Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(281)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: ios/web/net/crw_ssl_status_updater.mm

Issue 2327433002: Stop using CertStore which is not compatible with PlzNavigate. (Closed)
Patch Set: remove certstore on non-ios and update plznavigate test filter Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« ios/chrome/browser/ssl/ios_ssl_blocking_page.mm ('K') | « ios/chrome/browser/ssl/ios_ssl_blocking_page.mm ('k') | ios/web/net/crw_ssl_status_updater_unittest.mm » ('j') | ios/web/net/crw_ssl_status_updater_unittest.mm » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #import "ios/web/net/crw_ssl_status_updater.h" 5 #import "ios/web/net/crw_ssl_status_updater.h"
6 6
7 #import "base/ios/weak_nsobject.h" 7 #import "base/ios/weak_nsobject.h"
8 #import "base/mac/scoped_nsobject.h" 8 #import "base/mac/scoped_nsobject.h"
9 #import "base/strings/sys_string_conversions.h" 9 #import "base/strings/sys_string_conversions.h"
10 #include "ios/web/public/cert_store.h" 10 #include "ios/web/public/cert_store.h"
Eugene But (OOO till 7-30) 2016/09/08 16:57:46 ditto
11 #import "ios/web/public/navigation_item.h" 11 #import "ios/web/public/navigation_item.h"
12 #import "ios/web/public/navigation_manager.h" 12 #import "ios/web/public/navigation_manager.h"
13 #include "ios/web/public/ssl_status.h" 13 #include "ios/web/public/ssl_status.h"
14 #import "ios/web/web_state/wk_web_view_security_util.h" 14 #import "ios/web/web_state/wk_web_view_security_util.h"
15 #include "net/cert/x509_certificate.h" 15 #include "net/cert/x509_certificate.h"
16 #include "url/gurl.h" 16 #include "url/gurl.h"
17 17
18 #if !defined(__has_feature) || !__has_feature(objc_arc) 18 #if !defined(__has_feature) || !__has_feature(objc_arc)
19 #error "This file requires ARC support." 19 #error "This file requires ARC support."
20 #endif 20 #endif
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after
94 // |hasOnlySecureContent| returns NO it means passive content. 94 // |hasOnlySecureContent| returns NO it means passive content.
95 item->GetSSL().content_status = 95 item->GetSSL().content_status =
96 hasOnlySecureContent ? web::SSLStatus::NORMAL_CONTENT 96 hasOnlySecureContent ? web::SSLStatus::NORMAL_CONTENT
97 : web::SSLStatus::DISPLAYED_INSECURE_CONTENT; 97 : web::SSLStatus::DISPLAYED_INSECURE_CONTENT;
98 98
99 // Try updating SSLStatus for current NavigationItem asynchronously. 99 // Try updating SSLStatus for current NavigationItem asynchronously.
100 scoped_refptr<net::X509Certificate> cert; 100 scoped_refptr<net::X509Certificate> cert;
101 if (item->GetURL().SchemeIsCryptographic()) { 101 if (item->GetURL().SchemeIsCryptographic()) {
102 cert = web::CreateCertFromTrust(trust); 102 cert = web::CreateCertFromTrust(trust);
103 if (cert) { 103 if (cert) {
104 int oldCertID = item->GetSSL().cert_id; 104 scoped_refptr<net::X509Certificate> oldCert = item->GetSSL().certificate;
105 std::string oldHost = item->GetSSL().cert_status_host; 105 std::string oldHost = item->GetSSL().cert_status_host;
106 item->GetSSL().cert_id = web::CertStore::GetInstance()->StoreCert( 106 item->GetSSL().certificate = cert;
107 cert.get(), self.certGroupID);
108 item->GetSSL().cert_status_host = base::SysNSStringToUTF8(host); 107 item->GetSSL().cert_status_host = base::SysNSStringToUTF8(host);
109 // Only recompute the SSLStatus information if the certificate or host has 108 // Only recompute the SSLStatus information if the certificate or host has
110 // since changed. Host can be changed in case of redirect. 109 // since changed. Host can be changed in case of redirect.
111 if (oldCertID != item->GetSSL().cert_id || 110 if (!oldCert.get() || !oldCert->Equals(cert.get()) ||
112 oldHost != item->GetSSL().cert_status_host) { 111 oldHost != item->GetSSL().cert_status_host) {
113 // Real SSL status is unknown, reset cert status and security style. 112 // Real SSL status is unknown, reset cert status and security style.
114 // They will be asynchronously updated in 113 // They will be asynchronously updated in
115 // |scheduleSSLStatusUpdateUsingTrust:host:|. 114 // |scheduleSSLStatusUpdateUsingTrust:host:|.
116 item->GetSSL().cert_status = CertStatus(); 115 item->GetSSL().cert_status = CertStatus();
117 item->GetSSL().security_style = web::SECURITY_STYLE_UNKNOWN; 116 item->GetSSL().security_style = web::SECURITY_STYLE_UNKNOWN;
118 117
119 [self scheduleSSLStatusUpdateUsingTrust:std::move(trust) host:host]; 118 [self scheduleSSLStatusUpdateUsingTrust:std::move(trust) host:host];
120 } 119 }
121 } 120 }
122 } 121 }
123 122
124 if (!cert) { 123 if (!cert) {
125 item->GetSSL().cert_id = 0; 124 item->GetSSL().certificate = nullptr;
126 if (!item->GetURL().SchemeIsCryptographic()) { 125 if (!item->GetURL().SchemeIsCryptographic()) {
127 // HTTP or other non-secure connection. 126 // HTTP or other non-secure connection.
128 item->GetSSL().security_style = web::SECURITY_STYLE_UNAUTHENTICATED; 127 item->GetSSL().security_style = web::SECURITY_STYLE_UNAUTHENTICATED;
129 } else { 128 } else {
130 // HTTPS, no certificate (this use-case has not been observed). 129 // HTTPS, no certificate (this use-case has not been observed).
131 item->GetSSL().security_style = web::SECURITY_STYLE_UNKNOWN; 130 item->GetSSL().security_style = web::SECURITY_STYLE_UNKNOWN;
132 } 131 }
133 } 132 }
134 133
135 if (!previousSSLStatus.Equals(item->GetSSL())) { 134 if (!previousSSLStatus.Equals(item->GetSSL())) {
(...skipping 11 matching lines...) Expand all
147 // The searched item almost always be the last one, so walk backward rather 146 // The searched item almost always be the last one, so walk backward rather
148 // than forward. 147 // than forward.
149 for (int i = _navigationManager->GetItemCount() - 1; 0 <= i; i--) { 148 for (int i = _navigationManager->GetItemCount() - 1; 0 <= i; i--) {
150 web::NavigationItem* item = _navigationManager->GetItemAtIndex(i); 149 web::NavigationItem* item = _navigationManager->GetItemAtIndex(i);
151 if (item->GetUniqueID() != navigationItemID) 150 if (item->GetUniqueID() != navigationItemID)
152 continue; 151 continue;
153 152
154 // NavigationItem's UniqueID is preserved even after redirects, so 153 // NavigationItem's UniqueID is preserved even after redirects, so
155 // checking that cert and URL match is necessary. 154 // checking that cert and URL match is necessary.
156 scoped_refptr<net::X509Certificate> cert(web::CreateCertFromTrust(trust)); 155 scoped_refptr<net::X509Certificate> cert(web::CreateCertFromTrust(trust));
157 int certID =
158 web::CertStore::GetInstance()->StoreCert(cert.get(), self.certGroupID);
159 std::string GURLHost = base::SysNSStringToUTF8(host); 156 std::string GURLHost = base::SysNSStringToUTF8(host);
160 web::SSLStatus& SSLStatus = item->GetSSL(); 157 web::SSLStatus& SSLStatus = item->GetSSL();
161 if (item->GetURL().SchemeIsCryptographic() && SSLStatus.cert_id == certID && 158 if (item->GetURL().SchemeIsCryptographic() &&
159 !!SSLStatus.certificate.get() &&
160 SSLStatus.certificate->Equals(cert.get()) &&
162 item->GetURL().host() == GURLHost) { 161 item->GetURL().host() == GURLHost) {
163 web::SSLStatus previousSSLStatus = item->GetSSL(); 162 web::SSLStatus previousSSLStatus = item->GetSSL();
164 SSLStatus.cert_status = certStatus; 163 SSLStatus.cert_status = certStatus;
165 SSLStatus.security_style = style; 164 SSLStatus.security_style = style;
166 if (!previousSSLStatus.Equals(SSLStatus)) { 165 if (!previousSSLStatus.Equals(SSLStatus)) {
167 [self didChangeSSLStatusForNavigationItem:item]; 166 [self didChangeSSLStatusForNavigationItem:item];
168 } 167 }
169 } 168 }
170 return; 169 return;
171 } 170 }
(...skipping 21 matching lines...) Expand all
193 192
194 - (void)didChangeSSLStatusForNavigationItem:(web::NavigationItem*)navItem { 193 - (void)didChangeSSLStatusForNavigationItem:(web::NavigationItem*)navItem {
195 if ([_delegate respondsToSelector: 194 if ([_delegate respondsToSelector:
196 @selector(SSLStatusUpdater:didChangeSSLStatusForNavigationItem:)]) { 195 @selector(SSLStatusUpdater:didChangeSSLStatusForNavigationItem:)]) {
197 [_delegate SSLStatusUpdater:self 196 [_delegate SSLStatusUpdater:self
198 didChangeSSLStatusForNavigationItem:navItem]; 197 didChangeSSLStatusForNavigationItem:navItem];
199 } 198 }
200 } 199 }
201 200
202 @end 201 @end
OLDNEW
« ios/chrome/browser/ssl/ios_ssl_blocking_page.mm ('K') | « ios/chrome/browser/ssl/ios_ssl_blocking_page.mm ('k') | ios/web/net/crw_ssl_status_updater_unittest.mm » ('j') | ios/web/net/crw_ssl_status_updater_unittest.mm » ('J')

Powered by Google App Engine
This is Rietveld 408576698