Set SSL info when an HTTP auth dialog is triggered by direct navigation.

chrome/browser/ui/login/login_interstitial_delegate.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/login/login_interstitial_delegate.h"
 
+#include "chrome/browser/ssl/ssl_error_info.h"
+#include "chrome/browser/ui/login/login_prompt.h"
+#include "content/public/browser/cert_store.h"
+#include "content/public/browser/navigation_entry.h"
+#include "content/public/browser/render_process_host.h"
+#include "content/public/browser/signed_certificate_timestamp_store.h"
+#include "content/public/browser/web_contents.h"
+#include "content/public/common/security_style.h"
+#include "content/public/common/signed_certificate_timestamp_id_and_status.h"
+#include "content/public/common/ssl_status.h"
+#include "net/ssl/ssl_info.h"

[meacer, 2014/07/22 22:07:09]

Some of these will be removed.

+
 LoginInterstitialDelegate::LoginInterstitialDelegate(
     content::WebContents* web_contents,
     const GURL& request_url,
-    base::Closure& callback)
-    : callback_(callback) {
+    base::Closure& callback,
+    const net::SSLInfo& ssl_info)
+    : web_contents_(web_contents),
+      callback_(callback),
+      ssl_info_(ssl_info) {
   // The interstitial page owns us.
   content::InterstitialPage* interstitial_page =
       content::InterstitialPage::Create(web_contents,
                                         true,
                                         request_url,
                                         this);
   interstitial_page->Show();
 }
 
 LoginInterstitialDelegate::~LoginInterstitialDelegate() {
 }
 
 void LoginInterstitialDelegate::CommandReceived(const std::string& command) {
   callback_.Run();
 }
 
 std::string LoginInterstitialDelegate::GetHTMLContents() {
   // Showing an interstitial results in a new navigation, and a new navigation
   // closes all modal dialogs on the page. Therefore the login prompt must be
   // shown after the interstitial is displayed. This is done by sending a
   // command from the interstitial page as soon as it is loaded.
   return std::string(
       "<!DOCTYPE html>"
       "<html><body><script>"
       "window.domAutomationController.setAutomationId(1);"
       "window.domAutomationController.send('1');"
       "</script></body></html>");
 }
+
+void LoginInterstitialDelegate::OverrideEntry(content::NavigationEntry* entry) {
+  entry->GetSSL().security_style = content::SECURITY_STYLE_UNKNOWN;
+  // LoginHandler::UpdateSSLState doesn't set the mixed content state, but the

[Charlie Reis, 2014/07/22 22:01:21]

This concerns me.  Are you saying that there could be a mixed content warning
that is missed while the login prompt is showing?  That sounds bad.

You could imagine a case where something like window.opener is on the same HTTPS
origin and has mixed content.  Once the user logs into what looked like a safe
prompt, the mixed content opener reaches in and has access to the
now-authenticated page.

[meacer, 2014/07/22 22:07:09]

Ah, I didn't consider the "mixed content on the same origin" case. I was
assuming that the check was per page rather than per origin, but it makes sense
for it to be per origin.

The main problem here is that I can't seem to use SSLManager from UI code. If I
can, then I won't need to duplicate the logic. Not sure if it's possible though.

[Charlie Reis, 2014/07/22 23:23:18]

Yeah, it would be good to find a way to expose the info that you need, because
duplicating it outside of content/ will certainly lead to unfixed bugs.  Not
sure what content/public surface is the right place for it, so adding John to
see if he has ideas.

+  // navigation entry for this interstitial will be discarded once the login
+  // prompt is closed anyways, and the SSL state will be updated correctly once
+  // the pending navigation will commit.
+  LoginHandler::UpdateSSLState(entry, web_contents_, ssl_info_);
+}