[Android WebView] Propagate Java exceptions thrown in OnReceivedSslError

content/browser/ssl/ssl_manager.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/ssl/ssl_manager.h"
 
 #include <set>
 #include <utility>
 
 #include "base/bind.h"
@@ skipping 78 matching lines @@
   }
 
   std::set<SSLManager*>& get() { return set_; }
 
  private:
   std::set<SSLManager*> set_;
 
   DISALLOW_COPY_AND_ASSIGN(SSLManagerSet);
 };
 
+// On Android, HandleSSLErrorOnUI can cause a Java exception to be thrown - in
+// such a case we cannot allow calls back into Java afterwards. Make sure that
+// nothing calls into Java after calling this method - the easiest way to do so
+// is to post this as a separate task.
 void HandleSSLErrorOnUI(
     const base::Callback<WebContents*(void)>& web_contents_getter,
     const base::WeakPtr<SSLErrorHandler::Delegate>& delegate,
     const ResourceType resource_type,
     const GURL& url,
     const net::SSLInfo& ssl_info,
     bool fatal) {
   content::WebContents* web_contents = web_contents_getter.Run();
   std::unique_ptr<SSLErrorHandler> handler(new SSLErrorHandler(
       web_contents, delegate, resource_type, url, ssl_info, fatal));
 
   if (!web_contents) {
     // Requests can fail to dispatch because they don't have a WebContents. See
     // https://crbug.com/86537. In this case we have to make a decision in this
     // function, so we ignore revocation check failures.
     if (net::IsCertStatusMinorError(ssl_info.cert_status)) {
       handler->ContinueRequest();
     } else {
       handler->CancelRequest();
     }
     return;
   }
 
   NavigationControllerImpl* controller =
       static_cast<NavigationControllerImpl*>(&web_contents->GetController());
   controller->SetPendingNavigationSSLError(true);
 
   SSLManager* manager = controller->ssl_manager();
   manager->OnCertError(std::move(handler));
+  // On Android, OnCertError can cause a Java exception to be thrown - in such a
+  // case we cannot allow calls back into Java here. If adding any additional
+  // code here, make sure it cannot call into Java.
 }
 
 }  // namespace
 
 // static
 void SSLManager::OnSSLCertificateError(
     const base::WeakPtr<SSLErrorHandler::Delegate>& delegate,
     const ResourceType resource_type,
     const GURL& url,
     const base::Callback<WebContents*(void)>& web_contents_getter,
@@ skipping 165 matching lines @@
     case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION:
     case net::ERR_CERT_VALIDITY_TOO_LONG:
     case net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED:
       if (!handler->fatal())
         options_mask |= OVERRIDABLE;
       else
         options_mask |= STRICT_ENFORCEMENT;
       if (expired_previous_decision)
         options_mask |= EXPIRED_PREVIOUS_DECISION;
       OnCertErrorInternal(std::move(handler), options_mask);
+      // On Android, OnCertErrorInternal can cause a Java exception to be thrown
+      // - in such a case we cannot allow calls back into Java here. If adding
+      // any additional code here, make sure it cannot call into Java.
       break;
     case net::ERR_CERT_NO_REVOCATION_MECHANISM:
       // Ignore this error.
       handler->ContinueRequest();
       break;
     case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION:
       // We ignore this error but will show a warning status in the location
       // bar.
       handler->ContinueRequest();
       break;
     case net::ERR_CERT_CONTAINS_ERRORS:
     case net::ERR_CERT_REVOKED:
     case net::ERR_CERT_INVALID:
     case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY:
     case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN:
       if (handler->fatal())
         options_mask |= STRICT_ENFORCEMENT;
       if (expired_previous_decision)
         options_mask |= EXPIRED_PREVIOUS_DECISION;
       OnCertErrorInternal(std::move(handler), options_mask);
+      // On Android, OnCertErrorInternal can cause a Java exception to be thrown
+      // - in such a case we cannot allow calls back into Java here. If adding
+      // any additional code here, make sure it cannot call into Java.
       break;
     default:
       NOTREACHED();
       handler->CancelRequest();
       break;
   }
 }
 
 void SSLManager::DidStartResourceResponse(const GURL& url,
                                           bool has_certificate,
@@ skipping 49 matching lines @@
                          callback))) {
         return;
       }
     }
   }
 
   GetContentClient()->browser()->AllowCertificateError(
       web_contents, cert_error, ssl_info, request_url, resource_type,
       overridable, strict_enforcement, expired_previous_decision,
       base::Bind(&OnAllowCertificateWithRecordDecision, true, callback));
+  // On Android, AllowCertificateError can cause a Java exception to be thrown
+  // - in such a case we cannot allow calls back into Java here. If adding any
+  // additional code here, make sure it cannot call into Java.
 }
 
 void SSLManager::UpdateEntry(NavigationEntryImpl* entry,
                              int add_content_status_flags,
                              int remove_content_status_flags) {
   // We don't always have a navigation entry to update, for example in the
   // case of the Web Inspector.
   if (!entry)
     return;
 
@@ skipping 47 matching lines @@
   SSLManagerSet* managers =
       static_cast<SSLManagerSet*>(context->GetUserData(kSSLManagerKeyName));
 
   for (std::set<SSLManager*>::iterator i = managers->get().begin();
        i != managers->get().end(); ++i) {
     (*i)->UpdateEntry((*i)->controller()->GetLastCommittedEntry(), 0, 0);
   }
 }
 
 }  // namespace content