From 8911353c47af018f78c1cff59dfab05b975e39ed Mon Sep 17 00:00:00 2001
From: Jason Hu <jasonhu@fb.com>
Date: Fri, 16 Nov 2018 18:01:24 -0800
Subject: [PATCH] create api to allow clients to present a client credential
 for authentication (#22316)

Summary:
Pull Request resolved: https://github.com/facebook/react-native/pull/22316

Pull Request resolved: https://github.com/facebook/react-native/pull/22315

In order for TLS Mutual Auth to work for webviews, the caller must present a credential. Expose a setter that can be called to set a credential.

Reviewed By: RSNara

Differential Revision: D13095969

fbshipit-source-id: d136556a0030f799651d574b6e47ce38295b108e
---
 React/Views/RCTWKWebView.h |  1 +
 React/Views/RCTWKWebView.m | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/React/Views/RCTWKWebView.h b/React/Views/RCTWKWebView.h
index 13f98aff54..04b6e4e4cc 100644
--- a/React/Views/RCTWKWebView.h
+++ b/React/Views/RCTWKWebView.h
@@ -36,6 +36,7 @@ shouldStartLoadForRequest:(NSMutableDictionary<NSString *, id> *)request
 @property (nonatomic, assign) UIEdgeInsets contentInset;
 @property (nonatomic, assign) BOOL automaticallyAdjustContentInsets;
 
++ (void)setClientAuthenticationCredential:(nullable NSURLCredential*)credential;
 - (void)postMessage:(NSString *)message;
 - (void)injectJavaScript:(NSString *)script;
 - (void)goForward;
diff --git a/React/Views/RCTWKWebView.m b/React/Views/RCTWKWebView.m
index 9f8e3443ec..79f81df5de 100644
--- a/React/Views/RCTWKWebView.m
+++ b/React/Views/RCTWKWebView.m
@@ -10,6 +10,8 @@
 #import "RCTAutoInsetsProtocol.h"
 
 static NSString *const MessageHanderName = @"ReactNative";
+static NSURLCredential* clientAuthenticationCredential;
+
 
 @interface RCTWKWebView () <WKUIDelegate, WKNavigationDelegate, WKScriptMessageHandler, UIScrollViewDelegate, RCTAutoInsetsProtocol>
 @property (nonatomic, copy) RCTDirectEventBlock onLoadingStart;
@@ -310,6 +312,25 @@ static NSString *const MessageHanderName = @"ReactNative";
   [self setBackgroundColor: _savedBackgroundColor];
 }
 
++ (void)setClientAuthenticationCredential:(nullable NSURLCredential*)credential {
+  clientAuthenticationCredential = credential;
+}
+
+- (void)                    webView:(WKWebView *)webView
+  didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
+                  completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * _Nullable))completionHandler
+{
+  if (!clientAuthenticationCredential) {
+    completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
+    return;
+  }
+  if ([[challenge protectionSpace] authenticationMethod] == NSURLAuthenticationMethodClientCertificate) {
+    completionHandler(NSURLSessionAuthChallengeUseCredential, clientAuthenticationCredential);
+  } else {
+    completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
+}
+}
+
 - (void)evaluateJS:(NSString *)js
           thenCall: (void (^)(NSString*)) callback
 {