Changeset 141350 in webkit

Timestamp:

Jan 30, 2013 5:26:22 PM (11 years ago)

Author:

commit-queue@webkit.org

Message:

[BlackBerry] Store both proxy and host credentials simultaneously for NetworkJob
​https://bugs.webkit.org/show_bug.cgi?id=108388

Patch by Joe Mason <​jmason@rim.com> on 2013-01-30
Reviewed by Yong Li.

The platform NetworkRequest interface has been updated again, to store both a proxy and host
credential for each request (to prevent an infinite loop when a request authenticates against a
proxy but fails the host authentication, and then the followup contains the host credential but not
the proxy credential so it fails proxy authentication, so the next followup contains the proxy
credential but not the host credential...)

Complying with the new interface requires the host and proxy challenge to be stored separately in
webkit so they can both be added to the same NetworkRequest.

Internal PR: 281172
Internal Reviewer: Leo Yang

• platform/network/ResourceHandleInternal.h:

(ResourceHandleInternal):

• platform/network/blackberry/AuthenticationChallenge.h:

(WebCore::AuthenticationChallenge::hasCredentials):
(AuthenticationChallenge):

• platform/network/blackberry/NetworkJob.cpp:

(WebCore::NetworkJob::notifyAuthReceived):
(WebCore::NetworkJob::handleRedirect):
(WebCore::NetworkJob::sendRequestWithCredentials):
(WebCore::NetworkJob::storeCredentials):
(WebCore):
(WebCore::NetworkJob::purgeCredentials):
(WebCore::NetworkJob::notifyChallengeResult):
(WebCore::NetworkJob::updateCurrentWebChallenge):

• platform/network/blackberry/NetworkJob.h:

(NetworkJob):

• platform/network/blackberry/NetworkManager.cpp:

(WebCore::setAuthCredentials):
(WebCore):
(WebCore::NetworkManager::startJob):

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• platform/network/ResourceHandleInternal.h (modified) (1 diff)
• platform/network/blackberry/AuthenticationChallenge.h (modified) (1 diff)
• platform/network/blackberry/NetworkJob.cpp (modified) (12 diffs)
• platform/network/blackberry/NetworkJob.h (modified) (4 diffs)
• platform/network/blackberry/NetworkManager.cpp (modified) (3 diffs)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2013-01-30  Joe Mason  <jmason@rim.com>
+
+        [BlackBerry] Store both proxy and host credentials simultaneously for NetworkJob
+        https://bugs.webkit.org/show_bug.cgi?id=108388
+
+        Reviewed by Yong Li.
+
+        The platform NetworkRequest interface has been updated again, to store both a proxy and host
+        credential for each request (to prevent an infinite loop when a request authenticates against a
+        proxy but fails the host authentication, and then the followup contains the host credential but not
+        the proxy credential so it fails proxy authentication, so the next followup contains the proxy
+        credential but not the host credential...)
+
+        Complying with the new interface requires the host and proxy challenge to be stored separately in
+        webkit so they can both be added to the same NetworkRequest.
+
+        Internal PR: 281172
+        Internal Reviewer: Leo Yang
+
+        * platform/network/ResourceHandleInternal.h:
+        (ResourceHandleInternal):
+        * platform/network/blackberry/AuthenticationChallenge.h:
+        (WebCore::AuthenticationChallenge::hasCredentials):
+        (AuthenticationChallenge):
+        * platform/network/blackberry/NetworkJob.cpp:
+        (WebCore::NetworkJob::notifyAuthReceived):
+        (WebCore::NetworkJob::handleRedirect):
+        (WebCore::NetworkJob::sendRequestWithCredentials):
+        (WebCore::NetworkJob::storeCredentials):
+        (WebCore):
+        (WebCore::NetworkJob::purgeCredentials):
+        (WebCore::NetworkJob::notifyChallengeResult):
+        (WebCore::NetworkJob::updateCurrentWebChallenge):
+        * platform/network/blackberry/NetworkJob.h:
+        (NetworkJob):
+        * platform/network/blackberry/NetworkManager.cpp:
+        (WebCore::setAuthCredentials):
+        (WebCore):
+        (WebCore::NetworkManager::startJob):
+
 2013-01-30  Oliver Hunt  <oliver@apple.com>
 

trunk/Source/WebCore/platform/network/ResourceHandleInternal.h

@@ -224 +224 @@
 #endif
         AuthenticationChallenge m_currentWebChallenge;
+#if PLATFORM(BLACKBERRY)
+        // We need to store the credentials for host and proxy separately for the platform
+        // networking layer. One of these will always be equal to m_currentWebChallenge.
+        AuthenticationChallenge m_hostWebChallenge;
+        AuthenticationChallenge m_proxyWebChallenge;
+#endif
 
         ResourceHandle::FailureType m_scheduledFailureType;

trunk/Source/WebCore/platform/network/blackberry/AuthenticationChallenge.h

@@ -40 +40 @@
     bool isStored() const { return m_isStored; }
 
+    bool hasCredentials() const
+    {
+        if (isNull())
+            return false;
+        return !proposedCredential().isEmpty();
+    }
+
 private:
     // Describes if attached credentials are stored in CredentialStorage.

trunk/Source/WebCore/platform/network/blackberry/NetworkJob.cpp

@@ -44 +44 @@
 #include <network/MultipartStream.h>
 #include <network/NetworkStreamFactory.h>
+
+using BlackBerry::Platform::NetworkRequest;
 
 namespace WebCore {
@@ -269 +271 @@
 }
 
-void NetworkJob::notifyAuthReceived(BlackBerry::Platform::NetworkRequest::AuthType authType, BlackBerry::Platform::NetworkRequest::AuthScheme authScheme, const char* realm, AuthResult result, bool requireCredentials)
-{
-    using BlackBerry::Platform::NetworkRequest;
-
+void NetworkJob::notifyAuthReceived(NetworkRequest::AuthType authType, NetworkRequest::AuthProtocol authProtocol, NetworkRequest::AuthScheme authScheme, const char* realm, AuthResult result, bool requireCredentials)
+{
     ProtectionSpaceServerType serverType;
     switch (authType) {
-    case NetworkRequest::AuthTypeHTTP:
-        serverType = ProtectionSpaceServerHTTP;
+    case NetworkRequest::AuthTypeHost:
+        switch (authProtocol) {
+        case NetworkRequest::AuthProtocolHTTP:
+            serverType = ProtectionSpaceServerHTTP;
+            break;
+        case NetworkRequest::AuthProtocolHTTPS:
+            serverType = ProtectionSpaceServerHTTPS;
+            break;
+        case NetworkRequest::AuthProtocolFTP:
+            serverType = ProtectionSpaceServerFTP;
+            break;
+        case NetworkRequest::AuthProtocolFTPS:
+            serverType = ProtectionSpaceServerFTPS;
+            break;
+        default:
+            ASSERT_NOT_REACHED();
+            return;
+        }
         break;
-    case NetworkRequest::AuthTypeHTTPS:
-        serverType = ProtectionSpaceServerHTTPS;
-        break;
-    case NetworkRequest::AuthTypeFTP:
-        serverType = ProtectionSpaceServerFTP;
-        break;
-    case NetworkRequest::AuthTypeFTPS:
-        serverType = ProtectionSpaceServerFTPS;
-        break;
-    case NetworkRequest::AuthTypeProxyHTTP:
-        serverType = ProtectionSpaceProxyHTTP;
-        break;
-    case NetworkRequest::AuthTypeProxyHTTPS:
-        serverType = ProtectionSpaceProxyHTTPS;
-        break;
-    case NetworkRequest::AuthTypeProxyFTP:
-        serverType = ProtectionSpaceProxyFTP;
+    case NetworkRequest::AuthTypeProxy:
+        switch (authProtocol) {
+        case NetworkRequest::AuthProtocolHTTP:
+            serverType = ProtectionSpaceProxyHTTP;
+            break;
+        case NetworkRequest::AuthProtocolHTTPS:
+            serverType = ProtectionSpaceProxyHTTPS;
+            break;
+        case NetworkRequest::AuthProtocolFTP:
+        case NetworkRequest::AuthProtocolFTPS:
+            serverType = ProtectionSpaceProxyFTP;
+            break;
+        default:
+            ASSERT_NOT_REACHED();
+            return;
+        }
         break;
     default:
@@ -330 +345 @@
     else {
         // Update the credentials that will be stored to match the scheme that was actually used
-        AuthenticationChallenge& challenge = m_handle->getInternal()->m_currentWebChallenge;
-        if (!challenge.isNull()) {
+        AuthenticationChallenge& challenge = authType == NetworkRequest::AuthTypeProxy ? m_handle->getInternal()->m_proxyWebChallenge : m_handle->getInternal()->m_hostWebChallenge;
+        if (challenge.hasCredentials()) {
             const ProtectionSpace& oldSpace = challenge.protectionSpace();
             if (oldSpace.authenticationScheme() != scheme && oldSpace.serverType() == serverType) {
                 ProtectionSpace newSpace(oldSpace.host(), oldSpace.port(), oldSpace.serverType(), oldSpace.realm(), scheme);
-                m_handle->getInternal()->m_currentWebChallenge = AuthenticationChallenge(newSpace,
-                                                                                         challenge.proposedCredential(),
-                                                                                         challenge.previousFailureCount(),
-                                                                                         challenge.failureResponse(),
-                                                                                         challenge.error());
+                updateCurrentWebChallenge(AuthenticationChallenge(newSpace, challenge.proposedCredential(), challenge.previousFailureCount(), challenge.failureResponse(), challenge.error()));
             }
         }
@@ -654 +665 @@
     }
 
-    if (!m_handle->getInternal()->m_currentWebChallenge.isNull()) {
-        // If this request is challenged, store the credentials now because the credential is correct (otherwise, it won't get here).
-        storeCredentials();
-        // Do not send existing credentials with the new request.
-        m_handle->getInternal()->m_currentWebChallenge.nullify();
-    }
+    // If this request is challenged, store the credentials now (if they are null this will do nothing)
+    storeCredentials();
+
+    // Do not send existing credentials with the new request.
+    m_handle->getInternal()->m_currentWebChallenge.nullify();
+    m_handle->getInternal()->m_proxyWebChallenge.nullify();
+    m_handle->getInternal()->m_hostWebChallenge.nullify();
 
     return startNewJobWithRequest(newRequest, true);
@@ -818 +830 @@
     if (!requireCredentials) {
         // Don't overwrite any existing credentials with the empty credential
-        if (m_handle->getInternal()->m_currentWebChallenge.isNull())
-            m_handle->getInternal()->m_currentWebChallenge = AuthenticationChallenge(protectionSpace, credential, 0, m_response, ResourceError());
+        updateCurrentWebChallenge(AuthenticationChallenge(protectionSpace, credential, 0, m_response, ResourceError()), /* allowOverwrite */ false);
     } else if (!(credential = CredentialStorage::get(protectionSpace)).isEmpty()
 #if ENABLE(BLACKBERRY_CREDENTIAL_PERSIST)
@@ -826 +837 @@
             ) {
         // First search the CredentialStorage and Persistent Credential Storage
-        m_handle->getInternal()->m_currentWebChallenge = AuthenticationChallenge(protectionSpace, credential, 0, m_response, ResourceError());
-        m_handle->getInternal()->m_currentWebChallenge.setStored(true);
+        AuthenticationChallenge challenge(protectionSpace, credential, 0, m_response, ResourceError());
+        challenge.setStored(true);
+        updateCurrentWebChallenge(challenge);
     } else {
         if (m_handle->firstRequest().targetType() == ResourceRequest::TargetIsFavicon) {
@@ -857 +869 @@
                 return false;
 
-            m_handle->getInternal()->m_currentWebChallenge = AuthenticationChallenge();
+            // DO overwrite any existing credentials with the empty credential
+            updateCurrentWebChallenge(AuthenticationChallenge(protectionSpace, credential, 0, m_response, ResourceError()));
 
             m_isAuthenticationChallenging = true;
@@ -869 +882 @@
         credential = Credential(username, password, CredentialPersistenceForSession);
 
-        m_handle->getInternal()->m_currentWebChallenge = AuthenticationChallenge(protectionSpace, credential, 0, m_response, ResourceError());
+        updateCurrentWebChallenge(AuthenticationChallenge(protectionSpace, credential, 0, m_response, ResourceError()));
     }
 
@@ -881 +894 @@
         return;
 
-    AuthenticationChallenge& challenge = m_handle->getInternal()->m_currentWebChallenge;
+    storeCredentials(m_handle->getInternal()->m_hostWebChallenge);
+    storeCredentials(m_handle->getInternal()->m_proxyWebChallenge);
+}
+
+void NetworkJob::storeCredentials(AuthenticationChallenge& challenge)
+{
     if (challenge.isNull())
         return;
@@ -923 +941 @@
         return;
 
-    AuthenticationChallenge& challenge = m_handle->getInternal()->m_currentWebChallenge;
+    purgeCredentials(m_handle->getInternal()->m_hostWebChallenge);
+    purgeCredentials(m_handle->getInternal()->m_proxyWebChallenge);
+}
+
+void NetworkJob::purgeCredentials(AuthenticationChallenge& challenge)
+{
     if (challenge.isNull())
         return;
@@ -980 +1003 @@
         return;
 
-    if (m_handle->getInternal()->m_currentWebChallenge.isNull())
-        m_handle->getInternal()->m_currentWebChallenge = AuthenticationChallenge(protectionSpace, credential, 0, m_response, ResourceError());
+    updateCurrentWebChallenge(AuthenticationChallenge(protectionSpace, credential, 0, m_response, ResourceError()), /* allowOverwrite */ false);
 
     ResourceRequest newRequest = m_handle->firstRequest();
@@ -1002 +1024 @@
 }
 
+void NetworkJob::updateCurrentWebChallenge(const AuthenticationChallenge& challenge, bool allowOverwrite)
+{
+    if (allowOverwrite || !m_handle->getInternal()->m_currentWebChallenge.hasCredentials())
+        m_handle->getInternal()->m_currentWebChallenge = challenge;
+    if (challenge.protectionSpace().serverType() == ProtectionSpaceProxyHTTP || challenge.protectionSpace().serverType() == ProtectionSpaceProxyHTTPS) {
+        if (allowOverwrite || !m_handle->getInternal()->m_proxyWebChallenge.hasCredentials())
+            m_handle->getInternal()->m_proxyWebChallenge = challenge;
+    } else {
+        if (allowOverwrite || !m_handle->getInternal()->m_hostWebChallenge.hasCredentials())
+            m_handle->getInternal()->m_hostWebChallenge = challenge;
+    }
+}
+
 } // namespace WebCore

trunk/Source/WebCore/platform/network/blackberry/NetworkJob.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2009, 2010, 2011 Research In Motion Limited. All rights reserved.
+ * Copyright (C) 2009, 2010, 2011, 2012, 2013 Research In Motion Limited. All rights reserved.
  *
  * This library is free software; you can redistribute it and/or
@@ -74 +74 @@
     virtual void notifyHeadersReceived(const BlackBerry::Platform::NetworkRequest::HeaderList& headers);
     virtual void notifyMultipartHeaderReceived(const char* key, const char* value);
-    virtual void notifyAuthReceived(BlackBerry::Platform::NetworkRequest::AuthType, BlackBerry::Platform::NetworkRequest::AuthScheme, const char* realm, AuthResult, bool requireCredentials);
+    virtual void notifyAuthReceived(BlackBerry::Platform::NetworkRequest::AuthType,
+        BlackBerry::Platform::NetworkRequest::AuthProtocol,
+        BlackBerry::Platform::NetworkRequest::AuthScheme,
+        const char* realm,
+        AuthResult,
+        bool requireCredentials);
     // notifyStringHeaderReceived exists only to resolve ambiguity between char* and String parameters
     void notifyStringHeaderReceived(const String& key, const String& value);
@@ -136 +141 @@
 
     void storeCredentials();
-
+    void storeCredentials(AuthenticationChallenge&);
     void purgeCredentials();
+    void purgeCredentials(AuthenticationChallenge&);
 
     bool isError(int statusCode) const
@@ -143 +149 @@
         return statusCode < 0 || (400 <= statusCode && statusCode < 600);
     }
+
+    void updateCurrentWebChallenge(const AuthenticationChallenge&, bool allowOverwrite = true);
 
 private:

trunk/Source/WebCore/platform/network/blackberry/NetworkManager.cpp

@@ -35 +35 @@
 #include <network/NetworkRequest.h>
 
+using BlackBerry::Platform::NetworkRequest;
+
 namespace WebCore {
 
@@ -56 +58 @@
 }
 
+static void setAuthCredentials(NetworkRequest& platformRequest, const AuthenticationChallenge& challenge)
+{
+    if (challenge.isNull())
+        return;
+
+    Credential credential = challenge.proposedCredential();
+    const ProtectionSpace& protectionSpace = challenge.protectionSpace();
+
+    String username = credential.user();
+    String password = credential.password();
+
+    NetworkRequest::AuthScheme authScheme = NetworkRequest::AuthSchemeNone;
+    switch (protectionSpace.authenticationScheme()) {
+    case ProtectionSpaceAuthenticationSchemeDefault:
+        authScheme = NetworkRequest::AuthSchemeDefault;
+        break;
+    case ProtectionSpaceAuthenticationSchemeHTTPBasic:
+        authScheme = NetworkRequest::AuthSchemeHTTPBasic;
+        break;
+    case ProtectionSpaceAuthenticationSchemeHTTPDigest:
+        authScheme = NetworkRequest::AuthSchemeHTTPDigest;
+        break;
+    case ProtectionSpaceAuthenticationSchemeNegotiate:
+        authScheme = NetworkRequest::AuthSchemeNegotiate;
+        break;
+    case ProtectionSpaceAuthenticationSchemeNTLM:
+        authScheme = NetworkRequest::AuthSchemeNTLM;
+        break;
+    default:
+        ASSERT_NOT_REACHED();
+        break;
+    }
+
+    NetworkRequest::AuthType authType = NetworkRequest::AuthTypeNone;
+    NetworkRequest::AuthProtocol authProtocol = NetworkRequest::AuthProtocolNone;
+    switch (protectionSpace.serverType()) {
+    case ProtectionSpaceServerHTTP:
+        authType = NetworkRequest::AuthTypeHost;
+        authProtocol = NetworkRequest::AuthProtocolHTTP;
+        break;
+    case ProtectionSpaceServerHTTPS:
+        authType = NetworkRequest::AuthTypeHost;
+        authProtocol = NetworkRequest::AuthProtocolHTTPS;
+        break;
+    case ProtectionSpaceServerFTP:
+        authType = NetworkRequest::AuthTypeHost;
+        authProtocol = NetworkRequest::AuthProtocolFTP;
+        break;
+    case ProtectionSpaceServerFTPS:
+        authType = NetworkRequest::AuthTypeHost;
+        authProtocol = NetworkRequest::AuthProtocolFTPS;
+        break;
+    case ProtectionSpaceProxyHTTP:
+        authType = NetworkRequest::AuthTypeProxy;
+        authProtocol = NetworkRequest::AuthProtocolHTTP;
+        break;
+    case ProtectionSpaceProxyHTTPS:
+        authType = NetworkRequest::AuthTypeProxy;
+        authProtocol = NetworkRequest::AuthProtocolHTTPS;
+        break;
+    case ProtectionSpaceProxyFTP:
+        authType = NetworkRequest::AuthTypeProxy;
+        authProtocol = NetworkRequest::AuthProtocolFTP;
+        break;
+    default:
+        ASSERT_NOT_REACHED();
+        break;
+    }
+
+    if (authType != NetworkRequest::AuthTypeNone && authProtocol != NetworkRequest::AuthProtocolNone && authScheme != NetworkRequest::AuthSchemeNone)
+        platformRequest.setCredentials(authType, authProtocol, authScheme, username.utf8().data(), password.utf8().data());
+}
+
 bool NetworkManager::startJob(int playerId, const String& pageGroupName, PassRefPtr<ResourceHandle> job, const ResourceRequest& request, BlackBerry::Platform::NetworkStreamFactory* streamFactory, Frame* frame, int deferLoadingCount, int redirectCount)
 {
@@ -79 +154 @@
 
     // Attach any applicable auth credentials to the NetworkRequest.
-    AuthenticationChallenge& challenge = guardJob->getInternal()->m_currentWebChallenge;
-    if (!challenge.isNull()) {
-        Credential credential = challenge.proposedCredential();
-        const ProtectionSpace& protectionSpace = challenge.protectionSpace();
-
-        String username = credential.user();
-        String password = credential.password();
-
-        BlackBerry::Platform::NetworkRequest::AuthType authType = BlackBerry::Platform::NetworkRequest::AuthTypeNone;
-        switch (protectionSpace.serverType()) {
-        case ProtectionSpaceServerHTTP:
-            authType = BlackBerry::Platform::NetworkRequest::AuthTypeHTTP;
-            break;
-        case ProtectionSpaceServerHTTPS:
-            authType = BlackBerry::Platform::NetworkRequest::AuthTypeHTTPS;
-            break;
-        case ProtectionSpaceServerFTP:
-            authType = BlackBerry::Platform::NetworkRequest::AuthTypeFTP;
-            break;
-        case ProtectionSpaceServerFTPS:
-            authType = BlackBerry::Platform::NetworkRequest::AuthTypeFTPS;
-            break;
-        case ProtectionSpaceProxyHTTP:
-            authType = BlackBerry::Platform::NetworkRequest::AuthTypeProxyHTTP;
-            break;
-        case ProtectionSpaceProxyHTTPS:
-            authType = BlackBerry::Platform::NetworkRequest::AuthTypeProxyHTTPS;
-            break;
-        case ProtectionSpaceProxyFTP:
-            authType = BlackBerry::Platform::NetworkRequest::AuthTypeProxyFTP;
-            break;
-        default:
-            ASSERT_NOT_REACHED();
-            break;
-        }
-
-        BlackBerry::Platform::NetworkRequest::AuthScheme authScheme = BlackBerry::Platform::NetworkRequest::AuthSchemeNone;
-        switch (protectionSpace.authenticationScheme()) {
-        case ProtectionSpaceAuthenticationSchemeDefault:
-            authScheme = BlackBerry::Platform::NetworkRequest::AuthSchemeDefault;
-            break;
-        case ProtectionSpaceAuthenticationSchemeHTTPBasic:
-            authScheme = BlackBerry::Platform::NetworkRequest::AuthSchemeHTTPBasic;
-            break;
-        case ProtectionSpaceAuthenticationSchemeHTTPDigest:
-            authScheme = BlackBerry::Platform::NetworkRequest::AuthSchemeHTTPDigest;
-            break;
-        case ProtectionSpaceAuthenticationSchemeNegotiate:
-            authScheme = BlackBerry::Platform::NetworkRequest::AuthSchemeNegotiate;
-            break;
-        case ProtectionSpaceAuthenticationSchemeNTLM:
-            authScheme = BlackBerry::Platform::NetworkRequest::AuthSchemeNTLM;
-            break;
-        default:
-            ASSERT_NOT_REACHED();
-            break;
-        }
-
-        if (authType != BlackBerry::Platform::NetworkRequest::AuthTypeNone && authScheme != BlackBerry::Platform::NetworkRequest::AuthSchemeNone)
-            platformRequest.setCredentials(username.utf8().data(), password.utf8().data(), authType, authScheme);
-    }
+    setAuthCredentials(platformRequest, guardJob->getInternal()->m_hostWebChallenge);
+    setAuthCredentials(platformRequest, guardJob->getInternal()->m_proxyWebChallenge);
 
     if (!request.overrideContentType().isEmpty())