[iOS] Url bar falsely showing insecure state

[soner-yuksel]

Resolves brave/brave-browser#36024

The changes are

• Fix bugs with secureContentState being set in didFailProvisionalNavigation as URL is only ever updated in didCommit so there's a mismatch. This should NEVER be done.
• Fix external URLs not working due to inactive tab logic.
• Fix security certificate display showing when there's no cert at all.
• Remove serverPinningTrust because it can mismatch in didFailProvisionalNavigation when an AppStore URL is loaded on top of a already secure page URL, then the Appstore URL assumes the cert of the page which is wrong. Apple gives us no cert on purpose so we should not store the one from chain evaluation.

Submitter Checklist:

• I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally:
  • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
  • npm run presubmit wiki, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

[github-actions]

[puLL-Merge] - brave/brave-core@22343

Description

This pull request involves significant modifications to the BrowserViewController and supporting files within the Brave iOS application. It introduces a series of changes aimed at refactoring code for better readability, stability, and maintainability. The modifications span several aspects of the application, including networking and UI updates, better error handling, and streamlined logic for web view interaction.

Changes

Changes

BrowserViewController

• Function Signature Refactor: Various functions, particularly those related to UI presentation and web view interactions, have been updated with clearer parameter names and decomposed to improve readability.
• Error Handling Enhanced: Added more comprehensive error handling for web content process terminations and certificate error scenarios.
• UI Updates: Adjusted UI component layouts and interactions, especially around tab handling, toolbar updates, and new tab page behavior.
• Protocol & Delegate Methods: Refactored several delegate methods, providing more descriptive parameters and enhancing asynchronous handling where applicable.
• Script Injection & Content Handling: Revised methods related to script injection and content handling within the web view, aiming for improved performance and security.

ErrorPageHelper.swift

• Adjusted error page generation logic to include more descriptive information and to handle different error scenarios more effectively.

CertificateErrorPageHandler.swift

• Updated certificate error handling, particularly focusing on the presentation and logic of handling SSL certificate errors.

NavigationRouter.swift

• Refactored URL handling logic to offer a clearer path for handling deep links, widget interactions, and other URL-based actions within the app.

Tab.swift

• Enhanced the tab handling logic, including better state management, error handling, and interactions between tabs and the main browser view controller.

BraveCertificateUtils.swift

• Consolidated and simplified certificate handling utilities, making it easier to verify SSL certificates and pinpoint certificate issues.

Security Hotspots

1. High Risk: ErrorPageHelper.swift and CertificateErrorPageHandler.swift - Ensure thorough testing and validation for all new error handling logic to prevent information leakage or improper error suppression.
2. Medium Risk: BrowserViewController web content process crash handling - Verify that the termination logic does not inadvertently expose the application to stability issues or security vulnerabilities.
3. Low Risk: Tab.swift and related content script modifications - Review injected scripts for any potential exposure to malicious website content or cross-site scripting attacks.

[hffvld]

Verified on iPhone 14 using version(s):

Device/OS: iPhone 14 / iOS 17.4 Beta
Brave build: 1.65 (45)
BraveCore: 1.65.45 (122.0.6261.94)

---

STEPS:

1. Follow the flow from Url bar falsely showing insecure state in 1.62+ brave-ios#8778 (comment)
2. Verify

ACTUAL RESULTS:

• Verified that Not Secure in the URL search bar is not shown

---

2024-02-29_16-05-41.mp4

[Brandon-T]

This is a bad rebase :o