RESOLVED FIXED 191539
Web Inspector: Network: show secure connection details per-request 
https://bugs.webkit.org/show_bug.cgi?id=191539
Summary Web Inspector: Network: show secure connection details per-request
Devin Rousso
Reported 2018-11-11 21:42:59 PST
SSL protocol, SSL cipher, etc.
Attachments
Patch (38.12 KB, patch)
2018-11-14 16:42 PST, Devin Rousso 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews102 for mac-sierra (2.85 MB, application/zip)
2018-11-14 17:44 PST, EWS Watchlist 		no flags
Details
Archive of layout-test-results from ews113 for mac-sierra (3.30 MB, application/zip)
2018-11-14 18:45 PST, EWS Watchlist 		no flags
Details
Archive of layout-test-results from ews116 for mac-sierra (3.27 MB, application/zip)
2018-11-14 20:48 PST, EWS Watchlist 		no flags
Details
Archive of layout-test-results from ews104 for mac-sierra-wk2 (3.05 MB, application/zip)
2018-11-14 23:42 PST, EWS Watchlist 		no flags
Details
Patch (51.51 KB, patch)
2018-12-05 10:04 PST, Devin Rousso 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews103 for mac-sierra (2.41 MB, application/zip)
2018-12-05 11:13 PST, EWS Watchlist 		no flags
Details
Patch (48.05 KB, patch)
2018-12-17 18:10 PST, Devin Rousso 		no flags
DetailsFormatted DiffDiff
[Image] After Patch is applied (749.20 KB, image/png)
2018-12-17 18:10 PST, Devin Rousso 		no flags
Details
Archive of layout-test-results from ews102 for mac-sierra (2.70 MB, application/zip)
2018-12-17 19:21 PST, EWS Watchlist 		no flags
Details
Archive of layout-test-results from ews112 for mac-sierra (2.58 MB, application/zip)
2018-12-17 20:08 PST, EWS Watchlist 		no flags
Details
Archive of layout-test-results from ews107 for mac-sierra-wk2 (3.68 MB, application/zip)
2018-12-17 20:15 PST, EWS Watchlist 		no flags
Details
Patch (48.65 KB, patch)
2018-12-17 21:25 PST, Devin Rousso 		no flags
DetailsFormatted DiffDiff
Show Obsolete (11) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2018-11-11 21:43:22 PST
<rdar://problem/45979891>
Devin Rousso
Comment 2 2018-11-14 16:42:47 PST
Created attachment 354871 [details] Patch
EWS Watchlist
Comment 3 2018-11-14 16:46:19 PST
This patch modifies the inspector protocol. Please ensure that any frontend changes appropriately use feature checks for new protocol features.
Joseph Pecoraro
Comment 4 2018-11-14 16:58:42 PST
Comment on attachment 354871 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=354871&action=review > LayoutTests/http/tests/inspector/network/resource-response-security.html:32 > + InspectorTest.expectGreaterThan(connection.protocol.length, 0, "Connection should have protocol."); > + InspectorTest.expectGreaterThan(connection.cipher.length, 0, "Connection should have cipher."); Can we output these in the test? That would be cool. > Source/JavaScriptCore/inspector/protocol/Security.json:31 > + { "name": "connection", "$ref": "Connection", "optional": true }, I think you'll have to move this to Network.Metrics, which happens at a later time than response received. I think NSURLSession's didFinishCollectingMetrics happens after didReceiveResponse, so the values would likely be empty where this is doing it now in InspectorNetworkAgent. But do test first. > Source/WebInspectorUI/UserInterface/Views/ResourceSecurityContentView.js:211 > + if (!certificate || Object.values(certificate).every((value) => !value)) { We may want to handle an isEmptyObject. > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:124 > + case kTLSProtocolMaxSupported: > + return emptyString(); Should we assert this is not reached? It sounds like this is not a valid value, its just for enumeration. > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:134 > + case SSL_NULL_WITH_NULL_NULL: > + return "SSL_NULL_WITH_NULL_NULL"_s; Your idea, turn this into a macro, so we only have the string once!
EWS Watchlist
Comment 5 2018-11-14 17:44:08 PST Comment hidden (obsolete)
EWS Watchlist
Comment 6 2018-11-14 17:44:10 PST Comment hidden (obsolete)
EWS Watchlist
Comment 7 2018-11-14 18:45:28 PST Comment hidden (obsolete)
EWS Watchlist
Comment 8 2018-11-14 18:45:30 PST Comment hidden (obsolete)
EWS Watchlist
Comment 9 2018-11-14 20:48:18 PST Comment hidden (obsolete)
EWS Watchlist
Comment 10 2018-11-14 20:48:19 PST Comment hidden (obsolete)
EWS Watchlist
Comment 11 2018-11-14 23:42:18 PST Comment hidden (obsolete)
EWS Watchlist
Comment 12 2018-11-14 23:42:20 PST Comment hidden (obsolete)
Devin Rousso
Comment 13 2018-12-05 09:54:33 PST
Comment on attachment 354871 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=354871&action=review >> LayoutTests/http/tests/inspector/network/resource-response-security.html:32 >> + InspectorTest.expectGreaterThan(connection.cipher.length, 0, "Connection should have cipher."); > > Can we output these in the test? That would be cool. I did some testing, and it appears that we use TLS1.2 with the TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher. I'd rather keep it as is, however, in the case that this changes in the future to be a different protocol/cipher.
Devin Rousso
Comment 14 2018-12-05 10:04:13 PST
Created attachment 356614 [details] Patch
EWS Watchlist
Comment 15 2018-12-05 10:05:47 PST Comment hidden (obsolete)
EWS Watchlist
Comment 16 2018-12-05 11:13:33 PST Comment hidden (obsolete)
EWS Watchlist
Comment 17 2018-12-05 11:13:35 PST Comment hidden (obsolete)
Joseph Pecoraro
Comment 18 2018-12-07 11:49:18 PST
Comment on attachment 356614 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=356614&action=review Please add a screenshot for the UI (even though it should be pretty straightforward). I do think this shouldn't hang on the same Security object, that starts getting weird because it gets updated in different places for different reasons. The rest of this patch looks great though. > Source/JavaScriptCore/inspector/protocol/Network.json:271 > + { "name": "security", "$ref": "Security.Security", "optional": true, "description": "Resolved security information for the completed request." } I'd just call this "connection" and $ref "Security.Connection" directly. I didn't think you'd go this route of using the same object. This would also avoid the `updateSecurity` weird merging that happens later. Nit: Does the word "Resolved" in the description add anything? > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:137 > + // STRINGIFY_CIPHER(SSL_NULL_WITH_NULL_NULL); Would be nice to include a pointer to the value that this is shared with. (Or just putting it along side that value).
Joseph Pecoraro
Comment 19 2018-12-07 11:50:32 PST
Comment on attachment 356614 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=356614&action=review > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:122 > + return "Unknown"_s; Hmm, should this be localizable? I guess we don't expect it to be reached.
Devin Rousso
Comment 20 2018-12-17 18:10:10 PST
Created attachment 357511 [details] Patch
Devin Rousso
Comment 21 2018-12-17 18:10:19 PST
Created attachment 357512 [details] [Image] After Patch is applied
EWS Watchlist
Comment 22 2018-12-17 18:12:38 PST Comment hidden (obsolete)
Joseph Pecoraro
Comment 23 2018-12-17 18:25:53 PST
Comment on attachment 357511 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=357511&action=review r=me > Source/JavaScriptCore/inspector/protocol/Network.json:97 > + { "name": "securityConnection", "$ref": "Security.Connection", "optional": true, "description": "Connection information for the completed request." } Why not just name this `connection`? > Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h:214 > +#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500) || (PLATFORM(IOS_FAMILY) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 130000) Alexey was just talking about moving these to USE/HAVE macros. For now I think its okay as is, I actually prefer to see this info at these sites. > Source/WebInspectorUI/UserInterface/Views/ResourceSecurityContentView.js:197 > + this._connectionSection.appendKeyValuePair(WI.UIString("Protocol"), connection.protocol); > + this._connectionSection.appendKeyValuePair(WI.UIString("Cipher"), connection.cipher); The backend / protocol allows for only one of these properties. There should probably be a default value such as an emdash. connection.protocol || emDash
EWS Watchlist
Comment 24 2018-12-17 19:21:31 PST Comment hidden (obsolete)
EWS Watchlist
Comment 25 2018-12-17 19:21:33 PST Comment hidden (obsolete)
EWS Watchlist
Comment 26 2018-12-17 20:08:33 PST Comment hidden (obsolete)
EWS Watchlist
Comment 27 2018-12-17 20:08:35 PST Comment hidden (obsolete)
EWS Watchlist
Comment 28 2018-12-17 20:15:44 PST Comment hidden (obsolete)
EWS Watchlist
Comment 29 2018-12-17 20:15:46 PST Comment hidden (obsolete)
Devin Rousso
Comment 30 2018-12-17 21:18:39 PST
Comment on attachment 357511 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=357511&action=review >> Source/JavaScriptCore/inspector/protocol/Network.json:97 >> + { "name": "securityConnection", "$ref": "Security.Connection", "optional": true, "description": "Connection information for the completed request." } > > Why not just name this `connection`? Mainly for future-proofing's sake, just in case we wanted to add some different `connection` information in the future. This way the data is a bit more specific (especially for the frontend, which doesn't have any of the type info). >> Source/WebInspectorUI/UserInterface/Views/ResourceSecurityContentView.js:197 >> + this._connectionSection.appendKeyValuePair(WI.UIString("Cipher"), connection.cipher); > > The backend / protocol allows for only one of these properties. There should probably be a default value such as an emdash. > > connection.protocol || emDash The backend/protocol allows for any combination of the two. There's no strict "limit" that there only be one valid at a time. A default value is a good idea, however.
Devin Rousso
Comment 31 2018-12-17 21:25:13 PST
Created attachment 357530 [details] Patch
EWS Watchlist
Comment 32 2018-12-17 21:27:13 PST Comment hidden (obsolete)
WebKit Commit Bot
Comment 33 2019-01-07 14:19:08 PST
Comment on attachment 357530 [details] Patch Clearing flags on attachment: 357530 Committed r239698: <https://trac.webkit.org/changeset/239698>
WebKit Commit Bot
Comment 34 2019-01-07 14:19:10 PST
All reviewed patches have been landed. Closing bug.
Alexey Proskuryakov
Comment 35 2019-01-08 12:55:38 PST
> Alexey was just talking about moving these to USE/HAVE macros. For now I think its okay as is, I actually prefer to see this info at these sites. This is not a matter or preference. Please move the version check to its proper place.
Joseph Pecoraro
Comment 36 2019-01-08 13:08:14 PST
> > Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h:214 > > +#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500) || (PLATFORM(IOS_FAMILY) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 130000) > > Alexey was just talking about moving these to USE/HAVE macros. This is now expected style as evident by the style checker warnings: ERROR: Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h:214: Misplaced OS version check. Please use a named macro in wtf/Platform.h or wtf/FeatureDefines.h. [build/version_check] [5] ERROR: Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:94: Misplaced OS version check. Please use a named macro in wtf/Platform.h or wtf/FeatureDefines.h. [build/version_check] [5] ERROR: Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:134: Non-label code inside switch statements should be indented. [whitespace/indent] [4] ERROR: Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:661: Misplaced OS version check. Please use a named macro in wtf/Platform.h or wtf/FeatureDefines.h. [build/version_check] [5] We should clean this up.
Alexey Proskuryakov
Comment 37 2019-11-07 15:05:30 PST
Comment on attachment 357530 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=357530&action=review > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:661 > +#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500) || (PLATFORM(IOS_FAMILY) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 130000) This only enables it on iOS, so PLATFORM(IOS) would be more appropriate - unless we want this on all aligned OSes.
Note You need to log in before you can comment on or make changes to this bug.