<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"

"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />

<title>[192287] trunk/Source/WebKit2</title>

</head>

<body>

<style type="text/css"><!--

#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }

#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }

#msg dt:after { content:':';}

#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }

#msg dl a { font-weight: bold}

#msg dl a:link    { color:#fc3; }

#msg dl a:active  { color:#ff0; }

#msg dl a:visited { color:#cc6; }

h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }

#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }

#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }

#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }

#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }

#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }

#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }

#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }

#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }

#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }

#logmsg pre { background: #eee; padding: 1em; }

#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}

#logmsg dl { margin: 0; }

#logmsg dt { font-weight: bold; }

#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }

#logmsg dd:before { content:'\00bb';}

#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }

#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }

#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }

#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }

#logmsg table th.Corner { text-align: left; }

#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }

#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }

#patch { width: 100%; }

#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}

#patch .propset h4, #patch .binary h4 {margin:0;}

#patch pre {padding:0;line-height:1.2em;margin:0;}

#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}

#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}

#patch span {display:block;padding:0 10px;}

#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}

#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}

#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}

#patch .lines, .info {color:#888;background:#fff;}

--></style>

<div id="msg">

<dl class="meta">

<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/192287">192287</a></dd>

<dt>Author</dt> <dd>achristensen@apple.com</dd>

<dt>Date</dt> <dd>2015-11-10 18:29:13 -0800 (Tue, 10 Nov 2015)</dd>

</dl>

<h3>Log Message</h3>

<pre>Implement authentication challenge handling when using NETWORK_SESSION

https://bugs.webkit.org/show_bug.cgi?id=150968

Reviewed by Antti Koivisto.

* NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::didReceiveChallenge):

Copy functionality from NetworkLoad::canAuthenticateAgainstProtectionSpaceAsync (which is used when we don't use NETWORK_SESSION)

because there is no canAuthenticateAgainstProtectionSpace delegate callback when using NSURLSession, according to

https://developer.apple.com/library/ios/documentation/Cocoa/Conceptual/URLLoadingSystem/Articles/AuthenticationChallenges.html

Instead, all authentication challenge callbacks go to URLSession:task:didReceiveChallenge:completionHandler:

because we do not implement URLSession:didReceiveChallenge:completionHandler:

* NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(-[NetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):

(-[NetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):

(-[NetworkSessionDelegate URLSession:dataTask:didReceiveResponse:completionHandler:]):

Make a block copy of the completion handlers so we can copy the std::functions that wrap them into HashMaps and call them later,

in this case we call the completion handler after the UIProcess gives us credentials for an authentication challenge.

* Shared/Authentication/AuthenticationManager.cpp:

(WebKit::AuthenticationManager::AuthenticationManager):

(WebKit::AuthenticationManager::addChallengeToChallengeMap):

(WebKit::AuthenticationManager::shouldCoalesceChallenge):

(WebKit::AuthenticationManager::coalesceChallengesMatching):

(WebKit::AuthenticationManager::didReceiveAuthenticationChallenge):

Fix an existing bug that caused multiple calls to addChallengeToChallengeMap for one challenge.  This caused too many calls to 

the AuthenticationClient methods, which did not cause a problem because they were not one-time-use block copies of completion handlers before.

(WebKit::AuthenticationManager::useCredentialForSingleChallenge):

(WebKit::AuthenticationManager::continueWithoutCredentialForChallenge):

(WebKit::AuthenticationManager::continueWithoutCredentialForSingleChallenge):

(WebKit::AuthenticationManager::cancelChallenge):

(WebKit::AuthenticationManager::cancelSingleChallenge):

(WebKit::AuthenticationManager::performDefaultHandling):

(WebKit::AuthenticationManager::performDefaultHandlingForSingleChallenge):

(WebKit::AuthenticationManager::rejectProtectionSpaceAndContinue):

(WebKit::AuthenticationManager::rejectProtectionSpaceAndContinueForSingleChallenge):

Call completion handlers which we stored in a HashMap before doing IPC if we are using NETWORK_SESSION,

which has completion handlers instead of continueSomething client calls.

* Shared/Authentication/AuthenticationManager.h:

(WebKit::AuthenticationManager::outstandingAuthenticationChallengeCount):

* Shared/Downloads/Download.cpp:

(WebKit::Download::didReceiveAuthenticationChallenge):

(WebKit::Download::didReceiveResponse):

* Shared/Downloads/DownloadAuthenticationClient.cpp:

(WebKit::DownloadAuthenticationClient::receivedChallengeRejection):

* Shared/Downloads/DownloadAuthenticationClient.h:

Add ifdefs for code related to downloading I will implement later.</pre>

<h3>Modified Paths</h3>

<ul>

<li><a href="#trunkSourceWebKit2ChangeLog">trunk/Source/WebKit2/ChangeLog</a></li>

<li><a href="#trunkSourceWebKit2NetworkProcessNetworkLoadcpp">trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp</a></li>

<li><a href="#trunkSourceWebKit2NetworkProcesscocoaNetworkSessionCocoamm">trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm</a></li>

<li><a href="#trunkSourceWebKit2SharedAuthenticationAuthenticationManagercpp">trunk/Source/WebKit2/Shared/Authentication/AuthenticationManager.cpp</a></li>

<li><a href="#trunkSourceWebKit2SharedAuthenticationAuthenticationManagerh">trunk/Source/WebKit2/Shared/Authentication/AuthenticationManager.h</a></li>

<li><a href="#trunkSourceWebKit2SharedDownloadsDownloadcpp">trunk/Source/WebKit2/Shared/Downloads/Download.cpp</a></li>

<li><a href="#trunkSourceWebKit2SharedDownloadsDownloadAuthenticationClientcpp">trunk/Source/WebKit2/Shared/Downloads/DownloadAuthenticationClient.cpp</a></li>

<li><a href="#trunkSourceWebKit2SharedDownloadsDownloadAuthenticationClienth">trunk/Source/WebKit2/Shared/Downloads/DownloadAuthenticationClient.h</a></li>

</ul>

</div>

<div id="patch">

<h3>Diff</h3>

<a id="trunkSourceWebKit2ChangeLog"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebKit2/ChangeLog (192286 => 192287)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebKit2/ChangeLog        2015-11-11 01:39:19 UTC (rev 192286)

+++ trunk/Source/WebKit2/ChangeLog        2015-11-11 02:29:13 UTC (rev 192287)

</span><span class="lines">@@ -1,3 +1,52 @@

</span><ins>+2015-11-10  Alex Christensen  &lt;achristensen@webkit.org&gt;

+

+        Implement authentication challenge handling when using NETWORK_SESSION

+        https://bugs.webkit.org/show_bug.cgi?id=150968

+

+        Reviewed by Antti Koivisto.

+

+        * NetworkProcess/NetworkLoad.cpp:

+        (WebKit::NetworkLoad::didReceiveChallenge):

+        Copy functionality from NetworkLoad::canAuthenticateAgainstProtectionSpaceAsync (which is used when we don't use NETWORK_SESSION)

+        because there is no canAuthenticateAgainstProtectionSpace delegate callback when using NSURLSession, according to

+        https://developer.apple.com/library/ios/documentation/Cocoa/Conceptual/URLLoadingSystem/Articles/AuthenticationChallenges.html

+        Instead, all authentication challenge callbacks go to URLSession:task:didReceiveChallenge:completionHandler:

+        because we do not implement URLSession:didReceiveChallenge:completionHandler:

+        * NetworkProcess/cocoa/NetworkSessionCocoa.mm:

+        (-[NetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):

+        (-[NetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):

+        (-[NetworkSessionDelegate URLSession:dataTask:didReceiveResponse:completionHandler:]):

+        Make a block copy of the completion handlers so we can copy the std::functions that wrap them into HashMaps and call them later,

+        in this case we call the completion handler after the UIProcess gives us credentials for an authentication challenge.

+        * Shared/Authentication/AuthenticationManager.cpp:

+        (WebKit::AuthenticationManager::AuthenticationManager):

+        (WebKit::AuthenticationManager::addChallengeToChallengeMap):

+        (WebKit::AuthenticationManager::shouldCoalesceChallenge):

+        (WebKit::AuthenticationManager::coalesceChallengesMatching):

+        (WebKit::AuthenticationManager::didReceiveAuthenticationChallenge):

+        Fix an existing bug that caused multiple calls to addChallengeToChallengeMap for one challenge.  This caused too many calls to 

+        the AuthenticationClient methods, which did not cause a problem because they were not one-time-use block copies of completion handlers before.

+        (WebKit::AuthenticationManager::useCredentialForSingleChallenge):

+        (WebKit::AuthenticationManager::continueWithoutCredentialForChallenge):

+        (WebKit::AuthenticationManager::continueWithoutCredentialForSingleChallenge):

+        (WebKit::AuthenticationManager::cancelChallenge):

+        (WebKit::AuthenticationManager::cancelSingleChallenge):

+        (WebKit::AuthenticationManager::performDefaultHandling):

+        (WebKit::AuthenticationManager::performDefaultHandlingForSingleChallenge):

+        (WebKit::AuthenticationManager::rejectProtectionSpaceAndContinue):

+        (WebKit::AuthenticationManager::rejectProtectionSpaceAndContinueForSingleChallenge):

+        Call completion handlers which we stored in a HashMap before doing IPC if we are using NETWORK_SESSION,

+        which has completion handlers instead of continueSomething client calls.

+        * Shared/Authentication/AuthenticationManager.h:

+        (WebKit::AuthenticationManager::outstandingAuthenticationChallengeCount):

+        * Shared/Downloads/Download.cpp:

+        (WebKit::Download::didReceiveAuthenticationChallenge):

+        (WebKit::Download::didReceiveResponse):

+        * Shared/Downloads/DownloadAuthenticationClient.cpp:

+        (WebKit::DownloadAuthenticationClient::receivedChallengeRejection):

+        * Shared/Downloads/DownloadAuthenticationClient.h:

+        Add ifdefs for code related to downloading I will implement later.

+

</ins><span class="cx"> 2015-11-10  Simon Fraser  &lt;simon.fraser@apple.com&gt;

</span><span class="cx"> 

</span><span class="cx">         Use different pixel formats for displays that support them

</span></span></pre></div>

<a id="trunkSourceWebKit2NetworkProcessNetworkLoadcpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp (192286 => 192287)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp        2015-11-11 01:39:19 UTC (rev 192286)

+++ trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp        2015-11-11 02:29:13 UTC (rev 192287)

</span><span class="lines">@@ -158,8 +158,30 @@

</span><span class="cx"> 

</span><span class="cx"> void NetworkLoad::didReceiveChallenge(const AuthenticationChallenge&amp; challenge, std::function&lt;void(AuthenticationChallengeDisposition, const Credential&amp;)&gt; completionHandler)

</span><span class="cx"> {

</span><del>-    notImplemented();

-    completionHandler(AuthenticationChallengeDisposition::PerformDefaultHandling, Credential());

</del><ins>+    // NetworkResourceLoader does not know whether the request is cross origin, so Web process computes an applicable credential policy for it.

+    ASSERT(m_parameters.clientCredentialPolicy != DoNotAskClientForCrossOriginCredentials);

+

+    // Handle server trust evaluation at platform-level if requested, for performance reasons.

+    if (challenge.protectionSpace().authenticationScheme() == ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested

+        &amp;&amp; !NetworkProcess::singleton().canHandleHTTPSServerTrustEvaluation()) {

+        completionHandler(AuthenticationChallengeDisposition::PerformDefaultHandling, Credential());

+        return;

+    }

+

+    if (m_client.isSynchronous()) {

+        // FIXME: We should ask the WebProcess like the asynchronous case below does.

+        // This is currently impossible as the WebProcess is blocked waiting on this synchronous load.

+        // It's possible that we can jump straight to the UI process to resolve this.

+        completionHandler(AuthenticationChallengeDisposition::PerformDefaultHandling, Credential());

+        return;

+    }

+

+    if (m_parameters.clientCredentialPolicy == DoNotAskClientForAnyCredentials) {

+        completionHandler(AuthenticationChallengeDisposition::UseCredential, Credential());

+        return;

+    }

+

+    NetworkProcess::singleton().authenticationManager().didReceiveAuthenticationChallenge(m_parameters.webPageID, m_parameters.webFrameID, challenge, completionHandler);

</ins><span class="cx"> }

</span><span class="cx"> 

</span><span class="cx"> void NetworkLoad::didReceiveResponse(const ResourceResponse&amp; response, std::function&lt;void(ResponseDisposition)&gt; completionHandler)

</span></span></pre></div>

<a id="trunkSourceWebKit2NetworkProcesscocoaNetworkSessionCocoamm"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm (192286 => 192287)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm        2015-11-11 01:39:19 UTC (rev 192286)

+++ trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm        2015-11-11 02:29:13 UTC (rev 192287)

</span><span class="lines">@@ -94,9 +94,11 @@

</span><span class="cx"> 

</span><span class="cx">     if (auto* networkingTask = _session-&gt;dataTaskForIdentifier(task.taskIdentifier)) {

</span><span class="cx">         if (auto* client = networkingTask-&gt;client()) {

</span><del>-            client-&gt;willPerformHTTPRedirection(response, request, ^(const WebCore::ResourceRequest&amp; request)

</del><ins>+            auto completionHandlerCopy = Block_copy(completionHandler);

+            client-&gt;willPerformHTTPRedirection(response, request, [completionHandlerCopy](const WebCore::ResourceRequest&amp; request)

</ins><span class="cx">                 {

</span><del>-                    completionHandler(request.nsURLRequest(WebCore::UpdateHTTPBody));

</del><ins>+                    completionHandlerCopy(request.nsURLRequest(WebCore::UpdateHTTPBody));

+                    Block_release(completionHandlerCopy);

</ins><span class="cx">                 }

</span><span class="cx">             );

</span><span class="cx">         }

</span><span class="lines">@@ -109,9 +111,11 @@

</span><span class="cx"> 

</span><span class="cx">     if (auto* networkingTask = _session-&gt;dataTaskForIdentifier(task.taskIdentifier)) {

</span><span class="cx">         if (auto* client = networkingTask-&gt;client()) {

</span><del>-            client-&gt;didReceiveChallenge(challenge, ^(WebKit::AuthenticationChallengeDisposition disposition, const WebCore::Credential&amp; credential)

</del><ins>+            auto completionHandlerCopy = Block_copy(completionHandler);

+            client-&gt;didReceiveChallenge(challenge, [completionHandlerCopy](WebKit::AuthenticationChallengeDisposition disposition, const WebCore::Credential&amp; credential)

</ins><span class="cx">                 {

</span><del>-                    completionHandler(toNSURLSessionAuthChallengeDisposition(disposition), credential.nsCredential());

</del><ins>+                    completionHandlerCopy(toNSURLSessionAuthChallengeDisposition(disposition), credential.nsCredential());

+                    Block_release(completionHandlerCopy);

</ins><span class="cx">                 }

</span><span class="cx">             );

</span><span class="cx">         }

</span><span class="lines">@@ -136,9 +140,11 @@

</span><span class="cx">         if (auto* client = networkingTask-&gt;client()) {

</span><span class="cx">             ASSERT(isMainThread());

</span><span class="cx">             WebCore::ResourceResponse resourceResponse(response);

</span><del>-            client-&gt;didReceiveResponse(resourceResponse, ^(WebKit::ResponseDisposition responseDisposition)

</del><ins>+            auto completionHandlerCopy = Block_copy(completionHandler);

+            client-&gt;didReceiveResponse(resourceResponse, [completionHandlerCopy](WebKit::ResponseDisposition responseDisposition)

</ins><span class="cx">                 {

</span><del>-                    completionHandler(toNSURLSessionResponseDisposition(responseDisposition));

</del><ins>+                    completionHandlerCopy(toNSURLSessionResponseDisposition(responseDisposition));

+                    Block_release(completionHandlerCopy);

</ins><span class="cx">                 }

</span><span class="cx">             );

</span><span class="cx">         }

</span></span></pre></div>

<a id="trunkSourceWebKit2SharedAuthenticationAuthenticationManagercpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebKit2/Shared/Authentication/AuthenticationManager.cpp (192286 => 192287)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebKit2/Shared/Authentication/AuthenticationManager.cpp        2015-11-11 01:39:19 UTC (rev 192286)

+++ trunk/Source/WebKit2/Shared/Authentication/AuthenticationManager.cpp        2015-11-11 02:29:13 UTC (rev 192287)

</span><span class="lines">@@ -70,12 +70,12 @@

</span><span class="cx">     m_process-&gt;addMessageReceiver(Messages::AuthenticationManager::messageReceiverName(), *this);

</span><span class="cx"> }

</span><span class="cx"> 

</span><del>-uint64_t AuthenticationManager::addChallengeToChallengeMap(const WebCore::AuthenticationChallenge&amp; authenticationChallenge)

</del><ins>+uint64_t AuthenticationManager::addChallengeToChallengeMap(const Challenge&amp; challenge)

</ins><span class="cx"> {

</span><span class="cx">     ASSERT(RunLoop::isMain());

</span><span class="cx"> 

</span><span class="cx">     uint64_t challengeID = generateAuthenticationChallengeID();

</span><del>-    m_challenges.set(challengeID, authenticationChallenge);

</del><ins>+    m_challenges.set(challengeID, challenge);

</ins><span class="cx">     return challengeID;

</span><span class="cx"> }

</span><span class="cx"> 

</span><span class="lines">@@ -85,7 +85,7 @@

</span><span class="cx">         return false;

</span><span class="cx"> 

</span><span class="cx">     for (auto&amp; item : m_challenges) {

</span><del>-        if (item.key != challengeID &amp;&amp; ProtectionSpace::compare(challenge.protectionSpace(), item.value.protectionSpace()))

</del><ins>+        if (item.key != challengeID &amp;&amp; ProtectionSpace::compare(challenge.protectionSpace(), item.value.challenge.protectionSpace()))

</ins><span class="cx">             return true;

</span><span class="cx">     }

</span><span class="cx">     return false;

</span><span class="lines">@@ -93,17 +93,17 @@

</span><span class="cx"> 

</span><span class="cx"> Vector&lt;uint64_t&gt; AuthenticationManager::coalesceChallengesMatching(uint64_t challengeID) const

</span><span class="cx"> {

</span><del>-    AuthenticationChallenge challenge = m_challenges.get(challengeID);

-    ASSERT(!challenge.isNull());

</del><ins>+    auto challenge = m_challenges.get(challengeID);

+    ASSERT(!challenge.challenge.isNull());

</ins><span class="cx"> 

</span><span class="cx">     Vector&lt;uint64_t&gt; challengesToCoalesce;

</span><span class="cx">     challengesToCoalesce.append(challengeID);

</span><span class="cx"> 

</span><del>-    if (!canCoalesceChallenge(challenge))

</del><ins>+    if (!canCoalesceChallenge(challenge.challenge))

</ins><span class="cx">         return challengesToCoalesce;

</span><span class="cx"> 

</span><span class="cx">     for (auto&amp; item : m_challenges) {

</span><del>-        if (item.key != challengeID &amp;&amp; ProtectionSpace::compare(challenge.protectionSpace(), item.value.protectionSpace()))

</del><ins>+        if (item.key != challengeID &amp;&amp; ProtectionSpace::compare(challenge.challenge.protectionSpace(), item.value.challenge.protectionSpace()))

</ins><span class="cx">             challengesToCoalesce.append(item.key);

</span><span class="cx">     }

</span><span class="cx"> 

</span><span class="lines">@@ -115,7 +115,11 @@

</span><span class="cx">     ASSERT(frame);

</span><span class="cx">     ASSERT(frame-&gt;page());

</span><span class="cx"> 

</span><del>-    uint64_t challengeID = addChallengeToChallengeMap(authenticationChallenge);

</del><ins>+    uint64_t challengeID = addChallengeToChallengeMap({authenticationChallenge

+#if USE(NETWORK_SESSION)

+        , ChallengeCompletionHandler()

+#endif

+    });

</ins><span class="cx"> 

<span class="cx">     // Coalesce challenges in the same protection space.

</span><span class="cx">     if (shouldCoalesceChallenge(challengeID, authenticationChallenge))

</span><span class="lines">@@ -125,27 +129,46 @@

</span><span class="cx"> }

</span><span class="cx"> 

</span><span class="cx"> #if ENABLE(NETWORK_PROCESS)

</span><ins>+#if USE(NETWORK_SESSION)

+void AuthenticationManager::didReceiveAuthenticationChallenge(uint64_t pageID, uint64_t frameID, const AuthenticationChallenge&amp; authenticationChallenge, ChallengeCompletionHandler completionHandler)

+{

+    ASSERT(pageID);

+    ASSERT(frameID);

+

+    uint64_t challengeID = addChallengeToChallengeMap({authenticationChallenge, completionHandler});

+    if (shouldCoalesceChallenge(challengeID, authenticationChallenge))

+        return;

+    

+    m_process-&gt;send(Messages::NetworkProcessProxy::DidReceiveAuthenticationChallenge(pageID, frameID, authenticationChallenge, challengeID));

+}

+#endif

</ins><span class="cx"> void AuthenticationManager::didReceiveAuthenticationChallenge(uint64_t pageID, uint64_t frameID, const AuthenticationChallenge&amp; authenticationChallenge)

</span><span class="cx"> {

</span><span class="cx">     ASSERT(pageID);

</span><span class="cx">     ASSERT(frameID);

</span><span class="cx"> 

</span><del>-    uint64_t challengeID = addChallengeToChallengeMap(authenticationChallenge);

</del><ins>+    uint64_t challengeID = addChallengeToChallengeMap({authenticationChallenge

+#if USE(NETWORK_SESSION)

+        , ChallengeCompletionHandler()

+#endif

+    });

</ins><span class="cx">     if (shouldCoalesceChallenge(challengeID, authenticationChallenge))

</span><span class="cx">         return;

</span><span class="cx">     

</span><del>-    m_process-&gt;send(Messages::NetworkProcessProxy::DidReceiveAuthenticationChallenge(pageID, frameID, authenticationChallenge, addChallengeToChallengeMap(authenticationChallenge)));

</del><ins>+    m_process-&gt;send(Messages::NetworkProcessProxy::DidReceiveAuthenticationChallenge(pageID, frameID, authenticationChallenge, challengeID));

</ins><span class="cx"> }

</span><span class="cx"> #endif

</span><span class="cx"> 

</span><ins>+#if !USE(NETWORK_SESSION)

</ins><span class="cx"> void AuthenticationManager::didReceiveAuthenticationChallenge(Download* download, const AuthenticationChallenge&amp; authenticationChallenge)

</span><span class="cx"> {

</span><del>-    uint64_t challengeID = addChallengeToChallengeMap(authenticationChallenge);

</del><ins>+    uint64_t challengeID = addChallengeToChallengeMap({authenticationChallenge});

</ins><span class="cx">     if (shouldCoalesceChallenge(challengeID, authenticationChallenge))

</span><span class="cx">         return;

</span><span class="cx"> 

</span><del>-    download-&gt;send(Messages::DownloadProxy::DidReceiveAuthenticationChallenge(authenticationChallenge, addChallengeToChallengeMap(authenticationChallenge)));

</del><ins>+    download-&gt;send(Messages::DownloadProxy::DidReceiveAuthenticationChallenge(authenticationChallenge, challengeID));

</ins><span class="cx"> }

</span><ins>+#endif

</ins><span class="cx"> 

<span class="cx"> // Currently, only Mac knows how to respond to authentication challenges with certificate info.

</span><span class="cx"> #if !HAVE(SEC_IDENTITY)

</span><span class="lines">@@ -165,21 +188,30 @@

</span><span class="cx"> 

</span><span class="cx"> void AuthenticationManager::useCredentialForSingleChallenge(uint64_t challengeID, const Credential&amp; credential, const CertificateInfo&amp; certificateInfo)

</span><span class="cx"> {

</span><del>-    AuthenticationChallenge challenge = m_challenges.take(challengeID);

-    ASSERT(!challenge.isNull());

-    

-    if (tryUseCertificateInfoForChallenge(challenge, certificateInfo))

</del><ins>+    auto challenge = m_challenges.take(challengeID);

+    ASSERT(!challenge.challenge.isNull());

+

+    if (tryUseCertificateInfoForChallenge(challenge.challenge, certificateInfo))

</ins><span class="cx">         return;

</span><del>-    

-    AuthenticationClient* coreClient = challenge.authenticationClient();

</del><ins>+

+#if USE(NETWORK_SESSION)

+    // If there is a completion handler, then there is no AuthenticationClient.

+    // FIXME: Remove the use of AuthenticationClient in WebKit2 once NETWORK_SESSION is used for all loads.

+    if (challenge.completionHandler) {

+        challenge.completionHandler(AuthenticationChallengeDisposition::UseCredential, credential);

+        return;

+    }

+#endif

+

+    AuthenticationClient* coreClient = challenge.challenge.authenticationClient();

</ins><span class="cx">     if (!coreClient) {

<span class="cx">         // FIXME: The authentication client is null for downloads, but it can also be null for canceled loads.