Changeset 260658 in webkit


Ignore:
Timestamp:
Apr 24, 2020 11:23:43 AM (4 years ago)
Author:
commit-queue@webkit.org
Message:

SPI clients using fastServerTrustEvaluationEnabled need SPI to inform them of modern TLS negotiation
https://bugs.webkit.org/show_bug.cgi?id=210533

Patch by Alex Christensen <achristensen@webkit.org> on 2020-04-24
Reviewed by Brady Eidson.

Source/WebKit:

  • NetworkProcess/NetworkDataTask.h:

(WebKit::NetworkDataTaskClient::didNegotiateModernTLS):

  • NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::didNegotiateModernTLS):

  • NetworkProcess/NetworkLoad.h:
  • NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
  • NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTaskCocoa::didNegotiateModernTLS):

  • NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):

  • UIProcess/API/APINavigationClient.h:

(API::NavigationClient::didNegotiateModernTLS):

  • UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h:
  • UIProcess/Cocoa/NavigationState.h:
  • UIProcess/Cocoa/NavigationState.mm:

(WebKit::NavigationState::setNavigationDelegate):
(WebKit::NavigationState::NavigationClient::didNegotiateModernTLS):

  • UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::didNegotiateModernTLS):

  • UIProcess/Network/NetworkProcessProxy.h:
  • UIProcess/Network/NetworkProcessProxy.messages.in:
  • UIProcess/WebPageProxy.cpp:
  • UIProcess/WebPageProxy.h:

Tools:

  • TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm:

(-[TLSNavigationDelegate waitForDidNegotiateModernTLS]):
(-[TLSNavigationDelegate _webView:didNegotiateModernTLS:]):
(TestWebKitAPI::TEST):

Location:
trunk
Files:
18 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebKit/ChangeLog

    r260653 r260658  
     12020-04-24  Alex Christensen  <achristensen@webkit.org>
     2
     3        SPI clients using fastServerTrustEvaluationEnabled need SPI to inform them of modern TLS negotiation
     4        https://bugs.webkit.org/show_bug.cgi?id=210533
     5
     6        Reviewed by Brady Eidson.
     7
     8        * NetworkProcess/NetworkDataTask.h:
     9        (WebKit::NetworkDataTaskClient::didNegotiateModernTLS):
     10        * NetworkProcess/NetworkLoad.cpp:
     11        (WebKit::NetworkLoad::didNegotiateModernTLS):
     12        * NetworkProcess/NetworkLoad.h:
     13        * NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
     14        * NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
     15        (WebKit::NetworkDataTaskCocoa::didNegotiateModernTLS):
     16        * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
     17        (-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
     18        * UIProcess/API/APINavigationClient.h:
     19        (API::NavigationClient::didNegotiateModernTLS):
     20        * UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h:
     21        * UIProcess/Cocoa/NavigationState.h:
     22        * UIProcess/Cocoa/NavigationState.mm:
     23        (WebKit::NavigationState::setNavigationDelegate):
     24        (WebKit::NavigationState::NavigationClient::didNegotiateModernTLS):
     25        * UIProcess/Network/NetworkProcessProxy.cpp:
     26        (WebKit::NetworkProcessProxy::didNegotiateModernTLS):
     27        * UIProcess/Network/NetworkProcessProxy.h:
     28        * UIProcess/Network/NetworkProcessProxy.messages.in:
     29        * UIProcess/WebPageProxy.cpp:
     30        * UIProcess/WebPageProxy.h:
     31
    1322020-04-24  Brian Burg  <bburg@apple.com>
    233
  • trunk/Source/WebKit/NetworkProcess/NetworkDataTask.h

    r260497 r260658  
    7272
    7373    virtual bool shouldCaptureExtraNetworkLoadMetrics() const { return false; }
     74
     75    virtual void didNegotiateModernTLS(const WebCore::AuthenticationChallenge&) { }
    7476
    7577    void didCompleteWithError(const WebCore::ResourceError& error)
  • trunk/Source/WebKit/NetworkProcess/NetworkLoad.cpp

    r260497 r260658  
    3131#include "NetworkDataTaskBlob.h"
    3232#include "NetworkProcess.h"
     33#include "NetworkProcessProxyMessages.h"
    3334#include "NetworkSession.h"
    3435#include "WebErrors.h"
     
    286287}
    287288
     289void NetworkLoad::didNegotiateModernTLS(const WebCore::AuthenticationChallenge& challenge)
     290{
     291    if (m_parameters.webPageProxyID)
     292        m_networkProcess->send(Messages::NetworkProcessProxy::DidNegotiateModernTLS(m_parameters.webPageProxyID, challenge));
     293}
     294
    288295String NetworkLoad::description() const
    289296{
  • trunk/Source/WebKit/NetworkProcess/NetworkLoad.h

    r260497 r260658  
    8282    void cannotShowURL() final;
    8383    void wasBlockedByRestrictions() final;
     84    void didNegotiateModernTLS(const WebCore::AuthenticationChallenge&) final;
    8485
    8586    void notifyDidReceiveResponse(WebCore::ResourceResponse&&, NegotiatedLegacyTLS, ResponseCompletionHandler&&);
  • trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h

    r260497 r260658  
    5454    void didSendData(uint64_t totalBytesSent, uint64_t totalBytesExpectedToSend);
    5555    void didReceiveChallenge(WebCore::AuthenticationChallenge&&, NegotiatedLegacyTLS, ChallengeCompletionHandler&&);
     56    void didNegotiateModernTLS(const WebCore::AuthenticationChallenge&);
    5657    void didCompleteWithError(const WebCore::ResourceError&, const WebCore::NetworkLoadMetrics&);
    5758    void didReceiveResponse(WebCore::ResourceResponse&&, NegotiatedLegacyTLS, ResponseCompletionHandler&&);
  • trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm

    r260497 r260658  
    317317        completionHandler(AuthenticationChallengeDisposition::PerformDefaultHandling, { });
    318318    }
     319}
     320
     321void NetworkDataTaskCocoa::didNegotiateModernTLS(const WebCore::AuthenticationChallenge& challenge)
     322{
     323    if (m_client)
     324        m_client->didNegotiateModernTLS(challenge);
    319325}
    320326
  • trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm

    r260497 r260658  
    675675        // Handle server trust evaluation at platform-level if requested, for performance reasons and to use ATS defaults.
    676676        if (sessionCocoa->fastServerTrustEvaluationEnabled() && negotiatedLegacyTLS == NegotiatedLegacyTLS::No) {
     677            auto* networkDataTask = [self existingTask:task];
     678            if (networkDataTask)
     679                networkDataTask->didNegotiateModernTLS(challenge);
    677680#if HAVE(CFNETWORK_NSURLSESSION_STRICTRUSTEVALUATE)
    678             auto* networkDataTask = [self existingTask:task];
    679681            auto decisionHandler = makeBlockPtr([weakSelf = WeakObjCPtr<WKNetworkSessionDelegate>(self), sessionCocoa = makeWeakPtr(sessionCocoa), completionHandler = makeBlockPtr(completionHandler), taskIdentifier, networkDataTask = makeRefPtr(networkDataTask), negotiatedLegacyTLS](NSURLAuthenticationChallenge *challenge, OSStatus trustResult) mutable {
    680682                auto strongSelf = weakSelf.get();
  • trunk/Source/WebKit/UIProcess/API/APINavigationClient.h

    r260497 r260658  
    103103    virtual void didReceiveAuthenticationChallenge(WebKit::WebPageProxy&, WebKit::AuthenticationChallengeProxy& challenge) { challenge.listener().completeChallenge(WebKit::AuthenticationChallengeDisposition::PerformDefaultHandling); }
    104104    virtual void shouldAllowLegacyTLS(WebKit::WebPageProxy&, WebKit::AuthenticationChallengeProxy&, CompletionHandler<void(bool)>&& completionHandler) { completionHandler(true); }
     105    virtual void didNegotiateModernTLS(const WebCore::AuthenticationChallenge&) { }
    105106    virtual bool shouldBypassContentModeSafeguards() const { return false; }
    106107
  • trunk/Source/WebKit/UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h

    r260546 r260658  
    8787
    8888- (void)_webView:(WKWebView *)webView authenticationChallenge:(NSURLAuthenticationChallenge *)challenge shouldAllowLegacyTLS:(void (^)(BOOL))completionHandler WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
     89- (void)_webView:(WKWebView *)webView didNegotiateModernTLS:(NSURLAuthenticationChallenge *)challenge WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
    8990
    9091- (void)_webViewDidBeginNavigationGesture:(WKWebView *)webView;
  • trunk/Source/WebKit/UIProcess/Cocoa/NavigationState.h

    r260546 r260658  
    118118        void didReceiveAuthenticationChallenge(WebPageProxy&, AuthenticationChallengeProxy&) override;
    119119        void shouldAllowLegacyTLS(WebPageProxy&, AuthenticationChallengeProxy&, CompletionHandler<void(bool)>&&) final;
     120        void didNegotiateModernTLS(const WebCore::AuthenticationChallenge&) final;
    120121        bool processDidTerminate(WebPageProxy&, ProcessTerminationReason) override;
    121122        void processDidBecomeResponsive(WebPageProxy&) override;
     
    230231        bool webViewDidReceiveAuthenticationChallengeCompletionHandler : 1;
    231232        bool webViewAuthenticationChallengeShouldAllowLegacyTLS : 1;
     233        bool webViewDidNegotiateModernTLS : 1;
    232234        bool webViewWebContentProcessDidTerminate : 1;
    233235        bool webViewWebContentProcessDidTerminateWithReason : 1;
  • trunk/Source/WebKit/UIProcess/Cocoa/NavigationState.mm

    r260546 r260658  
    7171#import "_WKSameDocumentNavigationTypeInternal.h"
    7272#import "_WKWebsitePoliciesInternal.h"
     73#import <WebCore/AuthenticationMac.h>
    7374#import <WebCore/ContentRuleListResults.h>
    7475#import <WebCore/Credential.h>
     
    179180    m_navigationDelegateMethods.webViewDidReceiveAuthenticationChallengeCompletionHandler = [delegate respondsToSelector:@selector(webView:didReceiveAuthenticationChallenge:completionHandler:)];
    180181    m_navigationDelegateMethods.webViewAuthenticationChallengeShouldAllowLegacyTLS = [delegate respondsToSelector:@selector(_webView:authenticationChallenge:shouldAllowLegacyTLS:)];
     182    m_navigationDelegateMethods.webViewDidNegotiateModernTLS = [delegate respondsToSelector:@selector(_webView:didNegotiateModernTLS:)];
    181183    m_navigationDelegateMethods.webViewWebContentProcessDidTerminate = [delegate respondsToSelector:@selector(webViewWebContentProcessDidTerminate:)];
    182184    m_navigationDelegateMethods.webViewWebContentProcessDidTerminateWithReason = [delegate respondsToSelector:@selector(_webView:webContentProcessDidTerminateWithReason:)];
     
    10471049}
    10481050
     1051void NavigationState::NavigationClient::didNegotiateModernTLS(const WebCore::AuthenticationChallenge& challenge)
     1052{
     1053    if (!m_navigationState.m_navigationDelegateMethods.webViewDidNegotiateModernTLS)
     1054        return;
     1055
     1056    auto navigationDelegate = m_navigationState.m_navigationDelegate.get();
     1057    if (!navigationDelegate)
     1058        return;
     1059
     1060    [static_cast<id <WKNavigationDelegatePrivate>>(navigationDelegate.get()) _webView:m_navigationState.m_webView didNegotiateModernTLS:mac(challenge)];
     1061}
     1062
    10491063static _WKProcessTerminationReason wkProcessTerminationReason(ProcessTerminationReason reason)
    10501064{
  • trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp

    r260497 r260658  
    345345}
    346346
     347void NetworkProcessProxy::didNegotiateModernTLS(WebPageProxyIdentifier pageID, const WebCore::AuthenticationChallenge& challenge)
     348{
     349    if (auto* page = pageID ? WebProcessProxy::webPage(pageID) : nullptr)
     350        page->didNegotiateModernTLS(challenge);
     351}
     352
    347353void NetworkProcessProxy::didFetchWebsiteData(CallbackID callbackID, const WebsiteData& websiteData)
    348354{
  • trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.h

    r260497 r260658  
    252252    void didReceiveAuthenticationChallenge(PAL::SessionID, WebPageProxyIdentifier, const Optional<WebCore::SecurityOriginData>&, WebCore::AuthenticationChallenge&&, bool, uint64_t challengeID);
    253253    void negotiatedLegacyTLS(WebPageProxyIdentifier);
     254    void didNegotiateModernTLS(WebPageProxyIdentifier, const WebCore::AuthenticationChallenge&);
    254255    void didFetchWebsiteData(CallbackID, const WebsiteData&);
    255256    void didDeleteWebsiteData(CallbackID);
  • trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.messages.in

    r260497 r260658  
    2424    DidReceiveAuthenticationChallenge(PAL::SessionID sessionID, WebKit::WebPageProxyIdentifier pageID, Optional<WebCore::SecurityOriginData> topOrigin, WebCore::AuthenticationChallenge challenge, bool negotiatedLegacyTLS, uint64_t challengeID)
    2525    NegotiatedLegacyTLS(WebKit::WebPageProxyIdentifier pageID)
     26    DidNegotiateModernTLS(WebKit::WebPageProxyIdentifier pageID, WebCore::AuthenticationChallenge challenge)
    2627
    2728    DidFetchWebsiteData(WebKit::CallbackID callbackID, struct WebKit::WebsiteData websiteData)
  • trunk/Source/WebKit/UIProcess/WebPageProxy.cpp

    r260652 r260658  
    79367936}
    79377937
     7938void WebPageProxy::didNegotiateModernTLS(const WebCore::AuthenticationChallenge& challenge)
     7939{
     7940    m_navigationClient->didNegotiateModernTLS(challenge);
     7941}
     7942
    79387943void WebPageProxy::exceededDatabaseQuota(FrameIdentifier frameID, const String& originIdentifier, const String& databaseName, const String& displayName, uint64_t currentQuota, uint64_t currentOriginUsage, uint64_t currentDatabaseUsage, uint64_t expectedUsage, Messages::WebPageProxy::ExceededDatabaseQuota::DelayedReply&& reply)
    79397944{
  • trunk/Source/WebKit/UIProcess/WebPageProxy.h

    r260652 r260658  
    13691369    void didReceiveAuthenticationChallengeProxy(Ref<AuthenticationChallengeProxy>&&, NegotiatedLegacyTLS);
    13701370    void negotiatedLegacyTLS();
     1371    void didNegotiateModernTLS(const WebCore::AuthenticationChallenge&);
    13711372
    13721373    SpellDocumentTag spellDocumentTag();
  • trunk/Tools/ChangeLog

    r260657 r260658  
     12020-04-24  Alex Christensen  <achristensen@webkit.org>
     2
     3        SPI clients using fastServerTrustEvaluationEnabled need SPI to inform them of modern TLS negotiation
     4        https://bugs.webkit.org/show_bug.cgi?id=210533
     5
     6        Reviewed by Brady Eidson.
     7
     8        * TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm:
     9        (-[TLSNavigationDelegate waitForDidNegotiateModernTLS]):
     10        (-[TLSNavigationDelegate _webView:didNegotiateModernTLS:]):
     11        (TestWebKitAPI::TEST):
     12
    1132020-04-24  Brian Burg  <bburg@apple.com>
    214
  • trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm

    r260554 r260658  
    7474- (void)waitForDidFinishNavigation;
    7575- (void)waitForDidFailProvisionalNavigation;
     76- (NSURLAuthenticationChallenge *)waitForDidNegotiateModernTLS;
    7677- (bool)receivedShouldAllowLegacyTLS;
    7778@property (nonatomic) bool shouldAllowLegacyTLS;
     
    8283    bool _navigationFailed;
    8384    bool _receivedShouldAllowLegacyTLS;
     85    RetainPtr<NSURLAuthenticationChallenge> _negotiatedModernTLS;
    8486}
    8587
     
    9496    while (!_navigationFailed)
    9597        TestWebKitAPI::Util::spinRunLoop();
     98}
     99
     100- (NSURLAuthenticationChallenge *)waitForDidNegotiateModernTLS
     101{
     102    while (!_negotiatedModernTLS)
     103        TestWebKitAPI::Util::spinRunLoop();
     104    return _negotiatedModernTLS.autorelease();
    96105}
    97106
     
    121130    _receivedShouldAllowLegacyTLS = true;
    122131    completionHandler([self shouldAllowLegacyTLS]);
     132}
     133
     134- (void)_webView:(WKWebView *)webView didNegotiateModernTLS:(NSURLAuthenticationChallenge *)challenge
     135{
     136    _negotiatedModernTLS = challenge;
    123137}
    124138
     
    370384}
    371385
     386TEST(TLSVersion, DidNegotiateModernTLS)
     387{
     388    HTTPServer server({
     389        { "/", { "hello" }}
     390    }, HTTPServer::Protocol::Https);
     391
     392    auto delegate = adoptNS([TLSNavigationDelegate new]);
     393    auto configuration = adoptNS([WKWebViewConfiguration new]);
     394    auto dataStoreConfiguration = adoptNS([_WKWebsiteDataStoreConfiguration new]);
     395    [dataStoreConfiguration setFastServerTrustEvaluationEnabled:YES];
     396    [configuration setWebsiteDataStore:[[[WKWebsiteDataStore alloc] _initWithConfiguration:dataStoreConfiguration.get()] autorelease]];
     397    auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]);
     398    [webView setNavigationDelegate:delegate.get()];
     399    [webView loadRequest:server.request()];
     400    NSURLAuthenticationChallenge *challenge = [delegate waitForDidNegotiateModernTLS];
     401    EXPECT_WK_STREQ(challenge.protectionSpace.host, "127.0.0.1");
     402    EXPECT_EQ(challenge.protectionSpace.port, server.port());
     403}
     404
    372405TEST(TLSVersion, BackForwardHasOnlySecureContent)
    373406{
Note: See TracChangeset for help on using the changeset viewer.