->shouldClearReferrerOnHTTPSToHTTPRedirect())
440         request.clearHTTPReferrer();
441
442     const URL& url = request.url();
443     d->m_user = url.user();
444     d->m_pass = url.pass();
445     d->m_lastHTTPMethod = request.httpMethod();
446     request.removeCredentials();
447
448     if (!protocolHostAndPortAreEqual(request.url(), redirectResponse.url())) {
449         // The network layer might carry over some headers from the original request that
450         // we want to strip here because the redirect is cross-origin.
451         request.clearHTTPAuthorization();
452         request.clearHTTPOrigin();
453     } else {
454         // Only consider applying authentication credentials if this is actually a redirect and the redirect
455         // URL didn't include credentials of its own.
456         if (d->m_user.isEmpty() && d->m_pass.isEmpty() && !redirectResponse.isNull()) {
457             Credential credential = d->m_context->storageSession().credentialStorage().get(request.cachePartition(), request.url());
458             if (!credential.isEmpty()) {
459                 d->m_initialCredential = credential;
460                 
461                 // FIXME: Support Digest authentication, and Proxy-Authorization.
462                 applyBasicAuthorizationHeader(request, d->m_initialCredential);
463             }
464         }
465     }
466
467     client()->willSendRequestAsync(this, WTFMove(request), WTFMove(redirectResponse), [this, protectedThis = makeRef(*this), completionHandler = WTFMove(completionHandler)] (ResourceRequest&& request) mutable {
468         // Client call may not preserve the session, especially if the request is sent over IPC.
469         if (!request.isNull())
470             request.setStorageSession(d->m_storageSession.get());
471         completionHandler(WTFMove(request));
472     });
473 }
474
475 void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
476 {
477     ASSERT(!d->m_currentMacChallenge);
478     ASSERT(d->m_currentWebChallenge.isNull());
479     // Since NSURLConnection networking relies on keeping a reference to the original NSURLAuthenticationChallenge,
480     // we make sure that is actually present
481     ASSERT(challenge.nsURLAuthenticationChallenge());
482
483     // Proxy authentication is handled by CFNetwork internally. We can get here if the user cancels
484     // CFNetwork authentication dialog, and we shouldn't ask the client to display another one in that case.
485     if (challenge.protectionSpace().isProxy()) {
486         // Cannot use receivedRequestToContinueWithoutCredential(), because current challenge is not yet set.
487         [challenge.sender() continueWithoutCredentialForAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()];
488         return;
489     }
490
491     if (tryHandlePasswordBasedAuthentication(challenge))
492         return;
493
494 #if PLATFORM(IOS)
495     // If the challenge is for a proxy protection space, look for default credentials in
496     // the keychain.  CFNetwork used to handle this until WebCore was changed to always
497     // return NO to -connectionShouldUseCredentialStorage: for <rdar://problem/7704943>.
498     if (!challenge.previousFailureCount() && challenge.protectionSpace().isProxy()) {
499         RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanAccessCredentials));
500         NSURLAuthenticationChallenge *macChallenge = mac(challenge);
501         if (NSURLCredential *credential = [[NSURLCredentialStorage sharedCredentialStorage] defaultCredentialForProtectionSpace:[macChallenge protectionSpace]]) {
502             [challenge.sender() useCredential:credential forAuthenticationChallenge:macChallenge];
503             return;
504         }
505     }
506 #endif // PLATFORM(IOS)
507
508     d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge();
509     d->m_currentWebChallenge = core(d->m_currentMacChallenge);
510     d->m_currentWebChallenge.setAuthenticationClient(this);
511
512     // FIXME: Several concurrent requests can return with the an authentication challenge for the same protection space.
513     // We should avoid making additional client calls for the same protection space when already waiting for the user,
514     // because typing the same credentials several times is annoying.
515     if (client())
516         client()->didReceiveAuthenticationChallenge(this, d->m_currentWebChallenge);
517     else {
518         clearAuthentication();
519         [challenge.sender() performDefaultHandlingForAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()];
520     }
521 }
522
523 bool ResourceHandle::tryHandlePasswordBasedAuthentication(const AuthenticationChallenge& challenge)
524 {
525     if (!challenge.protectionSpace().isPasswordBased())
526         return false;
527
528     if (!d->m_user.isNull() && !d->m_pass.isNull()) {
529         NSURLCredential *credential = [[NSURLCredential alloc] initWithUser:d->m_user
530                                                                    password:d->m_pass
531                                                                 persistence:NSURLCredentialPersistenceForSession];
532         d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge();
533         d->m_currentWebChallenge = challenge;
534         receivedCredential(challenge, Credential(credential));
535         [credential release];
536         // FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly.
537         d->m_user = String();
538         d->m_pass = String();
539         return true;
540     }
541
542     // FIXME: Do not use the sync version of shouldUseCredentialStorage when the client returns true from usesAsyncCallbacks.
543     if (!client() || client()->shouldUseCredentialStorage(this)) {
544         if (!d->m_initialCredential.isEmpty() || challenge.previousFailureCount()) {
545             // The stored credential wasn't accepted, stop using it.
546             // There is a race condition here, since a different credential might have already been stored by another ResourceHandle,
547             // but the observable effect should be very minor, if any.
548             d->m_context->storageSession().credentialStorage().remove(d->m_partition, challenge.protectionSpace());
549         }
550
551         if (!challenge.previousFailureCount()) {
552             Credential credential = d->m_context->storageSession().credentialStorage().get(d->m_partition, challenge.protectionSpace());
553             if (!credential.isEmpty() && credential != d->m_initialCredential) {
554                 ASSERT(credential.persistence() == CredentialPersistenceNone);
555                 if (challenge.failureResponse().httpStatusCode() == 401) {
556                     // Store the credential back, possibly adding it as a default for this directory.
557                     d->m_context->storageSession().credentialStorage().set(d->m_partition, credential, challenge.protectionSpace(), challenge.failureResponse().url());
558                 }
559                 [challenge.sender() useCredential:credential.nsCredential() forAuthenticationChallenge:mac(challenge)];
560                 return true;
561             }
562         }
563     }
564
565     return false;
566 }
567
568 #if USE(PROTECTION_SPACE_AUTH_CALLBACK)
569 void ResourceHandle::canAuthenticateAgainstProtectionSpace(const ProtectionSpace& protectionSpace, CompletionHandler<void(bool)>&& completionHandler)
570 {
571     if (ResourceHandleClient* client = this->client())
572         client->canAuthenticateAgainstProtectionSpaceAsync(this, protectionSpace, WTFMove(completionHandler));
573     else
574         completionHandler(false);
575 }
576 #endif
577
578 void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge, const Credential& credential)
579 {
580     LOG(Network, "Handle %p receivedCredential", this);
581
582     ASSERT(!challenge.isNull());
583     if (challenge != d->m_currentWebChallenge)
584         return;
585
586     // FIXME: Support empty credentials. Currently, an empty credential cannot be stored in WebCore credential storage, as that's empty value for its map.
587     if (credential.isEmpty()) {
588         receivedRequestToContinueWithoutCredential(challenge);
589         return;
590     }
591
592     if (credential.persistence() == CredentialPersistenceForSession && challenge.protectionSpace().authenticationScheme() != ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
593         // Manage per-session credentials internally, because once NSURLCredentialPersistenceForSession is used, there is no way
594         // to ignore it for a particular request (short of removing it altogether).
595         Credential webCredential(credential, CredentialPersistenceNone);
596         URL urlToStore;
597         if (challenge.failureResponse().httpStatusCode() == 401)
598             urlToStore = challenge.failureResponse().url();
599         d->m_context->storageSession().credentialStorage().set(d->m_partition, webCredential, ProtectionSpace([d->m_currentMacChallenge protectionSpace]), urlToStore);
600         [[d->m_currentMacChallenge sender] useCredential:webCredential.nsCredential() forAuthenticationChallenge:d->m_currentMacChallenge];
601     } else
602         [[d->m_currentMacChallenge sender] useCredential:credential.nsCredential() forAuthenticationChallenge:d->m_currentMacChallenge];
603
604     clearAuthentication();
605 }
606
607 void ResourceHandle::receivedRequestToContinueWithoutCredential(const AuthenticationChallenge& challenge)
608 {
609     LOG(Network, "Handle %p receivedRequestToContinueWithoutCredential", this);
610
611     ASSERT(!challenge.isNull());
612     if (challenge != d->m_currentWebChallenge)
613         return;
614
615     [[d->m_currentMacChallenge sender] continueWithoutCredentialForAuthenticationChallenge:d->m_currentMacChallenge];
616
617     clearAuthentication();
618 }
619
620 void ResourceHandle::receivedCancellation(const AuthenticationChallenge& challenge)
621 {
622     LOG(Network, "Handle %p receivedCancellation", this);
623
624     if (challenge != d->m_currentWebChallenge)
625         return;
626
627     if (client())
628         client()->receivedCancellation(this, challenge);
629 }
630
631 void ResourceHandle::receivedRequestToPerformDefaultHandling(const AuthenticationChallenge& challenge)
632 {
633     LOG(Network, "Handle %p receivedRequestToPerformDefaultHandling", this);
634
635     ASSERT(!challenge.isNull());
636     if (challenge != d->m_currentWebChallenge)
637         return;
638
639     [[d->m_currentMacChallenge sender] performDefaultHandlingForAuthenticationChallenge:d->m_currentMacChallenge];
640
641     clearAuthentication();
642 }
643
644 void ResourceHandle::receivedChallengeRejection(const AuthenticationChallenge& challenge)
645 {
646     LOG(Network, "Handle %p receivedChallengeRejection", this);
647
648     ASSERT(!challenge.isNull());
649     if (challenge != d->m_currentWebChallenge)
650         return;
651
652     [[d->m_currentMacChallenge sender] rejectProtectionSpaceAndContinueWithChallenge:d->m_currentMacChallenge];
653
654     clearAuthentication();
655 }
656
657 void ResourceHandle::getConnectionTimingData(NSURLConnection *connection, NetworkLoadMetrics& timing)
658 {
659     copyTimingData([connection _timingData], timing);
660 }
661
662 } // namespace WebCore