Build fix after r194156.
[WebKit-https.git] / Source / WebCore / platform / network / mac / ResourceHandleMac.mm
1 /*
2  * Copyright (C) 2004, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #import "config.h"
27 #import "ResourceHandleInternal.h"
28
29 #import "AuthenticationChallenge.h"
30 #import "AuthenticationMac.h"
31 #import "BlockExceptions.h"
32 #import "CFNetworkSPI.h"
33 #import "CookieStorage.h"
34 #import "CredentialStorage.h"
35 #import "CachedResourceLoader.h"
36 #import "FormDataStreamMac.h"
37 #import "Frame.h"
38 #import "FrameLoader.h"
39 #import "HTTPHeaderNames.h"
40 #import "Logging.h"
41 #import "MIMETypeRegistry.h"
42 #import "NSURLConnectionSPI.h"
43 #import "NetworkingContext.h"
44 #import "Page.h"
45 #import "ResourceError.h"
46 #import "ResourceResponse.h"
47 #import "Settings.h"
48 #import "SharedBuffer.h"
49 #import "SubresourceLoader.h"
50 #import "WebCoreResourceHandleAsDelegate.h"
51 #import "WebCoreResourceHandleAsOperationQueueDelegate.h"
52 #import "SynchronousLoaderClient.h"
53 #import "WebCoreSystemInterface.h"
54 #import "WebCoreURLResponse.h"
55 #import <wtf/Ref.h>
56 #import <wtf/SchedulePair.h>
57 #import <wtf/text/Base64.h>
58 #import <wtf/text/CString.h>
59
60 #if USE(CFNETWORK)
61 #if __has_include(<CFNetwork/CFURLConnectionPriv.h>)
62 #import <CFNetwork/CFURLConnectionPriv.h>
63 #endif
64 typedef struct _CFURLConnection* CFURLConnectionRef;
65 extern "C" {
66 CFDictionaryRef _CFURLConnectionCopyTimingData(CFURLConnectionRef);
67 }
68 #endif // USE(CFNETWORK)
69
70 #if PLATFORM(IOS)
71 #import "CFNetworkSPI.h"
72 #import "RuntimeApplicationChecksIOS.h"
73 #import "WebCoreThreadRun.h"
74
75 @interface NSURLRequest ()
76 - (CFURLRequestRef) _CFURLRequest;
77 @end
78 #endif
79
80 #if USE(QUICK_LOOK)
81 #import "QuickLook.h"
82 #endif
83
84 using namespace WebCore;
85
86 @interface NSURLConnection ()
87 -(id)_initWithRequest:(NSURLRequest *)request delegate:(id)delegate usesCache:(BOOL)usesCacheFlag maxContentLength:(long long)maxContentLength startImmediately:(BOOL)startImmediately connectionProperties:(NSDictionary *)connectionProperties;
88 @end
89
90 namespace WebCore {
91     
92 #if !USE(CFNETWORK)
93     
94 static void applyBasicAuthorizationHeader(ResourceRequest& request, const Credential& credential)
95 {
96     String authenticationHeader = "Basic " + base64Encode(String(credential.user() + ":" + credential.password()).utf8());
97
98     request.setHTTPHeaderField(HTTPHeaderName::Authorization, authenticationHeader);
99 }
100
101 static NSOperationQueue *operationQueueForAsyncClients()
102 {
103     static NSOperationQueue *queue;
104     if (!queue) {
105         queue = [[NSOperationQueue alloc] init];
106         // Default concurrent operation count depends on current system workload, but delegate methods are mostly idling in IPC, so we can run as many as needed.
107         [queue setMaxConcurrentOperationCount:NSOperationQueueDefaultMaxConcurrentOperationCount];
108     }
109     return queue;
110 }
111
112 ResourceHandleInternal::~ResourceHandleInternal()
113 {
114 }
115
116 ResourceHandle::~ResourceHandle()
117 {
118     releaseDelegate();
119     d->m_currentWebChallenge.setAuthenticationClient(0);
120
121     LOG(Network, "Handle %p destroyed", this);
122 }
123
124 #if PLATFORM(IOS)
125 static bool synchronousWillSendRequestEnabled()
126 {
127     static bool disabled = [[NSUserDefaults standardUserDefaults] boolForKey:@"WebKitDisableSynchronousWillSendRequestPreferenceKey"];
128     return !disabled;
129 }
130 #endif
131
132 #if !PLATFORM(IOS)
133 void ResourceHandle::createNSURLConnection(id delegate, bool shouldUseCredentialStorage, bool shouldContentSniff, SchedulingBehavior schedulingBehavior)
134 #else
135 void ResourceHandle::createNSURLConnection(id delegate, bool shouldUseCredentialStorage, bool shouldContentSniff, SchedulingBehavior schedulingBehavior, NSDictionary *connectionProperties)
136 #endif
137 {
138 #if ENABLE(WEB_TIMING) && !HAVE(TIMINGDATAOPTIONS)
139     setCollectsTimingData();
140 #endif
141
142     // Credentials for ftp can only be passed in URL, the connection:didReceiveAuthenticationChallenge: delegate call won't be made.
143     if ((!d->m_user.isEmpty() || !d->m_pass.isEmpty()) && !firstRequest().url().protocolIsInHTTPFamily()) {
144         URL urlWithCredentials(firstRequest().url());
145         urlWithCredentials.setUser(d->m_user);
146         urlWithCredentials.setPass(d->m_pass);
147         firstRequest().setURL(urlWithCredentials);
148     }
149
150     if (shouldUseCredentialStorage && firstRequest().url().protocolIsInHTTPFamily()) {
151         if (d->m_user.isEmpty() && d->m_pass.isEmpty()) {
152             // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, 
153             // try and reuse the credential preemptively, as allowed by RFC 2617.
154             d->m_initialCredential = d->m_context->storageSession().credentialStorage().get(firstRequest().url());
155         } else {
156             // If there is already a protection space known for the URL, update stored credentials before sending a request.
157             // This makes it possible to implement logout by sending an XMLHttpRequest with known incorrect credentials, and aborting it immediately
158             // (so that an authentication dialog doesn't pop up).
159             d->m_context->storageSession().credentialStorage().set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url());
160         }
161     }
162         
163     if (!d->m_initialCredential.isEmpty()) {
164         // FIXME: Support Digest authentication, and Proxy-Authorization.
165         applyBasicAuthorizationHeader(firstRequest(), d->m_initialCredential);
166     }
167
168     NSURLRequest *nsRequest = firstRequest().nsURLRequest(UpdateHTTPBody);
169     if (!shouldContentSniff) {
170         NSMutableURLRequest *mutableRequest = [[nsRequest mutableCopy] autorelease];
171         wkSetNSURLRequestShouldContentSniff(mutableRequest, NO);
172         nsRequest = mutableRequest;
173     }
174
175     if (d->m_storageSession)
176         nsRequest = [wkCopyRequestWithStorageSession(d->m_storageSession.get(), nsRequest) autorelease];
177
178     ASSERT([NSURLConnection instancesRespondToSelector:@selector(_initWithRequest:delegate:usesCache:maxContentLength:startImmediately:connectionProperties:)]);
179
180 #if PLATFORM(IOS)
181     // FIXME: This code is different from iOS code in ResourceHandleCFNet.cpp in that here we respect stream properties that were present in client properties.
182     NSDictionary *streamPropertiesFromClient = [connectionProperties objectForKey:@"kCFURLConnectionSocketStreamProperties"];
183     NSMutableDictionary *streamProperties = streamPropertiesFromClient ? [[streamPropertiesFromClient mutableCopy] autorelease] : [NSMutableDictionary dictionary];
184 #else
185     NSMutableDictionary *streamProperties = [NSMutableDictionary dictionary];
186 #endif
187
188     if (!shouldUseCredentialStorage) {
189         // Avoid using existing connections, because they may be already authenticated.
190         [streamProperties setObject:@"WebKitPrivateSession" forKey:@"_kCFURLConnectionSessionID"];
191     }
192
193     if (schedulingBehavior == SchedulingBehavior::Synchronous) {
194         // Synchronous requests should not be subject to regular connection count limit to avoid deadlocks.
195         // If we are using all available connections for async requests, and make a sync request, then prior
196         // requests may get stuck waiting for delegate calls while we are in nested run loop, and the sync
197         // request won't start because there are no available connections.
198         // Connections are grouped by their socket stream properties, with each group having a separate count.
199         [streamProperties setObject:@TRUE forKey:@"_WebKitSynchronousRequest"];
200     }
201
202     RetainPtr<CFDataRef> sourceApplicationAuditData = d->m_context->sourceApplicationAuditData();
203     if (sourceApplicationAuditData)
204         [streamProperties setObject:(NSData *)sourceApplicationAuditData.get() forKey:@"kCFStreamPropertySourceApplication"];
205
206 #if PLATFORM(IOS)
207     NSMutableDictionary *propertyDictionary = [NSMutableDictionary dictionaryWithDictionary:connectionProperties];
208     [propertyDictionary setObject:streamProperties forKey:@"kCFURLConnectionSocketStreamProperties"];
209     const bool usesCache = false;
210     if (synchronousWillSendRequestEnabled())
211         CFURLRequestSetShouldStartSynchronously([nsRequest _CFURLRequest], 1);
212 #else
213     NSMutableDictionary *propertyDictionary = [NSMutableDictionary dictionaryWithObject:streamProperties forKey:@"kCFURLConnectionSocketStreamProperties"];
214     const bool usesCache = true;
215 #endif
216 #if HAVE(TIMINGDATAOPTIONS)
217     [propertyDictionary setObject:@{@"_kCFURLConnectionPropertyTimingDataOptions": @(_TimingDataOptionsEnableW3CNavigationTiming)} forKey:@"kCFURLConnectionURLConnectionProperties"];
218 #endif
219     d->m_connection = adoptNS([[NSURLConnection alloc] _initWithRequest:nsRequest delegate:delegate usesCache:usesCache maxContentLength:0 startImmediately:NO connectionProperties:propertyDictionary]);
220 }
221
222 bool ResourceHandle::start()
223 {
224     if (!d->m_context)
225         return false;
226
227     BEGIN_BLOCK_OBJC_EXCEPTIONS;
228
229     // If NetworkingContext is invalid then we are no longer attached to a Page,
230     // this must be an attempted load from an unload event handler, so let's just block it.
231     if (!d->m_context->isValid())
232         return false;
233
234     d->m_storageSession = d->m_context->storageSession().platformSession();
235
236     // FIXME: Do not use the sync version of shouldUseCredentialStorage when the client returns true from usesAsyncCallbacks.
237     bool shouldUseCredentialStorage = !client() || client()->shouldUseCredentialStorage(this);
238
239     SchedulingBehavior schedulingBehavior = client() && client()->loadingSynchronousXHR() ? SchedulingBehavior::Synchronous : SchedulingBehavior::Asynchronous;
240
241 #if !PLATFORM(IOS)
242     createNSURLConnection(
243         ResourceHandle::makeDelegate(shouldUseCredentialStorage),
244         shouldUseCredentialStorage,
245         d->m_shouldContentSniff || d->m_context->localFileContentSniffingEnabled(),
246         schedulingBehavior);
247 #else
248     createNSURLConnection(
249         ResourceHandle::makeDelegate(shouldUseCredentialStorage),
250         shouldUseCredentialStorage,
251         d->m_shouldContentSniff || d->m_context->localFileContentSniffingEnabled(),
252         schedulingBehavior,
253         (NSDictionary *)client()->connectionProperties(this).get());
254 #endif
255
256     bool scheduled = false;
257     if (SchedulePairHashSet* scheduledPairs = d->m_context->scheduledRunLoopPairs()) {
258         SchedulePairHashSet::iterator end = scheduledPairs->end();
259         for (SchedulePairHashSet::iterator it = scheduledPairs->begin(); it != end; ++it) {
260             if (NSRunLoop *runLoop = (*it)->nsRunLoop()) {
261                 [connection() scheduleInRunLoop:runLoop forMode:(NSString *)(*it)->mode()];
262                 scheduled = true;
263             }
264         }
265     }
266
267     if (d->m_usesAsyncCallbacks) {
268         ASSERT(!scheduled);
269         [connection() setDelegateQueue:operationQueueForAsyncClients()];
270         scheduled = true;
271     }
272 #if PLATFORM(IOS)
273     else {
274         [connection() scheduleInRunLoop:WebThreadNSRunLoop() forMode:NSDefaultRunLoopMode];
275         scheduled = true;
276     }
277 #endif
278
279     // Start the connection if we did schedule with at least one runloop.
280     // We can't start the connection until we have one runloop scheduled.
281     if (scheduled)
282         [connection() start];
283     else
284         d->m_startWhenScheduled = true;
285
286     LOG(Network, "Handle %p starting connection %p for %@", this, connection(), firstRequest().nsURLRequest(DoNotUpdateHTTPBody));
287     
288     if (d->m_connection) {
289         if (d->m_defersLoading)
290             connection().defersCallbacks = YES;
291
292         return true;
293     }
294
295     END_BLOCK_OBJC_EXCEPTIONS;
296
297     return false;
298 }
299
300 void ResourceHandle::cancel()
301 {
302     LOG(Network, "Handle %p cancel connection %p", this, d->m_connection.get());
303
304     // Leaks were seen on HTTP tests without this; can be removed once <rdar://problem/6886937> is fixed.
305     if (d->m_currentMacChallenge)
306         [[d->m_currentMacChallenge sender] cancelAuthenticationChallenge:d->m_currentMacChallenge];
307
308     [d->m_connection.get() cancel];
309 }
310
311 void ResourceHandle::platformSetDefersLoading(bool defers)
312 {
313     if (d->m_connection)
314         [d->m_connection setDefersCallbacks:defers];
315 }
316
317 #if PLATFORM(MAC)
318
319 void ResourceHandle::schedule(SchedulePair& pair)
320 {
321     NSRunLoop *runLoop = pair.nsRunLoop();
322     if (!runLoop)
323         return;
324     [d->m_connection.get() scheduleInRunLoop:runLoop forMode:(NSString *)pair.mode()];
325     if (d->m_startWhenScheduled) {
326         [d->m_connection.get() start];
327         d->m_startWhenScheduled = false;
328     }
329 }
330
331 void ResourceHandle::unschedule(SchedulePair& pair)
332 {
333     if (NSRunLoop *runLoop = pair.nsRunLoop())
334         [d->m_connection.get() unscheduleFromRunLoop:runLoop forMode:(NSString *)pair.mode()];
335 }
336
337 #endif
338
339 id ResourceHandle::makeDelegate(bool shouldUseCredentialStorage)
340 {
341     ASSERT(!d->m_delegate);
342
343     id <NSURLConnectionDelegate> delegate;
344     if (d->m_usesAsyncCallbacks) {
345         if (shouldUseCredentialStorage)
346             delegate = [[WebCoreResourceHandleAsOperationQueueDelegate alloc] initWithHandle:this];
347         else
348             delegate = [[WebCoreResourceHandleWithCredentialStorageAsOperationQueueDelegate alloc] initWithHandle:this];
349     } else
350         delegate = [[WebCoreResourceHandleAsDelegate alloc] initWithHandle:this];
351
352     d->m_delegate = delegate;
353     [delegate release];
354
355     return d->m_delegate.get();
356 }
357
358 id ResourceHandle::delegate()
359 {
360     if (!d->m_delegate)
361         return makeDelegate(false);
362     return d->m_delegate.get();
363 }
364
365 void ResourceHandle::releaseDelegate()
366 {
367     if (!d->m_delegate)
368         return;
369     [d->m_delegate.get() detachHandle];
370     d->m_delegate = nil;
371 }
372
373 NSURLConnection *ResourceHandle::connection() const
374 {
375     return d->m_connection.get();
376 }
377     
378 CFStringRef ResourceHandle::synchronousLoadRunLoopMode()
379 {
380     return CFSTR("WebCoreSynchronousLoaderRunLoopMode");
381 }
382
383 void ResourceHandle::platformLoadResourceSynchronously(NetworkingContext* context, const ResourceRequest& request, StoredCredentials storedCredentials, ResourceError& error, ResourceResponse& response, Vector<char>& data)
384 {
385     LOG(Network, "ResourceHandle::platformLoadResourceSynchronously:%@ allowStoredCredentials:%u", request.nsURLRequest(DoNotUpdateHTTPBody), storedCredentials);
386
387     ASSERT(!request.isEmpty());
388     
389     SynchronousLoaderClient client;
390     client.setAllowStoredCredentials(storedCredentials == AllowStoredCredentials);
391
392     RefPtr<ResourceHandle> handle = adoptRef(new ResourceHandle(context, request, &client, false /*defersLoading*/, true /*shouldContentSniff*/));
393
394     handle->d->m_storageSession = context->storageSession().platformSession();
395
396     if (context && handle->d->m_scheduledFailureType != NoFailure) {
397         error = context->blockedError(request);
398         return;
399     }
400
401     bool shouldUseCredentialStorage = storedCredentials == AllowStoredCredentials;
402 #if !PLATFORM(IOS)
403     handle->createNSURLConnection(
404         handle->makeDelegate(shouldUseCredentialStorage),
405         shouldUseCredentialStorage,
406         handle->shouldContentSniff() || context->localFileContentSniffingEnabled(),
407         SchedulingBehavior::Synchronous);
408 #else
409     handle->createNSURLConnection(
410         handle->makeDelegate(shouldUseCredentialStorage), // A synchronous request cannot turn into a download, so there is no need to proxy the delegate.
411         shouldUseCredentialStorage,
412         handle->shouldContentSniff() || (context && context->localFileContentSniffingEnabled()),
413         SchedulingBehavior::Synchronous,
414         (NSDictionary *)handle->client()->connectionProperties(handle.get()).get());
415 #endif
416
417     [handle->connection() scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:(NSString *)synchronousLoadRunLoopMode()];
418     [handle->connection() start];
419     
420     while (!client.isDone())
421         [[NSRunLoop currentRunLoop] runMode:(NSString *)synchronousLoadRunLoopMode() beforeDate:[NSDate distantFuture]];
422
423     error = client.error();
424     
425     [handle->connection() cancel];
426
427     if (error.isNull())
428         response = client.response();
429
430     data.swap(client.mutableData());
431 }
432
433 void ResourceHandle::willSendRequest(ResourceRequest& request, const ResourceResponse& redirectResponse)
434 {
435     ASSERT(!redirectResponse.isNull());
436
437     if (redirectResponse.httpStatusCode() == 307) {
438         String lastHTTPMethod = d->m_lastHTTPMethod;
439         if (!equalIgnoringCase(lastHTTPMethod, request.httpMethod())) {
440             request.setHTTPMethod(lastHTTPMethod);
441     
442             FormData* body = d->m_firstRequest.httpBody();
443             if (!equalIgnoringCase(lastHTTPMethod, "GET") && body && !body->isEmpty())
444                 request.setHTTPBody(body);
445
446             String originalContentType = d->m_firstRequest.httpContentType();
447             if (!originalContentType.isEmpty())
448                 request.setHTTPHeaderField(HTTPHeaderName::ContentType, originalContentType);
449         }
450     }
451
452     // Should not set Referer after a redirect from a secure resource to non-secure one.
453     if (!request.url().protocolIs("https") && protocolIs(request.httpReferrer(), "https") && d->m_context->shouldClearReferrerOnHTTPSToHTTPRedirect())
454         request.clearHTTPReferrer();
455
456     const URL& url = request.url();
457     d->m_user = url.user();
458     d->m_pass = url.pass();
459     d->m_lastHTTPMethod = request.httpMethod();
460     request.removeCredentials();
461
462     if (!protocolHostAndPortAreEqual(request.url(), redirectResponse.url())) {
463         // The network layer might carry over some headers from the original request that
464         // we want to strip here because the redirect is cross-origin.
465         request.clearHTTPAuthorization();
466         request.clearHTTPOrigin();
467     } else {
468         // Only consider applying authentication credentials if this is actually a redirect and the redirect
469         // URL didn't include credentials of its own.
470         if (d->m_user.isEmpty() && d->m_pass.isEmpty() && !redirectResponse.isNull()) {
471             Credential credential = d->m_context->storageSession().credentialStorage().get(request.url());
472             if (!credential.isEmpty()) {
473                 d->m_initialCredential = credential;
474                 
475                 // FIXME: Support Digest authentication, and Proxy-Authorization.
476                 applyBasicAuthorizationHeader(request, d->m_initialCredential);
477             }
478         }
479     }
480
481     if (d->m_usesAsyncCallbacks) {
482         client()->willSendRequestAsync(this, request, redirectResponse);
483     } else {
484         Ref<ResourceHandle> protect(*this);
485         client()->willSendRequest(this, request, redirectResponse);
486
487         // Client call may not preserve the session, especially if the request is sent over IPC.
488         if (!request.isNull())
489             request.setStorageSession(d->m_storageSession.get());
490     }
491 }
492
493 void ResourceHandle::continueWillSendRequest(const ResourceRequest& request)
494 {
495     ASSERT(d->m_usesAsyncCallbacks);
496
497     // Client call may not preserve the session, especially if the request is sent over IPC.
498     ResourceRequest newRequest = request;
499     if (!newRequest.isNull())
500         newRequest.setStorageSession(d->m_storageSession.get());
501     [(id)delegate() continueWillSendRequest:newRequest.nsURLRequest(UpdateHTTPBody)];
502 }
503
504 void ResourceHandle::continueDidReceiveResponse()
505 {
506     ASSERT(d->m_usesAsyncCallbacks);
507
508     [delegate() continueDidReceiveResponse];
509 }
510
511 bool ResourceHandle::shouldUseCredentialStorage()
512 {
513     ASSERT(!d->m_usesAsyncCallbacks);
514     return client() && client()->shouldUseCredentialStorage(this);
515 }
516
517 void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
518 {
519     ASSERT(!d->m_currentMacChallenge);
520     ASSERT(d->m_currentWebChallenge.isNull());
521     // Since NSURLConnection networking relies on keeping a reference to the original NSURLAuthenticationChallenge,
522     // we make sure that is actually present
523     ASSERT(challenge.nsURLAuthenticationChallenge());
524
525     // Proxy authentication is handled by CFNetwork internally. We can get here if the user cancels
526     // CFNetwork authentication dialog, and we shouldn't ask the client to display another one in that case.
527     if (challenge.protectionSpace().isProxy()) {
528         // Cannot use receivedRequestToContinueWithoutCredential(), because current challenge is not yet set.
529         [challenge.sender() continueWithoutCredentialForAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()];
530         return;
531     }
532
533     if (tryHandlePasswordBasedAuthentication(challenge))
534         return;
535
536 #if PLATFORM(IOS)
537     // If the challenge is for a proxy protection space, look for default credentials in
538     // the keychain.  CFNetwork used to handle this until WebCore was changed to always
539     // return NO to -connectionShouldUseCredentialStorage: for <rdar://problem/7704943>.
540     if (!challenge.previousFailureCount() && challenge.protectionSpace().isProxy()) {
541         NSURLAuthenticationChallenge *macChallenge = mac(challenge);
542         if (NSURLCredential *credential = [[NSURLCredentialStorage sharedCredentialStorage] defaultCredentialForProtectionSpace:[macChallenge protectionSpace]]) {
543             [challenge.sender() useCredential:credential forAuthenticationChallenge:macChallenge];
544             return;
545         }
546     }
547 #endif // PLATFORM(IOS)
548
549     d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge();
550     d->m_currentWebChallenge = core(d->m_currentMacChallenge);
551     d->m_currentWebChallenge.setAuthenticationClient(this);
552
553     // FIXME: Several concurrent requests can return with the an authentication challenge for the same protection space.
554     // We should avoid making additional client calls for the same protection space when already waiting for the user,
555     // because typing the same credentials several times is annoying.
556     if (client())
557         client()->didReceiveAuthenticationChallenge(this, d->m_currentWebChallenge);
558     else {
559         clearAuthentication();
560         [challenge.sender() performDefaultHandlingForAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()];
561     }
562 }
563
564 bool ResourceHandle::tryHandlePasswordBasedAuthentication(const AuthenticationChallenge& challenge)
565 {
566     if (!challenge.protectionSpace().isPasswordBased())
567         return false;
568
569     if (!d->m_user.isNull() && !d->m_pass.isNull()) {
570         NSURLCredential *credential = [[NSURLCredential alloc] initWithUser:d->m_user
571                                                                    password:d->m_pass
572                                                                 persistence:NSURLCredentialPersistenceForSession];
573         d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge();
574         d->m_currentWebChallenge = challenge;
575         receivedCredential(challenge, Credential(credential));
576         [credential release];
577         // FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly.
578         d->m_user = String();
579         d->m_pass = String();
580         return true;
581     }
582
583     // FIXME: Do not use the sync version of shouldUseCredentialStorage when the client returns true from usesAsyncCallbacks.
584     if (!client() || client()->shouldUseCredentialStorage(this)) {
585         if (!d->m_initialCredential.isEmpty() || challenge.previousFailureCount()) {
586             // The stored credential wasn't accepted, stop using it.
587             // There is a race condition here, since a different credential might have already been stored by another ResourceHandle,
588             // but the observable effect should be very minor, if any.
589             d->m_context->storageSession().credentialStorage().remove(challenge.protectionSpace());
590         }
591
592         if (!challenge.previousFailureCount()) {
593             Credential credential = d->m_context->storageSession().credentialStorage().get(challenge.protectionSpace());
594             if (!credential.isEmpty() && credential != d->m_initialCredential) {
595                 ASSERT(credential.persistence() == CredentialPersistenceNone);
596                 if (challenge.failureResponse().httpStatusCode() == 401) {
597                     // Store the credential back, possibly adding it as a default for this directory.
598                     d->m_context->storageSession().credentialStorage().set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
599                 }
600                 [challenge.sender() useCredential:credential.nsCredential() forAuthenticationChallenge:mac(challenge)];
601                 return true;
602             }
603         }
604     }
605
606     return false;
607 }
608
609 void ResourceHandle::didCancelAuthenticationChallenge(const AuthenticationChallenge& challenge)
610 {
611     ASSERT(d->m_currentMacChallenge);
612     ASSERT(d->m_currentMacChallenge == challenge.nsURLAuthenticationChallenge());
613     ASSERT(!d->m_currentWebChallenge.isNull());
614
615     if (client())
616         client()->didCancelAuthenticationChallenge(this, challenge);
617 }
618
619 #if USE(PROTECTION_SPACE_AUTH_CALLBACK)
620 bool ResourceHandle::canAuthenticateAgainstProtectionSpace(const ProtectionSpace& protectionSpace)
621 {
622     ResourceHandleClient* client = this->client();
623     if (d->m_usesAsyncCallbacks) {
624         if (client)
625             client->canAuthenticateAgainstProtectionSpaceAsync(this, protectionSpace);
626         else
627             continueCanAuthenticateAgainstProtectionSpace(false);
628         return false; // Ignored by caller.
629     }
630
631     return client && client->canAuthenticateAgainstProtectionSpace(this, protectionSpace);
632 }
633
634 void ResourceHandle::continueCanAuthenticateAgainstProtectionSpace(bool result)
635 {
636     ASSERT(d->m_usesAsyncCallbacks);
637
638     [(id)delegate() continueCanAuthenticateAgainstProtectionSpace:result];
639 }
640 #endif
641
642 void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge, const Credential& credential)
643 {
644     LOG(Network, "Handle %p receivedCredential", this);
645
646     ASSERT(!challenge.isNull());
647     if (challenge != d->m_currentWebChallenge)
648         return;
649
650     // FIXME: Support empty credentials. Currently, an empty credential cannot be stored in WebCore credential storage, as that's empty value for its map.
651     if (credential.isEmpty()) {
652         receivedRequestToContinueWithoutCredential(challenge);
653         return;
654     }
655
656     if (credential.persistence() == CredentialPersistenceForSession && challenge.protectionSpace().authenticationScheme() != ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
657         // Manage per-session credentials internally, because once NSURLCredentialPersistenceForSession is used, there is no way
658         // to ignore it for a particular request (short of removing it altogether).
659         Credential webCredential(credential, CredentialPersistenceNone);
660         URL urlToStore;
661         if (challenge.failureResponse().httpStatusCode() == 401)
662             urlToStore = challenge.failureResponse().url();
663         d->m_context->storageSession().credentialStorage().set(webCredential, ProtectionSpace([d->m_currentMacChallenge protectionSpace]), urlToStore);
664         [[d->m_currentMacChallenge sender] useCredential:webCredential.nsCredential() forAuthenticationChallenge:d->m_currentMacChallenge];
665     } else
666         [[d->m_currentMacChallenge sender] useCredential:credential.nsCredential() forAuthenticationChallenge:d->m_currentMacChallenge];
667
668     clearAuthentication();
669 }
670
671 void ResourceHandle::receivedRequestToContinueWithoutCredential(const AuthenticationChallenge& challenge)
672 {
673     LOG(Network, "Handle %p receivedRequestToContinueWithoutCredential", this);
674
675     ASSERT(!challenge.isNull());
676     if (challenge != d->m_currentWebChallenge)
677         return;
678
679     [[d->m_currentMacChallenge sender] continueWithoutCredentialForAuthenticationChallenge:d->m_currentMacChallenge];
680
681     clearAuthentication();
682 }
683
684 void ResourceHandle::receivedCancellation(const AuthenticationChallenge& challenge)
685 {
686     LOG(Network, "Handle %p receivedCancellation", this);
687
688     if (challenge != d->m_currentWebChallenge)
689         return;
690
691     if (client())
692         client()->receivedCancellation(this, challenge);
693 }
694
695 void ResourceHandle::receivedRequestToPerformDefaultHandling(const AuthenticationChallenge& challenge)
696 {
697     LOG(Network, "Handle %p receivedRequestToPerformDefaultHandling", this);
698
699     ASSERT(!challenge.isNull());
700     if (challenge != d->m_currentWebChallenge)
701         return;
702
703     [[d->m_currentMacChallenge sender] performDefaultHandlingForAuthenticationChallenge:d->m_currentMacChallenge];
704
705     clearAuthentication();
706 }
707
708 void ResourceHandle::receivedChallengeRejection(const AuthenticationChallenge& challenge)
709 {
710     LOG(Network, "Handle %p receivedChallengeRejection", this);
711
712     ASSERT(!challenge.isNull());
713     if (challenge != d->m_currentWebChallenge)
714         return;
715
716     [[d->m_currentMacChallenge sender] rejectProtectionSpaceAndContinueWithChallenge:d->m_currentMacChallenge];
717
718     clearAuthentication();
719 }
720
721 void ResourceHandle::continueWillCacheResponse(NSCachedURLResponse *response)
722 {
723     ASSERT(d->m_usesAsyncCallbacks);
724
725     [(id)delegate() continueWillCacheResponse:response];
726 }
727     
728 #endif // !USE(CFNETWORK)
729     
730 #if ENABLE(WEB_TIMING)
731
732 #if USE(CFNETWORK)
733     
734 void ResourceHandle::getConnectionTimingData(CFURLConnectionRef connection, ResourceLoadTiming& timing)
735 {
736     copyTimingData((__bridge NSDictionary*)adoptCF(_CFURLConnectionCopyTimingData(connection)).get(), timing);
737 }
738     
739 #else
740     
741 void ResourceHandle::getConnectionTimingData(NSURLConnection *connection, ResourceLoadTiming& timing)
742 {
743     copyTimingData([connection _timingData], timing);
744 }
745     
746 #endif
747     
748 #endif // ENABLE(WEB_TIMING)
749
750 } // namespace WebCore
751