Skip to content
Permalink
Browse files
trustd network connections occasionally omitted from App Privacy report
https://bugs.webkit.org/show_bug.cgi?id=232770
<rdar://problem/83840427>

Reviewed by Alex Christensen.

Source/WebKit:

* NetworkProcess/cocoa/NetworkSessionCocoa.h:
* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(NetworkSessionCocoa::setClientAuditToken):
(-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):

Source/WTF:

* wtf/spi/cocoa/SecuritySPI.h:



Canonical link: https://commits.webkit.org/243961@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@285404 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
kcheney1 committed Nov 8, 2021
1 parent 396a4e2 commit db74a7801130267c23414163fcd5eb181b2438af
Showing 5 changed files with 40 additions and 0 deletions.
@@ -1,3 +1,13 @@
2021-11-08 Kate Cheney <katherine_cheney@apple.com>

trustd network connections occasionally omitted from App Privacy report
https://bugs.webkit.org/show_bug.cgi?id=232770
<rdar://problem/83840427>

Reviewed by Alex Christensen.

* wtf/spi/cocoa/SecuritySPI.h:

2021-11-04 Myles C. Maxfield <mmaxfield@apple.com>

[WebGPU] Bindings part 1: Bring back Adapter/Device bindings code
@@ -99,6 +99,7 @@ CF_RETURNS_RETAINED SecTrustRef SecTrustDeserialize(CFDataRef serializedTrust, C
#endif

CF_RETURNS_RETAINED CFDictionaryRef SecTrustCopyInfo(SecTrustRef);
OSStatus SecTrustSetClientAuditToken(SecTrustRef, CFDataRef);

extern const CFStringRef kSecTrustInfoExtendedValidationKey;
extern const CFStringRef kSecTrustInfoCompanyNameKey;
@@ -1,3 +1,16 @@
2021-11-08 Kate Cheney <katherine_cheney@apple.com>

trustd network connections occasionally omitted from App Privacy report
https://bugs.webkit.org/show_bug.cgi?id=232770
<rdar://problem/83840427>

Reviewed by Alex Christensen.

* NetworkProcess/cocoa/NetworkSessionCocoa.h:
* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(NetworkSessionCocoa::setClientAuditToken):
(-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):

2021-11-08 Andres Gonzalez <andresg_22@apple.com>

WTR::AccessibilityController::focusedElement() cannot get the focused object via WKAccessibilityFocusedObject in isolated tree mode.
@@ -111,6 +111,7 @@ class NetworkSessionCocoa final : public NetworkSession {
#endif

static bool allowsSpecificHTTPSCertificateForHost(const WebCore::AuthenticationChallenge&);
void setClientAuditToken(const WebCore::AuthenticationChallenge&);

void continueDidReceiveChallenge(SessionWrapper&, const WebCore::AuthenticationChallenge&, NegotiatedLegacyTLS, NetworkDataTaskCocoa::TaskIdentifier, NetworkDataTaskCocoa*, CompletionHandler<void(WebKit::AuthenticationChallengeDisposition, const WebCore::Credential&)>&&);

@@ -60,6 +60,7 @@
#import <wtf/SoftLinking.h>
#import <wtf/URL.h>
#import <wtf/WeakObjCPtr.h>
#import <wtf/cocoa/TypeCastsCocoa.h>
#import <wtf/cocoa/VectorCocoa.h>
#import <wtf/darwin/WeakLinking.h>
#import <wtf/text/WTFString.h>
@@ -699,6 +700,19 @@ - (NetworkSessionCocoa*)sessionFromTask:(NSURLSessionTask *)task {
return nullptr;
}

void NetworkSessionCocoa::setClientAuditToken(const WebCore::AuthenticationChallenge& challenge)
{
#if ENABLE(APP_PRIVACY_REPORT)
if (auto auditToken = networkProcess().sourceApplicationAuditToken()) {
auto& tokenValue = *auditToken;
RetainPtr<NSData> token = adoptNS([[NSData alloc] initWithBytes:(uint8_t *)&tokenValue length:sizeof(tokenValue)]);
SecTrustSetClientAuditToken(challenge.nsURLAuthenticationChallenge().protectionSpace.serverTrust, bridge_cast(token.get()));
}
#else
UNUSED_PARAM(challenge);
#endif
}

- (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler
{
auto* sessionCocoa = [self sessionFromTask: task];
@@ -720,6 +734,7 @@ - (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task didRece
NegotiatedLegacyTLS negotiatedLegacyTLS = NegotiatedLegacyTLS::No;

if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
sessionCocoa->setClientAuditToken(challenge);
if (NetworkSessionCocoa::allowsSpecificHTTPSCertificateForHost(challenge))
return completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);

0 comments on commit db74a78

Please sign in to comment.