REGRESSION(r230681) Do not use stored credentials if WKBundlePageResourceLoadClient.shouldUseCredentialStorage returns false

achristensen07 · achristensen07 · commit a77be84b3f89 · 2019-04-22T23:05:48.000Z
https://bugs.webkit.org/show_bug.cgi?id=197093 <rdar://problem/49708268> Reviewed by Chris Dumez. Source/WebKit: Only get the StoredCredentialsPolicy from the NetworkLoadChecker if we haven't already been told not to use credentials. Also add some test infrastructure for clearing persistent credentials added by the test. * NetworkProcess/NetworkProcess.cpp: (WebKit::NetworkProcess::removeCredential): * NetworkProcess/NetworkProcess.h: * NetworkProcess/NetworkProcess.messages.in: * NetworkProcess/NetworkResourceLoader.cpp: (WebKit::NetworkResourceLoader::startNetworkLoad): * NetworkProcess/cocoa/NetworkProcessCocoa.mm: (WebKit::NetworkProcess::removeCredential): * UIProcess/API/Cocoa/WKProcessPool.mm: (-[WKProcessPool _removeCredential:forProtectionSpace:completionHandler:]): * UIProcess/API/Cocoa/WKProcessPoolPrivate.h: * UIProcess/WebProcessPool.cpp: (WebKit::WebProcessPool::removeCredential): * UIProcess/WebProcessPool.h: Tools: Add a test that does two loads. The first load shouldUseCredentialStorage returns true and we provide a persistent credential. The second load shouldUseCredentialStorage returns false and we verify that a challenge is received with no suggested credential. We also need to make the TCPServer able to handle more than one connection because we need these two loads to come from the same protection space, and our current Cocoa implementation of NetworkSession uses two NSURLSessions that don't share a connection cache, one for loads with credentials and one for loads without credentials, so there are two TCP connections to the same server in this test. * TestWebKitAPI/TCPServer.cpp: (TestWebKitAPI::TCPServer::TCPServer): (TestWebKitAPI::TCPServer::~TCPServer): (TestWebKitAPI::TCPServer::socketBindListen): (TestWebKitAPI::TCPServer::waitForAndReplyToRequests): Deleted. * TestWebKitAPI/TCPServer.h: * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/WebKitCocoa/BasicProposedCredentialPlugIn.mm: Added. (-[BasicProposedCredentialPlugIn webProcessPlugIn:didCreateBrowserContextController:]): * TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm: (respondWithChallengeThenOK): (TestWebKitAPI::TEST): (-[ProposedCredentialDelegate webView:didFinishNavigation:]): (-[ProposedCredentialDelegate webView:didReceiveAuthenticationChallenge:completionHandler:]): (TEST): Canonical link: https://commits.webkit.org/211393@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@244521 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
@@ -1,3 +1,29 @@
+2019-04-22  Alex Christensen  <achristensen@webkit.org>
+
+        REGRESSION(r230681) Do not use stored credentials if WKBundlePageResourceLoadClient.shouldUseCredentialStorage returns false
+        https://bugs.webkit.org/show_bug.cgi?id=197093
+        <rdar://problem/49708268>
+
+        Reviewed by Chris Dumez.
+
+        Only get the StoredCredentialsPolicy from the NetworkLoadChecker if we haven't already been told not to use credentials.
+        Also add some test infrastructure for clearing persistent credentials added by the test.
+
+        * NetworkProcess/NetworkProcess.cpp:
+        (WebKit::NetworkProcess::removeCredential):
+        * NetworkProcess/NetworkProcess.h:
+        * NetworkProcess/NetworkProcess.messages.in:
+        * NetworkProcess/NetworkResourceLoader.cpp:
+        (WebKit::NetworkResourceLoader::startNetworkLoad):
+        * NetworkProcess/cocoa/NetworkProcessCocoa.mm:
+        (WebKit::NetworkProcess::removeCredential):
+        * UIProcess/API/Cocoa/WKProcessPool.mm:
+        (-[WKProcessPool _removeCredential:forProtectionSpace:completionHandler:]):
+        * UIProcess/API/Cocoa/WKProcessPoolPrivate.h:
+        * UIProcess/WebProcessPool.cpp:
+        (WebKit::WebProcessPool::removeCredential):
+        * UIProcess/WebProcessPool.h:
+
 2019-04-22  Chris Dumez  <cdumez@apple.com>
 
         Delayed WebProcessLaunch may break the _relatedWebView SPI
diff --git a/Source/WebKit/NetworkProcess/NetworkProcess.cpp b/Source/WebKit/NetworkProcess/NetworkProcess.cpp
@@ -2470,6 +2470,11 @@ StorageQuotaManager& NetworkProcess::storageQuotaManager(PAL::SessionID sessionI
 }
 
 #if !PLATFORM(COCOA)
+void NetworkProcess::removeCredential(WebCore::Credential&&, WebCore::ProtectionSpace&&, CompletionHandler<void()>&& completionHandler)
+{
+    completionHandler();
+}
+
 void NetworkProcess::initializeProcess(const AuxiliaryProcessInitializationParameters&)
 {
 }
diff --git a/Source/WebKit/NetworkProcess/NetworkProcess.h b/Source/WebKit/NetworkProcess/NetworkProcess.h
@@ -72,6 +72,7 @@ namespace WebCore {
 class CertificateInfo;
 class CurlProxySettings;
 class DownloadID;
+class ProtectionSpace;
 class StorageQuotaManager;
 class NetworkStorageSession;
 class ResourceError;
@@ -426,6 +427,8 @@ class NetworkProcess : public AuxiliaryProcess, private DownloadManager::Client,
 
     void platformSyncAllCookies(CompletionHandler<void()>&&);
 
+    void removeCredential(WebCore::Credential&&, WebCore::ProtectionSpace&&, CompletionHandler<void()>&&);
+
     void registerURLSchemeAsSecure(const String&) const;
     void registerURLSchemeAsBypassingContentSecurityPolicy(const String&) const;
     void registerURLSchemeAsLocal(const String&) const;
diff --git a/Source/WebKit/NetworkProcess/NetworkProcess.messages.in b/Source/WebKit/NetworkProcess/NetworkProcess.messages.in
@@ -171,4 +171,5 @@ messages -> NetworkProcess LegacyReceiver {
     ClearAdClickAttribution(PAL::SessionID sessionID) -> () Async
     SetAdClickAttributionOverrideTimerForTesting(PAL::SessionID sessionID, bool value) -> () Async
     SetAdClickAttributionConversionURLForTesting(PAL::SessionID sessionID, URL url) -> () Async
+    RemoveCredential(WebCore::Credential credential, WebCore::ProtectionSpace protectionSpace) -> () Async
 }
diff --git a/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp b/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
@@ -270,7 +270,7 @@ void NetworkResourceLoader::startNetworkLoad(ResourceRequest&& request, FirstLoa
 
     NetworkLoadParameters parameters = m_parameters;
     parameters.networkActivityTracker = m_networkActivityTracker;
-    if (m_networkLoadChecker)
+    if (parameters.storedCredentialsPolicy == WebCore::StoredCredentialsPolicy::Use && m_networkLoadChecker)
         parameters.storedCredentialsPolicy = m_networkLoadChecker->storedCredentialsPolicy();
 
     if (request.url().protocolIsBlob())
diff --git a/Source/WebKit/NetworkProcess/cocoa/NetworkProcessCocoa.mm b/Source/WebKit/NetworkProcess/cocoa/NetworkProcessCocoa.mm
@@ -205,6 +205,18 @@ static void filterPreloadHSTSEntry(const void* key, const void* value, void* con
     }).get());
 }
 
+void NetworkProcess::removeCredential(WebCore::Credential&& credential, WebCore::ProtectionSpace&& protectionSpace, CompletionHandler<void()>&& completionHandler)
+{
+    NSURLProtectionSpace *nsSpace = protectionSpace.nsSpace();
+    NSURLCredential *nsCredential = [[[NSURLCredentialStorage sharedCredentialStorage] credentialsForProtectionSpace:nsSpace] objectForKey:credential.user()];
+    RELEASE_ASSERT(nsCredential);
+    RELEASE_ASSERT([nsCredential.user isEqualToString:credential.user()]);
+    RELEASE_ASSERT([nsCredential.password isEqualToString:credential.password()]);
+    [[NSURLCredentialStorage sharedCredentialStorage] removeCredential:nsCredential forProtectionSpace:nsSpace];
+    RELEASE_ASSERT(![[[NSURLCredentialStorage sharedCredentialStorage] credentialsForProtectionSpace:nsSpace] objectForKey:credential.user()]);
+    completionHandler();
+}
+
 #if PLATFORM(MAC)
 void NetworkProcess::setSharedHTTPCookieStorage(const Vector<uint8_t>& identifier)
 {
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKProcessPool.mm b/Source/WebKit/UIProcess/API/Cocoa/WKProcessPool.mm
@@ -519,6 +519,13 @@ - (void)_preconnectToServer:(NSURL *)serverURL
     _processPool->preconnectToServer(serverURL);
 }
 
+- (void)_removeCredential:(NSURLCredential *)credential forProtectionSpace:(NSURLProtectionSpace *)protectionSpace completionHandler:(void(^)())completionHandler
+{
+    _processPool->removeCredential(WebCore::Credential(credential), WebCore::ProtectionSpace(protectionSpace), [completionHandler = makeBlockPtr(completionHandler)] {
+        completionHandler();
+    });
+}
+
 - (size_t)_pluginProcessCount
 {
 #if !PLATFORM(IOS_FAMILY)
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKProcessPoolPrivate.h b/Source/WebKit/UIProcess/API/Cocoa/WKProcessPoolPrivate.h
@@ -115,6 +115,9 @@
 
 - (void)_preconnectToServer:(NSURL *)serverURL WK_API_AVAILABLE(macos(10.13.4), ios(11.3));
 
+// Test only.
+- (void)_removeCredential:(NSURLCredential *)credential forProtectionSpace:(NSURLProtectionSpace *)protectionSpace completionHandler:(void(^)(void))completionHandler WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
+
 // Test only.
 - (void)_setAllowsAnySSLCertificateForServiceWorker:(BOOL)allows WK_API_AVAILABLE(macos(10.13.4), ios(11.3));
 - (void)_registerURLSchemeServiceWorkersCanHandle:(NSString *)scheme WK_API_AVAILABLE(macos(10.13.4), ios(11.3));
diff --git a/Source/WebKit/UIProcess/WebProcessPool.cpp b/Source/WebKit/UIProcess/WebProcessPool.cpp
@@ -1721,6 +1721,11 @@ void WebProcessPool::useTestingNetworkSession()
     m_shouldUseTestingNetworkSession = true;
 }
 
+void WebProcessPool::removeCredential(WebCore::Credential&& credential, WebCore::ProtectionSpace&& protectionSpace, CompletionHandler<void()>&& completionHandler)
+{
+    m_networkProcess->sendWithAsyncReply(Messages::NetworkProcess::RemoveCredential(credential, protectionSpace), WTFMove(completionHandler));
+}
+
 template<typename T, typename U>
 void WebProcessPool::sendSyncToNetworkingProcess(T&& message, U&& reply)
 {
diff --git a/Source/WebKit/UIProcess/WebProcessPool.h b/Source/WebKit/UIProcess/WebProcessPool.h
@@ -507,6 +507,8 @@ class WebProcessPool final : public API::ObjectImpl<API::Object::Type::ProcessPo
 
     void disableDelayedWebProcessLaunch() { m_isDelayedWebProcessLaunchDisabled = true; }
 
+    void removeCredential(WebCore::Credential&&, WebCore::ProtectionSpace&&, CompletionHandler<void()>&&);
+    
 private:
     void platformInitialize();
 
diff --git a/Tools/ChangeLog b/Tools/ChangeLog
@@ -1,3 +1,33 @@
+2019-04-22  Alex Christensen  <achristensen@webkit.org>
+
+        REGRESSION(r230681) Do not use stored credentials if WKBundlePageResourceLoadClient.shouldUseCredentialStorage returns false
+        https://bugs.webkit.org/show_bug.cgi?id=197093
+        <rdar://problem/49708268>
+
+        Reviewed by Chris Dumez.
+
+        Add a test that does two loads.  The first load shouldUseCredentialStorage returns true and we provide a persistent credential.
+        The second load shouldUseCredentialStorage returns false and we verify that a challenge is received with no suggested credential.
+        We also need to make the TCPServer able to handle more than one connection because we need these two loads to come from the same protection space,
+        and our current Cocoa implementation of NetworkSession uses two NSURLSessions that don't share a connection cache, one for loads with credentials
+        and one for loads without credentials, so there are two TCP connections to the same server in this test.
+
+        * TestWebKitAPI/TCPServer.cpp:
+        (TestWebKitAPI::TCPServer::TCPServer):
+        (TestWebKitAPI::TCPServer::~TCPServer):
+        (TestWebKitAPI::TCPServer::socketBindListen):
+        (TestWebKitAPI::TCPServer::waitForAndReplyToRequests): Deleted.
+        * TestWebKitAPI/TCPServer.h:
+        * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+        * TestWebKitAPI/Tests/WebKitCocoa/BasicProposedCredentialPlugIn.mm: Added.
+        (-[BasicProposedCredentialPlugIn webProcessPlugIn:didCreateBrowserContextController:]):
+        * TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm:
+        (respondWithChallengeThenOK):
+        (TestWebKitAPI::TEST):
+        (-[ProposedCredentialDelegate webView:didFinishNavigation:]):
+        (-[ProposedCredentialDelegate webView:didReceiveAuthenticationChallenge:completionHandler:]):
+        (TEST):
+
 2019-04-22  Chris Dumez  <cdumez@apple.com>
 
         Delayed WebProcessLaunch may break the _relatedWebView SPI
diff --git a/Tools/TestWebKitAPI/TCPServer.cpp b/Tools/TestWebKitAPI/TCPServer.cpp
@@ -29,35 +29,39 @@
 #include <netinet/in.h>
 #include <thread>
 #include <unistd.h>
-#include <vector>
+#include <wtf/Optional.h>
 
 namespace TestWebKitAPI {
 
-TCPServer::TCPServer(Function<void(Socket)>&& socketHandler)
-    : m_socketHandler(WTFMove(socketHandler))
+TCPServer::TCPServer(Function<void(Socket)>&& connectionHandler, size_t connections)
+    : m_connectionHandler(WTFMove(connectionHandler))
 {
-    socketBindListen();
-    m_thread = std::thread(&TCPServer::waitForAndReplyToRequests, this);
+    auto listeningSocket = socketBindListen(connections);
+    ASSERT(listeningSocket);
+    m_listeningThread = std::thread([this, listeningSocket = *listeningSocket, connections] {
+        for (size_t i = 0; i < connections; ++i) {
+            Socket connectionSocket = accept(listeningSocket, nullptr, nullptr);
+            m_connectionThreads.append(std::thread([this, connectionSocket] {
+                m_connectionHandler(connectionSocket);
+                shutdown(connectionSocket, SHUT_RDWR);
+                close(connectionSocket);
+            }));
+        }
+    });
 }
 
 TCPServer::~TCPServer()
 {
-    m_thread.join();
-    if (m_listeningSocket != InvalidSocket) {
-        close(m_listeningSocket);
-        m_listeningSocket = InvalidSocket;
-    }
-    if (m_connectionSocket != InvalidSocket) {
-        close(m_connectionSocket);
-        m_connectionSocket = InvalidSocket;
-    }
+    m_listeningThread.join();
+    for (auto& connectionThreads : m_connectionThreads)
+        connectionThreads.join();
 }
 
-void TCPServer::socketBindListen()
+auto TCPServer::socketBindListen(size_t connections) -> Optional<Socket>
 {
-    m_listeningSocket = socket(PF_INET, SOCK_STREAM, 0);
-    if (m_listeningSocket == InvalidSocket)
-        return;
+    Socket listeningSocket = socket(PF_INET, SOCK_STREAM, 0);
+    if (listeningSocket == -1)
+        return WTF::nullopt;
     
     // Ports 49152-65535 are unallocated ports. Try until we find one that's free.
     for (Port port = 49152; port; port++) {
@@ -66,34 +70,22 @@ void TCPServer::socketBindListen()
         name.sin_family = AF_INET;
         name.sin_port = htons(port);
         name.sin_addr.s_addr = htonl(INADDR_ANY);
-        if (bind(m_listeningSocket, reinterpret_cast<sockaddr*>(&name), sizeof(name)) < 0) {
+        if (bind(listeningSocket, reinterpret_cast<sockaddr*>(&name), sizeof(name)) < 0) {
             // This port is busy. Try the next port.
             continue;
         }
-        const unsigned maxConnections = 1;
-        if (listen(m_listeningSocket, maxConnections) == -1) {
+        if (listen(listeningSocket, connections) == -1) {
             // Listening failed.
-            close(m_listeningSocket);
-            m_listeningSocket = InvalidSocket;
-            return;
+            close(listeningSocket);
+            return WTF::nullopt;
         }
         m_port = port;
-        return; // Successfully set up listening port.
+        return listeningSocket; // Successfully set up listening port.
     }
     
     // Couldn't find an available port.
-    close(m_listeningSocket);
-    m_listeningSocket = InvalidSocket;
-}
-
-void TCPServer::waitForAndReplyToRequests()
-{
-    if (m_listeningSocket == InvalidSocket)
-        return;
-    
-    m_connectionSocket = accept(m_listeningSocket, nullptr, nullptr);
-    m_socketHandler(m_connectionSocket);
-    shutdown(m_connectionSocket, SHUT_RDWR);
+    close(listeningSocket);
+    return WTF::nullopt;
 }
 
 } // namespace TestWebKitAPI
diff --git a/Tools/TestWebKitAPI/TCPServer.h b/Tools/TestWebKitAPI/TCPServer.h
@@ -27,30 +27,28 @@
 
 #include <thread>
 #include <wtf/Function.h>
+#include <wtf/Vector.h>
 
 namespace TestWebKitAPI {
 
 class TCPServer {
 public:
     using Socket = int;
-    static constexpr Socket InvalidSocket = -1;
     using Port = uint16_t;
     static constexpr Port InvalidPort = 0;
     
-    TCPServer(Function<void(Socket)>&&);
+    TCPServer(Function<void(Socket)>&&, size_t connections = 1);
     ~TCPServer();
     
     Port port() const { return m_port; }
     
 private:
-    void socketBindListen();
-    void waitForAndReplyToRequests();
+    Optional<Socket> socketBindListen(size_t connections);
 
     Port m_port { InvalidPort };
-    Socket m_listeningSocket { InvalidSocket };
-    Socket m_connectionSocket { InvalidSocket };
-    std::thread m_thread;
-    Function<void(Socket)> m_socketHandler;
+    std::thread m_listeningThread;
+    Vector<std::thread> m_connectionThreads;
+    Function<void(Socket)> m_connectionHandler;
 };
 
 } // namespace TestWebKitAPI
diff --git a/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj b/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
@@ -314,6 +314,7 @@
 		5C23DF0B2246015800F454B6 /* Challenge.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5C23DF0A2245C9D700F454B6 /* Challenge.mm */; };
 		5C2936931D5BF70D00DEAB1E /* CookieAcceptPolicy.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5C2936911D5BF63E00DEAB1E /* CookieAcceptPolicy.mm */; };
 		5C2936961D5C00ED00DEAB1E /* CookieMessage.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 5C2936941D5BFD1900DEAB1E /* CookieMessage.html */; };
+		5C4259462266A68A0039AA7A /* BasicProposedCredentialPlugIn.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5C42594422669E9B0039AA7A /* BasicProposedCredentialPlugIn.mm */; };
 		5C4A84951F7EEFFC00ACFC54 /* Configuration.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5C4A84941F7EEFD400ACFC54 /* Configuration.mm */; };
 		5C69BDD51F82A7EF000F4F4B /* JavaScriptDuringNavigation.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5C69BDD41F82A7EB000F4F4B /* JavaScriptDuringNavigation.mm */; };
 		5C6E27A7224EEBEA00128736 /* URLCanonicalization.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5C6E27A6224EEBEA00128736 /* URLCanonicalization.mm */; };
@@ -1728,6 +1729,7 @@
 		5C23DF0A2245C9D700F454B6 /* Challenge.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = Challenge.mm; sourceTree = "<group>"; };
 		5C2936911D5BF63E00DEAB1E /* CookieAcceptPolicy.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = CookieAcceptPolicy.mm; sourceTree = "<group>"; };
 		5C2936941D5BFD1900DEAB1E /* CookieMessage.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = CookieMessage.html; sourceTree = "<group>"; };
+		5C42594422669E9B0039AA7A /* BasicProposedCredentialPlugIn.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = BasicProposedCredentialPlugIn.mm; sourceTree = "<group>"; };
 		5C4A84941F7EEFD400ACFC54 /* Configuration.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = Configuration.mm; sourceTree = "<group>"; };
 		5C5E633D1D0B67940085A025 /* UniqueRef.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = UniqueRef.cpp; sourceTree = "<group>"; };
 		5C69BDD41F82A7EB000F4F4B /* JavaScriptDuringNavigation.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = JavaScriptDuringNavigation.mm; sourceTree = "<group>"; };
@@ -2529,6 +2531,7 @@
 				754CEC801F6722DC00D0039A /* AutoFillAvailable.mm */,
 				2DD355351BD08378005DF4A7 /* AutoLayoutIntegration.mm */,
 				07CD32F52065B5420064A4BE /* AVFoundationPreference.mm */,
+				5C42594422669E9B0039AA7A /* BasicProposedCredentialPlugIn.mm */,
 				374B7A5E1DF36EEE00ACCB6C /* BundleEditingDelegate.mm */,
 				374B7A5F1DF36EEE00ACCB6C /* BundleEditingDelegatePlugIn.mm */,
 				374B7A621DF3734C00ACCB6C /* BundleEditingDelegateProtocol.h */,
@@ -4483,6 +4486,7 @@
 			files = (
 				37E7DD671EA071F3009B396D /* AdditionalReadAccessAllowedURLsPlugin.mm in Sources */,
 				754CEC811F6722F200D0039A /* AutoFillAvailable.mm in Sources */,
+				5C4259462266A68A0039AA7A /* BasicProposedCredentialPlugIn.mm in Sources */,
 				374B7A611DF371CF00ACCB6C /* BundleEditingDelegatePlugIn.mm in Sources */,
 				A13EBBB01B87436F00097110 /* BundleParametersPlugIn.mm in Sources */,
 				37A709AF1E3EA97E00CA5969 /* BundleRangeHandlePlugIn.mm in Sources */,
diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/BasicProposedCredentialPlugIn.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/BasicProposedCredentialPlugIn.mm
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2019 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+
+#import <WebKit/WKBundlePage.h>
+#import <WebKit/WKBundlePageResourceLoadClient.h>
+#import <WebKit/WKWebProcessPlugIn.h>
+#import <WebKit/WKWebProcessPlugInBrowserContextControllerPrivate.h>
+
+@interface BasicProposedCredentialPlugIn : NSObject<WKWebProcessPlugIn>
+@end
+
+@implementation BasicProposedCredentialPlugIn
+
+- (void)webProcessPlugIn:(WKWebProcessPlugInController *)plugInController didCreateBrowserContextController:(WKWebProcessPlugInBrowserContextController *)browserContextController
+{
+    WKBundlePageResourceLoadClientV1 client;
+    memset(&client, 0, sizeof(client));
+    client.base.version = 1;
+    client.shouldUseCredentialStorage = [](auto...) {
+        static size_t queries { 0 };
+        ASSERT(queries < 2);
+        return !queries++;
+    };
+    WKBundlePageSetResourceLoadClient([browserContextController _bundlePageRef], &client.base);
+}
+
+@end
diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm

Original file line number	Diff line number	Diff line change
`@@ -2470,6 +2470,11 @@ StorageQuotaManager& NetworkProcess::storageQuotaManager(PAL::SessionID sessionI`
`2470`	`2470`	`}`
`2471`	`2471`
`2472`	`2472`	`#if !PLATFORM(COCOA)`
	`2473`	`+void NetworkProcess::removeCredential(WebCore::Credential&&, WebCore::ProtectionSpace&&, CompletionHandler<void()>&& completionHandler)`
	`2474`	`+{`
	`2475`	`+ completionHandler();`
	`2476`	`+}`
	`2477`	`+`
`2473`	`2478`	`void NetworkProcess::initializeProcess(const AuxiliaryProcessInitializationParameters&)`
`2474`	`2479`	`{`
`2475`	`2480`	`}`
Original file line number	Diff line number	Diff line change
`@@ -171,4 +171,5 @@ messages -> NetworkProcess LegacyReceiver {`
`171`	`171`	`ClearAdClickAttribution(PAL::SessionID sessionID) -> () Async`
`172`	`172`	`SetAdClickAttributionOverrideTimerForTesting(PAL::SessionID sessionID, bool value) -> () Async`
`173`	`173`	`SetAdClickAttributionConversionURLForTesting(PAL::SessionID sessionID, URL url) -> () Async`
	`174`	`+ RemoveCredential(WebCore::Credential credential, WebCore::ProtectionSpace protectionSpace) -> () Async`
`174`	`175`	`}`
Original file line number	Diff line number	Diff line change
`@@ -519,6 +519,13 @@ - (void)_preconnectToServer:(NSURL *)serverURL`
`519`	`519`	`_processPool->preconnectToServer(serverURL);`
`520`	`520`	`}`
`521`	`521`
	`522`	`+- (void)_removeCredential:(NSURLCredential )credential forProtectionSpace:(NSURLProtectionSpace )protectionSpace completionHandler:(void(^)())completionHandler`
	`523`	`+{`
	`524`	`+ _processPool->removeCredential(WebCore::Credential(credential), WebCore::ProtectionSpace(protectionSpace), [completionHandler = makeBlockPtr(completionHandler)] {`
	`525`	`+ completionHandler();`
	`526`	`+ });`
	`527`	`+}`
	`528`	`+`
`522`	`529`	`- (size_t)_pluginProcessCount`
`523`	`530`	`{`
`524`	`531`	`#if !PLATFORM(IOS_FAMILY)`
Original file line number	Diff line number	Diff line change
`@@ -1721,6 +1721,11 @@ void WebProcessPool::useTestingNetworkSession()`
`1721`	`1721`	`m_shouldUseTestingNetworkSession = true;`
`1722`	`1722`	`}`
`1723`	`1723`
	`1724`	`+void WebProcessPool::removeCredential(WebCore::Credential&& credential, WebCore::ProtectionSpace&& protectionSpace, CompletionHandler<void()>&& completionHandler)`
	`1725`	`+{`
	`1726`	`+ m_networkProcess->sendWithAsyncReply(Messages::NetworkProcess::RemoveCredential(credential, protectionSpace), WTFMove(completionHandler));`
	`1727`	`+}`
	`1728`	`+`
`1724`	`1729`	`template<typename T, typename U>`
`1725`	`1730`	`void WebProcessPool::sendSyncToNetworkingProcess(T&& message, U&& reply)`
`1726`	`1731`	`{`