https://bugs.webkit.org/show_bug.cgi?id=189668
Reviewed by Youenn Fablet.
At its core, it's a CompletionHandler with some information.
Make it more elegant and simple with no change in behavior and reduce the complexity of this security-sensitive object.
* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(toNSURLSessionAuthChallengeDisposition):
* Shared/Authentication/AuthenticationManager.cpp:
(WebKit::AuthenticationManager::rejectProtectionSpaceAndContinueForSingleChallenge):
* Shared/Authentication/AuthenticationManager.h:
* UIProcess/API/C/WKAuthenticationChallenge.cpp:
(WKAuthenticationChallengeGetDecisionListener):
(WKAuthenticationChallengeGetProtectionSpace):
(WKAuthenticationChallengeGetProposedCredential):
(WKAuthenticationChallengeGetPreviousFailureCount):
* UIProcess/API/C/WKPage.cpp:
(WKPageSetPageNavigationClient):
* UIProcess/API/Cocoa/WKNSURLAuthenticationChallenge.mm:
(-[WKNSURLAuthenticationChallengeSender cancelAuthenticationChallenge:]):
(-[WKNSURLAuthenticationChallengeSender continueWithoutCredentialForAuthenticationChallenge:]):
(-[WKNSURLAuthenticationChallengeSender useCredential:forAuthenticationChallenge:]):
(-[WKNSURLAuthenticationChallengeSender performDefaultHandlingForAuthenticationChallenge:]):
(-[WKNSURLAuthenticationChallengeSender rejectProtectionSpaceAndContinueWithChallenge:]):
* UIProcess/Authentication/AuthenticationChallengeProxy.cpp:
(WebKit::AuthenticationChallengeProxy::AuthenticationChallengeProxy):
(WebKit::AuthenticationChallengeProxy::~AuthenticationChallengeProxy): Deleted.
(WebKit::AuthenticationChallengeProxy::useCredential): Deleted.
(WebKit::AuthenticationChallengeProxy::cancel): Deleted.
(WebKit::AuthenticationChallengeProxy::performDefaultHandling): Deleted.
(WebKit::AuthenticationChallengeProxy::rejectProtectionSpaceAndContinue): Deleted.
(WebKit::AuthenticationChallengeProxy::proposedCredential const): Deleted.
(WebKit::AuthenticationChallengeProxy::protectionSpace const): Deleted.
(WebKit::AuthenticationChallengeProxy::setSecKeyProxyStore): Deleted.
* UIProcess/Authentication/AuthenticationChallengeProxy.h:
(WebKit::AuthenticationChallengeProxy::create):
(WebKit::AuthenticationChallengeProxy::listener const):
(WebKit::AuthenticationChallengeProxy::previousFailureCount const): Deleted.
* UIProcess/Authentication/AuthenticationDecisionListener.cpp:
(WebKit::AuthenticationDecisionListener::AuthenticationDecisionListener):
(WebKit::AuthenticationDecisionListener::~AuthenticationDecisionListener):
(WebKit::AuthenticationDecisionListener::useCredential):
(WebKit::AuthenticationDecisionListener::cancel):
(WebKit::AuthenticationDecisionListener::performDefaultHandling):
(WebKit::AuthenticationDecisionListener::rejectProtectionSpaceAndContinue):
(WebKit::AuthenticationDecisionListener::detachChallenge): Deleted.
* UIProcess/Authentication/AuthenticationDecisionListener.h:
(WebKit::AuthenticationDecisionListener::create):
* UIProcess/Authentication/cocoa/AuthenticationChallengeProxyCocoa.mm:
(WebKit::AuthenticationChallengeProxy::sendClientCertificateCredentialOverXpc):
(WebKit::AuthenticationChallengeProxy::sendClientCertificateCredentialOverXpc const): Deleted.
* UIProcess/Cocoa/DownloadClient.mm:
(WebKit::DownloadClient::didReceiveAuthenticationChallenge):
* UIProcess/Cocoa/NavigationState.mm:
(WebKit::NavigationState::NavigationClient::didReceiveAuthenticationChallenge):
* UIProcess/Downloads/DownloadProxy.cpp:
(WebKit::DownloadProxy::didReceiveAuthenticationChallenge):
* UIProcess/Network/NetworkProcessProxy.cpp:
(WebKit::NetworkProcessProxy::didReceiveAuthenticationChallenge):
* UIProcess/ServiceWorkerProcessProxy.cpp:
(WebKit::ServiceWorkerProcessProxy::didReceiveAuthenticationChallenge):
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::secKeyProxyStore):
(WebKit::WebPageProxy::didReceiveAuthenticationChallengeProxy):
* UIProcess/WebPageProxy.h:
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236153
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2018-09-18 Alex Christensen <achristensen@webkit.org>
+
+ Clean up AuthenticationChallengeProxy
+ https://bugs.webkit.org/show_bug.cgi?id=189668
+
+ Reviewed by Youenn Fablet.
+
+ At its core, it's a CompletionHandler with some information.
+ Make it more elegant and simple with no change in behavior and reduce the complexity of this security-sensitive object.
+
+ * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+ (toNSURLSessionAuthChallengeDisposition):
+ * Shared/Authentication/AuthenticationManager.cpp:
+ (WebKit::AuthenticationManager::rejectProtectionSpaceAndContinueForSingleChallenge):
+ * Shared/Authentication/AuthenticationManager.h:
+ * UIProcess/API/C/WKAuthenticationChallenge.cpp:
+ (WKAuthenticationChallengeGetDecisionListener):
+ (WKAuthenticationChallengeGetProtectionSpace):
+ (WKAuthenticationChallengeGetProposedCredential):
+ (WKAuthenticationChallengeGetPreviousFailureCount):
+ * UIProcess/API/C/WKPage.cpp:
+ (WKPageSetPageNavigationClient):
+ * UIProcess/API/Cocoa/WKNSURLAuthenticationChallenge.mm:
+ (-[WKNSURLAuthenticationChallengeSender cancelAuthenticationChallenge:]):
+ (-[WKNSURLAuthenticationChallengeSender continueWithoutCredentialForAuthenticationChallenge:]):
+ (-[WKNSURLAuthenticationChallengeSender useCredential:forAuthenticationChallenge:]):
+ (-[WKNSURLAuthenticationChallengeSender performDefaultHandlingForAuthenticationChallenge:]):
+ (-[WKNSURLAuthenticationChallengeSender rejectProtectionSpaceAndContinueWithChallenge:]):
+ * UIProcess/Authentication/AuthenticationChallengeProxy.cpp:
+ (WebKit::AuthenticationChallengeProxy::AuthenticationChallengeProxy):
+ (WebKit::AuthenticationChallengeProxy::~AuthenticationChallengeProxy): Deleted.
+ (WebKit::AuthenticationChallengeProxy::useCredential): Deleted.
+ (WebKit::AuthenticationChallengeProxy::cancel): Deleted.
+ (WebKit::AuthenticationChallengeProxy::performDefaultHandling): Deleted.
+ (WebKit::AuthenticationChallengeProxy::rejectProtectionSpaceAndContinue): Deleted.
+ (WebKit::AuthenticationChallengeProxy::proposedCredential const): Deleted.
+ (WebKit::AuthenticationChallengeProxy::protectionSpace const): Deleted.
+ (WebKit::AuthenticationChallengeProxy::setSecKeyProxyStore): Deleted.
+ * UIProcess/Authentication/AuthenticationChallengeProxy.h:
+ (WebKit::AuthenticationChallengeProxy::create):
+ (WebKit::AuthenticationChallengeProxy::listener const):
+ (WebKit::AuthenticationChallengeProxy::previousFailureCount const): Deleted.
+ * UIProcess/Authentication/AuthenticationDecisionListener.cpp:
+ (WebKit::AuthenticationDecisionListener::AuthenticationDecisionListener):
+ (WebKit::AuthenticationDecisionListener::~AuthenticationDecisionListener):
+ (WebKit::AuthenticationDecisionListener::useCredential):
+ (WebKit::AuthenticationDecisionListener::cancel):
+ (WebKit::AuthenticationDecisionListener::performDefaultHandling):
+ (WebKit::AuthenticationDecisionListener::rejectProtectionSpaceAndContinue):
+ (WebKit::AuthenticationDecisionListener::detachChallenge): Deleted.
+ * UIProcess/Authentication/AuthenticationDecisionListener.h:
+ (WebKit::AuthenticationDecisionListener::create):
+ * UIProcess/Authentication/cocoa/AuthenticationChallengeProxyCocoa.mm:
+ (WebKit::AuthenticationChallengeProxy::sendClientCertificateCredentialOverXpc):
+ (WebKit::AuthenticationChallengeProxy::sendClientCertificateCredentialOverXpc const): Deleted.
+ * UIProcess/Cocoa/DownloadClient.mm:
+ (WebKit::DownloadClient::didReceiveAuthenticationChallenge):
+ * UIProcess/Cocoa/NavigationState.mm:
+ (WebKit::NavigationState::NavigationClient::didReceiveAuthenticationChallenge):
+ * UIProcess/Downloads/DownloadProxy.cpp:
+ (WebKit::DownloadProxy::didReceiveAuthenticationChallenge):
+ * UIProcess/Network/NetworkProcessProxy.cpp:
+ (WebKit::NetworkProcessProxy::didReceiveAuthenticationChallenge):
+ * UIProcess/ServiceWorkerProcessProxy.cpp:
+ (WebKit::ServiceWorkerProcessProxy::didReceiveAuthenticationChallenge):
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::secKeyProxyStore):
+ (WebKit::WebPageProxy::didReceiveAuthenticationChallengeProxy):
+ * UIProcess/WebPageProxy.h:
+
2018-09-18 Ben Richards <benton_richards@apple.com>
Add script to generate WebContent service resource files and change XPC service main SPI to have it's own header
return NSURLSessionAuthChallengePerformDefaultHandling;
case WebKit::AuthenticationChallengeDisposition::Cancel:
return NSURLSessionAuthChallengeCancelAuthenticationChallenge;
- case WebKit::AuthenticationChallengeDisposition::RejectProtectionSpace:
+ case WebKit::AuthenticationChallengeDisposition::RejectProtectionSpaceAndContinue:
return NSURLSessionAuthChallengeRejectProtectionSpace;
}
}
ASSERT(!challenge.challenge.isNull());
if (challenge.completionHandler)
- challenge.completionHandler(AuthenticationChallengeDisposition::RejectProtectionSpace, Credential());
+ challenge.completionHandler(AuthenticationChallengeDisposition::RejectProtectionSpaceAndContinue, { });
else
ASSERT_NOT_REACHED();
}
UseCredential,
PerformDefaultHandling,
Cancel,
- RejectProtectionSpace
+ RejectProtectionSpaceAndContinue
};
using ChallengeCompletionHandler = CompletionHandler<void(AuthenticationChallengeDisposition, const WebCore::Credential&)>;
WKAuthenticationDecisionListenerRef WKAuthenticationChallengeGetDecisionListener(WKAuthenticationChallengeRef challenge)
{
- return toAPI(toImpl(challenge)->listener());
+ return toAPI(&toImpl(challenge)->listener());
}
WKProtectionSpaceRef WKAuthenticationChallengeGetProtectionSpace(WKAuthenticationChallengeRef challenge)
int WKAuthenticationChallengeGetPreviousFailureCount(WKAuthenticationChallengeRef challenge)
{
- return toImpl(challenge)->previousFailureCount();
+ return toImpl(challenge)->core().previousFailureCount();
}
void WKAuthenticationDecisionListenerUseCredential(WKAuthenticationDecisionListenerRef authenticationListener, WKCredentialRef credential)
{
- toImpl(authenticationListener)->useCredential(toImpl(credential));
+ if (credential)
+ toImpl(authenticationListener)->useCredential(toImpl(credential)->credential());
+ else
+ toImpl(authenticationListener)->useCredential(std::nullopt);
}
void WKAuthenticationDecisionListenerCancel(WKAuthenticationDecisionListenerRef authenticationListener)
#include "APIWebsitePolicies.h"
#include "APIWindowFeatures.h"
#include "AuthenticationChallengeProxy.h"
+#include "AuthenticationDecisionListener.h"
#include "LegacySessionStateCoding.h"
#include "Logging.h"
#include "NativeWebKeyboardEvent.h"
void didReceiveAuthenticationChallenge(WebPageProxy& page, AuthenticationChallengeProxy& authenticationChallenge) override
{
- if (m_client.canAuthenticateAgainstProtectionSpace && !m_client.canAuthenticateAgainstProtectionSpace(toAPI(&page), toAPI(authenticationChallenge.protectionSpace()), m_client.base.clientInfo))
- return authenticationChallenge.rejectProtectionSpaceAndContinue();
+ if (m_client.canAuthenticateAgainstProtectionSpace && !m_client.canAuthenticateAgainstProtectionSpace(toAPI(&page), toAPI(WebProtectionSpace::create(authenticationChallenge.core().protectionSpace()).ptr()), m_client.base.clientInfo))
+ return authenticationChallenge.listener().rejectProtectionSpaceAndContinue();
if (!m_client.didReceiveAuthenticationChallenge)
- return authenticationChallenge.performDefaultHandling();
+ return authenticationChallenge.listener().performDefaultHandling();
m_client.didReceiveAuthenticationChallenge(toAPI(&page), toAPI(&authenticationChallenge), m_client.base.clientInfo);
}
{
checkChallenge(challenge);
WebKit::AuthenticationChallengeProxy& webChallenge = ((WKNSURLAuthenticationChallenge *)challenge)._web_authenticationChallengeProxy;
- webChallenge.listener()->cancel();
+ webChallenge.listener().cancel();
}
- (void)continueWithoutCredentialForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
checkChallenge(challenge);
WebKit::AuthenticationChallengeProxy& webChallenge = ((WKNSURLAuthenticationChallenge *)challenge)._web_authenticationChallengeProxy;
- webChallenge.listener()->useCredential(nullptr);
+ webChallenge.listener().useCredential(std::nullopt);
}
- (void)useCredential:(NSURLCredential *)credential forAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
checkChallenge(challenge);
WebKit::AuthenticationChallengeProxy& webChallenge = ((WKNSURLAuthenticationChallenge *)challenge)._web_authenticationChallengeProxy;
- webChallenge.listener()->useCredential(WebKit::WebCredential::create(WebCore::Credential(credential)).ptr());
+ webChallenge.listener().useCredential(WebCore::Credential(credential));
}
- (void)performDefaultHandlingForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
checkChallenge(challenge);
WebKit::AuthenticationChallengeProxy& webChallenge = ((WKNSURLAuthenticationChallenge *)challenge)._web_authenticationChallengeProxy;
- webChallenge.listener()->performDefaultHandling();
+ webChallenge.listener().performDefaultHandling();
}
- (void)rejectProtectionSpaceAndContinueWithChallenge:(NSURLAuthenticationChallenge *)challenge
{
checkChallenge(challenge);
WebKit::AuthenticationChallengeProxy& webChallenge = ((WKNSURLAuthenticationChallenge *)challenge)._web_authenticationChallengeProxy;
- webChallenge.listener()->rejectProtectionSpaceAndContinue();
+ webChallenge.listener().rejectProtectionSpaceAndContinue();
}
@end
#include "WebKitAuthenticationRequestPrivate.h"
#include "WebKitCredentialPrivate.h"
#include "WebProtectionSpace.h"
+#include <WebCore/AuthenticationChallenge.h>
+#include <WebCore/ProtectionSpace.h>
#include <glib/gi18n-lib.h>
#include <wtf/glib/WTFGType.h>
#include <wtf/text/CString.h>
{
g_return_val_if_fail(WEBKIT_IS_AUTHENTICATION_REQUEST(request), 0);
- const WebCore::Credential& credential = request->priv->authenticationChallenge->proposedCredential()->credential();
+ const auto& credential = request->priv->authenticationChallenge->core().proposedCredential();
if (credential.isEmpty())
return 0;
g_return_val_if_fail(WEBKIT_IS_AUTHENTICATION_REQUEST(request), 0);
if (request->priv->host.isNull())
- request->priv->host = request->priv->authenticationChallenge->protectionSpace()->host().utf8();
+ request->priv->host = request->priv->authenticationChallenge->core().protectionSpace().host().utf8();
return request->priv->host.data();
}
{
g_return_val_if_fail(WEBKIT_IS_AUTHENTICATION_REQUEST(request), 0);
- return request->priv->authenticationChallenge->protectionSpace()->port();
+ return request->priv->authenticationChallenge->core().protectionSpace().port();
}
/**
g_return_val_if_fail(WEBKIT_IS_AUTHENTICATION_REQUEST(request), 0);
if (request->priv->realm.isNull())
- request->priv->realm = request->priv->authenticationChallenge->protectionSpace()->realm().utf8();
+ request->priv->realm = request->priv->authenticationChallenge->core().protectionSpace().realm().utf8();
return request->priv->realm.data();
}
{
g_return_val_if_fail(WEBKIT_IS_AUTHENTICATION_REQUEST(request), WEBKIT_AUTHENTICATION_SCHEME_UNKNOWN);
- return toWebKitAuthenticationScheme(request->priv->authenticationChallenge->protectionSpace()->authenticationScheme());
+ return toWebKitAuthenticationScheme(request->priv->authenticationChallenge->core().protectionSpace().authenticationScheme());
}
/**
{
g_return_val_if_fail(WEBKIT_IS_AUTHENTICATION_REQUEST(request), FALSE);
- return request->priv->authenticationChallenge->protectionSpace()->isProxy();
+ return request->priv->authenticationChallenge->core().protectionSpace().isProxy();
}
/**
{
g_return_val_if_fail(WEBKIT_IS_AUTHENTICATION_REQUEST(request), 0);
- return request->priv->authenticationChallenge->previousFailureCount() ? TRUE : FALSE;
+ return request->priv->authenticationChallenge->core().previousFailureCount() ? TRUE : FALSE;
}
/**
g_return_if_fail(WEBKIT_IS_AUTHENTICATION_REQUEST(request));
if (credential)
- request->priv->authenticationChallenge->listener()->useCredential(WebCredential::create(webkitCredentialGetCredential(credential)).ptr());
+ request->priv->authenticationChallenge->listener().useCredential(webkitCredentialGetCredential(credential));
else
- request->priv->authenticationChallenge->listener()->useCredential(nullptr);
+ request->priv->authenticationChallenge->listener().useCredential(std::nullopt);
request->priv->handledRequest = true;
}
{
g_return_if_fail(WEBKIT_IS_AUTHENTICATION_REQUEST(request));
- request->priv->authenticationChallenge->listener()->cancel();
+ request->priv->authenticationChallenge->listener().cancel();
g_signal_emit(request, signals[CANCELLED], 0);
}
#include "AuthenticationChallengeProxy.h"
#include "AuthenticationDecisionListener.h"
+#include "AuthenticationManager.h"
#include "AuthenticationManagerMessages.h"
#include "ChildProcessProxy.h"
#include "WebCertificateInfo.h"
namespace WebKit {
-AuthenticationChallengeProxy::AuthenticationChallengeProxy(WebCore::AuthenticationChallenge&& authenticationChallenge, uint64_t challengeID, IPC::Connection* connection)
+AuthenticationChallengeProxy::AuthenticationChallengeProxy(WebCore::AuthenticationChallenge&& authenticationChallenge, uint64_t challengeID, Ref<IPC::Connection>&& connection, WeakPtr<SecKeyProxyStore>&& secKeyProxyStore)
: m_coreAuthenticationChallenge(WTFMove(authenticationChallenge))
- , m_challengeID(challengeID)
- , m_connection(connection)
-{
- ASSERT(m_challengeID);
- m_listener = AuthenticationDecisionListener::create(this);
-}
-
-AuthenticationChallengeProxy::~AuthenticationChallengeProxy()
-{
- // If an outstanding AuthenticationChallengeProxy is being destroyed even though it hasn't been responded to yet,
- // we cancel it here so the process isn't waiting for an answer forever.
- if (m_challengeID)
- m_connection->send(Messages::AuthenticationManager::CancelChallenge(m_challengeID), 0);
-
- if (m_listener)
- m_listener->detachChallenge();
-}
-
-void AuthenticationChallengeProxy::useCredential(WebCredential* credential)
-{
- if (!m_challengeID)
- return;
-
- uint64_t challengeID = m_challengeID;
- m_challengeID = 0;
-
- if (!credential) {
- m_connection->send(Messages::AuthenticationManager::ContinueWithoutCredentialForChallenge(challengeID), 0);
- return;
- }
-
+ , m_listener(AuthenticationDecisionListener::create([challengeID, connection = WTFMove(connection), secKeyProxyStore = WTFMove(secKeyProxyStore)](AuthenticationChallengeDisposition disposition, std::optional<WebCore::Credential>&& credential) {
+ switch (disposition) {
+ case AuthenticationChallengeDisposition::Cancel:
+ connection->send(Messages::AuthenticationManager::CancelChallenge(challengeID), 0);
+ break;
+ case AuthenticationChallengeDisposition::PerformDefaultHandling:
+ connection->send(Messages::AuthenticationManager::PerformDefaultHandling(challengeID), 0);
+ break;
+ case AuthenticationChallengeDisposition::RejectProtectionSpaceAndContinue:
+ connection->send(Messages::AuthenticationManager::RejectProtectionSpaceAndContinue(challengeID), 0);
+ break;
+ case AuthenticationChallengeDisposition::UseCredential:
+ if (!credential) {
+ connection->send(Messages::AuthenticationManager::ContinueWithoutCredentialForChallenge(challengeID), 0);
+ break;
+ }
+
#if HAVE(SEC_KEY_PROXY)
- if (protectionSpace()->authenticationScheme() == WebCore::ProtectionSpaceAuthenticationSchemeClientCertificateRequested) {
- if (!m_secKeyProxyStore) {
- m_connection->send(Messages::AuthenticationManager::ContinueWithoutCredentialForChallenge(challengeID), 0);
- return;
- }
- m_secKeyProxyStore->initialize(credential->credential());
- sendClientCertificateCredentialOverXpc(challengeID, credential->credential());
- return;
- }
+ if (secKeyProxyStore) {
+ secKeyProxyStore->initialize(*credential);
+ sendClientCertificateCredentialOverXpc(connection, *secKeyProxyStore, challengeID, *credential);
+ break;
+ }
#endif
- m_connection->send(Messages::AuthenticationManager::UseCredentialForChallenge(challengeID, credential->credential()), 0);
-}
-void AuthenticationChallengeProxy::cancel()
-{
- if (!m_challengeID)
- return;
-
- m_connection->send(Messages::AuthenticationManager::CancelChallenge(m_challengeID), 0);
-
- m_challengeID = 0;
-}
-
-void AuthenticationChallengeProxy::performDefaultHandling()
-{
- if (!m_challengeID)
- return;
-
- m_connection->send(Messages::AuthenticationManager::PerformDefaultHandling(m_challengeID), 0);
-
- m_challengeID = 0;
-}
-
-void AuthenticationChallengeProxy::rejectProtectionSpaceAndContinue()
+ connection->send(Messages::AuthenticationManager::UseCredentialForChallenge(challengeID, *credential), 0);
+ }
+ }))
{
- if (!m_challengeID)
- return;
-
- m_connection->send(Messages::AuthenticationManager::RejectProtectionSpaceAndContinue(m_challengeID), 0);
-
- m_challengeID = 0;
}
WebCredential* AuthenticationChallengeProxy::proposedCredential() const
{
if (!m_webCredential)
m_webCredential = WebCredential::create(m_coreAuthenticationChallenge.proposedCredential());
-
+
return m_webCredential.get();
}
{
if (!m_webProtectionSpace)
m_webProtectionSpace = WebProtectionSpace::create(m_coreAuthenticationChallenge.protectionSpace());
-
- return m_webProtectionSpace.get();
-}
-#if HAVE(SEC_KEY_PROXY)
-void AuthenticationChallengeProxy::setSecKeyProxyStore(SecKeyProxyStore& store)
-{
- m_secKeyProxyStore = makeWeakPtr(store);
+ return m_webProtectionSpace.get();
}
-#endif
} // namespace WebKit
class AuthenticationChallengeProxy : public API::ObjectImpl<API::Object::Type::AuthenticationChallenge> {
public:
- static Ref<AuthenticationChallengeProxy> create(WebCore::AuthenticationChallenge&& authenticationChallenge, uint64_t challengeID, IPC::Connection* connection)
+ static Ref<AuthenticationChallengeProxy> create(WebCore::AuthenticationChallenge&& authenticationChallenge, uint64_t challengeID, Ref<IPC::Connection>&& connection, WeakPtr<SecKeyProxyStore>&& secKeyProxyStore)
{
- return adoptRef(*new AuthenticationChallengeProxy(WTFMove(authenticationChallenge), challengeID, connection));
+ return adoptRef(*new AuthenticationChallengeProxy(WTFMove(authenticationChallenge), challengeID, WTFMove(connection), WTFMove(secKeyProxyStore)));
}
-
- ~AuthenticationChallengeProxy();
-
- void useCredential(WebCredential*);
- void cancel();
- void performDefaultHandling();
- void rejectProtectionSpaceAndContinue();
- AuthenticationDecisionListener* listener() const { return m_listener.get(); }
WebCredential* proposedCredential() const;
WebProtectionSpace* protectionSpace() const;
- int previousFailureCount() const { return m_coreAuthenticationChallenge.previousFailureCount(); }
- const WebCore::AuthenticationChallenge& core() { return m_coreAuthenticationChallenge; }
-#if HAVE(SEC_KEY_PROXY)
- void setSecKeyProxyStore(SecKeyProxyStore&);
-#endif
+ AuthenticationDecisionListener& listener() const { return m_listener.get(); }
+ const WebCore::AuthenticationChallenge& core() { return m_coreAuthenticationChallenge; }
private:
- AuthenticationChallengeProxy(WebCore::AuthenticationChallenge&&, uint64_t challengeID, IPC::Connection*);
+ AuthenticationChallengeProxy(WebCore::AuthenticationChallenge&&, uint64_t challengeID, Ref<IPC::Connection>&&, WeakPtr<SecKeyProxyStore>&&);
#if HAVE(SEC_KEY_PROXY)
- void sendClientCertificateCredentialOverXpc(uint64_t challengeID, const WebCore::Credential&) const;
+ static void sendClientCertificateCredentialOverXpc(IPC::Connection&, SecKeyProxyStore&, uint64_t challengeID, const WebCore::Credential&);
#endif
WebCore::AuthenticationChallenge m_coreAuthenticationChallenge;
- uint64_t m_challengeID;
- RefPtr<IPC::Connection> m_connection;
- RefPtr<AuthenticationDecisionListener> m_listener;
mutable RefPtr<WebCredential> m_webCredential;
mutable RefPtr<WebProtectionSpace> m_webProtectionSpace;
-
-#if HAVE(SEC_KEY_PROXY)
- WeakPtr<SecKeyProxyStore> m_secKeyProxyStore;
-#endif
+ Ref<AuthenticationDecisionListener> m_listener;
};
} // namespace WebKit
#include "AuthenticationDecisionListener.h"
#include "AuthenticationChallengeProxy.h"
+#include "AuthenticationManager.h"
#include "AuthenticationManagerMessages.h"
#include "WebCertificateInfo.h"
#include "WebCredential.h"
namespace WebKit {
-AuthenticationDecisionListener::AuthenticationDecisionListener(AuthenticationChallengeProxy* authenticationChallenge)
- : m_challengeProxy(authenticationChallenge)
+AuthenticationDecisionListener::AuthenticationDecisionListener(CompletionHandler<void(AuthenticationChallengeDisposition, std::optional<WebCore::Credential>&&)>&& completionHandler)
+ : m_completionHandler(WTFMove(completionHandler))
{
}
-void AuthenticationDecisionListener::useCredential(WebCredential* credential)
+AuthenticationDecisionListener::~AuthenticationDecisionListener()
{
- if (m_challengeProxy)
- m_challengeProxy->useCredential(credential);
+ if (m_completionHandler)
+ m_completionHandler(AuthenticationChallengeDisposition::Cancel, std::nullopt);
}
-void AuthenticationDecisionListener::cancel()
+void AuthenticationDecisionListener::useCredential(std::optional<WebCore::Credential>&& credential)
{
- if (m_challengeProxy)
- m_challengeProxy->cancel();
+ if (m_completionHandler)
+ m_completionHandler(AuthenticationChallengeDisposition::UseCredential, WTFMove(credential));
}
-void AuthenticationDecisionListener::performDefaultHandling()
+void AuthenticationDecisionListener::cancel()
{
- if (m_challengeProxy)
- m_challengeProxy->performDefaultHandling();
+ if (m_completionHandler)
+ m_completionHandler(AuthenticationChallengeDisposition::Cancel, std::nullopt);
}
-void AuthenticationDecisionListener::rejectProtectionSpaceAndContinue()
+void AuthenticationDecisionListener::performDefaultHandling()
{
- if (m_challengeProxy)
- m_challengeProxy->rejectProtectionSpaceAndContinue();
+ if (m_completionHandler)
+ m_completionHandler(AuthenticationChallengeDisposition::PerformDefaultHandling, std::nullopt);
}
-void AuthenticationDecisionListener::detachChallenge()
+void AuthenticationDecisionListener::rejectProtectionSpaceAndContinue()
{
- m_challengeProxy = 0;
+ if (m_completionHandler)
+ m_completionHandler(AuthenticationChallengeDisposition::RejectProtectionSpaceAndContinue, std::nullopt);
}
} // namespace WebKit
* THE POSSIBILITY OF SUCH DAMAGE.
*/
-#ifndef AuthenticationDecisionListener_h
-#define AuthenticationDecisionListener_h
+#pragma once
#include "APIObject.h"
-#include <wtf/RefPtr.h>
+#include <WebCore/Credential.h>
+#include <wtf/CompletionHandler.h>
namespace WebKit {
+enum class AuthenticationChallengeDisposition;
class AuthenticationChallengeProxy;
-class WebCredential;
class AuthenticationDecisionListener : public API::ObjectImpl<API::Object::Type::AuthenticationDecisionListener> {
public:
- static Ref<AuthenticationDecisionListener> create(AuthenticationChallengeProxy* authenticationChallenge)
+ static Ref<AuthenticationDecisionListener> create(CompletionHandler<void(AuthenticationChallengeDisposition, std::optional<WebCore::Credential>&&)>&& completionHandler)
{
- return adoptRef(*new AuthenticationDecisionListener(authenticationChallenge));
+ return adoptRef(*new AuthenticationDecisionListener(WTFMove(completionHandler)));
}
+ ~AuthenticationDecisionListener();
- void useCredential(WebCredential*);
+ void useCredential(std::optional<WebCore::Credential>&&);
void cancel();
void performDefaultHandling();
void rejectProtectionSpaceAndContinue();
- void detachChallenge();
-
private:
- explicit AuthenticationDecisionListener(AuthenticationChallengeProxy*);
+ explicit AuthenticationDecisionListener(CompletionHandler<void(AuthenticationChallengeDisposition, std::optional<WebCore::Credential>&&)>&&);
- AuthenticationChallengeProxy* m_challengeProxy;
+ CompletionHandler<void(AuthenticationChallengeDisposition, std::optional<WebCore::Credential>&&)> m_completionHandler;
};
} // namespace WebKit
-
-#endif // WebAuthenticationDecisionListener_h
namespace WebKit {
-void AuthenticationChallengeProxy::sendClientCertificateCredentialOverXpc(uint64_t challengeID, const WebCore::Credential& credential) const
+void AuthenticationChallengeProxy::sendClientCertificateCredentialOverXpc(IPC::Connection& connection, SecKeyProxyStore& secKeyProxyStore, uint64_t challengeID, const WebCore::Credential& credential)
{
- ASSERT(m_secKeyProxyStore);
- ASSERT(m_secKeyProxyStore->isInitialized());
+ ASSERT(secKeyProxyStore.isInitialized());
auto message = adoptOSObject(xpc_dictionary_create(nullptr, nullptr, 0));
xpc_dictionary_set_string(message.get(), clientCertificateAuthenticationXPCMessageNameKey, clientCertificateAuthenticationXPCMessageNameValue);
xpc_dictionary_set_uint64(message.get(), clientCertificateAuthenticationXPCChallengeIDKey, challengeID);
- xpc_dictionary_set_value(message.get(), clientCertificateAuthenticationXPCSecKeyProxyEndpointKey, m_secKeyProxyStore->get().endpoint._endpoint);
+ xpc_dictionary_set_value(message.get(), clientCertificateAuthenticationXPCSecKeyProxyEndpointKey, secKeyProxyStore.get().endpoint._endpoint);
auto certificateDataArray = adoptOSObject(xpc_array_create(nullptr, 0));
for (id certificate in credential.nsCredential().certificates) {
auto data = adoptCF(SecCertificateCopyData((SecCertificateRef)certificate));
xpc_dictionary_set_value(message.get(), clientCertificateAuthenticationXPCCertificatesKey, certificateDataArray.get());
xpc_dictionary_set_uint64(message.get(), clientCertificateAuthenticationXPCPersistenceKey, static_cast<uint64_t>(credential.nsCredential().persistence));
- xpc_connection_send_message(m_connection->xpcConnection(), message.get());
+ xpc_connection_send_message(connection.xpcConnection(), message.get());
}
} // namespace WebKit
{
// FIXME: System Preview needs code here.
if (!m_delegateMethods.downloadDidReceiveAuthenticationChallengeCompletionHandler) {
- authenticationChallenge.listener()->performDefaultHandling();
+ authenticationChallenge.listener().performDefaultHandling();
return;
}
return;
checker->didCallCompletionHandler();
switch (disposition) {
- case NSURLSessionAuthChallengeUseCredential: {
- RefPtr<WebCredential> webCredential;
+ case NSURLSessionAuthChallengeUseCredential:
if (credential)
- webCredential = WebCredential::create(WebCore::Credential(credential));
-
- authenticationChallenge->listener()->useCredential(webCredential.get());
+ authenticationChallenge->listener().useCredential(WebCore::Credential(credential));
+ else
+ authenticationChallenge->listener().useCredential(std::nullopt);
break;
- }
-
case NSURLSessionAuthChallengePerformDefaultHandling:
- authenticationChallenge->listener()->performDefaultHandling();
+ authenticationChallenge->listener().performDefaultHandling();
break;
case NSURLSessionAuthChallengeCancelAuthenticationChallenge:
- authenticationChallenge->listener()->cancel();
+ authenticationChallenge->listener().cancel();
break;
case NSURLSessionAuthChallengeRejectProtectionSpace:
- authenticationChallenge->listener()->rejectProtectionSpaceAndContinue();
+ authenticationChallenge->listener().rejectProtectionSpaceAndContinue();
break;
default:
void NavigationState::NavigationClient::didReceiveAuthenticationChallenge(WebPageProxy&, AuthenticationChallengeProxy& authenticationChallenge)
{
if (!m_navigationState.m_navigationDelegateMethods.webViewDidReceiveAuthenticationChallengeCompletionHandler)
- return authenticationChallenge.performDefaultHandling();
+ return authenticationChallenge.listener().performDefaultHandling();
auto navigationDelegate = m_navigationState.m_navigationDelegate.get();
if (!navigationDelegate)
- return authenticationChallenge.performDefaultHandling();
+ return authenticationChallenge.listener().performDefaultHandling();
auto checker = CompletionHandlerCallChecker::create(navigationDelegate.get(), @selector(webView:didReceiveAuthenticationChallenge:completionHandler:));
[static_cast<id <WKNavigationDelegatePrivate>>(navigationDelegate.get()) webView:m_navigationState.m_webView didReceiveAuthenticationChallenge:wrapper(authenticationChallenge) completionHandler:BlockPtr<void(NSURLSessionAuthChallengeDisposition, NSURLCredential *)>::fromCallable([challenge = makeRef(authenticationChallenge), checker = WTFMove(checker)](NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential) {
checker->didCallCompletionHandler();
switch (disposition) {
- case NSURLSessionAuthChallengeUseCredential: {
- RefPtr<WebCredential> webCredential;
+ case NSURLSessionAuthChallengeUseCredential:
if (credential)
- webCredential = WebCredential::create(WebCore::Credential(credential));
-
- challenge->useCredential(webCredential.get());
+ challenge->listener().useCredential(Credential(credential));
+ else
+ challenge->listener().useCredential(std::nullopt);
break;
- }
-
case NSURLSessionAuthChallengePerformDefaultHandling:
- challenge->performDefaultHandling();
+ challenge->listener().performDefaultHandling();
break;
case NSURLSessionAuthChallengeCancelAuthenticationChallenge:
- challenge->cancel();
+ challenge->listener().cancel();
break;
case NSURLSessionAuthChallengeRejectProtectionSpace:
- challenge->rejectProtectionSpaceAndContinue();
+ challenge->listener().rejectProtectionSpaceAndContinue();
break;
default:
if (!m_processPool)
return;
- auto authenticationChallengeProxy = AuthenticationChallengeProxy::create(WTFMove(authenticationChallenge), challengeID, m_processPool->networkingProcessConnection());
+ auto authenticationChallengeProxy = AuthenticationChallengeProxy::create(WTFMove(authenticationChallenge), challengeID, makeRef(*m_processPool->networkingProcessConnection()), nullptr);
m_processPool->downloadClient().didReceiveAuthenticationChallenge(*m_processPool, *this, authenticationChallengeProxy.get());
}
{
#if ENABLE(SERVICE_WORKER)
if (auto* serviceWorkerProcessProxy = m_processPool.serviceWorkerProcessProxyFromPageID(pageID)) {
- auto authenticationChallenge = AuthenticationChallengeProxy::create(WTFMove(coreChallenge), challengeID, connection());
+ auto authenticationChallenge = AuthenticationChallengeProxy::create(WTFMove(coreChallenge), challengeID, makeRef(*connection()), nullptr);
serviceWorkerProcessProxy->didReceiveAuthenticationChallenge(pageID, frameID, WTFMove(authenticationChallenge));
return;
}
WebPageProxy* page = WebProcessProxy::webPage(pageID);
MESSAGE_CHECK(page);
- auto authenticationChallenge = AuthenticationChallengeProxy::create(WTFMove(coreChallenge), challengeID, connection());
+ auto authenticationChallenge = AuthenticationChallengeProxy::create(WTFMove(coreChallenge), challengeID, makeRef(*connection()), page->secKeyProxyStore(coreChallenge));
page->didReceiveAuthenticationChallengeProxy(frameID, WTFMove(authenticationChallenge));
}
#if ENABLE(SERVICE_WORKER)
#include "AuthenticationChallengeProxy.h"
+#include "AuthenticationDecisionListener.h"
#include "WebCredential.h"
#include "WebPageGroup.h"
#include "WebPreferencesStore.h"
auto& protectionSpace = challenge->core().protectionSpace();
if (protectionSpace.authenticationScheme() == WebCore::ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested && processPool().allowsAnySSLCertificateForServiceWorker()) {
auto credential = WebCore::Credential("accept server trust"_s, emptyString(), WebCore::CredentialPersistenceNone);
- challenge->useCredential(WebCredential::create(credential).ptr());
+ challenge->listener().useCredential(credential);
return;
}
notImplemented();
- challenge->performDefaultHandling();
+ challenge->listener().performDefaultHandling();
}
void ServiceWorkerProcessProxy::didFinishLaunching(ProcessLauncher* launcher, IPC::Connection::Identifier connectionIdentifier)
#endif
-void WebPageProxy::didReceiveAuthenticationChallengeProxy(uint64_t, Ref<AuthenticationChallengeProxy>&& authenticationChallenge)
+WeakPtr<SecKeyProxyStore> WebPageProxy::secKeyProxyStore(const WebCore::AuthenticationChallenge& challenge)
{
#if HAVE(SEC_KEY_PROXY)
- ASSERT(authenticationChallenge->protectionSpace());
- if (authenticationChallenge->protectionSpace()->authenticationScheme() == ProtectionSpaceAuthenticationSchemeClientCertificateRequested) {
+ if (challenge.protectionSpace().authenticationScheme() == ProtectionSpaceAuthenticationSchemeClientCertificateRequested) {
auto secKeyProxyStore = SecKeyProxyStore::create();
- authenticationChallenge->setSecKeyProxyStore(secKeyProxyStore);
+ auto weakPointer = makeWeakPtr(secKeyProxyStore.get());
m_websiteDataStore->addSecKeyProxyStore(WTFMove(secKeyProxyStore));
+ return weakPointer;
}
#endif
-
+ return nullptr;
+}
+
+void WebPageProxy::didReceiveAuthenticationChallengeProxy(uint64_t, Ref<AuthenticationChallengeProxy>&& authenticationChallenge)
+{
if (m_navigationClient)
m_navigationClient->didReceiveAuthenticationChallenge(*this, authenticationChallenge.get());
else
- authenticationChallenge->performDefaultHandling();
+ authenticationChallenge->listener().performDefaultHandling();
}
void WebPageProxy::exceededDatabaseQuota(uint64_t frameID, const String& originIdentifier, const String& databaseName, const String& displayName, uint64_t currentQuota, uint64_t currentOriginUsage, uint64_t currentDatabaseUsage, uint64_t expectedUsage, Messages::WebPageProxy::ExceededDatabaseQuota::DelayedReply&& reply)
class RemoteLayerTreeScrollingPerformanceData;
class RemoteLayerTreeTransaction;
class RemoteScrollingCoordinatorProxy;
+class SecKeyProxyStore;
class UserData;
class ViewSnapshot;
class VisitedLinkStore;
void initializeWebPage();
+ WeakPtr<SecKeyProxyStore> secKeyProxyStore(const WebCore::AuthenticationChallenge&);
+
void close();
bool tryClose();
bool isClosed() const { return m_isClosed; }