Changeset 260410 in webkit


Ignore:
Timestamp:
Apr 20, 2020 8:23:53 PM (4 years ago)
Author:
commit-queue@webkit.org
Message:

SPI clients using fastServerTrustEvaluationEnabled need SPI to inform them of modern TLS negotiation
https://bugs.webkit.org/show_bug.cgi?id=210533

Patch by Alex Christensen <achristensen@webkit.org> on 2020-04-20
Reviewed by Brady Eidson.

Source/WebKit:

  • NetworkProcess/NetworkDataTask.h:

(WebKit::NetworkDataTaskClient::didNegotiateModernTLS):

  • NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::didNegotiateModernTLS):

  • NetworkProcess/NetworkLoad.h:
  • NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
  • NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTaskCocoa::didNegotiateModernTLS):

  • NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):

  • UIProcess/API/APINavigationClient.h:

(API::NavigationClient::didNegotiateModernTLS):

  • UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h:
  • UIProcess/Cocoa/NavigationState.h:
  • UIProcess/Cocoa/NavigationState.mm:

(WebKit::NavigationState::setNavigationDelegate):
(WebKit::NavigationState::NavigationClient::didNegotiateModernTLS):

  • UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::didNegotiateModernTLS):

  • UIProcess/Network/NetworkProcessProxy.h:
  • UIProcess/Network/NetworkProcessProxy.messages.in:
  • UIProcess/WebPageProxy.cpp:
  • UIProcess/WebPageProxy.h:

Tools:

  • TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm:

(-[TLSNavigationDelegate waitForDidNegotiateModernTLS]):
(-[TLSNavigationDelegate _webView:didNegotiateModernTLS:]):
(TestWebKitAPI::TEST):

Location:
trunk
Files:
18 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebKit/ChangeLog

    r260408 r260410  
     12020-04-20  Alex Christensen  <achristensen@webkit.org>
     2
     3        SPI clients using fastServerTrustEvaluationEnabled need SPI to inform them of modern TLS negotiation
     4        https://bugs.webkit.org/show_bug.cgi?id=210533
     5
     6        Reviewed by Brady Eidson.
     7
     8        * NetworkProcess/NetworkDataTask.h:
     9        (WebKit::NetworkDataTaskClient::didNegotiateModernTLS):
     10        * NetworkProcess/NetworkLoad.cpp:
     11        (WebKit::NetworkLoad::didNegotiateModernTLS):
     12        * NetworkProcess/NetworkLoad.h:
     13        * NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
     14        * NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
     15        (WebKit::NetworkDataTaskCocoa::didNegotiateModernTLS):
     16        * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
     17        (-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
     18        * UIProcess/API/APINavigationClient.h:
     19        (API::NavigationClient::didNegotiateModernTLS):
     20        * UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h:
     21        * UIProcess/Cocoa/NavigationState.h:
     22        * UIProcess/Cocoa/NavigationState.mm:
     23        (WebKit::NavigationState::setNavigationDelegate):
     24        (WebKit::NavigationState::NavigationClient::didNegotiateModernTLS):
     25        * UIProcess/Network/NetworkProcessProxy.cpp:
     26        (WebKit::NetworkProcessProxy::didNegotiateModernTLS):
     27        * UIProcess/Network/NetworkProcessProxy.h:
     28        * UIProcess/Network/NetworkProcessProxy.messages.in:
     29        * UIProcess/WebPageProxy.cpp:
     30        * UIProcess/WebPageProxy.h:
     31
    1322020-04-20  Kate Cheney  <katherine_cheney@apple.com>
    233
  • trunk/Source/WebKit/NetworkProcess/NetworkDataTask.h

    r260356 r260410  
    7272
    7373    virtual bool shouldCaptureExtraNetworkLoadMetrics() const { return false; }
     74
     75    virtual void didNegotiateModernTLS(const WebCore::AuthenticationChallenge&) { }
    7476
    7577    void didCompleteWithError(const WebCore::ResourceError& error)
  • trunk/Source/WebKit/NetworkProcess/NetworkLoad.cpp

    r258458 r260410  
    3131#include "NetworkDataTaskBlob.h"
    3232#include "NetworkProcess.h"
     33#include "NetworkProcessProxyMessages.h"
    3334#include "NetworkSession.h"
    3435#include "WebErrors.h"
     
    286287}
    287288
     289void NetworkLoad::didNegotiateModernTLS(const WebCore::AuthenticationChallenge& challenge)
     290{
     291    m_networkProcess->send(Messages::NetworkProcessProxy::DidNegotiateModernTLS(m_parameters.webPageProxyID, challenge));
     292}
     293
    288294String NetworkLoad::description() const
    289295{
  • trunk/Source/WebKit/NetworkProcess/NetworkLoad.h

    r255846 r260410  
    8282    void cannotShowURL() final;
    8383    void wasBlockedByRestrictions() final;
     84    void didNegotiateModernTLS(const WebCore::AuthenticationChallenge&) final;
    8485
    8586    void notifyDidReceiveResponse(WebCore::ResourceResponse&&, NegotiatedLegacyTLS, ResponseCompletionHandler&&);
  • trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h

    r260356 r260410  
    5454    void didSendData(uint64_t totalBytesSent, uint64_t totalBytesExpectedToSend);
    5555    void didReceiveChallenge(WebCore::AuthenticationChallenge&&, NegotiatedLegacyTLS, ChallengeCompletionHandler&&);
     56    void didNegotiateModernTLS(const WebCore::AuthenticationChallenge&);
    5657    void didCompleteWithError(const WebCore::ResourceError&, const WebCore::NetworkLoadMetrics&);
    5758    void didReceiveResponse(WebCore::ResourceResponse&&, NegotiatedLegacyTLS, ResponseCompletionHandler&&);
  • trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm

    r260356 r260410  
    317317        completionHandler(AuthenticationChallengeDisposition::PerformDefaultHandling, { });
    318318    }
     319}
     320
     321void NetworkDataTaskCocoa::didNegotiateModernTLS(const WebCore::AuthenticationChallenge& challenge)
     322{
     323    if (m_client)
     324        m_client->didNegotiateModernTLS(challenge);
    319325}
    320326
  • trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm

    r260366 r260410  
    675675        // Handle server trust evaluation at platform-level if requested, for performance reasons and to use ATS defaults.
    676676        if (sessionCocoa->fastServerTrustEvaluationEnabled() && negotiatedLegacyTLS == NegotiatedLegacyTLS::No) {
     677            auto* networkDataTask = [self existingTask:task];
     678            if (networkDataTask)
     679                networkDataTask->didNegotiateModernTLS(challenge);
    677680#if HAVE(CFNETWORK_NSURLSESSION_STRICTRUSTEVALUATE)
    678             auto* networkDataTask = [self existingTask:task];
    679681            auto decisionHandler = makeBlockPtr([weakSelf = WeakObjCPtr<WKNetworkSessionDelegate>(self), sessionCocoa = makeWeakPtr(sessionCocoa), completionHandler = makeBlockPtr(completionHandler), taskIdentifier, networkDataTask = makeRefPtr(networkDataTask), negotiatedLegacyTLS](NSURLAuthenticationChallenge *challenge, OSStatus trustResult) mutable {
    680682                auto strongSelf = weakSelf.get();
  • trunk/Source/WebKit/UIProcess/API/APINavigationClient.h

    r259171 r260410  
    103103    virtual void didReceiveAuthenticationChallenge(WebKit::WebPageProxy&, WebKit::AuthenticationChallengeProxy& challenge) { challenge.listener().completeChallenge(WebKit::AuthenticationChallengeDisposition::PerformDefaultHandling); }
    104104    virtual void shouldAllowLegacyTLS(WebKit::WebPageProxy&, WebKit::AuthenticationChallengeProxy&, CompletionHandler<void(bool)>&& completionHandler) { completionHandler(true); }
     105    virtual void didNegotiateModernTLS(const WebCore::AuthenticationChallenge&) { }
    105106    virtual bool shouldBypassContentModeSafeguards() const { return false; }
    106107
  • trunk/Source/WebKit/UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h

    r260334 r260410  
    8787
    8888- (void)_webView:(WKWebView *)webView authenticationChallenge:(NSURLAuthenticationChallenge *)challenge shouldAllowLegacyTLS:(void (^)(BOOL))completionHandler WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
     89- (void)_webView:(WKWebView *)webView didNegotiateModernTLS:(NSURLAuthenticationChallenge *)challenge WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
    8990
    9091- (void)_webViewDidBeginNavigationGesture:(WKWebView *)webView;
  • trunk/Source/WebKit/UIProcess/Cocoa/NavigationState.h

    r259171 r260410  
    118118        void didReceiveAuthenticationChallenge(WebPageProxy&, AuthenticationChallengeProxy&) override;
    119119        void shouldAllowLegacyTLS(WebPageProxy&, AuthenticationChallengeProxy&, CompletionHandler<void(bool)>&&) final;
     120        void didNegotiateModernTLS(const WebCore::AuthenticationChallenge&) final;
    120121        bool processDidTerminate(WebPageProxy&, ProcessTerminationReason) override;
    121122        void processDidBecomeResponsive(WebPageProxy&) override;
     
    230231        bool webViewDidReceiveAuthenticationChallengeCompletionHandler : 1;
    231232        bool webViewAuthenticationChallengeShouldAllowLegacyTLS : 1;
     233        bool webViewDidNegotiateModernTLS : 1;
    232234        bool webViewWebContentProcessDidTerminate : 1;
    233235        bool webViewWebContentProcessDidTerminateWithReason : 1;
  • trunk/Source/WebKit/UIProcess/Cocoa/NavigationState.mm

    r259307 r260410  
    7171#import "_WKSameDocumentNavigationTypeInternal.h"
    7272#import "_WKWebsitePoliciesInternal.h"
     73#import <WebCore/AuthenticationMac.h>
    7374#import <WebCore/ContentRuleListResults.h>
    7475#import <WebCore/Credential.h>
     
    178179    m_navigationDelegateMethods.webViewDidReceiveAuthenticationChallengeCompletionHandler = [delegate respondsToSelector:@selector(webView:didReceiveAuthenticationChallenge:completionHandler:)];
    179180    m_navigationDelegateMethods.webViewAuthenticationChallengeShouldAllowLegacyTLS = [delegate respondsToSelector:@selector(_webView:authenticationChallenge:shouldAllowLegacyTLS:)];
     181    m_navigationDelegateMethods.webViewDidNegotiateModernTLS = [delegate respondsToSelector:@selector(_webView:didNegotiateModernTLS:)];
    180182    m_navigationDelegateMethods.webViewWebContentProcessDidTerminate = [delegate respondsToSelector:@selector(webViewWebContentProcessDidTerminate:)];
    181183    m_navigationDelegateMethods.webViewWebContentProcessDidTerminateWithReason = [delegate respondsToSelector:@selector(_webView:webContentProcessDidTerminateWithReason:)];
     
    10461048}
    10471049
     1050void NavigationState::NavigationClient::didNegotiateModernTLS(const WebCore::AuthenticationChallenge& challenge)
     1051{
     1052    if (!m_navigationState.m_navigationDelegateMethods.webViewDidNegotiateModernTLS)
     1053        return;
     1054
     1055    auto navigationDelegate = m_navigationState.m_navigationDelegate.get();
     1056    if (!navigationDelegate)
     1057        return;
     1058
     1059    [static_cast<id <WKNavigationDelegatePrivate>>(navigationDelegate.get()) _webView:m_navigationState.m_webView didNegotiateModernTLS:mac(challenge)];
     1060}
     1061
    10481062static _WKProcessTerminationReason wkProcessTerminationReason(ProcessTerminationReason reason)
    10491063{
  • trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp

    r260322 r260410  
    345345}
    346346
     347void NetworkProcessProxy::didNegotiateModernTLS(WebPageProxyIdentifier pageID, const WebCore::AuthenticationChallenge& challenge)
     348{
     349    if (auto* page = pageID ? WebProcessProxy::webPage(pageID) : nullptr)
     350        page->didNegotiateModernTLS(challenge);
     351}
     352
    347353void NetworkProcessProxy::didFetchWebsiteData(CallbackID callbackID, const WebsiteData& websiteData)
    348354{
  • trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.h

    r260322 r260410  
    251251    void didReceiveAuthenticationChallenge(PAL::SessionID, WebPageProxyIdentifier, const Optional<WebCore::SecurityOriginData>&, WebCore::AuthenticationChallenge&&, bool, uint64_t challengeID);
    252252    void negotiatedLegacyTLS(WebPageProxyIdentifier);
     253    void didNegotiateModernTLS(WebPageProxyIdentifier, const WebCore::AuthenticationChallenge&);
    253254    void didFetchWebsiteData(CallbackID, const WebsiteData&);
    254255    void didDeleteWebsiteData(CallbackID);
  • trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.messages.in

    r260303 r260410  
    2424    DidReceiveAuthenticationChallenge(PAL::SessionID sessionID, WebKit::WebPageProxyIdentifier pageID, Optional<WebCore::SecurityOriginData> topOrigin, WebCore::AuthenticationChallenge challenge, bool negotiatedLegacyTLS, uint64_t challengeID)
    2525    NegotiatedLegacyTLS(WebKit::WebPageProxyIdentifier pageID)
     26    DidNegotiateModernTLS(WebKit::WebPageProxyIdentifier pageID, WebCore::AuthenticationChallenge challenge)
    2627
    2728    DidFetchWebsiteData(WebKit::CallbackID callbackID, struct WebKit::WebsiteData websiteData)
  • trunk/Source/WebKit/UIProcess/WebPageProxy.cpp

    r260408 r260410  
    79397939}
    79407940
     7941void WebPageProxy::didNegotiateModernTLS(const WebCore::AuthenticationChallenge& challenge)
     7942{
     7943    m_navigationClient->didNegotiateModernTLS(challenge);
     7944}
     7945
    79417946void WebPageProxy::exceededDatabaseQuota(FrameIdentifier frameID, const String& originIdentifier, const String& databaseName, const String& displayName, uint64_t currentQuota, uint64_t currentOriginUsage, uint64_t currentDatabaseUsage, uint64_t expectedUsage, Messages::WebPageProxy::ExceededDatabaseQuota::DelayedReply&& reply)
    79427947{
  • trunk/Source/WebKit/UIProcess/WebPageProxy.h

    r260408 r260410  
    13701370    void didReceiveAuthenticationChallengeProxy(Ref<AuthenticationChallengeProxy>&&, NegotiatedLegacyTLS);
    13711371    void negotiatedLegacyTLS();
     1372    void didNegotiateModernTLS(const WebCore::AuthenticationChallenge&);
    13721373
    13731374    SpellDocumentTag spellDocumentTag();
  • trunk/Tools/ChangeLog

    r260408 r260410  
     12020-04-20  Alex Christensen  <achristensen@webkit.org>
     2
     3        SPI clients using fastServerTrustEvaluationEnabled need SPI to inform them of modern TLS negotiation
     4        https://bugs.webkit.org/show_bug.cgi?id=210533
     5
     6        Reviewed by Brady Eidson.
     7
     8        * TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm:
     9        (-[TLSNavigationDelegate waitForDidNegotiateModernTLS]):
     10        (-[TLSNavigationDelegate _webView:didNegotiateModernTLS:]):
     11        (TestWebKitAPI::TEST):
     12
    1132020-04-20  Kate Cheney  <katherine_cheney@apple.com>
    214
  • trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm

    r260366 r260410  
    7474- (void)waitForDidFinishNavigation;
    7575- (void)waitForDidFailProvisionalNavigation;
     76- (NSURLAuthenticationChallenge *)waitForDidNegotiateModernTLS;
    7677- (bool)receivedShouldAllowLegacyTLS;
    7778@property (nonatomic) bool shouldAllowLegacyTLS;
     
    8283    bool _navigationFailed;
    8384    bool _receivedShouldAllowLegacyTLS;
     85    RetainPtr<NSURLAuthenticationChallenge> _negotiatedModernTLS;
    8486}
    8587
     
    9496    while (!_navigationFailed)
    9597        TestWebKitAPI::Util::spinRunLoop();
     98}
     99
     100- (NSURLAuthenticationChallenge *)waitForDidNegotiateModernTLS
     101{
     102    while (!_negotiatedModernTLS)
     103        TestWebKitAPI::Util::spinRunLoop();
     104    return _negotiatedModernTLS.autorelease();
    96105}
    97106
     
    121130    _receivedShouldAllowLegacyTLS = true;
    122131    completionHandler([self shouldAllowLegacyTLS]);
     132}
     133
     134- (void)_webView:(WKWebView *)webView didNegotiateModernTLS:(NSURLAuthenticationChallenge *)challenge
     135{
     136    _negotiatedModernTLS = challenge;
    123137}
    124138
     
    370384}
    371385
     386TEST(TLSVersion, DidNegotiateModernTLS)
     387{
     388    HTTPServer server({
     389        { "/", { "hello" }}
     390    }, HTTPServer::Protocol::Https);
     391
     392    auto delegate = adoptNS([TLSNavigationDelegate new]);
     393    auto configuration = adoptNS([WKWebViewConfiguration new]);
     394    auto dataStoreConfiguration = adoptNS([_WKWebsiteDataStoreConfiguration new]);
     395    [dataStoreConfiguration setFastServerTrustEvaluationEnabled:YES];
     396    [configuration setWebsiteDataStore:[[[WKWebsiteDataStore alloc] _initWithConfiguration:dataStoreConfiguration.get()] autorelease]];
     397    auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]);
     398    [webView setNavigationDelegate:delegate.get()];
     399    [webView loadRequest:server.request()];
     400    NSURLAuthenticationChallenge *challenge = [delegate waitForDidNegotiateModernTLS];
     401    EXPECT_WK_STREQ(challenge.protectionSpace.host, "127.0.0.1");
     402    EXPECT_EQ(challenge.protectionSpace.port, server.port());
     403}
     404
    372405TEST(TLSVersion, BackForwardHasOnlySecureContent)
    373406{
Note: See TracChangeset for help on using the changeset viewer.