Api to get certificate's chain on error

Expose certificate's chain on validation error starting with
the immediate certificate and ending with the CA's certificate.

[ChangeLog][QtWebEngineWidgets][QWebEngineCertificateError] New method
to get the peer's chain of digital certificates.

Fixes: QTBUG-51176
Change-Id: I799dfe9e44f9f2517f4691d175beee256114af79
Reviewed-by: Michael Brüning <michael.bruning@qt.io>

1 files changed, 19 insertions, 0 deletions

diff --git a/src/core/type_conversion.cpp b/src/core/type_conversion.cpp
index 02d2db448..ddadeb9f2 100644
--- a/src/core/type_conversion.cpp
+++ b/src/core/type_conversion.cpp
@@ -40,11 +40,14 @@
 #include "type_conversion.h"
 
 #include <content/public/common/favicon_url.h>
+#include <net/cert/x509_certificate.h>
+#include <net/cert/x509_util.h>
 #include <ui/events/event_constants.h>
 #include <ui/gfx/image/image_skia.h>
 
 #include <QtCore/qcoreapplication.h>
 #include <QtGui/qmatrix4x4.h>
+#include <QtNetwork/qsslcertificate.h>
 
 namespace QtWebEngineCore {
 
@@ -256,4 +259,20 @@ void convertToQt(const SkMatrix44 &m, QMatrix4x4 &c)
     c = qtMatrix;
 }
 
+static QSslCertificate toCertificate(CRYPTO_BUFFER *buffer)
+{
+    auto derCert = net::x509_util::CryptoBufferAsStringPiece(buffer);
+    return QSslCertificate(QByteArray::fromRawData(derCert.data(), derCert.size()), QSsl::Der);
+}
+
+QList<QSslCertificate> toCertificateChain(net::X509Certificate *certificate)
+{
+    // from leaf to root as in QtNetwork
+    QList<QSslCertificate> chain;
+    chain.append(toCertificate(certificate->cert_buffer()));
+    for (auto &&buffer : certificate->intermediate_buffers())
+        chain.append(toCertificate(buffer.get()));
+    return chain;
+}
+
 } // namespace QtWebEngineCore