RESOLVED FIXED Bug 135327
Server trust authentication challenges aren’t sent to the navigation delegate 
https://bugs.webkit.org/show_bug.cgi?id=135327
Summary Server trust authentication challenges aren’t sent to the navigation delegate
mitz
Reported 2014-07-26 23:29:18 PDT
Server trust authentication challenges are short-circuited and not passed through to -webView:didReceiveAuthenticationChallenge:completionHandler:. This was done because the delegate would need to respond with an NSURLCredential that contains a trust, and WebCore::Credential can’t represent such credentials. This can be resolved by making Credential have an NSURLCredential (and removing the special case for identity credentials), similarly to how ProtectionSpace now has an NSURLProtectionSpace. CredentialStorage may also require some changes to support server trust credentials (which have session persistence).
Attachments
I. Introduce CredentialBase and make Credential derive from it (35.71 KB, patch)
2014-07-27 20:12 PDT, mitz 		no flags
DetailsFormatted DiffDiff
II. Move the Cocoa-specific parts of CredentialBase into a Cocoa-specific Credential class (23.35 KB, patch)
2014-07-28 23:22 PDT, mitz 		no flags
DetailsFormatted DiffDiff
II. Move the Cocoa-specific parts of CredentialBase into a Cocoa-specific Credential class (23.47 KB, patch)
2014-07-28 23:30 PDT, mitz 		no flags
DetailsFormatted DiffDiff
II. Move the Cocoa-specific parts of CredentialBase into a Cocoa-specific Credential class (23.49 KB, patch)
2014-07-29 01:51 PDT, mitz 		no flags
DetailsFormatted DiffDiff
II. Move the Cocoa-specific parts of CredentialBase into a Cocoa-specific Credential class (24.69 KB, patch)
2014-07-29 01:57 PDT, mitz 		no flags
DetailsFormatted DiffDiff
WIP for EWS (45.64 KB, patch)
2014-07-29 15:56 PDT, mitz 		no flags
DetailsFormatted DiffDiff
III. Make Credential hold onto an NSURLCredential when needed (47.47 KB, patch)
2014-07-29 16:32 PDT, mitz 		no flags
DetailsFormatted DiffDiff
IV. Allow the delegate to respond to server trust challenges (5.33 KB, patch)
2014-07-30 18:09 PDT, mitz 		ap: review+
DetailsFormatted DiffDiff
Show Obsolete (7) View All Add attachment proposed patch, testcase, etc.
mitz
Comment 1 2014-07-27 20:12:57 PDT
Created attachment 235587 [details] I. Introduce CredentialBase and make Credential derive from it
WebKit Commit Bot
Comment 2 2014-07-27 20:15:16 PDT
Attachment 235587 [details] did not pass style-queue: ERROR: Source/WebCore/platform/network/CredentialBase.h:89: The parameter name "a" adds no information, so it should be removed. [readability/parameter_name] [5] ERROR: Source/WebCore/platform/network/CredentialBase.cpp:43: Weird number of spaces at line-start. Are you using a 4-space indent? [whitespace/indent] [3] ERROR: Source/WebCore/platform/network/CredentialBase.cpp:157: Multi line control clauses should use braces. [whitespace/braces] [4] Total errors found: 3 in 9 files If any of these errors are false positives, please file a bug against check-webkit-style.
Darin Adler
Comment 3 2014-07-27 23:01:21 PDT
Comment on attachment 235587 [details] I. Introduce CredentialBase and make Credential derive from it View in context: https://bugs.webkit.org/attachment.cgi?id=235587&action=review r=me -- the comments I made are sort of “side notes”; not all necessarily relevant to this file refactoring > Source/WebCore/platform/network/CredentialBase.cpp:26 > #include "config.h" > +#include "CredentialBase.h" Should add a blank line before the first include. > Source/WebCore/platform/network/CredentialBase.cpp:36 > : m_user("") > , m_password("") Should use the more efficient emptyString() some day if not now. > Source/WebCore/platform/network/CredentialBase.cpp:48 > : m_user(user.length() ? user : "") > , m_password(password.length() ? password : "") Should use the more efficient emptyString() some day if not now. > Source/WebCore/platform/network/CredentialBase.h:25 > + */ > +#ifndef Credential_h Should add a blank line before the ifndef. > Source/WebCore/platform/network/CredentialBase.h:30 > +#define CERTIFICATE_CREDENTIALS_SUPPORTED (PLATFORM(COCOA)) The name of this conditional is pretty strange. The feature in question involves interface that is done with platform-specific types, but yet this has a name that sounds like an abstract concept that would not be CoreFoundation-specific. > Source/WebCore/platform/network/CredentialBase.h:25 > */ > -#ifndef Credential_h > -#define Credential_h > +#ifndef CredentialBase_h Should add a blank line before the #ifndef.
mitz
Comment 4 2014-07-28 21:23:01 PDT
Committed attachment 235587 [details] as <http://trac.webkit.org/r171722>.
mitz
Comment 5 2014-07-28 23:22:16 PDT
Created attachment 235664 [details] II. Move the Cocoa-specific parts of CredentialBase into a Cocoa-specific Credential class
WebKit Commit Bot
Comment 6 2014-07-28 23:23:13 PDT
Attachment 235664 [details] did not pass style-queue: ERROR: Source/WebCore/platform/network/CredentialBase.h:51: The parameter name "a" adds no information, so it should be removed. [readability/parameter_name] [5] ERROR: Source/WebCore/platform/network/cocoa/CredentialCocoa.h:63: The parameter name "identity" adds no information, so it should be removed. [readability/parameter_name] [5] ERROR: Source/WebCore/platform/network/cocoa/CredentialCocoa.h:63: The parameter name "persistence" adds no information, so it should be removed. [readability/parameter_name] [5] Total errors found: 3 in 8 files If any of these errors are false positives, please file a bug against check-webkit-style.
mitz
Comment 7 2014-07-28 23:30:09 PDT
Created attachment 235665 [details] II. Move the Cocoa-specific parts of CredentialBase into a Cocoa-specific Credential class
mitz
Comment 8 2014-07-29 01:51:32 PDT
Created attachment 235670 [details] II. Move the Cocoa-specific parts of CredentialBase into a Cocoa-specific Credential class
mitz
Comment 9 2014-07-29 01:57:32 PDT
Created attachment 235672 [details] II. Move the Cocoa-specific parts of CredentialBase into a Cocoa-specific Credential class
mitz
Comment 10 2014-07-29 09:40:36 PDT
Committed attachment 235672 [details] as <http://trac.webkit.org/r171747>.
mitz
Comment 11 2014-07-29 15:56:08 PDT
Created attachment 235706 [details] WIP for EWS
WebKit Commit Bot
Comment 12 2014-07-29 15:56:53 PDT
Attachment 235706 [details] did not pass style-queue: ERROR: Source/WebCore/platform/network/cocoa/CredentialCocoa.mm:89: Missing spaces around : [whitespace/init] [4] ERROR: Source/WebCore/platform/network/cf/AuthenticationCF.cpp:58: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] ERROR: Source/WebCore/platform/network/cf/AuthenticationCF.cpp:58: Weird number of spaces at line-start. Are you using a 4-space indent? [whitespace/indent] [3] ERROR: Source/WebCore/platform/network/mac/AuthenticationMac.mm:156: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] ERROR: Source/WebCore/platform/network/mac/AuthenticationMac.mm:156: Weird number of spaces at line-start. Are you using a 4-space indent? [whitespace/indent] [3] ERROR: Source/WebCore/platform/network/mac/AuthenticationMac.mm:202: Weird number of spaces at line-start. Are you using a 4-space indent? [whitespace/indent] [3] ERROR: Source/WebKit2/Shared/mac/WebCoreArgumentCodersMac.mm:340: Place brace on its own line for function definitions. [whitespace/braces] [4] ERROR: Source/WebKit2/Shared/mac/WebCoreArgumentCodersMac.mm:340: Extra space before ( in function call [whitespace/parens] [4] Total errors found: 8 in 22 files If any of these errors are false positives, please file a bug against check-webkit-style.
mitz
Comment 13 2014-07-29 16:32:14 PDT
Created attachment 235716 [details] III. Make Credential hold onto an NSURLCredential when needed
WebKit Commit Bot
Comment 14 2014-07-29 16:35:46 PDT
Attachment 235716 [details] did not pass style-queue: ERROR: Source/WebCore/platform/network/cocoa/CredentialCocoa.mm:91: Missing spaces around : [whitespace/init] [4] ERROR: Source/WebCore/platform/network/cf/AuthenticationCF.cpp:58: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] ERROR: Source/WebCore/platform/network/cf/AuthenticationCF.cpp:58: Weird number of spaces at line-start. Are you using a 4-space indent? [whitespace/indent] [3] ERROR: Source/WebCore/platform/network/mac/AuthenticationMac.mm:156: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] ERROR: Source/WebCore/platform/network/mac/AuthenticationMac.mm:156: Weird number of spaces at line-start. Are you using a 4-space indent? [whitespace/indent] [3] ERROR: Source/WebCore/platform/network/mac/AuthenticationMac.mm:202: Weird number of spaces at line-start. Are you using a 4-space indent? [whitespace/indent] [3] ERROR: Source/WebKit2/Shared/mac/WebCoreArgumentCodersMac.mm:340: Place brace on its own line for function definitions. [whitespace/braces] [4] ERROR: Source/WebKit2/Shared/mac/WebCoreArgumentCodersMac.mm:340: Extra space before ( in function call [whitespace/parens] [4] Total errors found: 8 in 23 files If any of these errors are false positives, please file a bug against check-webkit-style.
mitz
Comment 15 2014-07-30 11:57:29 PDT
Committed attachment 235716 [details] as <http://trac.webkit.org/r171801>.
mitz
Comment 16 2014-07-30 18:09:21 PDT
Created attachment 235788 [details] IV. Allow the delegate to respond to server trust challenges
mitz
Comment 17 2014-07-30 18:10:34 PDT
Oops! I used a script that obsoleted all other parts and removed their review info. But parts I-III are in. Part IV is what remains.
Csaba Osztrogonác
Comment 18 2014-07-31 06:36:31 PDT
(In reply to comment #15) > Committed attachment 235716 [details] as <http://trac.webkit.org/r171801>. Commit queue is stucked after this change with the following error: /Volumes/Data/EWS/WebKit/Source/WebCore/platform/network/cocoa/CredentialCocoa.mm:55:13: error: enumeration value 'NSURLCredentialPersistenceSynchronizable' not handled in switch [-Werror,-Wswitch] switch (persistence) { ^ 1 error generated. How is it possible if there isn't build failure on buildbots, but only the EWS. Do they have different configuration? Why?
mitz
Comment 19 2014-07-31 07:15:45 PDT
(In reply to comment #18) > (In reply to comment #15) > > Committed attachment 235716 [details] [details] as <http://trac.webkit.org/r171801>. > > Commit queue is stucked after this change with the following error: > > /Volumes/Data/EWS/WebKit/Source/WebCore/platform/network/cocoa/CredentialCocoa.mm:55:13: error: enumeration value 'NSURLCredentialPersistenceSynchronizable' not handled in switch [-Werror,-Wswitch] > switch (persistence) { > ^ > 1 error generated. > > > How is it possible if there isn't build failure on buildbots, > but only the EWS. Do they have different configuration? Why? This error occurs when using the OS X 10.9 SDK to build for OS X 10.8.
Csaba Osztrogonác
Comment 20 2014-07-31 07:16:56 PDT
(In reply to comment #19) > This error occurs when using the OS X 10.9 SDK to build for OS X 10.8. OK, and how can we fix the commit queue?
mitz
Comment 21 2014-07-31 09:08:06 PDT
(In reply to comment #20) > (In reply to comment #19) > > This error occurs when using the OS X 10.9 SDK to build for OS X 10.8. > > OK, and how can we fix the commit queue? I am hoping <http://trac.webkit.org/r171854> fixes this particular build configuration.
mitz
Comment 22 2014-07-31 09:21:39 PDT
(In reply to comment #21) > (In reply to comment #20) > > (In reply to comment #19) > > > This error occurs when using the OS X 10.9 SDK to build for OS X 10.8. > > > > OK, and how can we fix the commit queue? > > I am hoping <http://trac.webkit.org/r171854> fixes this particular build configuration. I had to revert that change, since it broke building with the OS X 10.8 SDK. I will try something else in a moment.
mitz
Comment 23 2014-07-31 09:42:36 PDT
(In reply to comment #22) > (In reply to comment #21) > > (In reply to comment #20) > > > (In reply to comment #19) > > > > This error occurs when using the OS X 10.9 SDK to build for OS X 10.8. > > > > > > OK, and how can we fix the commit queue? > > > > I am hoping <http://trac.webkit.org/r171854> fixes this particular build configuration. > > I had to revert that change, since it broke building with the OS X 10.8 SDK. I will try something else in a moment. Tried another fix in <http://trac.webkit.org/r171857>.
mitz
Comment 24 2014-07-31 09:43:47 PDT
Committed attachment 235788 [details] as <http://trac.webkit.org/r171858>.
mitz
Comment 25 2014-10-28 12:51:49 PDT
(In reply to comment #15) > Committed attachment 235716 [details] as <http://trac.webkit.org/r171801>. This broke client certificate authentication, because NSURLCredential doesn’t serialize identities properly. See bug 138144.
mitz
Comment 26 2015-01-08 13:00:13 PST
*** Bug 140197 has been marked as a duplicate of this bug. ***
mitz
Comment 27 2015-01-08 15:53:56 PST
*** Bug 140197 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.