Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(400)

Side by Side Diff: ios/web/web_state/ui/crw_wk_web_view_web_controller.mm

Issue 1322193003: WKWebView(iOS9): correctly update SSL status for current navigation item (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@reland_cert_verification
Patch Set: Minor comments update. Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #import "ios/web/web_state/ui/crw_wk_web_view_web_controller.h" 5 #import "ios/web/web_state/ui/crw_wk_web_view_web_controller.h"
6 6
7 #import <WebKit/WebKit.h> 7 #import <WebKit/WebKit.h>
8 8
9 #include "base/ios/ios_util.h" 9 #include "base/ios/ios_util.h"
10 #include "base/ios/weak_nsobject.h" 10 #include "base/ios/weak_nsobject.h"
(...skipping 232 matching lines...) Expand 10 before | Expand all | Expand 10 after
243 // Called when a load ends in an SSL error. 243 // Called when a load ends in an SSL error.
244 - (void)handleSSLError:(NSError*)error; 244 - (void)handleSSLError:(NSError*)error;
245 #endif 245 #endif
246 246
247 // Adds an activity indicator tasks for this web controller. 247 // Adds an activity indicator tasks for this web controller.
248 - (void)addActivityIndicatorTask; 248 - (void)addActivityIndicatorTask;
249 249
250 // Clears all activity indicator tasks for this web controller. 250 // Clears all activity indicator tasks for this web controller.
251 - (void)clearActivityIndicatorTasks; 251 - (void)clearActivityIndicatorTasks;
252 252
253 // Obtains SSL status from given |certChain| and updates it for navigation items
stuartmorgan 2015/09/22 20:30:28 "it" here would be the SSL status of the cert chai
Eugene But (OOO till 7-30) 2015/09/22 22:43:04 Yes, navigation items are updated. Fixed comment.
254 // with given |certID|.
255 - (void)updateSSLStatusForNavigationItemsWithCertID:(int)certID
256 usingCertChain:(NSArray*)certChain;
257
253 #if !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW) 258 #if !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW)
254 // Updates SSL status for the current navigation item based on the information 259 // Updates SSL status for the current navigation item based on the information
255 // provided by web view. 260 // provided by web view.
256 - (void)updateSSLStatusForCurrentNavigationItem; 261 - (void)updateSSLStatusForCurrentNavigationItem;
257 #endif 262 #endif
258 263
259 // Registers load request with empty referrer and link or client redirect 264 // Registers load request with empty referrer and link or client redirect
260 // transition based on user interaction state. 265 // transition based on user interaction state.
261 - (void)registerLoadRequest:(const GURL&)url; 266 - (void)registerLoadRequest:(const GURL&)url;
262 267
(...skipping 594 matching lines...) Expand 10 before | Expand all | Expand 10 after
857 - (void)addActivityIndicatorTask { 862 - (void)addActivityIndicatorTask {
858 [[CRWNetworkActivityIndicatorManager sharedInstance] 863 [[CRWNetworkActivityIndicatorManager sharedInstance]
859 startNetworkTaskForGroup:[self activityIndicatorGroupID]]; 864 startNetworkTaskForGroup:[self activityIndicatorGroupID]];
860 } 865 }
861 866
862 - (void)clearActivityIndicatorTasks { 867 - (void)clearActivityIndicatorTasks {
863 [[CRWNetworkActivityIndicatorManager sharedInstance] 868 [[CRWNetworkActivityIndicatorManager sharedInstance]
864 clearNetworkTasksForGroup:[self activityIndicatorGroupID]]; 869 clearNetworkTasksForGroup:[self activityIndicatorGroupID]];
865 } 870 }
866 871
872 - (void)updateSSLStatusForNavigationItemsWithCertID:(int)certID
873 usingCertChain:(NSArray*)certChain {
874 base::WeakNSObject<CRWWKWebViewWebController> weakSelf(self);
875 void (^SSLStatusResponse)(web::SecurityStyle, net::CertStatus) =
876 ^(web::SecurityStyle style, net::CertStatus certStatus) {
877 base::scoped_nsobject<CRWWKWebViewWebController> strongSelf(
878 [weakSelf retain]);
879 if (!strongSelf || [strongSelf isBeingDestroyed]) {
880 return;
881 }
882
883 web::NavigationManager* navigationManager =
884 [strongSelf webStateImpl]->GetNavigationManager();
885 int currentItemIndex = navigationManager->GetCurrentEntryIndex();
886
887 bool updatedCurrentItem = false;
888 for (int i = 0; i < navigationManager->GetEntryCount(); i++) {
889 web::NavigationItem* item = navigationManager->GetItemAtIndex(i);
890 web::SSLStatus& SSLStatus = item->GetSSL();
891 if (SSLStatus.cert_id == certID) {
892 web::SSLStatus previousSSLStatus = item->GetSSL();
893 SSLStatus.cert_status = certStatus;
894 SSLStatus.security_style = style;
895 if (currentItemIndex == i && !previousSSLStatus.Equals(SSLStatus)) {
896 updatedCurrentItem = true;
897 }
898 }
899 }
900
901 if (updatedCurrentItem) {
902 [strongSelf didUpdateSSLStatusForCurrentNavigationItem];
903 }
904 };
905
906 [_certVerificationController querySSLStatusForCertChain:certChain
907 host:[_wkWebView URL].host
908 completionHandler:SSLStatusResponse];
909 }
910
867 #if !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW) 911 #if !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW)
912
868 - (void)updateSSLStatusForCurrentNavigationItem { 913 - (void)updateSSLStatusForCurrentNavigationItem {
869 if ([self isBeingDestroyed]) 914 if ([self isBeingDestroyed])
870 return; 915 return;
871 916
872 DCHECK(self.webStateImpl);
873 web::NavigationItem* item = 917 web::NavigationItem* item =
874 self.webStateImpl->GetNavigationManagerImpl().GetLastCommittedItem(); 918 self.webStateImpl->GetNavigationManagerImpl().GetLastCommittedItem();
875 if (!item) 919 if (!item)
876 return; 920 return;
877 921
878 web::SSLStatus previousSSLStatus = item->GetSSL(); 922 web::SSLStatus previousSSLStatus = item->GetSSL();
879 web::SSLStatus& SSLStatus = item->GetSSL(); 923 web::SSLStatus& SSLStatus = item->GetSSL();
880 if (item->GetURL().SchemeIsCryptographic()) {
881 // TODO(eugenebut): Do not set security style to authenticated once
882 // proceeding with bad ssl cert is implemented.
883 SSLStatus.security_style = web::SECURITY_STYLE_AUTHENTICATED;
884 SSLStatus.content_status = [_wkWebView hasOnlySecureContent]
885 ? web::SSLStatus::NORMAL_CONTENT
886 : web::SSLStatus::DISPLAYED_INSECURE_CONTENT;
887 924
888 if (base::ios::IsRunningOnIOS9OrLater()) { 925 // Starting from iOS9 WKWebView blocks active mixed content, so if
889 scoped_refptr<net::X509Certificate> cert(web::CreateCertFromChain( 926 // |hasOnlySecureContent| returns NO it means passive content.
890 [_wkWebView performSelector:@selector(certificateChain)])); 927 // On iOS8 there is no way to determine if web view has active mixed content.
891 if (cert) { 928 SSLStatus.content_status = [_wkWebView hasOnlySecureContent]
892 SSLStatus.cert_id = web::CertStore::GetInstance()->StoreCert( 929 ? web::SSLStatus::NORMAL_CONTENT
893 cert.get(), self.certGroupID); 930 : web::SSLStatus::DISPLAYED_INSECURE_CONTENT;
894 } else { 931
895 SSLStatus.security_style = web::SECURITY_STYLE_UNAUTHENTICATED; 932 // Retrieve top level frame certificate.
896 SSLStatus.cert_id = 0; 933 scoped_refptr<net::X509Certificate> cert;
934 if (base::ios::IsRunningOnIOS9OrLater() &&
935 item->GetURL().SchemeIsCryptographic()) {
936 NSArray* chain = [_wkWebView performSelector:@selector(certificateChain)];
stuartmorgan 2015/09/22 20:30:28 Why is this performSelector? (If it's an SDK issue
Eugene But (OOO till 7-30) 2015/09/22 22:43:04 Instead of predeclaring I added ifdefs here, becau
stuartmorgan 2015/09/24 14:01:43 It may look cleaner, but it causes the code not to
Eugene But (OOO till 7-30) 2015/09/24 18:50:28 Done.
937 cert = web::CreateCertFromChain(chain);
938 if (cert) {
939 int oldCertID = SSLStatus.cert_id;
940 SSLStatus.cert_id = web::CertStore::GetInstance()->StoreCert(
941 cert.get(), self.certGroupID);
942 if (oldCertID != SSLStatus.cert_id) {
943 [self updateSSLStatusForNavigationItemsWithCertID:SSLStatus.cert_id
944 usingCertChain:chain];
897 } 945 }
898 } 946 }
899 } else { 947 }
900 SSLStatus.security_style = web::SECURITY_STYLE_UNAUTHENTICATED; 948
949 if (!cert) {
901 SSLStatus.cert_id = 0; 950 SSLStatus.cert_id = 0;
951 if (!item->GetURL().SchemeIsCryptographic()) {
952 // HTTP or other non-secure connection.
953 SSLStatus.security_style = web::SECURITY_STYLE_UNAUTHENTICATED;
954 } else if (base::ios::IsRunningOnIOS9OrLater()) {
955 // HTTPS, iOS9 and no certificate (this use-case has not been observed).
956 // TODO(eugenebut): Add UMA action for this anomaly (crbug.com/528668).
957 SSLStatus.security_style = web::SECURITY_STYLE_UNKNOWN;
958 } else {
959 // HTTPS, iOS8.
960 // iOS8 cannot load unauthenticated HTTPS content.
961 SSLStatus.security_style = web::SECURITY_STYLE_AUTHENTICATED;
962 }
902 } 963 }
903 964
904 if (!previousSSLStatus.Equals(SSLStatus)) { 965 if (!previousSSLStatus.Equals(SSLStatus)) {
905 [self didUpdateSSLStatusForCurrentNavigationItem]; 966 [self didUpdateSSLStatusForCurrentNavigationItem];
906 } 967 }
907 } 968 }
969
908 #endif // !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW) 970 #endif // !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW)
909 971
910 - (void)registerLoadRequest:(const GURL&)url { 972 - (void)registerLoadRequest:(const GURL&)url {
911 // If load request is registered via WKWebViewWebController, assume transition 973 // If load request is registered via WKWebViewWebController, assume transition
912 // is link or client redirect as other transitions will already be registered 974 // is link or client redirect as other transitions will already be registered
913 // by web controller or delegates. 975 // by web controller or delegates.
914 // TODO(stuartmorgan): Remove guesswork and replace with information from 976 // TODO(stuartmorgan): Remove guesswork and replace with information from
915 // decidePolicyForNavigationAction:. 977 // decidePolicyForNavigationAction:.
916 ui::PageTransition transition = self.userInteractionRegistered 978 ui::PageTransition transition = self.userInteractionRegistered
917 ? ui::PAGE_TRANSITION_LINK 979 ? ui::PAGE_TRANSITION_LINK
(...skipping 568 matching lines...) Expand 10 before | Expand all | Expand 10 after
1486 placeholderText:defaultText 1548 placeholderText:defaultText
1487 requestURL: 1549 requestURL:
1488 net::GURLWithNSURL(frame.request.URL) 1550 net::GURLWithNSURL(frame.request.URL)
1489 completionHandler:completionHandler]; 1551 completionHandler:completionHandler];
1490 } else if (completionHandler) { 1552 } else if (completionHandler) {
1491 completionHandler(nil); 1553 completionHandler(nil);
1492 } 1554 }
1493 } 1555 }
1494 1556
1495 @end 1557 @end
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698