[GTK][WPE] Stop using legacy custom protocol implementation
[WebKit-https.git] / Source / WebCore / platform / network / soup / SoupNetworkSession.cpp
1 /*
2  * Copyright (C) 2014 Igalia S.L.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25
26 #include "config.h"
27
28 #if USE(SOUP)
29
30 #include "SoupNetworkSession.h"
31
32 #include "AuthenticationChallenge.h"
33 #include "GUniquePtrSoup.h"
34 #include "Logging.h"
35 #include "SoupNetworkProxySettings.h"
36 #include <glib/gstdio.h>
37 #include <libsoup/soup.h>
38 #include <pal/crypto/CryptoDigest.h>
39 #include <wtf/FileSystem.h>
40 #include <wtf/HashSet.h>
41 #include <wtf/NeverDestroyed.h>
42 #include <wtf/text/Base64.h>
43 #include <wtf/text/CString.h>
44
45 namespace WebCore {
46
47 static bool gIgnoreTLSErrors;
48
49 static CString& initialAcceptLanguages()
50 {
51     static NeverDestroyed<CString> storage;
52     return storage.get();
53 }
54
55 static SoupNetworkProxySettings& proxySettings()
56 {
57     static NeverDestroyed<SoupNetworkProxySettings> settings;
58     return settings.get();
59 }
60
61 static CString& hstsStorageDirectory()
62 {
63     static NeverDestroyed<CString> directory;
64     return directory.get();
65 }
66
67 #if !LOG_DISABLED
68 inline static void soupLogPrinter(SoupLogger*, SoupLoggerLogLevel, char direction, const char* data, gpointer)
69 {
70     LOG(Network, "%c %s", direction, data);
71 }
72 #endif
73
74 class HostTLSCertificateSet {
75 public:
76     void add(GTlsCertificate* certificate)
77     {
78         String certificateHash = computeCertificateHash(certificate);
79         if (!certificateHash.isEmpty())
80             m_certificates.add(certificateHash);
81     }
82
83     bool contains(GTlsCertificate* certificate) const
84     {
85         return m_certificates.contains(computeCertificateHash(certificate));
86     }
87
88 private:
89     static String computeCertificateHash(GTlsCertificate* certificate)
90     {
91         GRefPtr<GByteArray> certificateData;
92         g_object_get(G_OBJECT(certificate), "certificate", &certificateData.outPtr(), nullptr);
93         if (!certificateData)
94             return String();
95
96         auto digest = PAL::CryptoDigest::create(PAL::CryptoDigest::Algorithm::SHA_256);
97         digest->addBytes(certificateData->data, certificateData->len);
98
99         auto hash = digest->computeHash();
100         return base64Encode(reinterpret_cast<const char*>(hash.data()), hash.size());
101     }
102
103     HashSet<String> m_certificates;
104 };
105
106 using AllowedCertificatesMap = HashMap<String, HostTLSCertificateSet, ASCIICaseInsensitiveHash>;
107
108 static AllowedCertificatesMap& allowedCertificates()
109 {
110     static NeverDestroyed<AllowedCertificatesMap> certificates;
111     return certificates;
112 }
113
114 SoupNetworkSession::SoupNetworkSession(PAL::SessionID sessionID)
115     : m_soupSession(adoptGRef(soup_session_new()))
116     , m_sessionID(sessionID)
117 {
118     // Values taken from http://www.browserscope.org/ following
119     // the rule "Do What Every Other Modern Browser Is Doing". They seem
120     // to significantly improve page loading time compared to soup's
121     // default values.
122     static const int maxConnections = 17;
123     static const int maxConnectionsPerHost = 6;
124
125     g_object_set(m_soupSession.get(),
126         SOUP_SESSION_MAX_CONNS, maxConnections,
127         SOUP_SESSION_MAX_CONNS_PER_HOST, maxConnectionsPerHost,
128         SOUP_SESSION_TIMEOUT, 0,
129         SOUP_SESSION_IDLE_TIMEOUT, 0,
130         SOUP_SESSION_ADD_FEATURE_BY_TYPE, SOUP_TYPE_CONTENT_SNIFFER,
131 #if SOUP_CHECK_VERSION(2, 67, 90)
132         SOUP_SESSION_ADD_FEATURE_BY_TYPE, SOUP_TYPE_WEBSOCKET_EXTENSION_MANAGER,
133 #endif
134         nullptr);
135
136     if (!initialAcceptLanguages().isNull())
137         setAcceptLanguages(initialAcceptLanguages());
138
139     if (soup_auth_negotiate_supported() && !m_sessionID.isEphemeral()) {
140         g_object_set(m_soupSession.get(),
141             SOUP_SESSION_ADD_FEATURE_BY_TYPE, SOUP_TYPE_AUTH_NEGOTIATE,
142             nullptr);
143     }
144
145     if (proxySettings().mode != SoupNetworkProxySettings::Mode::Default)
146         setupProxy();
147     setupLogger();
148     setupHSTSEnforcer();
149 }
150
151 SoupNetworkSession::~SoupNetworkSession() = default;
152
153 void SoupNetworkSession::setupLogger()
154 {
155 #if !LOG_DISABLED
156     if (LogNetwork.state != WTFLogChannelState::On || soup_session_get_feature(m_soupSession.get(), SOUP_TYPE_LOGGER))
157         return;
158
159     GRefPtr<SoupLogger> logger = adoptGRef(soup_logger_new(SOUP_LOGGER_LOG_BODY, -1));
160     soup_session_add_feature(m_soupSession.get(), SOUP_SESSION_FEATURE(logger.get()));
161     soup_logger_set_printer(logger.get(), soupLogPrinter, nullptr, nullptr);
162 #endif
163 }
164
165 void SoupNetworkSession::setCookieJar(SoupCookieJar* jar)
166 {
167     if (SoupCookieJar* currentJar = cookieJar())
168         soup_session_remove_feature(m_soupSession.get(), SOUP_SESSION_FEATURE(currentJar));
169     soup_session_add_feature(m_soupSession.get(), SOUP_SESSION_FEATURE(jar));
170 }
171
172 SoupCookieJar* SoupNetworkSession::cookieJar() const
173 {
174     return SOUP_COOKIE_JAR(soup_session_get_feature(m_soupSession.get(), SOUP_TYPE_COOKIE_JAR));
175 }
176
177 void SoupNetworkSession::setHSTSPersistentStorage(const CString& directory)
178 {
179     hstsStorageDirectory() = directory;
180 }
181
182 void SoupNetworkSession::setupHSTSEnforcer()
183 {
184 #if SOUP_CHECK_VERSION(2, 67, 1)
185     if (soup_session_has_feature(m_soupSession.get(), SOUP_TYPE_HSTS_ENFORCER))
186         soup_session_remove_feature_by_type(m_soupSession.get(), SOUP_TYPE_HSTS_ENFORCER);
187
188     GRefPtr<SoupHSTSEnforcer> enforcer;
189     if (m_sessionID.isEphemeral() || hstsStorageDirectory().isNull())
190         enforcer = adoptGRef(soup_hsts_enforcer_new());
191     else {
192         if (FileSystem::makeAllDirectories(hstsStorageDirectory().data())) {
193             CString storagePath = FileSystem::fileSystemRepresentation(hstsStorageDirectory().data());
194             GUniquePtr<char> dbFilename(g_build_filename(storagePath.data(), "hsts-storage.sqlite", nullptr));
195             enforcer = adoptGRef(soup_hsts_enforcer_db_new(dbFilename.get()));
196         } else {
197             RELEASE_LOG_ERROR(Network, "Unable to create the HSTS storage directory \"%s\". Using a memory enforcer instead.", hstsStorageDirectory().data());
198             enforcer = adoptGRef(soup_hsts_enforcer_new());
199         }
200     }
201     soup_session_add_feature(m_soupSession.get(), SOUP_SESSION_FEATURE(enforcer.get()));
202 #endif
203 }
204
205 void SoupNetworkSession::getHostNamesWithHSTSCache(HashSet<String>& hostNames)
206 {
207 #if SOUP_CHECK_VERSION(2, 67, 91)
208     SoupHSTSEnforcer* enforcer = SOUP_HSTS_ENFORCER(soup_session_get_feature(m_soupSession.get(), SOUP_TYPE_HSTS_ENFORCER));
209     if (!enforcer)
210         return;
211
212     GUniquePtr<GList> domains(soup_hsts_enforcer_get_domains(enforcer, FALSE));
213     for (GList* iter = domains.get(); iter; iter = iter->next) {
214         GUniquePtr<gchar> domain(static_cast<gchar*>(iter->data));
215         hostNames.add(String::fromUTF8(domain.get()));
216     }
217 #else
218     UNUSED_PARAM(hostNames);
219 #endif
220 }
221
222 void SoupNetworkSession::deleteHSTSCacheForHostNames(const Vector<String>& hostNames)
223 {
224 #if SOUP_CHECK_VERSION(2, 67, 1)
225     SoupHSTSEnforcer* enforcer = SOUP_HSTS_ENFORCER(soup_session_get_feature(m_soupSession.get(), SOUP_TYPE_HSTS_ENFORCER));
226     if (!enforcer)
227         return;
228
229     for (const auto& hostName : hostNames) {
230         GUniquePtr<SoupHSTSPolicy> policy(soup_hsts_policy_new(hostName.utf8().data(), SOUP_HSTS_POLICY_MAX_AGE_PAST, FALSE));
231         soup_hsts_enforcer_set_policy(enforcer, policy.get());
232     }
233 #else
234     UNUSED_PARAM(hostNames);
235 #endif
236 }
237
238 void SoupNetworkSession::clearHSTSCache(WallTime modifiedSince)
239 {
240 #if SOUP_CHECK_VERSION(2, 67, 91)
241     SoupHSTSEnforcer* enforcer = SOUP_HSTS_ENFORCER(soup_session_get_feature(m_soupSession.get(), SOUP_TYPE_HSTS_ENFORCER));
242     if (!enforcer)
243         return;
244
245     GUniquePtr<GList> policies(soup_hsts_enforcer_get_policies(enforcer, FALSE));
246     for (GList* iter = policies.get(); iter != nullptr; iter = iter->next) {
247         GUniquePtr<SoupHSTSPolicy> policy(static_cast<SoupHSTSPolicy*>(iter->data));
248         auto modified = soup_date_to_time_t(policy.get()->expires) - policy.get()->max_age;
249         if (modified >= modifiedSince.secondsSinceEpoch().seconds()) {
250             GUniquePtr<SoupHSTSPolicy> newPolicy(soup_hsts_policy_new(policy.get()->domain, SOUP_HSTS_POLICY_MAX_AGE_PAST, FALSE));
251             soup_hsts_enforcer_set_policy(enforcer, newPolicy.get());
252         }
253     }
254 #else
255     UNUSED_PARAM(modifiedSince);
256 #endif
257 }
258
259 static inline bool stringIsNumeric(const char* str)
260 {
261     while (*str) {
262         if (!g_ascii_isdigit(*str))
263             return false;
264         str++;
265     }
266     return true;
267 }
268
269 // Old versions of WebKit created this cache.
270 void SoupNetworkSession::clearOldSoupCache(const String& cacheDirectory)
271 {
272     CString cachePath = FileSystem::fileSystemRepresentation(cacheDirectory);
273     GUniquePtr<char> cacheFile(g_build_filename(cachePath.data(), "soup.cache2", nullptr));
274     if (!g_file_test(cacheFile.get(), G_FILE_TEST_IS_REGULAR))
275         return;
276
277     GUniquePtr<GDir> dir(g_dir_open(cachePath.data(), 0, nullptr));
278     if (!dir)
279         return;
280
281     while (const char* name = g_dir_read_name(dir.get())) {
282         if (!g_str_has_prefix(name, "soup.cache") && !stringIsNumeric(name))
283             continue;
284
285         GUniquePtr<gchar> filename(g_build_filename(cachePath.data(), name, nullptr));
286         if (g_file_test(filename.get(), G_FILE_TEST_IS_REGULAR))
287             g_unlink(filename.get());
288     }
289 }
290
291 void SoupNetworkSession::setupProxy()
292 {
293     GRefPtr<GProxyResolver> resolver;
294     switch (proxySettings().mode) {
295     case SoupNetworkProxySettings::Mode::Default: {
296         GRefPtr<GProxyResolver> currentResolver;
297         g_object_get(m_soupSession.get(), SOUP_SESSION_PROXY_RESOLVER, &currentResolver.outPtr(), nullptr);
298         GProxyResolver* defaultResolver = g_proxy_resolver_get_default();
299         if (currentResolver.get() == defaultResolver)
300             return;
301         resolver = defaultResolver;
302         break;
303     }
304     case SoupNetworkProxySettings::Mode::NoProxy:
305         // Do nothing in this case, resolver is nullptr so that when set it will disable proxies.
306         break;
307     case SoupNetworkProxySettings::Mode::Custom:
308         resolver = adoptGRef(g_simple_proxy_resolver_new(nullptr, nullptr));
309         if (!proxySettings().defaultProxyURL.isNull())
310             g_simple_proxy_resolver_set_default_proxy(G_SIMPLE_PROXY_RESOLVER(resolver.get()), proxySettings().defaultProxyURL.data());
311         if (proxySettings().ignoreHosts)
312             g_simple_proxy_resolver_set_ignore_hosts(G_SIMPLE_PROXY_RESOLVER(resolver.get()), proxySettings().ignoreHosts.get());
313         for (const auto& iter : proxySettings().proxyMap)
314             g_simple_proxy_resolver_set_uri_proxy(G_SIMPLE_PROXY_RESOLVER(resolver.get()), iter.key.data(), iter.value.data());
315         break;
316     }
317
318     g_object_set(m_soupSession.get(), SOUP_SESSION_PROXY_RESOLVER, resolver.get(), nullptr);
319     soup_session_abort(m_soupSession.get());
320 }
321
322 void SoupNetworkSession::setProxySettings(const SoupNetworkProxySettings& settings)
323 {
324     proxySettings() = settings;
325 }
326
327 void SoupNetworkSession::setInitialAcceptLanguages(const CString& languages)
328 {
329     initialAcceptLanguages() = languages;
330 }
331
332 void SoupNetworkSession::setAcceptLanguages(const CString& languages)
333 {
334     g_object_set(m_soupSession.get(), "accept-language", languages.data(), nullptr);
335 }
336
337 void SoupNetworkSession::setShouldIgnoreTLSErrors(bool ignoreTLSErrors)
338 {
339     gIgnoreTLSErrors = ignoreTLSErrors;
340 }
341
342 Optional<ResourceError> SoupNetworkSession::checkTLSErrors(const URL& requestURL, GTlsCertificate* certificate, GTlsCertificateFlags tlsErrors)
343 {
344     if (gIgnoreTLSErrors)
345         return WTF::nullopt;
346
347     if (!tlsErrors)
348         return WTF::nullopt;
349
350     auto it = allowedCertificates().find(requestURL.host().toStringWithoutCopying());
351     if (it != allowedCertificates().end() && it->value.contains(certificate))
352         return WTF::nullopt;
353
354     return ResourceError::tlsError(requestURL, tlsErrors, certificate);
355 }
356
357 void SoupNetworkSession::allowSpecificHTTPSCertificateForHost(const CertificateInfo& certificateInfo, const String& host)
358 {
359     allowedCertificates().add(host, HostTLSCertificateSet()).iterator->value.add(certificateInfo.certificate());
360 }
361
362 } // namespace WebCore
363
364 #endif