Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm

   1 /*
   2  * Copyright (C) 2015-2017 Apple Inc. All rights reserved.
   3  *
   4  * Redistribution and use in source and binary forms, with or without
   5  * modification, are permitted provided that the following conditions
   6  * are met:
   7  * 1. Redistributions of source code must retain the above copyright
   8  *    notice, this list of conditions and the following disclaimer.
   9  * 2. Redistributions in binary form must reproduce the above copyright
  10  *    notice, this list of conditions and the following disclaimer in the
  11  *    documentation and/or other materials provided with the distribution.
  12  *
  13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
  14  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
  15  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  16  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
  17  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  18  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  19  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  20  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  21  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  22  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
  23  * THE POSSIBILITY OF SUCH DAMAGE.
  24  */
  25
  26 #import "config.h"
  27 #import "NetworkSessionCocoa.h"
  28
  29 #if USE(NETWORK_SESSION)
  30
  31 #import "AuthenticationManager.h"
  32 #import "DataReference.h"
  33 #import "Download.h"
  34 #import "LegacyCustomProtocolManager.h"
  35 #import "Logging.h"
  36 #import "NetworkLoad.h"
  37 #import "NetworkProcess.h"
  38 #import "NetworkSessionCreationParameters.h"
  39 #import "SessionTracker.h"
  40 #import <Foundation/NSURLSession.h>
  41 #import <WebCore/Credential.h>
  42 #import <WebCore/FormDataStreamMac.h>
  43 #import <WebCore/FrameLoaderTypes.h>
  44 #import <WebCore/NetworkStorageSession.h>
  45 #import <WebCore/NotImplemented.h>
  46 #import <WebCore/ResourceError.h>
  47 #import <WebCore/ResourceRequest.h>
  48 #import <WebCore/ResourceResponse.h>
  49 #import <WebCore/SharedBuffer.h>
  50 #import <WebCore/URL.h>
  51 #import <WebCore/WebCoreURLResponse.h>
  52 #import <pal/spi/cf/CFNetworkSPI.h>
  53 #import <wtf/MainThread.h>
  54 #import <wtf/NeverDestroyed.h>
  55
  56 using namespace WebKit;
  57
  58 #if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101300) || (PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 110000)
  59 @interface NSURLSessionConfiguration (WKStaging)
  60 @property (nullable, copy) NSSet *_suppressedAutoAddedHTTPHeaders;
  61 @end
  62 #endif
  63
  64 static NSURLSessionResponseDisposition toNSURLSessionResponseDisposition(WebCore::PolicyAction disposition)
  65 {
  66     switch (disposition) {
  67     case WebCore::PolicyAction::Ignore:
  68         return NSURLSessionResponseCancel;
  69     case WebCore::PolicyAction::Use:
  70         return NSURLSessionResponseAllow;
  71     case WebCore::PolicyAction::Download:
  72         return NSURLSessionResponseBecomeDownload;
  73     }
  74 }
  75
  76 static NSURLSessionAuthChallengeDisposition toNSURLSessionAuthChallengeDisposition(WebKit::AuthenticationChallengeDisposition disposition)
  77 {
  78     switch (disposition) {
  79     case WebKit::AuthenticationChallengeDisposition::UseCredential:
  80         return NSURLSessionAuthChallengeUseCredential;
  81     case WebKit::AuthenticationChallengeDisposition::PerformDefaultHandling:
  82         return NSURLSessionAuthChallengePerformDefaultHandling;
  83     case WebKit::AuthenticationChallengeDisposition::Cancel:
  84         return NSURLSessionAuthChallengeCancelAuthenticationChallenge;
  85     case WebKit::AuthenticationChallengeDisposition::RejectProtectionSpace:
  86         return NSURLSessionAuthChallengeRejectProtectionSpace;
  87     }
  88 }
  89
  90 static WebCore::NetworkLoadPriority toNetworkLoadPriority(float priority)
  91 {
  92     if (priority <= NSURLSessionTaskPriorityLow)
  93         return WebCore::NetworkLoadPriority::Low;
  94     if (priority >= NSURLSessionTaskPriorityHigh)
  95         return WebCore::NetworkLoadPriority::High;
  96     return WebCore::NetworkLoadPriority::Medium;
  97 }
  98
  99 @interface WKNetworkSessionDelegate : NSObject <NSURLSessionDataDelegate> {
 100     RefPtr<WebKit::NetworkSessionCocoa> _session;
 101     bool _withCredentials;
 102 }
 103
 104 - (id)initWithNetworkSession:(WebKit::NetworkSessionCocoa&)session withCredentials:(bool)withCredentials;
 105 - (void)sessionInvalidated;
 106
 107 @end
 108
 109 @implementation WKNetworkSessionDelegate
 110
 111 - (id)initWithNetworkSession:(WebKit::NetworkSessionCocoa&)session withCredentials:(bool)withCredentials
 112 {
 113     self = [super init];
 114     if (!self)
 115         return nil;
 116
 117     _session = &session;
 118     _withCredentials = withCredentials;
 119
 120     return self;
 121 }
 122
 123 - (void)sessionInvalidated
 124 {
 125     _session = nullptr;
 126 }
 127
 128 - (NetworkDataTaskCocoa*)existingTask:(NSURLSessionTask *)task
 129 {
 130     if (!_session)
 131         return nullptr;
 132
 133     if (!task)
 134         return nullptr;
 135
 136     auto storedCredentialsPolicy = _withCredentials ? WebCore::StoredCredentialsPolicy::Use : WebCore::StoredCredentialsPolicy::DoNotUse;
 137     return _session->dataTaskForIdentifier(task.taskIdentifier, storedCredentialsPolicy);
 138 }
 139
 140 - (void)URLSession:(NSURLSession *)session didBecomeInvalidWithError:(nullable NSError *)error
 141 {
 142     ASSERT(!_session);
 143 }
 144
 145 - (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task didSendBodyData:(int64_t)bytesSent totalBytesSent:(int64_t)totalBytesSent totalBytesExpectedToSend:(int64_t)totalBytesExpectedToSend
 146 {
 147     if (auto* networkDataTask = [self existingTask:task])
 148         networkDataTask->didSendData(totalBytesSent, totalBytesExpectedToSend);
 149 }
 150
 151 - (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task needNewBodyStream:(void (^)(NSInputStream *bodyStream))completionHandler
 152 {
 153     auto* networkDataTask = [self existingTask:task];
 154     if (!networkDataTask) {
 155         completionHandler(nil);
 156         return;
 157     }
 158
 159     auto* body = networkDataTask->firstRequest().httpBody();
 160     if (!body) {
 161         completionHandler(nil);
 162         return;
 163     }
 164
 165     completionHandler(WebCore::createHTTPBodyNSInputStream(*body).get());
 166 }
 167
 168 #if USE(CFNETWORK_IGNORE_HSTS)
 169 static NSURLRequest* downgradeRequest(NSURLRequest *request)
 170 {
 171     NSMutableURLRequest *nsMutableRequest = [[request mutableCopy] autorelease];
 172     if ([nsMutableRequest.URL.scheme isEqualToString:@"https"]) {
 173         NSURLComponents *components = [NSURLComponents componentsWithURL:nsMutableRequest.URL resolvingAgainstBaseURL:NO];
 174         components.scheme = @"http";
 175         [nsMutableRequest setURL:components.URL];
 176         ASSERT([nsMutableRequest.URL.scheme isEqualToString:@"http"]);
 177         return nsMutableRequest;
 178     }
 179
 180     ASSERT_NOT_REACHED();
 181     return request;
 182 }
 183 #endif
 184
 185 static NSURLRequest* updateIgnoreStrictTransportSecuritySettingIfNecessary(NSURLRequest *request, bool shouldIgnoreHSTS)
 186 {
 187 #if USE(CFNETWORK_IGNORE_HSTS)
 188     if ([request.URL.scheme isEqualToString:@"https"] && shouldIgnoreHSTS && ignoreHSTS(request)) {
 189         // The request was upgraded for some other reason than HSTS.
 190         // Don't ignore HSTS to avoid the risk of another downgrade.
 191         NSMutableURLRequest *nsMutableRequest = [[request mutableCopy] autorelease];
 192         setIgnoreHSTS(nsMutableRequest, false);
 193         return nsMutableRequest;
 194     }
 195
 196     if ([request.URL.scheme isEqualToString:@"http"] && ignoreHSTS(request) != shouldIgnoreHSTS) {
 197         NSMutableURLRequest *nsMutableRequest = [[request mutableCopy] autorelease];
 198         setIgnoreHSTS(nsMutableRequest, shouldIgnoreHSTS);
 199         return nsMutableRequest;
 200     }
 201 #else
 202     UNUSED_PARAM(shouldIgnoreHSTS);
 203 #endif
 204
 205     return request;
 206 }
 207
 208 - (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task willPerformHTTPRedirection:(NSHTTPURLResponse *)response newRequest:(NSURLRequest *)request completionHandler:(void (^)(NSURLRequest *))completionHandler
 209 {
 210     auto taskIdentifier = task.taskIdentifier;
 211     LOG(NetworkSession, "%llu willPerformHTTPRedirection from %s to %s", taskIdentifier, response.URL.absoluteString.UTF8String, request.URL.absoluteString.UTF8String);
 212
 213     if (auto* networkDataTask = [self existingTask:task]) {
 214         auto completionHandlerCopy = Block_copy(completionHandler);
 215
 216         bool shouldIgnoreHSTS = false;
 217 #if USE(CFNETWORK_IGNORE_HSTS)
 218         shouldIgnoreHSTS = schemeWasUpgradedDueToDynamicHSTS(request) && WebCore::NetworkStorageSession::storageSession(_session->sessionID())->shouldBlockCookies(request);
 219         if (shouldIgnoreHSTS) {
 220             request = downgradeRequest(request);
 221             ASSERT([request.URL.scheme isEqualToString:@"http"]);
 222             LOG(NetworkSession, "%llu Downgraded %s from https to http", taskIdentifier, request.URL.absoluteString.UTF8String);
 223         }
 224 #endif
 225
 226         networkDataTask->willPerformHTTPRedirection(response, request, [completionHandlerCopy, taskIdentifier, shouldIgnoreHSTS](auto&& request) {
 227 #if !LOG_DISABLED
 228             LOG(NetworkSession, "%llu willPerformHTTPRedirection completionHandler (%s)", taskIdentifier, request.url().string().utf8().data());
 229 #else
 230             UNUSED_PARAM(taskIdentifier);
 231 #endif
 232             auto nsRequest = request.nsURLRequest(WebCore::UpdateHTTPBody);
 233             nsRequest = updateIgnoreStrictTransportSecuritySettingIfNecessary(nsRequest, shouldIgnoreHSTS);
 234             completionHandlerCopy(nsRequest);
 235             Block_release(completionHandlerCopy);
 236         });
 237     } else {
 238         LOG(NetworkSession, "%llu willPerformHTTPRedirection completionHandler (nil)", taskIdentifier);
 239         completionHandler(nil);
 240     }
 241 }
 242
 243 - (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask*)task _schemeUpgraded:(NSURLRequest*)request completionHandler:(void (^)(NSURLRequest*))completionHandler
 244 {
 245     auto taskIdentifier = task.taskIdentifier;
 246     LOG(NetworkSession, "%llu _schemeUpgraded %s", taskIdentifier, request.URL.absoluteString.UTF8String);
 247
 248     if (auto* networkDataTask = [self existingTask:task]) {
 249         bool shouldIgnoreHSTS = false;
 250 #if USE(CFNETWORK_IGNORE_HSTS)
 251         shouldIgnoreHSTS = schemeWasUpgradedDueToDynamicHSTS(request) && WebCore::NetworkStorageSession::storageSession(_session->sessionID())->shouldBlockCookies(request);
 252         if (shouldIgnoreHSTS) {
 253             request = downgradeRequest(request);
 254             ASSERT([request.URL.scheme isEqualToString:@"http"]);
 255             LOG(NetworkSession, "%llu Downgraded %s from https to http", taskIdentifier, request.URL.absoluteString.UTF8String);
 256         }
 257 #endif
 258
 259         auto completionHandlerCopy = Block_copy(completionHandler);
 260         networkDataTask->willPerformHTTPRedirection(WebCore::synthesizeRedirectResponseIfNecessary([task currentRequest], request, nil), request, [completionHandlerCopy, taskIdentifier, shouldIgnoreHSTS](auto&& request) {
 261 #if !LOG_DISABLED
 262             LOG(NetworkSession, "%llu _schemeUpgraded completionHandler (%s)", taskIdentifier, request.url().string().utf8().data());
 263 #else
 264             UNUSED_PARAM(taskIdentifier);
 265 #endif
 266             auto nsRequest = request.nsURLRequest(WebCore::UpdateHTTPBody);
 267             nsRequest = updateIgnoreStrictTransportSecuritySettingIfNecessary(nsRequest, shouldIgnoreHSTS);
 268             completionHandlerCopy(nsRequest);
 269             Block_release(completionHandlerCopy);
 270         });
 271     } else {
 272         LOG(NetworkSession, "%llu _schemeUpgraded completionHandler (nil)", taskIdentifier);
 273         completionHandler(nil);
 274     }
 275 }
 276
 277 - (void)URLSession:(NSURLSession *)session dataTask:(NSURLSessionDataTask *)dataTask willCacheResponse:(NSCachedURLResponse *)proposedResponse completionHandler:(void (^)(NSCachedURLResponse * _Nullable cachedResponse))completionHandler
 278 {
 279     if (!_session) {
 280         completionHandler(nil);
 281         return;
 282     }
 283
 284     // FIXME: remove if <rdar://problem/20001985> is ever resolved.
 285     if ([proposedResponse.response respondsToSelector:@selector(allHeaderFields)]
 286         && [[(id)proposedResponse.response allHeaderFields] objectForKey:@"Content-Range"])
 287         completionHandler(nil);
 288     else
 289         completionHandler(proposedResponse);
 290 }
 291
 292 - (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler
 293 {
 294     auto taskIdentifier = task.taskIdentifier;
 295     LOG(NetworkSession, "%llu didReceiveChallenge", taskIdentifier);
 296
 297     // Proxy authentication is handled by CFNetwork internally. We can get here if the user cancels
 298     // CFNetwork authentication dialog, and we shouldn't ask the client to display another one in that case.
 299     if (challenge.protectionSpace.isProxy) {
 300         completionHandler(NSURLSessionAuthChallengeUseCredential, nil);
 301         return;
 302     }
 303
 304     // Handle server trust evaluation at platform-level if requested, for performance reasons.
 305     if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust] && !NetworkProcess::singleton().canHandleHTTPSServerTrustEvaluation()) {
 306         if (NetworkSessionCocoa::allowsSpecificHTTPSCertificateForHost(challenge))
 307             completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
 308         else
 309             completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace, nil);
 310         return;
 311     }
 312
 313     if (auto* networkDataTask = [self existingTask:task]) {
 314         WebCore::AuthenticationChallenge authenticationChallenge(challenge);
 315         auto completionHandlerCopy = Block_copy(completionHandler);
 316         auto sessionID = _session->sessionID();
 317         auto challengeCompletionHandler = [completionHandlerCopy, sessionID, authenticationChallenge, taskIdentifier, partition = networkDataTask->partition()](WebKit::AuthenticationChallengeDisposition disposition, const WebCore::Credential& credential)
 318         {
 319 #if !LOG_DISABLED
 320             LOG(NetworkSession, "%llu didReceiveChallenge completionHandler %d", taskIdentifier, disposition);
 321 #else
 322             UNUSED_PARAM(taskIdentifier);
 323 #endif
 324 #if !USE(CREDENTIAL_STORAGE_WITH_NETWORK_SESSION)
 325             UNUSED_PARAM(sessionID);
 326             UNUSED_PARAM(authenticationChallenge);
 327 #else
 328             if (credential.persistence() == WebCore::CredentialPersistenceForSession && authenticationChallenge.protectionSpace().isPasswordBased()) {
 329
 330                 WebCore::Credential nonPersistentCredential(credential.user(), credential.password(), WebCore::CredentialPersistenceNone);
 331                 WebCore::URL urlToStore;
 332                 if (authenticationChallenge.failureResponse().httpStatusCode() == 401)
 333                     urlToStore = authenticationChallenge.failureResponse().url();
 334                 if (auto storageSession = WebCore::NetworkStorageSession::storageSession(sessionID))
 335                     storageSession->credentialStorage().set(partition, nonPersistentCredential, authenticationChallenge.protectionSpace(), urlToStore);
 336                 else
 337                     ASSERT_NOT_REACHED();
 338
 339                 completionHandlerCopy(toNSURLSessionAuthChallengeDisposition(disposition), nonPersistentCredential.nsCredential());
 340             } else
 341 #endif
 342                 completionHandlerCopy(toNSURLSessionAuthChallengeDisposition(disposition), credential.nsCredential());
 343             Block_release(completionHandlerCopy);
 344         };
 345         networkDataTask->didReceiveChallenge(challenge, WTFMove(challengeCompletionHandler));
 346     } else {
 347         auto downloadID = _session->downloadID(task.taskIdentifier);
 348         if (downloadID.downloadID()) {
 349             if (auto* download = WebKit::NetworkProcess::singleton().downloadManager().download(downloadID)) {
 350                 // Received an authentication challenge for a download being resumed.
 351                 WebCore::AuthenticationChallenge authenticationChallenge { challenge };
 352                 auto completionHandlerCopy = Block_copy(completionHandler);
 353                 auto challengeCompletionHandler = [completionHandlerCopy, authenticationChallenge](WebKit::AuthenticationChallengeDisposition disposition, const WebCore::Credential& credential) {
 354                     completionHandlerCopy(toNSURLSessionAuthChallengeDisposition(disposition), credential.nsCredential());
 355                     Block_release(completionHandlerCopy);
 356                 };
 357                 download->didReceiveChallenge(challenge, WTFMove(challengeCompletionHandler));
 358                 return;
 359             }
 360         }
 361         LOG(NetworkSession, "%llu didReceiveChallenge completionHandler (cancel)", taskIdentifier);
 362         completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, nil);
 363     }
 364 }
 365
 366 - (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task didCompleteWithError:(NSError *)error
 367 {
 368     if (!_session)
 369         return;
 370
 371     LOG(NetworkSession, "%llu didCompleteWithError %@", task.taskIdentifier, error);
 372     if (auto* networkDataTask = [self existingTask:task])
 373         networkDataTask->didCompleteWithError(error, networkDataTask->networkLoadMetrics());
 374     else if (error) {
 375         auto downloadID = _session->takeDownloadID(task.taskIdentifier);
 376         if (downloadID.downloadID()) {
 377             if (auto* download = WebKit::NetworkProcess::singleton().downloadManager().download(downloadID)) {
 378                 NSData *resumeData = nil;
 379                 if (id userInfo = error.userInfo) {
 380                     if ([userInfo isKindOfClass:[NSDictionary class]])
 381                         resumeData = userInfo[@"NSURLSessionDownloadTaskResumeData"];
 382                 }
 383
 384                 if (resumeData && [resumeData isKindOfClass:[NSData class]])
 385                     download->didFail(error, { static_cast<const uint8_t*>(resumeData.bytes), resumeData.length });
 386                 else
 387                     download->didFail(error, { });
 388             }
 389         }
 390     }
 391 }
 392
 393 - (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task didFinishCollectingMetrics:(NSURLSessionTaskMetrics *)metrics
 394 {
 395     LOG(NetworkSession, "%llu didFinishCollectingMetrics", task.taskIdentifier);
 396     if (auto* networkDataTask = [self existingTask:task]) {
 397         NSURLSessionTaskTransactionMetrics *m = metrics.transactionMetrics.lastObject;
 398         NSDate *fetchStartDate = m.fetchStartDate;
 399         NSTimeInterval domainLookupStartInterval = m.domainLookupStartDate ? [m.domainLookupStartDate timeIntervalSinceDate:fetchStartDate] : -1;
 400         NSTimeInterval domainLookupEndInterval = m.domainLookupEndDate ? [m.domainLookupEndDate timeIntervalSinceDate:fetchStartDate] : -1;
 401         NSTimeInterval connectStartInterval = m.connectStartDate ? [m.connectStartDate timeIntervalSinceDate:fetchStartDate] : -1;
 402         NSTimeInterval secureConnectionStartInterval = m.secureConnectionStartDate ? [m.secureConnectionStartDate timeIntervalSinceDate:fetchStartDate] : -1;
 403         NSTimeInterval connectEndInterval = m.connectEndDate ? [m.connectEndDate timeIntervalSinceDate:fetchStartDate] : -1;
 404         NSTimeInterval requestStartInterval = [m.requestStartDate timeIntervalSinceDate:fetchStartDate];
 405         NSTimeInterval responseStartInterval = [m.responseStartDate timeIntervalSinceDate:fetchStartDate];
 406         NSTimeInterval responseEndInterval = [m.responseEndDate timeIntervalSinceDate:fetchStartDate];
 407
 408         auto& networkLoadMetrics = networkDataTask->networkLoadMetrics();
 409         networkLoadMetrics.domainLookupStart = Seconds(domainLookupStartInterval);
 410         networkLoadMetrics.domainLookupEnd = Seconds(domainLookupEndInterval);
 411         networkLoadMetrics.connectStart = Seconds(connectStartInterval);
 412         networkLoadMetrics.secureConnectionStart = Seconds(secureConnectionStartInterval);
 413         networkLoadMetrics.connectEnd = Seconds(connectEndInterval);
 414         networkLoadMetrics.requestStart = Seconds(requestStartInterval);
 415         networkLoadMetrics.responseStart = Seconds(responseStartInterval);
 416         networkLoadMetrics.responseEnd = Seconds(responseEndInterval);
 417         networkLoadMetrics.markComplete();
 418         networkLoadMetrics.protocol = String(m.networkProtocolName);
 419
 420         if (networkDataTask->shouldCaptureExtraNetworkLoadMetrics()) {
 421             networkLoadMetrics.priority = toNetworkLoadPriority(task.priority);
 422
 423 #if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101300) || (PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 110000)
 424             networkLoadMetrics.remoteAddress = String(m._remoteAddressAndPort);
 425             networkLoadMetrics.connectionIdentifier = String([m._connectionIdentifier UUIDString]);
 426 #endif
 427
 428             __block WebCore::HTTPHeaderMap requestHeaders;
 429             [m.request.allHTTPHeaderFields enumerateKeysAndObjectsUsingBlock:^(NSString *name, NSString *value, BOOL *) {
 430                 requestHeaders.set(String(name), String(value));
 431             }];
 432             networkLoadMetrics.requestHeaders = WTFMove(requestHeaders);
 433
 434 #if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101300) || (PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 110000)
 435             uint64_t requestHeaderBytesSent = 0;
 436             uint64_t responseHeaderBytesReceived = 0;
 437             uint64_t responseBodyBytesReceived = 0;
 438             uint64_t responseBodyDecodedSize = 0;
 439
 440             for (NSURLSessionTaskTransactionMetrics *transactionMetrics in metrics.transactionMetrics) {
 441                 requestHeaderBytesSent += transactionMetrics._requestHeaderBytesSent;
 442                 responseHeaderBytesReceived += transactionMetrics._responseHeaderBytesReceived;
 443                 responseBodyBytesReceived += transactionMetrics._responseBodyBytesReceived;
 444                 responseBodyDecodedSize += transactionMetrics._responseBodyBytesDecoded ? transactionMetrics._responseBodyBytesDecoded : transactionMetrics._responseBodyBytesReceived;
 445             }
 446
 447             networkLoadMetrics.requestHeaderBytesSent = requestHeaderBytesSent;
 448             networkLoadMetrics.requestBodyBytesSent = task.countOfBytesSent;
 449             networkLoadMetrics.responseHeaderBytesReceived = responseHeaderBytesReceived;
 450             networkLoadMetrics.responseBodyBytesReceived = responseBodyBytesReceived;
 451             networkLoadMetrics.responseBodyDecodedSize = responseBodyDecodedSize;
 452 #endif
 453         }
 454     }
 455 }
 456
 457 - (void)URLSession:(NSURLSession *)session dataTask:(NSURLSessionDataTask *)dataTask didReceiveResponse:(NSURLResponse *)response completionHandler:(void (^)(NSURLSessionResponseDisposition disposition))completionHandler
 458 {
 459     auto taskIdentifier = dataTask.taskIdentifier;
 460     LOG(NetworkSession, "%llu didReceiveResponse", taskIdentifier);
 461     if (auto* networkDataTask = [self existingTask:dataTask]) {
 462         ASSERT(RunLoop::isMain());
 463
 464         // Avoid MIME type sniffing if the response comes back as 304 Not Modified.
 465         int statusCode = [response respondsToSelector:@selector(statusCode)] ? [(id)response statusCode] : 0;
 466         if (statusCode != 304) {
 467             bool isMainResourceLoad = networkDataTask->firstRequest().requester() == WebCore::ResourceRequest::Requester::Main;
 468             WebCore::adjustMIMETypeIfNecessary(response._CFURLResponse, isMainResourceLoad);
 469         }
 470
 471         WebCore::ResourceResponse resourceResponse(response);
 472         // Lazy initialization is not helpful in the WebKit2 case because we always end up initializing
 473         // all the fields when sending the response to the WebContent process over IPC.
 474         resourceResponse.disableLazyInitialization();
 475
 476         // FIXME: This cannot be eliminated until other code no longer relies on ResourceResponse's
 477         // NetworkLoadMetrics. For example, PerformanceTiming.
 478         copyTimingData([dataTask _timingData], resourceResponse.deprecatedNetworkLoadMetrics());
 479
 480         auto completionHandlerCopy = Block_copy(completionHandler);
 481         networkDataTask->didReceiveResponse(WTFMove(resourceResponse), [completionHandlerCopy, taskIdentifier](WebCore::PolicyAction policyAction) {
 482 #if !LOG_DISABLED
 483             LOG(NetworkSession, "%llu didReceiveResponse completionHandler (%d)", taskIdentifier, policyAction);
 484 #else
 485             UNUSED_PARAM(taskIdentifier);
 486 #endif
 487             completionHandlerCopy(toNSURLSessionResponseDisposition(policyAction));
 488             Block_release(completionHandlerCopy);
 489         });
 490     } else {
 491         LOG(NetworkSession, "%llu didReceiveResponse completionHandler (cancel)", taskIdentifier);
 492         completionHandler(NSURLSessionResponseCancel);
 493     }
 494 }
 495
 496 - (void)URLSession:(NSURLSession *)session dataTask:(NSURLSessionDataTask *)dataTask didReceiveData:(NSData *)data
 497 {
 498     if (auto* networkDataTask = [self existingTask:dataTask])
 499         networkDataTask->didReceiveData(WebCore::SharedBuffer::create(data));
 500 }
 501
 502 - (void)URLSession:(NSURLSession *)session downloadTask:(NSURLSessionDownloadTask *)downloadTask didFinishDownloadingToURL:(NSURL *)location
 503 {
 504     if (!_session)
 505         return;
 506
 507     auto downloadID = _session->takeDownloadID([downloadTask taskIdentifier]);
 508     if (auto* download = WebKit::NetworkProcess::singleton().downloadManager().download(downloadID))
 509         download->didFinish();
 510 }
 511
 512 - (void)URLSession:(NSURLSession *)session downloadTask:(NSURLSessionDownloadTask *)downloadTask didWriteData:(int64_t)bytesWritten totalBytesWritten:(int64_t)totalBytesWritten totalBytesExpectedToWrite:(int64_t)totalBytesExpectedToWrite
 513 {
 514     if (!_session)
 515         return;
 516
 517     ASSERT_WITH_MESSAGE(![self existingTask:downloadTask], "The NetworkDataTask should be destroyed immediately after didBecomeDownloadTask returns");
 518
 519     auto downloadID = _session->downloadID([downloadTask taskIdentifier]);
 520     if (auto* download = WebKit::NetworkProcess::singleton().downloadManager().download(downloadID))
 521         download->didReceiveData(bytesWritten);
 522 }
 523
 524 - (void)URLSession:(NSURLSession *)session downloadTask:(NSURLSessionDownloadTask *)downloadTask didResumeAtOffset:(int64_t)fileOffset expectedTotalBytes:(int64_t)expectedTotalBytes
 525 {
 526     if (!_session)
 527         return;
 528
 529     notImplemented();
 530 }
 531
 532 - (void)URLSession:(NSURLSession *)session dataTask:(NSURLSessionDataTask *)dataTask didBecomeDownloadTask:(NSURLSessionDownloadTask *)downloadTask
 533 {
 534     if (auto* networkDataTask = [self existingTask:dataTask]) {
 535         Ref<NetworkDataTaskCocoa> protectedNetworkDataTask(*networkDataTask);
 536         auto downloadID = networkDataTask->pendingDownloadID();
 537         auto& downloadManager = WebKit::NetworkProcess::singleton().downloadManager();
 538         auto download = std::make_unique<WebKit::Download>(downloadManager, downloadID, downloadTask, _session->sessionID(), networkDataTask->suggestedFilename());
 539         networkDataTask->transferSandboxExtensionToDownload(*download);
 540         ASSERT(WebCore::FileSystem::fileExists(networkDataTask->pendingDownloadLocation()));
 541         download->didCreateDestination(networkDataTask->pendingDownloadLocation());
 542         downloadManager.dataTaskBecameDownloadTask(downloadID, WTFMove(download));
 543
 544         _session->addDownloadID([downloadTask taskIdentifier], downloadID);
 545     }
 546 }
 547
 548 @end
 549
 550 namespace WebKit {
 551
 552 static bool usesNetworkCache { false };
 553
 554 #if !ASSERT_DISABLED
 555 static bool sessionsCreated = false;
 556 #endif
 557
 558 static NSURLSessionConfiguration *configurationForSessionID(const PAL::SessionID& session)
 559 {
 560     if (session.isEphemeral()) {
 561         NSURLSessionConfiguration *configuration = [NSURLSessionConfiguration ephemeralSessionConfiguration];
 562         configuration._shouldSkipPreferredClientCertificateLookup = YES;
 563         return configuration;
 564     }
 565     return [NSURLSessionConfiguration defaultSessionConfiguration];
 566 }
 567
 568 static RetainPtr<CFDataRef>& globalSourceApplicationAuditTokenData()
 569 {
 570     static NeverDestroyed<RetainPtr<CFDataRef>> sourceApplicationAuditTokenData;
 571     return sourceApplicationAuditTokenData.get();
 572 }
 573
 574 static String& globalSourceApplicationBundleIdentifier()
 575 {
 576     static NeverDestroyed<String> sourceApplicationBundleIdentifier;
 577     return sourceApplicationBundleIdentifier.get();
 578 }
 579
 580 static String& globalSourceApplicationSecondaryIdentifier()
 581 {
 582     static NeverDestroyed<String> sourceApplicationSecondaryIdentifier;
 583     return sourceApplicationSecondaryIdentifier.get();
 584 }
 585
 586 #if PLATFORM(IOS)
 587 static String& globalCTDataConnectionServiceType()
 588 {
 589     static NeverDestroyed<String> ctDataConnectionServiceType;
 590     return ctDataConnectionServiceType.get();
 591 }
 592 #endif
 593
 594 void NetworkSessionCocoa::setSourceApplicationAuditTokenData(RetainPtr<CFDataRef>&& data)
 595 {
 596     ASSERT(!sessionsCreated);
 597     globalSourceApplicationAuditTokenData() = data;
 598 }
 599
 600 void NetworkSessionCocoa::setSourceApplicationBundleIdentifier(const String& identifier)
 601 {
 602     ASSERT(!sessionsCreated);
 603     globalSourceApplicationBundleIdentifier() = identifier;
 604 }
 605
 606 void NetworkSessionCocoa::setSourceApplicationSecondaryIdentifier(const String& identifier)
 607 {
 608     ASSERT(!sessionsCreated);
 609     globalSourceApplicationSecondaryIdentifier() = identifier;
 610 }
 611
 612 void NetworkSessionCocoa::setUsesNetworkCache(bool value)
 613 {
 614     usesNetworkCache = value;
 615 }
 616
 617 #if PLATFORM(IOS)
 618 void NetworkSessionCocoa::setCTDataConnectionServiceType(const String& type)
 619 {
 620     ASSERT(!sessionsCreated);
 621     globalCTDataConnectionServiceType() = type;
 622 }
 623 #endif
 624
 625 Ref<NetworkSession> NetworkSessionCocoa::create(NetworkSessionCreationParameters&& parameters)
 626 {
 627     return adoptRef(*new NetworkSessionCocoa(WTFMove(parameters)));
 628 }
 629
 630 NetworkSessionCocoa::NetworkSessionCocoa(NetworkSessionCreationParameters&& parameters)
 631     : NetworkSession(parameters.sessionID)
 632     , m_boundInterfaceIdentifier(parameters.boundInterfaceIdentifier)
 633 {
 634     relaxAdoptionRequirement();
 635
 636 #if !ASSERT_DISABLED
 637     sessionsCreated = true;
 638 #endif
 639
 640     NSURLSessionConfiguration *configuration = configurationForSessionID(m_sessionID);
 641
 642 #if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101300) || (PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 110000)
 643     // Without this, CFNetwork would sometimes add a Content-Type header to our requests (rdar://problem/34748470).
 644     if ([configuration respondsToSelector:@selector(_suppressedAutoAddedHTTPHeaders)])
 645         configuration._suppressedAutoAddedHTTPHeaders = [NSSet setWithObject:@"Content-Type"];
 646 #endif
 647
 648     if (parameters.allowsCellularAccess == AllowsCellularAccess::No)
 649         configuration.allowsCellularAccess = NO;
 650
 651     if (usesNetworkCache)
 652         configuration.URLCache = nil;
 653
 654     if (auto& data = globalSourceApplicationAuditTokenData())
 655         configuration._sourceApplicationAuditTokenData = (NSData *)data.get();
 656
 657     auto& sourceApplicationBundleIdentifier = globalSourceApplicationBundleIdentifier();
 658     if (!sourceApplicationBundleIdentifier.isEmpty()) {
 659         configuration._sourceApplicationBundleIdentifier = sourceApplicationBundleIdentifier;
 660         configuration._sourceApplicationAuditTokenData = nil;
 661     }
 662
 663     auto& sourceApplicationSecondaryIdentifier = globalSourceApplicationSecondaryIdentifier();
 664     if (!sourceApplicationSecondaryIdentifier.isEmpty())
 665         configuration._sourceApplicationSecondaryIdentifier = sourceApplicationSecondaryIdentifier;
 666
 667 #if PLATFORM(IOS)
 668     auto& ctDataConnectionServiceType = globalCTDataConnectionServiceType();
 669     if (!ctDataConnectionServiceType.isEmpty())
 670         configuration._CTDataConnectionServiceType = ctDataConnectionServiceType;
 671 #endif
 672
 673     if (parameters.legacyCustomProtocolManager)
 674         parameters.legacyCustomProtocolManager->registerProtocolClass(configuration);
 675
 676 #if HAVE(TIMINGDATAOPTIONS)
 677     configuration._timingDataOptions = _TimingDataOptionsEnableW3CNavigationTiming;
 678 #else
 679     setCollectsTimingData();
 680 #endif
 681
 682     auto* storageSession = WebCore::NetworkStorageSession::storageSession(parameters.sessionID);
 683     RELEASE_ASSERT(storageSession);
 684     if (CFHTTPCookieStorageRef storage = storageSession->cookieStorage().get())
 685         configuration.HTTPCookieStorage = [[[NSHTTPCookieStorage alloc] _initWithCFHTTPCookieStorage:storage] autorelease];
 686
 687     m_sessionWithCredentialStorageDelegate = adoptNS([[WKNetworkSessionDelegate alloc] initWithNetworkSession:*this withCredentials:true]);
 688     m_sessionWithCredentialStorage = [NSURLSession sessionWithConfiguration:configuration delegate:static_cast<id>(m_sessionWithCredentialStorageDelegate.get()) delegateQueue:[NSOperationQueue mainQueue]];
 689     LOG(NetworkSession, "Created NetworkSession with cookieAcceptPolicy %lu", configuration.HTTPCookieStorage.cookieAcceptPolicy);
 690
 691     configuration.URLCredentialStorage = nil;
 692     configuration._shouldSkipPreferredClientCertificateLookup = YES;
 693     // FIXME: https://bugs.webkit.org/show_bug.cgi?id=177394
 694     // configuration.HTTPCookieStorage = nil;
 695     // configuration.HTTPCookieAcceptPolicy = NSHTTPCookieAcceptPolicyNever;
 696
 697     m_statelessSessionDelegate = adoptNS([[WKNetworkSessionDelegate alloc] initWithNetworkSession:*this withCredentials:false]);
 698     m_statelessSession = [NSURLSession sessionWithConfiguration:configuration delegate:static_cast<id>(m_statelessSessionDelegate.get()) delegateQueue:[NSOperationQueue mainQueue]];
 699 }
 700
 701 NetworkSessionCocoa::~NetworkSessionCocoa()
 702 {
 703 }
 704
 705 void NetworkSessionCocoa::invalidateAndCancel()
 706 {
 707     NetworkSession::invalidateAndCancel();
 708
 709     [m_sessionWithCredentialStorage invalidateAndCancel];
 710     [m_statelessSession invalidateAndCancel];
 711     [m_sessionWithCredentialStorageDelegate sessionInvalidated];
 712     [m_statelessSessionDelegate sessionInvalidated];
 713 }
 714
 715 void NetworkSessionCocoa::clearCredentials()
 716 {
 717 #if !USE(CREDENTIAL_STORAGE_WITH_NETWORK_SESSION)
 718     ASSERT(m_dataTaskMapWithCredentials.isEmpty());
 719     ASSERT(m_dataTaskMapWithoutState.isEmpty());
 720     ASSERT(m_downloadMap.isEmpty());
 721     // FIXME: Use resetWithCompletionHandler instead.
 722     m_sessionWithCredentialStorage = [NSURLSession sessionWithConfiguration:m_sessionWithCredentialStorage.get().configuration delegate:static_cast<id>(m_sessionWithCredentialStorageDelegate.get()) delegateQueue:[NSOperationQueue mainQueue]];
 723     m_statelessSession = [NSURLSession sessionWithConfiguration:m_statelessSession.get().configuration delegate:static_cast<id>(m_statelessSessionDelegate.get()) delegateQueue:[NSOperationQueue mainQueue]];
 724 #endif
 725 }
 726
 727 NetworkDataTaskCocoa* NetworkSessionCocoa::dataTaskForIdentifier(NetworkDataTaskCocoa::TaskIdentifier taskIdentifier, WebCore::StoredCredentialsPolicy storedCredentialsPolicy)
 728 {
 729     ASSERT(RunLoop::isMain());
 730     if (storedCredentialsPolicy == WebCore::StoredCredentialsPolicy::Use)
 731         return m_dataTaskMapWithCredentials.get(taskIdentifier);
 732     return m_dataTaskMapWithoutState.get(taskIdentifier);
 733 }
 734
 735 NSURLSessionDownloadTask* NetworkSessionCocoa::downloadTaskWithResumeData(NSData* resumeData)
 736 {
 737     return [m_sessionWithCredentialStorage downloadTaskWithResumeData:resumeData];
 738 }
 739
 740 void NetworkSessionCocoa::addDownloadID(NetworkDataTaskCocoa::TaskIdentifier taskIdentifier, DownloadID downloadID)
 741 {
 742 #ifndef NDEBUG
 743     ASSERT(!m_downloadMap.contains(taskIdentifier));
 744     for (auto idInMap : m_downloadMap.values())
 745         ASSERT(idInMap != downloadID);
 746 #endif
 747     m_downloadMap.add(taskIdentifier, downloadID);
 748 }
 749
 750 DownloadID NetworkSessionCocoa::downloadID(NetworkDataTaskCocoa::TaskIdentifier taskIdentifier)
 751 {
 752     ASSERT(m_downloadMap.get(taskIdentifier).downloadID());
 753     return m_downloadMap.get(taskIdentifier);
 754 }
 755
 756 DownloadID NetworkSessionCocoa::takeDownloadID(NetworkDataTaskCocoa::TaskIdentifier taskIdentifier)
 757 {
 758     auto downloadID = m_downloadMap.take(taskIdentifier);
 759     return downloadID;
 760 }
 761
 762 static bool certificatesMatch(SecTrustRef trust1, SecTrustRef trust2)
 763 {
 764     if (!trust1 || !trust2)
 765         return false;
 766
 767     CFIndex count1 = SecTrustGetCertificateCount(trust1);
 768     CFIndex count2 = SecTrustGetCertificateCount(trust2);
 769     if (count1 != count2)
 770         return false;
 771
 772     for (CFIndex i = 0; i < count1; i++) {
 773         auto cert1 = SecTrustGetCertificateAtIndex(trust1, i);
 774         auto cert2 = SecTrustGetCertificateAtIndex(trust2, i);
 775         RELEASE_ASSERT(cert1);
 776         RELEASE_ASSERT(cert2);
 777         if (!CFEqual(cert1, cert2))
 778             return false;
 779     }
 780
 781     return true;
 782 }
 783
 784 bool NetworkSessionCocoa::allowsSpecificHTTPSCertificateForHost(const WebCore::AuthenticationChallenge& challenge)
 785 {
 786     const String& host = challenge.protectionSpace().host();
 787     NSArray *certificates = [NSURLRequest allowsSpecificHTTPSCertificateForHost:host];
 788     if (!certificates)
 789         return false;
 790
 791     bool requireServerCertificates = challenge.protectionSpace().authenticationScheme() == WebCore::ProtectionSpaceAuthenticationScheme::ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested;
 792     RetainPtr<SecPolicyRef> policy = adoptCF(SecPolicyCreateSSL(requireServerCertificates, host.createCFString().get()));
 793
 794     SecTrustRef trustRef = nullptr;
 795     if (SecTrustCreateWithCertificates((CFArrayRef)certificates, policy.get(), &trustRef) != noErr)
 796         return false;
 797     RetainPtr<SecTrustRef> trust = adoptCF(trustRef);
 798
 799     return certificatesMatch(trust.get(), challenge.nsURLAuthenticationChallenge().protectionSpace.serverTrust);
 800 }
 801
 802 }
 803
 804 #endif