OLD | NEW |
---|---|
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #import "ios/web/net/crw_ssl_status_updater.h" | 5 #import "ios/web/net/crw_ssl_status_updater.h" |
6 | 6 |
7 #import "base/ios/weak_nsobject.h" | 7 #import "base/ios/weak_nsobject.h" |
8 #import "base/mac/scoped_nsobject.h" | 8 #import "base/mac/scoped_nsobject.h" |
9 #import "base/strings/sys_string_conversions.h" | 9 #import "base/strings/sys_string_conversions.h" |
10 #include "ios/web/public/cert_store.h" | 10 #include "ios/web/public/cert_store.h" |
Eugene But (OOO till 7-30)
2016/09/08 16:57:46
ditto
| |
11 #import "ios/web/public/navigation_item.h" | 11 #import "ios/web/public/navigation_item.h" |
12 #import "ios/web/public/navigation_manager.h" | 12 #import "ios/web/public/navigation_manager.h" |
13 #include "ios/web/public/ssl_status.h" | 13 #include "ios/web/public/ssl_status.h" |
14 #import "ios/web/web_state/wk_web_view_security_util.h" | 14 #import "ios/web/web_state/wk_web_view_security_util.h" |
15 #include "net/cert/x509_certificate.h" | 15 #include "net/cert/x509_certificate.h" |
16 #include "url/gurl.h" | 16 #include "url/gurl.h" |
17 | 17 |
18 #if !defined(__has_feature) || !__has_feature(objc_arc) | 18 #if !defined(__has_feature) || !__has_feature(objc_arc) |
19 #error "This file requires ARC support." | 19 #error "This file requires ARC support." |
20 #endif | 20 #endif |
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
94 // |hasOnlySecureContent| returns NO it means passive content. | 94 // |hasOnlySecureContent| returns NO it means passive content. |
95 item->GetSSL().content_status = | 95 item->GetSSL().content_status = |
96 hasOnlySecureContent ? web::SSLStatus::NORMAL_CONTENT | 96 hasOnlySecureContent ? web::SSLStatus::NORMAL_CONTENT |
97 : web::SSLStatus::DISPLAYED_INSECURE_CONTENT; | 97 : web::SSLStatus::DISPLAYED_INSECURE_CONTENT; |
98 | 98 |
99 // Try updating SSLStatus for current NavigationItem asynchronously. | 99 // Try updating SSLStatus for current NavigationItem asynchronously. |
100 scoped_refptr<net::X509Certificate> cert; | 100 scoped_refptr<net::X509Certificate> cert; |
101 if (item->GetURL().SchemeIsCryptographic()) { | 101 if (item->GetURL().SchemeIsCryptographic()) { |
102 cert = web::CreateCertFromTrust(trust); | 102 cert = web::CreateCertFromTrust(trust); |
103 if (cert) { | 103 if (cert) { |
104 int oldCertID = item->GetSSL().cert_id; | 104 scoped_refptr<net::X509Certificate> oldCert = item->GetSSL().certificate; |
105 std::string oldHost = item->GetSSL().cert_status_host; | 105 std::string oldHost = item->GetSSL().cert_status_host; |
106 item->GetSSL().cert_id = web::CertStore::GetInstance()->StoreCert( | 106 item->GetSSL().certificate = cert; |
107 cert.get(), self.certGroupID); | |
108 item->GetSSL().cert_status_host = base::SysNSStringToUTF8(host); | 107 item->GetSSL().cert_status_host = base::SysNSStringToUTF8(host); |
109 // Only recompute the SSLStatus information if the certificate or host has | 108 // Only recompute the SSLStatus information if the certificate or host has |
110 // since changed. Host can be changed in case of redirect. | 109 // since changed. Host can be changed in case of redirect. |
111 if (oldCertID != item->GetSSL().cert_id || | 110 if (!oldCert.get() || !oldCert->Equals(cert.get()) || |
112 oldHost != item->GetSSL().cert_status_host) { | 111 oldHost != item->GetSSL().cert_status_host) { |
113 // Real SSL status is unknown, reset cert status and security style. | 112 // Real SSL status is unknown, reset cert status and security style. |
114 // They will be asynchronously updated in | 113 // They will be asynchronously updated in |
115 // |scheduleSSLStatusUpdateUsingTrust:host:|. | 114 // |scheduleSSLStatusUpdateUsingTrust:host:|. |
116 item->GetSSL().cert_status = CertStatus(); | 115 item->GetSSL().cert_status = CertStatus(); |
117 item->GetSSL().security_style = web::SECURITY_STYLE_UNKNOWN; | 116 item->GetSSL().security_style = web::SECURITY_STYLE_UNKNOWN; |
118 | 117 |
119 [self scheduleSSLStatusUpdateUsingTrust:std::move(trust) host:host]; | 118 [self scheduleSSLStatusUpdateUsingTrust:std::move(trust) host:host]; |
120 } | 119 } |
121 } | 120 } |
122 } | 121 } |
123 | 122 |
124 if (!cert) { | 123 if (!cert) { |
125 item->GetSSL().cert_id = 0; | 124 item->GetSSL().certificate = nullptr; |
126 if (!item->GetURL().SchemeIsCryptographic()) { | 125 if (!item->GetURL().SchemeIsCryptographic()) { |
127 // HTTP or other non-secure connection. | 126 // HTTP or other non-secure connection. |
128 item->GetSSL().security_style = web::SECURITY_STYLE_UNAUTHENTICATED; | 127 item->GetSSL().security_style = web::SECURITY_STYLE_UNAUTHENTICATED; |
129 } else { | 128 } else { |
130 // HTTPS, no certificate (this use-case has not been observed). | 129 // HTTPS, no certificate (this use-case has not been observed). |
131 item->GetSSL().security_style = web::SECURITY_STYLE_UNKNOWN; | 130 item->GetSSL().security_style = web::SECURITY_STYLE_UNKNOWN; |
132 } | 131 } |
133 } | 132 } |
134 | 133 |
135 if (!previousSSLStatus.Equals(item->GetSSL())) { | 134 if (!previousSSLStatus.Equals(item->GetSSL())) { |
(...skipping 11 matching lines...) Expand all Loading... | |
147 // The searched item almost always be the last one, so walk backward rather | 146 // The searched item almost always be the last one, so walk backward rather |
148 // than forward. | 147 // than forward. |
149 for (int i = _navigationManager->GetItemCount() - 1; 0 <= i; i--) { | 148 for (int i = _navigationManager->GetItemCount() - 1; 0 <= i; i--) { |
150 web::NavigationItem* item = _navigationManager->GetItemAtIndex(i); | 149 web::NavigationItem* item = _navigationManager->GetItemAtIndex(i); |
151 if (item->GetUniqueID() != navigationItemID) | 150 if (item->GetUniqueID() != navigationItemID) |
152 continue; | 151 continue; |
153 | 152 |
154 // NavigationItem's UniqueID is preserved even after redirects, so | 153 // NavigationItem's UniqueID is preserved even after redirects, so |
155 // checking that cert and URL match is necessary. | 154 // checking that cert and URL match is necessary. |
156 scoped_refptr<net::X509Certificate> cert(web::CreateCertFromTrust(trust)); | 155 scoped_refptr<net::X509Certificate> cert(web::CreateCertFromTrust(trust)); |
157 int certID = | |
158 web::CertStore::GetInstance()->StoreCert(cert.get(), self.certGroupID); | |
159 std::string GURLHost = base::SysNSStringToUTF8(host); | 156 std::string GURLHost = base::SysNSStringToUTF8(host); |
160 web::SSLStatus& SSLStatus = item->GetSSL(); | 157 web::SSLStatus& SSLStatus = item->GetSSL(); |
161 if (item->GetURL().SchemeIsCryptographic() && SSLStatus.cert_id == certID && | 158 if (item->GetURL().SchemeIsCryptographic() && |
159 !!SSLStatus.certificate.get() && | |
160 SSLStatus.certificate->Equals(cert.get()) && | |
162 item->GetURL().host() == GURLHost) { | 161 item->GetURL().host() == GURLHost) { |
163 web::SSLStatus previousSSLStatus = item->GetSSL(); | 162 web::SSLStatus previousSSLStatus = item->GetSSL(); |
164 SSLStatus.cert_status = certStatus; | 163 SSLStatus.cert_status = certStatus; |
165 SSLStatus.security_style = style; | 164 SSLStatus.security_style = style; |
166 if (!previousSSLStatus.Equals(SSLStatus)) { | 165 if (!previousSSLStatus.Equals(SSLStatus)) { |
167 [self didChangeSSLStatusForNavigationItem:item]; | 166 [self didChangeSSLStatusForNavigationItem:item]; |
168 } | 167 } |
169 } | 168 } |
170 return; | 169 return; |
171 } | 170 } |
(...skipping 21 matching lines...) Expand all Loading... | |
193 | 192 |
194 - (void)didChangeSSLStatusForNavigationItem:(web::NavigationItem*)navItem { | 193 - (void)didChangeSSLStatusForNavigationItem:(web::NavigationItem*)navItem { |
195 if ([_delegate respondsToSelector: | 194 if ([_delegate respondsToSelector: |
196 @selector(SSLStatusUpdater:didChangeSSLStatusForNavigationItem:)]) { | 195 @selector(SSLStatusUpdater:didChangeSSLStatusForNavigationItem:)]) { |
197 [_delegate SSLStatusUpdater:self | 196 [_delegate SSLStatusUpdater:self |
198 didChangeSSLStatusForNavigationItem:navItem]; | 197 didChangeSSLStatusForNavigationItem:navItem]; |
199 } | 198 } |
200 } | 199 } |
201 | 200 |
202 @end | 201 @end |
OLD | NEW |