Skip to site navigation (Press enter)

[webkit-changes] [260322] trunk

commit-queue Sat, 18 Apr 2020 14:39:59 -0700

Title: [260322] trunk

Revision: 260322
Author: commit-qu...@webkit.org
Date: 2020-04-18 14:39:16 -0700 (Sat, 18 Apr 2020)

Log Message

Fix client certificate authentication when using non-default WKWebsiteDataStores
https://bugs.webkit.org/show_bug.cgi?id=210681


Patch by Alex Christensen <achristen...@webkit.org> on 2020-04-18
Reviewed by Brady Eidson.

Source/WebKit:

NetworkProcessProxy was trying to keep a map of WebsiteDataStores, but it wasn't as accurate as the one WebsiteDataStore was maintaining.
Use the latter map instead and client certificate authentication works.  Otherwise, the credential isn't serialized correctly.
I found this while working on <rdar://problem/60340449> but this was unrelated so I put it in a different change.
This may fix <rdar://problem/60910392>.

* UIProcess/Network/NetworkProcessProxy.cpp:
(WebKit::NetworkProcessProxy::websiteDataStoreFromSessionID):

Tools:

* TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm:
(TestWebKitAPI::TEST):

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.h
trunk/Tools/ChangeLog
trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm

Diff

Modified: trunk/Source/WebKit/ChangeLog (260321 => 260322)


--- trunk/Source/WebKit/ChangeLog	2020-04-18 21:13:58 UTC (rev 260321)
+++ trunk/Source/WebKit/ChangeLog	2020-04-18 21:39:16 UTC (rev 260322)
@@ -1,3 +1,18 @@
+2020-04-18  Alex Christensen  <achristen...@webkit.org>
+
+        Fix client certificate authentication when using non-default WKWebsiteDataStores
+        https://bugs.webkit.org/show_bug.cgi?id=210681
+
+        Reviewed by Brady Eidson.
+
+        NetworkProcessProxy was trying to keep a map of WebsiteDataStores, but it wasn't as accurate as the one WebsiteDataStore was maintaining.
+        Use the latter map instead and client certificate authentication works.  Otherwise, the credential isn't serialized correctly.
+        I found this while working on <rdar://problem/60340449> but this was unrelated so I put it in a different change.
+        This may fix <rdar://problem/60910392>.
+
+        * UIProcess/Network/NetworkProcessProxy.cpp:
+        (WebKit::NetworkProcessProxy::websiteDataStoreFromSessionID):
+
 2020-04-18  Pablo Saavedra  <psaave...@igalia.com>
 
         [GTK][WPE] Replace evil strtok() calls with fscanf() in MemoryPressureMonitor.cpp

Modified: trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp (260321 => 260322)


--- trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp	2020-04-18 21:13:58 UTC (rev 260321)
+++ trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp	2020-04-18 21:39:16 UTC (rev 260322)
@@ -84,9 +84,6 @@
     , m_throttler(*this, processPool.shouldTakeUIBackgroundAssertion())
 {
     connect();
-
-    if (auto* websiteDataStore = m_processPool.websiteDataStore())
-        m_websiteDataStores.set(websiteDataStore->sessionID(), makeRef(*websiteDataStore));
 }
 
 NetworkProcessProxy::~NetworkProcessProxy()
@@ -1203,7 +1200,6 @@
 #if ENABLE(INDEXED_DATABASE)
         createSymLinkForFileUpgrade(store->resolvedIndexedDatabaseDirectory());
 #endif
-        m_websiteDataStores.set(sessionID, WTFMove(store));
     }
 }
 
@@ -1211,25 +1207,13 @@
 {
     if (canSendMessage())
         send(Messages::NetworkProcess::DestroySession { sessionID }, 0);
-    if (!sessionID.isEphemeral())
-        m_websiteDataStores.remove(sessionID);
 }
 
 WebsiteDataStore* NetworkProcessProxy::websiteDataStoreFromSessionID(PAL::SessionID sessionID)
 {
-    auto iterator = m_websiteDataStores.find(sessionID);
-    if (iterator != m_websiteDataStores.end())
-        return iterator->value.get();
-
-    if (auto* websiteDataStore = m_processPool.websiteDataStore()) {
-        if (sessionID == websiteDataStore->sessionID())
-            return websiteDataStore;
-    }
-
-    if (sessionID != PAL::SessionID::defaultSessionID())
-        return nullptr;
-
-    return WebKit::WebsiteDataStore::defaultDataStore().ptr();
+    if (sessionID == PAL::SessionID::defaultSessionID())
+        return WebsiteDataStore::defaultDataStore().ptr();
+    return WebsiteDataStore::existingNonDefaultDataStoreForSessionID(sessionID);
 }
 
 void NetworkProcessProxy::retrieveCacheStorageParameters(PAL::SessionID sessionID)

Modified: trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.h (260321 => 260322)


--- trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.h	2020-04-18 21:13:58 UTC (rev 260321)
+++ trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.h	2020-04-18 21:39:16 UTC (rev 260322)
@@ -309,8 +309,6 @@
     HashSet<WebUserContentControllerProxy*> m_webUserContentControllerProxies;
 #endif
 
-    HashMap<PAL::SessionID, RefPtr<WebsiteDataStore>> m_websiteDataStores;
-
     struct UploadActivity {
         std::unique_ptr<ProcessAssertion> uiAssertion;
         std::unique_ptr<ProcessAssertion> networkAssertion;

Modified: trunk/Tools/ChangeLog (260321 => 260322)


--- trunk/Tools/ChangeLog	2020-04-18 21:13:58 UTC (rev 260321)
+++ trunk/Tools/ChangeLog	2020-04-18 21:39:16 UTC (rev 260322)
@@ -1,3 +1,13 @@
+2020-04-18  Alex Christensen  <achristen...@webkit.org>
+
+        Fix client certificate authentication when using non-default WKWebsiteDataStores
+        https://bugs.webkit.org/show_bug.cgi?id=210681
+
+        Reviewed by Brady Eidson.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm:
+        (TestWebKitAPI::TEST):
+
 2020-04-17  Kate Cheney  <katherine_che...@apple.com>
 
         Enable service workers for app-bound domains

Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm (260321 => 260322)


--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm	2020-04-18 21:13:58 UTC (rev 260321)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm	2020-04-18 21:39:16 UTC (rev 260322)
@@ -495,6 +495,23 @@
     EXPECT_EQ(countClientCertChallenges(methods), certChallengesAfterInitialFailure + 1);
 }
 
+TEST(MultipleClientCertificateConnections, NonPersistentDataStore)
+{
+    auto server = clientCertServer();
+
+    Vector<RetainPtr<NSString>> methods;
+    auto delegate = adoptNS([TestNavigationDelegate new]);
+    delegate.get().didReceiveAuthenticationChallenge = challengeHandler(methods).get();
+
+    auto configuration = adoptNS([WKWebViewConfiguration new]);
+    [configuration setWebsiteDataStore:[WKWebsiteDataStore nonPersistentDataStore]];
+    auto webView = adoptNS([[WKWebView alloc] initWithFrame:CGRectZero configuration:configuration.get()]);
+    [webView setNavigationDelegate:delegate.get()];
+    [webView loadRequest:server.request()];
+    [delegate waitForDidFinishNavigation];
+    EXPECT_EQ(countClientCertChallenges(methods), 1u);
+}
+
 #endif // HAVE(NETWORK_FRAMEWORK)
 
 } // namespace TestWebKitAPI

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes