WKWebView: Added cert verification API to web controller.

ios/web/web_state/ui/crw_wk_web_view_web_controller.mm

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #import "ios/web/web_state/ui/crw_wk_web_view_web_controller.h"
 
 #import <WebKit/WebKit.h>
 
 #include "base/ios/ios_util.h"
 #include "base/ios/weak_nsobject.h"
 #include "base/json/json_reader.h"
+#include "base/mac/bind_objc_block.h"
 #import "base/mac/scoped_nsobject.h"
 #include "base/macros.h"
+#import "base/memory/scoped_ptr.h"
 #include "base/strings/sys_string_conversions.h"
 #include "base/values.h"
 #import "ios/net/http_response_headers_util.h"
 #import "ios/web/crw_network_activity_indicator_manager.h"
 #import "ios/web/navigation/crw_session_controller.h"
 #include "ios/web/navigation/web_load_params.h"
+#include "ios/web/net/cert_verifier_block_adapter.h"
+#include "ios/web/public/browser_state.h"
 #include "ios/web/public/web_client.h"
+#include "ios/web/public/web_thread.h"
 #import "ios/web/public/web_state/js/crw_js_injection_manager.h"
 #import "ios/web/public/web_state/ui/crw_native_content_provider.h"
 #import "ios/web/public/web_state/ui/crw_web_view_content_view.h"
 #import "ios/web/ui_web_view_util.h"
 #include "ios/web/web_state/blocked_popup_info.h"
 #import "ios/web/web_state/error_translation_util.h"
 #include "ios/web/web_state/frame_info.h"
 #import "ios/web/web_state/js/crw_js_window_id_manager.h"
 #import "ios/web/web_state/js/page_script_util.h"
 #import "ios/web/web_state/ui/crw_web_controller+protected.h"
 #import "ios/web/web_state/ui/crw_wk_web_view_crash_detector.h"
 #import "ios/web/web_state/ui/web_view_js_utils.h"
 #import "ios/web/web_state/ui/wk_web_view_configuration_provider.h"
 #import "ios/web/web_state/web_state_impl.h"
 #import "ios/web/web_state/web_view_internal_creation_util.h"
 #import "ios/web/webui/crw_web_ui_manager.h"
 #import "net/base/mac/url_conversions.h"
+#include "net/cert/cert_verify_result.h"
+#include "net/ssl/ssl_config_service.h"
+#include "net/url_request/url_request_context.h"
 
 #if !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW)
 #include "ios/web/public/cert_store.h"
 #include "ios/web/public/navigation_item.h"
 #include "ios/web/public/ssl_status.h"
 #import "ios/web/web_state/wk_web_view_security_util.h"
 #include "net/cert/x509_certificate.h"
 #include "net/ssl/ssl_info.h"
 #endif
 
 namespace {
 // Extracts Referer value from WKNavigationAction request header.
 NSString* GetRefererFromNavigationAction(WKNavigationAction* action) {
   return [action.request valueForHTTPHeaderField:@"Referer"];
 }
 
+// Returns net::URLRequestContext obtained from the given |webState|.
+net::URLRequestContext* GetURLRequestContext(web::WebState* webState) {
+  DCHECK(webState);
+  auto contextGetter = webState->GetBrowserState()->GetRequestContext();

[Ryan Sleevi, 2015/08/06 03:07:09]

This is not a valid (Chromium) use of auto

See the discussion on automatic types linked from
https://chromium-cpp.appspot.com/ , particularly
https://groups.google.com/a/chromium.org/d/msg/chromium-dev/5-Bt3BJzAo0/EWcU2...

This entirely hides the ownership semantics, and while some argued that's a
feature, the //base and style owners seemed to agree it was a bug, and thus you
shouldn't use auto like this.

It's also not consistent with the admonition of "use manifest type declarations
when it helps readability" of
http://google-styleguide.googlecode.com/svn/trunk/cppguide.html#auto

[Eugene But (OOO till 7-30), 2015/08/07 02:27:20]

I used auto to avoid a linebreak. But I'm not very attached to this code. Done.

+  DCHECK(contextGetter);
+  return contextGetter->GetURLRequestContext();
+}
+
 NSString* const kScriptMessageName = @"crwebinvoke";
 NSString* const kScriptImmediateName = @"crwebinvokeimmediate";
 
 // Utility functions for storing the source of NSErrors received by WKWebViews:
 // - Errors received by |-webView:didFailProvisionalNavigation:withError:| are
 //   recorded using WKWebViewErrorSource::PROVISIONAL_LOAD.  These should be
 //   aborted.
 // - Errors received by |-webView:didFailNavigation:withError:| are recorded
 //   using WKWebViewsource::NAVIGATION.  These errors should not be aborted, as
 //   the WKWebView will automatically retry the load.
@@ skipping 60 matching lines @@
   WKNavigationType _lastNavigationTypeForMainFrame;
 
   // Whether the web page is currently performing window.history.pushState or
   // window.history.replaceState
   // Set to YES on window.history.willChangeState message. To NO on
   // window.history.didPushState or window.history.didReplaceState.
   BOOL _changingHistoryState;
 
   // CRWWebUIManager object for loading WebUI pages.
   base::scoped_nsobject<CRWWebUIManager> _webUIManager;
+
+  // Backs up property with the same name.
+  scoped_ptr<net::CertVerifierBlockAdapter> _certVerifier;
 }
 
 // Response's MIME type of the last known navigation.
 @property(nonatomic, copy) NSString* documentMIMEType;
 
 // Dictionary where keys are the names of WKWebView properties and values are
 // selector names which should be called when a corresponding property has
 // changed. e.g. @{ @"URL" : @"webViewURLDidChange" } means that
 // -[self webViewURLDidChange] must be called every time when WKWebView.URL is
 // changed.
 @property(nonatomic, readonly) NSDictionary* wkWebViewObservers;
 
 // Activity indicator group ID for this web controller.
 @property(nonatomic, readonly) NSString* activityIndicatorGroupID;
 
 #if !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW)
 // Identifier used for storing and retrieving certificates.
 @property(nonatomic, readonly) int certGroupID;
 #endif  // #if !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW)
 
+// Cert verification flags. Must be called on IO Thread.
+@property(nonatomic, readonly) net::CertVerifier::VerifyFlags certVerifyFlags;
+
+// Cert verification object which wraps net::CertVerifier. Must be called on
+// IO Thread.
+@property(nonatomic, readonly) net::CertVerifierBlockAdapter* certVerifier;
+
 // Returns the WKWebViewConfigurationProvider associated with the web
 // controller's BrowserState.
 - (web::WKWebViewConfigurationProvider&)webViewConfigurationProvider;
 
 // Creates a web view with given |config|. No-op if web view is already created.
 - (void)ensureWebViewCreatedWithConfiguration:(WKWebViewConfiguration*)config;
 
 // Returns a new autoreleased web view created with given configuration.
 - (WKWebView*)createWebViewWithConfiguration:(WKWebViewConfiguration*)config;
 
@@ skipping 69 matching lines @@
 // _documentURL, and informs the superclass of the change.
 - (void)URLDidChangeWithoutDocumentChange:(const GURL&)URL;
 
 // Returns new autoreleased instance of WKUserContentController which has
 // early page script.
 - (WKUserContentController*)createUserContentController;
 
 // Attempts to handle a script message. Returns YES on success, NO otherwise.
 - (BOOL)respondToWKScriptMessage:(WKScriptMessage*)scriptMessage;
 
+// Verifies the given |cert| for the given |host| and calls |block| on
+// completion. |block| can not be null and will be called asynchronously on the
+// main thread.
+- (void)verifyCert:(scoped_refptr<net::X509Certificate>)cert
+              forHost:(NSString*)host
+    completionHandler:(void (^)(net::CertVerifyResult, int))block;
+
 // Used to decide whether a load that generates errors with the
 // NSURLErrorCancelled code should be cancelled.
 - (BOOL)shouldAbortLoadForCancelledError:(NSError*)error;
 
 #if !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW)
 // Called when WKWebView estimatedProgress has been changed.
 - (void)webViewEstimatedProgressDidChange;
 
 // Called when WKWebView certificateChain or hasOnlySecureContent property has
 // changed.
@@ skipping 243 matching lines @@
 }
 
 #if !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW)
 - (int)certGroupID {
   DCHECK(self.webStateImpl);
   // Request tracker IDs are used as certificate groups.
   return self.webStateImpl->GetRequestTracker()->identifier();
 }
 #endif
 
+- (net::CertVerifier::VerifyFlags)certVerifyFlags {
+  net::URLRequestContext* context = GetURLRequestContext(self.webState);
+  DCHECK(context);
+  net::SSLConfigService* SSLConfigService = context->ssl_config_service();
+  DCHECK(SSLConfigService);
+  net::SSLConfig config;
+  SSLConfigService->GetSSLConfig(&config);
+  return static_cast<net::CertVerifier::VerifyFlags>(
+      config.GetCertVerifyFlags());
+}
+
+- (net::CertVerifierBlockAdapter*)certVerifier {
+  if (!_certVerifier) {

[Ryan Sleevi, 2015/08/06 03:07:09]

Why do you lazily create this?

[Eugene But (OOO till 7-30), 2015/08/07 02:27:20]

I can't create this in -init, because GetURLRequestContext can be called on IO
thread.
What I can do is to create a separate net::CertVerifierBlockAdapter object for
every cert evaluation, but I don't see why it would be better.

+    net::URLRequestContext* context = GetURLRequestContext(self.webState);
+    DCHECK(context);
+    _certVerifier.reset(
+        new net::CertVerifierBlockAdapter(context->cert_verifier()));
+  }
+  return _certVerifier.get();
+}
+
 - (web::WKWebViewConfigurationProvider&)webViewConfigurationProvider {
   DCHECK(self.webStateImpl);
   web::BrowserState* browserState = self.webStateImpl->GetBrowserState();
   return web::WKWebViewConfigurationProvider::FromBrowserState(browserState);
 }
 
 - (void)ensureWebViewCreatedWithConfiguration:(WKWebViewConfiguration*)config {
   if (!_wkWebView) {
     // Use a separate userContentController for each web view.
     // WKUserContentController does not allow adding multiple script message
@@ skipping 329 matching lines @@
     (*handlers)["window.history.willChangeState"] =
         @selector(handleWindowHistoryWillChangeStateMessage:context:);
   });
   DCHECK(handlers);
   auto iter = handlers->find(command);
   return iter != handlers->end()
              ? iter->second
              : [super selectorToHandleJavaScriptCommand:command];
 }
 
+- (void)verifyCert:(scoped_refptr<net::X509Certificate>)cert
+              forHost:(NSString*)host
+    completionHandler:(void (^)(net::CertVerifyResult, int))completionHandler {
+  DCHECK(completionHandler);
+  base::WeakNSObject<CRWWKWebViewWebController> weakSelf(self);
+  web::WebThread::PostTask(web::WebThread::IO, FROM_HERE, base::BindBlock(^{
+    // WeakNSObject does not work across different threads, hence this block
+    // retains self.
+    if ([self isBeingDestroyed]) {
+      completionHandler(net::CertVerifyResult(), net::ERR_FAILED);
+      return;
+    }
+
+    std::string hostname = base::SysNSStringToUTF8(host);
+    net::CertVerifierBlockAdapter::Params params(cert, hostname);
+    params.ocsp_response = "";  // Not provided by iOS API.
+    params.flags = self.certVerifyFlags;
+    params.crl_set = net::SSLConfigService::GetCRLSet().Pass();
+
+    self.certVerifier->Verify(
+        params, ^(net::CertVerifyResult result, int status) {
+          dispatch_async(dispatch_get_main_queue(), ^{
+            completionHandler(result, status);
+          });
+        });
+  }));
+}
+
 - (BOOL)shouldAbortLoadForCancelledError:(NSError*)error {
   DCHECK_EQ(error.code, NSURLErrorCancelled);
   // Do not abort the load if it is for an app specific URL, as such errors
   // are produced during the app specific URL load process.
   const GURL errorURL =
       net::GURLWithNSURL(error.userInfo[NSURLErrorFailingURLErrorKey]);
   if (web::GetWebClient()->IsAppSpecificURL(errorURL))
     return NO;
   // Don't abort NSURLErrorCancelled errors originating from navigation
   // as the WKWebView will automatically retry these loads.
@@ skipping 316 matching lines @@
             withError:(NSError *)error {
   [self handleLoadError:WKWebViewErrorWithSource(error, NAVIGATION)
             inMainFrame:YES];
 }
 
 - (void)webView:(WKWebView *)webView
     didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
                     completionHandler:
         (void (^)(NSURLSessionAuthChallengeDisposition disposition,
                   NSURLCredential *credential))completionHandler {
-  NOTIMPLEMENTED();
-  completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace, nil);
+  if (![challenge.protectionSpace.authenticationMethod
+          isEqual:NSURLAuthenticationMethodServerTrust]) {
+    completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
+    return;
+  }
+
+  SecTrustRef trust = challenge.protectionSpace.serverTrust;
+  scoped_refptr<net::X509Certificate> cert = web::CreateCertFromTrust(trust);
+  [self verifyCert:cert
+                forHost:challenge.protectionSpace.host
+      completionHandler:^(net::CertVerifyResult result, int status) {
+        bool isCertValid = status == net::OK &&
+                           !net::IsCertStatusError(result.cert_status) &&
+                           !net::IsCertStatusMinorError(result.cert_status);
+        if (isCertValid) {
+          // Cert is valid.
+        } else {
+          // Cert is invalid.
+        }
+        NOTIMPLEMENTED();
+        completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
+      }];
 }
 
 - (void)webViewWebContentProcessDidTerminate:(WKWebView*)webView {
   [self webViewWebProcessDidCrash];
 }
 
 #pragma mark WKUIDelegate Methods
 
 - (WKWebView*)webView:(WKWebView*)webView
     createWebViewWithConfiguration:(WKWebViewConfiguration*)configuration
@@ skipping 78 matching lines @@
                               placeholderText:defaultText
                                    requestURL:
             net::GURLWithNSURL(frame.request.URL)
                             completionHandler:completionHandler];
   } else if (completionHandler) {
     completionHandler(nil);
   }
 }
 
 @end