create api to allow clients to present a client credential for authentication (facebook#22316)

jsonblob · facebook-github-bot · commit 8911353c47af · 2018-11-16T18:44:35.000-08:00
Summary: Pull Request resolved: facebook#22316 Pull Request resolved: facebook#22315 In order for TLS Mutual Auth to work for webviews, the caller must present a credential. Expose a setter that can be called to set a credential. Reviewed By: RSNara Differential Revision: D13095969 fbshipit-source-id: d136556a0030f799651d574b6e47ce38295b108e
diff --git a/React/Views/RCTWKWebView.h b/React/Views/RCTWKWebView.h
@@ -36,6 +36,7 @@ shouldStartLoadForRequest:(NSMutableDictionary<NSString *, id> *)request
 @property (nonatomic, assign) UIEdgeInsets contentInset;
 @property (nonatomic, assign) BOOL automaticallyAdjustContentInsets;
 
++ (void)setClientAuthenticationCredential:(nullable NSURLCredential*)credential;
 - (void)postMessage:(NSString *)message;
 - (void)injectJavaScript:(NSString *)script;
 - (void)goForward;
diff --git a/React/Views/RCTWKWebView.m b/React/Views/RCTWKWebView.m
@@ -10,6 +10,8 @@
 #import "RCTAutoInsetsProtocol.h"
 
 static NSString *const MessageHanderName = @"ReactNative";
+static NSURLCredential* clientAuthenticationCredential;
+
 
 @interface RCTWKWebView () <WKUIDelegate, WKNavigationDelegate, WKScriptMessageHandler, UIScrollViewDelegate, RCTAutoInsetsProtocol>
 @property (nonatomic, copy) RCTDirectEventBlock onLoadingStart;
@@ -310,6 +312,25 @@ - (void)               webView:(WKWebView *)webView
   [self setBackgroundColor: _savedBackgroundColor];
 }
 
++ (void)setClientAuthenticationCredential:(nullable NSURLCredential*)credential {
+  clientAuthenticationCredential = credential;
+}
+
+- (void)                    webView:(WKWebView *)webView
+  didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
+                  completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * _Nullable))completionHandler
+{
+  if (!clientAuthenticationCredential) {
+    completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
+    return;
+  }
+  if ([[challenge protectionSpace] authenticationMethod] == NSURLAuthenticationMethodClientCertificate) {
+    completionHandler(NSURLSessionAuthChallengeUseCredential, clientAuthenticationCredential);
+  } else {
+    completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
+}
+}
+
 - (void)evaluateJS:(NSString *)js
           thenCall: (void (^)(NSString*)) callback
 {
