Changeset 263724 in webkit

Timestamp:

Jun 29, 2020 9:39:50 PM (4 years ago)

Author:

commit-queue@webkit.org

Message:

Make _WKWebsiteDataStoreConfiguration SPI for HSTS storage to replace _WKProcessPoolConfiguration.hstsStorageDirectory
​https://bugs.webkit.org/show_bug.cgi?id=213048

Patch by Alex Christensen <​achristensen@webkit.org> on 2020-06-29
Reviewed by Youenn Fablet.

Source/WebCore/PAL:

• pal/spi/cf/CFNetworkSPI.h:

Source/WebKit:

This uses CFNetwork SPI introduced in rdar://problem/50109631 to allow HSTS storage per NSURLSession.
To be complete, I also deprecated our UI process HSTS state removal attempt SPIs, WKContextResetHSTSHosts and
WKContextResetHSTSHostsAddedAfterDate, which had their last use removed in rdar://problem/64220838.

I manually verified that this new SPI puts HSTS data in the specified location, and I also verified that HSTS
state querying and removal works with the new CFNetwork SPI as it did with the old one.

• NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::fetchWebsiteData):
(WebKit::NetworkProcess::deleteWebsiteData):
(WebKit::NetworkProcess::deleteWebsiteDataForOrigins):
(WebKit::NetworkProcess::deleteAndRestrictWebsiteDataForRegistrableDomains):
(WebKit::NetworkProcess::registrableDomainsWithWebsiteData):

• NetworkProcess/NetworkProcess.h:
• NetworkProcess/NetworkSessionCreationParameters.cpp:

(WebKit::NetworkSessionCreationParameters::encode const):
(WebKit::NetworkSessionCreationParameters::decode):

• NetworkProcess/NetworkSessionCreationParameters.h:
• NetworkProcess/cocoa/NetworkProcessCocoa.mm:

(WebKit::NetworkProcess::hostNamesWithHSTSCache const):
(WebKit::NetworkProcess::deleteHSTSCacheForHostNames):
(WebKit::NetworkProcess::clearHSTSCache):
(WebKit::NetworkProcess::getHostNamesWithHSTSCache): Deleted.

• NetworkProcess/cocoa/NetworkSessionCocoa.h:
• NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(WebKit::NetworkSessionCocoa::hstsStorage const):
(WebKit::NetworkSessionCocoa::NetworkSessionCocoa):

• NetworkProcess/soup/NetworkProcessSoup.cpp:

(WebKit::NetworkProcess::hostNamesWithHSTSCache const):
(WebKit::NetworkProcess::deleteHSTSCacheForHostNames):
(WebKit::NetworkProcess::clearHSTSCache):
(WebKit::NetworkProcess::getHostNamesWithHSTSCache): Deleted.

• UIProcess/API/C/mac/WKContextPrivateMac.h:
• UIProcess/API/C/mac/WKContextPrivateMac.mm:

(WKContextResetHSTSHosts):
(WKContextResetHSTSHostsAddedAfterDate):

• UIProcess/API/Cocoa/_WKProcessPoolConfiguration.h:
• UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.h:
• UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.mm:

(-[_WKWebsiteDataStoreConfiguration hstsStorageDirectory]):
(-[_WKWebsiteDataStoreConfiguration setHSTSStorageDirectory:]):

• UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::privateBrowsingSession): Deleted.
(WebKit::WebProcessPool::resetHSTSHosts): Deleted.
(WebKit::WebProcessPool::resetHSTSHostsAddedAfterDate): Deleted.

• UIProcess/WebProcessPool.h:
• UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::resolveDirectoriesIfNecessary):
(WebKit::WebsiteDataStore::parameters):

• UIProcess/WebsiteData/WebsiteDataStore.h:

(WebKit::WebsiteDataStore::resolvedHSTSStorageDirectory const):

• UIProcess/WebsiteData/WebsiteDataStoreConfiguration.cpp:

(WebKit::WebsiteDataStoreConfiguration::copy const):

• UIProcess/WebsiteData/WebsiteDataStoreConfiguration.h:

Source/WTF:

• wtf/PlatformHave.h:

Location:

trunk/Source

Files:

• WTF/ChangeLog (modified) (1 diff)
• WTF/wtf/PlatformHave.h (modified) (1 diff)
• WebCore/PAL/ChangeLog (modified) (1 diff)
• WebCore/PAL/pal/spi/cf/CFNetworkSPI.h (modified) (2 diffs)
• WebKit/ChangeLog (modified) (1 diff)
• WebKit/NetworkProcess/NetworkProcess.cpp (modified) (5 diffs)
• WebKit/NetworkProcess/NetworkProcess.h (modified) (1 diff)
• WebKit/NetworkProcess/NetworkSessionCreationParameters.cpp (modified) (3 diffs)
• WebKit/NetworkProcess/NetworkSessionCreationParameters.h (modified) (1 diff)
• WebKit/NetworkProcess/cocoa/NetworkProcessCocoa.mm (modified) (2 diffs)
• WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h (modified) (2 diffs)
• WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm (modified) (3 diffs)
• WebKit/NetworkProcess/soup/NetworkProcessSoup.cpp (modified) (1 diff)
• WebKit/UIProcess/API/C/mac/WKContextPrivateMac.h (modified) (2 diffs)
• WebKit/UIProcess/API/C/mac/WKContextPrivateMac.mm (modified) (1 diff)
• WebKit/UIProcess/API/Cocoa/_WKProcessPoolConfiguration.h (modified) (1 diff)
• WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.h (modified) (1 diff)
• WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.mm (modified) (1 diff)
• WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (modified) (2 diffs)
• WebKit/UIProcess/WebProcessPool.h (modified) (1 diff)
• WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp (modified) (3 diffs)
• WebKit/UIProcess/WebsiteData/WebsiteDataStore.h (modified) (1 diff)
• WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.cpp (modified) (1 diff)
• WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.h (modified) (2 diffs)

trunk/Source/WTF/ChangeLog

@@ +1 @@
+2020-06-29  Alex Christensen  <achristensen@webkit.org>
+
+        Make _WKWebsiteDataStoreConfiguration SPI for HSTS storage to replace _WKProcessPoolConfiguration.hstsStorageDirectory
+        https://bugs.webkit.org/show_bug.cgi?id=213048
+
+        Reviewed by Youenn Fablet.
+
+        * wtf/PlatformHave.h:
+
 2020-06-29  Geoffrey Garen  <ggaren@apple.com>
 

trunk/Source/WTF/wtf/PlatformHave.h

@@ -408 +408 @@
 #endif
 
+#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101600) \
+    || ((PLATFORM(IOS) || PLATFORM(MACCATALYST)) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 140000) \
+    || (PLATFORM(WATCHOS) && __WATCH_OS_VERSION_MIN_REQUIRED >= 70000) \
+    || (PLATFORM(APPLETV) && __TV_OS_VERSION_MIN_REQUIRED >= 140000)
+#define HAVE_HSTS_STORAGE 1
+#endif
+
 #if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101600) || (PLATFORM(IOS_FAMILY) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 140000)
 #define HAVE_CFNETWORK_METRICS_APIS_V4 1

trunk/Source/WebCore/PAL/ChangeLog

@@ +1 @@
+2020-06-29  Alex Christensen  <achristensen@webkit.org>
+
+        Make _WKWebsiteDataStoreConfiguration SPI for HSTS storage to replace _WKProcessPoolConfiguration.hstsStorageDirectory
+        https://bugs.webkit.org/show_bug.cgi?id=213048
+
+        Reviewed by Youenn Fablet.
+
+        * pal/spi/cf/CFNetworkSPI.h:
+
 2020-06-29  Tetsuharu Ohzeki  <tetsuharu.ohzeki@gmail.com>
 

trunk/Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h

@@ -408 +408 @@
 Boolean _CFNetworkSetATSContext(CFDataRef);
 
-#if PLATFORM(COCOA)
+#if PLATFORM(COCOA) && !HAVE(HSTS_STORAGE)
 extern const CFStringRef _kCFNetworkHSTSPreloaded;
 CFDictionaryRef _CFNetworkCopyHSTSPolicies(CFURLStorageSessionRef);
@@ -459 +459 @@
 @end
 
+#if HAVE(HSTS_STORAGE)
+@interface _NSHSTSStorage : NSObject
+-(instancetype)initPersistentStoreWithURL:(nullable NSURL*)path;
+-(BOOL)shouldPromoteHostToHTTPS:(NSString *)host;
+-(NSArray<NSString *> *)nonPreloadedHosts;
+-(void)resetHSTSForHost:(NSString *)host;
+-(void)resetHSTSHostsSinceDate:(NSDate *)date;
+@end
+#endif
+
 @interface NSURLSessionConfiguration ()
 // FIXME: Remove this once rdar://problem/40650244 is in a build.
 @property (copy) NSDictionary *_socketStreamProperties;
+#if HAVE(HSTS_STORAGE)
+@property (nullable, retain) _NSHSTSStorage *_hstsStorage;
+#endif
 @end
 

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2020-06-29  Alex Christensen  <achristensen@webkit.org>
+
+        Make _WKWebsiteDataStoreConfiguration SPI for HSTS storage to replace _WKProcessPoolConfiguration.hstsStorageDirectory
+        https://bugs.webkit.org/show_bug.cgi?id=213048
+
+        Reviewed by Youenn Fablet.
+
+        This uses CFNetwork SPI introduced in rdar://problem/50109631 to allow HSTS storage per NSURLSession.
+        To be complete, I also deprecated our UI process HSTS state removal attempt SPIs, WKContextResetHSTSHosts and
+        WKContextResetHSTSHostsAddedAfterDate, which had their last use removed in rdar://problem/64220838.
+
+        I manually verified that this new SPI puts HSTS data in the specified location, and I also verified that HSTS
+        state querying and removal works with the new CFNetwork SPI as it did with the old one.
+
+        * NetworkProcess/NetworkProcess.cpp:
+        (WebKit::NetworkProcess::fetchWebsiteData):
+        (WebKit::NetworkProcess::deleteWebsiteData):
+        (WebKit::NetworkProcess::deleteWebsiteDataForOrigins):
+        (WebKit::NetworkProcess::deleteAndRestrictWebsiteDataForRegistrableDomains):
+        (WebKit::NetworkProcess::registrableDomainsWithWebsiteData):
+        * NetworkProcess/NetworkProcess.h:
+        * NetworkProcess/NetworkSessionCreationParameters.cpp:
+        (WebKit::NetworkSessionCreationParameters::encode const):
+        (WebKit::NetworkSessionCreationParameters::decode):
+        * NetworkProcess/NetworkSessionCreationParameters.h:
+        * NetworkProcess/cocoa/NetworkProcessCocoa.mm:
+        (WebKit::NetworkProcess::hostNamesWithHSTSCache const):
+        (WebKit::NetworkProcess::deleteHSTSCacheForHostNames):
+        (WebKit::NetworkProcess::clearHSTSCache):
+        (WebKit::NetworkProcess::getHostNamesWithHSTSCache): Deleted.
+        * NetworkProcess/cocoa/NetworkSessionCocoa.h:
+        * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+        (WebKit::NetworkSessionCocoa::hstsStorage const):
+        (WebKit::NetworkSessionCocoa::NetworkSessionCocoa):
+        * NetworkProcess/soup/NetworkProcessSoup.cpp:
+        (WebKit::NetworkProcess::hostNamesWithHSTSCache const):
+        (WebKit::NetworkProcess::deleteHSTSCacheForHostNames):
+        (WebKit::NetworkProcess::clearHSTSCache):
+        (WebKit::NetworkProcess::getHostNamesWithHSTSCache): Deleted.
+        * UIProcess/API/C/mac/WKContextPrivateMac.h:
+        * UIProcess/API/C/mac/WKContextPrivateMac.mm:
+        (WKContextResetHSTSHosts):
+        (WKContextResetHSTSHostsAddedAfterDate):
+        * UIProcess/API/Cocoa/_WKProcessPoolConfiguration.h:
+        * UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.h:
+        * UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.mm:
+        (-[_WKWebsiteDataStoreConfiguration hstsStorageDirectory]):
+        (-[_WKWebsiteDataStoreConfiguration setHSTSStorageDirectory:]):
+        * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+        (WebKit::privateBrowsingSession): Deleted.
+        (WebKit::WebProcessPool::resetHSTSHosts): Deleted.
+        (WebKit::WebProcessPool::resetHSTSHostsAddedAfterDate): Deleted.
+        * UIProcess/WebProcessPool.h:
+        * UIProcess/WebsiteData/WebsiteDataStore.cpp:
+        (WebKit::WebsiteDataStore::resolveDirectoriesIfNecessary):
+        (WebKit::WebsiteDataStore::parameters):
+        * UIProcess/WebsiteData/WebsiteDataStore.h:
+        (WebKit::WebsiteDataStore::resolvedHSTSStorageDirectory const):
+        * UIProcess/WebsiteData/WebsiteDataStoreConfiguration.cpp:
+        (WebKit::WebsiteDataStoreConfiguration::copy const):
+        * UIProcess/WebsiteData/WebsiteDataStoreConfiguration.h:
+
 2020-06-29  Tim Horton  <timothy_horton@apple.com>
 

trunk/Source/WebKit/NetworkProcess/NetworkProcess.cpp

@@ -1535 +1535 @@
 
 #if PLATFORM(COCOA) || USE(SOUP)
-    if (websiteDataTypes.contains(WebsiteDataType::HSTSCache)) {
-        if (auto* networkStorageSession = storageSession(sessionID))
-            getHostNamesWithHSTSCache(*networkStorageSession, callbackAggregator->m_websiteData.hostNamesWithHSTSCache);
-    }
+    if (websiteDataTypes.contains(WebsiteDataType::HSTSCache))
+        callbackAggregator->m_websiteData.hostNamesWithHSTSCache = hostNamesWithHSTSCache(sessionID);
 #endif
 
@@ -1597 +1595 @@
 {
 #if PLATFORM(COCOA) || USE(SOUP)
-    if (websiteDataTypes.contains(WebsiteDataType::HSTSCache)) {
-        if (auto* networkStorageSession = storageSession(sessionID))
-            clearHSTSCache(*networkStorageSession, modifiedSince);
-    }
+    if (websiteDataTypes.contains(WebsiteDataType::HSTSCache))
+        clearHSTSCache(sessionID, modifiedSince);
 #endif
 
@@ -1702 +1698 @@
 
 #if PLATFORM(COCOA) || USE(SOUP)
-    if (websiteDataTypes.contains(WebsiteDataType::HSTSCache)) {
-        if (auto* networkStorageSession = storageSession(sessionID))
-            deleteHSTSCacheForHostNames(*networkStorageSession, HSTSCacheHostNames);
-    }
+    if (websiteDataTypes.contains(WebsiteDataType::HSTSCache))
+        deleteHSTSCacheForHostNames(sessionID, HSTSCacheHostNames);
 #endif
 
@@ -1873 +1867 @@
 #if PLATFORM(COCOA) || USE(SOUP)
     if (websiteDataTypes.contains(WebsiteDataType::HSTSCache)) {
-        if (auto* networkStorageSession = storageSession(sessionID)) {
-            getHostNamesWithHSTSCache(*networkStorageSession, hostNamesWithHSTSCache);
-            hostnamesWithHSTSToDelete = filterForRegistrableDomains(domainsToDeleteAllNonCookieWebsiteDataFor, hostNamesWithHSTSCache);
-
-            for (const auto& host : hostnamesWithHSTSToDelete)
-                callbackAggregator->m_domains.add(RegistrableDomain::uncheckedCreateFromHost(host));
-
-            deleteHSTSCacheForHostNames(*networkStorageSession, hostnamesWithHSTSToDelete);
-        }
+        hostNamesWithHSTSCache = this->hostNamesWithHSTSCache(sessionID);
+        hostnamesWithHSTSToDelete = filterForRegistrableDomains(domainsToDeleteAllNonCookieWebsiteDataFor, hostNamesWithHSTSCache);
+
+        for (const auto& host : hostnamesWithHSTSToDelete)
+            callbackAggregator->m_domains.add(RegistrableDomain::uncheckedCreateFromHost(host));
+
+        deleteHSTSCacheForHostNames(sessionID, hostnamesWithHSTSToDelete);
     }
 #endif
@@ -2058 +2050 @@
     }));
     
-    auto& websiteDataStore = callbackAggregator->m_websiteData;
+    auto& websiteData = callbackAggregator->m_websiteData;
     
     if (websiteDataTypes.contains(WebsiteDataType::Cookies)) {
         if (auto* networkStorageSession = storageSession(sessionID))
-            networkStorageSession->getHostnamesWithCookies(websiteDataStore.hostNamesWithCookies);
+            networkStorageSession->getHostnamesWithCookies(websiteData.hostNamesWithCookies);
     }
     
 #if PLATFORM(COCOA) || USE(SOUP)
-    if (websiteDataTypes.contains(WebsiteDataType::HSTSCache)) {
-        if (auto* networkStorageSession = storageSession(sessionID))
-            getHostNamesWithHSTSCache(*networkStorageSession, websiteDataStore.hostNamesWithHSTSCache);
-    }
+    if (websiteDataTypes.contains(WebsiteDataType::HSTSCache))
+        websiteData.hostNamesWithHSTSCache = hostNamesWithHSTSCache(sessionID);
 #endif
 

trunk/Source/WebKit/NetworkProcess/NetworkProcess.h

@@ -194 +194 @@
 #endif
 #if PLATFORM(COCOA) || USE(SOUP)
-    void getHostNamesWithHSTSCache(WebCore::NetworkStorageSession&, HashSet<String>&);
-    void deleteHSTSCacheForHostNames(WebCore::NetworkStorageSession&, const Vector<String>&);
-    void clearHSTSCache(WebCore::NetworkStorageSession&, WallTime modifiedSince);
+    HashSet<String> hostNamesWithHSTSCache(PAL::SessionID) const;
+    void deleteHSTSCacheForHostNames(PAL::SessionID, const Vector<String>&);
+    void clearHSTSCache(PAL::SessionID, WallTime modifiedSince);
 #endif
 

trunk/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.cpp

@@ -58 +58 @@
     encoder << http3Enabled;
 #endif
+    encoder << hstsStorageDirectory;
+    encoder << hstsStorageDirectoryExtensionHandle;
 #if USE(SOUP)
     encoder << cookiePersistentStoragePath;
@@ -154 +156 @@
 #endif
 
+    Optional<String> hstsStorageDirectory;
+    decoder >> hstsStorageDirectory;
+    if (!hstsStorageDirectory)
+        return WTF::nullopt;
+
+    Optional<SandboxExtension::Handle> hstsStorageDirectoryExtensionHandle;
+    decoder >> hstsStorageDirectoryExtensionHandle;
+    if (!hstsStorageDirectoryExtensionHandle)
+        return WTF::nullopt;
+    
 #if USE(SOUP)
     Optional<String> cookiePersistentStoragePath;
@@ -276 +288 @@
         , WTFMove(*http3Enabled)
 #endif
+        , WTFMove(*hstsStorageDirectory)
+        , WTFMove(*hstsStorageDirectoryExtensionHandle)
 #if USE(SOUP)
         , WTFMove(*cookiePersistentStoragePath)

trunk/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h

@@ -70 +70 @@
     bool http3Enabled { false };
 #endif
+    String hstsStorageDirectory;
+    SandboxExtension::Handle hstsStorageDirectoryExtensionHandle;
 #if USE(SOUP)
     String cookiePersistentStoragePath;

trunk/Source/WebKit/NetworkProcess/cocoa/NetworkProcessCocoa.mm

@@ -135 +135 @@
 }
 
+#if !HAVE(HSTS_STORAGE)
 static void filterPreloadHSTSEntry(const void* key, const void* value, void* context)
 {
@@ -153 +154 @@
         hostnames->add((CFStringRef)key);
 }
-
-void NetworkProcess::getHostNamesWithHSTSCache(WebCore::NetworkStorageSession& session, HashSet<String>& hostNames)
-{
-    if (auto HSTSPolicies = adoptCF(_CFNetworkCopyHSTSPolicies(session.platformSession())))
-        CFDictionaryApplyFunction(HSTSPolicies.get(), filterPreloadHSTSEntry, &hostNames);
-}
-
-void NetworkProcess::deleteHSTSCacheForHostNames(WebCore::NetworkStorageSession& session, const Vector<String>& hostNames)
-{
-    for (auto& hostName : hostNames) {
-        auto url = URL({ }, makeString("https://", hostName));
-        _CFNetworkResetHSTS(url.createCFURL().get(), session.platformSession());
-    }
-}
-
-void NetworkProcess::clearHSTSCache(WebCore::NetworkStorageSession& session, WallTime modifiedSince)
+#endif
+
+HashSet<String> NetworkProcess::hostNamesWithHSTSCache(PAL::SessionID sessionID) const
+{
+    HashSet<String> hostNames;
+#if HAVE(HSTS_STORAGE)
+    if (auto* networkSession = static_cast<NetworkSessionCocoa*>(this->networkSession(sessionID))) {
+        for (NSString *host in networkSession->hstsStorage().nonPreloadedHosts)
+            hostNames.add(host);
+    }
+#else
+    if (auto* session = storageSession(sessionID)) {
+        if (auto HSTSPolicies = adoptCF(_CFNetworkCopyHSTSPolicies(session->platformSession())))
+            CFDictionaryApplyFunction(HSTSPolicies.get(), filterPreloadHSTSEntry, &hostNames);
+    }
+#endif
+    return hostNames;
+}
+
+void NetworkProcess::deleteHSTSCacheForHostNames(PAL::SessionID sessionID, const Vector<String>& hostNames)
+{
+#if HAVE(HSTS_STORAGE)
+    if (auto* networkSession = static_cast<NetworkSessionCocoa*>(this->networkSession(sessionID))) {
+        for (auto& hostName : hostNames)
+            [networkSession->hstsStorage() resetHSTSForHost:hostName];
+    }
+#else
+    if (auto* session = storageSession(sessionID)) {
+        for (auto& hostName : hostNames) {
+            auto url = URL({ }, makeString("https://", hostName));
+            _CFNetworkResetHSTS(url.createCFURL().get(), session->platformSession());
+        }
+    }
+#endif
+}
+
+void NetworkProcess::clearHSTSCache(PAL::SessionID sessionID, WallTime modifiedSince)
 {
     NSTimeInterval timeInterval = modifiedSince.secondsSinceEpoch().seconds();
     NSDate *date = [NSDate dateWithTimeIntervalSince1970:timeInterval];
-
-    _CFNetworkResetHSTSHostsSinceDate(session.platformSession(), (__bridge CFDateRef)date);
+#if HAVE(HSTS_STORAGE)
+    if (auto* networkSession = static_cast<NetworkSessionCocoa*>(this->networkSession(sessionID)))
+        [networkSession->hstsStorage() resetHSTSHostsSinceDate:date];
+#else
+    if (auto* session = storageSession(sessionID))
+        _CFNetworkResetHSTSHostsSinceDate(session->platformSession(), (__bridge CFDateRef)date);
+#endif
 }
 

trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h

@@ -34 +34 @@
 OBJC_CLASS WKNetworkSessionDelegate;
 OBJC_CLASS WKNetworkSessionWebSocketDelegate;
+OBJC_CLASS _NSHSTSStorage;
 
 #include "DownloadID.h"
@@ -105 +106 @@
     void taskFailed(NetworkDataTaskCocoa::TaskIdentifier);
     NSURLCredential *successfulClientCertificateForHost(const String& host, uint16_t port) const;
+    _NSHSTSStorage *hstsStorage() const;
 
 private:

trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm

@@ -68 +68 @@
 
 #import "DeviceManagementSoftLink.h"
+
+// FIXME: Remove this soft link once rdar://problem/50109631 is in a build and bots are updated.
+SOFT_LINK_FRAMEWORK(CFNetwork)
+SOFT_LINK_CLASS_OPTIONAL(CFNetwork, _NSHSTSStorage)
 
 using namespace WebKit;
@@ -1093 +1097 @@
 }
 
+_NSHSTSStorage *NetworkSessionCocoa::hstsStorage() const
+{
+#if HAVE(HSTS_STORAGE)
+    NSURLSessionConfiguration *configuration = m_sessionWithCredentialStorage.session.get().configuration;
+    // FIXME: Remove this respondsToSelector check once rdar://problem/50109631 is in a build and bots are updated.
+    if ([configuration respondsToSelector:@selector(_hstsStorage)])
+        return m_sessionWithCredentialStorage.session.get().configuration._hstsStorage;
+#endif
+    return nil;
+}
+
 const String& NetworkSessionCocoa::boundInterfaceIdentifier() const
 {
@@ -1172 +1187 @@
 
     NSURLSessionConfiguration *configuration = configurationForSessionID(m_sessionID);
+
+#if HAVE(HSTS_STORAGE)
+    if (!!parameters.hstsStorageDirectory && !m_sessionID.isEphemeral()) {
+        SandboxExtension::consumePermanently(parameters.hstsStorageDirectoryExtensionHandle);
+        // FIXME: Remove this respondsToSelector check once rdar://problem/50109631 is in a build and bots are updated.
+        if ([configuration respondsToSelector:@selector(_hstsStorage)])
+            configuration._hstsStorage = [[alloc_NSHSTSStorageInstance() initPersistentStoreWithURL:[NSURL fileURLWithPath:parameters.hstsStorageDirectory isDirectory:YES]] autorelease];
+    }
+#endif
 
 #if HAVE(APP_SSO) || PLATFORM(MACCATALYST)

trunk/Source/WebKit/NetworkProcess/soup/NetworkProcessSoup.cpp

@@ -95 +95 @@
 }
 
-void NetworkProcess::getHostNamesWithHSTSCache(WebCore::NetworkStorageSession& storageSession, HashSet<String>& hostNames)
-{
-    const auto* session = static_cast<NetworkSessionSoup*>(networkSession(storageSession.sessionID()));
+HashSet<String> NetworkProcess::hostNamesWithHSTSCache(PAL::SessionID sessionID) const
+{
+    HashSet<String> hostNames;
+    const auto* session = static_cast<NetworkSessionSoup*>(networkSession(sessionID));
     session->soupNetworkSession().getHostNamesWithHSTSCache(hostNames);
-}
-
-void NetworkProcess::deleteHSTSCacheForHostNames(WebCore::NetworkStorageSession& storageSession, const Vector<String>& hostNames)
-{
-    const auto* session = static_cast<NetworkSessionSoup*>(networkSession(storageSession.sessionID()));
+    return hostNames;
+}
+
+void NetworkProcess::deleteHSTSCacheForHostNames(PAL::SessionID sessionID, const Vector<String>& hostNames)
+{
+    const auto* session = static_cast<NetworkSessionSoup*>(networkSession(sessionID));
     session->soupNetworkSession().deleteHSTSCacheForHostNames(hostNames);
 }
 
-void NetworkProcess::clearHSTSCache(WebCore::NetworkStorageSession& storageSession, WallTime modifiedSince)
-{
-    const auto* session = static_cast<NetworkSessionSoup*>(networkSession(storageSession.sessionID()));
+void NetworkProcess::clearHSTSCache(PAL::SessionID sessionID, WallTime modifiedSince)
+{
+    const auto* session = static_cast<NetworkSessionSoup*>(networkSession(sessionID));
     session->soupNetworkSession().clearHSTSCache(modifiedSince);
 }

trunk/Source/WebKit/UIProcess/API/C/mac/WKContextPrivateMac.h

@@ -28 +28 @@
 
 #include <WebKit/WKBase.h>
+#include <WebKit/WKDeprecated.h>
 #include <WebKit/WKPluginLoadPolicy.h>
 
@@ -44 +45 @@
 WK_EXPORT void WKContextGetInfoForInstalledPlugIns(WKContextRef context, WKContextGetInfoForInstalledPlugInsBlock block);
 
-WK_EXPORT void WKContextResetHSTSHosts(WKContextRef context);
-
-// The time here is relative to the Unix epoch.
-WK_EXPORT void WKContextResetHSTSHostsAddedAfterDate(WKContextRef context, double startDateIntervalSince1970);
+WK_EXPORT void WKContextResetHSTSHosts(WKContextRef context) WK_C_API_DEPRECATED;
+WK_EXPORT void WKContextResetHSTSHostsAddedAfterDate(WKContextRef context, double startDateIntervalSince1970) WK_C_API_DEPRECATED;
 
 WK_EXPORT void WKContextRegisterSchemeForCustomProtocol(WKContextRef context, WKStringRef scheme);

trunk/Source/WebKit/UIProcess/API/C/mac/WKContextPrivateMac.mm

@@ -102 +102 @@
 }
 
-void WKContextResetHSTSHosts(WKContextRef context)
+void WKContextResetHSTSHosts(WKContextRef)
 {
-    return WebKit::toImpl(context)->resetHSTSHosts();
 }
 
-void WKContextResetHSTSHostsAddedAfterDate(WKContextRef context, double startDateIntervalSince1970)
+void WKContextResetHSTSHostsAddedAfterDate(WKContextRef, double)
 {
-    return WebKit::toImpl(context)->resetHSTSHostsAddedAfterDate(startDateIntervalSince1970);
 }
 

trunk/Source/WebKit/UIProcess/API/Cocoa/_WKProcessPoolConfiguration.h

@@ -69 +69 @@
 @property (nonatomic) BOOL pageCacheEnabled WK_API_AVAILABLE(macos(10.14), ios(12.0));
 @property (nonatomic, getter=isJITEnabled) BOOL JITEnabled WK_API_AVAILABLE(macos(10.14.4), ios(12.2));
-@property (nonatomic, nullable, copy, setter=setHSTSStorageDirectory:) NSURL *hstsStorageDirectory WK_API_AVAILABLE(macos(10.15), ios(13.0));
+@property (nonatomic, nullable, copy, setter=setHSTSStorageDirectory:) NSURL *hstsStorageDirectory WK_API_DEPRECATED_WITH_REPLACEMENT("_WKWebsiteDataStoreConfiguration.hstsStorageDirectory", macos(10.15, WK_MAC_TBA), ios(13.0, WK_IOS_TBA));
 
 @property (nonatomic) BOOL configureJSCForTesting WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));

trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.h

@@ -73 +73 @@
 @property (nonatomic) BOOL suppressesConnectionTerminationOnSystemChange WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
 @property (nonatomic) BOOL allowsServerPreconnect WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
+@property (nonatomic, nullable, copy, setter=setHSTSStorageDirectory:) NSURL *hstsStorageDirectory WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
 
 @property (nonatomic, nullable, copy) NSURL *alternativeServicesStorageDirectory WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));

trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.mm

@@ -291 +291 @@
 }
 
+- (NSURL *)hstsStorageDirectory
+{
+    return [NSURL fileURLWithPath:_configuration->hstsStorageDirectory() isDirectory:YES];
+}
+
+- (void)setHSTSStorageDirectory:(NSURL *)url
+{
+    if (!_configuration->isPersistent())
+        [NSException raise:NSInvalidArgumentException format:@"Cannot set mediaKeysStorageDirectory on a non-persistent _WKWebsiteDataStoreConfiguration."];
+    checkURLArgument(url);
+    _configuration->setHSTSStorageDirectory(url.path);
+}
+
 - (NSURL *)alternativeServicesStorageDirectory
 {

trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm

@@ -729 +729 @@
 }
 
-static CFURLStorageSessionRef privateBrowsingSession()
-{
-    static CFURLStorageSessionRef session;
-    static dispatch_once_t once;
-    dispatch_once(&once, ^{
-        NSString *identifier = [NSString stringWithFormat:@"%@.PrivateBrowsing", [[NSBundle mainBundle] bundleIdentifier]];
-        session = createPrivateStorageSession((__bridge CFStringRef)identifier);
-    });
-
-    return session;
-}
-
 bool WebProcessPool::isURLKnownHSTSHost(const String& urlString) const
 {
@@ -746 +734 @@
 
     return _CFNetworkIsKnownHSTSHostWithSession(url.get(), nullptr);
-}
-
-void WebProcessPool::resetHSTSHosts()
-{
-    _CFNetworkResetHSTSHostsWithSession(nullptr);
-    _CFNetworkResetHSTSHostsWithSession(privateBrowsingSession());
-}
-
-void WebProcessPool::resetHSTSHostsAddedAfterDate(double startDateIntervalSince1970)
-{
-    NSDate *startDate = [NSDate dateWithTimeIntervalSince1970:startDateIntervalSince1970];
-    _CFNetworkResetHSTSHostsSinceDate(nullptr, (__bridge CFDateRef)startDate);
-    _CFNetworkResetHSTSHostsSinceDate(privateBrowsingSession(), (__bridge CFDateRef)startDate);
 }
 

trunk/Source/WebKit/UIProcess/WebProcessPool.h

@@ -423 +423 @@
 
     bool isURLKnownHSTSHost(const String& urlString) const;
-    void resetHSTSHosts();
-    void resetHSTSHostsAddedAfterDate(double startDateIntervalSince1970);
 
     static void registerGlobalURLSchemeAsHavingCustomProtocolHandlers(const String&);

trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp

@@ -233 +233 @@
     if (!m_configuration->cacheStorageDirectory().isEmpty() && m_resolvedConfiguration->cacheStorageDirectory().isEmpty())
         m_resolvedConfiguration->setCacheStorageDirectory(resolvePathForSandboxExtension(m_configuration->cacheStorageDirectory()));
+    if (!m_configuration->hstsStorageDirectory().isEmpty() && m_resolvedConfiguration->hstsStorageDirectory().isEmpty())
+        m_resolvedConfiguration->setHSTSStorageDirectory(resolvePathForSandboxExtension(m_configuration->hstsStorageDirectory()));
 
     // Resolve directories for file paths.
@@ -2260 +2262 @@
         SandboxExtension::createHandleForReadWriteDirectory(networkCacheDirectory, networkCacheDirectoryExtensionHandle);
 
+    auto hstsStorageDirectory = resolvedHSTSStorageDirectory();
+    SandboxExtension::Handle hstsStorageDirectoryExtensionHandle;
+    if (!hstsStorageDirectory.isEmpty())
+        SandboxExtension::createHandleForReadWriteDirectory(hstsStorageDirectory, hstsStorageDirectoryExtensionHandle);
+
     bool shouldIncludeLocalhostInResourceLoadStatistics = false;
     bool enableResourceLoadStatisticsDebugMode = false;
@@ -2301 +2308 @@
     networkSessionParameters.networkCacheDirectory = WTFMove(networkCacheDirectory);
     networkSessionParameters.networkCacheDirectoryExtensionHandle = WTFMove(networkCacheDirectoryExtensionHandle);
+    networkSessionParameters.hstsStorageDirectory = WTFMove(hstsStorageDirectory);
+    networkSessionParameters.hstsStorageDirectoryExtensionHandle = WTFMove(hstsStorageDirectoryExtensionHandle);
     networkSessionParameters.dataConnectionServiceType = m_configuration->dataConnectionServiceType();
     networkSessionParameters.fastServerTrustEvaluationEnabled = m_configuration->fastServerTrustEvaluationEnabled();

trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h

@@ -225 +225 @@
     const String& resolvedServiceWorkerRegistrationDirectory() const { return m_resolvedConfiguration->serviceWorkerRegistrationDirectory(); }
     const String& resolvedResourceLoadStatisticsDirectory() const { return m_resolvedConfiguration->resourceLoadStatisticsDirectory(); }
+    const String& resolvedHSTSStorageDirectory() const { return m_resolvedConfiguration->hstsStorageDirectory(); }
 
     DeviceIdHashSaltStorage& deviceIdHashSaltStorage() { return m_deviceIdHashSaltStorage.get(); }

trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.cpp

@@ -68 +68 @@
     copy->m_serviceWorkerRegistrationDirectory = this->m_serviceWorkerRegistrationDirectory;
     copy->m_webSQLDatabaseDirectory = this->m_webSQLDatabaseDirectory;
-#if USE(GLIB)
     copy->m_hstsStorageDirectory = this->m_hstsStorageDirectory;
-#endif
     copy->m_localStorageDirectory = this->m_localStorageDirectory;
     copy->m_mediaKeysStorageDirectory = this->m_mediaKeysStorageDirectory;

trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.h

@@ -67 +67 @@
     const String& webSQLDatabaseDirectory() const { return m_webSQLDatabaseDirectory; }
     void setWebSQLDatabaseDirectory(String&& directory) { m_webSQLDatabaseDirectory = WTFMove(directory); }
-#if USE(GLIB) // According to r245075 this will eventually move here.
+
     const String& hstsStorageDirectory() const { return m_hstsStorageDirectory; }
     void setHSTSStorageDirectory(String&& directory) { m_hstsStorageDirectory = WTFMove(directory); }
-#endif
+
     const String& localStorageDirectory() const { return m_localStorageDirectory; }
     void setLocalStorageDirectory(String&& directory) { m_localStorageDirectory = WTFMove(directory); }
@@ -175 +175 @@
     String m_serviceWorkerRegistrationDirectory;
     String m_webSQLDatabaseDirectory;
+    String m_hstsStorageDirectory;
 #if USE(GLIB)
-    String m_hstsStorageDirectory;
     bool m_networkCacheSpeculativeValidationEnabled { true };
 #else