Implement Web Timing when using NETWORK_SESSION
[WebKit-https.git] / Source / WebCore / platform / network / mac / ResourceHandleMac.mm
1 /*
2  * Copyright (C) 2004, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #import "config.h"
27 #import "ResourceHandleInternal.h"
28
29 #import "AuthenticationChallenge.h"
30 #import "AuthenticationMac.h"
31 #import "BlockExceptions.h"
32 #import "CookieStorage.h"
33 #import "CredentialStorage.h"
34 #import "CachedResourceLoader.h"
35 #import "FormDataStreamMac.h"
36 #import "Frame.h"
37 #import "FrameLoader.h"
38 #import "HTTPHeaderNames.h"
39 #import "Logging.h"
40 #import "MIMETypeRegistry.h"
41 #import "NSURLConnectionSPI.h"
42 #import "NetworkingContext.h"
43 #import "Page.h"
44 #import "ResourceError.h"
45 #import "ResourceResponse.h"
46 #import "Settings.h"
47 #import "SharedBuffer.h"
48 #import "SubresourceLoader.h"
49 #import "WebCoreResourceHandleAsDelegate.h"
50 #import "WebCoreResourceHandleAsOperationQueueDelegate.h"
51 #import "SynchronousLoaderClient.h"
52 #import "WebCoreSystemInterface.h"
53 #import "WebCoreURLResponse.h"
54 #import <wtf/Ref.h>
55 #import <wtf/SchedulePair.h>
56 #import <wtf/text/Base64.h>
57 #import <wtf/text/CString.h>
58
59 #if USE(CFNETWORK)
60 #if __has_include(<CFNetwork/CFURLConnectionPriv.h>)
61 #import <CFNetwork/CFURLConnectionPriv.h>
62 #endif
63 typedef struct _CFURLConnection* CFURLConnectionRef;
64 extern "C" {
65 CFDictionaryRef _CFURLConnectionCopyTimingData(CFURLConnectionRef);
66 }
67 #endif // USE(CFNETWORK)
68
69 #if PLATFORM(IOS)
70 #import "CFNetworkSPI.h"
71 #import "RuntimeApplicationChecksIOS.h"
72 #import "WebCoreThreadRun.h"
73
74 @interface NSURLRequest ()
75 - (CFURLRequestRef) _CFURLRequest;
76 @end
77 #endif
78
79 #if USE(QUICK_LOOK)
80 #import "QuickLook.h"
81 #endif
82
83 using namespace WebCore;
84
85 @interface NSURLConnection ()
86 -(id)_initWithRequest:(NSURLRequest *)request delegate:(id)delegate usesCache:(BOOL)usesCacheFlag maxContentLength:(long long)maxContentLength startImmediately:(BOOL)startImmediately connectionProperties:(NSDictionary *)connectionProperties;
87 @end
88
89 namespace WebCore {
90     
91 #if !USE(CFNETWORK)
92     
93 static void applyBasicAuthorizationHeader(ResourceRequest& request, const Credential& credential)
94 {
95     String authenticationHeader = "Basic " + base64Encode(String(credential.user() + ":" + credential.password()).utf8());
96
97     request.setHTTPHeaderField(HTTPHeaderName::Authorization, authenticationHeader);
98 }
99
100 static NSOperationQueue *operationQueueForAsyncClients()
101 {
102     static NSOperationQueue *queue;
103     if (!queue) {
104         queue = [[NSOperationQueue alloc] init];
105         // Default concurrent operation count depends on current system workload, but delegate methods are mostly idling in IPC, so we can run as many as needed.
106         [queue setMaxConcurrentOperationCount:NSOperationQueueDefaultMaxConcurrentOperationCount];
107     }
108     return queue;
109 }
110
111 ResourceHandleInternal::~ResourceHandleInternal()
112 {
113 }
114
115 ResourceHandle::~ResourceHandle()
116 {
117     releaseDelegate();
118     d->m_currentWebChallenge.setAuthenticationClient(0);
119
120     LOG(Network, "Handle %p destroyed", this);
121 }
122
123 #if PLATFORM(IOS)
124 static bool synchronousWillSendRequestEnabled()
125 {
126     static bool disabled = [[NSUserDefaults standardUserDefaults] boolForKey:@"WebKitDisableSynchronousWillSendRequestPreferenceKey"];
127     return !disabled;
128 }
129 #endif
130
131 #if !PLATFORM(IOS)
132 void ResourceHandle::createNSURLConnection(id delegate, bool shouldUseCredentialStorage, bool shouldContentSniff, SchedulingBehavior schedulingBehavior)
133 #else
134 void ResourceHandle::createNSURLConnection(id delegate, bool shouldUseCredentialStorage, bool shouldContentSniff, SchedulingBehavior schedulingBehavior, NSDictionary *connectionProperties)
135 #endif
136 {
137 #if ENABLE(WEB_TIMING) && !HAVE(TIMINGDATAOPTIONS)
138     setCollectsTimingData();
139 #endif
140
141     // Credentials for ftp can only be passed in URL, the connection:didReceiveAuthenticationChallenge: delegate call won't be made.
142     if ((!d->m_user.isEmpty() || !d->m_pass.isEmpty()) && !firstRequest().url().protocolIsInHTTPFamily()) {
143         URL urlWithCredentials(firstRequest().url());
144         urlWithCredentials.setUser(d->m_user);
145         urlWithCredentials.setPass(d->m_pass);
146         firstRequest().setURL(urlWithCredentials);
147     }
148
149     if (shouldUseCredentialStorage && firstRequest().url().protocolIsInHTTPFamily()) {
150         if (d->m_user.isEmpty() && d->m_pass.isEmpty()) {
151             // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, 
152             // try and reuse the credential preemptively, as allowed by RFC 2617.
153             d->m_initialCredential = d->m_context->storageSession().credentialStorage().get(firstRequest().url());
154         } else {
155             // If there is already a protection space known for the URL, update stored credentials before sending a request.
156             // This makes it possible to implement logout by sending an XMLHttpRequest with known incorrect credentials, and aborting it immediately
157             // (so that an authentication dialog doesn't pop up).
158             d->m_context->storageSession().credentialStorage().set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url());
159         }
160     }
161         
162     if (!d->m_initialCredential.isEmpty()) {
163         // FIXME: Support Digest authentication, and Proxy-Authorization.
164         applyBasicAuthorizationHeader(firstRequest(), d->m_initialCredential);
165     }
166
167     NSURLRequest *nsRequest = firstRequest().nsURLRequest(UpdateHTTPBody);
168     if (!shouldContentSniff) {
169         NSMutableURLRequest *mutableRequest = [[nsRequest mutableCopy] autorelease];
170         wkSetNSURLRequestShouldContentSniff(mutableRequest, NO);
171         nsRequest = mutableRequest;
172     }
173
174     if (d->m_storageSession)
175         nsRequest = [wkCopyRequestWithStorageSession(d->m_storageSession.get(), nsRequest) autorelease];
176
177     ASSERT([NSURLConnection instancesRespondToSelector:@selector(_initWithRequest:delegate:usesCache:maxContentLength:startImmediately:connectionProperties:)]);
178
179 #if PLATFORM(IOS)
180     // FIXME: This code is different from iOS code in ResourceHandleCFNet.cpp in that here we respect stream properties that were present in client properties.
181     NSDictionary *streamPropertiesFromClient = [connectionProperties objectForKey:@"kCFURLConnectionSocketStreamProperties"];
182     NSMutableDictionary *streamProperties = streamPropertiesFromClient ? [[streamPropertiesFromClient mutableCopy] autorelease] : [NSMutableDictionary dictionary];
183 #else
184     NSMutableDictionary *streamProperties = [NSMutableDictionary dictionary];
185 #endif
186
187     if (!shouldUseCredentialStorage) {
188         // Avoid using existing connections, because they may be already authenticated.
189         [streamProperties setObject:@"WebKitPrivateSession" forKey:@"_kCFURLConnectionSessionID"];
190     }
191
192     if (schedulingBehavior == SchedulingBehavior::Synchronous) {
193         // Synchronous requests should not be subject to regular connection count limit to avoid deadlocks.
194         // If we are using all available connections for async requests, and make a sync request, then prior
195         // requests may get stuck waiting for delegate calls while we are in nested run loop, and the sync
196         // request won't start because there are no available connections.
197         // Connections are grouped by their socket stream properties, with each group having a separate count.
198         [streamProperties setObject:@TRUE forKey:@"_WebKitSynchronousRequest"];
199     }
200
201     RetainPtr<CFDataRef> sourceApplicationAuditData = d->m_context->sourceApplicationAuditData();
202     if (sourceApplicationAuditData)
203         [streamProperties setObject:(NSData *)sourceApplicationAuditData.get() forKey:@"kCFStreamPropertySourceApplication"];
204
205 #if PLATFORM(IOS)
206     NSMutableDictionary *propertyDictionary = [NSMutableDictionary dictionaryWithDictionary:connectionProperties];
207     [propertyDictionary setObject:streamProperties forKey:@"kCFURLConnectionSocketStreamProperties"];
208     const bool usesCache = false;
209     if (synchronousWillSendRequestEnabled())
210         CFURLRequestSetShouldStartSynchronously([nsRequest _CFURLRequest], 1);
211 #else
212     NSMutableDictionary *propertyDictionary = [NSMutableDictionary dictionaryWithObject:streamProperties forKey:@"kCFURLConnectionSocketStreamProperties"];
213     const bool usesCache = true;
214 #endif
215 #if HAVE(TIMINGDATAOPTIONS)
216     [propertyDictionary setObject:@{@"_kCFURLConnectionPropertyTimingDataOptions": @(_TimingDataOptionsEnableW3CNavigationTiming)} forKey:@"kCFURLConnectionURLConnectionProperties"];
217 #endif
218     d->m_connection = adoptNS([[NSURLConnection alloc] _initWithRequest:nsRequest delegate:delegate usesCache:usesCache maxContentLength:0 startImmediately:NO connectionProperties:propertyDictionary]);
219 }
220
221 bool ResourceHandle::start()
222 {
223     if (!d->m_context)
224         return false;
225
226     BEGIN_BLOCK_OBJC_EXCEPTIONS;
227
228     // If NetworkingContext is invalid then we are no longer attached to a Page,
229     // this must be an attempted load from an unload event handler, so let's just block it.
230     if (!d->m_context->isValid())
231         return false;
232
233     d->m_storageSession = d->m_context->storageSession().platformSession();
234
235     // FIXME: Do not use the sync version of shouldUseCredentialStorage when the client returns true from usesAsyncCallbacks.
236     bool shouldUseCredentialStorage = !client() || client()->shouldUseCredentialStorage(this);
237
238     SchedulingBehavior schedulingBehavior = client() && client()->loadingSynchronousXHR() ? SchedulingBehavior::Synchronous : SchedulingBehavior::Asynchronous;
239
240 #if !PLATFORM(IOS)
241     createNSURLConnection(
242         ResourceHandle::makeDelegate(shouldUseCredentialStorage),
243         shouldUseCredentialStorage,
244         d->m_shouldContentSniff || d->m_context->localFileContentSniffingEnabled(),
245         schedulingBehavior);
246 #else
247     createNSURLConnection(
248         ResourceHandle::makeDelegate(shouldUseCredentialStorage),
249         shouldUseCredentialStorage,
250         d->m_shouldContentSniff || d->m_context->localFileContentSniffingEnabled(),
251         schedulingBehavior,
252         (NSDictionary *)client()->connectionProperties(this).get());
253 #endif
254
255     bool scheduled = false;
256     if (SchedulePairHashSet* scheduledPairs = d->m_context->scheduledRunLoopPairs()) {
257         SchedulePairHashSet::iterator end = scheduledPairs->end();
258         for (SchedulePairHashSet::iterator it = scheduledPairs->begin(); it != end; ++it) {
259             if (NSRunLoop *runLoop = (*it)->nsRunLoop()) {
260                 [connection() scheduleInRunLoop:runLoop forMode:(NSString *)(*it)->mode()];
261                 scheduled = true;
262             }
263         }
264     }
265
266     if (d->m_usesAsyncCallbacks) {
267         ASSERT(!scheduled);
268         [connection() setDelegateQueue:operationQueueForAsyncClients()];
269         scheduled = true;
270     }
271 #if PLATFORM(IOS)
272     else {
273         [connection() scheduleInRunLoop:WebThreadNSRunLoop() forMode:NSDefaultRunLoopMode];
274         scheduled = true;
275     }
276 #endif
277
278     // Start the connection if we did schedule with at least one runloop.
279     // We can't start the connection until we have one runloop scheduled.
280     if (scheduled)
281         [connection() start];
282     else
283         d->m_startWhenScheduled = true;
284
285     LOG(Network, "Handle %p starting connection %p for %@", this, connection(), firstRequest().nsURLRequest(DoNotUpdateHTTPBody));
286     
287     if (d->m_connection) {
288         if (d->m_defersLoading)
289             connection().defersCallbacks = YES;
290
291         return true;
292     }
293
294     END_BLOCK_OBJC_EXCEPTIONS;
295
296     return false;
297 }
298
299 void ResourceHandle::cancel()
300 {
301     LOG(Network, "Handle %p cancel connection %p", this, d->m_connection.get());
302
303     // Leaks were seen on HTTP tests without this; can be removed once <rdar://problem/6886937> is fixed.
304     if (d->m_currentMacChallenge)
305         [[d->m_currentMacChallenge sender] cancelAuthenticationChallenge:d->m_currentMacChallenge];
306
307     [d->m_connection.get() cancel];
308 }
309
310 void ResourceHandle::platformSetDefersLoading(bool defers)
311 {
312     if (d->m_connection)
313         [d->m_connection setDefersCallbacks:defers];
314 }
315
316 #if PLATFORM(MAC)
317
318 void ResourceHandle::schedule(SchedulePair& pair)
319 {
320     NSRunLoop *runLoop = pair.nsRunLoop();
321     if (!runLoop)
322         return;
323     [d->m_connection.get() scheduleInRunLoop:runLoop forMode:(NSString *)pair.mode()];
324     if (d->m_startWhenScheduled) {
325         [d->m_connection.get() start];
326         d->m_startWhenScheduled = false;
327     }
328 }
329
330 void ResourceHandle::unschedule(SchedulePair& pair)
331 {
332     if (NSRunLoop *runLoop = pair.nsRunLoop())
333         [d->m_connection.get() unscheduleFromRunLoop:runLoop forMode:(NSString *)pair.mode()];
334 }
335
336 #endif
337
338 id ResourceHandle::makeDelegate(bool shouldUseCredentialStorage)
339 {
340     ASSERT(!d->m_delegate);
341
342     id <NSURLConnectionDelegate> delegate;
343     if (d->m_usesAsyncCallbacks) {
344         if (shouldUseCredentialStorage)
345             delegate = [[WebCoreResourceHandleAsOperationQueueDelegate alloc] initWithHandle:this];
346         else
347             delegate = [[WebCoreResourceHandleWithCredentialStorageAsOperationQueueDelegate alloc] initWithHandle:this];
348     } else
349         delegate = [[WebCoreResourceHandleAsDelegate alloc] initWithHandle:this];
350
351     d->m_delegate = delegate;
352     [delegate release];
353
354     return d->m_delegate.get();
355 }
356
357 id ResourceHandle::delegate()
358 {
359     if (!d->m_delegate)
360         return makeDelegate(false);
361     return d->m_delegate.get();
362 }
363
364 void ResourceHandle::releaseDelegate()
365 {
366     if (!d->m_delegate)
367         return;
368     [d->m_delegate.get() detachHandle];
369     d->m_delegate = nil;
370 }
371
372 NSURLConnection *ResourceHandle::connection() const
373 {
374     return d->m_connection.get();
375 }
376     
377 CFStringRef ResourceHandle::synchronousLoadRunLoopMode()
378 {
379     return CFSTR("WebCoreSynchronousLoaderRunLoopMode");
380 }
381
382 void ResourceHandle::platformLoadResourceSynchronously(NetworkingContext* context, const ResourceRequest& request, StoredCredentials storedCredentials, ResourceError& error, ResourceResponse& response, Vector<char>& data)
383 {
384     LOG(Network, "ResourceHandle::platformLoadResourceSynchronously:%@ allowStoredCredentials:%u", request.nsURLRequest(DoNotUpdateHTTPBody), storedCredentials);
385
386     ASSERT(!request.isEmpty());
387     
388     SynchronousLoaderClient client;
389     client.setAllowStoredCredentials(storedCredentials == AllowStoredCredentials);
390
391     RefPtr<ResourceHandle> handle = adoptRef(new ResourceHandle(context, request, &client, false /*defersLoading*/, true /*shouldContentSniff*/));
392
393     handle->d->m_storageSession = context->storageSession().platformSession();
394
395     if (context && handle->d->m_scheduledFailureType != NoFailure) {
396         error = context->blockedError(request);
397         return;
398     }
399
400     bool shouldUseCredentialStorage = storedCredentials == AllowStoredCredentials;
401 #if !PLATFORM(IOS)
402     handle->createNSURLConnection(
403         handle->makeDelegate(shouldUseCredentialStorage),
404         shouldUseCredentialStorage,
405         handle->shouldContentSniff() || context->localFileContentSniffingEnabled(),
406         SchedulingBehavior::Synchronous);
407 #else
408     handle->createNSURLConnection(
409         handle->makeDelegate(shouldUseCredentialStorage), // A synchronous request cannot turn into a download, so there is no need to proxy the delegate.
410         shouldUseCredentialStorage,
411         handle->shouldContentSniff() || (context && context->localFileContentSniffingEnabled()),
412         SchedulingBehavior::Synchronous,
413         (NSDictionary *)handle->client()->connectionProperties(handle.get()).get());
414 #endif
415
416     [handle->connection() scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:(NSString *)synchronousLoadRunLoopMode()];
417     [handle->connection() start];
418     
419     while (!client.isDone())
420         [[NSRunLoop currentRunLoop] runMode:(NSString *)synchronousLoadRunLoopMode() beforeDate:[NSDate distantFuture]];
421
422     error = client.error();
423     
424     [handle->connection() cancel];
425
426     if (error.isNull())
427         response = client.response();
428
429     data.swap(client.mutableData());
430 }
431
432 void ResourceHandle::willSendRequest(ResourceRequest& request, const ResourceResponse& redirectResponse)
433 {
434     ASSERT(!redirectResponse.isNull());
435
436     if (redirectResponse.httpStatusCode() == 307) {
437         String lastHTTPMethod = d->m_lastHTTPMethod;
438         if (!equalIgnoringCase(lastHTTPMethod, request.httpMethod())) {
439             request.setHTTPMethod(lastHTTPMethod);
440     
441             FormData* body = d->m_firstRequest.httpBody();
442             if (!equalIgnoringCase(lastHTTPMethod, "GET") && body && !body->isEmpty())
443                 request.setHTTPBody(body);
444
445             String originalContentType = d->m_firstRequest.httpContentType();
446             if (!originalContentType.isEmpty())
447                 request.setHTTPHeaderField(HTTPHeaderName::ContentType, originalContentType);
448         }
449     }
450
451     // Should not set Referer after a redirect from a secure resource to non-secure one.
452     if (!request.url().protocolIs("https") && protocolIs(request.httpReferrer(), "https") && d->m_context->shouldClearReferrerOnHTTPSToHTTPRedirect())
453         request.clearHTTPReferrer();
454
455     const URL& url = request.url();
456     d->m_user = url.user();
457     d->m_pass = url.pass();
458     d->m_lastHTTPMethod = request.httpMethod();
459     request.removeCredentials();
460
461     if (!protocolHostAndPortAreEqual(request.url(), redirectResponse.url())) {
462         // The network layer might carry over some headers from the original request that
463         // we want to strip here because the redirect is cross-origin.
464         request.clearHTTPAuthorization();
465         request.clearHTTPOrigin();
466     } else {
467         // Only consider applying authentication credentials if this is actually a redirect and the redirect
468         // URL didn't include credentials of its own.
469         if (d->m_user.isEmpty() && d->m_pass.isEmpty() && !redirectResponse.isNull()) {
470             Credential credential = d->m_context->storageSession().credentialStorage().get(request.url());
471             if (!credential.isEmpty()) {
472                 d->m_initialCredential = credential;
473                 
474                 // FIXME: Support Digest authentication, and Proxy-Authorization.
475                 applyBasicAuthorizationHeader(request, d->m_initialCredential);
476             }
477         }
478     }
479
480     if (d->m_usesAsyncCallbacks) {
481         client()->willSendRequestAsync(this, request, redirectResponse);
482     } else {
483         Ref<ResourceHandle> protect(*this);
484         client()->willSendRequest(this, request, redirectResponse);
485
486         // Client call may not preserve the session, especially if the request is sent over IPC.
487         if (!request.isNull())
488             request.setStorageSession(d->m_storageSession.get());
489     }
490 }
491
492 void ResourceHandle::continueWillSendRequest(const ResourceRequest& request)
493 {
494     ASSERT(d->m_usesAsyncCallbacks);
495
496     // Client call may not preserve the session, especially if the request is sent over IPC.
497     ResourceRequest newRequest = request;
498     if (!newRequest.isNull())
499         newRequest.setStorageSession(d->m_storageSession.get());
500     [(id)delegate() continueWillSendRequest:newRequest.nsURLRequest(UpdateHTTPBody)];
501 }
502
503 void ResourceHandle::continueDidReceiveResponse()
504 {
505     ASSERT(d->m_usesAsyncCallbacks);
506
507     [delegate() continueDidReceiveResponse];
508 }
509
510 bool ResourceHandle::shouldUseCredentialStorage()
511 {
512     ASSERT(!d->m_usesAsyncCallbacks);
513     return client() && client()->shouldUseCredentialStorage(this);
514 }
515
516 void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
517 {
518     ASSERT(!d->m_currentMacChallenge);
519     ASSERT(d->m_currentWebChallenge.isNull());
520     // Since NSURLConnection networking relies on keeping a reference to the original NSURLAuthenticationChallenge,
521     // we make sure that is actually present
522     ASSERT(challenge.nsURLAuthenticationChallenge());
523
524     // Proxy authentication is handled by CFNetwork internally. We can get here if the user cancels
525     // CFNetwork authentication dialog, and we shouldn't ask the client to display another one in that case.
526     if (challenge.protectionSpace().isProxy()) {
527         // Cannot use receivedRequestToContinueWithoutCredential(), because current challenge is not yet set.
528         [challenge.sender() continueWithoutCredentialForAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()];
529         return;
530     }
531
532     if (tryHandlePasswordBasedAuthentication(challenge))
533         return;
534
535 #if PLATFORM(IOS)
536     // If the challenge is for a proxy protection space, look for default credentials in
537     // the keychain.  CFNetwork used to handle this until WebCore was changed to always
538     // return NO to -connectionShouldUseCredentialStorage: for <rdar://problem/7704943>.
539     if (!challenge.previousFailureCount() && challenge.protectionSpace().isProxy()) {
540         NSURLAuthenticationChallenge *macChallenge = mac(challenge);
541         if (NSURLCredential *credential = [[NSURLCredentialStorage sharedCredentialStorage] defaultCredentialForProtectionSpace:[macChallenge protectionSpace]]) {
542             [challenge.sender() useCredential:credential forAuthenticationChallenge:macChallenge];
543             return;
544         }
545     }
546 #endif // PLATFORM(IOS)
547
548     d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge();
549     d->m_currentWebChallenge = core(d->m_currentMacChallenge);
550     d->m_currentWebChallenge.setAuthenticationClient(this);
551
552     // FIXME: Several concurrent requests can return with the an authentication challenge for the same protection space.
553     // We should avoid making additional client calls for the same protection space when already waiting for the user,
554     // because typing the same credentials several times is annoying.
555     if (client())
556         client()->didReceiveAuthenticationChallenge(this, d->m_currentWebChallenge);
557     else {
558         clearAuthentication();
559         [challenge.sender() performDefaultHandlingForAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()];
560     }
561 }
562
563 bool ResourceHandle::tryHandlePasswordBasedAuthentication(const AuthenticationChallenge& challenge)
564 {
565     if (!challenge.protectionSpace().isPasswordBased())
566         return false;
567
568     if (!d->m_user.isNull() && !d->m_pass.isNull()) {
569         NSURLCredential *credential = [[NSURLCredential alloc] initWithUser:d->m_user
570                                                                    password:d->m_pass
571                                                                 persistence:NSURLCredentialPersistenceForSession];
572         d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge();
573         d->m_currentWebChallenge = challenge;
574         receivedCredential(challenge, Credential(credential));
575         [credential release];
576         // FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly.
577         d->m_user = String();
578         d->m_pass = String();
579         return true;
580     }
581
582     // FIXME: Do not use the sync version of shouldUseCredentialStorage when the client returns true from usesAsyncCallbacks.
583     if (!client() || client()->shouldUseCredentialStorage(this)) {
584         if (!d->m_initialCredential.isEmpty() || challenge.previousFailureCount()) {
585             // The stored credential wasn't accepted, stop using it.
586             // There is a race condition here, since a different credential might have already been stored by another ResourceHandle,
587             // but the observable effect should be very minor, if any.
588             d->m_context->storageSession().credentialStorage().remove(challenge.protectionSpace());
589         }
590
591         if (!challenge.previousFailureCount()) {
592             Credential credential = d->m_context->storageSession().credentialStorage().get(challenge.protectionSpace());
593             if (!credential.isEmpty() && credential != d->m_initialCredential) {
594                 ASSERT(credential.persistence() == CredentialPersistenceNone);
595                 if (challenge.failureResponse().httpStatusCode() == 401) {
596                     // Store the credential back, possibly adding it as a default for this directory.
597                     d->m_context->storageSession().credentialStorage().set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
598                 }
599                 [challenge.sender() useCredential:credential.nsCredential() forAuthenticationChallenge:mac(challenge)];
600                 return true;
601             }
602         }
603     }
604
605     return false;
606 }
607
608 void ResourceHandle::didCancelAuthenticationChallenge(const AuthenticationChallenge& challenge)
609 {
610     ASSERT(d->m_currentMacChallenge);
611     ASSERT(d->m_currentMacChallenge == challenge.nsURLAuthenticationChallenge());
612     ASSERT(!d->m_currentWebChallenge.isNull());
613
614     if (client())
615         client()->didCancelAuthenticationChallenge(this, challenge);
616 }
617
618 #if USE(PROTECTION_SPACE_AUTH_CALLBACK)
619 bool ResourceHandle::canAuthenticateAgainstProtectionSpace(const ProtectionSpace& protectionSpace)
620 {
621     ResourceHandleClient* client = this->client();
622     if (d->m_usesAsyncCallbacks) {
623         if (client)
624             client->canAuthenticateAgainstProtectionSpaceAsync(this, protectionSpace);
625         else
626             continueCanAuthenticateAgainstProtectionSpace(false);
627         return false; // Ignored by caller.
628     }
629
630     return client && client->canAuthenticateAgainstProtectionSpace(this, protectionSpace);
631 }
632
633 void ResourceHandle::continueCanAuthenticateAgainstProtectionSpace(bool result)
634 {
635     ASSERT(d->m_usesAsyncCallbacks);
636
637     [(id)delegate() continueCanAuthenticateAgainstProtectionSpace:result];
638 }
639 #endif
640
641 void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge, const Credential& credential)
642 {
643     LOG(Network, "Handle %p receivedCredential", this);
644
645     ASSERT(!challenge.isNull());
646     if (challenge != d->m_currentWebChallenge)
647         return;
648
649     // FIXME: Support empty credentials. Currently, an empty credential cannot be stored in WebCore credential storage, as that's empty value for its map.
650     if (credential.isEmpty()) {
651         receivedRequestToContinueWithoutCredential(challenge);
652         return;
653     }
654
655     if (credential.persistence() == CredentialPersistenceForSession && challenge.protectionSpace().authenticationScheme() != ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
656         // Manage per-session credentials internally, because once NSURLCredentialPersistenceForSession is used, there is no way
657         // to ignore it for a particular request (short of removing it altogether).
658         Credential webCredential(credential, CredentialPersistenceNone);
659         URL urlToStore;
660         if (challenge.failureResponse().httpStatusCode() == 401)
661             urlToStore = challenge.failureResponse().url();
662         d->m_context->storageSession().credentialStorage().set(webCredential, ProtectionSpace([d->m_currentMacChallenge protectionSpace]), urlToStore);
663         [[d->m_currentMacChallenge sender] useCredential:webCredential.nsCredential() forAuthenticationChallenge:d->m_currentMacChallenge];
664     } else
665         [[d->m_currentMacChallenge sender] useCredential:credential.nsCredential() forAuthenticationChallenge:d->m_currentMacChallenge];
666
667     clearAuthentication();
668 }
669
670 void ResourceHandle::receivedRequestToContinueWithoutCredential(const AuthenticationChallenge& challenge)
671 {
672     LOG(Network, "Handle %p receivedRequestToContinueWithoutCredential", this);
673
674     ASSERT(!challenge.isNull());
675     if (challenge != d->m_currentWebChallenge)
676         return;
677
678     [[d->m_currentMacChallenge sender] continueWithoutCredentialForAuthenticationChallenge:d->m_currentMacChallenge];
679
680     clearAuthentication();
681 }
682
683 void ResourceHandle::receivedCancellation(const AuthenticationChallenge& challenge)
684 {
685     LOG(Network, "Handle %p receivedCancellation", this);
686
687     if (challenge != d->m_currentWebChallenge)
688         return;
689
690     if (client())
691         client()->receivedCancellation(this, challenge);
692 }
693
694 void ResourceHandle::receivedRequestToPerformDefaultHandling(const AuthenticationChallenge& challenge)
695 {
696     LOG(Network, "Handle %p receivedRequestToPerformDefaultHandling", this);
697
698     ASSERT(!challenge.isNull());
699     if (challenge != d->m_currentWebChallenge)
700         return;
701
702     [[d->m_currentMacChallenge sender] performDefaultHandlingForAuthenticationChallenge:d->m_currentMacChallenge];
703
704     clearAuthentication();
705 }
706
707 void ResourceHandle::receivedChallengeRejection(const AuthenticationChallenge& challenge)
708 {
709     LOG(Network, "Handle %p receivedChallengeRejection", this);
710
711     ASSERT(!challenge.isNull());
712     if (challenge != d->m_currentWebChallenge)
713         return;
714
715     [[d->m_currentMacChallenge sender] rejectProtectionSpaceAndContinueWithChallenge:d->m_currentMacChallenge];
716
717     clearAuthentication();
718 }
719
720 void ResourceHandle::continueWillCacheResponse(NSCachedURLResponse *response)
721 {
722     ASSERT(d->m_usesAsyncCallbacks);
723
724     [(id)delegate() continueWillCacheResponse:response];
725 }
726     
727 #endif // !USE(CFNETWORK)
728     
729 #if ENABLE(WEB_TIMING)
730
731 #if USE(CFNETWORK)
732     
733 void ResourceHandle::getConnectionTimingData(CFURLConnectionRef connection, ResourceLoadTiming& timing)
734 {
735     copyTimingData((__bridge NSDictionary*)adoptCF(_CFURLConnectionCopyTimingData(connection)).get(), timing);
736 }
737     
738 #else
739     
740 void ResourceHandle::getConnectionTimingData(NSURLConnection *connection, ResourceLoadTiming& timing)
741 {
742     copyTimingData([connection _timingData], timing);
743 }
744     
745 #endif
746     
747 #endif // ENABLE(WEB_TIMING)
748
749 } // namespace WebCore
750