void NetworkStorageSession::saveCredentialToPersistentStorage(const ProtectionSpace& protectionSpace, const Credential& credential)
{
#if USE(LIBSECRET)
if (m_sessionID.isEphemeral())
return;
if (credential.isEmpty())
return;
const String& realm = protectionSpace.realm();
if (realm.isEmpty())
return;
GRefPtr<GHashTable> attributes = adoptGRef(secret_attributes_build(SECRET_SCHEMA_COMPAT_NETWORK,
"domain", realm.utf8().data(),
"server", protectionSpace.host().utf8().data(),
"port", protectionSpace.port(),
"protocol", schemeFromProtectionSpaceServerType(protectionSpace.serverType()),
"authtype", authTypeFromProtectionSpaceAuthenticationScheme(protectionSpace.authenticationScheme()),
nullptr));
if (!attributes)
return;
g_hash_table_insert(attributes.get(), g_strdup("user"), g_strdup(credential.user().utf8().data()));
CString utf8Password = credential.password().utf8();
GRefPtr<SecretValue> newSecretValue = adoptGRef(secret_value_new(utf8Password.data(), utf8Password.length(), "text/plain"));
secret_service_store(nullptr, SECRET_SCHEMA_COMPAT_NETWORK, attributes.get(), SECRET_COLLECTION_DEFAULT, _("WebKitGTK+ password"),
newSecretValue.get(), nullptr, nullptr, nullptr);
#else
UNUSED_PARAM(protectionSpace);
UNUSED_PARAM(credential);
#endif
}
bool CredentialSet::VerifyInternally() const
{
if (!m_MasterCredential) {
otOut << __FUNCTION__
<< ": This credential set does not have a master credential.\n";
return false;
}
// Check for a valid master credential, including whether or not the NymID
// and MasterID in the CredentialSet match the master credentials's versions.
if (!(m_MasterCredential->Validate())) {
otOut << __FUNCTION__
<< ": Master Credential failed to verify: " << GetMasterCredID()
<< "\nNymID: " << GetNymID() << "\n";
return false;
}
// Check each child credential for validity.
for (const auto& it : m_mapCredentials) {
std::string str_sub_id = it.first;
Credential* pSub = it.second;
OT_ASSERT(nullptr != pSub);
if (!pSub->Validate()) {
otOut << __FUNCTION__
<< ": Child credential failed to verify: " << str_sub_id
<< "\nNymID: " << GetNymID() << "\n";
return false;
}
}
return true;
}
CFURLCredentialRef createCF(const Credential& coreCredential)
{
CFURLCredentialPersistence persistence = kCFURLCredentialPersistenceNone;
switch (coreCredential.persistence()) {
case CredentialPersistenceNone:
break;
case CredentialPersistenceForSession:
persistence = kCFURLCredentialPersistenceForSession;
break;
case CredentialPersistencePermanent:
persistence = kCFURLCredentialPersistencePermanent;
break;
default:
ASSERT_NOT_REACHED();
}
#if CERTIFICATE_CREDENTIALS_SUPPORTED
if (coreCredential.type() == CredentialTypeClientCertificate)
return CFURLCredentialCreateWithIdentityAndCertificateArray(kCFAllocatorDefault, coreCredential.identity(), coreCredential.certificates(), persistence);
#endif
CFStringRef user = coreCredential.user().createCFString();
CFStringRef password = coreCredential.password().createCFString();
CFURLCredentialRef result = CFURLCredentialCreate(0, user, password, 0, persistence);
CFRelease(user);
CFRelease(password);
return result;
}
void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge, const Credential& credential)
{
LOG(Network, "CFNet - receivedCredential()");
ASSERT(!challenge.isNull());
ASSERT(challenge.cfURLAuthChallengeRef());
if (challenge != d->m_currentWebChallenge)
return;
// FIXME: Support empty credentials. Currently, an empty credential cannot be stored in WebCore credential storage, as that's empty value for its map.
if (credential.isEmpty()) {
receivedRequestToContinueWithoutCredential(challenge);
return;
}
if (credential.persistence() == CredentialPersistenceForSession) {
// Manage per-session credentials internally, because once NSURLCredentialPersistencePerSession is used, there is no way
// to ignore it for a particular request (short of removing it altogether).
Credential webCredential(credential.user(), credential.password(), CredentialPersistenceNone);
RetainPtr<CFURLCredentialRef> cfCredential = adoptCF(createCF(webCredential));
URL urlToStore;
if (challenge.failureResponse().httpStatusCode() == 401)
urlToStore = challenge.failureResponse().url();
CredentialStorage::set(webCredential, challenge.protectionSpace(), urlToStore);
CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef());
} else {
RetainPtr<CFURLCredentialRef> cfCredential = adoptCF(createCF(credential));
CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef());
}
clearAuthentication();
}
// Bad password should return an authentication failure.
TEST(SASL, failed1)
{
// Set up secrets.
map<string, string> secrets;
secrets["benh"] = "secret1";
sasl::secrets::load(secrets);
// Launch a dummy process (somebody to send the AuthenticateMessage).
UPID pid = spawn(new ProcessBase(), true);
Credential credential;
credential.set_principal("benh");
credential.set_secret("secret");
Authenticatee authenticatee(credential, UPID());
Future<Message> message =
FUTURE_MESSAGE(Eq(AuthenticateMessage().GetTypeName()), _, _);
Future<bool> client = authenticatee.authenticate(pid);
AWAIT_READY(message);
Authenticator authenticator(message.get().from);
Future<bool> server = authenticator.authenticate();
AWAIT_EQ(false, client);
AWAIT_EQ(false, server);
terminate(pid);
}
OCStackResult OCSecureResource::provisionPairwiseDevices(const Credential &cred,
const OicSecAcl_t* acl1, const OCSecureResource &device2, const OicSecAcl_t* acl2,
ResultCallBack resultCallback)
{
if(!resultCallback)
{
oclog() << "Result calback can't be null";
return OC_STACK_INVALID_PARAM;
}
OCStackResult result;
auto cLock = m_csdkLock.lock();
if(cLock)
{
ProvisionContext* context = new ProvisionContext(resultCallback);
std::lock_guard<std::recursive_mutex> lock(*cLock);
result = OCProvisionPairwiseDevices(static_cast<void*>(context),
cred.getCredentialType(),
cred.getCredentialKeySize(),
devPtr, const_cast<OicSecAcl_t*>(acl1),
device2.getDevPtr(), const_cast<OicSecAcl_t*>(acl2),
&OCSecureResource::callbackWrapper);
}
else
{
oclog() <<"Mutex not found";
result = OC_STACK_ERROR;
}
return result;
}
// Testing route with bad credentials.
TEST_F(TeardownTest, BadCredentials)
{
Try<Owned<cluster::Master>> master = StartMaster();
ASSERT_SOME(master);
MockScheduler sched;
MesosSchedulerDriver driver(
&sched, DEFAULT_FRAMEWORK_INFO, master.get()->pid, DEFAULT_CREDENTIAL);
Future<FrameworkID> frameworkId;
EXPECT_CALL(sched, registered(&driver, _, _))
.WillOnce(FutureArg<1>(&frameworkId));
ASSERT_EQ(DRIVER_RUNNING, driver.start());
AWAIT_READY(frameworkId);
Credential badCredential;
badCredential.set_principal("badPrincipal");
badCredential.set_secret("badSecret");
Future<Response> response = process::http::post(
master.get()->pid,
"teardown",
createBasicAuthHeaders(badCredential),
"frameworkId=" + frameworkId.get().value());
AWAIT_READY(response);
AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
driver.stop();
driver.join();
}
void ResourceHandle::willSendRequest(ResourceRequest& request, const ResourceResponse& redirectResponse)
{
const KURL& url = request.url();
d->m_user = url.user();
d->m_pass = url.pass();
d->m_lastHTTPMethod = request.httpMethod();
request.removeCredentials();
if (!protocolHostAndPortAreEqual(request.url(), redirectResponse.url())) {
// If the network layer carries over authentication headers from the original request
// in a cross-origin redirect, we want to clear those headers here.
request.clearHTTPAuthorization();
} else {
// Only consider applying authentication credentials if this is actually a redirect and the redirect
// URL didn't include credentials of its own.
if (d->m_user.isEmpty() && d->m_pass.isEmpty() && !redirectResponse.isNull()) {
Credential credential = CredentialStorage::get(request.url());
if (!credential.isEmpty()) {
d->m_initialCredential = credential;
// FIXME: Support Digest authentication, and Proxy-Authorization.
applyBasicAuthorizationHeader(request, d->m_initialCredential);
}
}
}
#if USE(CFURLSTORAGESESSIONS)
request.setStorageSession(ResourceHandle::currentStorageSession());
#endif
client()->willSendRequest(this, request, redirectResponse);
}
void MediaPlayerPrivate::notifyChallengeResult(const KURL& url, const ProtectionSpace& protectionSpace, AuthenticationChallengeResult result, const Credential& credential)
{
if (result != AuthenticationChallengeSuccess || !url.isValid())
return;
m_platformPlayer->reloadWithCredential(credential.user().utf8(true).data(),
credential.password().utf8(true).data(),
static_cast<MMRAuthChallenge::CredentialPersistence>(credential.persistence()));
}
void CredentialTransformData::setCredential(const Credential& credential)
{
if (!m_isValid)
return;
m_credential = credential;
m_userNameElement->setValue(credential.user());
m_passwordElement->setValue(credential.password());
}
inline process::http::Headers createBasicAuthHeaders(
const Credential& credential)
{
return process::http::Headers{{
"Authorization",
"Basic " +
base64::encode(credential.principal() + ":" + credential.secret())
}};
}
// Testing get without authentication and with bad credentials.
TEST_F(HealthTest, ObserveEndpointBadAuthentication)
{
// Set up a master with authentication required.
// Note that the default master test flags enable HTTP authentication.
Try<PID<Master>> master = StartMaster();
ASSERT_SOME(master);
// Headers for POSTs to maintenance endpoints without authentication.
process::http::Headers unauthenticatedHeaders;
unauthenticatedHeaders["Content-Type"] = "application/json";
// Bad credentials which should fail authentication.
Credential badCredential;
badCredential.set_principal("badPrincipal");
badCredential.set_secret("badSecret");
// Headers for POSTs to maintenance endpoints with bad authentication.
process::http::Headers badAuthenticationHeaders;
badAuthenticationHeaders = createBasicAuthHeaders(badCredential);
badAuthenticationHeaders["Content-Type"] = "application/json";
// Post to observe without authentication.
Future<Response> response = process::http::post(
master.get(),
"observe",
unauthenticatedHeaders,
"monitor=a&hosts=b&level=Ok");
AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
// Get request without authentication.
response = process::http::get(master.get(), "observe");
AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
// Post to observe with bad authentication.
response = process::http::post(
master.get(),
"observe",
badAuthenticationHeaders,
"monitor=a&hosts=b&level=Ok");
AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
// Get request with bad authentication.
response = process::http::get(
master.get(),
"observe",
None(),
createBasicAuthHeaders(badCredential));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
Shutdown();
}
void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
{
LOG(Network, "CFNet - didReceiveAuthenticationChallenge()");
ASSERT(d->m_currentWebChallenge.isNull());
// Since CFURLConnection networking relies on keeping a reference to the original CFURLAuthChallengeRef,
// we make sure that is actually present
ASSERT(challenge.cfURLAuthChallengeRef());
ASSERT(challenge.authenticationClient() == this); // Should be already set.
if (!d->m_user.isNull() && !d->m_pass.isNull()) {
RetainPtr<CFStringRef> user(AdoptCF, d->m_user.createCFString());
RetainPtr<CFStringRef> pass(AdoptCF, d->m_pass.createCFString());
RetainPtr<CFURLCredentialRef> credential(AdoptCF,
CFURLCredentialCreate(kCFAllocatorDefault, user.get(), pass.get(), 0, kCFURLCredentialPersistenceNone));
KURL urlToStore;
if (challenge.failureResponse().httpStatusCode() == 401)
urlToStore = firstRequest().url();
CredentialStorage::set(core(credential.get()), challenge.protectionSpace(), urlToStore);
CFURLConnectionUseCredential(d->m_connection.get(), credential.get(), challenge.cfURLAuthChallengeRef());
d->m_user = String();
d->m_pass = String();
// FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly.
return;
}
if (!client() || client()->shouldUseCredentialStorage(this)) {
if (!d->m_initialCredential.isEmpty() || challenge.previousFailureCount()) {
// The stored credential wasn't accepted, stop using it.
// There is a race condition here, since a different credential might have already been stored by another ResourceHandle,
// but the observable effect should be very minor, if any.
CredentialStorage::remove(challenge.protectionSpace());
}
if (!challenge.previousFailureCount()) {
Credential credential = CredentialStorage::get(challenge.protectionSpace());
if (!credential.isEmpty() && credential != d->m_initialCredential) {
ASSERT(credential.persistence() == CredentialPersistenceNone);
if (challenge.failureResponse().httpStatusCode() == 401) {
// Store the credential back, possibly adding it as a default for this directory.
CredentialStorage::set(credential, challenge.protectionSpace(), firstRequest().url());
}
RetainPtr<CFURLCredentialRef> cfCredential(AdoptCF, createCF(credential));
CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef());
return;
}
}
}
d->m_currentWebChallenge = challenge;
if (client())
client()->didReceiveAuthenticationChallenge(this, d->m_currentWebChallenge);
}
void MediaPlayerPrivate::onAuthenticationAccepted(const MMRAuthChallenge& authChallenge) const
{
KURL url(ParsedURLString, WTF::String(authChallenge.url().c_str()));
if (!url.isValid())
return;
ProtectionSpace protectionSpace = generateProtectionSpaceFromMMRAuthChallenge(authChallenge);
Credential savedCredential = CredentialStorage::get(protectionSpace);
if (savedCredential.isEmpty())
CredentialStorage::set(Credential(authChallenge.username().c_str(), authChallenge.password().c_str(), static_cast<CredentialPersistence>(authChallenge.persistence())), protectionSpace, url);
}
bool ResourceHandle::tryHandlePasswordBasedAuthentication(const AuthenticationChallenge& challenge)
{
if (!challenge.protectionSpace().isPasswordBased())
return false;
if (!d->m_user.isNull() && !d->m_pass.isNull()) {
RetainPtr<CFURLCredentialRef> cfCredential = adoptCF(CFURLCredentialCreate(kCFAllocatorDefault, d->m_user.createCFString().get(), d->m_pass.createCFString().get(), 0, kCFURLCredentialPersistenceNone));
#if PLATFORM(COCOA)
Credential credential = Credential(cfCredential.get());
#else
Credential credential = core(cfCredential.get());
#endif
URL urlToStore;
if (challenge.failureResponse().httpStatusCode() == 401)
urlToStore = challenge.failureResponse().url();
d->m_context->storageSession().credentialStorage().set(credential, challenge.protectionSpace(), urlToStore);
CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef());
d->m_user = String();
d->m_pass = String();
// FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly.
return true;
}
if (!client() || client()->shouldUseCredentialStorage(this)) {
if (!d->m_initialCredential.isEmpty() || challenge.previousFailureCount()) {
// The stored credential wasn't accepted, stop using it.
// There is a race condition here, since a different credential might have already been stored by another ResourceHandle,
// but the observable effect should be very minor, if any.
d->m_context->storageSession().credentialStorage().remove(challenge.protectionSpace());
}
if (!challenge.previousFailureCount()) {
Credential credential = d->m_context->storageSession().credentialStorage().get(challenge.protectionSpace());
if (!credential.isEmpty() && credential != d->m_initialCredential) {
ASSERT(credential.persistence() == CredentialPersistenceNone);
if (challenge.failureResponse().httpStatusCode() == 401) {
// Store the credential back, possibly adding it as a default for this directory.
d->m_context->storageSession().credentialStorage().set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
}
#if PLATFORM(COCOA)
CFURLConnectionUseCredential(d->m_connection.get(), credential.cfCredential(), challenge.cfURLAuthChallengeRef());
#else
RetainPtr<CFURLCredentialRef> cfCredential = adoptCF(createCF(credential));
CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef());
#endif
return true;
}
}
}
return false;
}
Credential::Credential(const Credential& original, CredentialPersistence persistence)
: m_user(original.user())
, m_password(original.password())
, m_persistence(persistence)
#if CERTIFICATE_CREDENTIALS_SUPPORTED
, m_identity(original.identity())
, m_certificates(original.certificates())
, m_type(original.type())
#endif
{
}
int main(int argc, char** argv)
{
if (argc != 2) {
cerr << "Usage: " << argv[0] << " <master>" << endl;
return -1;
}
DockerNoExecutorScheduler scheduler;
FrameworkInfo framework;
framework.set_user(""); // Have Mesos fill in the current user.
framework.set_name("Docker No Executor Framework (C++)");
framework.set_checkpoint(true);
MesosSchedulerDriver* driver;
if (os::getenv("MESOS_AUTHENTICATE_FRAMEWORKS").isSome()) {
cout << "Enabling authentication for the framework" << endl;
Option<string> value = os::getenv("DEFAULT_PRINCIPAL");
if (value.isNone()) {
EXIT(EXIT_FAILURE)
<< "Expecting authentication principal in the environment";
}
Credential credential;
credential.set_principal(value.get());
framework.set_principal(value.get());
value = os::getenv("DEFAULT_SECRET");
if (value.isNone()) {
EXIT(EXIT_FAILURE)
<< "Expecting authentication secret in the environment";
}
credential.set_secret(value.get());
driver = new MesosSchedulerDriver(
&scheduler, framework, argv[1], credential);
} else {
framework.set_principal("no-executor-framework-cpp");
driver = new MesosSchedulerDriver(
&scheduler, framework, argv[1]);
}
int status = driver->run() == DRIVER_STOPPED ? 0 : 1;
// Ensure that the driver process terminates.
driver->stop();
delete driver;
return status;
}
int main(int argc, char** argv)
{
if (argc != 2) {
cerr << "Usage: " << argv[0] << " <master>" << endl;
return -1;
}
NoExecutorScheduler scheduler;
FrameworkInfo framework;
framework.set_user(""); // Have Mesos fill in the current user.
framework.set_name("No Executor Framework (C++)");
// TODO(vinod): Make checkpointing the default when it is default
// on the slave.
if (os::hasenv("MESOS_CHECKPOINT")) {
cout << "Enabling checkpoint for the framework" << endl;
framework.set_checkpoint(true);
}
MesosSchedulerDriver* driver;
if (os::hasenv("MESOS_AUTHENTICATE")) {
cout << "Enabling authentication for the framework" << endl;
if (!os::hasenv("DEFAULT_PRINCIPAL")) {
EXIT(1) << "Expecting authentication principal in the environment";
}
if (!os::hasenv("DEFAULT_SECRET")) {
EXIT(1) << "Expecting authentication secret in the environment";
}
Credential credential;
credential.set_principal(getenv("DEFAULT_PRINCIPAL"));
credential.set_secret(getenv("DEFAULT_SECRET"));
driver = new MesosSchedulerDriver(
&scheduler, framework, argv[1], credential);
} else {
driver = new MesosSchedulerDriver(
&scheduler, framework, argv[1]);
}
int status = driver->run() == DRIVER_STOPPED ? 0 : 1;
// Ensure that the driver process terminates.
driver->stop();
delete driver;
return status;
}
bool PluginView::getAuthenticationInfo(const ProtectionSpace& protectionSpace, String& username, String& password)
{
Credential credential = CredentialStorage::get(protectionSpace);
if (credential.isEmpty())
credential = CredentialStorage::getFromPersistentStorage(protectionSpace);
if (!credential.hasPassword())
return false;
username = credential.user();
password = credential.password();
return true;
}
// This test verifies that a missing secret fails the authenticatee.
TYPED_TEST(CRAMMD5Authentication, AuthenticateeSecretMissing)
{
Credential credential;
credential.set_principal("benh");
Try<Authenticatee*> authenticatee = TypeParam::TypeAuthenticatee::create();
CHECK_SOME(authenticatee);
Future<bool> future =
authenticatee.get()->authenticate(UPID(), UPID(), credential);
AWAIT_EQ(false, future);
delete authenticatee.get();
}
static bool getStoredCONNECTProxyCredentials(const ProtectionSpace& protectionSpace, String& login, String& password)
{
// Try system credential storage first, matching HTTP behavior (CFNetwork only asks the client for password if it couldn't find it in Keychain).
Credential storedCredential = CredentialStorage::getFromPersistentStorage(protectionSpace);
if (storedCredential.isEmpty())
storedCredential = CredentialStorage::get(protectionSpace);
if (storedCredential.isEmpty())
return false;
login = storedCredential.user();
password = storedCredential.password();
return true;
}
void MediaPlayerPrivate::onAuthenticationNeeded(MMRAuthChallenge& authChallenge)
{
KURL url(ParsedURLString, String(authChallenge.url().c_str()));
if (!url.isValid())
return;
ProtectionSpace protectionSpace = generateProtectionSpaceFromMMRAuthChallenge(authChallenge);
Credential credential = CredentialStorage::get(protectionSpace);
if (!credential.isEmpty()) {
notifyChallengeResult(url, protectionSpace, AuthenticationChallengeSuccess, credential);
return;
}
if (frameView() && frameView()->hostWindow())
frameView()->hostWindow()->platformPageClient()->authenticationChallenge(url, protectionSpace, credential, this);
}
void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge, const Credential& credential)
{
ASSERT(!challenge.isNull());
if (challenge != d->m_currentWebChallenge)
return;
if (credential.isEmpty()) {
receivedRequestToContinueWithoutCredential(challenge);
return;
}
KURL urlToStore;
urlToStore = d->m_request.url();
CredentialStorage::set(credential, challenge.protectionSpace(), urlToStore);
clearAuthentication();
// Clone our ResourceHandle and add it so that it is send with the credential.
// FIXME: We should have a way of cloning an handle.
RefPtr<ResourceHandle> newHandle = ResourceHandle::create(request(), client(), 0, d->m_defersLoading, shouldContentSniff());
setClient(0); // Clear the client to avoid it being cleared by WebCore.
AuthenticationChallenge newAuthenticationChallenge(challenge.protectionSpace(), credential, challenge.previousFailureCount() + 1, challenge.failureResponse(), challenge.error());
// Store the new authentication challenge.
newHandle->getInternal()->m_currentWebChallenge = newAuthenticationChallenge;
d->m_cancelled = true;
}
void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
{
if (!d->m_user.isNull() && !d->m_pass.isNull()) {
Credential credential(d->m_user, d->m_pass, CredentialPersistenceNone);
URL urlToStore;
if (challenge.failureResponse().httpStatusCode() == 401)
urlToStore = challenge.failureResponse().url();
CredentialStorage::set(credential, challenge.protectionSpace(), urlToStore);
String userpass = credential.user() + ":" + credential.password();
curl_easy_setopt(d->m_handle, CURLOPT_USERPWD, userpass.utf8().data());
d->m_user = String();
d->m_pass = String();
// FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly.
return;
}
if (shouldUseCredentialStorage()) {
if (!d->m_initialCredential.isEmpty() || challenge.previousFailureCount()) {
// The stored credential wasn't accepted, stop using it.
// There is a race condition here, since a different credential might have already been stored by another ResourceHandle,
// but the observable effect should be very minor, if any.
CredentialStorage::remove(challenge.protectionSpace());
}
if (!challenge.previousFailureCount()) {
Credential credential = CredentialStorage::get(challenge.protectionSpace());
if (!credential.isEmpty() && credential != d->m_initialCredential) {
ASSERT(credential.persistence() == CredentialPersistenceNone);
if (challenge.failureResponse().httpStatusCode() == 401) {
// Store the credential back, possibly adding it as a default for this directory.
CredentialStorage::set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
}
String userpass = credential.user() + ":" + credential.password();
curl_easy_setopt(d->m_handle, CURLOPT_USERPWD, userpass.utf8().data());
return;
}
}
}
d->m_currentWebChallenge = challenge;
if (client())
client()->didReceiveAuthenticationChallenge(this, d->m_currentWebChallenge);
}
void MediaPlayerPrivate::onAuthenticationNeeded(MMRAuthChallenge& authChallenge)
{
KURL url(ParsedURLString, WTF::String(authChallenge.url().c_str()));
if (!url.isValid())
return;
ProtectionSpace protectionSpace = generateProtectionSpaceFromMMRAuthChallenge(authChallenge);
Credential credential = CredentialStorage::get(protectionSpace);
if (!credential.isEmpty()) {
notifyChallengeResult(url, protectionSpace, AuthenticationChallengeSuccess, credential);
return;
}
m_isAuthenticationChallenging = true;
AuthenticationChallengeManager::instance()->authenticationChallenge(url, protectionSpace, credential,
this, m_webCorePlayer->mediaPlayerClient()->mediaPlayerHostWindow()->platformPageClient());
}
CwGenericOutline(const Credential& _credential, khm_int32 _attr_id, int _column) :
credential(_credential),
attr_id(_attr_id),
CwOutline(_column) {
InsertChildAfter(el_text =
PNEW StaticTextElement(credential.GetAttribStringObj(attr_id)));
}
static void setAuthCredentials(NetworkRequest& platformRequest, const AuthenticationChallenge& challenge)
{
if (challenge.isNull())
return;
Credential credential = challenge.proposedCredential();
const ProtectionSpace& protectionSpace = challenge.protectionSpace();
String username = credential.user();
String password = credential.password();
NetworkRequest::AuthType authType;
NetworkRequest::AuthProtocol authProtocol;
NetworkRequest::AuthScheme authScheme;
protectionSpaceToPlatformAuth(protectionSpace, authType, authProtocol, authScheme);
if (authType != NetworkRequest::AuthTypeNone && authProtocol != NetworkRequest::AuthProtocolNone && authScheme != NetworkRequest::AuthSchemeNone)
platformRequest.setCredentials(authType, authProtocol, authScheme, username.utf8().data(), password.utf8().data());
}
bool MediaPlayerPrivate::onAuthenticationNeeded(MMRAuthChallenge& authChallenge)
{
KURL url(ParsedURLString, String(authChallenge.url().c_str()));
if (!url.isValid())
return false;
ProtectionSpace protectionSpace = generateProtectionSpaceFromMMRAuthChallenge(authChallenge);
Credential credential = CredentialStorage::get(protectionSpace);
bool isConfirmed = false;
if (credential.isEmpty()) {
if (frameView() && frameView()->hostWindow())
isConfirmed = frameView()->hostWindow()->platformPageClient()->authenticationChallenge(url, protectionSpace, credential);
} else
isConfirmed = true;
if (isConfirmed)
authChallenge.setCredential(credential.user().utf8().data(), credential.password().utf8().data(), static_cast<MMRAuthChallenge::CredentialPersistence>(credential.persistence()));
return isConfirmed;
}
void WebDownload::didReceiveAuthenticationChallenge(CFURLAuthChallengeRef challenge)
{
// Try previously stored credential first.
if (!CFURLAuthChallengeGetPreviousFailureCount(challenge)) {
Credential credential = CredentialStorage::get(core(CFURLAuthChallengeGetProtectionSpace(challenge)));
if (!credential.isEmpty()) {
RetainPtr<CFURLCredentialRef> cfCredential(AdoptCF, createCF(credential));
CFURLDownloadUseCredential(m_download.get(), cfCredential.get(), challenge);
return;
}
}
COMPtr<IWebURLAuthenticationChallenge> webChallenge(AdoptCOM,
WebURLAuthenticationChallenge::createInstance(AuthenticationChallenge(challenge, 0), this));
if (SUCCEEDED(m_delegate->didReceiveAuthenticationChallenge(this, webChallenge.get())))
return;
cancelAuthenticationChallenge(webChallenge.get());
}
void ResourceHandle::willSendRequest(ResourceRequest& request, const ResourceResponse& redirectResponse)
{
const URL& url = request.url();
d->m_user = url.user();
d->m_pass = url.pass();
d->m_lastHTTPMethod = request.httpMethod();
request.removeCredentials();
if (!protocolHostAndPortAreEqual(request.url(), redirectResponse.url())) {
// The network layer might carry over some headers from the original request that
// we want to strip here because the redirect is cross-origin.
request.clearHTTPAuthorization();
request.clearHTTPOrigin();
} else {
// Only consider applying authentication credentials if this is actually a redirect and the redirect
// URL didn't include credentials of its own.
if (d->m_user.isEmpty() && d->m_pass.isEmpty() && !redirectResponse.isNull()) {
Credential credential = CredentialStorage::get(request.url());
if (!credential.isEmpty()) {
d->m_initialCredential = credential;
// FIXME: Support Digest authentication, and Proxy-Authorization.
applyBasicAuthorizationHeader(request, d->m_initialCredential);
}
}
}
Ref<ResourceHandle> protect(*this);
if (client()->usesAsyncCallbacks())
client()->willSendRequestAsync(this, request, redirectResponse);
else {
client()->willSendRequest(this, request, redirectResponse);
// Client call may not preserve the session, especially if the request is sent over IPC.
if (!request.isNull()) {
request.setStorageSession(d->m_storageSession.get());
d->m_currentRequest = request;
}
}
}
