WKWebView: Implemented recoverable SSL interstitials.

ios/web/net/crw_cert_verification_controller.h

Index: ios/web/net/crw_cert_verification_controller.h
diff --git a/ios/web/net/crw_cert_verification_controller.h b/ios/web/net/crw_cert_verification_controller.h
index 28a7a503d42557c8238e484efd8aaef8a7e925f3..812ad0130324b4d86afbad88beee8180926ec6a6 100644
--- a/ios/web/net/crw_cert_verification_controller.h
+++ b/ios/web/net/crw_cert_verification_controller.h
@@ -22,17 +22,20 @@ class BrowserState;
 
 // Accept policy for valid or invalid SSL cert.
 typedef NS_ENUM(NSInteger, CertAcceptPolicy) {
-  // Cert status can't be determined due to an error. Caller should not proceed
-  // with the load, but show net error page instead.
+  // Cert status can't be determined due to an error. Caller should reject the
+  // load and show net error page.

[Ryan Sleevi, 2015/10/28 21:28:51]

s/and show net/and show a net/

[Eugene But (OOO till 7-30), 2015/10/29 00:39:14]

Done.

   CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR = 0,
   // Cert is not valid. Caller may present SSL warning and ask user if they

[Ryan Sleevi, 2015/10/28 21:28:51]

s/present SSL/present a SSL/
s/ask user/ask the user/

[Eugene But (OOO till 7-30), 2015/10/29 00:39:14]

Done.

-  // want to proceed with the load.
-  CERT_ACCEPT_POLICY_RECOVERABLE_ERROR,
+  // want to proceed or reject the load.
+  CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_UNDECIDED_BY_USER,
+  // Cert is not valid. However caller should proceed with the load because

[Ryan Sleevi, 2015/10/28 21:28:51]

s/Cert is/The cert is/
s/However caller/However, the caller/

[Eugene But (OOO till 7-30), 2015/10/29 00:39:14]

Done.

+  // user has decided to proceed with this invalid cert.

[Ryan Sleevi, 2015/10/28 21:28:51]

s/user/the user/

[Eugene But (OOO till 7-30), 2015/10/29 00:39:14]

Done.

+  CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_ACCEPTED_BY_USER,
   // Cert is valid. Caller should proceed with the load.
   CERT_ACCEPT_POLICY_ALLOW,
 };
 
-// Completion handler called by decidePolicyForCert:host:completionHandler:.
+// Completion handler called by decideLoadPolicyForTrust:host:completionHandler.
 typedef void (^PolicyDecisionHandler)(web::CertAcceptPolicy, net::CertStatus);
 // Completion handler called by querySSLStatusForTrust:host:completionHandler:.
 typedef void (^StatusQueryHandler)(web::SecurityStyle, net::CertStatus);
@@ -51,28 +54,41 @@ typedef void (^StatusQueryHandler)(web::SecurityStyle, net::CertStatus);
 - (instancetype)initWithBrowserState:(web::BrowserState*)browserState
     NS_DESIGNATED_INITIALIZER;
 
-// TODO(eugenebut): add API for:
-// - accepting bad SSL cert using CertPolicyCache
-
-// Decides the policy for the given |cert| for the given |host| and calls
-// |completionHandler| on completion. |host| should be in ASCII compatible form
-// (e.g. for "http://名がドメイン.com", it should be "xn--v8jxj3d1dzdz08w.com").
-// |completionHandler| cannot be null and will be called asynchronously on the
-// UI thread.
-- (void)decidePolicyForCert:(const scoped_refptr<net::X509Certificate>&)cert
-                       host:(NSString*)host
-          completionHandler:(web::PolicyDecisionHandler)completionHandler;
+// Decides the policy for the given |trust| and for the given |host| and calls
+// |completionHandler| on completion. |completionHandler| is guaranteed to be
+// called even if this object is deallocated. |host| should be in ASCII
+// compatible form (e.g. for "http://名がドメイン.com", it should be
+// "xn--v8jxj3d1dzdz08w.com"). |completionHandler| cannot be null and will be
+// called asynchronously on the UI thread.
+// Note: Certificate errors may be bypassed by calling
+// |allowCert:forHost:status:| with the host, certificate, and certificate
+// error to ignore.
+- (void)decideLoadPolicyForTrust:(base::ScopedCFTypeRef<SecTrustRef>)trust
+                            host:(NSString*)host
+               completionHandler:(web::PolicyDecisionHandler)completionHandler;
 
 // Asynchronously provides web::SecurityStyle and net::CertStatus for the given
-// |serverTrust| and |host|. |host| should be in ASCII compatible form.
+// |trust| and |host|. |host| should be in ASCII compatible form.
+// |completionHandler| is guaranteed to be called even if this object is
+// deallocated.
 // Note: The web::SecurityStyle determines whether the certificate is trusted.
 // It is possible for an untrusted certificate to return a net::CertStatus with
 // no errors if the cause could not be determined. Callers must handle this case
 // gracefully.
-- (void)querySSLStatusForTrust:(base::ScopedCFTypeRef<SecTrustRef>)serverTrust
+- (void)querySSLStatusForTrust:(base::ScopedCFTypeRef<SecTrustRef>)trust
                           host:(NSString*)host
              completionHandler:(web::StatusQueryHandler)completionHandler;
 
+// Records that |cert| is permitted to be used for |host| in future calls to
+// |decideLoadPolicyForTrust:host:completionHandler:|. |host| should be in an
+// ASCII-compatible form. Subsequent calls to
+// |decideLoadPolicyForTrust:host:completionHandler:| for the same
+// |cert|/|host| tuple and same |status| (or a subset of the given |status|)
+// will return CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_ACCEPTED_BY_USER.
+- (void)allowCert:(scoped_refptr<net::X509Certificate>)cert
+          forHost:(NSString*)host
+           status:(net::CertStatus)status;
+
 // Cancels all pending verification requests. Completion handlers will not be
 // called after |shutDown| call. Must always be called before object's
 // deallocation.