Attach a SecurityStyle to each request in ResourceLoader

content/common/ssl_status_serialization.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/ssl_status_serialization.h"
 
 #include "base/logging.h"
 #include "base/pickle.h"
 
+namespace {
+
+// Checks that an integer |security_style| is a valid SecurityStyle enum
+// value. Returns true if valid, false otherwise.
+bool CheckSecurityStyle(int security_style) {
+  switch (security_style) {
+    case content::SECURITY_STYLE_UNKNOWN:
+    case content::SECURITY_STYLE_UNAUTHENTICATED:
+    case content::SECURITY_STYLE_AUTHENTICATION_BROKEN:
+    case content::SECURITY_STYLE_WARNING:
+    case content::SECURITY_STYLE_AUTHENTICATED:
+      break;
+  }
+  return true;

[davidben, 2015/07/24 22:21:52]

Doesn't this just always return true now? Probably you want return true on line
21 and return false on line 23. (Worth a unit test?)

[estark, 2015/07/25 00:38:00]

Ahhh, oops, done + unit test.

+}
+
+}  // namespace
+
 namespace content {
 
-std::string SerializeSecurityInfo(
-    int cert_id,
-    net::CertStatus cert_status,
-    int security_bits,
-    int ssl_connection_status,
-    const SignedCertificateTimestampIDStatusList&
-        signed_certificate_timestamp_ids) {
+std::string SerializeSecurityInfo(const SSLStatus& ssl_status) {
   base::Pickle pickle;
-  pickle.WriteInt(cert_id);
-  pickle.WriteUInt32(cert_status);
-  pickle.WriteInt(security_bits);
-  pickle.WriteInt(ssl_connection_status);
-  pickle.WriteInt(signed_certificate_timestamp_ids.size());
+  pickle.WriteInt(ssl_status.security_style);
+  pickle.WriteInt(ssl_status.cert_id);
+  pickle.WriteUInt32(ssl_status.cert_status);
+  pickle.WriteInt(ssl_status.security_bits);
+  pickle.WriteInt(ssl_status.connection_status);
+  pickle.WriteInt(ssl_status.signed_certificate_timestamp_ids.size());
   for (SignedCertificateTimestampIDStatusList::const_iterator iter =
-           signed_certificate_timestamp_ids.begin();
-       iter != signed_certificate_timestamp_ids.end(); ++iter) {
+           ssl_status.signed_certificate_timestamp_ids.begin();
+       iter != ssl_status.signed_certificate_timestamp_ids.end(); ++iter) {
     pickle.WriteInt(iter->id);
     pickle.WriteUInt16(iter->status);
   }
   return std::string(static_cast<const char*>(pickle.data()), pickle.size());
 }
 
 bool DeserializeSecurityInfo(const std::string& state, SSLStatus* ssl_status) {
   *ssl_status = SSLStatus();
 
   if (state.empty()) {
     // No SSL used.
     return true;
   }
 
   base::Pickle pickle(state.data(), static_cast<int>(state.size()));
   base::PickleIterator iter(pickle);
+  int security_style;
   int num_scts_to_read;
-  if (!iter.ReadInt(&ssl_status->cert_id) ||
+  if (!iter.ReadInt(&security_style) || !iter.ReadInt(&ssl_status->cert_id) ||
       !iter.ReadUInt32(&ssl_status->cert_status) ||
       !iter.ReadInt(&ssl_status->security_bits) ||
       !iter.ReadInt(&ssl_status->connection_status) ||
       !iter.ReadInt(&num_scts_to_read)) {
     *ssl_status = SSLStatus();
     return false;
   }
 
+  if (!CheckSecurityStyle(security_style)) {
+    *ssl_status = SSLStatus();
+    return false;
+  }
+
+  ssl_status->security_style = static_cast<SecurityStyle>(security_style);
+
   // Sanity check |security_bits|: the only allowed negative value is -1.
   if (ssl_status->security_bits < -1) {
     *ssl_status = SSLStatus();
     return false;
   }
 
   for (; num_scts_to_read > 0; --num_scts_to_read) {
     int id;
     uint16 status;
     if (!iter.ReadInt(&id) || !iter.ReadUInt16(&status)) {
       *ssl_status = SSLStatus();
       return false;
     }
 
     ssl_status->signed_certificate_timestamp_ids.push_back(
         SignedCertificateTimestampIDAndStatus(
             id, static_cast<net::ct::SCTVerifyStatus>(status)));
   }
 
   return true;
 }
 
 }  // namespace content