2009-09-30 Maciej Stachowiak <mjs@apple.com>
[WebKit.git] / WebCore / platform / network / cf / ResourceHandleCFNet.cpp
1 /*
2  * Copyright (C) 2004, 2005, 2006, 2007, 2009 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #include "config.h"
27
28 #include "ResourceHandle.h"
29 #include "ResourceHandleClient.h"
30 #include "ResourceHandleInternal.h"
31
32 #include "AuthenticationCF.h"
33 #include "AuthenticationChallenge.h"
34 #include "Base64.h"
35 #include "CString.h"
36 #include "CookieStorageWin.h"
37 #include "CredentialStorage.h"
38 #include "DocLoader.h"
39 #include "Frame.h"
40 #include "FrameLoader.h"
41 #include "Logging.h"
42 #include "MIMETypeRegistry.h"
43 #include "ResourceError.h"
44 #include "ResourceResponse.h"
45
46 #include <wtf/HashMap.h>
47 #include <wtf/Threading.h>
48
49 #include <sys/types.h>
50 #include <sys/stat.h>
51 #include <process.h> // for _beginthread()
52
53 #include <CFNetwork/CFNetwork.h>
54 #include <WebKitSystemInterface/WebKitSystemInterface.h>
55
56 namespace WebCore {
57
58 static CFStringRef WebCoreSynchronousLoaderRunLoopMode = CFSTR("WebCoreSynchronousLoaderRunLoopMode");
59
60 class WebCoreSynchronousLoader {
61 public:
62     static RetainPtr<CFDataRef> load(const ResourceRequest&, StoredCredentials, ResourceResponse&, ResourceError&);
63
64 private:
65     WebCoreSynchronousLoader(ResourceResponse& response, ResourceError& error)
66         : m_isDone(false)
67         , m_response(response)
68         , m_error(error)
69     {
70     }
71
72     static CFURLRequestRef willSendRequest(CFURLConnectionRef, CFURLRequestRef, CFURLResponseRef, const void* clientInfo);
73     static void didReceiveResponse(CFURLConnectionRef, CFURLResponseRef, const void* clientInfo);
74     static void didReceiveData(CFURLConnectionRef, CFDataRef, CFIndex, const void* clientInfo);
75     static void didFinishLoading(CFURLConnectionRef, const void* clientInfo);
76     static void didFail(CFURLConnectionRef, CFErrorRef, const void* clientInfo);
77     static void didReceiveChallenge(CFURLConnectionRef, CFURLAuthChallengeRef, const void* clientInfo);
78     static Boolean shouldUseCredentialStorage(CFURLConnectionRef, const void* clientInfo);
79
80     bool m_isDone;
81     RetainPtr<CFURLRef> m_url;
82     RetainPtr<CFStringRef> m_user;
83     RetainPtr<CFStringRef> m_pass;
84     // Store the preemptively used initial credential so that if we get an authentication challenge, we won't use the same one again.
85     Credential m_initialCredential;
86     bool m_allowStoredCredentials;
87     ResourceResponse& m_response;
88     RetainPtr<CFMutableDataRef> m_data;
89     ResourceError& m_error;
90 };
91
92 static HashSet<String>& allowsAnyHTTPSCertificateHosts()
93 {
94     static HashSet<String> hosts;
95
96     return hosts;
97 }
98
99 static HashMap<String, RetainPtr<CFDataRef> >& clientCerts()
100 {
101     static HashMap<String, RetainPtr<CFDataRef> > certs;
102     return certs;
103 }
104
105 static void setDefaultMIMEType(CFURLResponseRef response)
106 {
107     static CFStringRef defaultMIMETypeString = defaultMIMEType().createCFString();
108     
109     CFURLResponseSetMIMEType(response, defaultMIMETypeString);
110 }
111
112 static String encodeBasicAuthorization(const String& user, const String& password)
113 {
114     CString unencodedString = (user + ":" + password).utf8();
115     Vector<char> unencoded(unencodedString.length());
116     std::copy(unencodedString.data(), unencodedString.data() + unencodedString.length(), unencoded.begin());
117     Vector<char> encoded;
118     base64Encode(unencoded, encoded);
119     return String(encoded.data(), encoded.size());
120 }
121
122 CFURLRequestRef willSendRequest(CFURLConnectionRef conn, CFURLRequestRef cfRequest, CFURLResponseRef cfRedirectResponse, const void* clientInfo)
123 {
124     ResourceHandle* handle = static_cast<ResourceHandle*>(const_cast<void*>(clientInfo));
125
126     if (!cfRedirectResponse) {
127         CFRetain(cfRequest);
128         return cfRequest;
129     }
130
131     LOG(Network, "CFNet - willSendRequest(conn=%p, handle=%p) (%s)", conn, handle, handle->request().url().string().utf8().data());
132
133     ResourceRequest request;
134     if (cfRedirectResponse) {
135         CFHTTPMessageRef httpMessage = CFURLResponseGetHTTPResponse(cfRedirectResponse);
136         if (httpMessage && CFHTTPMessageGetResponseStatusCode(httpMessage) == 307) {
137             RetainPtr<CFStringRef> originalMethod(AdoptCF, handle->request().httpMethod().createCFString());
138             RetainPtr<CFStringRef> newMethod(AdoptCF, CFURLRequestCopyHTTPRequestMethod(cfRequest));
139             if (CFStringCompareWithOptions(originalMethod.get(), newMethod.get(), CFRangeMake(0, CFStringGetLength(originalMethod.get())), kCFCompareCaseInsensitive)) {
140                 RetainPtr<CFMutableURLRequestRef> mutableRequest(AdoptCF, CFURLRequestCreateMutableCopy(0, cfRequest));
141                 CFURLRequestSetHTTPRequestMethod(mutableRequest.get(), originalMethod.get());
142
143                 FormData* body = handle->request().httpBody();
144                 if (!equalIgnoringCase(handle->request().httpMethod(), "GET") && body && !body->isEmpty())
145                     WebCore::setHTTPBody(mutableRequest, body);
146
147                 String originalContentType = m_handle->request.httpContentType();
148                 if (!originalContentType->isEmpty())
149                     CFURLRequestSetHTTPHeaderFieldValue(mutableRequest.get(), CFSTR("Content-Type"), originalContentType);
150
151                 request = mutableRequest.get();
152             }
153         }
154     }
155     if (request.isNull())
156         request = cfRequest;
157     
158     handle->willSendRequest(request, cfRedirectResponse);
159
160     if (request.isNull())
161         return 0;
162
163     cfRequest = request.cfURLRequest();
164
165     CFRetain(cfRequest);
166     return cfRequest;
167 }
168
169 void didReceiveResponse(CFURLConnectionRef conn, CFURLResponseRef cfResponse, const void* clientInfo) 
170 {
171     ResourceHandle* handle = static_cast<ResourceHandle*>(const_cast<void*>(clientInfo));
172
173     LOG(Network, "CFNet - didReceiveResponse(conn=%p, handle=%p) (%s)", conn, handle, handle->request().url().string().utf8().data());
174
175     if (!handle->client())
176         return;
177
178     if (!CFURLResponseGetMIMEType(cfResponse)) {
179         // We should never be applying the default MIMEType if we told the networking layer to do content sniffing for handle.
180         ASSERT(!handle->shouldContentSniff());
181         setDefaultMIMEType(cfResponse);
182     }
183     
184     handle->client()->didReceiveResponse(handle, cfResponse);
185 }
186
187 void didReceiveData(CFURLConnectionRef conn, CFDataRef data, CFIndex originalLength, const void* clientInfo) 
188 {
189     ResourceHandle* handle = static_cast<ResourceHandle*>(const_cast<void*>(clientInfo));
190     const UInt8* bytes = CFDataGetBytePtr(data);
191     CFIndex length = CFDataGetLength(data);
192
193     LOG(Network, "CFNet - didReceiveData(conn=%p, handle=%p, bytes=%d) (%s)", conn, handle, length, handle->request().url().string().utf8().data());
194
195     if (handle->client())
196         handle->client()->didReceiveData(handle, (const char*)bytes, length, originalLength);
197 }
198
199 static void didSendBodyData(CFURLConnectionRef conn, CFIndex bytesWritten, CFIndex totalBytesWritten, CFIndex totalBytesExpectedToWrite, const void *clientInfo)
200 {
201     ResourceHandle* handle = static_cast<ResourceHandle*>(const_cast<void*>(clientInfo));
202     if (!handle || !handle->client())
203         return;
204     handle->client()->didSendData(handle, totalBytesWritten, totalBytesExpectedToWrite);
205 }
206
207 static Boolean shouldUseCredentialStorageCallback(CFURLConnectionRef conn, const void* clientInfo)
208 {
209     ResourceHandle* handle = const_cast<ResourceHandle*>(static_cast<const ResourceHandle*>(clientInfo));
210
211     LOG(Network, "CFNet - shouldUseCredentialStorage(conn=%p, handle=%p) (%s)", conn, handle, handle->request().url().string().utf8().data());
212
213     if (!handle)
214         return false;
215
216     return handle->shouldUseCredentialStorage();
217 }
218
219 void didFinishLoading(CFURLConnectionRef conn, const void* clientInfo) 
220 {
221     ResourceHandle* handle = static_cast<ResourceHandle*>(const_cast<void*>(clientInfo));
222
223     LOG(Network, "CFNet - didFinishLoading(conn=%p, handle=%p) (%s)", conn, handle, handle->request().url().string().utf8().data());
224
225     if (handle->client())
226         handle->client()->didFinishLoading(handle);
227 }
228
229 void didFail(CFURLConnectionRef conn, CFErrorRef error, const void* clientInfo) 
230 {
231     ResourceHandle* handle = static_cast<ResourceHandle*>(const_cast<void*>(clientInfo));
232
233     LOG(Network, "CFNet - didFail(conn=%p, handle=%p, error = %p) (%s)", conn, handle, error, handle->request().url().string().utf8().data());
234
235     if (handle->client())
236         handle->client()->didFail(handle, ResourceError(error));
237 }
238
239 CFCachedURLResponseRef willCacheResponse(CFURLConnectionRef conn, CFCachedURLResponseRef cachedResponse, const void* clientInfo) 
240 {
241     ResourceHandle* handle = static_cast<ResourceHandle*>(const_cast<void*>(clientInfo));
242
243     if (handle->client() && !handle->client()->shouldCacheResponse(handle, cachedResponse))
244         return 0;
245
246     CacheStoragePolicy policy = static_cast<CacheStoragePolicy>(CFCachedURLResponseGetStoragePolicy(cachedResponse));
247
248     if (handle->client())
249         handle->client()->willCacheResponse(handle, policy);
250
251     if (static_cast<CFURLCacheStoragePolicy>(policy) != CFCachedURLResponseGetStoragePolicy(cachedResponse))
252         cachedResponse = CFCachedURLResponseCreateWithUserInfo(kCFAllocatorDefault, 
253                                                                CFCachedURLResponseGetWrappedResponse(cachedResponse),
254                                                                CFCachedURLResponseGetReceiverData(cachedResponse),
255                                                                CFCachedURLResponseGetUserInfo(cachedResponse), 
256                                                                static_cast<CFURLCacheStoragePolicy>(policy));
257     CFRetain(cachedResponse);
258
259     return cachedResponse;
260 }
261
262 void didReceiveChallenge(CFURLConnectionRef conn, CFURLAuthChallengeRef challenge, const void* clientInfo)
263 {
264     ResourceHandle* handle = static_cast<ResourceHandle*>(const_cast<void*>(clientInfo));
265     ASSERT(handle);
266     LOG(Network, "CFNet - didReceiveChallenge(conn=%p, handle=%p (%s)", conn, handle, handle->request().url().string().utf8().data());
267
268     handle->didReceiveAuthenticationChallenge(AuthenticationChallenge(challenge, handle));
269 }
270
271 void addHeadersFromHashMap(CFMutableURLRequestRef request, const HTTPHeaderMap& requestHeaders) 
272 {
273     if (!requestHeaders.size())
274         return;
275
276     HTTPHeaderMap::const_iterator end = requestHeaders.end();
277     for (HTTPHeaderMap::const_iterator it = requestHeaders.begin(); it != end; ++it) {
278         CFStringRef key = it->first.createCFString();
279         CFStringRef value = it->second.createCFString();
280         CFURLRequestSetHTTPHeaderFieldValue(request, key, value);
281         CFRelease(key);
282         CFRelease(value);
283     }
284 }
285
286 ResourceHandleInternal::~ResourceHandleInternal()
287 {
288     if (m_connection) {
289         LOG(Network, "CFNet - Cancelling connection %p (%s)", m_connection, m_request.url().string().utf8().data());
290         CFURLConnectionCancel(m_connection.get());
291     }
292 }
293
294 ResourceHandle::~ResourceHandle()
295 {
296     LOG(Network, "CFNet - Destroying job %p (%s)", this, d->m_request.url().string().utf8().data());
297 }
298
299 CFArrayRef arrayFromFormData(const FormData& d)
300 {
301     size_t size = d.elements().size();
302     CFMutableArrayRef a = CFArrayCreateMutable(0, d.elements().size(), &kCFTypeArrayCallBacks);
303     for (size_t i = 0; i < size; ++i) {
304         const FormDataElement& e = d.elements()[i];
305         if (e.m_type == FormDataElement::data) {
306             CFDataRef data = CFDataCreate(0, (const UInt8*)e.m_data.data(), e.m_data.size());
307             CFArrayAppendValue(a, data);
308             CFRelease(data);
309         } else {
310             ASSERT(e.m_type == FormDataElement::encodedFile);
311             CFStringRef filename = e.m_filename.createCFString();
312             CFArrayAppendValue(a, filename);
313             CFRelease(filename);
314         }
315     }
316     return a;
317 }
318
319 void emptyPerform(void* unused) 
320 {
321 }
322
323 static CFRunLoopRef loaderRL = 0;
324 void* runLoaderThread(void *unused)
325 {
326     loaderRL = CFRunLoopGetCurrent();
327
328     // Must add a source to the run loop to prevent CFRunLoopRun() from exiting
329     CFRunLoopSourceContext ctxt = {0, (void *)1 /*must be non-NULL*/, 0, 0, 0, 0, 0, 0, 0, emptyPerform};
330     CFRunLoopSourceRef bogusSource = CFRunLoopSourceCreate(0, 0, &ctxt);
331     CFRunLoopAddSource(loaderRL, bogusSource,kCFRunLoopDefaultMode);
332
333     CFRunLoopRun();
334
335     return 0;
336 }
337
338 CFRunLoopRef ResourceHandle::loaderRunLoop()
339 {
340     if (!loaderRL) {
341         createThread(runLoaderThread, 0, "WebCore: CFNetwork Loader");
342         while (loaderRL == 0) {
343             // FIXME: sleep 10? that can't be right...
344             Sleep(10);
345         }
346     }
347     return loaderRL;
348 }
349
350 static CFURLRequestRef makeFinalRequest(const ResourceRequest& request, bool shouldContentSniff)
351 {
352     CFMutableURLRequestRef newRequest = CFURLRequestCreateMutableCopy(kCFAllocatorDefault, request.cfURLRequest());
353     
354     if (!shouldContentSniff)
355         wkSetCFURLRequestShouldContentSniff(newRequest, false);
356
357     RetainPtr<CFMutableDictionaryRef> sslProps;
358
359     if (allowsAnyHTTPSCertificateHosts().contains(request.url().host().lower())) {
360         sslProps.adoptCF(CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks));
361         CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsAnyRoot, kCFBooleanTrue);
362         CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsExpiredRoots, kCFBooleanTrue);
363         CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsExpiredCertificates, kCFBooleanTrue);
364         CFDictionaryAddValue(sslProps.get(), kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse);
365     }
366
367     HashMap<String, RetainPtr<CFDataRef> >::iterator clientCert = clientCerts().find(request.url().host().lower());
368     if (clientCert != clientCerts().end()) {
369         if (!sslProps)
370             sslProps.adoptCF(CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks));
371         wkSetClientCertificateInSSLProperties(sslProps.get(), (clientCert->second).get());
372     }
373
374     if (sslProps)
375         CFURLRequestSetSSLProperties(newRequest, sslProps.get());
376
377     if (CFHTTPCookieStorageRef cookieStorage = currentCookieStorage()) {
378         CFURLRequestSetHTTPCookieStorage(newRequest, cookieStorage);
379         CFURLRequestSetHTTPCookieStorageAcceptPolicy(newRequest, CFHTTPCookieStorageGetCookieAcceptPolicy(cookieStorage));
380     }
381
382     return newRequest;
383 }
384
385 bool ResourceHandle::start(Frame* frame)
386 {
387     // If we are no longer attached to a Page, this must be an attempted load from an
388     // onUnload handler, so let's just block it.
389     if (!frame->page())
390         return false;
391
392     if ((!d->m_user.isEmpty() || !d->m_pass.isEmpty()) && !d->m_request.url().protocolInHTTPFamily()) {
393         // Credentials for ftp can only be passed in URL, the didReceiveAuthenticationChallenge delegate call won't be made.
394         KURL urlWithCredentials(d->m_request.url());
395         urlWithCredentials.setUser(d->m_user);
396         urlWithCredentials.setPass(d->m_pass);
397         d->m_request.setURL(urlWithCredentials);
398     }
399
400     // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, 
401     // try and reuse the credential preemptively, as allowed by RFC 2617.
402     if (!client() || client()->shouldUseCredentialStorage(this) && d->m_request.url().protocolInHTTPFamily())
403         d->m_initialCredential = CredentialStorage::getDefaultAuthenticationCredential(d->m_request.url());
404         
405     if (!d->m_initialCredential.isEmpty()) {
406         String authHeader = "Basic " + encodeBasicAuthorization(d->m_initialCredential.user(), d->m_initialCredential.password());
407         d->m_request.addHTTPHeaderField("Authorization", authHeader);
408     }
409
410     RetainPtr<CFURLRequestRef> request(AdoptCF, makeFinalRequest(d->m_request, d->m_shouldContentSniff));
411
412     CFURLConnectionClient_V3 client = { 3, this, 0, 0, 0, WebCore::willSendRequest, didReceiveResponse, didReceiveData, NULL, didFinishLoading, didFail, willCacheResponse, didReceiveChallenge, didSendBodyData, shouldUseCredentialStorageCallback, 0};
413
414     d->m_connection.adoptCF(CFURLConnectionCreate(0, request.get(), reinterpret_cast<CFURLConnectionClient*>(&client)));
415
416     CFURLConnectionScheduleWithCurrentMessageQueue(d->m_connection.get());
417     CFURLConnectionScheduleDownloadWithRunLoop(d->m_connection.get(), loaderRunLoop(), kCFRunLoopDefaultMode);
418     CFURLConnectionStart(d->m_connection.get());
419
420     LOG(Network, "CFNet - Starting URL %s (handle=%p, conn=%p)", d->m_request.url().string().utf8().data(), this, d->m_connection);
421
422     return true;
423 }
424
425 void ResourceHandle::cancel()
426 {
427     if (d->m_connection) {
428         CFURLConnectionCancel(d->m_connection.get());
429         d->m_connection = 0;
430     }
431 }
432
433 PassRefPtr<SharedBuffer> ResourceHandle::bufferedData()
434 {
435     ASSERT_NOT_REACHED();
436     return 0;
437 }
438
439 bool ResourceHandle::supportsBufferedData()
440 {
441     return false;
442 }
443
444 void ResourceHandle::willSendRequest(ResourceRequest& request, const ResourceResponse& redirectResponse)
445 {
446     const KURL& url = request.url();
447     d->m_user = url.user();
448     d->m_pass = url.pass();
449     request.removeCredentials();
450
451     client()->willSendRequest(this, request, redirectResponse);
452 }
453
454 bool ResourceHandle::shouldUseCredentialStorage()
455 {
456     LOG(Network, "CFNet - shouldUseCredentialStorage()");
457     if (client())
458         return client()->shouldUseCredentialStorage(this);
459
460     return false;
461 }
462
463 void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
464 {
465     LOG(Network, "CFNet - didReceiveAuthenticationChallenge()");
466     ASSERT(!d->m_currentCFChallenge);
467     ASSERT(d->m_currentWebChallenge.isNull());
468     // Since CFURLConnection networking relies on keeping a reference to the original CFURLAuthChallengeRef,
469     // we make sure that is actually present
470     ASSERT(challenge.cfURLAuthChallengeRef());
471
472     if (!d->m_user.isNull() && !d->m_pass.isNull()) {
473         RetainPtr<CFStringRef> user(AdoptCF, d->m_user.createCFString());
474         RetainPtr<CFStringRef> pass(AdoptCF, d->m_pass.createCFString());
475         RetainPtr<CFURLCredentialRef> credential(AdoptCF,
476             CFURLCredentialCreate(kCFAllocatorDefault, user.get(), pass.get(), 0, kCFURLCredentialPersistenceNone));
477         
478         KURL urlToStore;
479         if (challenge.failureResponse().httpStatusCode() == 401)
480             urlToStore = d->m_request.url();
481         CredentialStorage::set(core(credential.get()), challenge.protectionSpace(), urlToStore);
482         
483         CFURLConnectionUseCredential(d->m_connection.get(), credential.get(), challenge.cfURLAuthChallengeRef());
484         d->m_user = String();
485         d->m_pass = String();
486         // FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly.
487         return;
488     }
489
490     if (!challenge.previousFailureCount() && (!client() || client()->shouldUseCredentialStorage(this))) {
491         Credential credential = CredentialStorage::get(challenge.protectionSpace());
492         if (!credential.isEmpty() && credential != d->m_initialCredential) {
493             ASSERT(credential.persistence() == CredentialPersistenceNone);
494             RetainPtr<CFURLCredentialRef> cfCredential(AdoptCF, createCF(credential));
495             CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef());
496             return;
497         }
498     }
499
500     d->m_currentCFChallenge = challenge.cfURLAuthChallengeRef();
501     d->m_currentWebChallenge = AuthenticationChallenge(d->m_currentCFChallenge, this);
502     
503     if (client())
504         client()->didReceiveAuthenticationChallenge(this, d->m_currentWebChallenge);
505 }
506
507 void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge, const Credential& credential)
508 {
509     LOG(Network, "CFNet - receivedCredential()");
510     ASSERT(!challenge.isNull());
511     ASSERT(challenge.cfURLAuthChallengeRef());
512     if (challenge != d->m_currentWebChallenge)
513         return;
514
515     if (credential.persistence() == CredentialPersistenceForSession) {
516         // Manage per-session credentials internally, because once NSURLCredentialPersistencePerSession is used, there is no way
517         // to ignore it for a particular request (short of removing it altogether).
518         Credential webCredential(credential.user(), credential.password(), CredentialPersistenceNone);
519         RetainPtr<CFURLCredentialRef> cfCredential(AdoptCF, createCF(webCredential));
520         
521         KURL urlToStore;
522         if (challenge.failureResponse().httpStatusCode() == 401)
523             urlToStore = d->m_request.url();      
524         CredentialStorage::set(webCredential, challenge.protectionSpace(), urlToStore);
525
526         CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef());
527     } else {
528         RetainPtr<CFURLCredentialRef> cfCredential(AdoptCF, createCF(credential));
529         CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef());
530     }
531
532     clearAuthentication();
533 }
534
535 void ResourceHandle::receivedRequestToContinueWithoutCredential(const AuthenticationChallenge& challenge)
536 {
537     LOG(Network, "CFNet - receivedRequestToContinueWithoutCredential()");
538     ASSERT(!challenge.isNull());
539     ASSERT(challenge.cfURLAuthChallengeRef());
540     if (challenge != d->m_currentWebChallenge)
541         return;
542
543     CFURLConnectionUseCredential(d->m_connection.get(), 0, challenge.cfURLAuthChallengeRef());
544
545     clearAuthentication();
546 }
547
548 void ResourceHandle::receivedCancellation(const AuthenticationChallenge& challenge)
549 {
550     LOG(Network, "CFNet - receivedCancellation()");
551     if (challenge != d->m_currentWebChallenge)
552         return;
553
554     if (client())
555         client()->receivedCancellation(this, challenge);
556 }
557
558 CFURLConnectionRef ResourceHandle::connection() const
559 {
560     return d->m_connection.get();
561 }
562
563 CFURLConnectionRef ResourceHandle::releaseConnectionForDownload()
564 {
565     LOG(Network, "CFNet - Job %p releasing connection %p for download", this, d->m_connection.get());
566     return d->m_connection.releaseRef();
567 }
568
569 void ResourceHandle::loadResourceSynchronously(const ResourceRequest& request, StoredCredentials storedCredentials, ResourceError& error, ResourceResponse& response, Vector<char>& vector, Frame*)
570 {
571     ASSERT(!request.isEmpty());
572
573     RetainPtr<CFDataRef> data = WebCoreSynchronousLoader::load(request, storedCredentials, response, error);
574
575     if (!error.isNull()) {
576         response = ResourceResponse(request.url(), String(), 0, String(), String());
577
578         CFErrorRef cfError = error;
579         CFStringRef domain = CFErrorGetDomain(cfError);
580         // FIXME: Return the actual response for failed authentication.
581         if (domain == kCFErrorDomainCFNetwork)
582             response.setHTTPStatusCode(CFErrorGetCode(cfError));
583         else
584             response.setHTTPStatusCode(404);
585     }
586
587     if (data) {
588         ASSERT(vector.isEmpty());
589         vector.append(CFDataGetBytePtr(data.get()), CFDataGetLength(data.get()));
590     }
591 }
592
593 void ResourceHandle::setHostAllowsAnyHTTPSCertificate(const String& host)
594 {
595     allowsAnyHTTPSCertificateHosts().add(host.lower());
596 }
597
598 void ResourceHandle::setClientCertificate(const String& host, CFDataRef cert)
599 {
600     clientCerts().set(host.lower(), cert);
601 }
602
603 void ResourceHandle::setDefersLoading(bool defers)
604 {
605     if (!d->m_connection)
606         return;
607
608     if (defers)
609         CFURLConnectionHalt(d->m_connection.get());
610     else
611         CFURLConnectionResume(d->m_connection.get());
612 }
613
614 bool ResourceHandle::loadsBlocked()
615 {
616     return false;
617 }
618
619 bool ResourceHandle::willLoadFromCache(ResourceRequest& request, Frame* frame)
620 {
621     request.setCachePolicy(ReturnCacheDataDontLoad);
622     
623     CFURLResponseRef cfResponse = 0;
624     CFErrorRef cfError = 0;
625     RetainPtr<CFURLRequestRef> cfRequest(AdoptCF, makeFinalRequest(request, true));
626     RetainPtr<CFDataRef> data(AdoptCF, CFURLConnectionSendSynchronousRequest(cfRequest.get(), &cfResponse, &cfError, request.timeoutInterval()));
627     bool cached = cfResponse && !cfError;
628
629     if (cfError)
630         CFRelease(cfError);
631     if (cfResponse)
632         CFRelease(cfResponse);
633
634     return cached;
635 }
636
637 CFURLRequestRef WebCoreSynchronousLoader::willSendRequest(CFURLConnectionRef, CFURLRequestRef cfRequest, CFURLResponseRef cfRedirectResponse, const void* clientInfo)
638 {
639     WebCoreSynchronousLoader* loader = static_cast<WebCoreSynchronousLoader*>(const_cast<void*>(clientInfo));
640
641     // FIXME: This needs to be fixed to follow the redirect correctly even for cross-domain requests.
642     if (loader->m_url && !protocolHostAndPortAreEqual(loader->m_url.get(), CFURLRequestGetURL(cfRequest))) {
643         RetainPtr<CFErrorRef> cfError(AdoptCF, CFErrorCreate(kCFAllocatorDefault, kCFErrorDomainCFNetwork, kCFURLErrorBadServerResponse, 0));
644         loader->m_error = cfError.get();
645         loader->m_isDone = true;
646         return 0;
647     }
648
649     loader->m_url = CFURLRequestGetURL(cfRequest);
650
651     if (cfRedirectResponse) {
652         // Take user/pass out of the URL.
653         loader->m_user.adoptCF(CFURLCopyUserName(loader->m_url.get()));
654         loader->m_pass.adoptCF(CFURLCopyPassword(loader->m_url.get()));
655         if (loader->m_user || loader->m_pass) {
656             ResourceRequest requestWithoutCredentials = cfRequest;
657             requestWithoutCredentials.removeCredentials();
658             cfRequest = requestWithoutCredentials.cfURLRequest();
659         }
660     }
661
662     CFRetain(cfRequest);
663     return cfRequest;
664 }
665
666 void WebCoreSynchronousLoader::didReceiveResponse(CFURLConnectionRef, CFURLResponseRef cfResponse, const void* clientInfo) 
667 {
668     WebCoreSynchronousLoader* loader = static_cast<WebCoreSynchronousLoader*>(const_cast<void*>(clientInfo));
669
670     loader->m_response = cfResponse;
671 }
672
673 void WebCoreSynchronousLoader::didReceiveData(CFURLConnectionRef, CFDataRef data, CFIndex originalLength, const void* clientInfo)
674 {
675     WebCoreSynchronousLoader* loader = static_cast<WebCoreSynchronousLoader*>(const_cast<void*>(clientInfo));
676
677     if (!loader->m_data)
678         loader->m_data.adoptCF(CFDataCreateMutable(kCFAllocatorDefault, 0));
679
680     const UInt8* bytes = CFDataGetBytePtr(data);
681     CFIndex length = CFDataGetLength(data);
682
683     CFDataAppendBytes(loader->m_data.get(), bytes, length);
684 }
685
686 void WebCoreSynchronousLoader::didFinishLoading(CFURLConnectionRef, const void* clientInfo)
687 {
688     WebCoreSynchronousLoader* loader = static_cast<WebCoreSynchronousLoader*>(const_cast<void*>(clientInfo));
689
690     loader->m_isDone = true;
691 }
692
693 void WebCoreSynchronousLoader::didFail(CFURLConnectionRef, CFErrorRef error, const void* clientInfo)
694 {
695     WebCoreSynchronousLoader* loader = static_cast<WebCoreSynchronousLoader*>(const_cast<void*>(clientInfo));
696
697     loader->m_error = error;
698     loader->m_isDone = true;
699 }
700
701 void WebCoreSynchronousLoader::didReceiveChallenge(CFURLConnectionRef conn, CFURLAuthChallengeRef challenge, const void* clientInfo)
702 {
703     WebCoreSynchronousLoader* loader = static_cast<WebCoreSynchronousLoader*>(const_cast<void*>(clientInfo));
704
705     if (loader->m_user && loader->m_pass) {
706         Credential credential(loader->m_user.get(), loader->m_pass.get(), CredentialPersistenceNone);
707         RetainPtr<CFURLCredentialRef> cfCredential(AdoptCF, createCF(credential));
708         
709         CFURLResponseRef urlResponse = (CFURLResponseRef)CFURLAuthChallengeGetFailureResponse(challenge);
710         CFHTTPMessageRef httpResponse = urlResponse ? CFURLResponseGetHTTPResponse(urlResponse) : 0;
711         KURL urlToStore;
712         if (httpResponse && CFHTTPMessageGetResponseStatusCode(httpResponse) == 401)
713             urlToStore = loader->m_url.get();
714             
715         CredentialStorage::set(credential, core(CFURLAuthChallengeGetProtectionSpace(challenge)), urlToStore);
716         
717         CFURLConnectionUseCredential(conn, cfCredential.get(), challenge);
718         loader->m_user = 0;
719         loader->m_pass = 0;
720         return;
721     }
722     if (!CFURLAuthChallengeGetPreviousFailureCount(challenge) && loader->m_allowStoredCredentials) {
723         Credential credential = CredentialStorage::get(core(CFURLAuthChallengeGetProtectionSpace(challenge)));
724         if (!credential.isEmpty() && credential != loader->m_initialCredential) {
725             ASSERT(credential.persistence() == CredentialPersistenceNone);
726             RetainPtr<CFURLCredentialRef> cfCredential(AdoptCF, createCF(credential));
727             CFURLConnectionUseCredential(conn, cfCredential.get(), challenge);
728             return;
729         }
730     }
731     // FIXME: The user should be asked for credentials, as in async case.
732     CFURLConnectionUseCredential(conn, 0, challenge);
733 }
734
735 Boolean WebCoreSynchronousLoader::shouldUseCredentialStorage(CFURLConnectionRef, const void* clientInfo)
736 {
737     WebCoreSynchronousLoader* loader = static_cast<WebCoreSynchronousLoader*>(const_cast<void*>(clientInfo));
738
739     // FIXME: We should ask FrameLoaderClient whether using credential storage is globally forbidden.
740     return loader->m_allowStoredCredentials;
741 }
742
743 RetainPtr<CFDataRef> WebCoreSynchronousLoader::load(const ResourceRequest& request, StoredCredentials storedCredentials, ResourceResponse& response, ResourceError& error)
744 {
745     ASSERT(response.isNull());
746     ASSERT(error.isNull());
747
748     WebCoreSynchronousLoader loader(response, error);
749
750     KURL url = request.url();
751
752     if (url.user().length())
753         loader.m_user.adoptCF(url.user().createCFString());
754     if (url.pass().length())
755         loader.m_pass.adoptCF(url.pass().createCFString());
756     loader.m_allowStoredCredentials = (storedCredentials == AllowStoredCredentials);
757
758     // Take user/pass out of the URL.
759     // Credentials for ftp can only be passed in URL, the didReceiveAuthenticationChallenge delegate call won't be made.
760     RetainPtr<CFURLRequestRef> cfRequest;
761     if ((loader.m_user || loader.m_pass) && url.protocolInHTTPFamily()) {
762         ResourceRequest requestWithoutCredentials(request);
763         requestWithoutCredentials.removeCredentials();
764         cfRequest.adoptCF(makeFinalRequest(requestWithoutCredentials, ResourceHandle::shouldContentSniffURL(requestWithoutCredentials.url())));
765     } else {
766         // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, 
767         // try and reuse the credential preemptively, as allowed by RFC 2617.
768         ResourceRequest requestWithInitialCredential(request);
769         if (loader.m_allowStoredCredentials && url.protocolInHTTPFamily())
770             loader.m_initialCredential = CredentialStorage::getDefaultAuthenticationCredential(url);
771
772         if (!loader.m_initialCredential.isEmpty()) {
773             String authHeader = "Basic " + encodeBasicAuthorization(loader.m_initialCredential.user(), loader.m_initialCredential.password());
774             requestWithInitialCredential.addHTTPHeaderField("Authorization", authHeader);
775         }
776
777         cfRequest.adoptCF(makeFinalRequest(requestWithInitialCredential, ResourceHandle::shouldContentSniffURL(requestWithInitialCredential.url())));
778     }
779
780     CFURLConnectionClient_V3 client = { 3, &loader, 0, 0, 0, willSendRequest, didReceiveResponse, didReceiveData, 0, didFinishLoading, didFail, 0, didReceiveChallenge, 0, shouldUseCredentialStorage, 0 };
781     RetainPtr<CFURLConnectionRef> connection(AdoptCF, CFURLConnectionCreate(kCFAllocatorDefault, cfRequest.get(), reinterpret_cast<CFURLConnectionClient*>(&client)));
782
783     CFURLConnectionScheduleWithRunLoop(connection.get(), CFRunLoopGetCurrent(), WebCoreSynchronousLoaderRunLoopMode);
784     CFURLConnectionScheduleDownloadWithRunLoop(connection.get(), CFRunLoopGetCurrent(), WebCoreSynchronousLoaderRunLoopMode);
785     CFURLConnectionStart(connection.get());
786
787     while (!loader.m_isDone)
788         CFRunLoopRunInMode(WebCoreSynchronousLoaderRunLoopMode, UINT_MAX, true);
789
790     CFURLConnectionCancel(connection.get());
791     
792     if (error.isNull() && loader.m_response.mimeType().isNull())
793         setDefaultMIMEType(loader.m_response.cfURLResponse());
794
795     return loader.m_data;
796 }
797
798 } // namespace WebCore