Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(167)

Side by Side Diff: ios/web/web_state/ui/crw_wk_web_view_web_controller.mm

Issue 1322193003: WKWebView(iOS9): correctly update SSL status for current navigation item (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@reland_cert_verification
Patch Set: Removed unnecessary change Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #import "ios/web/web_state/ui/crw_wk_web_view_web_controller.h" 5 #import "ios/web/web_state/ui/crw_wk_web_view_web_controller.h"
6 6
7 #import <WebKit/WebKit.h> 7 #import <WebKit/WebKit.h>
8 8
9 #include "base/ios/ios_util.h" 9 #include "base/ios/ios_util.h"
10 #include "base/ios/weak_nsobject.h" 10 #include "base/ios/weak_nsobject.h"
(...skipping 229 matching lines...) Expand 10 before | Expand all | Expand 10 after
240 // Called when a load ends in an SSL error. 240 // Called when a load ends in an SSL error.
241 - (void)handleSSLError:(NSError*)error; 241 - (void)handleSSLError:(NSError*)error;
242 #endif 242 #endif
243 243
244 // Adds an activity indicator tasks for this web controller. 244 // Adds an activity indicator tasks for this web controller.
245 - (void)addActivityIndicatorTask; 245 - (void)addActivityIndicatorTask;
246 246
247 // Clears all activity indicator tasks for this web controller. 247 // Clears all activity indicator tasks for this web controller.
248 - (void)clearActivityIndicatorTasks; 248 - (void)clearActivityIndicatorTasks;
249 249
250 // Obtains SSL status from given |certChain| and updates it for navigation items
251 // with given |certID|.
252 - (void)updateSSLStatusForNavigationItemsWithCertID:(int)certID
253 usingCertChain:(NSArray*)certChain;
254
250 #if !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW) 255 #if !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW)
251 // Updates SSL status for the current navigation item based on the information 256 // Updates SSL status for the current navigation item based on the information
252 // provided by web view. 257 // provided by web view.
253 - (void)updateSSLStatusForCurrentNavigationItem; 258 - (void)updateSSLStatusForCurrentNavigationItem;
254 #endif 259 #endif
255 260
256 // Registers load request with empty referrer and link or client redirect 261 // Registers load request with empty referrer and link or client redirect
257 // transition based on user interaction state. 262 // transition based on user interaction state.
258 - (void)registerLoadRequest:(const GURL&)url; 263 - (void)registerLoadRequest:(const GURL&)url;
259 264
(...skipping 580 matching lines...) Expand 10 before | Expand all | Expand 10 after
840 - (void)addActivityIndicatorTask { 845 - (void)addActivityIndicatorTask {
841 [[CRWNetworkActivityIndicatorManager sharedInstance] 846 [[CRWNetworkActivityIndicatorManager sharedInstance]
842 startNetworkTaskForGroup:[self activityIndicatorGroupID]]; 847 startNetworkTaskForGroup:[self activityIndicatorGroupID]];
843 } 848 }
844 849
845 - (void)clearActivityIndicatorTasks { 850 - (void)clearActivityIndicatorTasks {
846 [[CRWNetworkActivityIndicatorManager sharedInstance] 851 [[CRWNetworkActivityIndicatorManager sharedInstance]
847 clearNetworkTasksForGroup:[self activityIndicatorGroupID]]; 852 clearNetworkTasksForGroup:[self activityIndicatorGroupID]];
848 } 853 }
849 854
855 - (void)updateSSLStatusForNavigationItemsWithCertID:(int)certID
856 usingCertChain:(NSArray*)certChain {
857 base::WeakNSObject<CRWWKWebViewWebController> weakSelf(self);
858 void (^SSLStatusResponse)(web::SecurityStyle, net::CertStatus) =
859 ^(web::SecurityStyle style, net::CertStatus certStatus) {
860 base::scoped_nsobject<CRWWKWebViewWebController> strongSelf(
861 [weakSelf retain]);
862 if (!strongSelf || [strongSelf isBeingDestroyed]) {
863 return;
864 }
865
866 web::NavigationManager* navigationManager =
867 [strongSelf webStateImpl]->GetNavigationManager();
868 int currentItemIndex = navigationManager->GetCurrentEntryIndex();
869
870 bool updatedCurrentItem = false;
871 for (int i = 0; i < navigationManager->GetEntryCount(); i++) {
872 web::NavigationItem* item = navigationManager->GetItemAtIndex(i);
873 web::SSLStatus& SSLStatus = item->GetSSL();
874 if (SSLStatus.cert_id == certID) {
875 web::SSLStatus previousSSLStatus = item->GetSSL();
876 SSLStatus.cert_status = certStatus;
877 SSLStatus.security_style = style;
878 if (currentItemIndex == i && !previousSSLStatus.Equals(SSLStatus)) {
879 updatedCurrentItem = true;
880 }
881 }
882 }
883
884 if (updatedCurrentItem) {
885 [strongSelf didUpdateSSLStatusForCurrentNavigationItem];
886 }
887 };
888
889 [_certVerificationController querySSLStatusForCertChain:certChain
890 host:[_wkWebView URL].host
891 completionHandler:SSLStatusResponse];
892 }
893
850 #if !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW) 894 #if !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW)
895
851 - (void)updateSSLStatusForCurrentNavigationItem { 896 - (void)updateSSLStatusForCurrentNavigationItem {
852 if ([self isBeingDestroyed]) 897 if ([self isBeingDestroyed])
853 return; 898 return;
854 899
855 DCHECK(self.webStateImpl);
856 web::NavigationItem* item = 900 web::NavigationItem* item =
857 self.webStateImpl->GetNavigationManagerImpl().GetLastCommittedItem(); 901 self.webStateImpl->GetNavigationManagerImpl().GetLastCommittedItem();
858 if (!item) 902 if (!item)
859 return; 903 return;
860 904
861 web::SSLStatus previousSSLStatus = item->GetSSL(); 905 web::SSLStatus previousSSLStatus = item->GetSSL();
862 web::SSLStatus& SSLStatus = item->GetSSL(); 906 web::SSLStatus& SSLStatus = item->GetSSL();
863 if (item->GetURL().SchemeIsCryptographic()) {
864 // TODO(eugenebut): Do not set security style to authenticated once
865 // proceeding with bad ssl cert is implemented.
866 SSLStatus.security_style = web::SECURITY_STYLE_AUTHENTICATED;
867 SSLStatus.content_status = [_wkWebView hasOnlySecureContent]
868 ? web::SSLStatus::NORMAL_CONTENT
869 : web::SSLStatus::DISPLAYED_INSECURE_CONTENT;
870 907
871 if (base::ios::IsRunningOnIOS9OrLater()) { 908 // Starting from iOS9 WKWebView blocks active mixed content, so if
872 scoped_refptr<net::X509Certificate> cert(web::CreateCertFromChain( 909 // |hasOnlySecureContent| returns NO it means passive content.
873 [_wkWebView performSelector:@selector(certificateChain)])); 910 // On iOS8 there is no way to determine if web view has active mixed content.
874 if (cert) { 911 SSLStatus.content_status = [_wkWebView hasOnlySecureContent]
875 SSLStatus.cert_id = web::CertStore::GetInstance()->StoreCert( 912 ? web::SSLStatus::NORMAL_CONTENT
876 cert.get(), self.certGroupID); 913 : web::SSLStatus::DISPLAYED_INSECURE_CONTENT;
877 } else { 914
878 SSLStatus.security_style = web::SECURITY_STYLE_UNAUTHENTICATED; 915 // Retrieve top level frame certificate.
879 SSLStatus.cert_id = 0; 916 NSArray* chain = nil;
880 } 917 scoped_refptr<net::X509Certificate> cert;
918 if (base::ios::IsRunningOnIOS9OrLater() &&
919 item->GetURL().SchemeIsCryptographic()) {
920 chain = [_wkWebView performSelector:@selector(certificateChain)];
921 cert = web::CreateCertFromChain(chain);
922 }
923
924 if (cert) {
925 int oldCertID = SSLStatus.cert_id;
926 SSLStatus.cert_id =
927 web::CertStore::GetInstance()->StoreCert(cert.get(), self.certGroupID);
928 if (oldCertID != SSLStatus.cert_id) {
929 [self updateSSLStatusForNavigationItemsWithCertID:SSLStatus.cert_id
930 usingCertChain:chain];
881 } 931 }
882 } else { 932 } else {
883 SSLStatus.security_style = web::SECURITY_STYLE_UNAUTHENTICATED;
884 SSLStatus.cert_id = 0; 933 SSLStatus.cert_id = 0;
934 if (!item->GetURL().SchemeIsCryptographic()) {
935 // HTTP or other non-secure connection.
936 SSLStatus.security_style = web::SECURITY_STYLE_UNAUTHENTICATED;
937 } else if (base::ios::IsRunningOnIOS9OrLater()) {
938 // HTTPS, iOS9 and no certificate (this use-case has not been observed).
939 // TODO(eugenebut): Add UMA action for this anomaly (crbug.com/528668).
Eugene But (OOO till 7-30) 2015/09/14 23:22:44 Question to networking folks: do you think this ca
940 SSLStatus.security_style = web::SECURITY_STYLE_UNKNOWN;
941 } else {
942 // HTTPS, iOS8.
943 // iOS8 cannot load unauthenticated HTTPS content.
944 SSLStatus.security_style = web::SECURITY_STYLE_AUTHENTICATED;
945 }
885 } 946 }
886 947
887 if (!previousSSLStatus.Equals(SSLStatus)) { 948 if (!previousSSLStatus.Equals(SSLStatus)) {
888 [self didUpdateSSLStatusForCurrentNavigationItem]; 949 [self didUpdateSSLStatusForCurrentNavigationItem];
889 } 950 }
890 } 951 }
952
891 #endif // !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW) 953 #endif // !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW)
892 954
893 - (void)registerLoadRequest:(const GURL&)url { 955 - (void)registerLoadRequest:(const GURL&)url {
894 // If load request is registered via WKWebViewWebController, assume transition 956 // If load request is registered via WKWebViewWebController, assume transition
895 // is link or client redirect as other transitions will already be registered 957 // is link or client redirect as other transitions will already be registered
896 // by web controller or delegates. 958 // by web controller or delegates.
897 // TODO(stuartmorgan): Remove guesswork and replace with information from 959 // TODO(stuartmorgan): Remove guesswork and replace with information from
898 // decidePolicyForNavigationAction:. 960 // decidePolicyForNavigationAction:.
899 ui::PageTransition transition = self.userInteractionRegistered 961 ui::PageTransition transition = self.userInteractionRegistered
900 ? ui::PAGE_TRANSITION_LINK 962 ? ui::PAGE_TRANSITION_LINK
(...skipping 566 matching lines...) Expand 10 before | Expand all | Expand 10 after
1467 placeholderText:defaultText 1529 placeholderText:defaultText
1468 requestURL: 1530 requestURL:
1469 net::GURLWithNSURL(frame.request.URL) 1531 net::GURLWithNSURL(frame.request.URL)
1470 completionHandler:completionHandler]; 1532 completionHandler:completionHandler];
1471 } else if (completionHandler) { 1533 } else if (completionHandler) {
1472 completionHandler(nil); 1534 completionHandler(nil);
1473 } 1535 }
1474 } 1536 }
1475 1537
1476 @end 1538 @end
OLDNEW
« no previous file with comments | « ios/web/net/crw_cert_verification_controller_unittest.mm ('k') | ios/web/web_state/wk_web_view_security_util.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698