Stop using CertStore which is not compatible with PlzNavigate.

chrome/browser/ui/website_settings/website_settings.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/website_settings/website_settings.h"
 
 #include <stddef.h>
 #include <stdint.h>
 
 #include <string>
@@ skipping 38 matching lines @@
 #include "components/content_settings/core/browser/host_content_settings_map.h"
 #include "components/content_settings/core/browser/local_shared_objects_counter.h"
 #include "components/content_settings/core/common/content_settings.h"
 #include "components/content_settings/core/common/content_settings_pattern.h"
 #include "components/rappor/rappor_utils.h"
 #include "components/ssl_errors/error_info.h"
 #include "components/strings/grit/components_chromium_strings.h"
 #include "components/strings/grit/components_strings.h"
 #include "components/url_formatter/elide_url.h"
 #include "content/public/browser/browser_thread.h"
-#include "content/public/browser/cert_store.h"
 #include "content/public/browser/permission_type.h"
 #include "content/public/browser/user_metrics.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/url_constants.h"
 #include "net/cert/cert_status_flags.h"
 #include "net/cert/x509_certificate.h"
 #include "net/ssl/ssl_cipher_suite_names.h"
 #include "net/ssl/ssl_connection_status_flags.h"
 #include "ui/base/l10n/l10n_util.h"
 
@@ skipping 176 matching lines @@
 };
 
 }  // namespace
 
 WebsiteSettings::WebsiteSettings(
     WebsiteSettingsUI* ui,
     Profile* profile,
     TabSpecificContentSettings* tab_specific_content_settings,
     content::WebContents* web_contents,
     const GURL& url,
-    const SecurityStateModel::SecurityInfo& security_info,
-    content::CertStore* cert_store)
+    const SecurityStateModel::SecurityInfo& security_info)
     : TabSpecificContentSettings::SiteDataObserver(
           tab_specific_content_settings),
       ui_(ui),
 #if !defined(OS_ANDROID)
       web_contents_(web_contents),
 #endif
       show_info_bar_(false),
       site_url_(url),
       site_identity_status_(SITE_IDENTITY_STATUS_UNKNOWN),
-      cert_id_(0),
       site_connection_status_(SITE_CONNECTION_STATUS_UNKNOWN),
-      cert_store_(cert_store),
       content_settings_(HostContentSettingsMapFactory::GetForProfile(profile)),
       chrome_ssl_host_state_delegate_(
           ChromeSSLHostStateDelegateFactory::GetForProfile(profile)),
       did_revoke_user_ssl_decisions_(false),
       profile_(profile) {
   Init(url, security_info);
 
   PresentSitePermissions();
   PresentSiteData();
   PresentSiteIdentity();
@@ skipping 135 matching lines @@
 
   if (url.SchemeIs(content::kChromeUIScheme) || isChromeUINativeScheme) {
     site_identity_status_ = SITE_IDENTITY_STATUS_INTERNAL_PAGE;
     site_identity_details_ =
         l10n_util::GetStringUTF16(IDS_PAGE_INFO_INTERNAL_PAGE);
     site_connection_status_ = SITE_CONNECTION_STATUS_INTERNAL_PAGE;
     return;
   }
 
   // Identity section.
-  scoped_refptr<net::X509Certificate> cert;
-  cert_id_ = security_info.cert_id;
+  certificate_ = security_info.certificate;
 
   // HTTPS with no or minor errors.
-  if (security_info.cert_id &&
-      cert_store_->RetrieveCert(security_info.cert_id, &cert) &&
+  if (certificate_.get() &&
       (!net::IsCertStatusError(security_info.cert_status) ||
        net::IsCertStatusMinorError(security_info.cert_status))) {
     // There are no major errors. Check for minor errors.
     if (security_info.security_level ==
         SecurityStateModel::SECURITY_POLICY_WARNING) {
       site_identity_status_ = SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT;
       site_identity_details_ = l10n_util::GetStringFUTF16(
           IDS_CERT_POLICY_PROVIDED_CERT_MESSAGE, UTF8ToUTF16(url.host()));
     } else if (net::IsCertStatusMinorError(security_info.cert_status)) {
       site_identity_status_ = SITE_IDENTITY_STATUS_CERT_REVOCATION_UNKNOWN;
-      base::string16 issuer_name(UTF8ToUTF16(cert->issuer().GetDisplayName()));
+      base::string16 issuer_name(
+          UTF8ToUTF16(certificate_->issuer().GetDisplayName()));
       if (issuer_name.empty()) {
         issuer_name.assign(l10n_util::GetStringUTF16(
             IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));
       }
 
       site_identity_details_.assign(l10n_util::GetStringFUTF16(
           GetSiteIdentityDetailsMessageByCTInfo(
               security_info.sct_verify_statuses, false /* not EV */),
           issuer_name));
 
       site_identity_details_ += ASCIIToUTF16("\n\n");
       if (security_info.cert_status &
           net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) {
         site_identity_details_ += l10n_util::GetStringUTF16(
             IDS_PAGE_INFO_SECURITY_TAB_UNABLE_TO_CHECK_REVOCATION);
       } else if (security_info.cert_status &
                  net::CERT_STATUS_NO_REVOCATION_MECHANISM) {
         site_identity_details_ += l10n_util::GetStringUTF16(
             IDS_PAGE_INFO_SECURITY_TAB_NO_REVOCATION_MECHANISM);
       } else {
         NOTREACHED() << "Need to specify string for this warning";
       }
     } else {
       if (security_info.cert_status & net::CERT_STATUS_IS_EV) {
         // EV HTTPS page.
         site_identity_status_ = GetSiteIdentityStatusByCTInfo(
             security_info.sct_verify_statuses, true);
-        DCHECK(!cert->subject().organization_names.empty());
-        organization_name_ = UTF8ToUTF16(cert->subject().organization_names[0]);
+        DCHECK(!certificate_->subject().organization_names.empty());
+        organization_name_ =
+            UTF8ToUTF16(certificate_->subject().organization_names[0]);
         // An EV Cert is required to have a city (localityName) and country but
         // state is "if any".
-        DCHECK(!cert->subject().locality_name.empty());
-        DCHECK(!cert->subject().country_name.empty());
+        DCHECK(!certificate_->subject().locality_name.empty());
+        DCHECK(!certificate_->subject().country_name.empty());
         base::string16 locality;
-        if (!cert->subject().state_or_province_name.empty()) {
+        if (!certificate_->subject().state_or_province_name.empty()) {
           locality = l10n_util::GetStringFUTF16(
               IDS_PAGEINFO_ADDRESS,
-              UTF8ToUTF16(cert->subject().locality_name),
-              UTF8ToUTF16(cert->subject().state_or_province_name),
-              UTF8ToUTF16(cert->subject().country_name));
+              UTF8ToUTF16(certificate_->subject().locality_name),
+              UTF8ToUTF16(certificate_->subject().state_or_province_name),
+              UTF8ToUTF16(certificate_->subject().country_name));
         } else {
           locality = l10n_util::GetStringFUTF16(
               IDS_PAGEINFO_PARTIAL_ADDRESS,
-              UTF8ToUTF16(cert->subject().locality_name),
-              UTF8ToUTF16(cert->subject().country_name));
+              UTF8ToUTF16(certificate_->subject().locality_name),
+              UTF8ToUTF16(certificate_->subject().country_name));
         }
-        DCHECK(!cert->subject().organization_names.empty());
+        DCHECK(!certificate_->subject().organization_names.empty());
         site_identity_details_.assign(l10n_util::GetStringFUTF16(
             GetSiteIdentityDetailsMessageByCTInfo(
                 security_info.sct_verify_statuses, true /* is EV */),
-            UTF8ToUTF16(cert->subject().organization_names[0]), locality,
-            UTF8ToUTF16(cert->issuer().GetDisplayName())));
+            UTF8ToUTF16(certificate_->subject().organization_names[0]),
+            locality,
+            UTF8ToUTF16(certificate_->issuer().GetDisplayName())));
       } else {
         // Non-EV OK HTTPS page.
         site_identity_status_ = GetSiteIdentityStatusByCTInfo(
             security_info.sct_verify_statuses, false);
         base::string16 issuer_name(
-            UTF8ToUTF16(cert->issuer().GetDisplayName()));
+            UTF8ToUTF16(certificate_->issuer().GetDisplayName()));
         if (issuer_name.empty()) {
           issuer_name.assign(l10n_util::GetStringUTF16(
               IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));
         }
 
         site_identity_details_.assign(l10n_util::GetStringFUTF16(
             GetSiteIdentityDetailsMessageByCTInfo(
                 security_info.sct_verify_statuses, false /* not EV */),
             issuer_name));
       }
@@ skipping 21 matching lines @@
           // UNKNOWN_SHA1 should only appear when certificate info has not been
           // initialized, in which case this if-statement should not be running
           // because there is no other cert info.
           NOTREACHED();
       }
     }
   } else {
     // HTTP or HTTPS with errors (not warnings).
     site_identity_details_.assign(l10n_util::GetStringUTF16(
         IDS_PAGE_INFO_SECURITY_TAB_INSECURE_IDENTITY));
-    if (!security_info.scheme_is_cryptographic || !security_info.cert_id)
+    if (!security_info.scheme_is_cryptographic ||
+        !security_info.certificate.get()) {
       site_identity_status_ = SITE_IDENTITY_STATUS_NO_CERT;
-    else
+    } else {
       site_identity_status_ = SITE_IDENTITY_STATUS_ERROR;
+    }
 
     const base::string16 bullet = UTF8ToUTF16("\n • ");
     std::vector<ssl_errors::ErrorInfo> errors;
     ssl_errors::ErrorInfo::GetErrorsForCertStatus(
-        cert, security_info.cert_status, url, &errors);
+        certificate_, security_info.cert_status, url, &errors);
     for (size_t i = 0; i < errors.size(); ++i) {
       site_identity_details_ += bullet;
       site_identity_details_ += errors[i].short_description();
     }
 
     if (security_info.cert_status & net::CERT_STATUS_NON_UNIQUE_NAME) {
       site_identity_details_ += ASCIIToUTF16("\n\n");
       site_identity_details_ += l10n_util::GetStringUTF16(
           IDS_PAGE_INFO_SECURITY_TAB_NON_UNIQUE_NAME);
     }
   }
 
   // Site Connection
   // We consider anything less than 80 bits encryption to be weak encryption.
   // TODO(wtc): Bug 1198735: report mixed/unsafe content for unencrypted and
   // weakly encrypted connections.
   site_connection_status_ = SITE_CONNECTION_STATUS_UNKNOWN;
 
   base::string16 subject_name(GetSimpleSiteName(url));
   if (subject_name.empty()) {
     subject_name.assign(
         l10n_util::GetStringUTF16(IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));
   }
 
-  if (!security_info.cert_id || !security_info.scheme_is_cryptographic) {
+  if (!security_info.certificate.get() ||
+      !security_info.scheme_is_cryptographic) {
     // Page is still loading (so SSL status is not yet available) or
     // loaded over HTTP or loaded over HTTPS with no cert.
     site_connection_status_ = SITE_CONNECTION_STATUS_UNENCRYPTED;
 
     site_connection_details_.assign(l10n_util::GetStringFUTF16(
         IDS_PAGE_INFO_SECURITY_TAB_NOT_ENCRYPTED_CONNECTION_TEXT,
         subject_name));
   } else if (security_info.security_bits < 0) {
     // Security strength is unknown.  Say nothing.
     site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR;
@@ skipping 215 matching lines @@
     info.site_identity = UTF16ToUTF8(organization_name());
   else
     info.site_identity = UTF16ToUTF8(GetSimpleSiteName(site_url_));
 
   info.connection_status = site_connection_status_;
   info.connection_status_description =
       UTF16ToUTF8(site_connection_details_);
   info.identity_status = site_identity_status_;
   info.identity_status_description =
       UTF16ToUTF8(site_identity_details_);
-  info.cert_id = cert_id_;
+  info.certificate = certificate_;
   info.show_ssl_decision_revoke_button = show_ssl_decision_revoke_button_;
   ui_->SetIdentityInfo(info);
 }