Downgrade lock icon for broken-HTTPS subresources

content/browser/web_contents/web_contents_impl.cc

Index: content/browser/web_contents/web_contents_impl.cc
diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
index 878fdb7be889bc4a7f3dfcf32129d4eadbe1b142..4b1f98fe36842b9e0ce5502891e4a1f862665033 100644
--- a/content/browser/web_contents/web_contents_impl.cc
+++ b/content/browser/web_contents/web_contents_impl.cc
@@ -624,6 +624,10 @@ bool WebContentsImpl::OnMessageReceived(RenderViewHost* render_view_host,
                         OnDidDisplayInsecureContent)
     IPC_MESSAGE_HANDLER(FrameHostMsg_DidRunInsecureContent,
                         OnDidRunInsecureContent)
+    IPC_MESSAGE_HANDLER(FrameHostMsg_DidDisplayContentWithCertificateErrors,
+                        OnDidDisplayContentWithCertificateErrors)
+    IPC_MESSAGE_HANDLER(FrameHostMsg_DidRunContentWithCertificateErrors,
+                        OnDidRunContentWithCertificateErrors)
     IPC_MESSAGE_HANDLER(ViewHostMsg_GoToEntryAtOffset, OnGoToEntryAtOffset)
     IPC_MESSAGE_HANDLER(ViewHostMsg_UpdateZoomLimits, OnUpdateZoomLimits)
     IPC_MESSAGE_HANDLER(ViewHostMsg_PageScaleFactorChanged,
@@ -3153,6 +3157,49 @@ void WebContentsImpl::OnDidRunInsecureContent(
       GetController().GetBrowserContext());
 }
 
+void WebContentsImpl::OnDidDisplayContentWithCertificateErrors(

[jww, 2015/11/20 01:25:08]

Ignorant question: It seems really heavy weight to have an IPC to query on every
resource load with cert errors (esp. since it generally will do nothing and
return). Is there no way we can cache stuff in the renderer so that it can
answer its own question? I assume that's the case, but I just want to make sure
it has been considered :-)

[estark, 2015/11/23 23:40:24]

Ah, when I was first working on this, I couldn't figure out how to do this in
the renderer, but I think I was just being slow. Done.

+    const GURL& url,
+    const std::string& security_info) {
+  SSLStatus ssl;
+  if (!DeserializeSecurityInfo(security_info, &ssl)) {
+    bad_message::ReceivedBadMessage(
+        GetRenderProcessHost(),
+        bad_message::WC_CONTENT_WITH_CERT_ERRORS_BAD_SECURITY_INFO);
+    return;
+  }
+
+  if (!controller_.ssl_manager()->IsContentWithCertificateErrorsRelevant(url,
+                                                                         ssl)) {

[jww, 2015/11/20 01:25:08]

nit: Was this a git cl format decision? If so, fine, but looks weird.

[estark, 2015/11/23 23:40:24]

yep :(

+    return;
+  }
+
+  displayed_insecure_content_ = true;
+  SSLManager::NotifySSLInternalStateChanged(
+      GetController().GetBrowserContext());
+}
+
+void WebContentsImpl::OnDidRunContentWithCertificateErrors(
+    const std::string& security_origin,
+    const GURL& url,
+    const std::string& security_info) {
+  SSLStatus ssl;
+  if (!DeserializeSecurityInfo(security_info, &ssl)) {
+    bad_message::ReceivedBadMessage(
+        GetRenderProcessHost(),
+        bad_message::WC_CONTENT_WITH_CERT_ERRORS_BAD_SECURITY_INFO);
+    return;
+  }
+
+  if (!controller_.ssl_manager()->IsContentWithCertificateErrorsRelevant(url,
+                                                                         ssl)) {
+    return;
+  }
+
+  controller_.ssl_manager()->DidRunInsecureContent(security_origin);
+  SSLManager::NotifySSLInternalStateChanged(
+      GetController().GetBrowserContext());
+}
+
 void WebContentsImpl::OnDocumentLoadedInFrame() {
   if (!HasValidFrameSource())
     return;