Credential core(CFURLCredentialRef cfCredential) { if (!cfCredential) return Credential(); CredentialPersistence persistence = CredentialPersistenceNone; switch (CFURLCredentialGetPersistence(cfCredential)) { case kCFURLCredentialPersistenceNone: break; case kCFURLCredentialPersistenceForSession: persistence = CredentialPersistenceForSession; break; case kCFURLCredentialPersistencePermanent: persistence = CredentialPersistencePermanent; break; default: ASSERT_NOT_REACHED(); } #if CERTIFICATE_CREDENTIALS_SUPPORTED SecIdentityRef identity = CFURLCredentialGetCertificateIdentity(cfCredential); if (identity) return Credential(identity, CFURLCredentialGetCertificateArray(cfCredential), persistence); #endif RetainPtr<CFStringRef> password(AdoptCF, CFURLCredentialCopyPassword(cfCredential)); return Credential(CFURLCredentialGetUsername(cfCredential), password.get(), persistence); }
CredentialTransformData::CredentialTransformData(HTMLFormElement* form) : m_userNameElement(0) , m_passwordElement(0) , m_isValid(false) { ASSERT(form); // Get the document URL KURL fullOrigin(ParsedURLString, form->document()->documentURI()); // Calculate the canonical action URL String action = form->action(); if (action.isNull()) action = ""; // missing 'action' attribute implies current URL KURL fullAction = form->document()->completeURL(action); if (!fullAction.isValid()) return; if (!findPasswordFormFields(form)) return; m_url = stripURL(fullOrigin); m_action = stripURL(fullAction); m_protectionSpace = ProtectionSpace(m_url.host(), m_url.port(), ProtectionSpaceServerHTTP, "Form", ProtectionSpaceAuthenticationSchemeHTMLForm); m_credential = Credential(m_userNameElement->value(), m_passwordElement->value(), CredentialPersistencePermanent); m_isValid = true; }
Credential CredentialStorage::get(const KURL& url) { PathToDefaultProtectionSpaceMap::iterator iter = findDefaultProtectionSpaceForURL(url); if (iter == pathToDefaultProtectionSpaceMap().end()) return Credential(); return protectionSpaceToCredentialMap().get(iter->value); }
Credential CredentialBackingStore::getLogin(const ProtectionSpace& protectionSpace) { UNUSED_PARAM(protectionSpace); notImplemented(); return Credential(); }
bool ResourceHandle::tryHandlePasswordBasedAuthentication(const AuthenticationChallenge& challenge) { if (!challenge.protectionSpace().isPasswordBased()) return false; if (!d->m_user.isNull() && !d->m_pass.isNull()) { RetainPtr<CFURLCredentialRef> cfCredential = adoptCF(CFURLCredentialCreate(kCFAllocatorDefault, d->m_user.createCFString().get(), d->m_pass.createCFString().get(), 0, kCFURLCredentialPersistenceNone)); #if PLATFORM(COCOA) Credential credential = Credential(cfCredential.get()); #else Credential credential = core(cfCredential.get()); #endif URL urlToStore; if (challenge.failureResponse().httpStatusCode() == 401) urlToStore = challenge.failureResponse().url(); d->m_context->storageSession().credentialStorage().set(credential, challenge.protectionSpace(), urlToStore); CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef()); d->m_user = String(); d->m_pass = String(); // FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly. return true; } if (!client() || client()->shouldUseCredentialStorage(this)) { if (!d->m_initialCredential.isEmpty() || challenge.previousFailureCount()) { // The stored credential wasn't accepted, stop using it. // There is a race condition here, since a different credential might have already been stored by another ResourceHandle, // but the observable effect should be very minor, if any. d->m_context->storageSession().credentialStorage().remove(challenge.protectionSpace()); } if (!challenge.previousFailureCount()) { Credential credential = d->m_context->storageSession().credentialStorage().get(challenge.protectionSpace()); if (!credential.isEmpty() && credential != d->m_initialCredential) { ASSERT(credential.persistence() == CredentialPersistenceNone); if (challenge.failureResponse().httpStatusCode() == 401) { // Store the credential back, possibly adding it as a default for this directory. d->m_context->storageSession().credentialStorage().set(credential, challenge.protectionSpace(), challenge.failureResponse().url()); } #if PLATFORM(COCOA) CFURLConnectionUseCredential(d->m_connection.get(), credential.cfCredential(), challenge.cfURLAuthChallengeRef()); #else RetainPtr<CFURLCredentialRef> cfCredential = adoptCF(createCF(credential)); CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef()); #endif return true; } } } return false; }
AuthenticationChallenge::AuthenticationChallenge(SoupSession* soupSession, SoupMessage* soupMessage, SoupAuth* soupAuth, bool retrying, AuthenticationClient* client) : AuthenticationChallengeBase(protectionSpaceFromSoupAuthAndMessage(soupAuth, soupMessage), Credential(), // proposedCredentials retrying ? 1 : 0, // previousFailureCount soupMessage, // failureResponse ResourceError::authenticationError(soupMessage)) , m_soupSession(soupSession) , m_soupMessage(soupMessage) , m_soupAuth(soupAuth) , m_authenticationClient(client) { }
Credential core(CFURLCredentialRef cfCredential) { if (!cfCredential) return Credential(); CredentialPersistence persistence = CredentialPersistenceNone; switch (CFURLCredentialGetPersistence(cfCredential)) { case kCFURLCredentialPersistenceNone: break; case kCFURLCredentialPersistenceForSession: persistence = CredentialPersistenceForSession; break; case kCFURLCredentialPersistencePermanent: persistence = CredentialPersistencePermanent; break; default: ASSERT_NOT_REACHED(); } return Credential(CFURLCredentialGetUsername(cfCredential), CFURLCredentialCopyPassword(cfCredential), persistence); }
bool ArgumentCoder<Credential>::decode(ArgumentDecoder& decoder, Credential& credential) { String user; if (!decoder.decode(user)) return false; String password; if (!decoder.decode(password)) return false; CredentialPersistence persistence; if (!decoder.decodeEnum(persistence)) return false; credential = Credential(user, password, persistence); return true; }
void AuthenticationManager::cancelSingleChallenge(uint64_t challengeID) { auto challenge = m_challenges.take(challengeID); ASSERT(!challenge.challenge.isNull()); AuthenticationClient* coreClient = challenge.challenge.authenticationClient(); #if USE(NETWORK_SESSION) if (challenge.completionHandler) { ASSERT(!coreClient); challenge.completionHandler(AuthenticationChallengeDisposition::Cancel, Credential()); return; } #endif if (coreClient) coreClient->receivedCancellation(challenge.challenge); else receivedCancellation(challenge.challenge); }
void ResourceHandle::createCFURLConnection(bool shouldUseCredentialStorage, bool shouldContentSniff, CFDictionaryRef clientProperties) { if ((!d->m_user.isEmpty() || !d->m_pass.isEmpty()) && !firstRequest().url().protocolInHTTPFamily()) { // Credentials for ftp can only be passed in URL, the didReceiveAuthenticationChallenge delegate call won't be made. KURL urlWithCredentials(firstRequest().url()); urlWithCredentials.setUser(d->m_user); urlWithCredentials.setPass(d->m_pass); firstRequest().setURL(urlWithCredentials); } // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, // try and reuse the credential preemptively, as allowed by RFC 2617. if (shouldUseCredentialStorage && firstRequest().url().protocolInHTTPFamily()) { if (d->m_user.isEmpty() && d->m_pass.isEmpty()) { // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, // try and reuse the credential preemptively, as allowed by RFC 2617. d->m_initialCredential = CredentialStorage::get(firstRequest().url()); } else { // If there is already a protection space known for the URL, update stored credentials before sending a request. // This makes it possible to implement logout by sending an XMLHttpRequest with known incorrect credentials, and aborting it immediately // (so that an authentication dialog doesn't pop up). CredentialStorage::set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url()); } } if (!d->m_initialCredential.isEmpty()) { // FIXME: Support Digest authentication, and Proxy-Authorization. applyBasicAuthorizationHeader(firstRequest(), d->m_initialCredential); } RetainPtr<CFURLRequestRef> request(AdoptCF, makeFinalRequest(firstRequest(), shouldContentSniff)); #if HAVE(CFNETWORK_DATA_ARRAY_CALLBACK) && USE(PROTECTION_SPACE_AUTH_CALLBACK) CFURLConnectionClient_V6 client = { 6, this, 0, 0, 0, WebCore::willSendRequest, didReceiveResponse, didReceiveData, 0, didFinishLoading, didFail, willCacheResponse, didReceiveChallenge, didSendBodyData, shouldUseCredentialStorageCallback, 0, canRespondToProtectionSpace, 0, didReceiveDataArray}; #else CFURLConnectionClient_V3 client = { 3, this, 0, 0, 0, WebCore::willSendRequest, didReceiveResponse, didReceiveData, 0, didFinishLoading, didFail, willCacheResponse, didReceiveChallenge, didSendBodyData, shouldUseCredentialStorageCallback, 0}; #endif RetainPtr<CFDictionaryRef> connectionProperties(AdoptCF, createConnectionProperties(shouldUseCredentialStorage, clientProperties)); CFURLRequestSetShouldStartSynchronously(request.get(), 1); d->m_connection.adoptCF(CFURLConnectionCreateWithProperties(0, request.get(), reinterpret_cast<CFURLConnectionClient*>(&client), connectionProperties.get())); }
void AuthenticationManager::cancelSingleChallenge(uint64_t challengeID) { auto challenge = m_challenges.take(challengeID); ASSERT(!challenge.challenge.isNull()); AuthenticationClient* coreClient = challenge.challenge.authenticationClient(); #if USE(NETWORK_SESSION) if (challenge.completionHandler) { ASSERT(!coreClient); challenge.completionHandler(AuthenticationChallengeDisposition::Cancel, Credential()); return; } #else if (!coreClient) { // FIXME: The authentication client is null for downloads, but it can also be null for canceled loads. // We should not call Download::receivedCredential in the latter case. Download::receivedCancellation(challenge.challenge); return; } #endif ASSERT(coreClient); coreClient->receivedCancellation(challenge.challenge); }
void AuthenticationManager::performDefaultHandlingForSingleChallenge(uint64_t challengeID) { auto challenge = m_challenges.take(challengeID); ASSERT(!challenge.challenge.isNull()); AuthenticationClient* coreClient = challenge.challenge.authenticationClient(); #if USE(NETWORK_SESSION) if (challenge.completionHandler) { ASSERT(!coreClient); challenge.completionHandler(AuthenticationChallengeDisposition::PerformDefaultHandling, Credential()); return; } #endif if (coreClient) coreClient->receivedRequestToPerformDefaultHandling(challenge.challenge); else receivedRequestToPerformDefaultHandling(challenge.challenge); }
void ResourceHandle::createCFURLConnection(bool shouldUseCredentialStorage, bool shouldContentSniff, SchedulingBehavior schedulingBehavior, CFDictionaryRef clientProperties) { if ((!d->m_user.isEmpty() || !d->m_pass.isEmpty()) && !firstRequest().url().protocolIsInHTTPFamily()) { // Credentials for ftp can only be passed in URL, the didReceiveAuthenticationChallenge delegate call won't be made. URL urlWithCredentials(firstRequest().url()); urlWithCredentials.setUser(d->m_user); urlWithCredentials.setPass(d->m_pass); firstRequest().setURL(urlWithCredentials); } // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, // try and reuse the credential preemptively, as allowed by RFC 2617. if (shouldUseCredentialStorage && firstRequest().url().protocolIsInHTTPFamily()) { if (d->m_user.isEmpty() && d->m_pass.isEmpty()) { // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, // try and reuse the credential preemptively, as allowed by RFC 2617. d->m_initialCredential = CredentialStorage::get(firstRequest().url()); } else { // If there is already a protection space known for the URL, update stored credentials before sending a request. // This makes it possible to implement logout by sending an XMLHttpRequest with known incorrect credentials, and aborting it immediately // (so that an authentication dialog doesn't pop up). CredentialStorage::set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url()); } } if (!d->m_initialCredential.isEmpty()) { // FIXME: Support Digest authentication, and Proxy-Authorization. applyBasicAuthorizationHeader(firstRequest(), d->m_initialCredential); } RetainPtr<CFMutableURLRequestRef> request = adoptCF(CFURLRequestCreateMutableCopy(kCFAllocatorDefault, firstRequest().cfURLRequest(UpdateHTTPBody))); wkSetRequestStorageSession(d->m_storageSession.get(), request.get()); if (!shouldContentSniff) wkSetCFURLRequestShouldContentSniff(request.get(), false); RetainPtr<CFMutableDictionaryRef> sslProps; #if PLATFORM(IOS) sslProps = adoptCF(ResourceHandle::createSSLPropertiesFromNSURLRequest(firstRequest())); #else if (allowsAnyHTTPSCertificateHosts().contains(firstRequest().url().host().lower())) { sslProps = adoptCF(CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks)); CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsAnyRoot, kCFBooleanTrue); CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsExpiredRoots, kCFBooleanTrue); CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsExpiredCertificates, kCFBooleanTrue); CFDictionaryAddValue(sslProps.get(), kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse); } HashMap<String, RetainPtr<CFDataRef>>::iterator clientCert = clientCerts().find(firstRequest().url().host().lower()); if (clientCert != clientCerts().end()) { if (!sslProps) sslProps = adoptCF(CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks)); #if PLATFORM(WIN) wkSetClientCertificateInSSLProperties(sslProps.get(), (clientCert->value).get()); #endif } #endif // PLATFORM(IOS) if (sslProps) CFURLRequestSetSSLProperties(request.get(), sslProps.get()); #if PLATFORM(WIN) if (CFHTTPCookieStorageRef cookieStorage = overridenCookieStorage()) { // Overridden cookie storage doesn't come from a session, so the request does not have it yet. CFURLRequestSetHTTPCookieStorage(request.get(), cookieStorage); } #endif CFMutableDictionaryRef streamProperties = CFDictionaryCreateMutable(0, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); if (!shouldUseCredentialStorage) { // Avoid using existing connections, because they may be already authenticated. CFDictionarySetValue(streamProperties, CFSTR("_kCFURLConnectionSessionID"), CFSTR("WebKitPrivateSession")); } if (schedulingBehavior == SchedulingBehavior::Synchronous) { // Synchronous requests should not be subject to regular connection count limit to avoid deadlocks. // If we are using all available connections for async requests, and make a sync request, then prior // requests may get stuck waiting for delegate calls while we are in nested run loop, and the sync // request won't start because there are no available connections. // Connections are grouped by their socket stream properties, with each group having a separate count. CFDictionarySetValue(streamProperties, CFSTR("_WebKitSynchronousRequest"), kCFBooleanTrue); } #if PLATFORM(IOS) || (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1090) RetainPtr<CFDataRef> sourceApplicationAuditData = d->m_context->sourceApplicationAuditData(); if (sourceApplicationAuditData) CFDictionarySetValue(streamProperties, CFSTR("kCFStreamPropertySourceApplication"), sourceApplicationAuditData.get()); #endif static const CFStringRef kCFURLConnectionSocketStreamProperties = CFSTR("kCFURLConnectionSocketStreamProperties"); RetainPtr<CFMutableDictionaryRef> propertiesDictionary; if (clientProperties) propertiesDictionary = adoptCF(CFDictionaryCreateMutableCopy(kCFAllocatorDefault, 0, clientProperties)); else propertiesDictionary = adoptCF(CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks)); // FIXME: This code is different from iOS code in ResourceHandleMac.mm in that here we ignore stream properties that were present in client properties. CFDictionaryAddValue(propertiesDictionary.get(), kCFURLConnectionSocketStreamProperties, streamProperties); CFRelease(streamProperties); #if PLATFORM(COCOA) if (client() && client()->usesAsyncCallbacks()) d->m_connectionDelegate = adoptRef(new ResourceHandleCFURLConnectionDelegateWithOperationQueue(this)); else d->m_connectionDelegate = adoptRef(new SynchronousResourceHandleCFURLConnectionDelegate(this)); #else d->m_connectionDelegate = adoptRef(new SynchronousResourceHandleCFURLConnectionDelegate(this)); #endif d->m_connectionDelegate->setupRequest(request.get()); CFURLConnectionClient_V6 client = d->m_connectionDelegate->makeConnectionClient(); d->m_connection = adoptCF(CFURLConnectionCreateWithProperties(0, request.get(), reinterpret_cast<CFURLConnectionClient*>(&client), propertiesDictionary.get())); }
Credential CredentialTransformData::credential() const { if (m_credential.isEmpty() && m_userNameElement && m_passwordElement) return m_credential = Credential(m_userNameElement->value(), m_passwordElement->value(), CredentialPersistencePermanent); return m_credential; }
void ResourceHandle::createCFURLConnection(bool shouldUseCredentialStorage, bool shouldRelaxThirdPartyCookiePolicy, bool shouldContentSniff) { if ((!d->m_user.isEmpty() || !d->m_pass.isEmpty()) && !firstRequest().url().protocolIsInHTTPFamily()) { // Credentials for ftp can only be passed in URL, the didReceiveAuthenticationChallenge delegate call won't be made. KURL urlWithCredentials(firstRequest().url()); urlWithCredentials.setUser(d->m_user); urlWithCredentials.setPass(d->m_pass); firstRequest().setURL(urlWithCredentials); } if (shouldRelaxThirdPartyCookiePolicy) firstRequest().setFirstPartyForCookies(firstRequest().url()); // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, // try and reuse the credential preemptively, as allowed by RFC 2617. if (shouldUseCredentialStorage && firstRequest().url().protocolIsInHTTPFamily()) { if (d->m_user.isEmpty() && d->m_pass.isEmpty()) { // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, // try and reuse the credential preemptively, as allowed by RFC 2617. d->m_initialCredential = CredentialStorage::get(firstRequest().url()); } else { // If there is already a protection space known for the URL, update stored credentials before sending a request. // This makes it possible to implement logout by sending an XMLHttpRequest with known incorrect credentials, and aborting it immediately // (so that an authentication dialog doesn't pop up). CredentialStorage::set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url()); } } if (!d->m_initialCredential.isEmpty()) { // FIXME: Support Digest authentication, and Proxy-Authorization. applyBasicAuthorizationHeader(firstRequest(), d->m_initialCredential); } RetainPtr<CFMutableURLRequestRef> request = adoptCF(CFURLRequestCreateMutableCopy(kCFAllocatorDefault, firstRequest().cfURLRequest())); wkSetRequestStorageSession(d->m_storageSession.get(), request.get()); if (!shouldContentSniff) wkSetCFURLRequestShouldContentSniff(request.get(), false); RetainPtr<CFMutableDictionaryRef> sslProps; if (allowsAnyHTTPSCertificateHosts().contains(firstRequest().url().host().lower())) { sslProps.adoptCF(CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks)); CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsAnyRoot, kCFBooleanTrue); CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsExpiredRoots, kCFBooleanTrue); CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsExpiredCertificates, kCFBooleanTrue); CFDictionaryAddValue(sslProps.get(), kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse); } HashMap<String, RetainPtr<CFDataRef> >::iterator clientCert = clientCerts().find(firstRequest().url().host().lower()); if (clientCert != clientCerts().end()) { if (!sslProps) sslProps.adoptCF(CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks)); #if PLATFORM(WIN) wkSetClientCertificateInSSLProperties(sslProps.get(), (clientCert->value).get()); #endif } if (sslProps) CFURLRequestSetSSLProperties(request.get(), sslProps.get()); #if PLATFORM(WIN) if (CFHTTPCookieStorageRef cookieStorage = overridenCookieStorage()) { // Overridden cookie storage doesn't come from a session, so the request does not have it yet. CFURLRequestSetHTTPCookieStorage(request.get(), cookieStorage); } #endif CFURLConnectionClient_V6 client = { 6, this, 0, 0, 0, WebCore::willSendRequest, didReceiveResponse, didReceiveData, 0, didFinishLoading, didFail, willCacheResponse, didReceiveChallenge, didSendBodyData, shouldUseCredentialStorageCallback, 0, #if USE(PROTECTION_SPACE_AUTH_CALLBACK) canRespondToProtectionSpace, #else 0, #endif 0, #if USE(NETWORK_CFDATA_ARRAY_CALLBACK) didReceiveDataArray #else 0 #endif }; RetainPtr<CFDictionaryRef> connectionProperties(AdoptCF, createConnectionProperties(shouldUseCredentialStorage)); d->m_connection.adoptCF(CFURLConnectionCreateWithProperties(0, request.get(), reinterpret_cast<CFURLConnectionClient*>(&client), connectionProperties.get())); }
void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge) { LOG(Network, "CFNet - didReceiveAuthenticationChallenge()"); ASSERT(d->m_currentWebChallenge.isNull()); // Since CFURLConnection networking relies on keeping a reference to the original CFURLAuthChallengeRef, // we make sure that is actually present ASSERT(challenge.cfURLAuthChallengeRef()); ASSERT(challenge.authenticationClient() == this); // Should be already set. #if !PLATFORM(WIN) // Proxy authentication is handled by CFNetwork internally. We can get here if the user cancels // CFNetwork authentication dialog, and we shouldn't ask the client to display another one in that case. if (challenge.protectionSpace().isProxy()) { // Cannot use receivedRequestToContinueWithoutCredential(), because current challenge is not yet set. CFURLConnectionUseCredential(d->m_connection.get(), 0, challenge.cfURLAuthChallengeRef()); return; } #endif if (!d->m_user.isNull() && !d->m_pass.isNull()) { RetainPtr<CFURLCredentialRef> cfCredential = adoptCF(CFURLCredentialCreate(kCFAllocatorDefault, d->m_user.createCFString().get(), d->m_pass.createCFString().get(), 0, kCFURLCredentialPersistenceNone)); #if PLATFORM(COCOA) Credential credential = Credential(cfCredential.get()); #else Credential credential = core(cfCredential.get()); #endif URL urlToStore; if (challenge.failureResponse().httpStatusCode() == 401) urlToStore = challenge.failureResponse().url(); CredentialStorage::set(credential, challenge.protectionSpace(), urlToStore); CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef()); d->m_user = String(); d->m_pass = String(); // FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly. return; } if (!client() || client()->shouldUseCredentialStorage(this)) { if (!d->m_initialCredential.isEmpty() || challenge.previousFailureCount()) { // The stored credential wasn't accepted, stop using it. // There is a race condition here, since a different credential might have already been stored by another ResourceHandle, // but the observable effect should be very minor, if any. CredentialStorage::remove(challenge.protectionSpace()); } if (!challenge.previousFailureCount()) { Credential credential = CredentialStorage::get(challenge.protectionSpace()); if (!credential.isEmpty() && credential != d->m_initialCredential) { ASSERT(credential.persistence() == CredentialPersistenceNone); if (challenge.failureResponse().httpStatusCode() == 401) { // Store the credential back, possibly adding it as a default for this directory. CredentialStorage::set(credential, challenge.protectionSpace(), challenge.failureResponse().url()); } #if PLATFORM(COCOA) CFURLConnectionUseCredential(d->m_connection.get(), credential.cfCredential(), challenge.cfURLAuthChallengeRef()); #else RetainPtr<CFURLCredentialRef> cfCredential = adoptCF(createCF(credential)); CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef()); #endif return; } } } d->m_currentWebChallenge = challenge; if (client()) client()->didReceiveAuthenticationChallenge(this, d->m_currentWebChallenge); }
void NetworkStorageSession::getCredentialFromPersistentStorage(const ProtectionSpace& protectionSpace, Function<void (Credential&&)> completionHandler) { #if USE(LIBSECRET) if (m_sessionID.isEphemeral()) { completionHandler({ }); return; } const String& realm = protectionSpace.realm(); if (realm.isEmpty()) { completionHandler({ }); return; } GRefPtr<GHashTable> attributes = adoptGRef(secret_attributes_build(SECRET_SCHEMA_COMPAT_NETWORK, "domain", realm.utf8().data(), "server", protectionSpace.host().utf8().data(), "port", protectionSpace.port(), "protocol", schemeFromProtectionSpaceServerType(protectionSpace.serverType()), "authtype", authTypeFromProtectionSpaceAuthenticationScheme(protectionSpace.authenticationScheme()), nullptr)); if (!attributes) { completionHandler({ }); return; } m_persisentStorageCancellable = adoptGRef(g_cancellable_new()); m_persisentStorageCompletionHandler = WTFMove(completionHandler); secret_service_search(nullptr, SECRET_SCHEMA_COMPAT_NETWORK, attributes.get(), static_cast<SecretSearchFlags>(SECRET_SEARCH_UNLOCK | SECRET_SEARCH_LOAD_SECRETS), m_persisentStorageCancellable.get(), [](GObject* source, GAsyncResult* result, gpointer userData) { GUniqueOutPtr<GError> error; GUniquePtr<GList> elements(secret_service_search_finish(SECRET_SERVICE(source), result, &error.outPtr())); if (g_error_matches (error.get(), G_IO_ERROR, G_IO_ERROR_CANCELLED)) return; NetworkStorageSession* session = static_cast<NetworkStorageSession*>(userData); auto completionHandler = std::exchange(session->m_persisentStorageCompletionHandler, nullptr); if (error || !elements || !elements->data) { completionHandler({ }); return; } GRefPtr<SecretItem> secretItem = adoptGRef(static_cast<SecretItem*>(elements->data)); GRefPtr<GHashTable> attributes = adoptGRef(secret_item_get_attributes(secretItem.get())); String user = String::fromUTF8(static_cast<const char*>(g_hash_table_lookup(attributes.get(), "user"))); if (user.isEmpty()) { completionHandler({ }); return; } size_t length; GRefPtr<SecretValue> secretValue = adoptGRef(secret_item_get_secret(secretItem.get())); const char* passwordData = secret_value_get(secretValue.get(), &length); completionHandler(Credential(user, String::fromUTF8(passwordData, length), CredentialPersistencePermanent)); }, this); #else UNUSED_PARAM(protectionSpace); completionHandler({ }); #endif }