Move URL from WebCore to WTF
[WebKit-https.git] / Source / WebCore / platform / network / soup / SoupNetworkSession.cpp
1 /*
2  * Copyright (C) 2014 Igalia S.L.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25
26 #include "config.h"
27
28 #if USE(SOUP)
29
30 #include "SoupNetworkSession.h"
31
32 #include "AuthenticationChallenge.h"
33 #include "FileSystem.h"
34 #include "Logging.h"
35 #include "SoupNetworkProxySettings.h"
36 #include <glib/gstdio.h>
37 #include <libsoup/soup.h>
38 #include <pal/crypto/CryptoDigest.h>
39 #include <wtf/HashSet.h>
40 #include <wtf/NeverDestroyed.h>
41 #include <wtf/glib/GUniquePtrSoup.h>
42 #include <wtf/text/Base64.h>
43 #include <wtf/text/CString.h>
44
45 namespace WebCore {
46
47 static bool gIgnoreTLSErrors;
48 static GType gCustomProtocolRequestType;
49
50 static CString& initialAcceptLanguages()
51 {
52     static NeverDestroyed<CString> storage;
53     return storage.get();
54 }
55
56 static SoupNetworkProxySettings& proxySettings()
57 {
58     static NeverDestroyed<SoupNetworkProxySettings> settings;
59     return settings.get();
60 }
61
62 #if !LOG_DISABLED
63 inline static void soupLogPrinter(SoupLogger*, SoupLoggerLogLevel, char direction, const char* data, gpointer)
64 {
65     LOG(Network, "%c %s", direction, data);
66 }
67 #endif
68
69 class HostTLSCertificateSet {
70 public:
71     void add(GTlsCertificate* certificate)
72     {
73         String certificateHash = computeCertificateHash(certificate);
74         if (!certificateHash.isEmpty())
75             m_certificates.add(certificateHash);
76     }
77
78     bool contains(GTlsCertificate* certificate) const
79     {
80         return m_certificates.contains(computeCertificateHash(certificate));
81     }
82
83 private:
84     static String computeCertificateHash(GTlsCertificate* certificate)
85     {
86         GRefPtr<GByteArray> certificateData;
87         g_object_get(G_OBJECT(certificate), "certificate", &certificateData.outPtr(), nullptr);
88         if (!certificateData)
89             return String();
90
91         auto digest = PAL::CryptoDigest::create(PAL::CryptoDigest::Algorithm::SHA_256);
92         digest->addBytes(certificateData->data, certificateData->len);
93
94         auto hash = digest->computeHash();
95         return base64Encode(reinterpret_cast<const char*>(hash.data()), hash.size());
96     }
97
98     HashSet<String> m_certificates;
99 };
100
101 static HashMap<String, HostTLSCertificateSet, ASCIICaseInsensitiveHash>& clientCertificates()
102 {
103     static NeverDestroyed<HashMap<String, HostTLSCertificateSet, ASCIICaseInsensitiveHash>> certificates;
104     return certificates;
105 }
106
107 SoupNetworkSession::SoupNetworkSession(PAL::SessionID sessionID, SoupCookieJar* cookieJar)
108     : m_soupSession(adoptGRef(soup_session_async_new()))
109 {
110     // Values taken from http://www.browserscope.org/ following
111     // the rule "Do What Every Other Modern Browser Is Doing". They seem
112     // to significantly improve page loading time compared to soup's
113     // default values.
114     static const int maxConnections = 17;
115     static const int maxConnectionsPerHost = 6;
116
117     GRefPtr<SoupCookieJar> jar = cookieJar;
118     if (!jar) {
119         jar = adoptGRef(soup_cookie_jar_new());
120         soup_cookie_jar_set_accept_policy(jar.get(), SOUP_COOKIE_JAR_ACCEPT_NO_THIRD_PARTY);
121     }
122
123     g_object_set(m_soupSession.get(),
124         SOUP_SESSION_MAX_CONNS, maxConnections,
125         SOUP_SESSION_MAX_CONNS_PER_HOST, maxConnectionsPerHost,
126         SOUP_SESSION_ADD_FEATURE_BY_TYPE, SOUP_TYPE_CONTENT_DECODER,
127         SOUP_SESSION_ADD_FEATURE_BY_TYPE, SOUP_TYPE_CONTENT_SNIFFER,
128         SOUP_SESSION_ADD_FEATURE_BY_TYPE, SOUP_TYPE_PROXY_RESOLVER_DEFAULT,
129         SOUP_SESSION_ADD_FEATURE, jar.get(),
130         SOUP_SESSION_USE_THREAD_CONTEXT, TRUE,
131         SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
132         SOUP_SESSION_SSL_STRICT, TRUE,
133         nullptr);
134
135     setupCustomProtocols();
136
137     if (!initialAcceptLanguages().isNull())
138         setAcceptLanguages(initialAcceptLanguages());
139
140 #if SOUP_CHECK_VERSION(2, 53, 92)
141     if (soup_auth_negotiate_supported() && !sessionID.isEphemeral()) {
142         g_object_set(m_soupSession.get(),
143             SOUP_SESSION_ADD_FEATURE_BY_TYPE, SOUP_TYPE_AUTH_NEGOTIATE,
144             nullptr);
145     }
146 #else
147     UNUSED_PARAM(sessionID);
148 #endif
149
150     if (proxySettings().mode != SoupNetworkProxySettings::Mode::Default)
151         setupProxy();
152     setupLogger();
153 }
154
155 SoupNetworkSession::~SoupNetworkSession() = default;
156
157 void SoupNetworkSession::setupLogger()
158 {
159 #if !LOG_DISABLED
160     if (LogNetwork.state != WTFLogChannelOn || soup_session_get_feature(m_soupSession.get(), SOUP_TYPE_LOGGER))
161         return;
162
163     GRefPtr<SoupLogger> logger = adoptGRef(soup_logger_new(SOUP_LOGGER_LOG_BODY, -1));
164     soup_session_add_feature(m_soupSession.get(), SOUP_SESSION_FEATURE(logger.get()));
165     soup_logger_set_printer(logger.get(), soupLogPrinter, nullptr, nullptr);
166 #endif
167 }
168
169 void SoupNetworkSession::setCookieJar(SoupCookieJar* jar)
170 {
171     if (SoupCookieJar* currentJar = cookieJar())
172         soup_session_remove_feature(m_soupSession.get(), SOUP_SESSION_FEATURE(currentJar));
173     soup_session_add_feature(m_soupSession.get(), SOUP_SESSION_FEATURE(jar));
174 }
175
176 SoupCookieJar* SoupNetworkSession::cookieJar() const
177 {
178     return SOUP_COOKIE_JAR(soup_session_get_feature(m_soupSession.get(), SOUP_TYPE_COOKIE_JAR));
179 }
180
181 static inline bool stringIsNumeric(const char* str)
182 {
183     while (*str) {
184         if (!g_ascii_isdigit(*str))
185             return false;
186         str++;
187     }
188     return true;
189 }
190
191 // Old versions of WebKit created this cache.
192 void SoupNetworkSession::clearOldSoupCache(const String& cacheDirectory)
193 {
194     CString cachePath = FileSystem::fileSystemRepresentation(cacheDirectory);
195     GUniquePtr<char> cacheFile(g_build_filename(cachePath.data(), "soup.cache2", nullptr));
196     if (!g_file_test(cacheFile.get(), G_FILE_TEST_IS_REGULAR))
197         return;
198
199     GUniquePtr<GDir> dir(g_dir_open(cachePath.data(), 0, nullptr));
200     if (!dir)
201         return;
202
203     while (const char* name = g_dir_read_name(dir.get())) {
204         if (!g_str_has_prefix(name, "soup.cache") && !stringIsNumeric(name))
205             continue;
206
207         GUniquePtr<gchar> filename(g_build_filename(cachePath.data(), name, nullptr));
208         if (g_file_test(filename.get(), G_FILE_TEST_IS_REGULAR))
209             g_unlink(filename.get());
210     }
211 }
212
213 void SoupNetworkSession::setupProxy()
214 {
215     GRefPtr<GProxyResolver> resolver;
216     switch (proxySettings().mode) {
217     case SoupNetworkProxySettings::Mode::Default: {
218         GRefPtr<GProxyResolver> currentResolver;
219         g_object_get(m_soupSession.get(), SOUP_SESSION_PROXY_RESOLVER, &currentResolver.outPtr(), nullptr);
220         GProxyResolver* defaultResolver = g_proxy_resolver_get_default();
221         if (currentResolver.get() == defaultResolver)
222             return;
223         resolver = defaultResolver;
224         break;
225     }
226     case SoupNetworkProxySettings::Mode::NoProxy:
227         // Do nothing in this case, resolver is nullptr so that when set it will disable proxies.
228         break;
229     case SoupNetworkProxySettings::Mode::Custom:
230         resolver = adoptGRef(g_simple_proxy_resolver_new(nullptr, nullptr));
231         if (!proxySettings().defaultProxyURL.isNull())
232             g_simple_proxy_resolver_set_default_proxy(G_SIMPLE_PROXY_RESOLVER(resolver.get()), proxySettings().defaultProxyURL.data());
233         if (proxySettings().ignoreHosts)
234             g_simple_proxy_resolver_set_ignore_hosts(G_SIMPLE_PROXY_RESOLVER(resolver.get()), proxySettings().ignoreHosts.get());
235         for (const auto& iter : proxySettings().proxyMap)
236             g_simple_proxy_resolver_set_uri_proxy(G_SIMPLE_PROXY_RESOLVER(resolver.get()), iter.key.data(), iter.value.data());
237         break;
238     }
239
240     g_object_set(m_soupSession.get(), SOUP_SESSION_PROXY_RESOLVER, resolver.get(), nullptr);
241     soup_session_abort(m_soupSession.get());
242 }
243
244 void SoupNetworkSession::setProxySettings(const SoupNetworkProxySettings& settings)
245 {
246     proxySettings() = settings;
247 }
248
249 void SoupNetworkSession::setInitialAcceptLanguages(const CString& languages)
250 {
251     initialAcceptLanguages() = languages;
252 }
253
254 void SoupNetworkSession::setAcceptLanguages(const CString& languages)
255 {
256     g_object_set(m_soupSession.get(), "accept-language", languages.data(), nullptr);
257 }
258
259 void SoupNetworkSession::setCustomProtocolRequestType(GType requestType)
260 {
261     ASSERT(g_type_is_a(requestType, SOUP_TYPE_REQUEST));
262     gCustomProtocolRequestType = requestType;
263 }
264
265 void SoupNetworkSession::setupCustomProtocols()
266 {
267     if (!g_type_is_a(gCustomProtocolRequestType, SOUP_TYPE_REQUEST))
268         return;
269
270     auto* requestClass = static_cast<SoupRequestClass*>(g_type_class_peek(gCustomProtocolRequestType));
271     if (!requestClass || !requestClass->schemes)
272         return;
273
274     soup_session_add_feature_by_type(m_soupSession.get(), gCustomProtocolRequestType);
275 }
276
277 void SoupNetworkSession::setShouldIgnoreTLSErrors(bool ignoreTLSErrors)
278 {
279     gIgnoreTLSErrors = ignoreTLSErrors;
280 }
281
282 std::optional<ResourceError> SoupNetworkSession::checkTLSErrors(const URL& requestURL, GTlsCertificate* certificate, GTlsCertificateFlags tlsErrors)
283 {
284     if (gIgnoreTLSErrors)
285         return std::nullopt;
286
287     if (!tlsErrors)
288         return std::nullopt;
289
290     auto it = clientCertificates().find(requestURL.host().toString());
291     if (it != clientCertificates().end() && it->value.contains(certificate))
292         return std::nullopt;
293
294     return ResourceError::tlsError(requestURL, tlsErrors, certificate);
295 }
296
297 void SoupNetworkSession::allowSpecificHTTPSCertificateForHost(const CertificateInfo& certificateInfo, const String& host)
298 {
299     clientCertificates().add(host, HostTLSCertificateSet()).iterator->value.add(certificateInfo.certificate());
300 }
301
302 } // namespace WebCore
303
304 #endif