WKWebView: Added cert verification API to web controller.

ios/web/web_state/ui/crw_wk_web_view_web_controller.mm

Index: ios/web/web_state/ui/crw_wk_web_view_web_controller.mm
diff --git a/ios/web/web_state/ui/crw_wk_web_view_web_controller.mm b/ios/web/web_state/ui/crw_wk_web_view_web_controller.mm
index 0d1845039df51e0c8d9b331d76f3f73df2746cab..b17cb9f7d84e109e6fc731cc7b57092b52a1b767 100644
--- a/ios/web/web_state/ui/crw_wk_web_view_web_controller.mm
+++ b/ios/web/web_state/ui/crw_wk_web_view_web_controller.mm
@@ -19,6 +19,7 @@
 #import "ios/web/navigation/crw_session_entry.h"
 #include "ios/web/navigation/navigation_item_impl.h"
 #include "ios/web/navigation/web_load_params.h"
+#import "ios/web/net/crw_cert_verification_controller.h"
 #include "ios/web/public/web_client.h"
 #import "ios/web/public/web_state/js/crw_js_injection_manager.h"
 #import "ios/web/public/web_state/ui/crw_native_content_provider.h"
@@ -135,6 +136,12 @@ WKWebViewErrorSource WKWebViewErrorSourceFromError(NSError* error) {
 
   // CRWWebUIManager object for loading WebUI pages.
   base::scoped_nsobject<CRWWebUIManager> _webUIManager;
+
+  // Controller used for certs verification to help with blocking requests with
+  // bad SSL cert, presenting SSL interstitials and determining SSL status for
+  // Navigation Items.
+  base::scoped_nsobject<CRWCertVerificationController>
+      _certVerificationController;
 }
 
 // Response's MIME type of the last known navigation.
@@ -287,7 +294,14 @@ WKWebViewErrorSource WKWebViewErrorSourceFromError(NSError* error) {
 #pragma mark CRWWebController public methods
 
 - (instancetype)initWithWebState:(scoped_ptr<web::WebStateImpl>)webState {
-  return [super initWithWebState:webState.Pass()];
+  DCHECK(webState);
+  web::BrowserState* browserState = webState->GetBrowserState();
+  self = [super initWithWebState:webState.Pass()];
+  if (self) {
+    _certVerificationController.reset([[CRWCertVerificationController alloc]
+        initWithBrowserState:browserState]);
+  }
+  return self;
 }
 
 - (BOOL)keyboardDisplayRequiresUserAction {
@@ -329,6 +343,11 @@ WKWebViewErrorSource WKWebViewErrorSourceFromError(NSError* error) {
   [super setPageDialogOpenPolicy:policy];
 }
 
+- (void)close {
+  [_certVerificationController shutDown];
+  [super close];
+}
+
 #pragma mark -
 #pragma mark Testing-Only Methods
 
@@ -1325,8 +1344,22 @@ WKWebViewErrorSource WKWebViewErrorSourceFromError(NSError* error) {
                     completionHandler:
         (void (^)(NSURLSessionAuthChallengeDisposition disposition,
                   NSURLCredential *credential))completionHandler {
-  NOTIMPLEMENTED();
-  completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace, nil);
+  if (![challenge.protectionSpace.authenticationMethod
+          isEqual:NSURLAuthenticationMethodServerTrust]) {
+    completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
+    return;
+  }
+
+  SecTrustRef trust = challenge.protectionSpace.serverTrust;
+  scoped_refptr<net::X509Certificate> cert = web::CreateCertFromTrust(trust);
+  [_certVerificationController
+      decidePolicyForCert:cert
+                     host:challenge.protectionSpace.host
+        completionHandler:^(web::CertAcceptPolicy policy,
+                            net::CertStatus status) {
+          completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace,
+                            nil);
+        }];
 }
 
 - (void)webViewWebContentProcessDidTerminate:(WKWebView*)webView {