Add Qt WebEngine Widgets API for allowing certificate errors

This adds API for overriding some certificate errors. Once overridden
any identical error for the same hostname and certificate will use
the same override.

Similar API for QtWebEngine QML should be added in a later patch.

Change-Id: I144147b86d9b592e3f87346a1e48890acee0c670
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>

9 files changed, 375 insertions, 0 deletions

diff --git a/src/core/certificate_error_controller.cpp b/src/core/certificate_error_controller.cpp
new file mode 100644
index 000000000..64e5b36d4
--- /dev/null
+++ b/src/core/certificate_error_controller.cpp
@@ -0,0 +1,157 @@
+/****************************************************************************
+**
+** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
+** Contact: http://www.qt-project.org/legal
+**
+** This file is part of the QtWebEngine module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:LGPL$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and Digia.  For licensing terms and
+** conditions see http://qt.digia.com/licensing.  For further information
+** use the contact form at http://qt.digia.com/contact-us.
+**
+** GNU Lesser General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU Lesser
+** General Public License version 3 as published by the Free Software
+** Foundation and appearing in the file LICENSE.LGPLv3 included in the
+** packaging of this file.  Please review the following information to
+** ensure the GNU Lesser General Public License version 3 requirements
+** will be met: https://www.gnu.org/licenses/lgpl.html.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 2.0 or later as published by the Free
+** Software Foundation and appearing in the file LICENSE.GPL included in
+** the packaging of this file.  Please review the following information to
+** ensure the GNU General Public License version 2.0 requirements will be
+** met: http://www.gnu.org/licenses/gpl-2.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#include "certificate_error_controller.h"
+#include "certificate_error_controller_p.h"
+
+#include <net/cert/x509_certificate.h>
+#include <net/ssl/ssl_info.h>
+#include <ui/base/l10n/l10n_util.h>
+#include "chrome/grit/generated_resources.h"
+#include "type_conversion.h"
+
+void CertificateErrorControllerPrivate::accept(bool accepted)
+{
+    callback.Run(accepted);
+}
+
+CertificateErrorControllerPrivate::CertificateErrorControllerPrivate(int cert_error,
+                                                                     const net::SSLInfo& ssl_info,
+                                                                     const GURL &request_url,
+                                                                     ResourceType::Type resource_type,
+                                                                     bool _overridable,
+                                                                     bool strict_enforcement,
+                                                                     const base::Callback<void(bool)>& cb
+                                                                    )
+    : certError(CertificateErrorController::CertificateError(cert_error))
+    , requestUrl(toQt(request_url))
+    , resourceType(CertificateErrorController::ResourceType(resource_type))
+    , overridable(_overridable)
+    , strictEnforcement(strict_enforcement)
+    , callback(cb)
+{
+    if (ssl_info.cert) {
+        validStart = toQt(ssl_info.cert->valid_start());
+        validExpiry = toQt(ssl_info.cert->valid_expiry());
+    }
+}
+
+CertificateErrorController::CertificateErrorController(CertificateErrorControllerPrivate *p) : d(p)
+{
+}
+
+CertificateErrorController::~CertificateErrorController()
+{
+    delete d;
+    d = 0;
+}
+
+CertificateErrorController::CertificateError CertificateErrorController::error() const
+{
+    return d->certError;
+}
+
+QUrl CertificateErrorController::url() const
+{
+    return d->requestUrl;
+}
+
+bool CertificateErrorController::overridable() const
+{
+    return d->overridable;
+}
+
+bool CertificateErrorController::strictEnforcement() const
+{
+    return d->strictEnforcement;
+}
+
+void CertificateErrorController::accept(bool accepted)
+{
+    d->accept(accepted);
+}
+
+CertificateErrorController::ResourceType CertificateErrorController::resourceType() const
+{
+    return d->resourceType;
+}
+
+static QString getQStringForMessageId(int message_id) {
+    base::string16 string = l10n_util::GetStringUTF16(message_id);
+    return QString::fromUtf16(string.data(), string.length());
+}
+
+QString CertificateErrorController::errorString() const
+{
+    // Try to use chromiums translation of the error strings, though not all are
+    // consistently described and we need to use versions that does not contain HTML
+    // formatted text.
+    switch (d->certError) {
+    case SslPinnedKeyNotInCertificateChain:
+        return getQStringForMessageId(IDS_ERRORPAGES_SUMMARY_PINNING_FAILURE);
+    case CertificateCommonNameInvalid:
+        return getQStringForMessageId(IDS_CERT_ERROR_COMMON_NAME_INVALID_DESCRIPTION);
+    case CertificateDateInvalid:
+        if (QDateTime::currentDateTime() > d->validExpiry)
+            return getQStringForMessageId(IDS_CERT_ERROR_EXPIRED_DESCRIPTION);
+        else
+            return getQStringForMessageId(IDS_CERT_ERROR_NOT_YET_VALID_DESCRIPTION);
+    case CertificateAuthorityInvalid:
+        return getQStringForMessageId(IDS_CERT_ERROR_AUTHORITY_INVALID_DESCRIPTION);
+    case CertificateContainsErrors:
+        return getQStringForMessageId(IDS_CERT_ERROR_CONTAINS_ERRORS_DESCRIPTION);
+    case CertificateNoRevocationMechanism:
+        return getQStringForMessageId(IDS_CERT_ERROR_NO_REVOCATION_MECHANISM_DETAILS);
+    case CertificateUnableToCheckRevocation:
+        return getQStringForMessageId(IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_DETAILS);
+    case CertificateRevoked:
+        return getQStringForMessageId(IDS_CERT_ERROR_REVOKED_CERT_DESCRIPTION);
+    case CertificateInvalid:
+        return getQStringForMessageId(IDS_CERT_ERROR_INVALID_CERT_DESCRIPTION);
+    case CertificateWeakSignatureAlgorithm:
+        return getQStringForMessageId(IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_DESCRIPTION);
+    case CertificateNonUniqueName:
+        return getQStringForMessageId(IDS_PAGE_INFO_SECURITY_TAB_NON_UNIQUE_NAME);
+    case CertificateWeakKey:
+        return getQStringForMessageId(IDS_CERT_ERROR_WEAK_KEY_DESCRIPTION);
+    case CertificateNameConstraintViolation:
+        return getQStringForMessageId(IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DESCRIPTION);
+    default:
+        break;
+    }
+
+    return getQStringForMessageId(IDS_CERT_ERROR_UNKNOWN_ERROR_DESCRIPTION);
+}
diff --git a/src/core/certificate_error_controller.h b/src/core/certificate_error_controller.h
new file mode 100644
index 000000000..f1e7c5bd8
--- /dev/null
+++ b/src/core/certificate_error_controller.h
@@ -0,0 +1,110 @@
+/****************************************************************************
+**
+** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
+** Contact: http://www.qt-project.org/legal
+**
+** This file is part of the QtWebEngine module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:LGPL$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and Digia.  For licensing terms and
+** conditions see http://qt.digia.com/licensing.  For further information
+** use the contact form at http://qt.digia.com/contact-us.
+**
+** GNU Lesser General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU Lesser
+** General Public License version 3 as published by the Free Software
+** Foundation and appearing in the file LICENSE.LGPLv3 included in the
+** packaging of this file.  Please review the following information to
+** ensure the GNU Lesser General Public License version 3 requirements
+** will be met: https://www.gnu.org/licenses/lgpl.html.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 2.0 or later as published by the Free
+** Software Foundation and appearing in the file LICENSE.GPL included in
+** the packaging of this file.  Please review the following information to
+** ensure the GNU General Public License version 2.0 requirements will be
+** met: http://www.gnu.org/licenses/gpl-2.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#ifndef CERTIFICATE_ERROR_CONTROLLER_H
+#define CERTIFICATE_ERROR_CONTROLLER_H
+
+#include "qtwebenginecoreglobal.h"
+
+#include <QtCore/QDateTime>
+#include <QtCore/QSharedData>
+#include <QtCore/QUrl>
+
+class CertificateErrorControllerPrivate;
+
+class QWEBENGINE_EXPORT CertificateErrorController : public QSharedData {
+public:
+    CertificateErrorController(CertificateErrorControllerPrivate *p);
+    ~CertificateErrorController();
+
+    // We can't use QSslError::SslErrors, because the error categories doesn't map.
+    // Keep up to date with net/base/net_errors.h and net::IsCertificateError():
+    enum CertificateError {
+        SslPinnedKeyNotInCertificateChain = -150,
+        CertificateCommonNameInvalid = -200,
+        CertificateDateInvalid = -201,
+        CertificateAuthorityInvalid = -202,
+        CertificateContainsErrors = -203,
+        CertificateNoRevocationMechanism = -204,
+        CertificateUnableToCheckRevocation = -205,
+        CertificateRevoked = -206,
+        CertificateInvalid = -207,
+        CertificateWeakSignatureAlgorithm = -208,
+        CertificateNonUniqueName = -210,
+        CertificateWeakKey = -211,
+        CertificateNameConstraintViolation = -212,
+    };
+
+    CertificateError error() const;
+    QUrl url() const;
+    bool overridable() const;
+    bool strictEnforcement() const;
+    QString errorString() const;
+    QDateTime validStart() const;
+    QDateTime validExpiry() const;
+
+    void accept(bool);
+
+    // Note: The resource type should probably not be exported, since once accepted the certificate exception
+    // counts for all resource types.
+    // Keep up to date with webkit/common/resource_type.h
+    enum ResourceType {
+        ResourceTypeMainFrame = 0,  // top level page
+        ResourceTypeSubFrame,       // frame or iframe
+        ResourceTypeStylesheet,     // a CSS stylesheet
+        ResourceTypeScript,         // an external script
+        ResourceTypeImage,          // an image (jpg/gif/png/etc)
+        ResourceTypeFont,           // a font
+        ResourceTypeOther,          // an "other" subresource.
+        ResourceTypeObject,         // an object (or embed) tag for a plugin,
+                                    // or a resource that a plugin requested.
+        ResourceTypeMedia,          // a media resource.
+        ResourceTypeWorker,         // the main resource of a dedicated worker.
+        ResourceTypeSharedWorker,   // the main resource of a shared worker.
+        ResourceTypePrefetch,       // an explicitly requested prefetch
+        ResourceTypeFavicon,        // a favicon
+        ResourceTypeXHR,            // a XMLHttpRequest
+        ResourceTypePing,           // a ping request for <a ping>
+        ResourceTypeServiceWorker,  // the main resource of a service worker.
+    };
+
+    ResourceType resourceType() const;
+
+private:
+    CertificateErrorControllerPrivate* d;
+};
+
+#endif // CERTIFICATE_ERROR_CONTROLLER_H
diff --git a/src/core/certificate_error_controller_p.h b/src/core/certificate_error_controller_p.h
new file mode 100644
index 000000000..af0ce12aa
--- /dev/null
+++ b/src/core/certificate_error_controller_p.h
@@ -0,0 +1,60 @@
+/****************************************************************************
+**
+** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
+** Contact: http://www.qt-project.org/legal
+**
+** This file is part of the QtWebEngine module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:LGPL$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and Digia.  For licensing terms and
+** conditions see http://qt.digia.com/licensing.  For further information
+** use the contact form at http://qt.digia.com/contact-us.
+**
+** GNU Lesser General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU Lesser
+** General Public License version 3 as published by the Free Software
+** Foundation and appearing in the file LICENSE.LGPLv3 included in the
+** packaging of this file.  Please review the following information to
+** ensure the GNU Lesser General Public License version 3 requirements
+** will be met: https://www.gnu.org/licenses/lgpl.html.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 2.0 or later as published by the Free
+** Software Foundation and appearing in the file LICENSE.GPL included in
+** the packaging of this file.  Please review the following information to
+** ensure the GNU General Public License version 2.0 requirements will be
+** met: http://www.gnu.org/licenses/gpl-2.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#ifndef CERTIFICATE_ERROR_CONTROLLER_P_H
+#define CERTIFICATE_ERROR_CONTROLLER_P_H
+
+#include "content/public/browser/content_browser_client.h"
+
+#include "certificate_error_controller.h"
+
+class CertificateErrorControllerPrivate {
+public:
+    CertificateErrorControllerPrivate(int cert_error, const net::SSLInfo& ssl_info, const GURL& request_url, ResourceType::Type resource_type, bool overridable, bool strict_enforcement, const base::Callback<void(bool)>& callback);
+
+    void accept(bool accepted);
+
+    CertificateErrorController::CertificateError certError;
+    const QUrl requestUrl;
+    QDateTime validStart;
+    QDateTime validExpiry;
+    CertificateErrorController::ResourceType resourceType;
+    bool overridable;
+    bool strictEnforcement;
+    const base::Callback<void(bool)>& callback;
+};
+
+#endif // CERTIFICATE_ERROR_CONTROLLER_P_H
diff --git a/src/core/content_browser_client_qt.cpp b/src/core/content_browser_client_qt.cpp
index aa404eced..f19199cc3 100644
--- a/src/core/content_browser_client_qt.cpp
+++ b/src/core/content_browser_client_qt.cpp
@@ -42,6 +42,7 @@
 #include "content/public/browser/browser_main_parts.h"
 #include "content/public/browser/child_process_security_policy.h"
 #include "content/public/browser/media_observer.h"
+#include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/resource_dispatcher_host.h"
@@ -54,6 +55,8 @@
 #include "ui/gl/gl_share_group.h"
 
 #include "browser_context_qt.h"
+#include "certificate_error_controller.h"
+#include "certificate_error_controller_p.h"
 #include "desktop_screen_qt.h"
 #include "dev_tools_http_handler_delegate_qt.h"
 #include "media_capture_devices_dispatcher.h"
@@ -345,3 +348,22 @@ void ContentBrowserClientQt::enableInspector(bool enable)
         m_devtools.reset();
     }
 }
+
+void ContentBrowserClientQt::AllowCertificateError(int render_process_id, int render_frame_id, int cert_error,
+                                                   const net::SSLInfo& ssl_info, const GURL& request_url,
+                                                   ResourceType::Type resource_type,
+                                                   bool overridable, bool strict_enforcement,
+                                                   const base::Callback<void(bool)>& callback,
+                                                   content::CertificateRequestResultType* result)
+{
+    // We leave the result with its default value.
+    Q_UNUSED(result);
+
+    content::RenderFrameHost *frameHost = content::RenderFrameHost::FromID(render_process_id, render_frame_id);
+    WebContentsDelegateQt* contentsDelegate = 0;
+    if (content::WebContents *webContents = frameHost->GetRenderViewHost()->GetDelegate()->GetAsWebContents())
+        contentsDelegate = static_cast<WebContentsDelegateQt*>(webContents->GetDelegate());
+
+    QExplicitlySharedDataPointer<CertificateErrorController> errorController(new CertificateErrorController(new CertificateErrorControllerPrivate(cert_error, ssl_info, request_url, resource_type, overridable, strict_enforcement, callback)));
+    contentsDelegate->allowCertificateError(errorController);
+}
diff --git a/src/core/content_browser_client_qt.h b/src/core/content_browser_client_qt.h
index 5bb8ece47..9cf1695fe 100644
--- a/src/core/content_browser_client_qt.h
+++ b/src/core/content_browser_client_qt.h
@@ -79,6 +79,17 @@ public:
     virtual gfx::GLShareGroup* GetInProcessGpuShareGroup() Q_DECL_OVERRIDE;
     virtual content::MediaObserver* GetMediaObserver() Q_DECL_OVERRIDE;
     virtual void OverrideWebkitPrefs(content::RenderViewHost *, const GURL &, WebPreferences *) Q_DECL_OVERRIDE;
+    virtual void AllowCertificateError(
+        int render_process_id,
+        int render_frame_id,
+        int cert_error,
+        const net::SSLInfo& ssl_info,
+        const GURL& request_url,
+        ResourceType::Type resource_type,
+        bool overridable,
+        bool strict_enforcement,
+        const base::Callback<void(bool)>& callback,
+        content::CertificateRequestResultType* result) Q_DECL_OVERRIDE;
 
     BrowserContextQt* browser_context();
 
diff --git a/src/core/core_gyp_generator.pro b/src/core/core_gyp_generator.pro
index b10626000..2ca61bee2 100644
--- a/src/core/core_gyp_generator.pro
+++ b/src/core/core_gyp_generator.pro
@@ -39,6 +39,7 @@ SOURCES = \
         browser_accessibility_manager_qt.cpp \
         browser_accessibility_qt.cpp \
         browser_context_qt.cpp \
+        certificate_error_controller.cpp \
         chromium_gpu_helper.cpp \
         chromium_overrides.cpp \
         clipboard_qt.cpp \
@@ -85,6 +86,8 @@ HEADERS = \
         browser_accessibility_manager_qt.h \
         browser_accessibility_qt.h \
         browser_context_qt.h \
+        certificate_error_controller_p.h \
+        certificate_error_controller.h \
         chromium_overrides.h \
         clipboard_qt.h \
         common/qt_messages.h \
diff --git a/src/core/web_contents_adapter_client.h b/src/core/web_contents_adapter_client.h
index 4d918fef7..215942f8f 100644
--- a/src/core/web_contents_adapter_client.h
+++ b/src/core/web_contents_adapter_client.h
@@ -48,6 +48,7 @@
 
 QT_FORWARD_DECLARE_CLASS(QVariant)
 
+class CertificateErrorController;
 class JavaScriptDialogController;
 class RenderWidgetHostViewQt;
 class RenderWidgetHostViewQtDelegate;
@@ -172,6 +173,9 @@ public:
     virtual void authenticationRequired(const QUrl &requestUrl, const QString &realm, bool isProxy, const QString &challengingHost, QString *outUser, QString *outPassword) = 0;
     virtual void runMediaAccessPermissionRequest(const QUrl &securityOrigin, MediaRequestFlags requestFlags) = 0;
     virtual WebEngineSettings *webEngineSettings() const = 0;
+
+    virtual void allowCertificateError(const QExplicitlySharedDataPointer<CertificateErrorController> &errorController) = 0;
+
 };
 
 #endif // WEB_CONTENTS_ADAPTER_CLIENT_H
diff --git a/src/core/web_contents_delegate_qt.cpp b/src/core/web_contents_delegate_qt.cpp
index 9916ca9e5..0523d8b22 100644
--- a/src/core/web_contents_delegate_qt.cpp
+++ b/src/core/web_contents_delegate_qt.cpp
@@ -275,3 +275,8 @@ WebContentsAdapter *WebContentsDelegateQt::createWindow(content::WebContents *ne
 
     return newAdapter;
 }
+
+void WebContentsDelegateQt::allowCertificateError(const QExplicitlySharedDataPointer<CertificateErrorController> &errorController)
+{
+    m_viewClient->allowCertificateError(errorController);
+}
diff --git a/src/core/web_contents_delegate_qt.h b/src/core/web_contents_delegate_qt.h
index 22bc85548..c1f0c4647 100644
--- a/src/core/web_contents_delegate_qt.h
+++ b/src/core/web_contents_delegate_qt.h
@@ -50,8 +50,10 @@ namespace content {
     class JavaScriptDialogManager;
     class WebContents;
 }
+
 struct WebPreferences;
 class WebContentsAdapterClient;
+class CertificateErrorController;
 
 class WebContentsDelegateQt : public content::WebContentsDelegate
                             , public content::WebContentsObserver
@@ -84,6 +86,7 @@ public:
     virtual void DidNavigateAnyFrame(const content::LoadCommittedDetails&, const content::FrameNavigateParams& params) Q_DECL_OVERRIDE;
 
     void overrideWebPreferences(content::WebContents *, WebPreferences*);
+    void allowCertificateError(const QExplicitlySharedDataPointer<CertificateErrorController> &) ;
 
 private:
     WebContentsAdapter *createWindow(content::WebContents *new_contents, WindowOpenDisposition disposition, const gfx::Rect& initial_pos, bool user_gesture);