e665afe7bf0e30badbc7d4d2e8bcf57612c6827c
[WebKit-https.git] / Source / WebCore / platform / network / mac / ResourceHandleMac.mm
1 /*
2  * Copyright (C) 2004-2017 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #import "config.h"
27 #import "ResourceHandleInternal.h"
28
29 #import "AuthenticationChallenge.h"
30 #import "AuthenticationMac.h"
31 #import "CachedResourceLoader.h"
32 #import "CookieStorage.h"
33 #import "CredentialStorage.h"
34 #import "FormDataStreamMac.h"
35 #import "Frame.h"
36 #import "FrameLoader.h"
37 #import "HTTPHeaderNames.h"
38 #import "Logging.h"
39 #import "MIMETypeRegistry.h"
40 #import "NetworkStorageSession.h"
41 #import "NetworkingContext.h"
42 #import "ResourceError.h"
43 #import "ResourceResponse.h"
44 #import "SharedBuffer.h"
45 #import "SubresourceLoader.h"
46 #import "SynchronousLoaderClient.h"
47 #import "WebCoreResourceHandleAsOperationQueueDelegate.h"
48 #import "WebCoreURLResponse.h"
49 #import <pal/spi/cf/CFNetworkSPI.h>
50 #import <pal/spi/cocoa/NSURLConnectionSPI.h>
51 #import <wtf/BlockObjCExceptions.h>
52 #import <wtf/CompletionHandler.h>
53 #import <wtf/Ref.h>
54 #import <wtf/SchedulePair.h>
55 #import <wtf/text/Base64.h>
56 #import <wtf/text/CString.h>
57
58 #if USE(CFURLCONNECTION)
59 #if USE(APPLE_INTERNAL_SDK)
60 #import <CFNetwork/CFURLConnectionPriv.h>
61 #endif
62 typedef struct _CFURLConnection* CFURLConnectionRef;
63 extern "C" {
64 CFDictionaryRef _CFURLConnectionCopyTimingData(CFURLConnectionRef);
65 }
66 #endif // USE(CFURLCONNECTION)
67
68 #if PLATFORM(IOS)
69 #import "RuntimeApplicationChecks.h"
70 #import "WebCoreThreadRun.h"
71 #endif
72
73 using namespace WebCore;
74
75 @interface NSURLConnection ()
76 -(id)_initWithRequest:(NSURLRequest *)request delegate:(id)delegate usesCache:(BOOL)usesCacheFlag maxContentLength:(long long)maxContentLength startImmediately:(BOOL)startImmediately connectionProperties:(NSDictionary *)connectionProperties;
77 @end
78
79 namespace WebCore {
80     
81 #if !USE(CFURLCONNECTION)
82     
83 static void applyBasicAuthorizationHeader(ResourceRequest& request, const Credential& credential)
84 {
85     String authenticationHeader = "Basic " + base64Encode(String(credential.user() + ":" + credential.password()).utf8());
86
87     request.setHTTPHeaderField(HTTPHeaderName::Authorization, authenticationHeader);
88 }
89
90 static NSOperationQueue *operationQueueForAsyncClients()
91 {
92     static NSOperationQueue *queue;
93     if (!queue) {
94         queue = [[NSOperationQueue alloc] init];
95         // Default concurrent operation count depends on current system workload, but delegate methods are mostly idling in IPC, so we can run as many as needed.
96         [queue setMaxConcurrentOperationCount:NSOperationQueueDefaultMaxConcurrentOperationCount];
97     }
98     return queue;
99 }
100
101 ResourceHandleInternal::~ResourceHandleInternal()
102 {
103 }
104
105 ResourceHandle::~ResourceHandle()
106 {
107     releaseDelegate();
108     d->m_currentWebChallenge.setAuthenticationClient(0);
109
110     LOG(Network, "Handle %p destroyed", this);
111 }
112
113 #if PLATFORM(IOS)
114 static bool synchronousWillSendRequestEnabled()
115 {
116 #if PLATFORM(IOS)
117     static bool disabled = [[NSUserDefaults standardUserDefaults] boolForKey:@"WebKitDisableSynchronousWillSendRequestPreferenceKey"] || IOSApplication::isIBooks();
118 #else
119     static bool disabled = [[NSUserDefaults standardUserDefaults] boolForKey:@"WebKitDisableSynchronousWillSendRequestPreferenceKey"];
120 #endif
121
122     return !disabled;
123 }
124 #endif
125
126 #if PLATFORM(COCOA)
127 void ResourceHandle::applySniffingPoliciesAndStoragePartitionIfNeeded(NSURLRequest*& nsRequest, bool shouldContentSniff, bool shouldContentEncodingSniff)
128 {
129 #if !PLATFORM(MAC)
130     UNUSED_PARAM(shouldContentEncodingSniff);
131 #elif __MAC_OS_X_VERSION_MIN_REQUIRED < 101302
132     shouldContentEncodingSniff = true;
133 #endif
134 #if HAVE(CFNETWORK_STORAGE_PARTITIONING)
135     String storagePartition = d->m_context->storageSession().cookieStoragePartition(firstRequest());
136 #else
137     String storagePartition;
138 #endif
139     if (shouldContentSniff && shouldContentEncodingSniff && storagePartition.isEmpty())
140         return;
141
142     auto mutableRequest = adoptNS([nsRequest mutableCopy]);
143
144 #if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101302
145     if (!shouldContentEncodingSniff)
146         [mutableRequest _setProperty:@(YES) forKey:(NSString *)kCFURLRequestContentDecoderSkipURLCheck];
147 #endif
148
149     if (!shouldContentSniff)
150         [mutableRequest _setProperty:@(NO) forKey:(NSString *)_kCFURLConnectionPropertyShouldSniff];
151
152 #if HAVE(CFNETWORK_STORAGE_PARTITIONING)
153     if (!storagePartition.isEmpty())
154         [mutableRequest _setProperty:storagePartition forKey:@"__STORAGE_PARTITION_IDENTIFIER"];
155 #endif
156
157     nsRequest = mutableRequest.autorelease();
158
159 }
160 #endif
161
162 #if !PLATFORM(IOS)
163 void ResourceHandle::createNSURLConnection(id delegate, bool shouldUseCredentialStorage, bool shouldContentSniff, bool shouldContentEncodingSniff, SchedulingBehavior schedulingBehavior)
164 #else
165 void ResourceHandle::createNSURLConnection(id delegate, bool shouldUseCredentialStorage, bool shouldContentSniff, bool shouldContentEncodingSniff, SchedulingBehavior schedulingBehavior, NSDictionary *connectionProperties)
166 #endif
167 {
168 #if !HAVE(TIMINGDATAOPTIONS)
169     setCollectsTimingData();
170 #endif
171
172     // Credentials for ftp can only be passed in URL, the connection:didReceiveAuthenticationChallenge: delegate call won't be made.
173     if ((!d->m_user.isEmpty() || !d->m_pass.isEmpty()) && !firstRequest().url().protocolIsInHTTPFamily()) {
174         URL urlWithCredentials(firstRequest().url());
175         urlWithCredentials.setUser(d->m_user);
176         urlWithCredentials.setPass(d->m_pass);
177         firstRequest().setURL(urlWithCredentials);
178     }
179
180     if (shouldUseCredentialStorage && firstRequest().url().protocolIsInHTTPFamily()) {
181         if (d->m_user.isEmpty() && d->m_pass.isEmpty()) {
182             // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, 
183             // try and reuse the credential preemptively, as allowed by RFC 2617.
184             d->m_initialCredential = d->m_context->storageSession().credentialStorage().get(firstRequest().cachePartition(), firstRequest().url());
185         } else {
186             // If there is already a protection space known for the URL, update stored credentials before sending a request.
187             // This makes it possible to implement logout by sending an XMLHttpRequest with known incorrect credentials, and aborting it immediately
188             // (so that an authentication dialog doesn't pop up).
189             d->m_context->storageSession().credentialStorage().set(firstRequest().cachePartition(), Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url());
190         }
191     }
192         
193     if (!d->m_initialCredential.isEmpty()) {
194         // FIXME: Support Digest authentication, and Proxy-Authorization.
195         applyBasicAuthorizationHeader(firstRequest(), d->m_initialCredential);
196     }
197
198     NSURLRequest *nsRequest = firstRequest().nsURLRequest(UpdateHTTPBody);
199     applySniffingPoliciesAndStoragePartitionIfNeeded(nsRequest, shouldContentSniff, shouldContentEncodingSniff);
200
201     if (d->m_storageSession)
202         nsRequest = [copyRequestWithStorageSession(d->m_storageSession.get(), nsRequest) autorelease];
203
204     ASSERT([NSURLConnection instancesRespondToSelector:@selector(_initWithRequest:delegate:usesCache:maxContentLength:startImmediately:connectionProperties:)]);
205
206 #if PLATFORM(IOS)
207     // FIXME: This code is different from iOS code in ResourceHandleCFNet.cpp in that here we respect stream properties that were present in client properties.
208     NSDictionary *streamPropertiesFromClient = [connectionProperties objectForKey:@"kCFURLConnectionSocketStreamProperties"];
209     NSMutableDictionary *streamProperties = streamPropertiesFromClient ? [[streamPropertiesFromClient mutableCopy] autorelease] : [NSMutableDictionary dictionary];
210 #else
211     NSMutableDictionary *streamProperties = [NSMutableDictionary dictionary];
212 #endif
213
214     if (!shouldUseCredentialStorage) {
215         // Avoid using existing connections, because they may be already authenticated.
216         [streamProperties setObject:@"WebKitPrivateSession" forKey:@"_kCFURLConnectionSessionID"];
217     }
218
219     if (schedulingBehavior == SchedulingBehavior::Synchronous) {
220         // Synchronous requests should not be subject to regular connection count limit to avoid deadlocks.
221         // If we are using all available connections for async requests, and make a sync request, then prior
222         // requests may get stuck waiting for delegate calls while we are in nested run loop, and the sync
223         // request won't start because there are no available connections.
224         // Connections are grouped by their socket stream properties, with each group having a separate count.
225         [streamProperties setObject:@TRUE forKey:@"_WebKitSynchronousRequest"];
226     }
227
228     RetainPtr<CFDataRef> sourceApplicationAuditData = d->m_context->sourceApplicationAuditData();
229     if (sourceApplicationAuditData)
230         [streamProperties setObject:(NSData *)sourceApplicationAuditData.get() forKey:@"kCFStreamPropertySourceApplication"];
231
232 #if PLATFORM(IOS)
233     NSMutableDictionary *propertyDictionary = [NSMutableDictionary dictionaryWithDictionary:connectionProperties];
234     [propertyDictionary setObject:streamProperties forKey:@"kCFURLConnectionSocketStreamProperties"];
235     const bool usesCache = false;
236     if (synchronousWillSendRequestEnabled())
237         CFURLRequestSetShouldStartSynchronously([nsRequest _CFURLRequest], 1);
238 #else
239     NSMutableDictionary *propertyDictionary = [NSMutableDictionary dictionaryWithObject:streamProperties forKey:@"kCFURLConnectionSocketStreamProperties"];
240     const bool usesCache = true;
241 #endif
242 #if HAVE(TIMINGDATAOPTIONS)
243     [propertyDictionary setObject:@{@"_kCFURLConnectionPropertyTimingDataOptions": @(_TimingDataOptionsEnableW3CNavigationTiming)} forKey:@"kCFURLConnectionURLConnectionProperties"];
244 #endif
245
246     // This is used to signal that to CFNetwork that this connection should be considered
247     // web content for purposes of App Transport Security.
248     [propertyDictionary setObject:@{@"NSAllowsArbitraryLoadsInWebContent": @YES} forKey:@"_kCFURLConnectionPropertyATSFrameworkOverrides"];
249
250     d->m_connection = adoptNS([[NSURLConnection alloc] _initWithRequest:nsRequest delegate:delegate usesCache:usesCache maxContentLength:0 startImmediately:NO connectionProperties:propertyDictionary]);
251 }
252
253 bool ResourceHandle::start()
254 {
255     if (!d->m_context)
256         return false;
257
258     BEGIN_BLOCK_OBJC_EXCEPTIONS;
259
260     // If NetworkingContext is invalid then we are no longer attached to a Page,
261     // this must be an attempted load from an unload event handler, so let's just block it.
262     if (!d->m_context->isValid())
263         return false;
264
265     d->m_storageSession = d->m_context->storageSession().platformSession();
266
267     // FIXME: Do not use the sync version of shouldUseCredentialStorage when the client returns true from usesAsyncCallbacks.
268     bool shouldUseCredentialStorage = !client() || client()->shouldUseCredentialStorage(this);
269
270     SchedulingBehavior schedulingBehavior = client() && client()->loadingSynchronousXHR() ? SchedulingBehavior::Synchronous : SchedulingBehavior::Asynchronous;
271
272 #if !PLATFORM(IOS)
273     createNSURLConnection(
274         ResourceHandle::makeDelegate(shouldUseCredentialStorage, nullptr),
275         shouldUseCredentialStorage,
276         d->m_shouldContentSniff || d->m_context->localFileContentSniffingEnabled(),
277         d->m_shouldContentEncodingSniff,
278         schedulingBehavior);
279 #else
280     createNSURLConnection(
281         ResourceHandle::makeDelegate(shouldUseCredentialStorage, nullptr),
282         shouldUseCredentialStorage,
283         d->m_shouldContentSniff || d->m_context->localFileContentSniffingEnabled(),
284         d->m_shouldContentEncodingSniff,
285         schedulingBehavior,
286         (NSDictionary *)client()->connectionProperties(this).get());
287 #endif
288
289     [connection() setDelegateQueue:operationQueueForAsyncClients()];
290     [connection() start];
291
292     LOG(Network, "Handle %p starting connection %p for %@", this, connection(), firstRequest().nsURLRequest(DoNotUpdateHTTPBody));
293     
294     if (d->m_connection) {
295         if (d->m_defersLoading)
296             connection().defersCallbacks = YES;
297
298         return true;
299     }
300
301     END_BLOCK_OBJC_EXCEPTIONS;
302
303     return false;
304 }
305
306 void ResourceHandle::cancel()
307 {
308     LOG(Network, "Handle %p cancel connection %p", this, d->m_connection.get());
309
310     // Leaks were seen on HTTP tests without this; can be removed once <rdar://problem/6886937> is fixed.
311     if (d->m_currentMacChallenge)
312         [[d->m_currentMacChallenge sender] cancelAuthenticationChallenge:d->m_currentMacChallenge];
313
314     [d->m_connection.get() cancel];
315 }
316
317 void ResourceHandle::platformSetDefersLoading(bool defers)
318 {
319     if (d->m_connection)
320         [d->m_connection setDefersCallbacks:defers];
321 }
322
323 #if !USE(CFURLCONNECTION)
324
325 void ResourceHandle::schedule(SchedulePair& pair)
326 {
327     NSRunLoop *runLoop = pair.nsRunLoop();
328     if (!runLoop)
329         return;
330     [d->m_connection.get() scheduleInRunLoop:runLoop forMode:(NSString *)pair.mode()];
331 }
332
333 void ResourceHandle::unschedule(SchedulePair& pair)
334 {
335     if (NSRunLoop *runLoop = pair.nsRunLoop())
336         [d->m_connection.get() unscheduleFromRunLoop:runLoop forMode:(NSString *)pair.mode()];
337 }
338
339 #endif
340
341 id ResourceHandle::makeDelegate(bool shouldUseCredentialStorage, MessageQueue<Function<void()>>* queue)
342 {
343     ASSERT(!d->m_delegate);
344
345     id <NSURLConnectionDelegate> delegate;
346     if (shouldUseCredentialStorage)
347         delegate = [[WebCoreResourceHandleAsOperationQueueDelegate alloc] initWithHandle:this messageQueue:queue];
348     else
349         delegate = [[WebCoreResourceHandleWithCredentialStorageAsOperationQueueDelegate alloc] initWithHandle:this messageQueue:queue];
350
351     d->m_delegate = delegate;
352     [delegate release];
353
354     return d->m_delegate.get();
355 }
356
357 id ResourceHandle::delegate()
358 {
359     if (!d->m_delegate)
360         return makeDelegate(false, nullptr);
361     return d->m_delegate.get();
362 }
363
364 void ResourceHandle::releaseDelegate()
365 {
366     if (!d->m_delegate)
367         return;
368     [d->m_delegate.get() detachHandle];
369     d->m_delegate = nil;
370 }
371
372 NSURLConnection *ResourceHandle::connection() const
373 {
374     return d->m_connection.get();
375 }
376     
377 CFStringRef ResourceHandle::synchronousLoadRunLoopMode()
378 {
379     return CFSTR("WebCoreSynchronousLoaderRunLoopMode");
380 }
381
382 void ResourceHandle::platformLoadResourceSynchronously(NetworkingContext* context, const ResourceRequest& request, StoredCredentialsPolicy storedCredentialsPolicy, ResourceError& error, ResourceResponse& response, Vector<char>& data)
383 {
384     LOG(Network, "ResourceHandle::platformLoadResourceSynchronously:%@ storedCredentialsPolicy:%u", request.nsURLRequest(DoNotUpdateHTTPBody), static_cast<unsigned>(storedCredentialsPolicy));
385
386     ASSERT(!request.isEmpty());
387     
388     SynchronousLoaderClient client;
389     client.setAllowStoredCredentials(storedCredentialsPolicy == StoredCredentialsPolicy::Use);
390
391     bool defersLoading = false;
392     bool shouldContentSniff = true;
393     bool shouldContentEncodingSniff = true;
394     RefPtr<ResourceHandle> handle = adoptRef(new ResourceHandle(context, request, &client, defersLoading, shouldContentSniff, shouldContentEncodingSniff));
395
396     handle->d->m_storageSession = context->storageSession().platformSession();
397
398     if (context && handle->d->m_scheduledFailureType != NoFailure) {
399         error = context->blockedError(request);
400         return;
401     }
402
403     bool shouldUseCredentialStorage = storedCredentialsPolicy == StoredCredentialsPolicy::Use;
404 #if !PLATFORM(IOS)
405     handle->createNSURLConnection(
406         handle->makeDelegate(shouldUseCredentialStorage, &client.messageQueue()),
407         shouldUseCredentialStorage,
408         handle->shouldContentSniff() || context->localFileContentSniffingEnabled(),
409         handle->shouldContentEncodingSniff(),
410         SchedulingBehavior::Synchronous);
411 #else
412     handle->createNSURLConnection(
413         handle->makeDelegate(shouldUseCredentialStorage, &client.messageQueue()), // A synchronous request cannot turn into a download, so there is no need to proxy the delegate.
414         shouldUseCredentialStorage,
415         handle->shouldContentSniff() || (context && context->localFileContentSniffingEnabled()),
416         handle->shouldContentEncodingSniff(),
417         SchedulingBehavior::Synchronous,
418         (NSDictionary *)handle->client()->connectionProperties(handle.get()).get());
419 #endif
420
421     [handle->connection() setDelegateQueue:operationQueueForAsyncClients()];
422     [handle->connection() start];
423     
424     do {
425         if (auto task = client.messageQueue().waitForMessage())
426             (*task)();
427     } while (!client.messageQueue().killed());
428
429     error = client.error();
430     
431     [handle->connection() cancel];
432
433     if (error.isNull())
434         response = client.response();
435
436     data.swap(client.mutableData());
437 }
438
439 void ResourceHandle::willSendRequest(ResourceRequest&& request, ResourceResponse&& redirectResponse, CompletionHandler<void(ResourceRequest&&)>&& completionHandler)
440 {
441     ASSERT(!redirectResponse.isNull());
442
443     if (redirectResponse.httpStatusCode() == 307) {
444         String lastHTTPMethod = d->m_lastHTTPMethod;
445         if (!equalIgnoringASCIICase(lastHTTPMethod, request.httpMethod())) {
446             request.setHTTPMethod(lastHTTPMethod);
447     
448             FormData* body = d->m_firstRequest.httpBody();
449             if (!equalLettersIgnoringASCIICase(lastHTTPMethod, "get") && body && !body->isEmpty())
450                 request.setHTTPBody(body);
451
452             String originalContentType = d->m_firstRequest.httpContentType();
453             if (!originalContentType.isEmpty())
454                 request.setHTTPHeaderField(HTTPHeaderName::ContentType, originalContentType);
455         }
456     }
457
458     // Should not set Referer after a redirect from a secure resource to non-secure one.
459     if (!request.url().protocolIs("https") && protocolIs(request.httpReferrer(), "https") && d->m_context->shouldClearReferrerOnHTTPSToHTTPRedirect())
460         request.clearHTTPReferrer();
461
462     const URL& url = request.url();
463     d->m_user = url.user();
464     d->m_pass = url.pass();
465     d->m_lastHTTPMethod = request.httpMethod();
466     request.removeCredentials();
467
468     if (!protocolHostAndPortAreEqual(request.url(), redirectResponse.url())) {
469         // The network layer might carry over some headers from the original request that
470         // we want to strip here because the redirect is cross-origin.
471         request.clearHTTPAuthorization();
472         request.clearHTTPOrigin();
473     } else {
474         // Only consider applying authentication credentials if this is actually a redirect and the redirect
475         // URL didn't include credentials of its own.
476         if (d->m_user.isEmpty() && d->m_pass.isEmpty() && !redirectResponse.isNull()) {
477             Credential credential = d->m_context->storageSession().credentialStorage().get(request.cachePartition(), request.url());
478             if (!credential.isEmpty()) {
479                 d->m_initialCredential = credential;
480                 
481                 // FIXME: Support Digest authentication, and Proxy-Authorization.
482                 applyBasicAuthorizationHeader(request, d->m_initialCredential);
483             }
484         }
485     }
486
487     client()->willSendRequestAsync(this, WTFMove(request), WTFMove(redirectResponse), [this, protectedThis = makeRef(*this), completionHandler = WTFMove(completionHandler)] (ResourceRequest&& request) mutable {
488         // Client call may not preserve the session, especially if the request is sent over IPC.
489         if (!request.isNull())
490             request.setStorageSession(d->m_storageSession.get());
491         completionHandler(WTFMove(request));
492     });
493 }
494
495 void ResourceHandle::continueDidReceiveResponse()
496 {
497     [delegate() continueDidReceiveResponse];
498 }
499
500 void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
501 {
502     ASSERT(!d->m_currentMacChallenge);
503     ASSERT(d->m_currentWebChallenge.isNull());
504     // Since NSURLConnection networking relies on keeping a reference to the original NSURLAuthenticationChallenge,
505     // we make sure that is actually present
506     ASSERT(challenge.nsURLAuthenticationChallenge());
507
508     // Proxy authentication is handled by CFNetwork internally. We can get here if the user cancels
509     // CFNetwork authentication dialog, and we shouldn't ask the client to display another one in that case.
510     if (challenge.protectionSpace().isProxy()) {
511         // Cannot use receivedRequestToContinueWithoutCredential(), because current challenge is not yet set.
512         [challenge.sender() continueWithoutCredentialForAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()];
513         return;
514     }
515
516     if (tryHandlePasswordBasedAuthentication(challenge))
517         return;
518
519 #if PLATFORM(IOS)
520     // If the challenge is for a proxy protection space, look for default credentials in
521     // the keychain.  CFNetwork used to handle this until WebCore was changed to always
522     // return NO to -connectionShouldUseCredentialStorage: for <rdar://problem/7704943>.
523     if (!challenge.previousFailureCount() && challenge.protectionSpace().isProxy()) {
524         NSURLAuthenticationChallenge *macChallenge = mac(challenge);
525         if (NSURLCredential *credential = [[NSURLCredentialStorage sharedCredentialStorage] defaultCredentialForProtectionSpace:[macChallenge protectionSpace]]) {
526             [challenge.sender() useCredential:credential forAuthenticationChallenge:macChallenge];
527             return;
528         }
529     }
530 #endif // PLATFORM(IOS)
531
532     d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge();
533     d->m_currentWebChallenge = core(d->m_currentMacChallenge);
534     d->m_currentWebChallenge.setAuthenticationClient(this);
535
536     // FIXME: Several concurrent requests can return with the an authentication challenge for the same protection space.
537     // We should avoid making additional client calls for the same protection space when already waiting for the user,
538     // because typing the same credentials several times is annoying.
539     if (client())
540         client()->didReceiveAuthenticationChallenge(this, d->m_currentWebChallenge);
541     else {
542         clearAuthentication();
543         [challenge.sender() performDefaultHandlingForAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()];
544     }
545 }
546
547 bool ResourceHandle::tryHandlePasswordBasedAuthentication(const AuthenticationChallenge& challenge)
548 {
549     if (!challenge.protectionSpace().isPasswordBased())
550         return false;
551
552     if (!d->m_user.isNull() && !d->m_pass.isNull()) {
553         NSURLCredential *credential = [[NSURLCredential alloc] initWithUser:d->m_user
554                                                                    password:d->m_pass
555                                                                 persistence:NSURLCredentialPersistenceForSession];
556         d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge();
557         d->m_currentWebChallenge = challenge;
558         receivedCredential(challenge, Credential(credential));
559         [credential release];
560         // FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly.
561         d->m_user = String();
562         d->m_pass = String();
563         return true;
564     }
565
566     // FIXME: Do not use the sync version of shouldUseCredentialStorage when the client returns true from usesAsyncCallbacks.
567     if (!client() || client()->shouldUseCredentialStorage(this)) {
568         if (!d->m_initialCredential.isEmpty() || challenge.previousFailureCount()) {
569             // The stored credential wasn't accepted, stop using it.
570             // There is a race condition here, since a different credential might have already been stored by another ResourceHandle,
571             // but the observable effect should be very minor, if any.
572             d->m_context->storageSession().credentialStorage().remove(d->m_partition, challenge.protectionSpace());
573         }
574
575         if (!challenge.previousFailureCount()) {
576             Credential credential = d->m_context->storageSession().credentialStorage().get(d->m_partition, challenge.protectionSpace());
577             if (!credential.isEmpty() && credential != d->m_initialCredential) {
578                 ASSERT(credential.persistence() == CredentialPersistenceNone);
579                 if (challenge.failureResponse().httpStatusCode() == 401) {
580                     // Store the credential back, possibly adding it as a default for this directory.
581                     d->m_context->storageSession().credentialStorage().set(d->m_partition, credential, challenge.protectionSpace(), challenge.failureResponse().url());
582                 }
583                 [challenge.sender() useCredential:credential.nsCredential() forAuthenticationChallenge:mac(challenge)];
584                 return true;
585             }
586         }
587     }
588
589     return false;
590 }
591
592 #if USE(PROTECTION_SPACE_AUTH_CALLBACK)
593 bool ResourceHandle::canAuthenticateAgainstProtectionSpace(const ProtectionSpace& protectionSpace)
594 {
595     if (ResourceHandleClient* client = this->client())
596         client->canAuthenticateAgainstProtectionSpaceAsync(this, protectionSpace);
597     else
598         continueCanAuthenticateAgainstProtectionSpace(false);
599     return false; // Ignored by caller.
600 }
601
602 void ResourceHandle::continueCanAuthenticateAgainstProtectionSpace(bool result)
603 {
604     [(id)delegate() continueCanAuthenticateAgainstProtectionSpace:result];
605 }
606 #endif
607
608 void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge, const Credential& credential)
609 {
610     LOG(Network, "Handle %p receivedCredential", this);
611
612     ASSERT(!challenge.isNull());
613     if (challenge != d->m_currentWebChallenge)
614         return;
615
616     // FIXME: Support empty credentials. Currently, an empty credential cannot be stored in WebCore credential storage, as that's empty value for its map.
617     if (credential.isEmpty()) {
618         receivedRequestToContinueWithoutCredential(challenge);
619         return;
620     }
621
622     if (credential.persistence() == CredentialPersistenceForSession && challenge.protectionSpace().authenticationScheme() != ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
623         // Manage per-session credentials internally, because once NSURLCredentialPersistenceForSession is used, there is no way
624         // to ignore it for a particular request (short of removing it altogether).
625         Credential webCredential(credential, CredentialPersistenceNone);
626         URL urlToStore;
627         if (challenge.failureResponse().httpStatusCode() == 401)
628             urlToStore = challenge.failureResponse().url();
629         d->m_context->storageSession().credentialStorage().set(d->m_partition, webCredential, ProtectionSpace([d->m_currentMacChallenge protectionSpace]), urlToStore);
630         [[d->m_currentMacChallenge sender] useCredential:webCredential.nsCredential() forAuthenticationChallenge:d->m_currentMacChallenge];
631     } else
632         [[d->m_currentMacChallenge sender] useCredential:credential.nsCredential() forAuthenticationChallenge:d->m_currentMacChallenge];
633
634     clearAuthentication();
635 }
636
637 void ResourceHandle::receivedRequestToContinueWithoutCredential(const AuthenticationChallenge& challenge)
638 {
639     LOG(Network, "Handle %p receivedRequestToContinueWithoutCredential", this);
640
641     ASSERT(!challenge.isNull());
642     if (challenge != d->m_currentWebChallenge)
643         return;
644
645     [[d->m_currentMacChallenge sender] continueWithoutCredentialForAuthenticationChallenge:d->m_currentMacChallenge];
646
647     clearAuthentication();
648 }
649
650 void ResourceHandle::receivedCancellation(const AuthenticationChallenge& challenge)
651 {
652     LOG(Network, "Handle %p receivedCancellation", this);
653
654     if (challenge != d->m_currentWebChallenge)
655         return;
656
657     if (client())
658         client()->receivedCancellation(this, challenge);
659 }
660
661 void ResourceHandle::receivedRequestToPerformDefaultHandling(const AuthenticationChallenge& challenge)
662 {
663     LOG(Network, "Handle %p receivedRequestToPerformDefaultHandling", this);
664
665     ASSERT(!challenge.isNull());
666     if (challenge != d->m_currentWebChallenge)
667         return;
668
669     [[d->m_currentMacChallenge sender] performDefaultHandlingForAuthenticationChallenge:d->m_currentMacChallenge];
670
671     clearAuthentication();
672 }
673
674 void ResourceHandle::receivedChallengeRejection(const AuthenticationChallenge& challenge)
675 {
676     LOG(Network, "Handle %p receivedChallengeRejection", this);
677
678     ASSERT(!challenge.isNull());
679     if (challenge != d->m_currentWebChallenge)
680         return;
681
682     [[d->m_currentMacChallenge sender] rejectProtectionSpaceAndContinueWithChallenge:d->m_currentMacChallenge];
683
684     clearAuthentication();
685 }
686
687 void ResourceHandle::continueWillCacheResponse(NSCachedURLResponse *response)
688 {
689     [(id)delegate() continueWillCacheResponse:response];
690 }
691
692 #endif // !USE(CFURLCONNECTION)
693
694 #if USE(CFURLCONNECTION)
695
696 void ResourceHandle::getConnectionTimingData(CFURLConnectionRef connection, NetworkLoadMetrics& timing)
697 {
698     copyTimingData((__bridge NSDictionary*)adoptCF(_CFURLConnectionCopyTimingData(connection)).get(), timing);
699 }
700
701 #else
702
703 void ResourceHandle::getConnectionTimingData(NSURLConnection *connection, NetworkLoadMetrics& timing)
704 {
705     copyTimingData([connection _timingData], timing);
706 }
707
708 #endif
709
710 } // namespace WebCore