net: make HSTS hosts use the normal SSL interstitials

(Reland of r102947, which was reverted in r102950.)

SSL interstitials have better translations for the error messages and this
returns us to the point where we have only a single UI for SSL errors, which
will make some future changes easier.

First, this change changes the SSL error callbacks to take an SSLInfo& rather
than a X509Certificate* (which was already a TODO(wtc) in the code). Most of
this change is the resulting plumbing.

It also adds a |is_hsts_host| flag to the callbacks to denote an HSTS host.

Finally, in ssl_policy.cc the |is_hsts_host| flag causes any error to be
fatal.

BUG=93527

http://codereview.chromium.org/7976036/

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@102994 0039d316-1c4b-4281-b951-d872f2087c98

5 files changed, 25 insertions, 22 deletions

diff --git a/content/browser/ssl/ssl_cert_error_handler.cc b/content/browser/ssl/ssl_cert_error_handler.cc
index c668b41..6af1497 100644
--- a/content/browser/ssl/ssl_cert_error_handler.cc
+++ b/content/browser/ssl/ssl_cert_error_handler.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -6,22 +6,20 @@
 
 #include "content/browser/renderer_host/resource_dispatcher_host.h"
 #include "content/browser/ssl/ssl_policy.h"
+#include "net/base/cert_status_flags.h"
 #include "net/base/x509_certificate.h"
 
 SSLCertErrorHandler::SSLCertErrorHandler(
     ResourceDispatcherHost* rdh,
     net::URLRequest* request,
     ResourceType::Type resource_type,
-    int cert_error,
-    net::X509Certificate* cert)
+    const net::SSLInfo& ssl_info,
+    bool is_hsts_host)
     : SSLErrorHandler(rdh, request, resource_type),
-      cert_error_(cert_error) {
+      ssl_info_(ssl_info),
+      cert_error_(net::MapCertStatusToNetError(ssl_info.cert_status)),
+      is_hsts_host_(is_hsts_host) {
   DCHECK(request == resource_dispatcher_host_->GetURLRequest(request_id_));
-
-  // We cannot use the request->ssl_info(), it's not been initialized yet, so
-  // we have to set the fields manually.
-  ssl_info_.cert = cert;
-  ssl_info_.SetCertError(cert_error);
 }
 
 SSLCertErrorHandler* SSLCertErrorHandler::AsSSLCertErrorHandler() {
diff --git a/content/browser/ssl/ssl_cert_error_handler.h b/content/browser/ssl/ssl_cert_error_handler.h
index 6dcbe0f..62b1a1e 100644
--- a/content/browser/ssl/ssl_cert_error_handler.h
+++ b/content/browser/ssl/ssl_cert_error_handler.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -24,14 +24,15 @@ class SSLCertErrorHandler : public SSLErrorHandler {
   SSLCertErrorHandler(ResourceDispatcherHost* rdh,
                       net::URLRequest* request,
                       ResourceType::Type resource_type,
-                      int cert_error,
-                      net::X509Certificate* cert);
+                      const net::SSLInfo& ssl_info,
+                      bool is_hsts_host);
 
   virtual SSLCertErrorHandler* AsSSLCertErrorHandler();
 
   // These accessors are available on either thread
   const net::SSLInfo& ssl_info() const { return ssl_info_; }
   int cert_error() const { return cert_error_; }
+  bool is_hsts_host() const { return is_hsts_host_; }
 
  protected:
   // SSLErrorHandler methods
@@ -42,8 +43,9 @@ class SSLCertErrorHandler : public SSLErrorHandler {
   virtual ~SSLCertErrorHandler();
 
   // These read-only members may be accessed on any thread.
-  net::SSLInfo ssl_info_;
+  const net::SSLInfo ssl_info_;
   const int cert_error_;  // The error we represent.
+  const bool is_hsts_host_;  // true if the error is from an HSTS host.
 
   DISALLOW_COPY_AND_ASSIGN(SSLCertErrorHandler);
 };
diff --git a/content/browser/ssl/ssl_manager.cc b/content/browser/ssl/ssl_manager.cc
index 6ae6fb9..83b4d66 100644
--- a/content/browser/ssl/ssl_manager.cc
+++ b/content/browser/ssl/ssl_manager.cc
@@ -24,10 +24,12 @@
 // static
 void SSLManager::OnSSLCertificateError(ResourceDispatcherHost* rdh,
                                        net::URLRequest* request,
-                                       int cert_error,
-                                       net::X509Certificate* cert) {
-  DVLOG(1) << "OnSSLCertificateError() cert_error: " << cert_error
-           << " url: " << request->url().spec();
+                                       const net::SSLInfo& ssl_info,
+                                       bool is_hsts_host) {
+  DVLOG(1) << "OnSSLCertificateError() cert_error: "
+           << net::MapCertStatusToNetError(ssl_info.cert_status)
+           << " url: " << request->url().spec()
+           << " cert_status: " << std::hex << ssl_info.cert_status;
 
   ResourceDispatcherHostRequestInfo* info =
       ResourceDispatcherHost::InfoForRequest(request);
@@ -39,8 +41,8 @@ void SSLManager::OnSSLCertificateError(ResourceDispatcherHost* rdh,
       NewRunnableMethod(new SSLCertErrorHandler(rdh,
                                                 request,
                                                 info->resource_type(),
-                                                cert_error,
-                                                cert),
+                                                ssl_info,
+                                                is_hsts_host),
                         &SSLCertErrorHandler::Dispatch));
 }
 
diff --git a/content/browser/ssl/ssl_manager.h b/content/browser/ssl/ssl_manager.h
index 24892bf..abb9522 100644
--- a/content/browser/ssl/ssl_manager.h
+++ b/content/browser/ssl/ssl_manager.h
@@ -28,6 +28,7 @@ class ResourceRequestDetails;
 class SSLPolicy;
 
 namespace net {
+class SSLInfo;
 class URLRequest;
 }  // namespace net
 
@@ -49,8 +50,8 @@ class SSLManager : public NotificationObserver {
   // Called on the IO thread.
   static void OnSSLCertificateError(ResourceDispatcherHost* resource_dispatcher,
                                     net::URLRequest* request,
-                                    int cert_error,
-                                    net::X509Certificate* cert);
+                                    const net::SSLInfo& ssl_info,
+                                    bool is_hsts_host);
 
   // Called when SSL state for a host or tab changes.  Broadcasts the
   // SSL_INTERNAL_STATE_CHANGED notification.
diff --git a/content/browser/ssl/ssl_policy.cc b/content/browser/ssl/ssl_policy.cc
index 1d9f3f6..256c27f 100644
--- a/content/browser/ssl/ssl_policy.cc
+++ b/content/browser/ssl/ssl_policy.cc
@@ -58,7 +58,7 @@ void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
     case net::ERR_CERT_DATE_INVALID:
     case net::ERR_CERT_AUTHORITY_INVALID:
     case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
-      OnCertErrorInternal(handler, true);
+      OnCertErrorInternal(handler, !handler->is_hsts_host());
       break;
     case net::ERR_CERT_NO_REVOCATION_MECHANISM:
       // Ignore this error.