Chromium Code Reviews Chromium Code Reviews
Issue 1322193003:
WKWebView(iOS9): correctly update SSL status for current navigation item (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@reland_cert_verification| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #import "ios/web/web_state/ui/crw_wk_web_view_web_controller.h" | 5 #import "ios/web/web_state/ui/crw_wk_web_view_web_controller.h" |
| 6 | 6 |
| 7 #import <WebKit/WebKit.h> | 7 #import <WebKit/WebKit.h> |
| 8 | 8 |
| 9 #include "base/ios/ios_util.h" | 9 #include "base/ios/ios_util.h" |
| 10 #include "base/ios/weak_nsobject.h" | 10 #include "base/ios/weak_nsobject.h" |
| (...skipping 223 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 234 // Called when a load ends in an SSL error. | 234 // Called when a load ends in an SSL error. |
| 235 - (void)handleSSLError:(NSError*)error; | 235 - (void)handleSSLError:(NSError*)error; |
| 236 #endif | 236 #endif |
| 237 | 237 |
| 238 // Adds an activity indicator tasks for this web controller. | 238 // Adds an activity indicator tasks for this web controller. |
| 239 - (void)addActivityIndicatorTask; | 239 - (void)addActivityIndicatorTask; |
| 240 | 240 |
| 241 // Clears all activity indicator tasks for this web controller. | 241 // Clears all activity indicator tasks for this web controller. |
| 242 - (void)clearActivityIndicatorTasks; | 242 - (void)clearActivityIndicatorTasks; |
| 243 | 243 |
| 244 // Obtains SSL status from given |certChain| and updates it for navigation items | |
| 245 // with given |certID|. | |
| 246 - (void)updateSSLStatusForNavigationItemsWithCertID:(int)certID | |
| 247 usingCertChain:(NSArray*)certChain; | |
| 248 | |
| 244 #if !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW) | 249 #if !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW) |
| 245 // Updates SSL status for the current navigation item based on the information | 250 // Updates SSL status for the current navigation item based on the information |
| 246 // provided by web view. | 251 // provided by web view. |
| 247 - (void)updateSSLStatusForCurrentNavigationItem; | 252 - (void)updateSSLStatusForCurrentNavigationItem; |
| 248 #endif | 253 #endif |
| 249 | 254 |
| 250 // Registers load request with empty referrer and link or client redirect | 255 // Registers load request with empty referrer and link or client redirect |
| 251 // transition based on user interaction state. | 256 // transition based on user interaction state. |
| 252 - (void)registerLoadRequest:(const GURL&)url; | 257 - (void)registerLoadRequest:(const GURL&)url; |
| 253 | 258 |
| (...skipping 580 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 834 - (void)addActivityIndicatorTask { | 839 - (void)addActivityIndicatorTask { |
| 835 [[CRWNetworkActivityIndicatorManager sharedInstance] | 840 [[CRWNetworkActivityIndicatorManager sharedInstance] |
| 836 startNetworkTaskForGroup:[self activityIndicatorGroupID]]; | 841 startNetworkTaskForGroup:[self activityIndicatorGroupID]]; |
| 837 } | 842 } |
| 838 | 843 |
| 839 - (void)clearActivityIndicatorTasks { | 844 - (void)clearActivityIndicatorTasks { |
| 840 [[CRWNetworkActivityIndicatorManager sharedInstance] | 845 [[CRWNetworkActivityIndicatorManager sharedInstance] |
| 841 clearNetworkTasksForGroup:[self activityIndicatorGroupID]]; | 846 clearNetworkTasksForGroup:[self activityIndicatorGroupID]]; |
| 842 } | 847 } |
| 843 | 848 |
| 849 - (void)updateSSLStatusForNavigationItemsWithCertID:(int)certID | |
| 850 usingCertChain:(NSArray*)certChain { | |
| 851 base::WeakNSObject<CRWWKWebViewWebController> weakSelf(self); | |
| 852 void (^SSLStatusResponse)(web::SecurityStyle, net::CertStatus) = | |
| 853 ^(web::SecurityStyle style, net::CertStatus certStatus) { | |
| 854 base::scoped_nsobject<CRWWKWebViewWebController> strongSelf( | |
| 855 [weakSelf retain]); | |
| 856 if (!strongSelf || [strongSelf isBeingDestroyed]) { | |
| 857 return; | |
| 858 } | |
| 859 | |
| 860 web::NavigationManagerImpl& navigationManager = | |
| 861 [strongSelf webStateImpl]->GetNavigationManagerImpl(); | |
| 862 | |
| 863 bool updated = false; | |
|
stuartmorgan
2015/09/10 22:26:18
updatedCurrentItem?
Eugene But (OOO till 7-30)
2015/09/14 23:20:30
Done.
| |
| 864 for (int i = 0; i < navigationManager.GetEntryCount(); i++) { | |
| 865 web::NavigationItem* item = navigationManager.GetItemAtIndex(i); | |
| 866 DCHECK(item); | |
| 867 web::SSLStatus previousSSLStatus = item->GetSSL(); | |
|
stuartmorgan
2015/09/10 22:26:18
This should be inside the if; currently you're cop
Eugene But (OOO till 7-30)
2015/09/14 23:20:30
Done.
| |
| 868 web::SSLStatus& SSLStatus = item->GetSSL(); | |
| 869 if (SSLStatus.cert_id == certID) { | |
| 870 SSLStatus.cert_status = certStatus; | |
| 871 SSLStatus.security_style = style; | |
| 872 if (navigationManager.GetCurrentEntryIndex() == i && | |
|
stuartmorgan
2015/09/10 22:26:18
The current index could be called outside the loop
Eugene But (OOO till 7-30)
2015/09/14 23:20:30
Done.
| |
| 873 !previousSSLStatus.Equals(SSLStatus)) { | |
| 874 updated = true; | |
| 875 } | |
| 876 } | |
| 877 } | |
| 878 | |
| 879 if (updated) { | |
| 880 [strongSelf didUpdateSSLStatusForCurrentNavigationItem]; | |
| 881 } | |
| 882 }; | |
| 883 | |
| 884 [_certVerificationController querySSLStatusForCertChain:certChain | |
| 885 host:[_wkWebView URL].host | |
| 886 completionHandler:SSLStatusResponse]; | |
| 887 } | |
| 888 | |
| 844 #if !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW) | 889 #if !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW) |
| 890 | |
| 845 - (void)updateSSLStatusForCurrentNavigationItem { | 891 - (void)updateSSLStatusForCurrentNavigationItem { |
| 846 if ([self isBeingDestroyed]) | 892 if ([self isBeingDestroyed]) |
| 847 return; | 893 return; |
| 848 | 894 |
| 849 DCHECK(self.webStateImpl); | |
| 850 web::NavigationItem* item = | 895 web::NavigationItem* item = |
| 851 self.webStateImpl->GetNavigationManagerImpl().GetLastCommittedItem(); | 896 self.webStateImpl->GetNavigationManagerImpl().GetLastCommittedItem(); |
| 852 if (!item) | 897 if (!item) |
| 853 return; | 898 return; |
| 854 | 899 |
| 855 web::SSLStatus previousSSLStatus = item->GetSSL(); | 900 web::SSLStatus previousSSLStatus = item->GetSSL(); |
| 856 web::SSLStatus& SSLStatus = item->GetSSL(); | 901 web::SSLStatus& SSLStatus = item->GetSSL(); |
| 857 if (item->GetURL().SchemeIsCryptographic()) { | |
| 858 // TODO(eugenebut): Do not set security style to authenticated once | |
| 859 // proceeding with bad ssl cert is implemented. | |
| 860 SSLStatus.security_style = web::SECURITY_STYLE_AUTHENTICATED; | |
| 861 SSLStatus.content_status = [_wkWebView hasOnlySecureContent] | |
| 862 ? web::SSLStatus::NORMAL_CONTENT | |
| 863 : web::SSLStatus::DISPLAYED_INSECURE_CONTENT; | |
| 864 | 902 |
| 865 if (base::ios::IsRunningOnIOS9OrLater()) { | 903 // Starting from iOS9 WKWebView blocks active mixed content, so if |
| 866 scoped_refptr<net::X509Certificate> cert(web::CreateCertFromChain( | 904 // |hasOnlySecureContent| returns NO it means passive content. |
| 867 [_wkWebView performSelector:@selector(certificateChain)])); | 905 // On iOS8 there is no way to determine if web view has active mixed content. |
| 868 if (cert) { | 906 SSLStatus.content_status = [_wkWebView hasOnlySecureContent] |
| 869 SSLStatus.cert_id = web::CertStore::GetInstance()->StoreCert( | 907 ? web::SSLStatus::NORMAL_CONTENT |
| 870 cert.get(), self.certGroupID); | 908 : web::SSLStatus::DISPLAYED_INSECURE_CONTENT; |
| 871 } else { | 909 |
| 872 SSLStatus.security_style = web::SECURITY_STYLE_UNAUTHENTICATED; | 910 // Retrieve top level frame certificate. |
| 873 SSLStatus.cert_id = 0; | 911 NSArray* chain = nil; |
| 874 } | 912 scoped_refptr<net::X509Certificate> cert; |
| 913 if (base::ios::IsRunningOnIOS9OrLater() && | |
| 914 item->GetURL().SchemeIsCryptographic()) { | |
| 915 chain = [_wkWebView performSelector:@selector(certificateChain)]; | |
| 916 cert = web::CreateCertFromChain(chain); | |
| 917 } | |
| 918 | |
| 919 if (cert) { | |
| 920 SSLStatus.cert_id = | |
| 921 web::CertStore::GetInstance()->StoreCert(cert.get(), self.certGroupID); | |
| 922 [self updateSSLStatusForNavigationItemsWithCertID:SSLStatus.cert_id | |
| 923 usingCertChain:chain]; | |
| 924 } else { | |
| 925 SSLStatus.cert_id = 0; | |
| 926 if (!item->GetURL().SchemeIsCryptographic()) { | |
| 927 // HTTP or other non-secure connection. | |
| 928 SSLStatus.security_style = web::SECURITY_STYLE_UNAUTHENTICATED; | |
| 929 } else if (base::ios::IsRunningOnIOS9OrLater()) { | |
| 930 // HTTPS, iOS9 and no certificate (this use-case has not been observed). | |
| 931 // TODO(eugenebut): Add UMA action for this anomaly (crbug.com/528668). | |
| 932 SSLStatus.security_style = web::SECURITY_STYLE_UNKNOWN; | |
| 933 } else { | |
| 934 // HTTPS, iOS8. | |
| 935 // iOS8 cannot load unauthentificated HTTPS content. | |
|
stuartmorgan
2015/09/10 22:26:18
s/ificated/icated/
Eugene But (OOO till 7-30)
2015/09/14 23:20:30
Done.
| |
| 936 SSLStatus.security_style = web::SECURITY_STYLE_AUTHENTICATED; | |
| 875 } | 937 } |
| 876 } else { | |
| 877 SSLStatus.security_style = web::SECURITY_STYLE_UNAUTHENTICATED; | |
| 878 SSLStatus.cert_id = 0; | |
| 879 } | 938 } |
| 880 | 939 |
| 881 if (!previousSSLStatus.Equals(SSLStatus)) { | 940 if (!previousSSLStatus.Equals(SSLStatus)) { |
| 882 [self didUpdateSSLStatusForCurrentNavigationItem]; | 941 [self didUpdateSSLStatusForCurrentNavigationItem]; |
| 883 } | 942 } |
| 884 } | 943 } |
| 944 | |
| 885 #endif // !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW) | 945 #endif // !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW) |
| 886 | 946 |
| 887 - (void)registerLoadRequest:(const GURL&)url { | 947 - (void)registerLoadRequest:(const GURL&)url { |
| 888 // If load request is registered via WKWebViewWebController, assume transition | 948 // If load request is registered via WKWebViewWebController, assume transition |
| 889 // is link or client redirect as other transitions will already be registered | 949 // is link or client redirect as other transitions will already be registered |
| 890 // by web controller or delegates. | 950 // by web controller or delegates. |
| 891 // TODO(stuartmorgan): Remove guesswork and replace with information from | 951 // TODO(stuartmorgan): Remove guesswork and replace with information from |
| 892 // decidePolicyForNavigationAction:. | 952 // decidePolicyForNavigationAction:. |
| 893 ui::PageTransition transition = self.userInteractionRegistered | 953 ui::PageTransition transition = self.userInteractionRegistered |
| 894 ? ui::PAGE_TRANSITION_LINK | 954 ? ui::PAGE_TRANSITION_LINK |
| (...skipping 553 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1448 placeholderText:defaultText | 1508 placeholderText:defaultText |
| 1449 requestURL: | 1509 requestURL: |
| 1450 net::GURLWithNSURL(frame.request.URL) | 1510 net::GURLWithNSURL(frame.request.URL) |
| 1451 completionHandler:completionHandler]; | 1511 completionHandler:completionHandler]; |
| 1452 } else if (completionHandler) { | 1512 } else if (completionHandler) { |
| 1453 completionHandler(nil); | 1513 completionHandler(nil); |
| 1454 } | 1514 } |
| 1455 } | 1515 } |
| 1456 | 1516 |
| 1457 @end | 1517 @end |
| OLD | NEW |
