Diff
Modified: trunk/Source/WebKit/ChangeLog (222666 => 222667)
--- trunk/Source/WebKit/ChangeLog 2017-09-29 21:35:59 UTC (rev 222666)
+++ trunk/Source/WebKit/ChangeLog 2017-09-29 22:08:33 UTC (rev 222667)
@@ -1,3 +1,34 @@
+2017-09-29 Chris Dumez <[email protected]>
+
+ [WK2][NETWORK_SESSION] Move some authentication-related code to avoid duplication
+ https://bugs.webkit.org/show_bug.cgi?id=177667
+
+ Reviewed by Alex Christensen.
+
+ Move some authentication-related code to avoid duplication.
+ This is a preparation code supporting Download authentication
+ as Download uses a NSURLSessionDownloadTask and not a
+ NetworkDataTask.
+
+ * NetworkProcess/NetworkDataTask.h:
+ (WebKit::NetworkDataTask::setSuggestedFilename):
+ * NetworkProcess/NetworkLoad.cpp:
+ (WebKit::NetworkLoad::didReceiveChallenge):
+ (WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):
+ * NetworkProcess/NetworkSession.cpp:
+ (WebKit::NetworkSession::allowsSpecificHTTPSCertificateForHost):
+ * NetworkProcess/NetworkSession.h:
+ * NetworkProcess/PreconnectTask.cpp:
+ (WebKit::PreconnectTask::didReceiveChallenge):
+ * NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
+ * NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
+ (WebKit::NetworkDataTaskCocoa::didReceiveChallenge):
+ * NetworkProcess/cocoa/NetworkSessionCocoa.h:
+ * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+ (-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
+ (WebKit::certificatesMatch):
+ (WebKit::NetworkSessionCocoa::allowsSpecificHTTPSCertificateForHost):
+
2017-09-29 Alex Christensen <[email protected]>
Fix WKWebViewConfigurationPrivate after r222663
Modified: trunk/Source/WebKit/NetworkProcess/NetworkDataTask.h (222666 => 222667)
--- trunk/Source/WebKit/NetworkProcess/NetworkDataTask.h 2017-09-29 21:35:59 UTC (rev 222666)
+++ trunk/Source/WebKit/NetworkProcess/NetworkDataTask.h 2017-09-29 22:08:33 UTC (rev 222667)
@@ -126,7 +126,6 @@
const WebCore::ResourceRequest& firstRequest() const { return m_firstRequest; }
virtual String suggestedFilename() const { return String(); }
void setSuggestedFilename(const String& suggestedName) { m_suggestedFilename = suggestedName; }
- virtual bool allowsSpecificHTTPSCertificateForHost(const WebCore::AuthenticationChallenge&) { return false; }
const String& partition() { return m_partition; }
protected:
Modified: trunk/Source/WebKit/NetworkProcess/NetworkLoad.cpp (222666 => 222667)
--- trunk/Source/WebKit/NetworkProcess/NetworkLoad.cpp 2017-09-29 21:35:59 UTC (rev 222666)
+++ trunk/Source/WebKit/NetworkProcess/NetworkLoad.cpp 2017-09-29 22:08:33 UTC (rev 222667)
@@ -29,6 +29,7 @@
#include "AuthenticationManager.h"
#include "DownloadProxyMessages.h"
#include "NetworkProcess.h"
+#include "NetworkSession.h"
#include "SessionTracker.h"
#include "WebCoreArgumentCoders.h"
#include "WebErrors.h"
@@ -316,18 +317,6 @@
void NetworkLoad::didReceiveChallenge(const AuthenticationChallenge& challenge, ChallengeCompletionHandler&& completionHandler)
{
- // Handle server trust evaluation at platform-level if requested, for performance reasons.
-#if PLATFORM(COCOA)
- if (challenge.protectionSpace().authenticationScheme() == ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested
- && !NetworkProcess::singleton().canHandleHTTPSServerTrustEvaluation()) {
- if (m_task && m_task->allowsSpecificHTTPSCertificateForHost(challenge))
- completionHandler(AuthenticationChallengeDisposition::UseCredential, serverTrustCredential(challenge));
- else
- completionHandler(AuthenticationChallengeDisposition::RejectProtectionSpace, { });
- return;
- }
-#endif
-
m_challenge = challenge;
#if USE(PROTECTION_SPACE_AUTH_CALLBACK)
m_challengeCompletionHandler = WTFMove(completionHandler);
@@ -360,7 +349,7 @@
ASSERT(m_challengeCompletionHandler);
auto completionHandler = std::exchange(m_challengeCompletionHandler, nullptr);
if (!result) {
- if (m_task && m_task->allowsSpecificHTTPSCertificateForHost(*m_challenge))
+ if (NetworkSession::allowsSpecificHTTPSCertificateForHost(*m_challenge))
completionHandler(AuthenticationChallengeDisposition::UseCredential, serverTrustCredential(*m_challenge));
else
completionHandler(AuthenticationChallengeDisposition::RejectProtectionSpace, { });
Modified: trunk/Source/WebKit/NetworkProcess/NetworkSession.cpp (222666 => 222667)
--- trunk/Source/WebKit/NetworkProcess/NetworkSession.cpp 2017-09-29 21:35:59 UTC (rev 222666)
+++ trunk/Source/WebKit/NetworkProcess/NetworkSession.cpp 2017-09-29 22:08:33 UTC (rev 222667)
@@ -89,6 +89,15 @@
task->invalidateAndCancel();
}
+bool NetworkSession::allowsSpecificHTTPSCertificateForHost(const WebCore::AuthenticationChallenge& challenge)
+{
+#if PLATFORM(COCOA)
+ return NetworkSessionCocoa::allowsSpecificHTTPSCertificateForHost(challenge);
+#else
+ return false;
+#endif
+}
+
} // namespace WebKit
#endif // USE(NETWORK_SESSION)
Modified: trunk/Source/WebKit/NetworkProcess/NetworkSession.h (222666 => 222667)
--- trunk/Source/WebKit/NetworkProcess/NetworkSession.h 2017-09-29 21:35:59 UTC (rev 222666)
+++ trunk/Source/WebKit/NetworkProcess/NetworkSession.h 2017-09-29 22:08:33 UTC (rev 222667)
@@ -33,6 +33,7 @@
#include <wtf/RefCounted.h>
namespace WebCore {
+class AuthenticationChallenge;
class NetworkStorageSession;
}
@@ -56,6 +57,8 @@
void registerNetworkDataTask(NetworkDataTask& task) { m_dataTaskSet.add(&task); }
void unregisterNetworkDataTask(NetworkDataTask& task) { m_dataTaskSet.remove(&task); }
+ static bool allowsSpecificHTTPSCertificateForHost(const WebCore::AuthenticationChallenge&);
+
protected:
NetworkSession(PAL::SessionID);
Modified: trunk/Source/WebKit/NetworkProcess/PreconnectTask.cpp (222666 => 222667)
--- trunk/Source/WebKit/NetworkProcess/PreconnectTask.cpp 2017-09-29 21:35:59 UTC (rev 222666)
+++ trunk/Source/WebKit/NetworkProcess/PreconnectTask.cpp 2017-09-29 22:08:33 UTC (rev 222667)
@@ -77,13 +77,6 @@
void PreconnectTask::didReceiveChallenge(const WebCore::AuthenticationChallenge& challenge, ChallengeCompletionHandler&& completionHandler)
{
- if (challenge.protectionSpace().authenticationScheme() == ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
- if (m_task && m_task->allowsSpecificHTTPSCertificateForHost(challenge))
- completionHandler(AuthenticationChallengeDisposition::UseCredential, serverTrustCredential(challenge));
- else
- completionHandler(AuthenticationChallengeDisposition::RejectProtectionSpace, { });
- return;
- }
ASSERT_NOT_REACHED();
}
Modified: trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h (222666 => 222667)
--- trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h 2017-09-29 21:35:59 UTC (rev 222666)
+++ trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h 2017-09-29 22:08:33 UTC (rev 222667)
@@ -67,8 +67,6 @@
void setPendingDownloadLocation(const String&, const SandboxExtension::Handle&, bool /*allowOverwrite*/) override;
String suggestedFilename() const override;
- bool allowsSpecificHTTPSCertificateForHost(const WebCore::AuthenticationChallenge&) override;
-
WebCore::NetworkLoadMetrics& networkLoadMetrics() { return m_networkLoadMetrics; }
private:
Modified: trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm (222666 => 222667)
--- trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm 2017-09-29 21:35:59 UTC (rev 222666)
+++ trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm 2017-09-29 22:08:33 UTC (rev 222667)
@@ -173,13 +173,6 @@
void NetworkDataTaskCocoa::didReceiveChallenge(const WebCore::AuthenticationChallenge& challenge, ChallengeCompletionHandler&& completionHandler)
{
- // Proxy authentication is handled by CFNetwork internally. We can get here if the user cancels
- // CFNetwork authentication dialog, and we shouldn't ask the client to display another one in that case.
- if (challenge.protectionSpace().isProxy()) {
- completionHandler(AuthenticationChallengeDisposition::UseCredential, { });
- return;
- }
-
if (tryPasswordBasedAuthentication(challenge, completionHandler))
return;
@@ -320,53 +313,6 @@
download.setSandboxExtension(WTFMove(m_sandboxExtension));
}
-#if !USE(CFURLCONNECTION)
-static bool certificatesMatch(SecTrustRef trust1, SecTrustRef trust2)
-{
- if (!trust1 || !trust2)
- return false;
-
- CFIndex count1 = SecTrustGetCertificateCount(trust1);
- CFIndex count2 = SecTrustGetCertificateCount(trust2);
- if (count1 != count2)
- return false;
-
- for (CFIndex i = 0; i < count1; i++) {
- auto cert1 = SecTrustGetCertificateAtIndex(trust1, i);
- auto cert2 = SecTrustGetCertificateAtIndex(trust2, i);
- RELEASE_ASSERT(cert1);
- RELEASE_ASSERT(cert2);
- if (!CFEqual(cert1, cert2))
- return false;
- }
-
- return true;
-}
-#endif
-
-bool NetworkDataTaskCocoa::allowsSpecificHTTPSCertificateForHost(const WebCore::AuthenticationChallenge& challenge)
-{
- const String& host = challenge.protectionSpace().host();
- NSArray *certificates = [NSURLRequest allowsSpecificHTTPSCertificateForHost:host];
- if (!certificates)
- return false;
-
- bool requireServerCertificates = challenge.protectionSpace().authenticationScheme() == WebCore::ProtectionSpaceAuthenticationScheme::ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested;
- RetainPtr<SecPolicyRef> policy = adoptCF(SecPolicyCreateSSL(requireServerCertificates, host.createCFString().get()));
-
- SecTrustRef trustRef = nullptr;
- if (SecTrustCreateWithCertificates((CFArrayRef)certificates, policy.get(), &trustRef) != noErr)
- return false;
- RetainPtr<SecTrustRef> trust = adoptCF(trustRef);
-
-#if USE(CFURLCONNECTION)
- notImplemented();
- return false;
-#else
- return certificatesMatch(trust.get(), challenge.nsURLAuthenticationChallenge().protectionSpace.serverTrust);
-#endif
-}
-
String NetworkDataTaskCocoa::suggestedFilename() const
{
if (!m_suggestedFilename.isEmpty())
Modified: trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h (222666 => 222667)
--- trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h 2017-09-29 21:35:59 UTC (rev 222666)
+++ trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h 2017-09-29 22:08:33 UTC (rev 222667)
@@ -63,6 +63,8 @@
DownloadID downloadID(NetworkDataTaskCocoa::TaskIdentifier);
DownloadID takeDownloadID(NetworkDataTaskCocoa::TaskIdentifier);
+ static bool allowsSpecificHTTPSCertificateForHost(const WebCore::AuthenticationChallenge&);
+
private:
NetworkSessionCocoa(PAL::SessionID, LegacyCustomProtocolManager*);
Modified: trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm (222666 => 222667)
--- trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2017-09-29 21:35:59 UTC (rev 222666)
+++ trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2017-09-29 22:08:33 UTC (rev 222667)
@@ -222,6 +222,22 @@
auto taskIdentifier = task.taskIdentifier;
LOG(NetworkSession, "%llu didReceiveChallenge", taskIdentifier);
+ // Proxy authentication is handled by CFNetwork internally. We can get here if the user cancels
+ // CFNetwork authentication dialog, and we shouldn't ask the client to display another one in that case.
+ if (challenge.protectionSpace.isProxy) {
+ completionHandler(NSURLSessionAuthChallengeUseCredential, nil);
+ return;
+ }
+
+ // Handle server trust evaluation at platform-level if requested, for performance reasons.
+ if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust] && !NetworkProcess::singleton().canHandleHTTPSServerTrustEvaluation()) {
+ if (NetworkSessionCocoa::allowsSpecificHTTPSCertificateForHost(challenge))
+ completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
+ else
+ completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace, nil);
+ return;
+ }
+
if (auto* networkDataTask = [self existingTask:task]) {
WebCore::AuthenticationChallenge authenticationChallenge(challenge);
auto completionHandlerCopy = Block_copy(completionHandler);
@@ -665,6 +681,46 @@
return downloadID;
}
+static bool certificatesMatch(SecTrustRef trust1, SecTrustRef trust2)
+{
+ if (!trust1 || !trust2)
+ return false;
+
+ CFIndex count1 = SecTrustGetCertificateCount(trust1);
+ CFIndex count2 = SecTrustGetCertificateCount(trust2);
+ if (count1 != count2)
+ return false;
+
+ for (CFIndex i = 0; i < count1; i++) {
+ auto cert1 = SecTrustGetCertificateAtIndex(trust1, i);
+ auto cert2 = SecTrustGetCertificateAtIndex(trust2, i);
+ RELEASE_ASSERT(cert1);
+ RELEASE_ASSERT(cert2);
+ if (!CFEqual(cert1, cert2))
+ return false;
+ }
+
+ return true;
}
+bool NetworkSessionCocoa::allowsSpecificHTTPSCertificateForHost(const WebCore::AuthenticationChallenge& challenge)
+{
+ const String& host = challenge.protectionSpace().host();
+ NSArray *certificates = [NSURLRequest allowsSpecificHTTPSCertificateForHost:host];
+ if (!certificates)
+ return false;
+
+ bool requireServerCertificates = challenge.protectionSpace().authenticationScheme() == WebCore::ProtectionSpaceAuthenticationScheme::ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested;
+ RetainPtr<SecPolicyRef> policy = adoptCF(SecPolicyCreateSSL(requireServerCertificates, host.createCFString().get()));
+
+ SecTrustRef trustRef = nullptr;
+ if (SecTrustCreateWithCertificates((CFArrayRef)certificates, policy.get(), &trustRef) != noErr)
+ return false;
+ RetainPtr<SecTrustRef> trust = adoptCF(trustRef);
+
+ return certificatesMatch(trust.get(), challenge.nsURLAuthenticationChallenge().protectionSpace.serverTrust);
+}
+
+}
+
#endif
