From bf3753f02402b44455038c4fa2a897d41aadf850 Mon Sep 17 00:00:00 2001
From: Kirill Burtsev <kirill.burtsev@qt.io>
Date: Wed, 14 Aug 2019 18:59:23 +0200
Subject: Allow deferring QWebEngineCertificateError handling
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Introduce defer() method for halting URL load on certificate errors,
and methods for rejecting and ignoring these errors subsequently
in async manner.

[ChangeLog][QtWebEngineWidgets][QWebEngineCertificateError] New
methods for asynchronous decision on certificate error during load.

Fixes: QTBUG-55110
Change-Id: Ib23eb568862ccc360208922a6a581f8e7edc4a7e
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
---
 .../certificateerror/tst_certificateerror.cpp      | 122 +++++++++++++++++++++
 1 file changed, 122 insertions(+)
 create mode 100644 tests/auto/widgets/certificateerror/tst_certificateerror.cpp

(limited to 'tests/auto/widgets/certificateerror/tst_certificateerror.cpp')

diff --git a/tests/auto/widgets/certificateerror/tst_certificateerror.cpp b/tests/auto/widgets/certificateerror/tst_certificateerror.cpp
new file mode 100644
index 000000000..b002dc363
--- /dev/null
+++ b/tests/auto/widgets/certificateerror/tst_certificateerror.cpp
@@ -0,0 +1,122 @@
+/****************************************************************************
+**
+** Copyright (C) 2019 The Qt Company Ltd.
+** Contact: https://www.qt.io/licensing/
+**
+** This file is part of the QtWebEngine module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:GPL-EXCEPT$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and The Qt Company. For licensing terms
+** and conditions see https://www.qt.io/terms-conditions. For further
+** information use the contact form at https://www.qt.io/contact-us.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 3 as published by the Free Software
+** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT
+** included in the packaging of this file. Please review the following
+** information to ensure the GNU General Public License requirements will
+** be met: https://www.gnu.org/licenses/gpl-3.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+#include <httpsserver.h>
+#include <util.h>
+
+#include <QWebEngineCertificateError>
+#include <QWebEnginePage>
+#include <QWebEngineSettings>
+
+#include <QtTest/QtTest>
+
+class tst_CertificateError : public QObject
+{
+    Q_OBJECT
+public:
+    tst_CertificateError() { }
+
+private Q_SLOTS:
+    void handleError_data();
+    void handleError();
+};
+
+struct PageWithCertificateErrorHandler : QWebEnginePage
+{
+    PageWithCertificateErrorHandler(bool defer, bool accept, QObject *p = nullptr)
+        : QWebEnginePage(p), deferError(defer), acceptCertificate(accept) {
+        connect(this, &QWebEnginePage::loadFinished, [&] (bool result) { spyLoad(result); });
+    }
+
+    bool deferError, acceptCertificate;
+
+    CallbackSpy<bool> spyLoad;
+    QScopedPointer<QWebEngineCertificateError> error;
+
+    bool certificateError(const QWebEngineCertificateError &e) override {
+        error.reset(new QWebEngineCertificateError(e));
+        if (deferError)
+            error->defer();
+        return acceptCertificate;
+    }
+};
+
+void tst_CertificateError::handleError_data()
+{
+    QTest::addColumn<bool>("deferError");
+    QTest::addColumn<bool>("acceptCertificate");
+    QTest::addColumn<QString>("expectedContent");
+    QTest::addRow("Reject") << false << false << QString();
+    QTest::addRow("DeferReject") << true << false << QString();
+    QTest::addRow("DeferAccept") << true << true << "TEST";
+}
+
+void tst_CertificateError::handleError()
+{
+    HttpsServer server;
+    server.setExpectError(true);
+    QVERIFY(server.start());
+
+    connect(&server, &HttpsServer::newRequest, [&] (HttpReqRep *rr) {
+        rr->setResponseBody(QByteArrayLiteral("<html><body>TEST</body></html>"));
+        rr->sendResponse();
+    });
+
+    QFETCH(bool, deferError);
+    QFETCH(bool, acceptCertificate);
+    QFETCH(QString, expectedContent);
+
+    PageWithCertificateErrorHandler page(deferError, acceptCertificate);
+    page.settings()->setAttribute(QWebEngineSettings::ErrorPageEnabled, false);
+
+    page.setUrl(server.url());
+    QTRY_VERIFY(page.error);
+    QVERIFY(page.error->isOverridable());
+
+    if (deferError) {
+        QVERIFY(page.error->deferred());
+        QVERIFY(!page.error->answered());
+        QVERIFY(!page.spyLoad.wasCalled());
+        QCOMPARE(toPlainTextSync(&page), QString());
+
+        if (acceptCertificate)
+            page.error->ignoreCertificateError();
+        else
+            page.error->rejectCertificate();
+
+        QVERIFY(page.error->answered());
+        page.error.reset();
+    }
+
+    bool loadResult = page.spyLoad.waitForResult();
+    QVERIFY(page.spyLoad.wasCalled());
+    QCOMPARE(loadResult, acceptCertificate);
+    QCOMPARE(toPlainTextSync(&page), expectedContent);
+}
+
+QTEST_MAIN(tst_CertificateError)
+#include <tst_certificateerror.moc>
-- 
cgit v1.2.3


From 8d045ce2a4cc65660bdf6ee8b555899c5c6119de Mon Sep 17 00:00:00 2001
From: Kirill Burtsev <kirill.burtsev@qt.io>
Date: Mon, 26 Aug 2019 13:46:35 +0200
Subject: Api to get certificate's chain on error
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Expose certificate's chain on validation error starting with
the immediate certificate and ending with the CA's certificate.

[ChangeLog][QtWebEngineWidgets][QWebEngineCertificateError] New method
to get the peer's chain of digital certificates.

Fixes: QTBUG-51176
Change-Id: I799dfe9e44f9f2517f4691d175beee256114af79
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
---
 tests/auto/widgets/certificateerror/tst_certificateerror.cpp | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'tests/auto/widgets/certificateerror/tst_certificateerror.cpp')

diff --git a/tests/auto/widgets/certificateerror/tst_certificateerror.cpp b/tests/auto/widgets/certificateerror/tst_certificateerror.cpp
index b002dc363..5fd765ed5 100644
--- a/tests/auto/widgets/certificateerror/tst_certificateerror.cpp
+++ b/tests/auto/widgets/certificateerror/tst_certificateerror.cpp
@@ -96,6 +96,10 @@ void tst_CertificateError::handleError()
     page.setUrl(server.url());
     QTRY_VERIFY(page.error);
     QVERIFY(page.error->isOverridable());
+    auto chain = page.error->chain();
+    QCOMPARE(chain.size(), 2);
+    QCOMPARE(chain[0].serialNumber(), "3b:dd:1a:b7:2f:40:32:3b:c1:bf:37:d4:86:bd:56:c1:d0:6b:2a:43");
+    QCOMPARE(chain[1].serialNumber(), "6d:52:fb:b4:57:3b:b2:03:c8:62:7b:7e:44:45:5c:d3:08:87:74:17");
 
     if (deferError) {
         QVERIFY(page.error->deferred());
-- 
cgit v1.2.3