create api to allow clients to present a client credential for authentication (#22316)

Summary: Pull Request resolved: https://github.com/facebook/react-native/pull/22316 Pull Request resolved: https://github.com/facebook/react-native/pull/22315 In order for TLS Mutual Auth to work for webviews, the caller must present a credential. Expose a setter that can be called to set a credential. Reviewed By: RSNara Differential Revision: D13095969 fbshipit-source-id: d136556a0030f799651d574b6e47ce38295b108e
2018-11-16 18:01:24 -08:00 · 2018-11-16 18:01:24 -08:00 · 8911353c47
--- a/React/Views/RCTWKWebView.h
+++ b/React/Views/RCTWKWebView.h
@ -36,6 +36,7 @@ shouldStartLoadForRequest:(NSMutableDictionary<NSString *, id> *)request
@property (nonatomic, assign) UIEdgeInsets contentInset;
@property (nonatomic, assign) BOOL automaticallyAdjustContentInsets;

+ (void)setClientAuthenticationCredential:(nullable NSURLCredential*)credential;
 - (void)postMessage:(NSString *)message;
 - (void)injectJavaScript:(NSString *)script;
 - (void)goForward;
--- a/React/Views/RCTWKWebView.m
+++ b/React/Views/RCTWKWebView.m
@ -10,6 +10,8 @@
 #import "RCTAutoInsetsProtocol.h"

 static NSString *const MessageHanderName = @"ReactNative";
+static NSURLCredential* clientAuthenticationCredential;
+

@interface RCTWKWebView () <WKUIDelegate, WKNavigationDelegate, WKScriptMessageHandler, UIScrollViewDelegate, RCTAutoInsetsProtocol>
@property (nonatomic, copy) RCTDirectEventBlock onLoadingStart;
@ -310,6 +312,25 @@ static NSString *const MessageHanderName = @"ReactNative";
  [self setBackgroundColor: _savedBackgroundColor];
 }

+ (void)setClientAuthenticationCredential:(nullable NSURLCredential*)credential {
+  clientAuthenticationCredential = credential;
+}
+
+- (void)                    webView:(WKWebView *)webView
+  didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
+                  completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * _Nullable))completionHandler
+{
+  if (!clientAuthenticationCredential) {
+    completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
+    return;
+  }
+  if ([[challenge protectionSpace] authenticationMethod] == NSURLAuthenticationMethodClientCertificate) {
+    completionHandler(NSURLSessionAuthChallengeUseCredential, clientAuthenticationCredential);
+  } else {
+    completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
+}
+}
+
 - (void)evaluateJS:(NSString *)js
          thenCall: (void (^)(NSString*)) callback
 {