Don't use SSLStatus from FrameHostMsg_DidCommitProvisionalLoad and instead cache it on the browser …

content/browser/loader/resource_dispatcher_host_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // See http://dev.chromium.org/developers/design-documents/multi-process-resource-loading
 
 #include "content/browser/loader/resource_dispatcher_host_impl.h"
 
 #include <stddef.h>
 
@@ skipping 24 matching lines @@
 #include "base/time/time.h"
 #include "content/browser/appcache/appcache_interceptor.h"
 #include "content/browser/appcache/chrome_appcache_service.h"
 #include "content/browser/bad_message.h"
 #include "content/browser/blob_storage/chrome_blob_storage_context.h"
 #include "content/browser/cert_store_impl.h"
 #include "content/browser/child_process_security_policy_impl.h"
 #include "content/browser/download/download_resource_handler.h"
 #include "content/browser/download/save_file_resource_handler.h"
 #include "content/browser/frame_host/frame_tree.h"
+#include "content/browser/frame_host/navigation_handle_impl.h"
 #include "content/browser/frame_host/navigation_request_info.h"
 #include "content/browser/frame_host/navigator.h"
 #include "content/browser/loader/async_resource_handler.h"
 #include "content/browser/loader/async_revalidation_manager.h"
 #include "content/browser/loader/cross_site_resource_handler.h"
 #include "content/browser/loader/detachable_resource_handler.h"
 #include "content/browser/loader/loader_delegate.h"
 #include "content/browser/loader/mime_type_resource_handler.h"
 #include "content/browser/loader/mojo_async_resource_handler.h"
 #include "content/browser/loader/navigation_resource_handler.h"
@@ skipping 359 matching lines @@
     if (frame_host)
       routing_ids->insert(frame_host->GetGlobalFrameRoutingId());
     if (pending_frame_host)
       routing_ids->insert(pending_frame_host->GetGlobalFrameRoutingId());
   }
   BrowserThread::PostTask(BrowserThread::IO, FROM_HERE,
                           base::Bind(&NotifyForRouteSetOnIO, frame_callback,
                                      base::Passed(std::move(routing_ids))));
 }
 
+void UpdateSSLStatus(int render_process_id,
+                     int render_frame_host_id,
+                     const GURL& url,
+                     int new_cert_id) {
+  RenderFrameHostImpl* render_frame_host =
+      RenderFrameHostImpl::FromID(render_process_id, render_frame_host_id);
+  if (!render_frame_host)
+    return;
+
+  NavigationHandleImpl* navigation_handle =
+      render_frame_host->navigation_handle();
+  if (navigation_handle && navigation_handle->GetURL() == url)
+    navigation_handle->UpdateSSLCertId(new_cert_id);
+}
+
 }  // namespace
 
 ResourceDispatcherHostImpl::HeaderInterceptorInfo::HeaderInterceptorInfo() {}
 
 ResourceDispatcherHostImpl::HeaderInterceptorInfo::~HeaderInterceptorInfo() {}
 
 ResourceDispatcherHostImpl::HeaderInterceptorInfo::HeaderInterceptorInfo(
     const HeaderInterceptorInfo& other) {}
 
 // static
@@ skipping 765 matching lines @@
   // ResourceRequestInfo rather than caching it locally.  This lets us update
   // the info object when a transfer occurs.
   info->UpdateForTransfer(child_id, route_id, request_data.render_frame_id,
                           request_data.origin_pid, request_id,
                           filter_->GetWeakPtr());
 
   // If a certificate is stored with the ResourceResponse, it has to be
   // updated to be associated with the new process.
   if (loader->transferring_response()) {
     UpdateResponseCertificateForTransfer(loader->transferring_response(),
-                                         loader->request()->ssl_info(),
-                                         child_id);
+                                         loader->request(),
+                                         info);
   }
 
   // Update maps that used the old IDs, if necessary.  Some transfers in tests
   // do not actually use a different ID, so not all maps need to be updated.
   pending_loaders_[new_request_id] = std::move(loader);
   IncrementOutstandingRequestsMemory(1, *info);
   if (should_update_count)
     IncrementOutstandingRequestsCount(1, info);
   if (old_routing_id != new_routing_id) {
     if (blocked_loaders_map_.find(old_routing_id) !=
@@ skipping 480 matching lines @@
   handler.reset(new MimeTypeResourceHandler(std::move(handler), this,
                                             plugin_service, request));
 
   ScopedVector<ResourceThrottle> throttles;
 
   // Add a NavigationResourceThrottle for navigations.
   // PlzNavigate: the throttle is unnecessary as communication with the UI
   // thread is handled by the NavigationURLloader.
   if (!IsBrowserSideNavigationEnabled() && IsResourceTypeFrame(resource_type)) {
     throttles.push_back(new NavigationResourceThrottle(
-        request, delegate(), fetch_request_context_type));
+        request, delegate_, GetCertStore(), fetch_request_context_type));
   }
 
   if (delegate_) {
     delegate_->RequestBeginning(request,
                                 resource_context,
                                 appcache_service,
                                 resource_type,
                                 &throttles);
   }
 
@@ skipping 568 matching lines @@
     // Hang on to a reference to ensure the blob is not released prior
     // to the job being started.
     storage::BlobProtocolHandler::SetRequestedBlobDataHandle(
         new_request.get(),
         blob_context->GetBlobDataFromPublicURL(new_request->url()));
   }
 
   // TODO(davidben): Attach AppCacheInterceptor.
 
   std::unique_ptr<ResourceHandler> handler(
-      new NavigationResourceHandler(new_request.get(), loader, delegate()));
+      new NavigationResourceHandler(new_request.get(), loader, delegate(),
+                                    GetCertStore()));
 
   // TODO(davidben): Pass in the appropriate appcache_service. Also fix the
   // dependency on child_id/route_id. Those are used by the ResourceScheduler;
   // currently it's a no-op.
   handler =
       AddStandardHandlers(new_request.get(), resource_type, resource_context,
                           info.begin_params.request_context_type,
                           nullptr,  // appcache_service
                           -1,       // child_id
                           -1,       // route_id
@@ skipping 327 matching lines @@
   }
 
   if (is_sync_load)
     load_flags |= net::LOAD_IGNORE_LIMITS;
 
   return load_flags;
 }
 
 void ResourceDispatcherHostImpl::UpdateResponseCertificateForTransfer(
     ResourceResponse* response,
-    const net::SSLInfo& ssl_info,
-    int child_id) {
+    net::URLRequest* request,
+    ResourceRequestInfoImpl* info) {
+  const net::SSLInfo& ssl_info = request->ssl_info();
   if (!ssl_info.cert)
     return;
   SSLStatus ssl;
   // DeserializeSecurityInfo() often takes security info sent by a
   // renderer as input, in which case it's important to check that the
   // security info deserializes properly and kill the renderer if
   // not. In this case, however, the security info has been provided by
   // the ResourceLoader, so it does not need to be treated as untrusted
   // data.
   bool deserialized =
       DeserializeSecurityInfo(response->head.security_info, &ssl);
   DCHECK(deserialized);
-  ssl.cert_id = GetCertStore()->StoreCert(ssl_info.cert.get(), child_id);
+  ssl.cert_id = GetCertStore()->StoreCert(ssl_info.cert.get(),
+                                          info->GetChildID());
   response->head.security_info = SerializeSecurityInfo(ssl);
+
+  if (info->GetResourceType() == RESOURCE_TYPE_MAIN_FRAME) {
+    int render_process_id, render_frame_id;

[clamy, 2016/08/26 18:14:30]

nit: Maybe we should mention somewhere that the process & route id are those
corresponding to the RFH the navigation was transferred to, which now holds the
NavigationHandle corresponding to this navgation. I was wondering about it
myself, but went to check that we do update the ResourceRequestInfoImpl with the
right values before calling this function.

+    if (info->GetAssociatedRenderFrame(&render_process_id, &render_frame_id)) {
+      BrowserThread::PostTask(BrowserThread::UI,
+                              FROM_HERE,
+                              base::Bind(UpdateSSLStatus,
+                                         render_process_id,
+                                         render_frame_id,
+                                         request->url(),
+                                         ssl.cert_id));
+    }
+  }
 }
 
 CertStore* ResourceDispatcherHostImpl::GetCertStore() {
   return cert_store_for_testing_ ? cert_store_for_testing_
                                  : CertStore::GetInstance();
 }
 
 bool ResourceDispatcherHostImpl::ShouldServiceRequest(
     int process_type,
     int child_id,
@@ skipping 45 matching lines @@
                        << iter->filesystem_url().spec();
           return false;
         }
       }
     }
   }
   return true;
 }
 
 }  // namespace content