-
Notifications
You must be signed in to change notification settings - Fork 6.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This will be used to handle SSL errors like expired certificates. The previous method WebClient::AllowCertificateError is no longer used. Change-Id: If165e3f8d9e084b0bfdc40b8bba281bb163f7ddd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2786322 Commit-Queue: John Wu <jzw@chromium.org> Reviewed-by: Hiroshi Ichikawa <ichikawa@chromium.org> Cr-Commit-Position: refs/heads/master@{#868284}
- Loading branch information
John Wu
authored and
Chromium LUCI CQ
committed
Mar 31, 2021
1 parent
9b84ea1
commit 6e9b2f5
Showing
10 changed files
with
367 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
// Copyright 2021 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#import "ios/web_view/internal/cwv_ssl_error_handler_internal.h" | ||
|
||
#include "base/strings/sys_string_conversions.h" | ||
#import "ios/web/public/navigation/navigation_manager.h" | ||
#include "ios/web/public/session/session_certificate_policy_cache.h" | ||
#import "ios/web_view/internal/cwv_ssl_status_internal.h" | ||
#import "ios/web_view/internal/cwv_ssl_util.h" | ||
|
||
#if !defined(__has_feature) || !__has_feature(objc_arc) | ||
#error "This file requires ARC support." | ||
#endif | ||
|
||
@implementation CWVSSLErrorHandler { | ||
web::WebState* _webState; | ||
net::SSLInfo _SSLInfo; | ||
void (^_errorPageHTMLCallback)(NSString*); | ||
BOOL _overridden; | ||
} | ||
|
||
- (instancetype)initWithWebState:(web::WebState*)webState | ||
URL:(NSURL*)URL | ||
error:(NSError*)error | ||
SSLInfo:(net::SSLInfo)SSLInfo | ||
errorPageHTMLCallback:(void (^)(NSString*))errorPageHTMLCallback { | ||
self = [super init]; | ||
if (self) { | ||
_webState = webState; | ||
_URL = URL; | ||
_error = error; | ||
_SSLInfo = SSLInfo; | ||
_errorPageHTMLCallback = errorPageHTMLCallback; | ||
_overridden = NO; | ||
} | ||
return self; | ||
} | ||
|
||
#pragma mark - Public Methods | ||
|
||
- (BOOL)overridable { | ||
// This is counterintuitive, but is consistent with //ios/chrome. | ||
// A fatal error is overridable, and a non-fatal error is not overridable. | ||
return _SSLInfo.is_fatal_cert_error; | ||
} | ||
|
||
- (CWVCertStatus)certStatus { | ||
return CWVCertStatusFromNetCertStatus(_SSLInfo.cert_status); | ||
} | ||
|
||
- (void)displayErrorPageWithHTML:(NSString*)HTML { | ||
if (!_errorPageHTMLCallback) { | ||
return; | ||
} | ||
|
||
_errorPageHTMLCallback(HTML); | ||
_errorPageHTMLCallback = nil; | ||
} | ||
|
||
- (void)overrideErrorAndReloadPage { | ||
if (!self.overridable) { | ||
return; | ||
} | ||
|
||
// web::SessionCertificatePolicyCache is null for tests. | ||
web::SessionCertificatePolicyCache* policyCache = | ||
_webState->GetSessionCertificatePolicyCache(); | ||
if (policyCache) { | ||
policyCache->RegisterAllowedCertificate(_SSLInfo.cert, | ||
base::SysNSStringToUTF8(_URL.host), | ||
_SSLInfo.cert_status); | ||
} | ||
_webState->GetNavigationManager()->Reload(web::ReloadType::NORMAL, | ||
/*check_for_repost=*/true); | ||
} | ||
|
||
@end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
// Copyright 2021 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#ifndef IOS_WEB_VIEW_INTERNAL_CWV_SSL_ERROR_HANDLER_INTERNAL_H_ | ||
#define IOS_WEB_VIEW_INTERNAL_CWV_SSL_ERROR_HANDLER_INTERNAL_H_ | ||
|
||
#include "ios/web_view/public/cwv_ssl_error_handler.h" | ||
|
||
#import "ios/web/public/web_state.h" | ||
#include "net/ssl/ssl_info.h" | ||
|
||
NS_ASSUME_NONNULL_BEGIN | ||
|
||
@interface CWVSSLErrorHandler () | ||
|
||
// Designated initializer. | ||
// |URL| The URL associated with the SSL error. | ||
// |error| The NSError object describing the error. | ||
// |SSLInfo| Contains details of the SSL error. | ||
// |errorPageHTMLCallback| Callback to be invoked to display an error page. | ||
- (instancetype)initWithWebState:(web::WebState*)webState | ||
URL:(NSURL*)URL | ||
error:(NSError*)error | ||
SSLInfo:(net::SSLInfo)SSLInfo | ||
errorPageHTMLCallback:(void (^)(NSString*))errorPageHTMLCallback | ||
NS_DESIGNATED_INITIALIZER; | ||
|
||
@end | ||
|
||
NS_ASSUME_NONNULL_END | ||
|
||
#endif // IOS_WEB_VIEW_INTERNAL_CWV_SSL_ERROR_HANDLER_INTERNAL_H_ |
123 changes: 123 additions & 0 deletions
123
ios/web_view/internal/cwv_ssl_error_handler_unittest.mm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,123 @@ | ||
// Copyright 2021 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#import "ios/web_view/internal/cwv_ssl_error_handler_internal.h" | ||
|
||
#include <memory> | ||
|
||
#import "ios/web/public/test/fakes/fake_navigation_manager.h" | ||
#import "ios/web/public/test/fakes/fake_web_state.h" | ||
#include "net/cert/cert_status_flags.h" | ||
#include "net/ssl/ssl_info.h" | ||
#include "testing/gtest/include/gtest/gtest.h" | ||
#include "testing/gtest_mac.h" | ||
#include "testing/platform_test.h" | ||
|
||
#if !defined(__has_feature) || !__has_feature(objc_arc) | ||
#error "This file requires ARC support." | ||
#endif | ||
|
||
namespace ios_web_view { | ||
|
||
class CWVSSLErrorHandlerTest : public PlatformTest { | ||
protected: | ||
CWVSSLErrorHandlerTest() {} | ||
|
||
private: | ||
DISALLOW_COPY_AND_ASSIGN(CWVSSLErrorHandlerTest); | ||
}; | ||
|
||
TEST_F(CWVSSLErrorHandlerTest, Initialization) { | ||
web::FakeWebState web_state; | ||
NSURL* URL = [NSURL URLWithString:@"https://www.chromium.org"]; | ||
NSDictionary* user_info = | ||
@{NSLocalizedDescriptionKey : @"This is an error description."}; | ||
NSError* error = [NSError errorWithDomain:@"TestDomain" | ||
code:-1 | ||
userInfo:user_info]; | ||
net::SSLInfo ssl_info; | ||
ssl_info.is_fatal_cert_error = true; | ||
ssl_info.cert_status = net::CERT_STATUS_REVOKED; | ||
CWVSSLErrorHandler* ssl_error_handler = | ||
[[CWVSSLErrorHandler alloc] initWithWebState:&web_state | ||
URL:URL | ||
error:error | ||
SSLInfo:ssl_info | ||
errorPageHTMLCallback:^(NSString* HTML){ | ||
// No op. | ||
}]; | ||
EXPECT_NSEQ(URL, ssl_error_handler.URL); | ||
EXPECT_NSEQ(error, ssl_error_handler.error); | ||
EXPECT_TRUE(ssl_error_handler.overridable); | ||
EXPECT_EQ(CWVCertStatusRevoked, ssl_error_handler.certStatus); | ||
} | ||
|
||
TEST_F(CWVSSLErrorHandlerTest, DisplayHTML) { | ||
web::FakeWebState web_state; | ||
NSURL* URL = [NSURL URLWithString:@"https://www.chromium.org"]; | ||
NSError* error = [NSError errorWithDomain:@"TestDomain" code:-1 userInfo:nil]; | ||
net::SSLInfo ssl_info; | ||
__block NSString* displayed_html = nil; | ||
CWVSSLErrorHandler* ssl_error_handler = | ||
[[CWVSSLErrorHandler alloc] initWithWebState:&web_state | ||
URL:URL | ||
error:error | ||
SSLInfo:ssl_info | ||
errorPageHTMLCallback:^(NSString* HTML) { | ||
displayed_html = HTML; | ||
}]; | ||
|
||
[ssl_error_handler displayErrorPageWithHTML:@"This is a test error page."]; | ||
EXPECT_NSEQ(@"This is a test error page.", displayed_html); | ||
} | ||
|
||
TEST_F(CWVSSLErrorHandlerTest, CanOverrideAndReload) { | ||
web::FakeWebState web_state; | ||
auto navigation_manager = std::make_unique<web::FakeNavigationManager>(); | ||
web::FakeNavigationManager* navigation_manager_ptr = navigation_manager.get(); | ||
web_state.SetNavigationManager(std::move(navigation_manager)); | ||
NSURL* URL = [NSURL URLWithString:@"https://www.chromium.org"]; | ||
NSError* error = [NSError errorWithDomain:@"TestDomain" code:-1 userInfo:nil]; | ||
net::SSLInfo ssl_info; | ||
ssl_info.is_fatal_cert_error = true; | ||
ssl_info.cert_status = net::CERT_STATUS_REVOKED; | ||
CWVSSLErrorHandler* ssl_error_handler = | ||
[[CWVSSLErrorHandler alloc] initWithWebState:&web_state | ||
URL:URL | ||
error:error | ||
SSLInfo:ssl_info | ||
errorPageHTMLCallback:^(NSString* HTML){ | ||
// No op. | ||
}]; | ||
|
||
EXPECT_TRUE(ssl_error_handler.overridable); | ||
[ssl_error_handler overrideErrorAndReloadPage]; | ||
EXPECT_TRUE(navigation_manager_ptr->ReloadWasCalled()); | ||
} | ||
|
||
TEST_F(CWVSSLErrorHandlerTest, CannotOverrideAndReload) { | ||
web::FakeWebState web_state; | ||
auto navigation_manager = std::make_unique<web::FakeNavigationManager>(); | ||
web::FakeNavigationManager* navigation_manager_ptr = navigation_manager.get(); | ||
web_state.SetNavigationManager(std::move(navigation_manager)); | ||
NSURL* URL = [NSURL URLWithString:@"https://www.chromium.org"]; | ||
NSError* error = [NSError errorWithDomain:@"TestDomain" code:-1 userInfo:nil]; | ||
net::SSLInfo ssl_info; | ||
ssl_info.is_fatal_cert_error = false; | ||
ssl_info.cert_status = net::CERT_STATUS_REVOKED; | ||
CWVSSLErrorHandler* ssl_error_handler = | ||
[[CWVSSLErrorHandler alloc] initWithWebState:&web_state | ||
URL:URL | ||
error:error | ||
SSLInfo:ssl_info | ||
errorPageHTMLCallback:^(NSString* HTML){ | ||
// No op. | ||
}]; | ||
|
||
EXPECT_FALSE(ssl_error_handler.overridable); | ||
[ssl_error_handler overrideErrorAndReloadPage]; | ||
EXPECT_FALSE(navigation_manager_ptr->ReloadWasCalled()); | ||
} | ||
|
||
} // namespace ios_web_view |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.