bba05336667258715452d1069db468f00e7ee966
[WebKit-https.git] / Source / WebCore / platform / network / mac / ResourceHandleMac.mm
1 /*
2  * Copyright (C) 2004, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #import "config.h"
27 #import "ResourceHandleInternal.h"
28
29 #import "AuthenticationChallenge.h"
30 #import "AuthenticationMac.h"
31 #import "BlockExceptions.h"
32 #import "CookieStorage.h"
33 #import "CredentialStorage.h"
34 #import "CachedResourceLoader.h"
35 #import "FormDataStreamMac.h"
36 #import "Frame.h"
37 #import "FrameLoader.h"
38 #import "HTTPHeaderNames.h"
39 #import "Logging.h"
40 #import "MIMETypeRegistry.h"
41 #import "NSURLConnectionSPI.h"
42 #import "NetworkingContext.h"
43 #import "Page.h"
44 #import "ResourceError.h"
45 #import "ResourceResponse.h"
46 #import "Settings.h"
47 #import "SharedBuffer.h"
48 #import "SubresourceLoader.h"
49 #import "WebCoreResourceHandleAsDelegate.h"
50 #import "WebCoreResourceHandleAsOperationQueueDelegate.h"
51 #import "SynchronousLoaderClient.h"
52 #import "WebCoreSystemInterface.h"
53 #import "WebCoreURLResponse.h"
54 #import <wtf/Ref.h>
55 #import <wtf/SchedulePair.h>
56 #import <wtf/text/Base64.h>
57 #import <wtf/text/CString.h>
58
59 #if USE(CFNETWORK)
60 #if __has_include(<CFNetwork/CFURLConnectionPriv.h>)
61 #import <CFNetwork/CFURLConnectionPriv.h>
62 #endif
63 typedef struct _CFURLConnection* CFURLConnectionRef;
64 extern "C" {
65 CFDictionaryRef _CFURLConnectionCopyTimingData(CFURLConnectionRef);
66 }
67 #endif // USE(CFNETWORK)
68
69 #if __has_include(<Foundation/NSURLConnectionPrivate.h>)
70 #import <Foundation/NSURLConnectionPrivate.h>
71 #else
72 @interface NSURLConnection (TimingData)
73 #if !HAVE(TIMINGDATAOPTIONS)
74 + (void)_setCollectsTimingData:(BOOL)collect;
75 #endif
76 - (NSDictionary *)_timingData;
77 @end
78 #endif
79
80 #if PLATFORM(IOS)
81 #import "CFNetworkSPI.h"
82 #import "RuntimeApplicationChecksIOS.h"
83 #import "WebCoreThreadRun.h"
84
85 @interface NSURLRequest ()
86 - (CFURLRequestRef) _CFURLRequest;
87 @end
88 #endif
89
90 #if USE(QUICK_LOOK)
91 #import "QuickLook.h"
92 #endif
93
94 using namespace WebCore;
95
96 @interface NSURLConnection ()
97 -(id)_initWithRequest:(NSURLRequest *)request delegate:(id)delegate usesCache:(BOOL)usesCacheFlag maxContentLength:(long long)maxContentLength startImmediately:(BOOL)startImmediately connectionProperties:(NSDictionary *)connectionProperties;
98 @end
99
100 namespace WebCore {
101     
102 #if !USE(CFNETWORK)
103     
104 static void applyBasicAuthorizationHeader(ResourceRequest& request, const Credential& credential)
105 {
106     String authenticationHeader = "Basic " + base64Encode(String(credential.user() + ":" + credential.password()).utf8());
107
108     request.setHTTPHeaderField(HTTPHeaderName::Authorization, authenticationHeader);
109 }
110
111 static NSOperationQueue *operationQueueForAsyncClients()
112 {
113     static NSOperationQueue *queue;
114     if (!queue) {
115         queue = [[NSOperationQueue alloc] init];
116         // Default concurrent operation count depends on current system workload, but delegate methods are mostly idling in IPC, so we can run as many as needed.
117         [queue setMaxConcurrentOperationCount:NSOperationQueueDefaultMaxConcurrentOperationCount];
118     }
119     return queue;
120 }
121
122 ResourceHandleInternal::~ResourceHandleInternal()
123 {
124 }
125
126 ResourceHandle::~ResourceHandle()
127 {
128     releaseDelegate();
129     d->m_currentWebChallenge.setAuthenticationClient(0);
130
131     LOG(Network, "Handle %p destroyed", this);
132 }
133
134 #if PLATFORM(IOS)
135 static bool synchronousWillSendRequestEnabled()
136 {
137     static bool disabled = [[NSUserDefaults standardUserDefaults] boolForKey:@"WebKitDisableSynchronousWillSendRequestPreferenceKey"];
138     return !disabled;
139 }
140 #endif
141
142 #if !PLATFORM(IOS)
143 void ResourceHandle::createNSURLConnection(id delegate, bool shouldUseCredentialStorage, bool shouldContentSniff, SchedulingBehavior schedulingBehavior)
144 #else
145 void ResourceHandle::createNSURLConnection(id delegate, bool shouldUseCredentialStorage, bool shouldContentSniff, SchedulingBehavior schedulingBehavior, NSDictionary *connectionProperties)
146 #endif
147 {
148 #if ENABLE(WEB_TIMING)
149     setCollectsTimingData();
150 #endif
151
152     // Credentials for ftp can only be passed in URL, the connection:didReceiveAuthenticationChallenge: delegate call won't be made.
153     if ((!d->m_user.isEmpty() || !d->m_pass.isEmpty()) && !firstRequest().url().protocolIsInHTTPFamily()) {
154         URL urlWithCredentials(firstRequest().url());
155         urlWithCredentials.setUser(d->m_user);
156         urlWithCredentials.setPass(d->m_pass);
157         firstRequest().setURL(urlWithCredentials);
158     }
159
160     if (shouldUseCredentialStorage && firstRequest().url().protocolIsInHTTPFamily()) {
161         if (d->m_user.isEmpty() && d->m_pass.isEmpty()) {
162             // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, 
163             // try and reuse the credential preemptively, as allowed by RFC 2617.
164             d->m_initialCredential = d->m_context->storageSession().credentialStorage().get(firstRequest().url());
165         } else {
166             // If there is already a protection space known for the URL, update stored credentials before sending a request.
167             // This makes it possible to implement logout by sending an XMLHttpRequest with known incorrect credentials, and aborting it immediately
168             // (so that an authentication dialog doesn't pop up).
169             d->m_context->storageSession().credentialStorage().set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url());
170         }
171     }
172         
173     if (!d->m_initialCredential.isEmpty()) {
174         // FIXME: Support Digest authentication, and Proxy-Authorization.
175         applyBasicAuthorizationHeader(firstRequest(), d->m_initialCredential);
176     }
177
178     NSURLRequest *nsRequest = firstRequest().nsURLRequest(UpdateHTTPBody);
179     if (!shouldContentSniff) {
180         NSMutableURLRequest *mutableRequest = [[nsRequest mutableCopy] autorelease];
181         wkSetNSURLRequestShouldContentSniff(mutableRequest, NO);
182         nsRequest = mutableRequest;
183     }
184
185     if (d->m_storageSession)
186         nsRequest = [wkCopyRequestWithStorageSession(d->m_storageSession.get(), nsRequest) autorelease];
187
188     ASSERT([NSURLConnection instancesRespondToSelector:@selector(_initWithRequest:delegate:usesCache:maxContentLength:startImmediately:connectionProperties:)]);
189
190 #if PLATFORM(IOS)
191     // FIXME: This code is different from iOS code in ResourceHandleCFNet.cpp in that here we respect stream properties that were present in client properties.
192     NSDictionary *streamPropertiesFromClient = [connectionProperties objectForKey:@"kCFURLConnectionSocketStreamProperties"];
193     NSMutableDictionary *streamProperties = streamPropertiesFromClient ? [[streamPropertiesFromClient mutableCopy] autorelease] : [NSMutableDictionary dictionary];
194 #else
195     NSMutableDictionary *streamProperties = [NSMutableDictionary dictionary];
196 #endif
197
198     if (!shouldUseCredentialStorage) {
199         // Avoid using existing connections, because they may be already authenticated.
200         [streamProperties setObject:@"WebKitPrivateSession" forKey:@"_kCFURLConnectionSessionID"];
201     }
202
203     if (schedulingBehavior == SchedulingBehavior::Synchronous) {
204         // Synchronous requests should not be subject to regular connection count limit to avoid deadlocks.
205         // If we are using all available connections for async requests, and make a sync request, then prior
206         // requests may get stuck waiting for delegate calls while we are in nested run loop, and the sync
207         // request won't start because there are no available connections.
208         // Connections are grouped by their socket stream properties, with each group having a separate count.
209         [streamProperties setObject:@TRUE forKey:@"_WebKitSynchronousRequest"];
210     }
211
212     RetainPtr<CFDataRef> sourceApplicationAuditData = d->m_context->sourceApplicationAuditData();
213     if (sourceApplicationAuditData)
214         [streamProperties setObject:(NSData *)sourceApplicationAuditData.get() forKey:@"kCFStreamPropertySourceApplication"];
215
216 #if PLATFORM(IOS)
217     NSMutableDictionary *propertyDictionary = [NSMutableDictionary dictionaryWithDictionary:connectionProperties];
218     [propertyDictionary setObject:streamProperties forKey:@"kCFURLConnectionSocketStreamProperties"];
219     const bool usesCache = false;
220     if (synchronousWillSendRequestEnabled())
221         CFURLRequestSetShouldStartSynchronously([nsRequest _CFURLRequest], 1);
222 #else
223     NSMutableDictionary *propertyDictionary = [NSMutableDictionary dictionaryWithObject:streamProperties forKey:@"kCFURLConnectionSocketStreamProperties"];
224     const bool usesCache = true;
225 #endif
226 #if HAVE(TIMINGDATAOPTIONS)
227     const int64_t TimingDataOptionsEnableW3CNavigationTiming = (1 << 0);
228     [propertyDictionary setObject:@{@"_kCFURLConnectionPropertyTimingDataOptions": @(TimingDataOptionsEnableW3CNavigationTiming)} forKey:@"kCFURLConnectionURLConnectionProperties"];
229 #endif
230     d->m_connection = adoptNS([[NSURLConnection alloc] _initWithRequest:nsRequest delegate:delegate usesCache:usesCache maxContentLength:0 startImmediately:NO connectionProperties:propertyDictionary]);
231 }
232
233 bool ResourceHandle::start()
234 {
235     if (!d->m_context)
236         return false;
237
238     BEGIN_BLOCK_OBJC_EXCEPTIONS;
239
240     // If NetworkingContext is invalid then we are no longer attached to a Page,
241     // this must be an attempted load from an unload event handler, so let's just block it.
242     if (!d->m_context->isValid())
243         return false;
244
245     d->m_storageSession = d->m_context->storageSession().platformSession();
246
247     // FIXME: Do not use the sync version of shouldUseCredentialStorage when the client returns true from usesAsyncCallbacks.
248     bool shouldUseCredentialStorage = !client() || client()->shouldUseCredentialStorage(this);
249
250     SchedulingBehavior schedulingBehavior = client() && client()->loadingSynchronousXHR() ? SchedulingBehavior::Synchronous : SchedulingBehavior::Asynchronous;
251
252 #if !PLATFORM(IOS)
253     createNSURLConnection(
254         ResourceHandle::makeDelegate(shouldUseCredentialStorage),
255         shouldUseCredentialStorage,
256         d->m_shouldContentSniff || d->m_context->localFileContentSniffingEnabled(),
257         schedulingBehavior);
258 #else
259     createNSURLConnection(
260         ResourceHandle::makeDelegate(shouldUseCredentialStorage),
261         shouldUseCredentialStorage,
262         d->m_shouldContentSniff || d->m_context->localFileContentSniffingEnabled(),
263         schedulingBehavior,
264         (NSDictionary *)client()->connectionProperties(this).get());
265 #endif
266
267     bool scheduled = false;
268     if (SchedulePairHashSet* scheduledPairs = d->m_context->scheduledRunLoopPairs()) {
269         SchedulePairHashSet::iterator end = scheduledPairs->end();
270         for (SchedulePairHashSet::iterator it = scheduledPairs->begin(); it != end; ++it) {
271             if (NSRunLoop *runLoop = (*it)->nsRunLoop()) {
272                 [connection() scheduleInRunLoop:runLoop forMode:(NSString *)(*it)->mode()];
273                 scheduled = true;
274             }
275         }
276     }
277
278     if (d->m_usesAsyncCallbacks) {
279         ASSERT(!scheduled);
280         [connection() setDelegateQueue:operationQueueForAsyncClients()];
281         scheduled = true;
282     }
283 #if PLATFORM(IOS)
284     else {
285         [connection() scheduleInRunLoop:WebThreadNSRunLoop() forMode:NSDefaultRunLoopMode];
286         scheduled = true;
287     }
288 #endif
289
290     // Start the connection if we did schedule with at least one runloop.
291     // We can't start the connection until we have one runloop scheduled.
292     if (scheduled)
293         [connection() start];
294     else
295         d->m_startWhenScheduled = true;
296
297     LOG(Network, "Handle %p starting connection %p for %@", this, connection(), firstRequest().nsURLRequest(DoNotUpdateHTTPBody));
298     
299     if (d->m_connection) {
300         if (d->m_defersLoading)
301             connection().defersCallbacks = YES;
302
303         return true;
304     }
305
306     END_BLOCK_OBJC_EXCEPTIONS;
307
308     return false;
309 }
310
311 void ResourceHandle::cancel()
312 {
313     LOG(Network, "Handle %p cancel connection %p", this, d->m_connection.get());
314
315     // Leaks were seen on HTTP tests without this; can be removed once <rdar://problem/6886937> is fixed.
316     if (d->m_currentMacChallenge)
317         [[d->m_currentMacChallenge sender] cancelAuthenticationChallenge:d->m_currentMacChallenge];
318
319     [d->m_connection.get() cancel];
320 }
321
322 void ResourceHandle::platformSetDefersLoading(bool defers)
323 {
324     if (d->m_connection)
325         [d->m_connection setDefersCallbacks:defers];
326 }
327
328 #if PLATFORM(MAC)
329
330 void ResourceHandle::schedule(SchedulePair& pair)
331 {
332     NSRunLoop *runLoop = pair.nsRunLoop();
333     if (!runLoop)
334         return;
335     [d->m_connection.get() scheduleInRunLoop:runLoop forMode:(NSString *)pair.mode()];
336     if (d->m_startWhenScheduled) {
337         [d->m_connection.get() start];
338         d->m_startWhenScheduled = false;
339     }
340 }
341
342 void ResourceHandle::unschedule(SchedulePair& pair)
343 {
344     if (NSRunLoop *runLoop = pair.nsRunLoop())
345         [d->m_connection.get() unscheduleFromRunLoop:runLoop forMode:(NSString *)pair.mode()];
346 }
347
348 #endif
349
350 id ResourceHandle::makeDelegate(bool shouldUseCredentialStorage)
351 {
352     ASSERT(!d->m_delegate);
353
354     id <NSURLConnectionDelegate> delegate;
355     if (d->m_usesAsyncCallbacks) {
356         if (shouldUseCredentialStorage)
357             delegate = [[WebCoreResourceHandleAsOperationQueueDelegate alloc] initWithHandle:this];
358         else
359             delegate = [[WebCoreResourceHandleWithCredentialStorageAsOperationQueueDelegate alloc] initWithHandle:this];
360     } else
361         delegate = [[WebCoreResourceHandleAsDelegate alloc] initWithHandle:this];
362
363     d->m_delegate = delegate;
364     [delegate release];
365
366     return d->m_delegate.get();
367 }
368
369 id ResourceHandle::delegate()
370 {
371     if (!d->m_delegate)
372         return makeDelegate(false);
373     return d->m_delegate.get();
374 }
375
376 void ResourceHandle::releaseDelegate()
377 {
378     if (!d->m_delegate)
379         return;
380     [d->m_delegate.get() detachHandle];
381     d->m_delegate = nil;
382 }
383
384 NSURLConnection *ResourceHandle::connection() const
385 {
386     return d->m_connection.get();
387 }
388     
389 CFStringRef ResourceHandle::synchronousLoadRunLoopMode()
390 {
391     return CFSTR("WebCoreSynchronousLoaderRunLoopMode");
392 }
393
394 void ResourceHandle::platformLoadResourceSynchronously(NetworkingContext* context, const ResourceRequest& request, StoredCredentials storedCredentials, ResourceError& error, ResourceResponse& response, Vector<char>& data)
395 {
396     LOG(Network, "ResourceHandle::platformLoadResourceSynchronously:%@ allowStoredCredentials:%u", request.nsURLRequest(DoNotUpdateHTTPBody), storedCredentials);
397
398     ASSERT(!request.isEmpty());
399     
400     SynchronousLoaderClient client;
401     client.setAllowStoredCredentials(storedCredentials == AllowStoredCredentials);
402
403     RefPtr<ResourceHandle> handle = adoptRef(new ResourceHandle(context, request, &client, false /*defersLoading*/, true /*shouldContentSniff*/));
404
405     handle->d->m_storageSession = context->storageSession().platformSession();
406
407     if (context && handle->d->m_scheduledFailureType != NoFailure) {
408         error = context->blockedError(request);
409         return;
410     }
411
412     bool shouldUseCredentialStorage = storedCredentials == AllowStoredCredentials;
413 #if !PLATFORM(IOS)
414     handle->createNSURLConnection(
415         handle->makeDelegate(shouldUseCredentialStorage),
416         shouldUseCredentialStorage,
417         handle->shouldContentSniff() || context->localFileContentSniffingEnabled(),
418         SchedulingBehavior::Synchronous);
419 #else
420     handle->createNSURLConnection(
421         handle->makeDelegate(shouldUseCredentialStorage), // A synchronous request cannot turn into a download, so there is no need to proxy the delegate.
422         shouldUseCredentialStorage,
423         handle->shouldContentSniff() || (context && context->localFileContentSniffingEnabled()),
424         SchedulingBehavior::Synchronous,
425         (NSDictionary *)handle->client()->connectionProperties(handle.get()).get());
426 #endif
427
428     [handle->connection() scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:(NSString *)synchronousLoadRunLoopMode()];
429     [handle->connection() start];
430     
431     while (!client.isDone())
432         [[NSRunLoop currentRunLoop] runMode:(NSString *)synchronousLoadRunLoopMode() beforeDate:[NSDate distantFuture]];
433
434     error = client.error();
435     
436     [handle->connection() cancel];
437
438     if (error.isNull())
439         response = client.response();
440
441     data.swap(client.mutableData());
442 }
443
444 void ResourceHandle::willSendRequest(ResourceRequest& request, const ResourceResponse& redirectResponse)
445 {
446     ASSERT(!redirectResponse.isNull());
447
448     if (redirectResponse.httpStatusCode() == 307) {
449         String lastHTTPMethod = d->m_lastHTTPMethod;
450         if (!equalIgnoringCase(lastHTTPMethod, request.httpMethod())) {
451             request.setHTTPMethod(lastHTTPMethod);
452     
453             FormData* body = d->m_firstRequest.httpBody();
454             if (!equalIgnoringCase(lastHTTPMethod, "GET") && body && !body->isEmpty())
455                 request.setHTTPBody(body);
456
457             String originalContentType = d->m_firstRequest.httpContentType();
458             if (!originalContentType.isEmpty())
459                 request.setHTTPHeaderField(HTTPHeaderName::ContentType, originalContentType);
460         }
461     }
462
463     // Should not set Referer after a redirect from a secure resource to non-secure one.
464     if (!request.url().protocolIs("https") && protocolIs(request.httpReferrer(), "https") && d->m_context->shouldClearReferrerOnHTTPSToHTTPRedirect())
465         request.clearHTTPReferrer();
466
467     const URL& url = request.url();
468     d->m_user = url.user();
469     d->m_pass = url.pass();
470     d->m_lastHTTPMethod = request.httpMethod();
471     request.removeCredentials();
472
473     if (!protocolHostAndPortAreEqual(request.url(), redirectResponse.url())) {
474         // The network layer might carry over some headers from the original request that
475         // we want to strip here because the redirect is cross-origin.
476         request.clearHTTPAuthorization();
477         request.clearHTTPOrigin();
478     } else {
479         // Only consider applying authentication credentials if this is actually a redirect and the redirect
480         // URL didn't include credentials of its own.
481         if (d->m_user.isEmpty() && d->m_pass.isEmpty() && !redirectResponse.isNull()) {
482             Credential credential = d->m_context->storageSession().credentialStorage().get(request.url());
483             if (!credential.isEmpty()) {
484                 d->m_initialCredential = credential;
485                 
486                 // FIXME: Support Digest authentication, and Proxy-Authorization.
487                 applyBasicAuthorizationHeader(request, d->m_initialCredential);
488             }
489         }
490     }
491
492     if (d->m_usesAsyncCallbacks) {
493         client()->willSendRequestAsync(this, request, redirectResponse);
494     } else {
495         Ref<ResourceHandle> protect(*this);
496         client()->willSendRequest(this, request, redirectResponse);
497
498         // Client call may not preserve the session, especially if the request is sent over IPC.
499         if (!request.isNull())
500             request.setStorageSession(d->m_storageSession.get());
501     }
502 }
503
504 void ResourceHandle::continueWillSendRequest(const ResourceRequest& request)
505 {
506     ASSERT(d->m_usesAsyncCallbacks);
507
508     // Client call may not preserve the session, especially if the request is sent over IPC.
509     ResourceRequest newRequest = request;
510     if (!newRequest.isNull())
511         newRequest.setStorageSession(d->m_storageSession.get());
512     [(id)delegate() continueWillSendRequest:newRequest.nsURLRequest(UpdateHTTPBody)];
513 }
514
515 void ResourceHandle::continueDidReceiveResponse()
516 {
517     ASSERT(d->m_usesAsyncCallbacks);
518
519     [delegate() continueDidReceiveResponse];
520 }
521
522 bool ResourceHandle::shouldUseCredentialStorage()
523 {
524     ASSERT(!d->m_usesAsyncCallbacks);
525     return client() && client()->shouldUseCredentialStorage(this);
526 }
527
528 void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
529 {
530     ASSERT(!d->m_currentMacChallenge);
531     ASSERT(d->m_currentWebChallenge.isNull());
532     // Since NSURLConnection networking relies on keeping a reference to the original NSURLAuthenticationChallenge,
533     // we make sure that is actually present
534     ASSERT(challenge.nsURLAuthenticationChallenge());
535
536     // Proxy authentication is handled by CFNetwork internally. We can get here if the user cancels
537     // CFNetwork authentication dialog, and we shouldn't ask the client to display another one in that case.
538     if (challenge.protectionSpace().isProxy()) {
539         // Cannot use receivedRequestToContinueWithoutCredential(), because current challenge is not yet set.
540         [challenge.sender() continueWithoutCredentialForAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()];
541         return;
542     }
543
544     if (tryHandlePasswordBasedAuthentication(challenge))
545         return;
546
547 #if PLATFORM(IOS)
548     // If the challenge is for a proxy protection space, look for default credentials in
549     // the keychain.  CFNetwork used to handle this until WebCore was changed to always
550     // return NO to -connectionShouldUseCredentialStorage: for <rdar://problem/7704943>.
551     if (!challenge.previousFailureCount() && challenge.protectionSpace().isProxy()) {
552         NSURLAuthenticationChallenge *macChallenge = mac(challenge);
553         if (NSURLCredential *credential = [[NSURLCredentialStorage sharedCredentialStorage] defaultCredentialForProtectionSpace:[macChallenge protectionSpace]]) {
554             [challenge.sender() useCredential:credential forAuthenticationChallenge:macChallenge];
555             return;
556         }
557     }
558 #endif // PLATFORM(IOS)
559
560     d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge();
561     d->m_currentWebChallenge = core(d->m_currentMacChallenge);
562     d->m_currentWebChallenge.setAuthenticationClient(this);
563
564     // FIXME: Several concurrent requests can return with the an authentication challenge for the same protection space.
565     // We should avoid making additional client calls for the same protection space when already waiting for the user,
566     // because typing the same credentials several times is annoying.
567     if (client())
568         client()->didReceiveAuthenticationChallenge(this, d->m_currentWebChallenge);
569     else {
570         clearAuthentication();
571         [challenge.sender() performDefaultHandlingForAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()];
572     }
573 }
574
575 bool ResourceHandle::tryHandlePasswordBasedAuthentication(const AuthenticationChallenge& challenge)
576 {
577     if (!challenge.protectionSpace().isPasswordBased())
578         return false;
579
580     if (!d->m_user.isNull() && !d->m_pass.isNull()) {
581         NSURLCredential *credential = [[NSURLCredential alloc] initWithUser:d->m_user
582                                                                    password:d->m_pass
583                                                                 persistence:NSURLCredentialPersistenceForSession];
584         d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge();
585         d->m_currentWebChallenge = challenge;
586         receivedCredential(challenge, Credential(credential));
587         [credential release];
588         // FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly.
589         d->m_user = String();
590         d->m_pass = String();
591         return true;
592     }
593
594     // FIXME: Do not use the sync version of shouldUseCredentialStorage when the client returns true from usesAsyncCallbacks.
595     if (!client() || client()->shouldUseCredentialStorage(this)) {
596         if (!d->m_initialCredential.isEmpty() || challenge.previousFailureCount()) {
597             // The stored credential wasn't accepted, stop using it.
598             // There is a race condition here, since a different credential might have already been stored by another ResourceHandle,
599             // but the observable effect should be very minor, if any.
600             d->m_context->storageSession().credentialStorage().remove(challenge.protectionSpace());
601         }
602
603         if (!challenge.previousFailureCount()) {
604             Credential credential = d->m_context->storageSession().credentialStorage().get(challenge.protectionSpace());
605             if (!credential.isEmpty() && credential != d->m_initialCredential) {
606                 ASSERT(credential.persistence() == CredentialPersistenceNone);
607                 if (challenge.failureResponse().httpStatusCode() == 401) {
608                     // Store the credential back, possibly adding it as a default for this directory.
609                     d->m_context->storageSession().credentialStorage().set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
610                 }
611                 [challenge.sender() useCredential:credential.nsCredential() forAuthenticationChallenge:mac(challenge)];
612                 return true;
613             }
614         }
615     }
616
617     return false;
618 }
619
620 void ResourceHandle::didCancelAuthenticationChallenge(const AuthenticationChallenge& challenge)
621 {
622     ASSERT(d->m_currentMacChallenge);
623     ASSERT(d->m_currentMacChallenge == challenge.nsURLAuthenticationChallenge());
624     ASSERT(!d->m_currentWebChallenge.isNull());
625
626     if (client())
627         client()->didCancelAuthenticationChallenge(this, challenge);
628 }
629
630 #if USE(PROTECTION_SPACE_AUTH_CALLBACK)
631 bool ResourceHandle::canAuthenticateAgainstProtectionSpace(const ProtectionSpace& protectionSpace)
632 {
633     ResourceHandleClient* client = this->client();
634     if (d->m_usesAsyncCallbacks) {
635         if (client)
636             client->canAuthenticateAgainstProtectionSpaceAsync(this, protectionSpace);
637         else
638             continueCanAuthenticateAgainstProtectionSpace(false);
639         return false; // Ignored by caller.
640     }
641
642     return client && client->canAuthenticateAgainstProtectionSpace(this, protectionSpace);
643 }
644
645 void ResourceHandle::continueCanAuthenticateAgainstProtectionSpace(bool result)
646 {
647     ASSERT(d->m_usesAsyncCallbacks);
648
649     [(id)delegate() continueCanAuthenticateAgainstProtectionSpace:result];
650 }
651 #endif
652
653 void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge, const Credential& credential)
654 {
655     LOG(Network, "Handle %p receivedCredential", this);
656
657     ASSERT(!challenge.isNull());
658     if (challenge != d->m_currentWebChallenge)
659         return;
660
661     // FIXME: Support empty credentials. Currently, an empty credential cannot be stored in WebCore credential storage, as that's empty value for its map.
662     if (credential.isEmpty()) {
663         receivedRequestToContinueWithoutCredential(challenge);
664         return;
665     }
666
667     if (credential.persistence() == CredentialPersistenceForSession && challenge.protectionSpace().authenticationScheme() != ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
668         // Manage per-session credentials internally, because once NSURLCredentialPersistenceForSession is used, there is no way
669         // to ignore it for a particular request (short of removing it altogether).
670         Credential webCredential(credential, CredentialPersistenceNone);
671         URL urlToStore;
672         if (challenge.failureResponse().httpStatusCode() == 401)
673             urlToStore = challenge.failureResponse().url();
674         d->m_context->storageSession().credentialStorage().set(webCredential, ProtectionSpace([d->m_currentMacChallenge protectionSpace]), urlToStore);
675         [[d->m_currentMacChallenge sender] useCredential:webCredential.nsCredential() forAuthenticationChallenge:d->m_currentMacChallenge];
676     } else
677         [[d->m_currentMacChallenge sender] useCredential:credential.nsCredential() forAuthenticationChallenge:d->m_currentMacChallenge];
678
679     clearAuthentication();
680 }
681
682 void ResourceHandle::receivedRequestToContinueWithoutCredential(const AuthenticationChallenge& challenge)
683 {
684     LOG(Network, "Handle %p receivedRequestToContinueWithoutCredential", this);
685
686     ASSERT(!challenge.isNull());
687     if (challenge != d->m_currentWebChallenge)
688         return;
689
690     [[d->m_currentMacChallenge sender] continueWithoutCredentialForAuthenticationChallenge:d->m_currentMacChallenge];
691
692     clearAuthentication();
693 }
694
695 void ResourceHandle::receivedCancellation(const AuthenticationChallenge& challenge)
696 {
697     LOG(Network, "Handle %p receivedCancellation", this);
698
699     if (challenge != d->m_currentWebChallenge)
700         return;
701
702     if (client())
703         client()->receivedCancellation(this, challenge);
704 }
705
706 void ResourceHandle::receivedRequestToPerformDefaultHandling(const AuthenticationChallenge& challenge)
707 {
708     LOG(Network, "Handle %p receivedRequestToPerformDefaultHandling", this);
709
710     ASSERT(!challenge.isNull());
711     if (challenge != d->m_currentWebChallenge)
712         return;
713
714     [[d->m_currentMacChallenge sender] performDefaultHandlingForAuthenticationChallenge:d->m_currentMacChallenge];
715
716     clearAuthentication();
717 }
718
719 void ResourceHandle::receivedChallengeRejection(const AuthenticationChallenge& challenge)
720 {
721     LOG(Network, "Handle %p receivedChallengeRejection", this);
722
723     ASSERT(!challenge.isNull());
724     if (challenge != d->m_currentWebChallenge)
725         return;
726
727     [[d->m_currentMacChallenge sender] rejectProtectionSpaceAndContinueWithChallenge:d->m_currentMacChallenge];
728
729     clearAuthentication();
730 }
731
732 void ResourceHandle::continueWillCacheResponse(NSCachedURLResponse *response)
733 {
734     ASSERT(d->m_usesAsyncCallbacks);
735
736     [(id)delegate() continueWillCacheResponse:response];
737 }
738     
739 #endif // !USE(CFNETWORK)
740     
741 #if ENABLE(WEB_TIMING)
742     
743 void ResourceHandle::getConnectionTimingData(NSDictionary *timingData, ResourceLoadTiming& timing)
744 {
745     if (!timingData)
746         return;
747
748     // This is not the navigationStart time in monotonic time, but the other times are relative to this time
749     // and only the differences between times are stored.
750     double referenceStart = [[timingData valueForKey:@"_kCFNTimingDataFetchStart"] doubleValue];
751             
752     double domainLookupStart = [[timingData valueForKey:@"_kCFNTimingDataDomainLookupStart"] doubleValue];
753     double domainLookupEnd = [[timingData valueForKey:@"_kCFNTimingDataDomainLookupEnd"] doubleValue];
754     double connectStart = [[timingData valueForKey:@"_kCFNTimingDataConnectStart"] doubleValue];
755     double secureConnectionStart = [[timingData valueForKey:@"_kCFNTimingDataSecureConnectionStart"] doubleValue];
756     double connectEnd = [[timingData valueForKey:@"_kCFNTimingDataConnectEnd"] doubleValue];
757     double requestStart = [[timingData valueForKey:@"_kCFNTimingDataRequestStart"] doubleValue];
758     double responseStart = [[timingData valueForKey:@"_kCFNTimingDataResponseStart"] doubleValue];
759         
760     timing.domainLookupStart = domainLookupStart <= 0 ? -1 : (domainLookupStart - referenceStart) * 1000;
761     timing.domainLookupEnd = domainLookupEnd <= 0 ? -1 : (domainLookupEnd - referenceStart) * 1000;
762     timing.connectStart = connectStart <= 0 ? -1 : (connectStart - referenceStart) * 1000;
763     timing.secureConnectionStart = secureConnectionStart <= 0 ? -1 : (secureConnectionStart - referenceStart) * 1000;
764     timing.connectEnd = connectEnd <= 0 ? -1 : (connectEnd - referenceStart) * 1000;
765     timing.requestStart = requestStart <= 0 ? 0 : (requestStart - referenceStart) * 1000;
766     timing.responseStart = responseStart <= 0 ? 0 : (responseStart - referenceStart) * 1000;
767 }
768
769 void ResourceHandle::setCollectsTimingData()
770 {
771 #if !HAVE(TIMINGDATAOPTIONS)
772     static dispatch_once_t onceToken;
773     dispatch_once(&onceToken, ^{
774         [NSURLConnection _setCollectsTimingData:YES];
775     });
776 #endif
777 }
778
779 #if USE(CFNETWORK)
780     
781 void ResourceHandle::getConnectionTimingData(CFURLConnectionRef connection, ResourceLoadTiming& timing)
782 {
783     getConnectionTimingData((__bridge NSDictionary*)(adoptCF(_CFURLConnectionCopyTimingData(connection)).get()), timing);
784 }
785     
786 #else
787     
788 void ResourceHandle::getConnectionTimingData(NSURLConnection *connection, ResourceLoadTiming& timing)
789 {
790     getConnectionTimingData([connection _timingData], timing);
791 }
792     
793 #endif
794     
795 #endif // ENABLE(WEB_TIMING)
796
797 } // namespace WebCore
798