Context Navigation

Changeset 234990 in webkit

Timestamp:

Aug 17, 2018 11:10:41 AM (6 years ago)

Author:

achristensen@apple.com

Message:

Reviewed by Youenn Fablet.

We unnecessarily had the allowsSpecificHTTPSCertificateForHost check at two different abstraction levels.

(WebKit::NetworkLoad::didReceiveChallenge):

(WebKit::NetworkSession::allowsSpecificHTTPSCertificateForHost): Deleted.

(-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):

Location:

trunk/Source/WebKit

Files:

-                      r234989
+                      r234990
+-08-17  Alex Christensen  <achristensen@webkit.org>
+        Simplify server trust authentication flow
+        https://bugs.webkit.org/show_bug.cgi?id=188684
+        Reviewed by Youenn Fablet.
+        We unnecessarily had the allowsSpecificHTTPSCertificateForHost check at two different abstraction levels.
+        * NetworkProcess/NetworkLoad.cpp:
+        (WebKit::NetworkLoad::didReceiveChallenge):
+        * NetworkProcess/NetworkSession.cpp:
+        (WebKit::NetworkSession::allowsSpecificHTTPSCertificateForHost): Deleted.
+        * NetworkProcess/NetworkSession.h:
+        * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+        (-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
 -08-17  Alex Christensen  <achristensen@webkit.org>

-                      r234941
+                      r234990
         return;
+    }
-#if PLATFORM(COCOA)
-    if (scheme == ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested
-        && NetworkSessionCocoa::allowsSpecificHTTPSCertificateForHost(challenge))
-        return completionHandler(AuthenticationChallengeDisposition::UseCredential, serverTrustCredential(challenge));
-#endif
     if (auto* pendingDownload = m_task->pendingDownload())

-                      r228567
+                      r234990
+}
-bool NetworkSession::allowsSpecificHTTPSCertificateForHost(const WebCore::AuthenticationChallenge& challenge)
+{
-#if PLATFORM(COCOA)
-    return NetworkSessionCocoa::allowsSpecificHTTPSCertificateForHost(challenge);
-#else
-    return false;
-#endif
+}
 } // namespace WebKit

r227364	r234990
55	55	void unregisterNetworkDataTask(NetworkDataTask& task) { m_dataTaskSet.remove(&task); }
56	56
57		~~static bool allowsSpecificHTTPSCertificateForHost(const WebCore::AuthenticationChallenge&);~~
58
59	57	protected:
60	58	NetworkSession(PAL::SessionID);

-                      r234440
+                      r234990
+    }
+    // Handle server trust evaluation at platform-level if requested, for performance reasons.
+    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust] && !NetworkProcess::singleton().canHandleHTTPSServerTrustEvaluation()) {
+    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
         if (NetworkSessionCocoa::allowsSpecificHTTPSCertificateForHost(challenge))
+            completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
+        else
+            completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace, nil);
+        return;
+            return completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
+        // Handle server trust evaluation at platform-level if requested, for performance reasons and to use ATS defaults.
+        if (!NetworkProcess::singleton().canHandleHTTPSServerTrustEvaluation())
+            return completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace, nil);
+    }

Note: See TracChangeset for help on using the changeset viewer.