Set SSL info when an HTTP auth dialog is triggered by direct navigation.

chrome/browser/ui/login/login_prompt.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/login/login_prompt.h"
 
 #include <vector>
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/synchronization/lock.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/password_manager/chrome_password_manager_client.h"
 #include "chrome/browser/prerender/prerender_contents.h"
 #include "chrome/browser/tab_contents/tab_util.h"
 #include "chrome/browser/ui/login/login_interstitial_delegate.h"
 #include "chrome/grit/generated_resources.h"
 #include "components/password_manager/content/browser/content_password_manager_driver.h"
 #include "components/password_manager/core/browser/browser_save_password_progress_logger.h"
 #include "components/password_manager/core/browser/password_manager.h"
 #include "content/public/browser/browser_thread.h"
+#include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/notification_registrar.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/resource_dispatcher_host.h"
 #include "content/public/browser/resource_request_info.h"
 #include "content/public/browser/web_contents.h"
+#include "content/public/common/ssl_status.h"
+#include "grit/generated_resources.h"
 #include "net/base/auth.h"
 #include "net/base/load_flags.h"
 #include "net/base/net_util.h"
 #include "net/http/http_transaction_factory.h"
+#include "net/ssl/ssl_info.h"
 #include "net/url_request/url_request.h"
 #include "net/url_request/url_request_context.h"
 #include "ui/base/l10n/l10n_util.h"
 #include "ui/gfx/text_elider.h"
 
 using autofill::PasswordForm;
 using content::BrowserThread;
 using content::NavigationController;
 using content::RenderViewHost;
 using content::RenderViewHostDelegate;
@@ skipping 504 matching lines @@
   // closed, so that interstitial should only be a login interstitial.
   if (is_main_frame && (parent_contents->ShowingInterstitialPage() ||
                         parent_contents->GetLastCommittedURL().GetOrigin() !=
                             request_url.GetOrigin())) {
     // Show a blank interstitial for main-frame, cross origin requests
     // so that the correct URL is shown in the omnibox.
     base::Closure callback = base::Bind(&ShowLoginPrompt,
                                         request_url,
                                         make_scoped_refptr(auth_info),
                                         make_scoped_refptr(handler));
+    content::NavigationEntry* pending_entry =

[Charlie Reis, 2015/03/18 17:46:38]

Let's put a comment about why it's correct to use the pending entry here, since
it took us a while to realize it.  And just to sanity check, let's make sure
it's safe:

1) Browser initiated navigations will always start with a pending entry, but it
may get discarded or replaced before the navigation commits.  When does this
call happen?  (It may be possible for the pending entry to be gone by now, which
might have been why we couldn't use it.)

2) Renderer initiated navigations in the main frame will have a pending entry if
they make a network request, but it can get discarded as above.

3) Renderer initiated navigations in subframes will not have pending entries. 
Can they cause an auth dialog?

[palmer, 2015/09/29 00:03:33]

I'm following up with this at https://codereview.chromium.org/1368863002.

+        parent_contents->GetController().GetPendingEntry();
+    const content::SSLStatus& ssl_status = pending_entry->GetSSL();
     // This is owned by the interstitial it creates. It cancels any existing
     // interstitial.
-    new LoginInterstitialDelegate(parent_contents,
-                                  request_url,
+    new LoginInterstitialDelegate(parent_contents, request_url, ssl_status,
                                   callback);
   } else {
     ShowLoginPrompt(request_url,
                     auth_info,
                     handler);
   }
 }
 
 // ----------------------------------------------------------------------------
 // Public API
 
 LoginHandler* CreateLoginPrompt(net::AuthChallengeInfo* auth_info,
                                 net::URLRequest* request) {
   bool is_main_frame = (request->load_flags() & net::LOAD_MAIN_FRAME) != 0;
   LoginHandler* handler = LoginHandler::Create(auth_info, request);
   BrowserThread::PostTask(
       BrowserThread::UI, FROM_HERE,
       base::Bind(&LoginDialogCallback, request->url(),
                  make_scoped_refptr(auth_info), make_scoped_refptr(handler),
                  is_main_frame));
   return handler;
 }