[Curl] Suppress extra didReceiveAuthenticationChallenge call when accessing a server...
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 12 May 2019 23:05:20 +0000 (23:05 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 12 May 2019 23:05:20 +0000 (23:05 +0000)
https://bugs.webkit.org/show_bug.cgi?id=197650

Patch by Takashi Komori <Takashi.Komori@sony.com> on 2019-05-12
Reviewed by Fujii Hironori.

Source/WebCore:

When Curl port accesses a page which checks Basic Authentication credential and server trust challenge occurs,
Curl port calls extra didReceiveAuthenticationChallenge unnecessarily.
This is because Curl port discards information about allowed server trust challenge before in NetworkDataTaskCurl::restartWithCredential.

Test: http/tests/ssl/curl/certificate-and-authentication.html

* platform/network/curl/CurlRequest.h:
(WebCore::CurlRequest::isServerTrustEvaluationDisabled):

Source/WebKit:

* NetworkProcess/curl/NetworkDataTaskCurl.cpp:
(WebKit::NetworkDataTaskCurl::restartWithCredential):

LayoutTests:

* TestExpectations:
* http/tests/resources/basic-auth.php: Added.
* http/tests/ssl/curl/certificate-and-authentication-expected.txt: Added.
* http/tests/ssl/curl/certificate-and-authentication.html: Added.
* platform/wincairo-wk1/TestExpectations:
* platform/wincairo/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@245215 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/TestExpectations
LayoutTests/http/tests/resources/basic-auth.php [new file with mode: 0644]
LayoutTests/http/tests/ssl/curl/certificate-and-authentication-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/ssl/curl/certificate-and-authentication.html [new file with mode: 0644]
LayoutTests/platform/wincairo-wk1/TestExpectations
LayoutTests/platform/wincairo/TestExpectations
Source/WebCore/ChangeLog
Source/WebCore/platform/network/curl/CurlRequest.h
Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp

index 1885fbe..cd9ea7b 100644 (file)
@@ -1,3 +1,17 @@
+2019-05-12  Takashi Komori  <Takashi.Komori@sony.com>
+
+        [Curl] Suppress extra didReceiveAuthenticationChallenge call when accessing a server which checks basic auth.
+        https://bugs.webkit.org/show_bug.cgi?id=197650
+
+        Reviewed by Fujii Hironori.
+
+        * TestExpectations:
+        * http/tests/resources/basic-auth.php: Added.
+        * http/tests/ssl/curl/certificate-and-authentication-expected.txt: Added.
+        * http/tests/ssl/curl/certificate-and-authentication.html: Added.
+        * platform/wincairo-wk1/TestExpectations:
+        * platform/wincairo/TestExpectations:
+
 2019-05-11  Simon Fraser  <simon.fraser@apple.com>
 
         Overflow scroll that becomes non-scrollable should stop being composited
index 18521e1..cdf8129 100644 (file)
@@ -52,6 +52,7 @@ http/tests/events/touch/ios [ Skip ]
 http/tests/preload/viewport [ Skip ]
 http/tests/gzip-content-encoding [ Skip ]
 http/tests/cookies/same-site [ Skip ]
+http/tests/ssl/curl [ Skip ]
 system-preview [ Skip ]
 editing/images [ Skip ]
 pointerevents/ios [ Skip ]
diff --git a/LayoutTests/http/tests/resources/basic-auth.php b/LayoutTests/http/tests/resources/basic-auth.php
new file mode 100644 (file)
index 0000000..95dce5d
--- /dev/null
@@ -0,0 +1,10 @@
+<?php
+  if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_REQUEST['uid']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
+   header('WWW-Authenticate: Basic realm="WebKit Test Realm"');
+   header('HTTP/1.0 401 Unauthorized');
+   echo 'Authentication canceled';
+   exit;
+  } else {
+   echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
+  }
+?>
diff --git a/LayoutTests/http/tests/ssl/curl/certificate-and-authentication-expected.txt b/LayoutTests/http/tests/ssl/curl/certificate-and-authentication-expected.txt
new file mode 100644 (file)
index 0000000..b51bdbd
--- /dev/null
@@ -0,0 +1,4 @@
+localhost:8443 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with user:
+
+PASS Certificate validation and basic authentication 
+
diff --git a/LayoutTests/http/tests/ssl/curl/certificate-and-authentication.html b/LayoutTests/http/tests/ssl/curl/certificate-and-authentication.html
new file mode 100644 (file)
index 0000000..3d69088
--- /dev/null
@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+<html>
+<head>
+<!-- This is a test for https://bugs.webkit.org/show_bug.cgi?id=197650 -->
+<title>Certificate validation and basic authentication</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+<script>
+function with_iframe(url) {
+    return new Promise(function(resolve) {
+        var frame = document.createElement('iframe');
+        frame.className = 'test-iframe';
+        frame.src = url;
+        frame.onload = function() { resolve(frame); };
+        document.body.appendChild(frame);
+    });
+}
+
+async function doTest()
+{
+    assert_true(!!window.testRunner, "Test requires testRunner");
+
+    window.testRunner.setAllowsAnySSLCertificate(true);
+    window.testRunner.setHandlesAuthenticationChallenges(true);
+    window.testRunner.setAuthenticationUsername("user");
+    window.testRunner.setAuthenticationPassword("");
+
+    const currentCallbackCounts = window.testRunner.serverTrustEvaluationCallbackCallsCount;
+
+    const iframe = await with_iframe("https://localhost:8443/resources/basic-auth.php?uid=user");
+    iframe.remove();
+
+    assert_equals(window.testRunner.serverTrustEvaluationCallbackCallsCount - currentCallbackCounts, 1);
+}
+
+doTest().then(done, (e) => { assert_unreached("test failed: " + e); done(); });
+
+</script>
+</body>
+</html>
index 54a9bb7..97a11f4 100644 (file)
@@ -21,6 +21,7 @@ http/tests/security/cookies/third-party-cookie-blocking-user-action.html [ Skip
 http/tests/security/cookies/third-party-cookie-blocking-xslt.xml [ Skip ]
 
 # Server trust evaluation only supported in WK2.
+http/tests/ssl/curl/certificate-and-authentication.html [ Skip ]
 http/tests/ssl/iframe-upgrade.https.html [ Skip ]
 http/tests/ssl/mixedContent/insecure-websocket.html [ Failure ]
 http/tests/ssl/upgrade-origin-usage.html [ Failure ]
index 3291973..4ee7e05 100644 (file)
@@ -948,6 +948,7 @@ http/tests/security/cookies/third-party-cookie-blocking-redirect.html [ Pass ]
 http/tests/security/cookies/third-party-cookie-blocking-user-action.html [ Pass ]
 http/tests/security/cookies/third-party-cookie-blocking-xslt.xml [ Pass ]
 
+http/tests/ssl/curl/certificate-and-authentication.html [ Pass ]
 http/tests/ssl/media-stream [ Skip ]
 
 [ Debug ] http/tests/storage/callbacks-are-called-in-correct-context.html [ Skip ]
index 626c55f..880b4ca 100644 (file)
@@ -1,3 +1,19 @@
+2019-05-12  Takashi Komori  <Takashi.Komori@sony.com>
+
+        [Curl] Suppress extra didReceiveAuthenticationChallenge call when accessing a server which checks basic auth.
+        https://bugs.webkit.org/show_bug.cgi?id=197650
+
+        Reviewed by Fujii Hironori.
+
+        When Curl port accesses a page which checks Basic Authentication credential and server trust challenge occurs,
+        Curl port calls extra didReceiveAuthenticationChallenge unnecessarily.
+        This is because Curl port discards information about allowed server trust challenge before in NetworkDataTaskCurl::restartWithCredential.
+
+        Test: http/tests/ssl/curl/certificate-and-authentication.html
+
+        * platform/network/curl/CurlRequest.h:
+        (WebCore::CurlRequest::isServerTrustEvaluationDisabled):
+
 2019-05-11  Simon Fraser  <simon.fraser@apple.com>
 
         Overflow scroll that becomes non-scrollable should stop being composited
index d13766e..91d4dc9 100644 (file)
@@ -74,6 +74,7 @@ public:
     void invalidateClient();
     WEBCORE_EXPORT void setAuthenticationScheme(ProtectionSpaceAuthenticationScheme);
     WEBCORE_EXPORT void setUserPass(const String&, const String&);
+    bool isServerTrustEvaluationDisabled() { return m_shouldDisableServerTrustEvaluation; }
     void disableServerTrustEvaluation() { m_shouldDisableServerTrustEvaluation = true; }
     void setStartTime(const MonotonicTime& startTime) { m_requestStartTime = startTime; }
 
index cdb9040..244ae3d 100644 (file)
@@ -1,3 +1,13 @@
+2019-05-12  Takashi Komori  <Takashi.Komori@sony.com>
+
+        [Curl] Suppress extra didReceiveAuthenticationChallenge call when accessing a server which checks basic auth.
+        https://bugs.webkit.org/show_bug.cgi?id=197650
+
+        Reviewed by Fujii Hironori.
+
+        * NetworkProcess/curl/NetworkDataTaskCurl.cpp:
+        (WebKit::NetworkDataTaskCurl::restartWithCredential):
+
 2019-05-10  Chris Dumez  <cdumez@apple.com>
 
         [PSON] Prevent flashing when the process-swap is forced by the client
index 36a6b39..77633ba 100644 (file)
@@ -425,12 +425,13 @@ void NetworkDataTaskCurl::restartWithCredential(const ProtectionSpace& protectio
     ASSERT(m_curlRequest);
 
     auto previousRequest = m_curlRequest->resourceRequest();
+    auto shouldDisableServerTrustEvaluation = protectionSpace.authenticationScheme() == ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested || m_curlRequest->isServerTrustEvaluationDisabled();
     m_curlRequest->cancel();
 
     m_curlRequest = createCurlRequest(WTFMove(previousRequest), RequestStatus::ReusedRequest);
     m_curlRequest->setAuthenticationScheme(protectionSpace.authenticationScheme());
     m_curlRequest->setUserPass(credential.user(), credential.password());
-    if (protectionSpace.authenticationScheme() == ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested)
+    if (shouldDisableServerTrustEvaluation)
         m_curlRequest->disableServerTrustEvaluation();
     m_curlRequest->setStartTime(m_startTime);
     m_curlRequest->start();