Set SSL info when an HTTP auth dialog is triggered by direct navigation.

content/browser/loader/resource_loader.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/loader/resource_loader.h"
 
 #include "base/command_line.h"
 #include "base/message_loop/message_loop.h"
 #include "base/metrics/histogram.h"
 #include "base/profiler/scoped_tracker.h"
@@ skipping 59 matching lines @@
         &response->head.service_worker_fetch_end);
   }
   AppCacheInterceptor::GetExtraResponseInfo(
       request,
       &response->head.appcache_id,
       &response->head.appcache_manifest_url);
   if (info->is_load_timing_enabled())
     request->GetLoadTimingInfo(&response->head.load_timing);
 }
 
+// Stores the SignedCertificateTimestamps held in |sct_list| in the
+// SignedCertificateTimestampStore singleton, associated with |process_id|.
+// On return, |sct_ids| contains the assigned ID and verification status of
+// each SignedCertificateTimestamp.
+void StoreSignedCertificateTimestamps(
+    const net::SignedCertificateTimestampAndStatusList& sct_list,
+    int process_id,
+    SignedCertificateTimestampIDStatusList* sct_ids) {
+  SignedCertificateTimestampStore* sct_store(
+      SignedCertificateTimestampStore::GetInstance());
+
+  for (net::SignedCertificateTimestampAndStatusList::const_iterator iter =
+           sct_list.begin();
+       iter != sct_list.end(); ++iter) {
+    const int sct_id(sct_store->Store(iter->sct.get(), process_id));
+    sct_ids->push_back(
+        SignedCertificateTimestampIDAndStatus(sct_id, iter->status));
+  }
+}
+
+std::string StoreAndSerializeSecurityInfo(const net::SSLInfo& ssl_info,
+                                          int process_id) {
+  DCHECK(ssl_info.cert.get());
+  int cert_id =
+      CertStore::GetInstance()->StoreCert(ssl_info.cert.get(), process_id);
+
+  SignedCertificateTimestampIDStatusList signed_certificate_timestamp_ids;
+  StoreSignedCertificateTimestamps(ssl_info.signed_certificate_timestamps,
+                                   process_id,
+                                   &signed_certificate_timestamp_ids);
+
+  return SerializeSecurityInfo(
+      cert_id, ssl_info.cert_status, ssl_info.security_bits,
+      ssl_info.connection_status, signed_certificate_timestamp_ids);
+}
+
 }  // namespace
 
 ResourceLoader::ResourceLoader(scoped_ptr<net::URLRequest> request,
                                scoped_ptr<ResourceHandler> handler,
                                ResourceLoaderDelegate* delegate)
     : deferred_stage_(DEFERRED_NONE),
       request_(request.Pass()),
       handler_(handler.Pass()),
       delegate_(delegate),
       last_upload_position_(0),
@@ skipping 190 matching lines @@
 void ResourceLoader::OnAuthRequired(net::URLRequest* unused,
                                     net::AuthChallengeInfo* auth_info) {
   DCHECK_EQ(request_.get(), unused);
 
   ResourceRequestInfoImpl* info = GetRequestInfo();
   if (info->do_not_prompt_for_login()) {
     request_->CancelAuth();
     return;
   }
 
+  // Update the SSL state before showing the auth prompt.
+  const net::SSLInfo& ssl_info = request_->response_info().ssl_info;
+  if (ssl_info.cert.get()) {
+    bool is_main_frame = (request_->load_flags() & net::LOAD_MAIN_FRAME) != 0;
+    ResourceRequestInfoImpl* info = GetRequestInfo();
+    int render_process_id;
+    int render_frame_id;
+    if (!info->GetAssociatedRenderFrame(&render_process_id, &render_frame_id))

[Charlie Reis, 2015/03/18 17:46:38]

Random question: Why does this method return a boolean?  Looks like there's only
one implementation of it and it can't return false.

(No need to fix in this CL, but that might be a useful cleanup.)

+      CHECK(0);

[Charlie Reis, 2015/03/18 17:46:38]

nit: CHECK(false) is more common.

[palmer, 2015/09/29 00:03:33]

Done in https://codereview.chromium.org/1368863002.

+    std::string security_info =
+        StoreAndSerializeSecurityInfo(ssl_info, info->GetChildID());
+    SSLManager::OnAuthDialog(render_process_id, render_frame_id, security_info,
+                             is_main_frame);
+  } else {
+    // We should not have any SSL state.
+    DCHECK(!ssl_info.cert_status && ssl_info.security_bits == -1 &&
+           !ssl_info.connection_status);
+  }
+
   // Create a login dialog on the UI thread to get authentication data, or pull
   // from cache and continue on the IO thread.
-
   DCHECK(!login_delegate_.get())
       << "OnAuthRequired called with login_delegate pending";
   login_delegate_ = delegate_->CreateLoginDelegate(this, auth_info);
   if (!login_delegate_.get())
     request_->CancelAuth();
 }
 
 void ResourceLoader::OnCertificateRequested(
     net::URLRequest* unused,
     net::SSLCertRequestInfo* cert_info) {
@@ skipping 13 matching lines @@
 }
 
 void ResourceLoader::OnSSLCertificateError(net::URLRequest* request,
                                            const net::SSLInfo& ssl_info,
                                            bool fatal) {
   ResourceRequestInfoImpl* info = GetRequestInfo();
 
   int render_process_id;
   int render_frame_id;
   if (!info->GetAssociatedRenderFrame(&render_process_id, &render_frame_id))
-    NOTREACHED();
+    CHECK(0);
 
   SSLManager::OnSSLCertificateError(
       weak_ptr_factory_.GetWeakPtr(),
       info->GetResourceType(),
       request_->url(),
       render_process_id,
       render_frame_id,
       ssl_info,
       fatal);
 }
@@ skipping 267 matching lines @@
     // If the request isn't in flight, then we won't get an asynchronous
     // notification from the request, so we have to signal ourselves to finish
     // this request.
     base::MessageLoop::current()->PostTask(
         FROM_HERE,
         base::Bind(&ResourceLoader::ResponseCompleted,
                    weak_ptr_factory_.GetWeakPtr()));
   }
 }
 
-void ResourceLoader::StoreSignedCertificateTimestamps(
-    const net::SignedCertificateTimestampAndStatusList& sct_list,
-    int process_id,
-    SignedCertificateTimestampIDStatusList* sct_ids) {
-  SignedCertificateTimestampStore* sct_store(
-      SignedCertificateTimestampStore::GetInstance());
-
-  for (net::SignedCertificateTimestampAndStatusList::const_iterator iter =
-       sct_list.begin(); iter != sct_list.end(); ++iter) {
-    const int sct_id(sct_store->Store(iter->sct.get(), process_id));
-    sct_ids->push_back(
-        SignedCertificateTimestampIDAndStatus(sct_id, iter->status));
-  }
-}
-
 void ResourceLoader::CompleteResponseStarted() {
   // TODO(vadimt): Remove ScopedTracker below once crbug.com/423948 is fixed.
   tracked_objects::ScopedTracker tracking_profile1(
       FROM_HERE_WITH_EXPLICIT_FUNCTION(
           "423948 ResourceLoader::CompleteResponseStarted1"));
 
   ResourceRequestInfoImpl* info = GetRequestInfo();
 
   // TODO(vadimt): Remove ScopedTracker below once crbug.com/423948 is fixed.
   tracked_objects::ScopedTracker tracking_profile2(
       FROM_HERE_WITH_EXPLICIT_FUNCTION(
           "423948 ResourceLoader::CompleteResponseStarted2"));
 
   scoped_refptr<ResourceResponse> response(new ResourceResponse());
   PopulateResourceResponse(info, request_.get(), response.get());
 
   if (request_->ssl_info().cert.get()) {
     // TODO(vadimt): Remove ScopedTracker below once crbug.com/423948 is fixed.
     tracked_objects::ScopedTracker tracking_profile3(
         FROM_HERE_WITH_EXPLICIT_FUNCTION(
             "423948 ResourceLoader::CompleteResponseStarted3"));
 
-    int cert_id = CertStore::GetInstance()->StoreCert(
-        request_->ssl_info().cert.get(), info->GetChildID());
+    response->head.security_info =
+        StoreAndSerializeSecurityInfo(request_->ssl_info(), info->GetChildID());
 
-    SignedCertificateTimestampIDStatusList signed_certificate_timestamp_ids;
-    StoreSignedCertificateTimestamps(
-        request_->ssl_info().signed_certificate_timestamps,
-        info->GetChildID(),
-        &signed_certificate_timestamp_ids);
-
-    response->head.security_info = SerializeSecurityInfo(
-        cert_id,
-        request_->ssl_info().cert_status,
-        request_->ssl_info().security_bits,
-        request_->ssl_info().connection_status,
-        signed_certificate_timestamp_ids);
   } else {
     // We should not have any SSL state.
     DCHECK(!request_->ssl_info().cert_status &&
            request_->ssl_info().security_bits == -1 &&
            !request_->ssl_info().connection_status);
   }
 
   // TODO(vadimt): Remove ScopedTracker below once crbug.com/423948 is fixed.
   tracked_objects::ScopedTracker tracking_profile5(
       FROM_HERE_WITH_EXPLICIT_FUNCTION(
@@ skipping 110 matching lines @@
   // instance.)
 }
 
 void ResourceLoader::ResponseCompleted() {
   VLOG(1) << "ResponseCompleted: " << request_->url().spec();
   RecordHistograms();
   ResourceRequestInfoImpl* info = GetRequestInfo();
 
   std::string security_info;
   const net::SSLInfo& ssl_info = request_->ssl_info();
-  if (ssl_info.cert.get() != NULL) {
-    int cert_id = CertStore::GetInstance()->StoreCert(ssl_info.cert.get(),
-                                                      info->GetChildID());
-    SignedCertificateTimestampIDStatusList signed_certificate_timestamp_ids;
-    StoreSignedCertificateTimestamps(ssl_info.signed_certificate_timestamps,
-                                     info->GetChildID(),
-                                     &signed_certificate_timestamp_ids);
-
-    security_info = SerializeSecurityInfo(
-        cert_id, ssl_info.cert_status, ssl_info.security_bits,
-        ssl_info.connection_status, signed_certificate_timestamp_ids);
-  }
+  if (ssl_info.cert.get() != NULL)
+    security_info = StoreAndSerializeSecurityInfo(ssl_info, info->GetChildID());
 
   bool defer = false;
   {
     // TODO(vadimt): Remove ScopedTracker below once crbug.com/423948 is fixed.
     tracked_objects::ScopedTracker tracking_profile(
         FROM_HERE_WITH_EXPLICIT_FUNCTION(
             "423948 ResourceLoader::ResponseCompleted"));
 
     handler_->OnResponseCompleted(request_->status(), security_info, &defer);
   }
@@ skipping 38 matching lines @@
       case net::URLRequestStatus::FAILED:
         status = STATUS_UNDEFINED;
         break;
     }
 
     UMA_HISTOGRAM_ENUMERATION("Net.Prefetch.Pattern", status, STATUS_MAX);
   }
 }
 
 }  // namespace content