diff options
author | Kirill Burtsev <kirill.burtsev@qt.io> | 2019-08-26 13:46:35 +0200 |
---|---|---|
committer | Kirill Burtsev <kirill.burtsev@qt.io> | 2019-09-05 23:33:12 +0200 |
commit | 8d045ce2a4cc65660bdf6ee8b555899c5c6119de (patch) | |
tree | f25ecfc6b167993215f6808d1a6ada105c069524 /src/core | |
parent | bf3753f02402b44455038c4fa2a897d41aadf850 (diff) |
Api to get certificate's chain on error
Expose certificate's chain on validation error starting with
the immediate certificate and ending with the CA's certificate.
[ChangeLog][QtWebEngineWidgets][QWebEngineCertificateError] New method
to get the peer's chain of digital certificates.
Fixes: QTBUG-51176
Change-Id: I799dfe9e44f9f2517f4691d175beee256114af79
Reviewed-by: Michael BrĂ¼ning <michael.bruning@qt.io>
Diffstat (limited to 'src/core')
-rw-r--r-- | src/core/certificate_error_controller.cpp | 12 | ||||
-rw-r--r-- | src/core/certificate_error_controller.h | 2 | ||||
-rw-r--r-- | src/core/certificate_error_controller_p.h | 1 | ||||
-rw-r--r-- | src/core/type_conversion.cpp | 19 | ||||
-rw-r--r-- | src/core/type_conversion.h | 7 |
5 files changed, 38 insertions, 3 deletions
diff --git a/src/core/certificate_error_controller.cpp b/src/core/certificate_error_controller.cpp index a747451df..71465a1af 100644 --- a/src/core/certificate_error_controller.cpp +++ b/src/core/certificate_error_controller.cpp @@ -90,9 +90,10 @@ CertificateErrorControllerPrivate::CertificateErrorControllerPrivate(int cert_er , strictEnforcement(strict_enforcement) , callback(cb) { - if (ssl_info.cert.get()) { - validStart = toQt(ssl_info.cert->valid_start()); - validExpiry = toQt(ssl_info.cert->valid_expiry()); + if (auto cert = ssl_info.cert.get()) { + validStart = toQt(cert->valid_start()); + validExpiry = toQt(cert->valid_expiry()); + chain = toCertificateChain(cert); } } @@ -186,4 +187,9 @@ QString CertificateErrorController::errorString() const return getQStringForMessageId(IDS_CERT_ERROR_UNKNOWN_ERROR_DESCRIPTION); } +QList<QSslCertificate> CertificateErrorController::chain() const +{ + return d->chain; +} + QT_END_NAMESPACE diff --git a/src/core/certificate_error_controller.h b/src/core/certificate_error_controller.h index 5bea61c9b..7f5300dc8 100644 --- a/src/core/certificate_error_controller.h +++ b/src/core/certificate_error_controller.h @@ -55,6 +55,7 @@ #include <QtCore/QDateTime> #include <QtCore/QUrl> +#include <QtNetwork/QSslCertificate> QT_BEGIN_NAMESPACE @@ -95,6 +96,7 @@ public: QString errorString() const; QDateTime validStart() const; QDateTime validExpiry() const; + QList<QSslCertificate> chain() const; void accept(bool); diff --git a/src/core/certificate_error_controller_p.h b/src/core/certificate_error_controller_p.h index abde9a7d5..f3b0c23fa 100644 --- a/src/core/certificate_error_controller_p.h +++ b/src/core/certificate_error_controller_p.h @@ -71,6 +71,7 @@ public: bool overridable; bool strictEnforcement; const base::Callback<void(content::CertificateRequestResultType)> callback; + QList<QSslCertificate> chain; }; QT_END_NAMESPACE diff --git a/src/core/type_conversion.cpp b/src/core/type_conversion.cpp index 02d2db448..ddadeb9f2 100644 --- a/src/core/type_conversion.cpp +++ b/src/core/type_conversion.cpp @@ -40,11 +40,14 @@ #include "type_conversion.h" #include <content/public/common/favicon_url.h> +#include <net/cert/x509_certificate.h> +#include <net/cert/x509_util.h> #include <ui/events/event_constants.h> #include <ui/gfx/image/image_skia.h> #include <QtCore/qcoreapplication.h> #include <QtGui/qmatrix4x4.h> +#include <QtNetwork/qsslcertificate.h> namespace QtWebEngineCore { @@ -256,4 +259,20 @@ void convertToQt(const SkMatrix44 &m, QMatrix4x4 &c) c = qtMatrix; } +static QSslCertificate toCertificate(CRYPTO_BUFFER *buffer) +{ + auto derCert = net::x509_util::CryptoBufferAsStringPiece(buffer); + return QSslCertificate(QByteArray::fromRawData(derCert.data(), derCert.size()), QSsl::Der); +} + +QList<QSslCertificate> toCertificateChain(net::X509Certificate *certificate) +{ + // from leaf to root as in QtNetwork + QList<QSslCertificate> chain; + chain.append(toCertificate(certificate->cert_buffer())); + for (auto &&buffer : certificate->intermediate_buffers()) + chain.append(toCertificate(buffer.get())); + return chain; +} + } // namespace QtWebEngineCore diff --git a/src/core/type_conversion.h b/src/core/type_conversion.h index 7b1f1b4d6..dfd8e8fef 100644 --- a/src/core/type_conversion.h +++ b/src/core/type_conversion.h @@ -64,6 +64,7 @@ #include "url/gurl.h" QT_FORWARD_DECLARE_CLASS(QMatrix4x4) +QT_FORWARD_DECLARE_CLASS(QSslCertificate) namespace content { struct FaviconURL; @@ -73,6 +74,10 @@ namespace gfx { class ImageSkiaRep; } +namespace net { +class X509Certificate; +} + namespace QtWebEngineCore { inline QString toQt(const base::string16 &string) @@ -291,6 +296,8 @@ inline QStringList fromVector(const std::vector<base::string16> &vector) FaviconInfo toFaviconInfo(const content::FaviconURL &); +QList<QSslCertificate> toCertificateChain(net::X509Certificate *certificate); + } // namespace QtWebEngineCore #endif // TYPE_CONVERSION_H |