WKWebView(iOS9): correctly update SSL status for current navigation item

ios/web/web_state/wk_web_view_security_util.mm

Index: ios/web/web_state/wk_web_view_security_util.mm
diff --git a/ios/web/web_state/wk_web_view_security_util.mm b/ios/web/web_state/wk_web_view_security_util.mm
index 0cc3ba913b30403492a42e8b196d854bccb05cbb..dae0748235595999ed1f566cda3ee66ff32cc3db 100644
--- a/ios/web/web_state/wk_web_view_security_util.mm
+++ b/ios/web/web_state/wk_web_view_security_util.mm
@@ -94,6 +94,20 @@ scoped_refptr<net::X509Certificate> CreateCertFromTrust(SecTrustRef trust) {
       SecTrustGetCertificateAtIndex(trust, 0), intermediates);
 }
 
+base::ScopedCFTypeRef<SecTrustRef> CreateServerTrustFromChain(NSArray* certs,
+                                                              NSString* host) {
+  if (certs.count == 0)
+    return base::ScopedCFTypeRef<SecTrustRef>();
+
+  base::ScopedCFTypeRef<SecPolicyRef> policy(
+      SecPolicyCreateSSL(TRUE, static_cast<CFStringRef>(host)));
+  SecTrustRef result = nullptr;
+  if (SecTrustCreateWithCertificates(certs, policy, &result) == errSecSuccess) {
+    return base::ScopedCFTypeRef<SecTrustRef>(result);
+  }
+  return base::ScopedCFTypeRef<SecTrustRef>();
+}
+
 void EnsureFutureTrustEvaluationSucceeds(SecTrustRef trust) {
   base::ScopedCFTypeRef<CFDataRef> exceptions(SecTrustCopyExceptions(trust));
   SecTrustSetExceptions(trust, exceptions);
@@ -116,4 +130,21 @@ void GetSSLInfoFromWKWebViewSSLError(NSError* error, net::SSLInfo* ssl_info) {
   ssl_info->cert = CreateCertFromSSLError(error);
 }
 
+SecurityStyle GetSecurityStyleFromTrustResult(SecTrustResultType result) {
+  switch (result) {
+    case kSecTrustResultInvalid:
+      return SECURITY_STYLE_UNKNOWN;
+    case kSecTrustResultProceed:
+    case kSecTrustResultUnspecified:

[felt, 2015/09/15 22:39:11]

^ I'm surprised that "unspecified" ends up being treated as valid

[Eugene But (OOO till 7-30), 2015/09/15 23:04:43]

Yeah, I understand confusion, but this is actual result of evaluating a valid
SSL cert. And this is from Apple documentation:

@constant kSecTrustResultUnspecified Indicates the evaluation succeeded
and the certificate is implicitly trusted, but user intent was not
explicitly specified.  This value may be returned by the SecTrustEvaluate
function or stored as part of the user trust settings.

+      return SECURITY_STYLE_AUTHENTICATED;
+    case kSecTrustResultDeny:
+    case kSecTrustResultRecoverableTrustFailure:
+    case kSecTrustResultFatalTrustFailure:
+    case kSecTrustResultOtherError:
+      return SECURITY_STYLE_AUTHENTICATION_BROKEN;
+  }
+  NOTREACHED();
+  return SECURITY_STYLE_UNKNOWN;
+}
+
 }  // namespace web