Stop using CertStore which is not compatible with PlzNavigate.

chrome/browser/ssl/chrome_security_state_model_client.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/chrome_security_state_model_client.h"
 
 #include <vector>
 
 #include "base/command_line.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/strings/string16.h"
 #include "base/strings/utf_string_conversions.h"
 #include "build/build_config.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
 #include "chrome/browser/safe_browsing/ui_manager.h"
 #include "chrome/grit/generated_resources.h"
-#include "content/public/browser/cert_store.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/security_style_explanation.h"
 #include "content/public/browser/security_style_explanations.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/origin_util.h"
 #include "content/public/common/ssl_status.h"
 #include "net/base/net_errors.h"
 #include "net/cert/x509_certificate.h"
 #include "net/ssl/ssl_cipher_suite_names.h"
 #include "net/ssl/ssl_connection_status_flags.h"
@@ skipping 52 matching lines @@
   NOTREACHED();
   return content::SECURITY_STYLE_UNKNOWN;
 }
 
 void AddConnectionExplanation(
     const security_state::SecurityStateModel::SecurityInfo& security_info,
     content::SecurityStyleExplanations* security_style_explanations) {
 
   // Avoid showing TLS details when we couldn't even establish a TLS connection
   // (e.g. for net errors) or if there was no real connection (some tests). We
-  // check the |cert_id| to see if there was a connection.
-  if (security_info.cert_id == 0 || security_info.connection_status == 0) {
+  // check the |certificate| to see if there was a connection.
+  if (!security_info.certificate || security_info.connection_status == 0) {
     return;
   }
 
   int ssl_version =
       net::SSLConnectionStatusToVersion(security_info.connection_status);
   const char* protocol;
   net::SSLVersionToString(&protocol, ssl_version);
   const char* key_exchange;
   const char* cipher;
   const char* mac;
@@ skipping 101 matching lines @@
   if (!security_info.scheme_is_cryptographic) {
     return security_style;
   }
 
   if (security_info.sha1_deprecation_status ==
       SecurityStateModel::DEPRECATED_SHA1_MAJOR) {
     security_style_explanations->broken_explanations.push_back(
         content::SecurityStyleExplanation(
             l10n_util::GetStringUTF8(IDS_MAJOR_SHA1),
             l10n_util::GetStringUTF8(IDS_MAJOR_SHA1_DESCRIPTION),
-            security_info.cert_id));
+            !!security_info.certificate));
   } else if (security_info.sha1_deprecation_status ==
              SecurityStateModel::DEPRECATED_SHA1_MINOR) {
     security_style_explanations->unauthenticated_explanations.push_back(
         content::SecurityStyleExplanation(
             l10n_util::GetStringUTF8(IDS_MINOR_SHA1),
             l10n_util::GetStringUTF8(IDS_MINOR_SHA1_DESCRIPTION),
-            security_info.cert_id));
+            !!security_info.certificate));
   }
 
   // Record the presence of mixed content (HTTP subresources on an HTTPS
   // page).
   security_style_explanations->ran_mixed_content =
       security_info.mixed_content_status ==
           SecurityStateModel::CONTENT_STATUS_RAN ||
       security_info.mixed_content_status ==
           SecurityStateModel::CONTENT_STATUS_DISPLAYED_AND_RAN;
   security_style_explanations->displayed_mixed_content =
@@ skipping 26 matching lines @@
   }
 
   if (is_cert_status_error) {
     base::string16 error_string = base::UTF8ToUTF16(net::ErrorToString(
         net::MapCertStatusToNetError(security_info.cert_status)));
 
     content::SecurityStyleExplanation explanation(
         l10n_util::GetStringUTF8(IDS_CERTIFICATE_CHAIN_ERROR),
         l10n_util::GetStringFUTF8(
             IDS_CERTIFICATE_CHAIN_ERROR_DESCRIPTION_FORMAT, error_string),
-        security_info.cert_id);
+        !!security_info.certificate);
 
     if (is_cert_status_minor_error) {
       security_style_explanations->unauthenticated_explanations.push_back(
           explanation);
     } else {
       security_style_explanations->broken_explanations.push_back(explanation);
     }
   } else {
     // If the certificate does not have errors and is not using
     // deprecated SHA1, then add an explanation that the certificate is
     // valid.
     if (security_info.sha1_deprecation_status ==
         SecurityStateModel::NO_DEPRECATED_SHA1) {
       security_style_explanations->secure_explanations.push_back(
           content::SecurityStyleExplanation(
               l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE),
               l10n_util::GetStringUTF8(
                   IDS_VALID_SERVER_CERTIFICATE_DESCRIPTION),
-              security_info.cert_id));
+              !!security_info.certificate));
     }
   }
 
   AddConnectionExplanation(security_info, security_style_explanations);
 
   security_style_explanations->pkp_bypassed = security_info.pkp_bypassed;
   if (security_info.pkp_bypassed) {
     security_style_explanations->info_explanations.push_back(
         content::SecurityStyleExplanation(
             "Public-Key Pinning Bypassed",
             "Public-key pinning was bypassed by a local root certificate."));
   }
 
   return security_style;
 }
 
 const SecurityStateModel::SecurityInfo&
 ChromeSecurityStateModelClient::GetSecurityInfo() const {
   return security_state_model_->GetSecurityInfo();
 }
 
 bool ChromeSecurityStateModelClient::RetrieveCert(
     scoped_refptr<net::X509Certificate>* cert) {
   content::NavigationEntry* entry =
       web_contents_->GetController().GetVisibleEntry();
-  if (!entry)
+  if (!entry || !entry->GetSSL().certificate)
     return false;
-  return content::CertStore::GetInstance()->RetrieveCert(
-      entry->GetSSL().cert_id, cert);
+  *cert = entry->GetSSL().certificate;
+  return true;
 }
 
 bool ChromeSecurityStateModelClient::UsedPolicyInstalledCertificate() {
 #if defined(OS_CHROMEOS)
   policy::PolicyCertService* service =
       policy::PolicyCertServiceFactory::GetForProfile(
           Profile::FromBrowserContext(web_contents_->GetBrowserContext()));
   if (service && service->UsedPolicyCertificates())
     return true;
 #endif
@@ skipping 19 matching lines @@
     // status might already be known.
     CheckSafeBrowsingStatus(entry, web_contents_, state);
     return;
   }
 
   state->connection_info_initialized = true;
   state->url = entry->GetURL();
   const content::SSLStatus& ssl = entry->GetSSL();
   state->initial_security_level =
       GetSecurityLevelForSecurityStyle(ssl.security_style);
-  state->cert_id = ssl.cert_id;
+  state->certificate = ssl.certificate;
   state->cert_status = ssl.cert_status;
   state->connection_status = ssl.connection_status;
   state->security_bits = ssl.security_bits;
   state->pkp_bypassed = ssl.pkp_bypassed;
   state->sct_verify_statuses.clear();
   state->sct_verify_statuses.insert(state->sct_verify_statuses.begin(),
                                     ssl.sct_statuses.begin(),
                                     ssl.sct_statuses.end());
   state->displayed_mixed_content =
       !!(ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT);
   state->ran_mixed_content =
       !!(ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT);
   state->displayed_content_with_cert_errors =
       !!(ssl.content_status &
          content::SSLStatus::DISPLAYED_CONTENT_WITH_CERT_ERRORS);
   state->ran_content_with_cert_errors =
       !!(ssl.content_status & content::SSLStatus::RAN_CONTENT_WITH_CERT_ERRORS);
 
   CheckSafeBrowsingStatus(entry, web_contents_, state);
 }