Fix client certificate authentication with NSURLSession on iOS

https://bugs.webkit.org/show_bug.cgi?id=157094 <rdar://problem/25946859> Patch by Alex Christensen <achristensen@webkit.org> on 2016-04-27 Reviewed by Darin Adler. * NetworkProcess/cocoa/NetworkSessionCocoa.mm: (-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]): We only want to create a non-persistent credential with the given user and password and store the user and password in the CredentialStorage if there is a user and password. We previously only skipped this if we were doing server trust evaluation, in which case we will have a credential from serverTrustCredential which has no user or password. When doing client certificate authentication on iOS, this completion handler is called with a credential with session persistence and also no user or password, so we need to do the same thing. The reason this was never hit on Mac was because the credential came from tryUseCertificateInfoForChallenge, which always had persistence none. Canonical link: https://commits.webkit.org/175201@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200148 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · Apr 27, 2016 · 92fc924 · 92fc924
1 parent 98aac65
commit 92fc924
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 1 deletion.
diff --git a/Source/WebKit2/ChangeLog b/Source/WebKit2/ChangeLog
@@ -1,3 +1,22 @@
+2016-04-27  Alex Christensen  <achristensen@webkit.org>
+
+        Fix client certificate authentication with NSURLSession on iOS
+        https://bugs.webkit.org/show_bug.cgi?id=157094
+        <rdar://problem/25946859>
+
+        Reviewed by Darin Adler.
+
+        * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+        (-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
+        We only want to create a non-persistent credential with the given user and password 
+        and store the user and password in the CredentialStorage if there is a user and password.
+        We previously only skipped this if we were doing server trust evaluation, in which case 
+        we will have a credential from serverTrustCredential which has no user or password.
+        When doing client certificate authentication on iOS, this completion handler is called with
+        a credential with session persistence and also no user or password, so we need to do the same thing.
+        The reason this was never hit on Mac was because the credential came from tryUseCertificateInfoForChallenge,
+        which always had persistence none.
+
 2016-04-27  Claudio Saavedra  <csaavedra@igalia.com>
 
         [GTK][EFL] Move WK2 platform code to a common place

diff --git a/Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm b/Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm
@@ -150,7 +150,7 @@ - (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task didRece
             UNUSED_PARAM(sessionID);
             UNUSED_PARAM(authenticationChallenge);
 #else
-            if (credential.persistence() == WebCore::CredentialPersistenceForSession && authenticationChallenge.protectionSpace().authenticationScheme() != WebCore::ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
+            if (credential.persistence() == WebCore::CredentialPersistenceForSession && authenticationChallenge.protectionSpace().isPasswordBased()) {
 
                 WebCore::Credential nonPersistentCredential(credential.user(), credential.password(), WebCore::CredentialPersistenceNone);
                 WebCore::URL urlToStore;