[Xfce4-commits] <midori:master> Implement certificate handling with WebKit2
Christian Dywan
noreply at xfce.org
Sat Apr 6 00:08:04 CEST 2013
Updating branch refs/heads/master
to 898da5f2bb2d14e271d5b0f2ad588c577fa5ebca (commit)
from 910547a6a3542bd1c9e9acca58b002d5851b51f4 (commit)
commit 898da5f2bb2d14e271d5b0f2ad588c577fa5ebca
Author: Christian Dywan <christian at twotoasts.de>
Date: Sat Apr 6 00:04:17 2013 +0200
Implement certificate handling with WebKit2
midori/midori-locationaction.c | 23 ++++++++---------
midori/midori-view.c | 52 ++++++++++++++++++++++++++++++++-------
midori/midori-view.h | 7 +++++
3 files changed, 60 insertions(+), 22 deletions(-)
diff --git a/midori/midori-locationaction.c b/midori/midori-locationaction.c
index f39c1af..63e8e83 100644
--- a/midori/midori-locationaction.c
+++ b/midori/midori-locationaction.c
@@ -1382,20 +1382,21 @@ midori_location_action_show_page_info (GtkWidget* widget,
GtkBox* box,
GtkWidget* dialog)
{
-#ifndef HAVE_WEBKIT2
+ GTlsCertificate* tls_cert;
+ GTlsCertificateFlags tls_flags;
+ gchar* hostname;
+
MidoriBrowser* browser = midori_browser_get_for_widget (widget);
MidoriView* view = MIDORI_VIEW (midori_browser_get_current_tab (browser));
+ #ifdef HAVE_WEBKIT2
+ void* request = NULL;
+ #else
WebKitWebView* web_view = WEBKIT_WEB_VIEW (midori_view_get_web_view (view));
WebKitWebFrame* web_frame = webkit_web_view_get_main_frame (web_view);
WebKitWebDataSource* source = webkit_web_frame_get_data_source (web_frame);
WebKitNetworkRequest* request = webkit_web_data_source_get_request (source);
- SoupMessage* message = midori_map_get_message (webkit_network_request_get_message (request));
- GTlsCertificate* tls_cert;
- GTlsCertificateFlags tls_flags;
-
- g_return_if_fail (message);
- g_object_get (message, "tls-certificate", &tls_cert, "tls-errors", &tls_flags, NULL);
-
+ #endif
+ midori_view_get_tls_info (view, request, &tls_cert, &tls_flags, &hostname);
if (tls_cert == NULL)
return;
@@ -1403,7 +1404,6 @@ midori_location_action_show_page_info (GtkWidget* widget,
GByteArray* der_cert;
GcrCertificate* gcr_cert;
GtkWidget* details;
- SoupURI* uri = soup_message_get_uri (message);
g_object_get (tls_cert, "certificate", &der_cert, NULL);
gcr_cert = gcr_simple_certificate_new (
@@ -1412,7 +1412,7 @@ midori_location_action_show_page_info (GtkWidget* widget,
details = (GtkWidget*)gcr_certificate_details_widget_new (gcr_cert);
gtk_widget_show (details);
gtk_container_add (GTK_CONTAINER (box), details);
- if (gcr_trust_is_certificate_pinned (gcr_cert, GCR_PURPOSE_SERVER_AUTH, uri->host, NULL, NULL))
+ if (gcr_trust_is_certificate_pinned (gcr_cert, GCR_PURPOSE_SERVER_AUTH, hostname, NULL, NULL))
gtk_dialog_add_buttons (GTK_DIALOG (dialog),
("_Don't trust this website"), MIDORI_CERT_REVOKE, NULL);
else if (tls_flags > 0)
@@ -1422,7 +1422,7 @@ midori_location_action_show_page_info (GtkWidget* widget,
gtk_dialog_add_button (GTK_DIALOG (dialog), _("_Export certificate"), MIDORI_CERT_EXPORT),
"secondary", TRUE, NULL);
- g_object_set_data_full (G_OBJECT (gcr_cert), "peer", g_strdup (uri->host), (GDestroyNotify)g_free);
+ g_object_set_data_full (G_OBJECT (gcr_cert), "peer", hostname, (GDestroyNotify)g_free);
g_object_set_data_full (G_OBJECT (dialog), "gcr-cert", gcr_cert, (GDestroyNotify)g_object_unref);
g_signal_connect (dialog, "response",
G_CALLBACK (midori_location_action_cert_response_cb), gcr_cert);
@@ -1440,7 +1440,6 @@ midori_location_action_show_page_info (GtkWidget* widget,
#endif
g_object_unref (tls_cert);
-#endif
}
#endif
diff --git a/midori/midori-view.c b/midori/midori-view.c
index 3c57423..c274f5a 100644
--- a/midori/midori-view.c
+++ b/midori/midori-view.c
@@ -721,6 +721,34 @@ midori_view_update_load_status (MidoriView* view,
#endif
}
+gboolean
+midori_view_get_tls_info (MidoriView* view,
+ void* request,
+ GTlsCertificate** tls_cert,
+ GTlsCertificateFlags* tls_flags,
+ gchar** hostname)
+{
+ #ifdef HAVE_WEBKIT2
+ WebKitWebView* web_view = WEBKIT_WEB_VIEW (view->web_view);
+ *hostname = midori_uri_parse_hostname (webkit_web_view_get_uri (web_view), NULL);
+ return webkit_web_view_get_tls_info (web_view, tls_cert, tls_flags);
+ #else
+ SoupMessage* message = midori_map_get_message (webkit_network_request_get_message (request));
+ if (message != NULL)
+ {
+ SoupURI* uri = soup_message_get_uri (message);
+ *hostname = uri ? g_strdup (uri->host) : NULL;
+ g_object_get (message, "tls-certificate", tls_cert, "tls-errors", tls_flags, NULL);
+ return tls_flags == 0
+ && soup_message_get_flags (message) & SOUP_MESSAGE_CERTIFICATE_TRUSTED;
+ }
+ *tls_cert = NULL;
+ *tls_flags = 0;
+ *hostname = NULL;
+ return FALSE;
+ #endif
+}
+
static gboolean
midori_view_web_view_navigation_decision_cb (WebKitWebView* web_view,
#ifdef HAVE_WEBKIT2
@@ -735,6 +763,7 @@ midori_view_web_view_navigation_decision_cb (WebKitWebView* web_view
MidoriView* view)
{
#ifdef HAVE_WEBKIT2
+ void* request = NULL;
const gchar* uri = webkit_web_view_get_uri (web_view);
#else
const gchar* uri = webkit_network_request_get_uri (request);
@@ -770,33 +799,35 @@ midori_view_web_view_navigation_decision_cb (WebKitWebView* web_view
#endif
return TRUE;
}
- #if defined (HAVE_GCR) && !defined (HAVE_WEBKIT2)
+ #if defined (HAVE_GCR)
else if (/* midori_tab_get_special (MIDORI_TAB (view)) && */ !strncmp (uri, "https", 5))
{
/* We show an error page if the certificate is invalid.
If a "special", unverified page loads a form, it must be that page.
if (webkit_web_navigation_action_get_reason (action) == WEBKIT_WEB_NAVIGATION_REASON_FORM_SUBMITTED)
FIXME: Verify more stricly that this cannot be eg. a simple Reload */
+ #ifdef HAVE_WEBKIT2
+ if (decision_type == WEBKIT_POLICY_DECISION_TYPE_NAVIGATION_ACTION)
+ #else
if (webkit_web_navigation_action_get_reason (action) == WEBKIT_WEB_NAVIGATION_REASON_RELOAD)
+ #endif
{
- SoupMessage* message = webkit_network_request_get_message (request);
- if (!(soup_message_get_flags (message) & SOUP_MESSAGE_CERTIFICATE_TRUSTED))
+ GTlsCertificate* tls_cert;
+ GTlsCertificateFlags tls_flags;
+ gchar* hostname;
+ if (!midori_view_get_tls_info (view, request, &tls_cert, &tls_flags, &hostname)
+ && tls_cert != NULL)
{
- SoupURI* soup_uri = soup_message_get_uri (message);
- GTlsCertificate* tls_cert;
GcrCertificate* gcr_cert;
GByteArray* der_cert;
- message = midori_map_get_message (message);
- g_object_get (message, "tls-certificate", &tls_cert, NULL);
- g_return_val_if_fail (tls_cert != NULL, FALSE);
g_object_get (tls_cert, "certificate", &der_cert, NULL);
gcr_cert = gcr_simple_certificate_new (der_cert->data, der_cert->len);
g_byte_array_unref (der_cert);
- if (soup_uri && soup_uri->host && !gcr_trust_is_certificate_pinned (gcr_cert, GCR_PURPOSE_SERVER_AUTH, soup_uri->host, NULL, NULL))
+ if (hostname && !gcr_trust_is_certificate_pinned (gcr_cert, GCR_PURPOSE_SERVER_AUTH, hostname, NULL, NULL))
{
GError* error = NULL;
- gcr_trust_add_pinned_certificate (gcr_cert, GCR_PURPOSE_SERVER_AUTH, soup_uri->host, NULL, &error);
+ gcr_trust_add_pinned_certificate (gcr_cert, GCR_PURPOSE_SERVER_AUTH, hostname, NULL, &error);
if (error != NULL)
{
gchar* slots = g_strjoinv (" , ", (gchar**)gcr_pkcs11_get_trust_lookup_uris ());
@@ -814,6 +845,7 @@ midori_view_web_view_navigation_decision_cb (WebKitWebView* web_view
g_object_unref (gcr_cert);
g_object_unref (tls_cert);
}
+ g_free (hostname);
}
}
#endif
diff --git a/midori/midori-view.h b/midori/midori-view.h
index 05f9f38..3192295 100644
--- a/midori/midori-view.h
+++ b/midori/midori-view.h
@@ -248,6 +248,13 @@ midori_view_set_colors (MidoriView* view,
GdkColor* fg_color,
GdkColor* bg_color);
+gboolean
+midori_view_get_tls_info (MidoriView* view,
+ void* request,
+ GTlsCertificate** tls_cert,
+ GTlsCertificateFlags* tls_flags,
+ gchar** hostname);
+
G_END_DECLS
#endif /* __MIDORI_VIEW_H__ */
More information about the Xfce4-commits
mailing list