Merge remote-tracking branch 'origin/5.6' into 5.7

Change-Id: Ieab3c4a6d16b1d7b7c0243ff8898f81807e7b1fc

11 files changed, 269 insertions, 7 deletions

diff --git a/src/core/browser_context_qt.cpp b/src/core/browser_context_qt.cpp
index de6c06dd7..5685c2dcd 100644
--- a/src/core/browser_context_qt.cpp
+++ b/src/core/browser_context_qt.cpp
@@ -44,6 +44,7 @@
 #include "permission_manager_qt.h"
 #include "qtwebenginecoreglobal_p.h"
 #include "resource_context_qt.h"
+#include "ssl_host_state_delegate_qt.h"
 #include "type_conversion.h"
 #include "url_request_context_getter_qt.h"
 
@@ -172,7 +173,9 @@ content::PushMessagingService *BrowserContextQt::GetPushMessagingService()
 
 content::SSLHostStateDelegate* BrowserContextQt::GetSSLHostStateDelegate()
 {
-    return 0;
+    if (!sslHostStateDelegate)
+        sslHostStateDelegate.reset(new SSLHostStateDelegateQt(m_adapter));
+    return sslHostStateDelegate.get();
 }
 
 scoped_ptr<content::ZoomLevelDelegate> BrowserContextQt::CreateZoomLevelDelegate(const base::FilePath&)
diff --git a/src/core/browser_context_qt.h b/src/core/browser_context_qt.h
index 044a3adac..08ac05fd4 100644
--- a/src/core/browser_context_qt.h
+++ b/src/core/browser_context_qt.h
@@ -59,6 +59,7 @@ namespace QtWebEngineCore {
 
 class BrowserContextAdapter;
 class PermissionManagerQt;
+class SSLHostStateDelegateQt;
 class URLRequestContextGetterQt;
 
 class BrowserContextQt : public content::BrowserContext
@@ -104,6 +105,7 @@ private:
     scoped_ptr<content::ResourceContext> resourceContext;
     scoped_refptr<URLRequestContextGetterQt> url_request_getter_;
     scoped_ptr<PermissionManagerQt> permissionManager;
+    scoped_ptr<SSLHostStateDelegateQt> sslHostStateDelegate;
     BrowserContextAdapter *m_adapter;
 #if defined(ENABLE_SPELLCHECK)
     scoped_refptr<TestingPrefStore> m_prefStore;
diff --git a/src/core/config/linux.pri b/src/core/config/linux.pri
index 2fa6aa5c6..bd1d068d8 100644
--- a/src/core/config/linux.pri
+++ b/src/core/config/linux.pri
@@ -43,6 +43,6 @@ use?(system_jsoncpp):  GYP_CONFIG += use_system_jsoncpp=1
 use?(system_opus):     GYP_CONFIG += use_system_opus=1
 use?(system_snappy):   GYP_CONFIG += use_system_snappy=1
 use?(system_vpx):      GYP_CONFIG += use_system_libvpx=1
-use?(system_icu):      GYP_CONFIG += use_system_icu=1
+use?(system_icu):      GYP_CONFIG += use_system_icu=1 icu_use_data_file_flag=0
 use?(system_ffmpeg):   GYP_CONFIG += use_system_ffmpeg=1
 
diff --git a/src/core/content_browser_client_qt.cpp b/src/core/content_browser_client_qt.cpp
index 03d142c0b..f5f490ccf 100644
--- a/src/core/content_browser_client_qt.cpp
+++ b/src/core/content_browser_client_qt.cpp
@@ -423,13 +423,14 @@ void ContentBrowserClientQt::AllowCertificateError(content::WebContents *webCont
                                    const base::Callback<void(bool)>& callback,
                                    content::CertificateRequestResultType* result)
 {
-    // We leave the result with its default value.
-    Q_UNUSED(result);
-
     WebContentsDelegateQt* contentsDelegate = static_cast<WebContentsDelegateQt*>(webContents->GetDelegate());
 
     QSharedPointer<CertificateErrorController> errorController(new CertificateErrorController(new CertificateErrorControllerPrivate(cert_error, ssl_info, request_url, resource_type, overridable, strict_enforcement, callback)));
     contentsDelegate->allowCertificateError(errorController);
+
+    // If we don't give the user a chance to allow it, we can reject it right away.
+    if (result && (!overridable || strict_enforcement))
+        *result = content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY;
 }
 
 content::LocationProvider *ContentBrowserClientQt::OverrideSystemLocationProvider()
diff --git a/src/core/content_main_delegate_qt.cpp b/src/core/content_main_delegate_qt.cpp
index 2f61e1e5e..0560c3f6b 100644
--- a/src/core/content_main_delegate_qt.cpp
+++ b/src/core/content_main_delegate_qt.cpp
@@ -97,10 +97,17 @@ content::ContentRendererClient *ContentMainDelegateQt::CreateContentRendererClie
     return new ContentRendererClientQt;
 }
 
+// see icu_util.cc
+#define ICU_UTIL_DATA_FILE   0
+#define ICU_UTIL_DATA_SHARED 1
+#define ICU_UTIL_DATA_STATIC 2
+
 bool ContentMainDelegateQt::BasicStartupComplete(int *exit_code)
 {
     PathService::Override(base::FILE_EXE, WebEngineLibraryInfo::getPath(base::FILE_EXE));
+#if ICU_UTIL_DATA_IMPL == ICU_UTIL_DATA_FILE
     PathService::Override(base::DIR_QT_LIBRARY_DATA, WebEngineLibraryInfo::getPath(base::DIR_QT_LIBRARY_DATA));
+#endif
     PathService::Override(content::DIR_MEDIA_LIBS, WebEngineLibraryInfo::getPath(content::DIR_MEDIA_LIBS));
     PathService::Override(ui::DIR_LOCALES, WebEngineLibraryInfo::getPath(ui::DIR_LOCALES));
 #if defined(ENABLE_SPELLCHECK)
diff --git a/src/core/core_gyp_generator.pro b/src/core/core_gyp_generator.pro
index 327ad9625..e04e34c5a 100644
--- a/src/core/core_gyp_generator.pro
+++ b/src/core/core_gyp_generator.pro
@@ -81,6 +81,7 @@ SOURCES = \
         resource_bundle_qt.cpp \
         resource_context_qt.cpp \
         resource_dispatcher_host_delegate_qt.cpp \
+        ssl_host_state_delegate_qt.cpp \
         stream_video_node.cpp \
         surface_factory_qt.cpp \
         type_conversion.cpp \
@@ -160,6 +161,7 @@ HEADERS = \
         renderer/web_channel_ipc_transport.h \
         resource_context_qt.h \
         resource_dispatcher_host_delegate_qt.h \
+        ssl_host_state_delegate_qt.h \
         stream_video_node.h \
         surface_factory_qt.h \
         type_conversion.h \
diff --git a/src/core/core_module.pro b/src/core/core_module.pro
index f30af83fc..174c00afb 100644
--- a/src/core/core_module.pro
+++ b/src/core/core_module.pro
@@ -77,9 +77,9 @@ icu.files = $$OUT_PWD/$$getConfigDir()/icudtl.dat
         INSTALLS += icu locales resources
     }
 
-    !contains(QT_CONFIG, qt_framework): contains(QT_CONFIG, private_tests) {
+    !contains(QT_CONFIG, qt_framework):!force_independent {
         #
-        # Copy essential files to the qtbase build directory (for non-installed developer builds)
+        # Copy essential files to the qtbase build directory for non-prefix builds
         #
 
         icudt2build.input = icu.files
@@ -97,3 +97,11 @@ icu.files = $$OUT_PWD/$$getConfigDir()/icudtl.dat
         QMAKE_EXTRA_COMPILERS += icudt2build resources2build
     }
 }
+
+OTHER_FILES = \
+    $$files(../3rdparty/chromium/*.h, true) \
+    $$files(../3rdparty/chromium/*.cc, true) \
+    $$files(../3rdparty/chromium/*.mm, true) \
+    $$files(../3rdparty/chromium/*.py, true) \
+    $$files(../3rdparty/chromium/*.gyp, true) \
+    $$files(../3rdparty/chromium/*.gypi, true)
diff --git a/src/core/gyp_run.pro b/src/core/gyp_run.pro
index e83db387b..02d1e41d6 100644
--- a/src/core/gyp_run.pro
+++ b/src/core/gyp_run.pro
@@ -83,9 +83,22 @@ contains(QT_ARCH, "arm") {
     contains(QMAKE_CFLAGS, "-mthumb"): GYP_CONFIG += arm_thumb=1
 }
 
+contains(QT_ARCH, "mips") {
+    !cross_compile: GYP_CONFIG += sysroot=\"\"
+    GYP_CONFIG += target_arch=mipsel
+
+    contains(QMAKE_CFLAGS, "mips32r6"): mips_arch_variant=\"r6\"
+    else: contains(QMAKE_CFLAGS, "mips32r2"): mips_arch_variant=\"r2\"
+    else: contains(QMAKE_CFLAGS, "mips32"): mips_arch_variant=\"r1\"
+
+    contains(QMAKE_CFLAGS, "-mdsp2"): GYP_CONFIG += mips_dsp_rev=2
+    else: contains(QMAKE_CFLAGS, "-mdsp"): GYP_CONFIG += mips_dsp_rev=1
+}
+
 contains(QT_ARCH, "x86_64"): GYP_CONFIG += target_arch=x64
 contains(QT_ARCH, "i386"): GYP_CONFIG += target_arch=ia32
 contains(QT_ARCH, "arm64"): GYP_CONFIG += target_arch=arm64
+contains(QT_ARCH, "mips64"): GYP_CONFIG += target_arch=mips64el
 
 contains(WEBENGINE_CONFIG, use_proprietary_codecs): GYP_CONFIG += proprietary_codecs=1 ffmpeg_branding=Chrome
 
diff --git a/src/core/qtwebengine.gypi b/src/core/qtwebengine.gypi
index 2ee0f3586..6cfafb0ca 100644
--- a/src/core/qtwebengine.gypi
+++ b/src/core/qtwebengine.gypi
@@ -133,5 +133,16 @@
           'renderer/print_web_view_helper_delegate_qt.h',
         ]
       }],
+      ['icu_use_data_file_flag==1', {
+        'defines': ['ICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_FILE'],
+      }, { # else icu_use_data_file_flag !=1
+        'conditions': [
+          ['OS=="win"', {
+            'defines': ['ICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_SHARED'],
+          }, {
+            'defines': ['ICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_STATIC'],
+          }],
+        ],
+      }],
     ],
 }
diff --git a/src/core/ssl_host_state_delegate_qt.cpp b/src/core/ssl_host_state_delegate_qt.cpp
new file mode 100644
index 000000000..cf17b944c
--- /dev/null
+++ b/src/core/ssl_host_state_delegate_qt.cpp
@@ -0,0 +1,135 @@
+/****************************************************************************
+**
+** Copyright (C) 2016 The Qt Company Ltd.
+** Contact: http://www.qt.io/licensing/
+**
+** This file is part of the QtWebEngine module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:LGPL$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and The Qt Company. For licensing terms
+** and conditions see http://www.qt.io/terms-conditions. For further
+** information use the contact form at http://www.qt.io/contact-us.
+**
+** GNU Lesser General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU Lesser
+** General Public License version 3 as published by the Free Software
+** Foundation and appearing in the file LICENSE.LGPLv3 included in the
+** packaging of this file. Please review the following information to
+** ensure the GNU Lesser General Public License version 3 requirements
+** will be met: https://www.gnu.org/licenses/lgpl.html.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 2.0 or later as published by the Free
+** Software Foundation and appearing in the file LICENSE.GPL included in
+** the packaging of this file. Please review the following information to
+** ensure the GNU General Public License version 2.0 requirements will be
+** met: http://www.gnu.org/licenses/gpl-2.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#include "ssl_host_state_delegate_qt.h"
+
+#include "type_conversion.h"
+
+namespace QtWebEngineCore {
+
+// Mirrors implementation in aw_ssl_host_state_delegate.cc
+
+static net::SHA256HashValue getChainFingerprint256(const net::X509Certificate &cert)
+{
+    net::SHA256HashValue fingerprint =
+            net::X509Certificate::CalculateChainFingerprint256(cert.os_cert_handle(), cert.GetIntermediateCertificates());
+    return fingerprint;
+}
+
+CertPolicy::CertPolicy()
+{
+}
+
+CertPolicy::~CertPolicy()
+{
+}
+
+bool CertPolicy::Check(const net::X509Certificate& cert, net::CertStatus error) const
+{
+    net::SHA256HashValue fingerprint = getChainFingerprint256(cert);
+    auto allowed_iter = m_allowed.find(fingerprint);
+    if ((allowed_iter != m_allowed.end()) && (allowed_iter->second & error) && ((allowed_iter->second & error) == error))
+        return true;
+    return false;
+}
+
+void CertPolicy::Allow(const net::X509Certificate& cert, net::CertStatus error)
+{
+    net::SHA256HashValue fingerprint = getChainFingerprint256(cert);
+    m_allowed[fingerprint] |= error;
+}
+
+SSLHostStateDelegateQt::SSLHostStateDelegateQt(BrowserContextAdapter *contextAdapter)
+    : m_contextAdapter(contextAdapter)
+{
+}
+
+SSLHostStateDelegateQt::~SSLHostStateDelegateQt()
+{
+}
+
+void SSLHostStateDelegateQt::AllowCert(const std::string &host, const net::X509Certificate &cert, net::CertStatus error)
+{
+    m_certPolicyforHost[host].Allow(cert, error);
+}
+
+// Clear all allow preferences.
+void SSLHostStateDelegateQt::Clear()
+{
+    m_certPolicyforHost.clear();
+}
+
+// Queries whether |cert| is allowed for |host| and |error|. Returns true in
+// |expired_previous_decision| if a previous user decision expired immediately
+// prior to this query, otherwise false.
+content::SSLHostStateDelegate::CertJudgment SSLHostStateDelegateQt::QueryPolicy(
+                                                       const std::string &host, const net::X509Certificate &cert,
+                                                       net::CertStatus error,bool *expired_previous_decision)
+{
+    return m_certPolicyforHost[host].Check(cert, error) ? SSLHostStateDelegate::ALLOWED : SSLHostStateDelegate::DENIED;
+}
+
+// Records that a host has run insecure content.
+void SSLHostStateDelegateQt::HostRanInsecureContent(const std::string &host, int pid)
+{
+}
+
+// Returns whether the specified host ran insecure content.
+bool SSLHostStateDelegateQt::DidHostRunInsecureContent(const std::string &host, int pid) const
+{
+    return false;
+}
+
+// Revokes all SSL certificate error allow exceptions made by the user for
+// |host|.
+void SSLHostStateDelegateQt::RevokeUserAllowExceptions(const std::string &host)
+{
+    m_certPolicyforHost.erase(host);
+}
+
+// Returns whether the user has allowed a certificate error exception for
+// |host|. This does not mean that *all* certificate errors are allowed, just
+// that there exists an exception. To see if a particular certificate and
+// error combination exception is allowed, use QueryPolicy().
+bool SSLHostStateDelegateQt::HasAllowException(const std::string &host) const
+{
+    auto policy_iterator = m_certPolicyforHost.find(host);
+    return policy_iterator != m_certPolicyforHost.end() &&
+           policy_iterator->second.HasAllowException();
+}
+
+
+} // namespace QtWebEngineCore
diff --git a/src/core/ssl_host_state_delegate_qt.h b/src/core/ssl_host_state_delegate_qt.h
new file mode 100644
index 000000000..7c91fcb2d
--- /dev/null
+++ b/src/core/ssl_host_state_delegate_qt.h
@@ -0,0 +1,80 @@
+/****************************************************************************
+**
+** Copyright (C) 2016 The Qt Company Ltd.
+** Contact: http://www.qt.io/licensing/
+**
+** This file is part of the QtWebEngine module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:LGPL$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and The Qt Company. For licensing terms
+** and conditions see http://www.qt.io/terms-conditions. For further
+** information use the contact form at http://www.qt.io/contact-us.
+**
+** GNU Lesser General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU Lesser
+** General Public License version 3 as published by the Free Software
+** Foundation and appearing in the file LICENSE.LGPLv3 included in the
+** packaging of this file. Please review the following information to
+** ensure the GNU Lesser General Public License version 3 requirements
+** will be met: https://www.gnu.org/licenses/lgpl.html.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 2.0 or later as published by the Free
+** Software Foundation and appearing in the file LICENSE.GPL included in
+** the packaging of this file. Please review the following information to
+** ensure the GNU General Public License version 2.0 requirements will be
+** met: http://www.gnu.org/licenses/gpl-2.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#ifndef SSL_HOST_STATE_DELEGATE_QT_H
+#define SSL_HOST_STATE_DELEGATE_QT_H
+
+#include "content/public/browser/ssl_host_state_delegate.h"
+#include "browser_context_adapter.h"
+
+namespace QtWebEngineCore {
+
+class CertPolicy {
+public:
+    CertPolicy();
+    ~CertPolicy();
+    bool Check(const net::X509Certificate& cert, net::CertStatus error) const;
+    void Allow(const net::X509Certificate& cert, net::CertStatus error);
+    bool HasAllowException() const { return m_allowed.size() > 0; }
+
+private:
+    std::map<net::SHA256HashValue, net::CertStatus, net::SHA256HashValueLessThan> m_allowed;
+};
+
+class SSLHostStateDelegateQt : public content::SSLHostStateDelegate {
+
+public:
+    SSLHostStateDelegateQt(BrowserContextAdapter *);
+    ~SSLHostStateDelegateQt();
+
+    // content::SSLHostStateDelegate implementation:
+    virtual void AllowCert(const std::string &, const net::X509Certificate &cert, net::CertStatus error) override;
+    virtual void Clear() override;
+    virtual CertJudgment QueryPolicy(const std::string &host, const net::X509Certificate &cert,
+                                     net::CertStatus error,bool *expired_previous_decision) override;
+    virtual void HostRanInsecureContent(const std::string &host, int pid) override;
+    virtual bool DidHostRunInsecureContent(const std::string &host, int pid) const override;
+    virtual void RevokeUserAllowExceptions(const std::string &host) override;
+    virtual bool HasAllowException(const std::string &host) const override;
+
+private:
+    BrowserContextAdapter *m_contextAdapter;
+    std::map<std::string, CertPolicy> m_certPolicyforHost;
+};
+
+} // namespace QtWebEngineCore
+
+#endif // SSL_HOST_STATE_DELEGATE_QT_H