99b387e17921ae7681e18b75c9280f13bcfe9f43
[WebKit-https.git] / Source / WebCore / platform / network / cf / ResourceHandleCFNet.cpp
1 /*
2  * Copyright (C) 2004, 2005, 2006, 2007, 2009, 2010, 2011 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #include "config.h"
27
28 #include "ResourceHandleInternal.h"
29
30 #include "AuthenticationCF.h"
31 #include "AuthenticationChallenge.h"
32 #include "CredentialStorage.h"
33 #include "CachedResourceLoader.h"
34 #include "FormDataStreamCFNet.h"
35 #include "Frame.h"
36 #include "FrameLoader.h"
37 #include "LoaderRunLoopCF.h"
38 #include "Logging.h"
39 #include "MIMETypeRegistry.h"
40 #include "NetworkingContext.h"
41 #include "ResourceError.h"
42 #include "ResourceHandleClient.h"
43 #include "ResourceResponse.h"
44 #include "SharedBuffer.h"
45 #include "SynchronousLoaderClient.h"
46 #include <CFNetwork/CFNetwork.h>
47 #include <sys/stat.h>
48 #include <sys/types.h>
49 #include <wtf/HashMap.h>
50 #include <wtf/Threading.h>
51 #include <wtf/text/Base64.h>
52 #include <wtf/text/CString.h>
53
54 #if PLATFORM(MAC)
55 #include "WebCoreSystemInterface.h"
56 #if USE(CFNETWORK)
57 #include "WebCoreURLResponse.h"
58 #include <CFNetwork/CFURLConnectionPriv.h>
59 #include <CFNetwork/CFURLRequestPriv.h>
60 #endif
61 #endif
62
63 #if PLATFORM(WIN)
64 #include <WebKitSystemInterface/WebKitSystemInterface.h>
65 #include <process.h>
66
67 // FIXME: Remove this declaration once it's in WebKitSupportLibrary.
68 extern "C" {
69 __declspec(dllimport) CFURLConnectionRef CFURLConnectionCreateWithProperties(
70   CFAllocatorRef           alloc,
71   CFURLRequestRef          request,
72   CFURLConnectionClient *  client,
73   CFDictionaryRef properties);
74 }
75 #endif
76
77 namespace WebCore {
78
79 #if USE(CFNETWORK)
80
81 static HashSet<String>& allowsAnyHTTPSCertificateHosts()
82 {
83     DEFINE_STATIC_LOCAL(HashSet<String>, hosts, ());
84     return hosts;
85 }
86
87 static HashMap<String, RetainPtr<CFDataRef> >& clientCerts()
88 {
89     typedef HashMap<String, RetainPtr<CFDataRef> > CertsMap;
90     DEFINE_STATIC_LOCAL(CertsMap, certs, ());
91     return certs;
92 }
93
94 static void setDefaultMIMEType(CFURLResponseRef response)
95 {
96     static CFStringRef defaultMIMETypeString = defaultMIMEType().createCFString().leakRef();
97     
98     CFURLResponseSetMIMEType(response, defaultMIMETypeString);
99 }
100
101 static void applyBasicAuthorizationHeader(ResourceRequest& request, const Credential& credential)
102 {
103     String authenticationHeader = "Basic " + base64Encode(String(credential.user() + ":" + credential.password()).utf8());
104     request.clearHTTPAuthorization(); // FIXME: Should addHTTPHeaderField be smart enough to not build comma-separated lists in headers like Authorization?
105     request.addHTTPHeaderField("Authorization", authenticationHeader);
106 }
107
108 static CFURLRequestRef willSendRequest(CFURLConnectionRef conn, CFURLRequestRef cfRequest, CFURLResponseRef cfRedirectResponse, const void* clientInfo)
109 {
110 #if LOG_DISABLED
111     UNUSED_PARAM(conn);
112 #endif
113     ResourceHandle* handle = static_cast<ResourceHandle*>(const_cast<void*>(clientInfo));
114
115     if (!cfRedirectResponse) {
116         CFRetain(cfRequest);
117         return cfRequest;
118     }
119
120     LOG(Network, "CFNet - willSendRequest(conn=%p, handle=%p) (%s)", conn, handle, handle->firstRequest().url().string().utf8().data());
121
122     ResourceRequest request;
123     if (cfRedirectResponse) {
124         CFHTTPMessageRef httpMessage = CFURLResponseGetHTTPResponse(cfRedirectResponse);
125         if (httpMessage && CFHTTPMessageGetResponseStatusCode(httpMessage) == 307) {
126             RetainPtr<CFStringRef> lastHTTPMethod = handle->lastHTTPMethod().createCFString();
127             RetainPtr<CFStringRef> newMethod = adoptCF(CFURLRequestCopyHTTPRequestMethod(cfRequest));
128             if (CFStringCompareWithOptions(lastHTTPMethod.get(), newMethod.get(), CFRangeMake(0, CFStringGetLength(lastHTTPMethod.get())), kCFCompareCaseInsensitive)) {
129                 RetainPtr<CFMutableURLRequestRef> mutableRequest(AdoptCF, CFURLRequestCreateMutableCopy(0, cfRequest));
130                 wkSetRequestStorageSession(handle->storageSession(), mutableRequest.get());
131                 CFURLRequestSetHTTPRequestMethod(mutableRequest.get(), lastHTTPMethod.get());
132
133                 FormData* body = handle->firstRequest().httpBody();
134                 if (!equalIgnoringCase(handle->firstRequest().httpMethod(), "GET") && body && !body->isEmpty())
135                     WebCore::setHTTPBody(mutableRequest.get(), body);
136
137                 String originalContentType = handle->firstRequest().httpContentType();
138                 if (!originalContentType.isEmpty())
139                     CFURLRequestSetHTTPHeaderFieldValue(mutableRequest.get(), CFSTR("Content-Type"), originalContentType.createCFString().get());
140
141                 request = mutableRequest.get();
142             }
143         }
144     }
145     if (request.isNull())
146         request = cfRequest;
147
148     // Should not set Referer after a redirect from a secure resource to non-secure one.
149     if (!request.url().protocolIs("https") && protocolIs(request.httpReferrer(), "https") && handle->context()->shouldClearReferrerOnHTTPSToHTTPRedirect())
150         request.clearHTTPReferrer();
151
152     handle->willSendRequest(request, cfRedirectResponse);
153
154     if (request.isNull())
155         return 0;
156
157     cfRequest = request.cfURLRequest(UpdateHTTPBody);
158
159     CFRetain(cfRequest);
160     return cfRequest;
161 }
162
163 static void didReceiveResponse(CFURLConnectionRef conn, CFURLResponseRef cfResponse, const void* clientInfo)
164 {
165 #if LOG_DISABLED
166     UNUSED_PARAM(conn);
167 #endif
168     ResourceHandle* handle = static_cast<ResourceHandle*>(const_cast<void*>(clientInfo));
169
170     LOG(Network, "CFNet - didReceiveResponse(conn=%p, handle=%p) (%s)", conn, handle, handle->firstRequest().url().string().utf8().data());
171
172     if (!handle->client())
173         return;
174
175 #if PLATFORM(MAC)
176     // Avoid MIME type sniffing if the response comes back as 304 Not Modified.
177     CFHTTPMessageRef msg = wkGetCFURLResponseHTTPResponse(cfResponse);
178     int statusCode = msg ? CFHTTPMessageGetResponseStatusCode(msg) : 0;
179
180     if (statusCode != 304)
181         adjustMIMETypeIfNecessary(cfResponse);
182
183     if (_CFURLRequestCopyProtocolPropertyForKey(handle->firstRequest().cfURLRequest(DoNotUpdateHTTPBody), CFSTR("ForceHTMLMIMEType")))
184         wkSetCFURLResponseMIMEType(cfResponse, CFSTR("text/html"));
185 #else
186     if (!CFURLResponseGetMIMEType(cfResponse)) {
187         // We should never be applying the default MIMEType if we told the networking layer to do content sniffing for handle.
188         ASSERT(!handle->shouldContentSniff());
189         setDefaultMIMEType(cfResponse);
190     }
191 #endif
192     
193     handle->client()->didReceiveResponse(handle, cfResponse);
194 }
195
196 #if USE(NETWORK_CFDATA_ARRAY_CALLBACK)
197 static void didReceiveDataArray(CFURLConnectionRef conn, CFArrayRef dataArray, const void* clientInfo)
198 {
199 #if LOG_DISABLED
200     UNUSED_PARAM(conn);
201 #endif
202     ResourceHandle* handle = static_cast<ResourceHandle*>(const_cast<void*>(clientInfo));
203     if (!handle->client())
204         return;
205
206     LOG(Network, "CFNet - didReceiveDataArray(conn=%p, handle=%p, arrayLength=%ld) (%s)", conn, handle, CFArrayGetCount(dataArray), handle->firstRequest().url().string().utf8().data());
207
208     handle->handleDataArray(dataArray);
209 }
210 #endif
211
212 static void didReceiveData(CFURLConnectionRef conn, CFDataRef data, CFIndex originalLength, const void* clientInfo)
213 {
214 #if LOG_DISABLED
215     UNUSED_PARAM(conn);
216 #endif
217     ResourceHandle* handle = static_cast<ResourceHandle*>(const_cast<void*>(clientInfo));
218     const UInt8* bytes = CFDataGetBytePtr(data);
219     CFIndex length = CFDataGetLength(data);
220
221     LOG(Network, "CFNet - didReceiveData(conn=%p, handle=%p, bytes=%ld) (%s)", conn, handle, length, handle->firstRequest().url().string().utf8().data());
222
223     if (handle->client())
224         handle->client()->didReceiveData(handle, (const char*)bytes, length, originalLength);
225 }
226
227 static void didSendBodyData(CFURLConnectionRef, CFIndex, CFIndex totalBytesWritten, CFIndex totalBytesExpectedToWrite, const void *clientInfo)
228 {
229     ResourceHandle* handle = static_cast<ResourceHandle*>(const_cast<void*>(clientInfo));
230     if (!handle || !handle->client())
231         return;
232     handle->client()->didSendData(handle, totalBytesWritten, totalBytesExpectedToWrite);
233 }
234
235 static Boolean shouldUseCredentialStorageCallback(CFURLConnectionRef conn, const void* clientInfo)
236 {
237 #if LOG_DISABLED
238     UNUSED_PARAM(conn);
239 #endif
240     ResourceHandle* handle = const_cast<ResourceHandle*>(static_cast<const ResourceHandle*>(clientInfo));
241
242     LOG(Network, "CFNet - shouldUseCredentialStorage(conn=%p, handle=%p) (%s)", conn, handle, handle->firstRequest().url().string().utf8().data());
243
244     if (!handle)
245         return false;
246
247     return handle->shouldUseCredentialStorage();
248 }
249
250 static void didFinishLoading(CFURLConnectionRef conn, const void* clientInfo)
251 {
252 #if LOG_DISABLED
253     UNUSED_PARAM(conn);
254 #endif
255     ResourceHandle* handle = static_cast<ResourceHandle*>(const_cast<void*>(clientInfo));
256
257     LOG(Network, "CFNet - didFinishLoading(conn=%p, handle=%p) (%s)", conn, handle, handle->firstRequest().url().string().utf8().data());
258
259     if (handle->client())
260         handle->client()->didFinishLoading(handle, 0);
261 }
262
263 static void didFail(CFURLConnectionRef conn, CFErrorRef error, const void* clientInfo)
264 {
265 #if LOG_DISABLED
266     UNUSED_PARAM(conn);
267 #endif
268     ResourceHandle* handle = static_cast<ResourceHandle*>(const_cast<void*>(clientInfo));
269
270     LOG(Network, "CFNet - didFail(conn=%p, handle=%p, error = %p) (%s)", conn, handle, error, handle->firstRequest().url().string().utf8().data());
271
272     if (handle->client())
273         handle->client()->didFail(handle, ResourceError(error));
274 }
275
276 static CFCachedURLResponseRef willCacheResponse(CFURLConnectionRef, CFCachedURLResponseRef cachedResponse, const void* clientInfo)
277 {
278     ResourceHandle* handle = static_cast<ResourceHandle*>(const_cast<void*>(clientInfo));
279     CFURLResponseRef wrappedResponse = CFCachedURLResponseGetWrappedResponse(cachedResponse);
280
281     // Workaround for <rdar://problem/6300990> Caching does not respect Vary HTTP header.
282     // FIXME: WebCore cache has issues with Vary, too (bug 58797, bug 71509).
283     if (CFHTTPMessageRef httpResponse = CFURLResponseGetHTTPResponse(wrappedResponse)) {
284         ASSERT(CFHTTPMessageIsHeaderComplete(httpResponse));
285         RetainPtr<CFStringRef> varyValue = adoptCF(CFHTTPMessageCopyHeaderFieldValue(httpResponse, CFSTR("Vary")));
286         if (varyValue)
287             return 0;
288     }
289
290 #if PLATFORM(WIN)
291     if (handle->client() && !handle->client()->shouldCacheResponse(handle, cachedResponse))
292         return 0;
293 #else
294     CFCachedURLResponseRef newResponse = handle->client()->willCacheResponse(handle, cachedResponse);
295     if (newResponse != cachedResponse)
296         return newResponse;
297 #endif
298
299     CFRetain(cachedResponse);
300
301     return cachedResponse;
302 }
303
304 static void didReceiveChallenge(CFURLConnectionRef conn, CFURLAuthChallengeRef challenge, const void* clientInfo)
305 {
306 #if LOG_DISABLED
307     UNUSED_PARAM(conn);
308 #endif
309     ResourceHandle* handle = static_cast<ResourceHandle*>(const_cast<void*>(clientInfo));
310     ASSERT(handle);
311     LOG(Network, "CFNet - didReceiveChallenge(conn=%p, handle=%p (%s)", conn, handle, handle->firstRequest().url().string().utf8().data());
312
313     handle->didReceiveAuthenticationChallenge(AuthenticationChallenge(challenge, handle));
314 }
315
316 #if USE(PROTECTION_SPACE_AUTH_CALLBACK)
317 static Boolean canRespondToProtectionSpace(CFURLConnectionRef conn, CFURLProtectionSpaceRef protectionSpace, const void* clientInfo)
318 {
319 #if LOG_DISABLED
320     UNUSED_PARAM(conn);
321 #endif
322     ResourceHandle* handle = static_cast<ResourceHandle*>(const_cast<void*>(clientInfo));
323     ASSERT(handle);
324
325     LOG(Network, "CFNet - canRespondToProtectionSpace(conn=%p, handle=%p (%s)", conn, handle, handle->firstRequest().url().string().utf8().data());
326
327     return handle->canAuthenticateAgainstProtectionSpace(core(protectionSpace));
328 }
329 #endif
330
331 ResourceHandleInternal::~ResourceHandleInternal()
332 {
333     if (m_connection) {
334         LOG(Network, "CFNet - Cancelling connection %p (%s)", m_connection.get(), m_firstRequest.url().string().utf8().data());
335         CFURLConnectionCancel(m_connection.get());
336     }
337 }
338
339 ResourceHandle::~ResourceHandle()
340 {
341     LOG(Network, "CFNet - Destroying job %p (%s)", this, d->m_firstRequest.url().string().utf8().data());
342 }
343
344 void ResourceHandle::createCFURLConnection(bool shouldUseCredentialStorage, bool shouldContentSniff)
345 {
346     if ((!d->m_user.isEmpty() || !d->m_pass.isEmpty()) && !firstRequest().url().protocolIsInHTTPFamily()) {
347         // Credentials for ftp can only be passed in URL, the didReceiveAuthenticationChallenge delegate call won't be made.
348         KURL urlWithCredentials(firstRequest().url());
349         urlWithCredentials.setUser(d->m_user);
350         urlWithCredentials.setPass(d->m_pass);
351         firstRequest().setURL(urlWithCredentials);
352     }
353
354     // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication,
355     // try and reuse the credential preemptively, as allowed by RFC 2617.
356     if (shouldUseCredentialStorage && firstRequest().url().protocolIsInHTTPFamily()) {
357         if (d->m_user.isEmpty() && d->m_pass.isEmpty()) {
358             // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, 
359             // try and reuse the credential preemptively, as allowed by RFC 2617.
360             d->m_initialCredential = CredentialStorage::get(firstRequest().url());
361         } else {
362             // If there is already a protection space known for the URL, update stored credentials before sending a request.
363             // This makes it possible to implement logout by sending an XMLHttpRequest with known incorrect credentials, and aborting it immediately
364             // (so that an authentication dialog doesn't pop up).
365             CredentialStorage::set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url());
366         }
367     }
368         
369     if (!d->m_initialCredential.isEmpty()) {
370         // FIXME: Support Digest authentication, and Proxy-Authorization.
371         applyBasicAuthorizationHeader(firstRequest(), d->m_initialCredential);
372     }
373
374     RetainPtr<CFMutableURLRequestRef> request = adoptCF(CFURLRequestCreateMutableCopy(kCFAllocatorDefault, firstRequest().cfURLRequest(UpdateHTTPBody)));
375     wkSetRequestStorageSession(d->m_storageSession.get(), request.get());
376     
377     if (!shouldContentSniff)
378         wkSetCFURLRequestShouldContentSniff(request.get(), false);
379
380     RetainPtr<CFMutableDictionaryRef> sslProps;
381
382     if (allowsAnyHTTPSCertificateHosts().contains(firstRequest().url().host().lower())) {
383         sslProps.adoptCF(CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks));
384         CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsAnyRoot, kCFBooleanTrue);
385         CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsExpiredRoots, kCFBooleanTrue);
386         CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsExpiredCertificates, kCFBooleanTrue);
387         CFDictionaryAddValue(sslProps.get(), kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse);
388     }
389
390     HashMap<String, RetainPtr<CFDataRef> >::iterator clientCert = clientCerts().find(firstRequest().url().host().lower());
391     if (clientCert != clientCerts().end()) {
392         if (!sslProps)
393             sslProps.adoptCF(CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks));
394 #if PLATFORM(WIN)
395         wkSetClientCertificateInSSLProperties(sslProps.get(), (clientCert->value).get());
396 #endif
397     }
398
399     if (sslProps)
400         CFURLRequestSetSSLProperties(request.get(), sslProps.get());
401
402 #if PLATFORM(WIN)
403     if (CFHTTPCookieStorageRef cookieStorage = overridenCookieStorage()) {
404         // Overridden cookie storage doesn't come from a session, so the request does not have it yet.
405         CFURLRequestSetHTTPCookieStorage(request.get(), cookieStorage);
406     }
407 #endif
408
409     CFURLConnectionClient_V6 client = { 6, this, 0, 0, 0, WebCore::willSendRequest, didReceiveResponse, didReceiveData, 0, didFinishLoading, didFail, willCacheResponse, didReceiveChallenge, didSendBodyData, shouldUseCredentialStorageCallback, 0,
410 #if USE(PROTECTION_SPACE_AUTH_CALLBACK)
411         canRespondToProtectionSpace,
412 #else
413         0,
414 #endif
415         0,
416 #if USE(NETWORK_CFDATA_ARRAY_CALLBACK)
417         didReceiveDataArray
418 #else 
419         0
420 #endif
421     };
422
423     CFMutableDictionaryRef streamProperties  = CFDictionaryCreateMutable(0, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
424     if (!shouldUseCredentialStorage)
425         CFDictionarySetValue(streamProperties, CFSTR("_kCFURLConnectionSessionID"), CFSTR("WebKitPrivateSession"));
426
427 #if PLATFORM(IOS) || (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1090)
428     RetainPtr<CFDataRef> sourceApplicationAuditData = d->m_context->sourceApplicationAuditData();
429     if (sourceApplicationAuditData)
430         CFDictionarySetValue(streamProperties, CFSTR("kCFStreamPropertySourceApplication"), sourceApplicationAuditData.get());
431 #endif
432
433     static const CFStringRef kCFURLConnectionSocketStreamProperties = CFSTR("kCFURLConnectionSocketStreamProperties");
434     RetainPtr<CFDictionaryRef> propertiesDictionary = adoptCF(CFDictionaryCreate(0, (const void**)&kCFURLConnectionSocketStreamProperties, (const void**)&streamProperties, 1, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks));
435     CFRelease(streamProperties);
436
437     d->m_connection.adoptCF(CFURLConnectionCreateWithProperties(0, request.get(), reinterpret_cast<CFURLConnectionClient*>(&client), propertiesDictionary.get()));
438 }
439
440 bool ResourceHandle::start()
441 {
442     if (!d->m_context)
443         return false;
444
445     // If NetworkingContext is invalid then we are no longer attached to a Page,
446     // this must be an attempted load from an unload handler, so let's just block it.
447     if (!d->m_context->isValid())
448         return false;
449
450     d->m_storageSession = d->m_context->storageSession().platformSession();
451
452     bool shouldUseCredentialStorage = !client() || client()->shouldUseCredentialStorage(this);
453
454     createCFURLConnection(shouldUseCredentialStorage, d->m_shouldContentSniff);
455
456 #if PLATFORM(WIN)
457     CFURLConnectionScheduleWithCurrentMessageQueue(d->m_connection.get());
458 #else
459     CFURLConnectionScheduleWithRunLoop(d->m_connection.get(), CFRunLoopGetCurrent(), kCFRunLoopDefaultMode);
460 #endif
461     CFURLConnectionScheduleDownloadWithRunLoop(d->m_connection.get(), loaderRunLoop(), kCFRunLoopDefaultMode);
462     CFURLConnectionStart(d->m_connection.get());
463
464     LOG(Network, "CFNet - Starting URL %s (handle=%p, conn=%p)", firstRequest().url().string().utf8().data(), this, d->m_connection.get());
465
466     return true;
467 }
468
469 void ResourceHandle::cancel()
470 {
471     if (d->m_connection) {
472         CFURLConnectionCancel(d->m_connection.get());
473         d->m_connection = 0;
474     }
475 }
476
477 void ResourceHandle::willSendRequest(ResourceRequest& request, const ResourceResponse& redirectResponse)
478 {
479     const KURL& url = request.url();
480     d->m_user = url.user();
481     d->m_pass = url.pass();
482     d->m_lastHTTPMethod = request.httpMethod();
483     request.removeCredentials();
484
485     if (!protocolHostAndPortAreEqual(request.url(), redirectResponse.url())) {
486         // If the network layer carries over authentication headers from the original request
487         // in a cross-origin redirect, we want to clear those headers here.
488         request.clearHTTPAuthorization();
489     } else {
490         // Only consider applying authentication credentials if this is actually a redirect and the redirect
491         // URL didn't include credentials of its own.
492         if (d->m_user.isEmpty() && d->m_pass.isEmpty() && !redirectResponse.isNull()) {
493             Credential credential = CredentialStorage::get(request.url());
494             if (!credential.isEmpty()) {
495                 d->m_initialCredential = credential;
496                 
497                 // FIXME: Support Digest authentication, and Proxy-Authorization.
498                 applyBasicAuthorizationHeader(request, d->m_initialCredential);
499             }
500         }
501     }
502
503     RefPtr<ResourceHandle> protect(this);
504     client()->willSendRequest(this, request, redirectResponse);
505
506     // Client call may not preserve the session, especially if the request is sent over IPC.
507     if (!request.isNull())
508         request.setStorageSession(d->m_storageSession.get());
509 }
510
511 bool ResourceHandle::shouldUseCredentialStorage()
512 {
513     LOG(Network, "CFNet - shouldUseCredentialStorage()");
514     if (client())
515         return client()->shouldUseCredentialStorage(this);
516
517     return false;
518 }
519
520 void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
521 {
522     LOG(Network, "CFNet - didReceiveAuthenticationChallenge()");
523     ASSERT(d->m_currentWebChallenge.isNull());
524     // Since CFURLConnection networking relies on keeping a reference to the original CFURLAuthChallengeRef,
525     // we make sure that is actually present
526     ASSERT(challenge.cfURLAuthChallengeRef());
527     ASSERT(challenge.authenticationClient() == this); // Should be already set.
528
529 #if !PLATFORM(WIN)
530     // Proxy authentication is handled by CFNetwork internally. We can get here if the user cancels
531     // CFNetwork authentication dialog, and we shouldn't ask the client to display another one in that case.
532     if (challenge.protectionSpace().isProxy()) {
533         // Cannot use receivedRequestToContinueWithoutCredential(), because current challenge is not yet set.
534         CFURLConnectionUseCredential(d->m_connection.get(), 0, challenge.cfURLAuthChallengeRef());
535         return;
536     }
537 #endif
538
539     if (!d->m_user.isNull() && !d->m_pass.isNull()) {
540         RetainPtr<CFURLCredentialRef> credential = adoptCF(CFURLCredentialCreate(kCFAllocatorDefault, d->m_user.createCFString().get(), d->m_pass.createCFString().get(), 0, kCFURLCredentialPersistenceNone));
541         
542         KURL urlToStore;
543         if (challenge.failureResponse().httpStatusCode() == 401)
544             urlToStore = challenge.failureResponse().url();
545         CredentialStorage::set(core(credential.get()), challenge.protectionSpace(), urlToStore);
546         
547         CFURLConnectionUseCredential(d->m_connection.get(), credential.get(), challenge.cfURLAuthChallengeRef());
548         d->m_user = String();
549         d->m_pass = String();
550         // FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly.
551         return;
552     }
553
554     if (!client() || client()->shouldUseCredentialStorage(this)) {
555         if (!d->m_initialCredential.isEmpty() || challenge.previousFailureCount()) {
556             // The stored credential wasn't accepted, stop using it.
557             // There is a race condition here, since a different credential might have already been stored by another ResourceHandle,
558             // but the observable effect should be very minor, if any.
559             CredentialStorage::remove(challenge.protectionSpace());
560         }
561
562         if (!challenge.previousFailureCount()) {
563             Credential credential = CredentialStorage::get(challenge.protectionSpace());
564             if (!credential.isEmpty() && credential != d->m_initialCredential) {
565                 ASSERT(credential.persistence() == CredentialPersistenceNone);
566                 if (challenge.failureResponse().httpStatusCode() == 401) {
567                     // Store the credential back, possibly adding it as a default for this directory.
568                     CredentialStorage::set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
569                 }
570                 RetainPtr<CFURLCredentialRef> cfCredential(AdoptCF, createCF(credential));
571                 CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef());
572                 return;
573             }
574         }
575     }
576
577     d->m_currentWebChallenge = challenge;
578     
579     if (client())
580         client()->didReceiveAuthenticationChallenge(this, d->m_currentWebChallenge);
581 }
582
583 #if USE(PROTECTION_SPACE_AUTH_CALLBACK)
584 bool ResourceHandle::canAuthenticateAgainstProtectionSpace(const ProtectionSpace& protectionSpace)
585 {
586     if (client())
587         return client()->canAuthenticateAgainstProtectionSpace(this, protectionSpace);
588
589     return false;
590 }
591 #endif
592
593 void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge, const Credential& credential)
594 {
595     LOG(Network, "CFNet - receivedCredential()");
596     ASSERT(!challenge.isNull());
597     ASSERT(challenge.cfURLAuthChallengeRef());
598     if (challenge != d->m_currentWebChallenge)
599         return;
600
601     // FIXME: Support empty credentials. Currently, an empty credential cannot be stored in WebCore credential storage, as that's empty value for its map.
602     if (credential.isEmpty()) {
603         receivedRequestToContinueWithoutCredential(challenge);
604         return;
605     }
606
607     if (credential.persistence() == CredentialPersistenceForSession) {
608         // Manage per-session credentials internally, because once NSURLCredentialPersistencePerSession is used, there is no way
609         // to ignore it for a particular request (short of removing it altogether).
610         Credential webCredential(credential.user(), credential.password(), CredentialPersistenceNone);
611         RetainPtr<CFURLCredentialRef> cfCredential(AdoptCF, createCF(webCredential));
612         
613         KURL urlToStore;
614         if (challenge.failureResponse().httpStatusCode() == 401)
615             urlToStore = challenge.failureResponse().url();      
616         CredentialStorage::set(webCredential, challenge.protectionSpace(), urlToStore);
617
618         CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef());
619     } else {
620         RetainPtr<CFURLCredentialRef> cfCredential(AdoptCF, createCF(credential));
621         CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef());
622     }
623
624     clearAuthentication();
625 }
626
627 void ResourceHandle::receivedRequestToContinueWithoutCredential(const AuthenticationChallenge& challenge)
628 {
629     LOG(Network, "CFNet - receivedRequestToContinueWithoutCredential()");
630     ASSERT(!challenge.isNull());
631     ASSERT(challenge.cfURLAuthChallengeRef());
632     if (challenge != d->m_currentWebChallenge)
633         return;
634
635     CFURLConnectionUseCredential(d->m_connection.get(), 0, challenge.cfURLAuthChallengeRef());
636
637     clearAuthentication();
638 }
639
640 void ResourceHandle::receivedCancellation(const AuthenticationChallenge& challenge)
641 {
642     LOG(Network, "CFNet - receivedCancellation()");
643     if (challenge != d->m_currentWebChallenge)
644         return;
645
646     if (client())
647         client()->receivedCancellation(this, challenge);
648 }
649
650 CFURLStorageSessionRef ResourceHandle::storageSession() const
651 {
652     return d->m_storageSession.get();
653 }
654
655 CFURLConnectionRef ResourceHandle::connection() const
656 {
657     return d->m_connection.get();
658 }
659
660 CFURLConnectionRef ResourceHandle::releaseConnectionForDownload()
661 {
662     LOG(Network, "CFNet - Job %p releasing connection %p for download", this, d->m_connection.get());
663     return d->m_connection.leakRef();
664 }
665
666 CFStringRef ResourceHandle::synchronousLoadRunLoopMode()
667 {
668     return CFSTR("WebCoreSynchronousLoaderRunLoopMode");
669 }
670
671 void ResourceHandle::platformLoadResourceSynchronously(NetworkingContext* context, const ResourceRequest& request, StoredCredentials storedCredentials, ResourceError& error, ResourceResponse& response, Vector<char>& data)
672 {
673     LOG(Network, "ResourceHandle::platformLoadResourceSynchronously:%s allowStoredCredentials:%u", request.url().string().utf8().data(), storedCredentials);
674
675     ASSERT(!request.isEmpty());
676
677     ASSERT(response.isNull());
678     ASSERT(error.isNull());
679
680     OwnPtr<SynchronousLoaderClient> client = SynchronousLoaderClient::create();
681     client->setAllowStoredCredentials(storedCredentials == AllowStoredCredentials);
682
683     RefPtr<ResourceHandle> handle = adoptRef(new ResourceHandle(context, request, client.get(), false /*defersLoading*/, true /*shouldContentSniff*/));
684
685     handle->d->m_storageSession = context->storageSession().platformSession();
686
687     if (handle->d->m_scheduledFailureType != NoFailure) {
688         error = context->blockedError(request);
689         return;
690     }
691
692     handle->createCFURLConnection(storedCredentials == AllowStoredCredentials, ResourceHandle::shouldContentSniffURL(request.url()));
693
694     CFURLConnectionScheduleWithRunLoop(handle->connection(), CFRunLoopGetCurrent(), synchronousLoadRunLoopMode());
695     CFURLConnectionScheduleDownloadWithRunLoop(handle->connection(), CFRunLoopGetCurrent(), synchronousLoadRunLoopMode());
696     CFURLConnectionStart(handle->connection());
697
698     while (!client->isDone())
699         CFRunLoopRunInMode(synchronousLoadRunLoopMode(), UINT_MAX, true);
700
701     error = client->error();
702
703     CFURLConnectionCancel(handle->connection());
704     
705     if (error.isNull())
706         response = client->response();
707     else {
708         response = ResourceResponse(request.url(), String(), 0, String(), String());
709         // FIXME: ResourceHandleMac also handles authentication errors by setting code to 401. CFNet version should probably do the same.
710         if (error.domain() == String(kCFErrorDomainCFNetwork))
711             response.setHTTPStatusCode(error.errorCode());
712         else
713             response.setHTTPStatusCode(404);
714     }
715
716     data.swap(client->mutableData());
717 }
718
719 void ResourceHandle::setHostAllowsAnyHTTPSCertificate(const String& host)
720 {
721     allowsAnyHTTPSCertificateHosts().add(host.lower());
722 }
723
724 void ResourceHandle::setClientCertificate(const String& host, CFDataRef cert)
725 {
726     clientCerts().set(host.lower(), cert);
727 }
728
729 void ResourceHandle::platformSetDefersLoading(bool defers)
730 {
731     if (!d->m_connection)
732         return;
733
734     if (defers)
735         CFURLConnectionHalt(d->m_connection.get());
736     else
737         CFURLConnectionResume(d->m_connection.get());
738 }
739
740 bool ResourceHandle::loadsBlocked()
741 {
742     return false;
743 }
744
745 #if PLATFORM(MAC)
746 void ResourceHandle::schedule(SchedulePair* pair)
747 {
748     CFRunLoopRef runLoop = pair->runLoop();
749     if (!runLoop)
750         return;
751
752     CFURLConnectionScheduleWithRunLoop(d->m_connection.get(), runLoop, pair->mode());
753     if (d->m_startWhenScheduled) {
754         CFURLConnectionStart(d->m_connection.get());
755         d->m_startWhenScheduled = false;
756     }
757 }
758
759 void ResourceHandle::unschedule(SchedulePair* pair)
760 {
761     CFRunLoopRef runLoop = pair->runLoop();
762     if (!runLoop)
763         return;
764
765     CFURLConnectionUnscheduleFromRunLoop(d->m_connection.get(), runLoop, pair->mode());
766 }
767 #endif
768
769 #endif // USE(CFNETWORK)
770
771 #if USE(NETWORK_CFDATA_ARRAY_CALLBACK)
772 void ResourceHandle::handleDataArray(CFArrayRef dataArray)
773 {
774     ASSERT(client());
775     if (client()->supportsDataArray()) {
776         client()->didReceiveDataArray(this, dataArray);
777         return;
778     }
779
780     CFIndex count = CFArrayGetCount(dataArray);
781     ASSERT(count);
782     if (count == 1) {
783         CFDataRef data = static_cast<CFDataRef>(CFArrayGetValueAtIndex(dataArray, 0));
784         CFIndex length = CFDataGetLength(data);
785         client()->didReceiveData(this, reinterpret_cast<const char*>(CFDataGetBytePtr(data)), length, static_cast<int>(length));
786         return;
787     }
788
789     CFIndex totalSize = 0;
790     CFIndex index;
791     for (index = 0; index < count; index++)
792         totalSize += CFDataGetLength(static_cast<CFDataRef>(CFArrayGetValueAtIndex(dataArray, index)));
793
794     RetainPtr<CFMutableDataRef> mergedData(AdoptCF, CFDataCreateMutable(kCFAllocatorDefault, totalSize));
795     for (index = 0; index < count; index++) {
796         CFDataRef data = static_cast<CFDataRef>(CFArrayGetValueAtIndex(dataArray, index));
797         CFDataAppendBytes(mergedData.get(), CFDataGetBytePtr(data), CFDataGetLength(data));
798     }
799
800     client()->didReceiveData(this, reinterpret_cast<const char*>(CFDataGetBytePtr(mergedData.get())), totalSize, static_cast<int>(totalSize));
801 }
802 #endif
803
804 } // namespace WebCore