Reland: WKWebView: Added cert verification API to web controller.

ios/web/web_state/ui/crw_wk_web_view_web_controller.mm

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #import "ios/web/web_state/ui/crw_wk_web_view_web_controller.h"
 
 #import <WebKit/WebKit.h>
 
 #include "base/ios/ios_util.h"
 #include "base/ios/weak_nsobject.h"
 #include "base/json/json_reader.h"
 #import "base/mac/scoped_nsobject.h"
 #include "base/macros.h"
 #include "base/strings/sys_string_conversions.h"
 #include "base/values.h"
 #import "ios/net/http_response_headers_util.h"
 #import "ios/web/crw_network_activity_indicator_manager.h"
 #import "ios/web/navigation/crw_session_controller.h"
 #import "ios/web/navigation/crw_session_entry.h"
 #include "ios/web/navigation/navigation_item_impl.h"
 #include "ios/web/navigation/web_load_params.h"
+#import "ios/web/net/crw_cert_verification_controller.h"
+#include "ios/web/public/cert_store.h"
+#include "ios/web/public/navigation_item.h"
+#include "ios/web/public/ssl_status.h"
 #include "ios/web/public/web_client.h"
 #import "ios/web/public/web_state/js/crw_js_injection_manager.h"
 #import "ios/web/public/web_state/ui/crw_native_content_provider.h"
 #import "ios/web/public/web_state/ui/crw_web_view_content_view.h"
 #import "ios/web/ui_web_view_util.h"
 #include "ios/web/web_state/blocked_popup_info.h"
 #import "ios/web/web_state/error_translation_util.h"
 #include "ios/web/web_state/frame_info.h"
 #import "ios/web/web_state/js/crw_js_window_id_manager.h"
 #import "ios/web/web_state/js/page_script_util.h"
 #import "ios/web/web_state/ui/crw_web_controller+protected.h"
 #import "ios/web/web_state/ui/crw_wk_web_view_crash_detector.h"
 #import "ios/web/web_state/ui/web_view_js_utils.h"
 #import "ios/web/web_state/ui/wk_back_forward_list_item_holder.h"
 #import "ios/web/web_state/ui/wk_web_view_configuration_provider.h"
 #import "ios/web/web_state/web_state_impl.h"
 #import "ios/web/web_state/web_view_internal_creation_util.h"
+#import "ios/web/web_state/wk_web_view_security_util.h"
 #import "ios/web/webui/crw_web_ui_manager.h"
+#include "net/cert/x509_certificate.h"
 #import "net/base/mac/url_conversions.h"
+#include "net/ssl/ssl_info.h"
 #include "url/url_constants.h"
 
-#if !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW)
-#include "ios/web/public/cert_store.h"
-#include "ios/web/public/navigation_item.h"
-#include "ios/web/public/ssl_status.h"
-#import "ios/web/web_state/wk_web_view_security_util.h"
-#include "net/cert/x509_certificate.h"
-#include "net/ssl/ssl_info.h"
-#endif
-
 namespace {
 // Extracts Referer value from WKNavigationAction request header.
 NSString* GetRefererFromNavigationAction(WKNavigationAction* action) {
   return [action.request valueForHTTPHeaderField:@"Referer"];
 }
 
 NSString* const kScriptMessageName = @"crwebinvoke";
 NSString* const kScriptImmediateName = @"crwebinvokeimmediate";
 
 // Utility functions for storing the source of NSErrors received by WKWebViews:
@@ skipping 67 matching lines @@
 
   // Whether the web page is currently performing window.history.pushState or
   // window.history.replaceState
   // Set to YES on window.history.willChangeState message. To NO on
   // window.history.didPushState or window.history.didReplaceState.
   BOOL _changingHistoryState;
 
   // CRWWebUIManager object for loading WebUI pages.
   base::scoped_nsobject<CRWWebUIManager> _webUIManager;
 
+  // Controller used for certs verification to help with blocking requests with
+  // bad SSL cert, presenting SSL interstitials and determining SSL status for
+  // Navigation Items.
+  base::scoped_nsobject<CRWCertVerificationController>
+      _certVerificationController;
+
   // Whether the pending navigation has been directly cancelled in
   // |decidePolicyForNavigationAction| or |decidePolicyForNavigationResponse|.
   // Cancelled navigations should be simply discarded without handling any
   // specific error.
   BOOL _pendingNavigationCancelled;
 }
 
 // Response's MIME type of the last known navigation.
 @property(nonatomic, copy) NSString* documentMIMEType;
 
@@ skipping 137 matching lines @@
 // Called when WKWebView URL has been changed.
 - (void)webViewURLDidChange;
 
 @end
 
 @implementation CRWWKWebViewWebController
 
 #pragma mark CRWWebController public methods
 
 - (instancetype)initWithWebState:(scoped_ptr<web::WebStateImpl>)webState {
-  return [super initWithWebState:webState.Pass()];
+  DCHECK(webState);
+  web::BrowserState* browserState = webState->GetBrowserState();
+  self = [super initWithWebState:webState.Pass()];
+  if (self) {
+    _certVerificationController.reset([[CRWCertVerificationController alloc]
+        initWithBrowserState:browserState]);
+  }
+  return self;
 }
 
 - (BOOL)keyboardDisplayRequiresUserAction {
   // TODO(stuartmorgan): Find out whether YES or NO is correct; see comment
   // in protected header.
   NOTIMPLEMENTED();
   return NO;
 }
 
 - (void)setKeyboardDisplayRequiresUserAction:(BOOL)requiresUserAction {
@@ skipping 21 matching lines @@
   [super terminateNetworkActivity];
 }
 #endif  // #if !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW)
 
 - (void)setPageDialogOpenPolicy:(web::PageDialogOpenPolicy)policy {
   // TODO(eugenebut): implement dialogs/windows suppression using
   // WKNavigationDelegate methods where possible.
   [super setPageDialogOpenPolicy:policy];
 }
 
+- (void)close {
+  [_certVerificationController shutDown];
+  [super close];
+}
+
 #pragma mark -
 #pragma mark Testing-Only Methods
 
 - (void)injectWebViewContentView:(CRWWebViewContentView*)webViewContentView {
   [super injectWebViewContentView:webViewContentView];
   [self setWebView:static_cast<WKWebView*>(webViewContentView.webView)];
 }
 
 #pragma mark - Protected property implementations
 
@@ skipping 989 matching lines @@
             withError:(NSError *)error {
   [self handleLoadError:WKWebViewErrorWithSource(error, NAVIGATION)
             inMainFrame:YES];
 }
 
 - (void)webView:(WKWebView *)webView
     didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
                     completionHandler:
         (void (^)(NSURLSessionAuthChallengeDisposition disposition,
                   NSURLCredential *credential))completionHandler {
-  NOTIMPLEMENTED();
-  completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace, nil);
+  if (![challenge.protectionSpace.authenticationMethod
+          isEqual:NSURLAuthenticationMethodServerTrust]) {
+    completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
+    return;
+  }
+
+  SecTrustRef trust = challenge.protectionSpace.serverTrust;
+  scoped_refptr<net::X509Certificate> cert = web::CreateCertFromTrust(trust);
+  [_certVerificationController
+      decidePolicyForCert:cert
+                     host:challenge.protectionSpace.host
+        completionHandler:^(web::CertAcceptPolicy policy,
+                            net::CertStatus status) {
+          completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace,
+                            nil);
+        }];
 }
 
 - (void)webViewWebContentProcessDidTerminate:(WKWebView*)webView {
   [self webViewWebProcessDidCrash];
 }
 
 #pragma mark WKUIDelegate Methods
 
 - (WKWebView*)webView:(WKWebView*)webView
     createWebViewWithConfiguration:(WKWebViewConfiguration*)configuration
@@ skipping 78 matching lines @@
                               placeholderText:defaultText
                                    requestURL:
             net::GURLWithNSURL(frame.request.URL)
                             completionHandler:completionHandler];
   } else if (completionHandler) {
     completionHandler(nil);
   }
 }
 
 @end