Changeset 239698 in webkit

Timestamp:

Jan 7, 2019 2:18:59 PM (5 years ago)

Author:

Devin Rousso

Message:

Web Inspector: Network: show secure connection details per-request
​https://bugs.webkit.org/show_bug.cgi?id=191539
<rdar://problem/45979891>

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

• inspector/protocol/Security.json:

Add Connection type.

• inspector/protocol/Network.json:

Send Security.Connection information when request metrics become available.

Source/WebCore:

Test: http/tests/inspector/network/resource-security-connection.html

• platform/network/NetworkLoadMetrics.h:

(WebCore::NetworkLoadMetrics:isolatedCopy):
(WebCore::NetworkLoadMetrics:clearNonTimingData):
(WebCore::NetworkLoadMetrics:operator==):
(WebCore::NetworkLoadMetrics:encode):
(WebCore::NetworkLoadMetrics:decode):

• inspector/agents/InspectorNetworkAgent.cpp:

(WebCore::InspectorNetworkAgent::buildObjectForMetrics):

Source/WebCore/PAL:

• pal/spi/cf/CFNetworkSPI.h:

Source/WebInspectorUI:

• UserInterface/Models/Resource.js:

(WI.Resource):
(WI.Resource.prototype.get security): Added.
(WI.Resource.prototype.updateForResponse):
(WI.Resource.prototype.updateWithMetrics):
(WI.Resource.prototype.get responseSecurity): Deleted.

• UserInterface/Views/ResourceSecurityContentView.js:

(WI.ResourceSecurityContentView):
(WI.ResourceSecurityContentView.prototype.initialLayout):
(WI.ResourceSecurityContentView.prototype.layout):
(WI.ResourceSecurityContentView.prototype._refreshConnectionSection): Added.
(WI.ResourceSecurityContentView.prototype._refreshCetificateSection):
(WI.ResourceSecurityContentView.prototype._handleResourceMetricsDidChange): Added.

• UserInterface/Views/ResourceSecurityContentView.css:

(body[dir] .resource-security > section:matches(.connection, .certificate) > .details): Added.
(@media (prefers-dark-interface) body[dir] .resource-security > section:matches(.connection, .certificate) > .details): Added.
(body[dir] .resource-security > section.certificate > .details): Deleted.
(@media (prefers-dark-interface) body[dir] .resource-security > section.certificate > .details): Deleted.

• Localizations/en.lproj/localizedStrings.js:

Source/WebKit:

• NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(stringForSSLProtocol): Added.
(stringForSSLCipher): Added.
(-[WKNetworkSessionDelegate URLSession:task:didFinishCollectingMetrics:]):

LayoutTests:

• http/tests/inspector/network/resource-security-connection-expected.txt: Added.
• http/tests/inspector/network/resource-security-connection.html: Added.

• http/tests/inspector/network/resource-security-certificate-expected.txt: Added.
• http/tests/inspector/network/resource-security-certificate.html: Added.
• http/tests/inspector/network/resource-response-security-expected.txt: Deleted.
• http/tests/inspector/network/resource-response-security.html: Deleted.

• platform/gtk/TestExpectations:
• platform/mac/TestExpectations:
• platform/wincairo/TestExpectations:
• platform/wpe/TestExpectations:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/inspector/network/resource-security-certificate-expected.txt (moved) (moved from trunk/LayoutTests/http/tests/inspector/network/resource-response-security-expected.txt) (1 diff)
• LayoutTests/http/tests/inspector/network/resource-security-certificate.html (moved) (moved from trunk/LayoutTests/http/tests/inspector/network/resource-response-security.html) (4 diffs)
• LayoutTests/http/tests/inspector/network/resource-security-connection-expected.txt (added)
• LayoutTests/http/tests/inspector/network/resource-security-connection.html (added)
• LayoutTests/platform/gtk/TestExpectations (modified) (1 diff)
• LayoutTests/platform/mac/TestExpectations (modified) (1 diff)
• LayoutTests/platform/wincairo/TestExpectations (modified) (1 diff)
• LayoutTests/platform/wpe/TestExpectations (modified) (1 diff)
• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/inspector/protocol/Network.json (modified) (1 diff)
• Source/JavaScriptCore/inspector/protocol/Security.json (modified) (2 diffs)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/PAL/ChangeLog (modified) (1 diff)
• Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h (modified) (1 diff)
• Source/WebCore/inspector/agents/InspectorNetworkAgent.cpp (modified) (1 diff)
• Source/WebCore/platform/network/NetworkLoadMetrics.h (modified) (6 diffs)
• Source/WebInspectorUI/ChangeLog (modified) (1 diff)
• Source/WebInspectorUI/Localizations/en.lproj/localizedStrings.js (modified) (3 diffs)
• Source/WebInspectorUI/UserInterface/Models/Resource.js (modified) (4 diffs)
• Source/WebInspectorUI/UserInterface/Views/ResourceSecurityContentView.css (modified) (2 diffs)
• Source/WebInspectorUI/UserInterface/Views/ResourceSecurityContentView.js (modified) (7 diffs)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm (modified) (3 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2019-01-07  Devin Rousso  <drousso@apple.com>
+
+        Web Inspector: Network: show secure connection details per-request
+        https://bugs.webkit.org/show_bug.cgi?id=191539
+        <rdar://problem/45979891>
+
+        Reviewed by Joseph Pecoraro.
+
+        * http/tests/inspector/network/resource-security-connection-expected.txt: Added.
+        * http/tests/inspector/network/resource-security-connection.html: Added.
+
+        * http/tests/inspector/network/resource-security-certificate-expected.txt: Added.
+        * http/tests/inspector/network/resource-security-certificate.html: Added.
+        * http/tests/inspector/network/resource-response-security-expected.txt: Deleted.
+        * http/tests/inspector/network/resource-response-security.html: Deleted.
+
+        * platform/gtk/TestExpectations:
+        * platform/mac/TestExpectations:
+        * platform/wincairo/TestExpectations:
+        * platform/wpe/TestExpectations:
+
 2019-01-07  Truitt Savell  <tsavell@apple.com>
 

trunk/LayoutTests/http/tests/inspector/network/resource-security-certificate-expected.txt

@@ -1 @@
-Tests that a resource has security information.
+Tests for resource security certificate information.
 
 
-== Running test suite: Resource.Security
--- Running test case: Resource.Security.Certificate
+== Running test suite: Resource.Security.Certificate
+-- Running test case: Resource.Security.Certificate.Basic
 PASS: Resource should have been loaded securely.
 PASS: Resource should have security information.
 PASS: Security information should include certificate information.
-PASS: Certificate should have subject
+PASS: Certificate should have subject.
 PASS: Certificate should have a validFrom date.
 PASS: Certificate should have a validUntil date.

trunk/LayoutTests/http/tests/inspector/network/resource-security-certificate.html

@@ -5 +5 @@
 <script src="../resources/inspector-test.js"></script>
 <script>
+let requestCount = 0;
+
 function createSecureRequest() {
     let img = document.createElement("img");
-    img.src = "https://localhost:8443/resources/square100.png";
+    img.src = "https://localhost:8443/resources/square100.png?" + (++requestCount);
     document.body.appendChild(img);
 }
@@ -13 +15 @@
 function test()
 {
-    let suite = InspectorTest.createAsyncSuite("Resource.Security");
+    let suite = InspectorTest.createAsyncSuite("Resource.Security.Certificate");
 
     suite.addTestCase({
-        name: "Resource.Security.Certificate",
+        name: "Resource.Security.Certificate.Basic",
         description: "Check if a resource has security certificate information.",
         test(resolve, reject) {
@@ -24 +26 @@
                 InspectorTest.expectThat(resource.loadedSecurely, "Resource should have been loaded securely.");
 
-                let responseSecurity = resource.responseSecurity;
-                InspectorTest.expectNotNull(responseSecurity, "Resource should have security information.");
+                let security = resource.security;
+                InspectorTest.expectNotNull(security, "Resource should have security information.");
 
-                let certificate = responseSecurity.certificate;
+                let certificate = security.certificate;
                 InspectorTest.expectNotNull(certificate, "Security information should include certificate information.");
-                InspectorTest.expectGreaterThan(certificate.subject.length, 0, "Certificate should have subject");
+                InspectorTest.expectGreaterThan(certificate.subject.length, 0, "Certificate should have subject.");
                 InspectorTest.expectGreaterThan(certificate.validFrom, 0, "Certificate should have a validFrom date.");
                 InspectorTest.expectGreaterThan(certificate.validUntil, 0, "Certificate should have a validUntil date.");
@@ -45 +47 @@
 </head>
 <body onload="runTest()">
-    <p>Tests that a resource has security information.</p>
+    <p>Tests for resource security certificate information.</p>
 </body>
 </html>

trunk/LayoutTests/platform/gtk/TestExpectations

@@ -1974 +1974 @@
 
 webkit.org/b/186847 http/tests/inspector/network/resource-sizes-memory-cache.html [ Pass Failure ]
-webkit.org/b/191497 http/tests/inspector/network/resource-response-security.html [ Skip ]
+webkit.org/b/192407 http/tests/inspector/network/resource-security-connection.html [ Skip ]
+webkit.org/b/191497 http/tests/inspector/network/resource-security-certificate.html [ Skip ]
 webkit.org/b/191497 http/tests/inspector/network/getSerializedCertificate.html [ Skip ]
 

trunk/LayoutTests/platform/mac/TestExpectations

@@ -1111 +1111 @@
 webkit.org/b/156634 inspector/formatting/formatting-javascript.html [ Pass Timeout ]
 webkit.org/b/158948 inspector/timeline [ Pass Timeout ]
+webkit.org/b/191539 http/tests/inspector/network/resource-security-connection.html [ Skip ]
 
 webkit.org/b/187622 [ Debug ] inspector/view/asynchronous-layout.html [ Pass Timeout ]

trunk/LayoutTests/platform/wincairo/TestExpectations

@@ -1004 +1004 @@
 http/tests/xmlviewer [ Skip ]
 
-webkit.org/b/191498 http/tests/inspector/network/resource-response-security.html [ Skip ]
+webkit.org/b/192406 http/tests/inspector/network/resource-security-connection.html [ Skip ]
+webkit.org/b/191498 http/tests/inspector/network/resource-security-certificate.html [ Skip ]
 webkit.org/b/191498 http/tests/inspector/network/getSerializedCertificate.html [ Skip ]
 

trunk/LayoutTests/platform/wpe/TestExpectations

@@ -541 +541 @@
 Bug(WPE) fast/dom/HTMLAnchorElement [ Skip ]
 
-webkit.org/b/191497 http/tests/inspector/network/resource-response-security.html [ Skip ]
+webkit.org/b/192407 http/tests/inspector/network/resource-security-connection.html [ Skip ]
+webkit.org/b/191497 http/tests/inspector/network/resource-security-certificate.html [ Skip ]
 webkit.org/b/191497 http/tests/inspector/network/getSerializedCertificate.html [ Skip ]
 

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2019-01-07  Devin Rousso  <drousso@apple.com>
+
+        Web Inspector: Network: show secure connection details per-request
+        https://bugs.webkit.org/show_bug.cgi?id=191539
+        <rdar://problem/45979891>
+
+        Reviewed by Joseph Pecoraro.
+
+        * inspector/protocol/Security.json:
+        Add `Connection` type.
+
+        * inspector/protocol/Network.json:
+        Send `Security.Connection` information when request metrics become available.
+
 2019-01-04  Tadeu Zagallo  <tzagallo@apple.com>
 

trunk/Source/JavaScriptCore/inspector/protocol/Network.json

@@ -94 +94 @@
                 { "name": "responseHeaderBytesReceived", "type": "number", "optional": true, "description": "Total HTTP response header bytes received over the network." },
                 { "name": "responseBodyBytesReceived", "type": "number", "optional": true, "description": "Total HTTP response body bytes received over the network." },
-                { "name": "responseBodyDecodedSize", "type": "number", "optional": true, "description": "Total decoded response body size in bytes." }
+                { "name": "responseBodyDecodedSize", "type": "number", "optional": true, "description": "Total decoded response body size in bytes." },
+                { "name": "securityConnection", "$ref": "Security.Connection", "optional": true, "description": "Connection information for the completed request." }
             ]
         },

trunk/Source/JavaScriptCore/inspector/protocol/Security.json

@@ -3 +3 @@
     "description": "Security domain allows the frontend to query for information relating to the security of the page (e.g. HTTPS info, TLS info, user activity, etc.).",
     "types": [
+        {
+            "id": "Connection",
+            "type": "object",
+            "description": "Information about a SSL connection to display in the frontend.",
+            "properties": [
+                { "name": "protocol", "type": "string", "optional": true },
+                { "name": "cipher", "type": "string", "optional": true }
+            ]
+        },
         {
             "id": "Certificate",
@@ -20 +29 @@
             "description": "Security information for a given Network.Response.",
             "properties": [
+                { "name": "connection", "$ref": "Connection", "optional": true },
                 { "name": "certificate", "$ref": "Certificate", "optional": true }
             ]

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2019-01-07  Devin Rousso  <drousso@apple.com>
+
+        Web Inspector: Network: show secure connection details per-request
+        https://bugs.webkit.org/show_bug.cgi?id=191539
+        <rdar://problem/45979891>
+
+        Reviewed by Joseph Pecoraro.
+
+        Test: http/tests/inspector/network/resource-security-connection.html
+
+        * platform/network/NetworkLoadMetrics.h:
+        (WebCore::NetworkLoadMetrics:isolatedCopy):
+        (WebCore::NetworkLoadMetrics:clearNonTimingData):
+        (WebCore::NetworkLoadMetrics:operator==):
+        (WebCore::NetworkLoadMetrics:encode):
+        (WebCore::NetworkLoadMetrics:decode):
+
+        * inspector/agents/InspectorNetworkAgent.cpp:
+        (WebCore::InspectorNetworkAgent::buildObjectForMetrics):
+
 2019-01-07  Eric Carlson  <eric.carlson@apple.com>
 

trunk/Source/WebCore/PAL/ChangeLog

@@ +1 @@
+2019-01-07  Devin Rousso  <drousso@apple.com>
+
+        Web Inspector: Network: show secure connection details per-request
+        https://bugs.webkit.org/show_bug.cgi?id=191539
+        <rdar://problem/45979891>
+
+        Reviewed by Joseph Pecoraro.
+
+        * pal/spi/cf/CFNetworkSPI.h:
+
 2019-01-04  Jer Noble  <jer.noble@apple.com>
 

trunk/Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h

@@ -210 +210 @@
 @property (assign, readonly) int64_t _responseBodyBytesReceived;
 @property (assign, readonly) int64_t _responseBodyBytesDecoded;
+@end
+#endif
+
+#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500) || (PLATFORM(IOS_FAMILY) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 130000)
+@interface NSURLSessionTaskTransactionMetrics ()
+@property (assign) SSLProtocol _negotiatedTLSProtocol;
+@property (assign) SSLCipherSuite _negotiatedTLSCipher;
 @end
 #endif

trunk/Source/WebCore/inspector/agents/InspectorNetworkAgent.cpp

@@ -265 +265 @@
         metrics->setResponseBodyDecodedSize(networkLoadMetrics.responseBodyDecodedSize);
 
+    auto connectionPayload = Inspector::Protocol::Security::Connection::create()
+        .release();
+
+    if (!networkLoadMetrics.tlsProtocol.isEmpty())
+        connectionPayload->setProtocol(networkLoadMetrics.tlsProtocol);
+
+    if (!networkLoadMetrics.tlsCipher.isEmpty())
+        connectionPayload->setCipher(networkLoadMetrics.tlsCipher);
+
+    metrics->setSecurityConnection(WTFMove(connectionPayload));
+
     return metrics;
 }

trunk/Source/WebCore/platform/network/NetworkLoadMetrics.h

@@ -72 +72 @@
         copy.connectionIdentifier = connectionIdentifier.isolatedCopy();
         copy.priority = priority;
+        copy.tlsProtocol = tlsProtocol.isolatedCopy();
+        copy.tlsCipher = tlsCipher.isolatedCopy();
         copy.requestHeaders = requestHeaders.isolatedCopy();
 
@@ -103 +105 @@
         connectionIdentifier = String();
         priority = NetworkLoadPriority::Unknown;
+        tlsProtocol = String();
+        tlsCipher = String();
         requestHeaders.clear();
         requestHeaderBytesSent = std::numeric_limits<uint32_t>::max();
@@ -126 +130 @@
             && connectionIdentifier == other.connectionIdentifier
             && priority == other.priority
+            && tlsProtocol == other.tlsProtocol
+            && tlsCipher == other.tlsCipher
             && requestHeaders == other.requestHeaders
             && requestHeaderBytesSent == other.requestHeaderBytesSent
@@ -162 +168 @@
     String connectionIdentifier;
     NetworkLoadPriority priority;
+
+    String tlsProtocol;
+    String tlsCipher;
 
     // Whether or not all of the properties (0 or otherwise) have been set.
@@ -199 +208 @@
     encoder << connectionIdentifier;
     encoder << priority;
+    encoder << tlsProtocol;
+    encoder << tlsCipher;
     encoder << requestHeaders;
     encoder << requestHeaderBytesSent;
@@ -223 +234 @@
         && decoder.decode(metrics.connectionIdentifier)
         && decoder.decode(metrics.priority)
+        && decoder.decode(metrics.tlsProtocol)
+        && decoder.decode(metrics.tlsCipher)
         && decoder.decode(metrics.requestHeaders)
         && decoder.decode(metrics.requestHeaderBytesSent)

trunk/Source/WebInspectorUI/ChangeLog

@@ +1 @@
+2019-01-07  Devin Rousso  <drousso@apple.com>
+
+        Web Inspector: Network: show secure connection details per-request
+        https://bugs.webkit.org/show_bug.cgi?id=191539
+        <rdar://problem/45979891>
+
+        Reviewed by Joseph Pecoraro.
+
+        * UserInterface/Models/Resource.js:
+        (WI.Resource):
+        (WI.Resource.prototype.get security): Added.
+        (WI.Resource.prototype.updateForResponse):
+        (WI.Resource.prototype.updateWithMetrics):
+        (WI.Resource.prototype.get responseSecurity): Deleted.
+
+        * UserInterface/Views/ResourceSecurityContentView.js:
+        (WI.ResourceSecurityContentView):
+        (WI.ResourceSecurityContentView.prototype.initialLayout):
+        (WI.ResourceSecurityContentView.prototype.layout):
+        (WI.ResourceSecurityContentView.prototype._refreshConnectionSection): Added.
+        (WI.ResourceSecurityContentView.prototype._refreshCetificateSection):
+        (WI.ResourceSecurityContentView.prototype._handleResourceMetricsDidChange): Added.
+        * UserInterface/Views/ResourceSecurityContentView.css:
+        (body[dir] .resource-security > section:matches(.connection, .certificate) > .details): Added.
+        (@media (prefers-dark-interface) body[dir] .resource-security > section:matches(.connection, .certificate) > .details): Added.
+        (body[dir] .resource-security > section.certificate > .details): Deleted.
+        (@media (prefers-dark-interface) body[dir] .resource-security > section.certificate > .details): Deleted.
+
+        * Localizations/en.lproj/localizedStrings.js:
+
 2019-01-07  Nikita Vasilyev  <nvasilyev@apple.com>
 

trunk/Source/WebInspectorUI/Localizations/en.lproj/localizedStrings.js

@@ -189 +189 @@
 localizedStrings["Child added to "] = "Child added to ";
 localizedStrings["Children"] = "Children";
+localizedStrings["Cipher"] = "Cipher";
 localizedStrings["Classes"] = "Classes";
 localizedStrings["Clear Filters"] = "Clear Filters";
@@ -622 +623 @@
 localizedStrings["No Watch Expressions"] = "No Watch Expressions";
 localizedStrings["No audit selected"] = "No audit selected";
+localizedStrings["No certificate security information."] = "No certificate security information.";
+localizedStrings["No connection security information."] = "No connection security information.";
 localizedStrings["No matching ARIA role"] = "No matching ARIA role";
 localizedStrings["No preview available"] = "No preview available";
@@ -630 +633 @@
 localizedStrings["No response cookies."] = "No response cookies.";
 localizedStrings["No response headers"] = "No response headers";
-localizedStrings["No response security certificate."] = "No response security certificate.";
-localizedStrings["No response security information."] = "No response security information.";
 localizedStrings["Node"] = "Node";
 localizedStrings["Node Removed"] = "Node Removed";

trunk/Source/WebInspectorUI/UserInterface/Models/Resource.js

@@ -71 +71 @@
         this._receivedNetworkLoadMetrics = false;
         this._responseSource = WI.Resource.ResponseSource.Unknown;
-        this._responseSecurity = null;
+        this._security = null;
         this._timingData = new WI.ResourceTimingData(this);
         this._protocol = null;
@@ -308 +308 @@
     get statusText() { return this._statusText; }
     get responseSource() { return this._responseSource; }
-    get responseSecurity() { return this._responseSecurity; }
+    get security() { return this._security; }
     get timingData() { return this._timingData; }
     get protocol() { return this._protocol; }
@@ -716 +716 @@
             this._responseSource = WI.Resource.responseSourceFromPayload(source);
 
-        if (security)
-            this._responseSecurity = security;
+        this._security = security || {};
 
         const headerBaseSize = 12; // Length of "HTTP/1.1 ", " ", and "\r\n".
@@ -792 +791 @@
             this.dispatchEventToListeners(WI.Resource.Event.SizeDidChange, {previousSize: this._estimatedSize});
             this.dispatchEventToListeners(WI.Resource.Event.TransferSizeDidChange);
+        }
+
+        if (metrics.securityConnection) {
+            if (!this._security)
+                this._security = {};
+            this._security.connection = metrics.securityConnection;
         }
 

trunk/Source/WebInspectorUI/UserInterface/Views/ResourceSecurityContentView.css

@@ -24 +24 @@
  */
 
-body[dir] .resource-security > section.certificate > .details {
+body[dir] .resource-security > section:matches(.connection, .certificate) > .details {
     border-color: var(--network-dns-color);
 }
@@ -55 +55 @@
 
 @media (prefers-dark-interface) {
-    body[dir] .resource-security > section.certificate > .details {
+    body[dir] .resource-security > section:matches(.connection, .certificate) > .details {
         border-color: var(--network-pseudo-header-color);
     }

trunk/Source/WebInspectorUI/UserInterface/Views/ResourceSecurityContentView.js

@@ -35 +35 @@
 
         this._insecureMessageElement = null;
+        this._needsConnectionRefresh = true;
         this._needsCertificateRefresh = true;
 
@@ -53 +54 @@
         super.initialLayout();
 
+        this._connectionSection = new WI.ResourceDetailsSection(WI.UIString("Connection"), "connection");
+        this.element.appendChild(this._connectionSection.element);
+
         this._certificateSection = new WI.ResourceDetailsSection(WI.UIString("Certificate"), "certificate");
         this.element.appendChild(this._certificateSection.element);
 
         this._resource.addEventListener(WI.Resource.Event.ResponseReceived, this._handleResourceResponseReceived, this);
+        this._resource.addEventListener(WI.Resource.Event.MetricsDidChange, this._handleResourceMetricsDidChange, this);
     }
 
@@ -70 +75 @@
         }
 
+        if (this._needsConnectionRefresh) {
+            this._needsConnectionRefresh = false;
+            this._refreshConnectionSection();
+        }
+
         if (this._needsCertificateRefresh) {
             this._needsCertificateRefresh = false;
@@ -167 +177 @@
     // Private
 
+    _refreshConnectionSection()
+    {
+        let detailsElement = this._connectionSection.detailsElement;
+        detailsElement.removeChildren();
+
+        let security = this._resource.security;
+        if (isEmptyObject(security)) {
+            this._connectionSection.markIncompleteSectionWithMessage(WI.UIString("No connection security information."));
+            return;
+        }
+
+        let connection = security.connection;
+        if (isEmptyObject(connection) || Object.values(connection).every((value) => !value)) {
+            this._connectionSection.markIncompleteSectionWithMessage(WI.UIString("No connection security information."));
+            return;
+        }
+
+        this._connectionSection.appendKeyValuePair(WI.UIString("Protocol"), connection.protocol || emDash);
+        this._connectionSection.appendKeyValuePair(WI.UIString("Cipher"), connection.cipher || emDash);
+    }
+
     _refreshCetificateSection()
     {
@@ -172 +203 @@
         detailsElement.removeChildren();
 
-        let responseSecurity = this._resource.responseSecurity;
-        if (!responseSecurity) {
-            this._certificateSection.markIncompleteSectionWithMessage(WI.UIString("No response security information."));
-            return;
-        }
-
-        let certificate = responseSecurity.certificate;
-        if (!certificate) {
-            this._certificateSection.markIncompleteSectionWithMessage(WI.UIString("No response security certificate."));
+        let security = this._resource.security;
+        if (isEmptyObject(security)) {
+            this._certificateSection.markIncompleteSectionWithMessage(WI.UIString("No certificate security information."));
+            return;
+        }
+
+        let certificate = security.certificate;
+        if (isEmptyObject(certificate) || Object.values(certificate).every((value) => !value)) {
+            this._certificateSection.markIncompleteSectionWithMessage(WI.UIString("No certificate security information."));
             return;
         }
@@ -208 +239 @@
         }
 
-        this._certificateSection.appendKeyValuePair(WI.UIString("Subject"), certificate.subject);
+        this._certificateSection.appendKeyValuePair(WI.UIString("Subject"), certificate.subject || emDash);
 
         let appendFormattedDate = (key, timestamp) => {
@@ -310 +341 @@
         this.needsLayout();
     }
+
+    _handleResourceMetricsDidChange(event)
+    {
+        this._needsConnectionRefresh = true;
+        this.needsLayout();
+    }
 };

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2019-01-07  Devin Rousso  <drousso@apple.com>
+
+        Web Inspector: Network: show secure connection details per-request
+        https://bugs.webkit.org/show_bug.cgi?id=191539
+        <rdar://problem/45979891>
+
+        Reviewed by Joseph Pecoraro.
+
+        * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+        (stringForSSLProtocol): Added.
+        (stringForSSLCipher): Added.
+        (-[WKNetworkSessionDelegate URLSession:task:didFinishCollectingMetrics:]):
+
 2019-01-07  Joseph Pecoraro  <pecoraro@apple.com>
 

trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm

@@ -53 +53 @@
 #import <wtf/ProcessPrivilege.h>
 #import <wtf/URL.h>
+#import <wtf/text/WTFString.h>
 
 using namespace WebKit;
@@ -93 +94 @@
     return WebCore::NetworkLoadPriority::Medium;
 }
+
+#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500) || (PLATFORM(IOS_FAMILY) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 130000)
+static String stringForSSLProtocol(SSLProtocol protocol)
+{
+    switch (protocol) {
+    case kDTLSProtocol1:
+        return "DTLS 1.0"_s;
+    case kSSLProtocol2:
+        return "SSL 2.0"_s;
+    case kSSLProtocol3:
+        return "SSL 3.0"_s;
+    case kSSLProtocol3Only:
+        return "SSL 3.0 (Only)"_s;
+    case kTLSProtocol1:
+        return "TLS 1.0"_s;
+    case kTLSProtocol1Only:
+        return "TLS 1.0 (Only)"_s;
+    case kTLSProtocol11:
+        return "TLS 1.1"_s;
+    case kTLSProtocol12:
+        return "TLS 1.2"_s;
+    case kTLSProtocol13:
+        return "TLS 1.3"_s;
+    case kSSLProtocolAll:
+        return "All";
+    case kSSLProtocolUnknown:
+        return "Unknown";
+    case kTLSProtocolMaxSupported:
+    default:
+        ASSERT_NOT_REACHED();
+        return emptyString();
+    }
+}
+
+static String stringForSSLCipher(SSLCipherSuite cipher)
+{
+#define STRINGIFY_CIPHER(cipher) \
+    case cipher: \
+        return "" #cipher ""_s
+
+    switch (cipher) {
+    STRINGIFY_CIPHER(SSL_RSA_EXPORT_WITH_RC4_40_MD5);
+    STRINGIFY_CIPHER(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5);
+    STRINGIFY_CIPHER(SSL_RSA_WITH_IDEA_CBC_SHA);
+    STRINGIFY_CIPHER(SSL_RSA_EXPORT_WITH_DES40_CBC_SHA);
+    STRINGIFY_CIPHER(SSL_RSA_WITH_DES_CBC_SHA);
+    STRINGIFY_CIPHER(SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
+    STRINGIFY_CIPHER(SSL_DH_DSS_WITH_DES_CBC_SHA);
+    STRINGIFY_CIPHER(SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA);
+    STRINGIFY_CIPHER(SSL_DH_RSA_WITH_DES_CBC_SHA);
+    STRINGIFY_CIPHER(SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
+    STRINGIFY_CIPHER(SSL_DHE_DSS_WITH_DES_CBC_SHA);
+    STRINGIFY_CIPHER(SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
+    STRINGIFY_CIPHER(SSL_DHE_RSA_WITH_DES_CBC_SHA);
+    STRINGIFY_CIPHER(SSL_DH_anon_EXPORT_WITH_RC4_40_MD5);
+    STRINGIFY_CIPHER(SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA);
+    STRINGIFY_CIPHER(SSL_DH_anon_WITH_DES_CBC_SHA);
+    STRINGIFY_CIPHER(SSL_FORTEZZA_DMS_WITH_NULL_SHA);
+    STRINGIFY_CIPHER(SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_RSA_WITH_AES_128_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_DH_DSS_WITH_AES_128_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_DH_RSA_WITH_AES_128_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_DHE_DSS_WITH_AES_128_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_DH_anon_WITH_AES_128_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_RSA_WITH_AES_256_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_DH_DSS_WITH_AES_256_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_DH_RSA_WITH_AES_256_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_DHE_DSS_WITH_AES_256_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_DHE_RSA_WITH_AES_256_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_DH_anon_WITH_AES_256_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_ECDH_ECDSA_WITH_NULL_SHA);
+    STRINGIFY_CIPHER(TLS_ECDH_ECDSA_WITH_RC4_128_SHA);
+    STRINGIFY_CIPHER(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_ECDHE_ECDSA_WITH_NULL_SHA);
+    STRINGIFY_CIPHER(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA);
+    STRINGIFY_CIPHER(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_ECDH_RSA_WITH_NULL_SHA);
+    STRINGIFY_CIPHER(TLS_ECDH_RSA_WITH_RC4_128_SHA);
+    STRINGIFY_CIPHER(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_ECDHE_RSA_WITH_NULL_SHA);
+    STRINGIFY_CIPHER(TLS_ECDHE_RSA_WITH_RC4_128_SHA);
+    STRINGIFY_CIPHER(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_ECDH_anon_WITH_NULL_SHA);
+    STRINGIFY_CIPHER(TLS_ECDH_anon_WITH_RC4_128_SHA);
+    STRINGIFY_CIPHER(TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_ECDH_anon_WITH_AES_128_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_ECDH_anon_WITH_AES_256_CBC_SHA);
+    // STRINGIFY_CIPHER(SSL_NULL_WITH_NULL_NULL);
+    STRINGIFY_CIPHER(TLS_NULL_WITH_NULL_NULL);
+    // STRINGIFY_CIPHER(SSL_RSA_WITH_NULL_MD5);
+    STRINGIFY_CIPHER(TLS_RSA_WITH_NULL_MD5);
+    // STRINGIFY_CIPHER(SSL_RSA_WITH_NULL_SHA);
+    STRINGIFY_CIPHER(TLS_RSA_WITH_NULL_SHA);
+    // STRINGIFY_CIPHER(SSL_RSA_WITH_RC4_128_MD5);
+    STRINGIFY_CIPHER(TLS_RSA_WITH_RC4_128_MD5);
+    // STRINGIFY_CIPHER(SSL_RSA_WITH_RC4_128_SHA);
+    STRINGIFY_CIPHER(TLS_RSA_WITH_RC4_128_SHA);
+    // STRINGIFY_CIPHER(SSL_RSA_WITH_3DES_EDE_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_RSA_WITH_3DES_EDE_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_RSA_WITH_NULL_SHA256);
+    STRINGIFY_CIPHER(TLS_RSA_WITH_AES_128_CBC_SHA256);
+    STRINGIFY_CIPHER(TLS_RSA_WITH_AES_256_CBC_SHA256);
+    // STRINGIFY_CIPHER(SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA);
+    // STRINGIFY_CIPHER(SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA);
+    // STRINGIFY_CIPHER(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
+    // STRINGIFY_CIPHER(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_DH_DSS_WITH_AES_128_CBC_SHA256);
+    STRINGIFY_CIPHER(TLS_DH_RSA_WITH_AES_128_CBC_SHA256);
+    STRINGIFY_CIPHER(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256);
+    STRINGIFY_CIPHER(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256);
+    STRINGIFY_CIPHER(TLS_DH_DSS_WITH_AES_256_CBC_SHA256);
+    STRINGIFY_CIPHER(TLS_DH_RSA_WITH_AES_256_CBC_SHA256);
+    STRINGIFY_CIPHER(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256);
+    STRINGIFY_CIPHER(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256);
+    // STRINGIFY_CIPHER(SSL_DH_anon_WITH_RC4_128_MD5);
+    STRINGIFY_CIPHER(TLS_DH_anon_WITH_RC4_128_MD5);
+    // STRINGIFY_CIPHER(SSL_DH_anon_WITH_3DES_EDE_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_DH_anon_WITH_3DES_EDE_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_DH_anon_WITH_AES_128_CBC_SHA256);
+    STRINGIFY_CIPHER(TLS_DH_anon_WITH_AES_256_CBC_SHA256);
+    STRINGIFY_CIPHER(TLS_PSK_WITH_RC4_128_SHA);
+    STRINGIFY_CIPHER(TLS_PSK_WITH_3DES_EDE_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_PSK_WITH_AES_128_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_PSK_WITH_AES_256_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_DHE_PSK_WITH_RC4_128_SHA);
+    STRINGIFY_CIPHER(TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_DHE_PSK_WITH_AES_128_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_DHE_PSK_WITH_AES_256_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_RSA_PSK_WITH_RC4_128_SHA);
+    STRINGIFY_CIPHER(TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_RSA_PSK_WITH_AES_128_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_RSA_PSK_WITH_AES_256_CBC_SHA);
+    STRINGIFY_CIPHER(TLS_PSK_WITH_NULL_SHA);
+    STRINGIFY_CIPHER(TLS_DHE_PSK_WITH_NULL_SHA);
+    STRINGIFY_CIPHER(TLS_RSA_PSK_WITH_NULL_SHA);
+    STRINGIFY_CIPHER(TLS_RSA_WITH_AES_128_GCM_SHA256);
+    STRINGIFY_CIPHER(TLS_RSA_WITH_AES_256_GCM_SHA384);
+    STRINGIFY_CIPHER(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256);
+    STRINGIFY_CIPHER(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384);
+    STRINGIFY_CIPHER(TLS_DH_RSA_WITH_AES_128_GCM_SHA256);
+    STRINGIFY_CIPHER(TLS_DH_RSA_WITH_AES_256_GCM_SHA384);
+    STRINGIFY_CIPHER(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256);
+    STRINGIFY_CIPHER(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384);
+    STRINGIFY_CIPHER(TLS_DH_DSS_WITH_AES_128_GCM_SHA256);
+    STRINGIFY_CIPHER(TLS_DH_DSS_WITH_AES_256_GCM_SHA384);
+    STRINGIFY_CIPHER(TLS_DH_anon_WITH_AES_128_GCM_SHA256);
+    STRINGIFY_CIPHER(TLS_DH_anon_WITH_AES_256_GCM_SHA384);
+    STRINGIFY_CIPHER(TLS_PSK_WITH_AES_128_GCM_SHA256);
+    STRINGIFY_CIPHER(TLS_PSK_WITH_AES_256_GCM_SHA384);
+    STRINGIFY_CIPHER(TLS_DHE_PSK_WITH_AES_128_GCM_SHA256);
+    STRINGIFY_CIPHER(TLS_DHE_PSK_WITH_AES_256_GCM_SHA384);
+    STRINGIFY_CIPHER(TLS_RSA_PSK_WITH_AES_128_GCM_SHA256);
+    STRINGIFY_CIPHER(TLS_RSA_PSK_WITH_AES_256_GCM_SHA384);
+    STRINGIFY_CIPHER(TLS_PSK_WITH_AES_128_CBC_SHA256);
+    STRINGIFY_CIPHER(TLS_PSK_WITH_AES_256_CBC_SHA384);
+    STRINGIFY_CIPHER(TLS_PSK_WITH_NULL_SHA256);
+    STRINGIFY_CIPHER(TLS_PSK_WITH_NULL_SHA384);
+    STRINGIFY_CIPHER(TLS_DHE_PSK_WITH_AES_128_CBC_SHA256);
+    STRINGIFY_CIPHER(TLS_DHE_PSK_WITH_AES_256_CBC_SHA384);
+    STRINGIFY_CIPHER(TLS_DHE_PSK_WITH_NULL_SHA256);
+    STRINGIFY_CIPHER(TLS_DHE_PSK_WITH_NULL_SHA384);
+    STRINGIFY_CIPHER(TLS_RSA_PSK_WITH_AES_128_CBC_SHA256);
+    STRINGIFY_CIPHER(TLS_RSA_PSK_WITH_AES_256_CBC_SHA384);
+    STRINGIFY_CIPHER(TLS_RSA_PSK_WITH_NULL_SHA256);
+    STRINGIFY_CIPHER(TLS_RSA_PSK_WITH_NULL_SHA384);
+    STRINGIFY_CIPHER(TLS_AES_128_GCM_SHA256);
+    STRINGIFY_CIPHER(TLS_AES_256_GCM_SHA384);
+    STRINGIFY_CIPHER(TLS_CHACHA20_POLY1305_SHA256);
+    STRINGIFY_CIPHER(TLS_AES_128_CCM_SHA256);
+    STRINGIFY_CIPHER(TLS_AES_128_CCM_8_SHA256);
+    STRINGIFY_CIPHER(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
+    STRINGIFY_CIPHER(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384);
+    STRINGIFY_CIPHER(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256);
+    STRINGIFY_CIPHER(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384);
+    STRINGIFY_CIPHER(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256);
+    STRINGIFY_CIPHER(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384);
+    STRINGIFY_CIPHER(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256);
+    STRINGIFY_CIPHER(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384);
+    STRINGIFY_CIPHER(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
+    STRINGIFY_CIPHER(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384);
+    STRINGIFY_CIPHER(TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
+    STRINGIFY_CIPHER(TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384);
+    STRINGIFY_CIPHER(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
+    STRINGIFY_CIPHER(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
+    STRINGIFY_CIPHER(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
+    STRINGIFY_CIPHER(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384);
+    STRINGIFY_CIPHER(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
+    STRINGIFY_CIPHER(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256);
+    STRINGIFY_CIPHER(TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
+    STRINGIFY_CIPHER(SSL_RSA_WITH_RC2_CBC_MD5);
+    STRINGIFY_CIPHER(SSL_RSA_WITH_IDEA_CBC_MD5);
+    STRINGIFY_CIPHER(SSL_RSA_WITH_DES_CBC_MD5);
+    STRINGIFY_CIPHER(SSL_RSA_WITH_3DES_EDE_CBC_MD5);
+    STRINGIFY_CIPHER(SSL_NO_SUCH_CIPHERSUITE);
+    default:
+        ASSERT_NOT_REACHED();
+        return emptyString();
+    }
+
+#undef STRINGIFY_CIPHER
+}
+#endif
 
 @interface WKNetworkSessionDelegate : NSObject <NSURLSessionDataDelegate> {
@@ -446 +662 @@
 #endif
 
+#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500) || (PLATFORM(IOS_FAMILY) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 130000)
+            networkLoadMetrics.tlsProtocol = stringForSSLProtocol(m._negotiatedTLSProtocol);
+            networkLoadMetrics.tlsCipher = stringForSSLCipher(m._negotiatedTLSCipher);
+#endif
+
             __block WebCore::HTTPHeaderMap requestHeaders;
             [m.request.allHTTPHeaderFields enumerateKeysAndObjectsUsingBlock:^(NSString *name, NSString *value, BOOL *) {