Api to get certificate's chain on error

Expose certificate's chain on validation error starting with the immediate certificate and ending with the CA's certificate. [ChangeLog][QtWebEngineWidgets][QWebEngineCertificateError] New method to get the peer's chain of digital certificates. Fixes: QTBUG-51176 Change-Id: I799dfe9e44f9f2517f4691d175beee256114af79 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
author: Kirill Burtsev <kirill.burtsev@qt.io> 2019-08-26 13:46:35 +0200
committer: Kirill Burtsev <kirill.burtsev@qt.io> 2019-09-05 23:33:12 +0200
commit: 8d045ce2a4cc65660bdf6ee8b555899c5c6119de (patch)
tree: f25ecfc6b167993215f6808d1a6ada105c069524 /src/core
parent: bf3753f02402b44455038c4fa2a897d41aadf850 (diff)
5 files changed, 38 insertions, 3 deletions
diff --git a/src/core/certificate_error_controller.cpp b/src/core/certificate_error_controller.cpp
index a747451df..71465a1af 100644
--- a/src/core/certificate_error_controller.cpp
+++ b/src/core/certificate_error_controller.cpp
@@ -90,9 +90,10 @@ CertificateErrorControllerPrivate::CertificateErrorControllerPrivate(int cert_er
     , strictEnforcement(strict_enforcement)
     , callback(cb)
 {
-    if (ssl_info.cert.get()) {
-        validStart = toQt(ssl_info.cert->valid_start());
-        validExpiry = toQt(ssl_info.cert->valid_expiry());
+    if (auto cert = ssl_info.cert.get()) {
+        validStart = toQt(cert->valid_start());
+        validExpiry = toQt(cert->valid_expiry());
+        chain = toCertificateChain(cert);
     }
 }
 
@@ -186,4 +187,9 @@ QString CertificateErrorController::errorString() const
     return getQStringForMessageId(IDS_CERT_ERROR_UNKNOWN_ERROR_DESCRIPTION);
 }
 
+QList<QSslCertificate> CertificateErrorController::chain() const
+{
+    return d->chain;
+}
+
 QT_END_NAMESPACE
diff --git a/src/core/certificate_error_controller.h b/src/core/certificate_error_controller.h
index 5bea61c9b..7f5300dc8 100644
--- a/src/core/certificate_error_controller.h
+++ b/src/core/certificate_error_controller.h
@@ -55,6 +55,7 @@
 
 #include <QtCore/QDateTime>
 #include <QtCore/QUrl>
+#include <QtNetwork/QSslCertificate>
 
 QT_BEGIN_NAMESPACE
 
@@ -95,6 +96,7 @@ public:
     QString errorString() const;
     QDateTime validStart() const;
     QDateTime validExpiry() const;
+    QList<QSslCertificate> chain() const;
 
     void accept(bool);
 
diff --git a/src/core/certificate_error_controller_p.h b/src/core/certificate_error_controller_p.h
index abde9a7d5..f3b0c23fa 100644
--- a/src/core/certificate_error_controller_p.h
+++ b/src/core/certificate_error_controller_p.h
@@ -71,6 +71,7 @@ public:
     bool overridable;
     bool strictEnforcement;
     const base::Callback<void(content::CertificateRequestResultType)> callback;
+    QList<QSslCertificate> chain;
 };
 
 QT_END_NAMESPACE
diff --git a/src/core/type_conversion.cpp b/src/core/type_conversion.cpp
index 02d2db448..ddadeb9f2 100644
--- a/src/core/type_conversion.cpp
+++ b/src/core/type_conversion.cpp
@@ -40,11 +40,14 @@
 #include "type_conversion.h"
 
 #include <content/public/common/favicon_url.h>
+#include <net/cert/x509_certificate.h>
+#include <net/cert/x509_util.h>
 #include <ui/events/event_constants.h>
 #include <ui/gfx/image/image_skia.h>
 
 #include <QtCore/qcoreapplication.h>
 #include <QtGui/qmatrix4x4.h>
+#include <QtNetwork/qsslcertificate.h>
 
 namespace QtWebEngineCore {
 
@@ -256,4 +259,20 @@ void convertToQt(const SkMatrix44 &m, QMatrix4x4 &c)
     c = qtMatrix;
 }
 
+static QSslCertificate toCertificate(CRYPTO_BUFFER *buffer)
+{
+    auto derCert = net::x509_util::CryptoBufferAsStringPiece(buffer);
+    return QSslCertificate(QByteArray::fromRawData(derCert.data(), derCert.size()), QSsl::Der);
+}
+
+QList<QSslCertificate> toCertificateChain(net::X509Certificate *certificate)
+{
+    // from leaf to root as in QtNetwork
+    QList<QSslCertificate> chain;
+    chain.append(toCertificate(certificate->cert_buffer()));
+    for (auto &&buffer : certificate->intermediate_buffers())
+        chain.append(toCertificate(buffer.get()));
+    return chain;
+}
+
 } // namespace QtWebEngineCore
diff --git a/src/core/type_conversion.h b/src/core/type_conversion.h
index 7b1f1b4d6..dfd8e8fef 100644
--- a/src/core/type_conversion.h
+++ b/src/core/type_conversion.h
@@ -64,6 +64,7 @@
 #include "url/gurl.h"
 
 QT_FORWARD_DECLARE_CLASS(QMatrix4x4)
+QT_FORWARD_DECLARE_CLASS(QSslCertificate)
 
 namespace content {
 struct FaviconURL;
@@ -73,6 +74,10 @@ namespace gfx {
 class ImageSkiaRep;
 }
 
+namespace net {
+class X509Certificate;
+}
+
 namespace QtWebEngineCore {
 
 inline QString toQt(const base::string16 &string)
@@ -291,6 +296,8 @@ inline QStringList fromVector(const std::vector<base::string16> &vector)
 
 FaviconInfo toFaviconInfo(const content::FaviconURL &);
 
+QList<QSslCertificate> toCertificateChain(net::X509Certificate *certificate);
+
 } // namespace QtWebEngineCore
 
 #endif // TYPE_CONVERSION_H
author	Kirill Burtsev <kirill.burtsev@qt.io>	2019-08-26 13:46:35 +0200
committer	Kirill Burtsev <kirill.burtsev@qt.io>	2019-09-05 23:33:12 +0200
commit	8d045ce2a4cc65660bdf6ee8b555899c5c6119de (patch)
tree	f25ecfc6b167993215f6808d1a6ada105c069524 /src/core
parent	bf3753f02402b44455038c4fa2a897d41aadf850 (diff)