Changeset 260410 in webkit
- Timestamp:
- Apr 20, 2020 8:23:53 PM (4 years ago)
- Location:
- trunk
- Files:
-
- 18 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit/ChangeLog
r260408 r260410 1 2020-04-20 Alex Christensen <achristensen@webkit.org> 2 3 SPI clients using fastServerTrustEvaluationEnabled need SPI to inform them of modern TLS negotiation 4 https://bugs.webkit.org/show_bug.cgi?id=210533 5 6 Reviewed by Brady Eidson. 7 8 * NetworkProcess/NetworkDataTask.h: 9 (WebKit::NetworkDataTaskClient::didNegotiateModernTLS): 10 * NetworkProcess/NetworkLoad.cpp: 11 (WebKit::NetworkLoad::didNegotiateModernTLS): 12 * NetworkProcess/NetworkLoad.h: 13 * NetworkProcess/cocoa/NetworkDataTaskCocoa.h: 14 * NetworkProcess/cocoa/NetworkDataTaskCocoa.mm: 15 (WebKit::NetworkDataTaskCocoa::didNegotiateModernTLS): 16 * NetworkProcess/cocoa/NetworkSessionCocoa.mm: 17 (-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]): 18 * UIProcess/API/APINavigationClient.h: 19 (API::NavigationClient::didNegotiateModernTLS): 20 * UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h: 21 * UIProcess/Cocoa/NavigationState.h: 22 * UIProcess/Cocoa/NavigationState.mm: 23 (WebKit::NavigationState::setNavigationDelegate): 24 (WebKit::NavigationState::NavigationClient::didNegotiateModernTLS): 25 * UIProcess/Network/NetworkProcessProxy.cpp: 26 (WebKit::NetworkProcessProxy::didNegotiateModernTLS): 27 * UIProcess/Network/NetworkProcessProxy.h: 28 * UIProcess/Network/NetworkProcessProxy.messages.in: 29 * UIProcess/WebPageProxy.cpp: 30 * UIProcess/WebPageProxy.h: 31 1 32 2020-04-20 Kate Cheney <katherine_cheney@apple.com> 2 33 -
trunk/Source/WebKit/NetworkProcess/NetworkDataTask.h
r260356 r260410 72 72 73 73 virtual bool shouldCaptureExtraNetworkLoadMetrics() const { return false; } 74 75 virtual void didNegotiateModernTLS(const WebCore::AuthenticationChallenge&) { } 74 76 75 77 void didCompleteWithError(const WebCore::ResourceError& error) -
trunk/Source/WebKit/NetworkProcess/NetworkLoad.cpp
r258458 r260410 31 31 #include "NetworkDataTaskBlob.h" 32 32 #include "NetworkProcess.h" 33 #include "NetworkProcessProxyMessages.h" 33 34 #include "NetworkSession.h" 34 35 #include "WebErrors.h" … … 286 287 } 287 288 289 void NetworkLoad::didNegotiateModernTLS(const WebCore::AuthenticationChallenge& challenge) 290 { 291 m_networkProcess->send(Messages::NetworkProcessProxy::DidNegotiateModernTLS(m_parameters.webPageProxyID, challenge)); 292 } 293 288 294 String NetworkLoad::description() const 289 295 { -
trunk/Source/WebKit/NetworkProcess/NetworkLoad.h
r255846 r260410 82 82 void cannotShowURL() final; 83 83 void wasBlockedByRestrictions() final; 84 void didNegotiateModernTLS(const WebCore::AuthenticationChallenge&) final; 84 85 85 86 void notifyDidReceiveResponse(WebCore::ResourceResponse&&, NegotiatedLegacyTLS, ResponseCompletionHandler&&); -
trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h
r260356 r260410 54 54 void didSendData(uint64_t totalBytesSent, uint64_t totalBytesExpectedToSend); 55 55 void didReceiveChallenge(WebCore::AuthenticationChallenge&&, NegotiatedLegacyTLS, ChallengeCompletionHandler&&); 56 void didNegotiateModernTLS(const WebCore::AuthenticationChallenge&); 56 57 void didCompleteWithError(const WebCore::ResourceError&, const WebCore::NetworkLoadMetrics&); 57 58 void didReceiveResponse(WebCore::ResourceResponse&&, NegotiatedLegacyTLS, ResponseCompletionHandler&&); -
trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
r260356 r260410 317 317 completionHandler(AuthenticationChallengeDisposition::PerformDefaultHandling, { }); 318 318 } 319 } 320 321 void NetworkDataTaskCocoa::didNegotiateModernTLS(const WebCore::AuthenticationChallenge& challenge) 322 { 323 if (m_client) 324 m_client->didNegotiateModernTLS(challenge); 319 325 } 320 326 -
trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm
r260366 r260410 675 675 // Handle server trust evaluation at platform-level if requested, for performance reasons and to use ATS defaults. 676 676 if (sessionCocoa->fastServerTrustEvaluationEnabled() && negotiatedLegacyTLS == NegotiatedLegacyTLS::No) { 677 auto* networkDataTask = [self existingTask:task]; 678 if (networkDataTask) 679 networkDataTask->didNegotiateModernTLS(challenge); 677 680 #if HAVE(CFNETWORK_NSURLSESSION_STRICTRUSTEVALUATE) 678 auto* networkDataTask = [self existingTask:task];679 681 auto decisionHandler = makeBlockPtr([weakSelf = WeakObjCPtr<WKNetworkSessionDelegate>(self), sessionCocoa = makeWeakPtr(sessionCocoa), completionHandler = makeBlockPtr(completionHandler), taskIdentifier, networkDataTask = makeRefPtr(networkDataTask), negotiatedLegacyTLS](NSURLAuthenticationChallenge *challenge, OSStatus trustResult) mutable { 680 682 auto strongSelf = weakSelf.get(); -
trunk/Source/WebKit/UIProcess/API/APINavigationClient.h
r259171 r260410 103 103 virtual void didReceiveAuthenticationChallenge(WebKit::WebPageProxy&, WebKit::AuthenticationChallengeProxy& challenge) { challenge.listener().completeChallenge(WebKit::AuthenticationChallengeDisposition::PerformDefaultHandling); } 104 104 virtual void shouldAllowLegacyTLS(WebKit::WebPageProxy&, WebKit::AuthenticationChallengeProxy&, CompletionHandler<void(bool)>&& completionHandler) { completionHandler(true); } 105 virtual void didNegotiateModernTLS(const WebCore::AuthenticationChallenge&) { } 105 106 virtual bool shouldBypassContentModeSafeguards() const { return false; } 106 107 -
trunk/Source/WebKit/UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h
r260334 r260410 87 87 88 88 - (void)_webView:(WKWebView *)webView authenticationChallenge:(NSURLAuthenticationChallenge *)challenge shouldAllowLegacyTLS:(void (^)(BOOL))completionHandler WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); 89 - (void)_webView:(WKWebView *)webView didNegotiateModernTLS:(NSURLAuthenticationChallenge *)challenge WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); 89 90 90 91 - (void)_webViewDidBeginNavigationGesture:(WKWebView *)webView; -
trunk/Source/WebKit/UIProcess/Cocoa/NavigationState.h
r259171 r260410 118 118 void didReceiveAuthenticationChallenge(WebPageProxy&, AuthenticationChallengeProxy&) override; 119 119 void shouldAllowLegacyTLS(WebPageProxy&, AuthenticationChallengeProxy&, CompletionHandler<void(bool)>&&) final; 120 void didNegotiateModernTLS(const WebCore::AuthenticationChallenge&) final; 120 121 bool processDidTerminate(WebPageProxy&, ProcessTerminationReason) override; 121 122 void processDidBecomeResponsive(WebPageProxy&) override; … … 230 231 bool webViewDidReceiveAuthenticationChallengeCompletionHandler : 1; 231 232 bool webViewAuthenticationChallengeShouldAllowLegacyTLS : 1; 233 bool webViewDidNegotiateModernTLS : 1; 232 234 bool webViewWebContentProcessDidTerminate : 1; 233 235 bool webViewWebContentProcessDidTerminateWithReason : 1; -
trunk/Source/WebKit/UIProcess/Cocoa/NavigationState.mm
r259307 r260410 71 71 #import "_WKSameDocumentNavigationTypeInternal.h" 72 72 #import "_WKWebsitePoliciesInternal.h" 73 #import <WebCore/AuthenticationMac.h> 73 74 #import <WebCore/ContentRuleListResults.h> 74 75 #import <WebCore/Credential.h> … … 178 179 m_navigationDelegateMethods.webViewDidReceiveAuthenticationChallengeCompletionHandler = [delegate respondsToSelector:@selector(webView:didReceiveAuthenticationChallenge:completionHandler:)]; 179 180 m_navigationDelegateMethods.webViewAuthenticationChallengeShouldAllowLegacyTLS = [delegate respondsToSelector:@selector(_webView:authenticationChallenge:shouldAllowLegacyTLS:)]; 181 m_navigationDelegateMethods.webViewDidNegotiateModernTLS = [delegate respondsToSelector:@selector(_webView:didNegotiateModernTLS:)]; 180 182 m_navigationDelegateMethods.webViewWebContentProcessDidTerminate = [delegate respondsToSelector:@selector(webViewWebContentProcessDidTerminate:)]; 181 183 m_navigationDelegateMethods.webViewWebContentProcessDidTerminateWithReason = [delegate respondsToSelector:@selector(_webView:webContentProcessDidTerminateWithReason:)]; … … 1046 1048 } 1047 1049 1050 void NavigationState::NavigationClient::didNegotiateModernTLS(const WebCore::AuthenticationChallenge& challenge) 1051 { 1052 if (!m_navigationState.m_navigationDelegateMethods.webViewDidNegotiateModernTLS) 1053 return; 1054 1055 auto navigationDelegate = m_navigationState.m_navigationDelegate.get(); 1056 if (!navigationDelegate) 1057 return; 1058 1059 [static_cast<id <WKNavigationDelegatePrivate>>(navigationDelegate.get()) _webView:m_navigationState.m_webView didNegotiateModernTLS:mac(challenge)]; 1060 } 1061 1048 1062 static _WKProcessTerminationReason wkProcessTerminationReason(ProcessTerminationReason reason) 1049 1063 { -
trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
r260322 r260410 345 345 } 346 346 347 void NetworkProcessProxy::didNegotiateModernTLS(WebPageProxyIdentifier pageID, const WebCore::AuthenticationChallenge& challenge) 348 { 349 if (auto* page = pageID ? WebProcessProxy::webPage(pageID) : nullptr) 350 page->didNegotiateModernTLS(challenge); 351 } 352 347 353 void NetworkProcessProxy::didFetchWebsiteData(CallbackID callbackID, const WebsiteData& websiteData) 348 354 { -
trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.h
r260322 r260410 251 251 void didReceiveAuthenticationChallenge(PAL::SessionID, WebPageProxyIdentifier, const Optional<WebCore::SecurityOriginData>&, WebCore::AuthenticationChallenge&&, bool, uint64_t challengeID); 252 252 void negotiatedLegacyTLS(WebPageProxyIdentifier); 253 void didNegotiateModernTLS(WebPageProxyIdentifier, const WebCore::AuthenticationChallenge&); 253 254 void didFetchWebsiteData(CallbackID, const WebsiteData&); 254 255 void didDeleteWebsiteData(CallbackID); -
trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.messages.in
r260303 r260410 24 24 DidReceiveAuthenticationChallenge(PAL::SessionID sessionID, WebKit::WebPageProxyIdentifier pageID, Optional<WebCore::SecurityOriginData> topOrigin, WebCore::AuthenticationChallenge challenge, bool negotiatedLegacyTLS, uint64_t challengeID) 25 25 NegotiatedLegacyTLS(WebKit::WebPageProxyIdentifier pageID) 26 DidNegotiateModernTLS(WebKit::WebPageProxyIdentifier pageID, WebCore::AuthenticationChallenge challenge) 26 27 27 28 DidFetchWebsiteData(WebKit::CallbackID callbackID, struct WebKit::WebsiteData websiteData) -
trunk/Source/WebKit/UIProcess/WebPageProxy.cpp
r260408 r260410 7939 7939 } 7940 7940 7941 void WebPageProxy::didNegotiateModernTLS(const WebCore::AuthenticationChallenge& challenge) 7942 { 7943 m_navigationClient->didNegotiateModernTLS(challenge); 7944 } 7945 7941 7946 void WebPageProxy::exceededDatabaseQuota(FrameIdentifier frameID, const String& originIdentifier, const String& databaseName, const String& displayName, uint64_t currentQuota, uint64_t currentOriginUsage, uint64_t currentDatabaseUsage, uint64_t expectedUsage, Messages::WebPageProxy::ExceededDatabaseQuota::DelayedReply&& reply) 7942 7947 { -
trunk/Source/WebKit/UIProcess/WebPageProxy.h
r260408 r260410 1370 1370 void didReceiveAuthenticationChallengeProxy(Ref<AuthenticationChallengeProxy>&&, NegotiatedLegacyTLS); 1371 1371 void negotiatedLegacyTLS(); 1372 void didNegotiateModernTLS(const WebCore::AuthenticationChallenge&); 1372 1373 1373 1374 SpellDocumentTag spellDocumentTag(); -
trunk/Tools/ChangeLog
r260408 r260410 1 2020-04-20 Alex Christensen <achristensen@webkit.org> 2 3 SPI clients using fastServerTrustEvaluationEnabled need SPI to inform them of modern TLS negotiation 4 https://bugs.webkit.org/show_bug.cgi?id=210533 5 6 Reviewed by Brady Eidson. 7 8 * TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm: 9 (-[TLSNavigationDelegate waitForDidNegotiateModernTLS]): 10 (-[TLSNavigationDelegate _webView:didNegotiateModernTLS:]): 11 (TestWebKitAPI::TEST): 12 1 13 2020-04-20 Kate Cheney <katherine_cheney@apple.com> 2 14 -
trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm
r260366 r260410 74 74 - (void)waitForDidFinishNavigation; 75 75 - (void)waitForDidFailProvisionalNavigation; 76 - (NSURLAuthenticationChallenge *)waitForDidNegotiateModernTLS; 76 77 - (bool)receivedShouldAllowLegacyTLS; 77 78 @property (nonatomic) bool shouldAllowLegacyTLS; … … 82 83 bool _navigationFailed; 83 84 bool _receivedShouldAllowLegacyTLS; 85 RetainPtr<NSURLAuthenticationChallenge> _negotiatedModernTLS; 84 86 } 85 87 … … 94 96 while (!_navigationFailed) 95 97 TestWebKitAPI::Util::spinRunLoop(); 98 } 99 100 - (NSURLAuthenticationChallenge *)waitForDidNegotiateModernTLS 101 { 102 while (!_negotiatedModernTLS) 103 TestWebKitAPI::Util::spinRunLoop(); 104 return _negotiatedModernTLS.autorelease(); 96 105 } 97 106 … … 121 130 _receivedShouldAllowLegacyTLS = true; 122 131 completionHandler([self shouldAllowLegacyTLS]); 132 } 133 134 - (void)_webView:(WKWebView *)webView didNegotiateModernTLS:(NSURLAuthenticationChallenge *)challenge 135 { 136 _negotiatedModernTLS = challenge; 123 137 } 124 138 … … 370 384 } 371 385 386 TEST(TLSVersion, DidNegotiateModernTLS) 387 { 388 HTTPServer server({ 389 { "/", { "hello" }} 390 }, HTTPServer::Protocol::Https); 391 392 auto delegate = adoptNS([TLSNavigationDelegate new]); 393 auto configuration = adoptNS([WKWebViewConfiguration new]); 394 auto dataStoreConfiguration = adoptNS([_WKWebsiteDataStoreConfiguration new]); 395 [dataStoreConfiguration setFastServerTrustEvaluationEnabled:YES]; 396 [configuration setWebsiteDataStore:[[[WKWebsiteDataStore alloc] _initWithConfiguration:dataStoreConfiguration.get()] autorelease]]; 397 auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]); 398 [webView setNavigationDelegate:delegate.get()]; 399 [webView loadRequest:server.request()]; 400 NSURLAuthenticationChallenge *challenge = [delegate waitForDidNegotiateModernTLS]; 401 EXPECT_WK_STREQ(challenge.protectionSpace.host, "127.0.0.1"); 402 EXPECT_EQ(challenge.protectionSpace.port, server.port()); 403 } 404 372 405 TEST(TLSVersion, BackForwardHasOnlySecureContent) 373 406 {
Note: See TracChangeset
for help on using the changeset viewer.