Updating branch refs/heads/master to 898da5f2bb2d14e271d5b0f2ad588c577fa5ebca (commit) from 910547a6a3542bd1c9e9acca58b002d5851b51f4 (commit)
commit 898da5f2bb2d14e271d5b0f2ad588c577fa5ebca Author: Christian Dywan <christ...@twotoasts.de> Date: Sat Apr 6 00:04:17 2013 +0200 Implement certificate handling with WebKit2 midori/midori-locationaction.c | 23 ++++++++--------- midori/midori-view.c | 52 ++++++++++++++++++++++++++++++++------- midori/midori-view.h | 7 +++++ 3 files changed, 60 insertions(+), 22 deletions(-) diff --git a/midori/midori-locationaction.c b/midori/midori-locationaction.c index f39c1af..63e8e83 100644 --- a/midori/midori-locationaction.c +++ b/midori/midori-locationaction.c @@ -1382,20 +1382,21 @@ midori_location_action_show_page_info (GtkWidget* widget, GtkBox* box, GtkWidget* dialog) { -#ifndef HAVE_WEBKIT2 + GTlsCertificate* tls_cert; + GTlsCertificateFlags tls_flags; + gchar* hostname; + MidoriBrowser* browser = midori_browser_get_for_widget (widget); MidoriView* view = MIDORI_VIEW (midori_browser_get_current_tab (browser)); + #ifdef HAVE_WEBKIT2 + void* request = NULL; + #else WebKitWebView* web_view = WEBKIT_WEB_VIEW (midori_view_get_web_view (view)); WebKitWebFrame* web_frame = webkit_web_view_get_main_frame (web_view); WebKitWebDataSource* source = webkit_web_frame_get_data_source (web_frame); WebKitNetworkRequest* request = webkit_web_data_source_get_request (source); - SoupMessage* message = midori_map_get_message (webkit_network_request_get_message (request)); - GTlsCertificate* tls_cert; - GTlsCertificateFlags tls_flags; - - g_return_if_fail (message); - g_object_get (message, "tls-certificate", &tls_cert, "tls-errors", &tls_flags, NULL); - + #endif + midori_view_get_tls_info (view, request, &tls_cert, &tls_flags, &hostname); if (tls_cert == NULL) return; @@ -1403,7 +1404,6 @@ midori_location_action_show_page_info (GtkWidget* widget, GByteArray* der_cert; GcrCertificate* gcr_cert; GtkWidget* details; - SoupURI* uri = soup_message_get_uri (message); g_object_get (tls_cert, "certificate", &der_cert, NULL); gcr_cert = gcr_simple_certificate_new ( @@ -1412,7 +1412,7 @@ midori_location_action_show_page_info (GtkWidget* widget, details = (GtkWidget*)gcr_certificate_details_widget_new (gcr_cert); gtk_widget_show (details); gtk_container_add (GTK_CONTAINER (box), details); - if (gcr_trust_is_certificate_pinned (gcr_cert, GCR_PURPOSE_SERVER_AUTH, uri->host, NULL, NULL)) + if (gcr_trust_is_certificate_pinned (gcr_cert, GCR_PURPOSE_SERVER_AUTH, hostname, NULL, NULL)) gtk_dialog_add_buttons (GTK_DIALOG (dialog), ("_Don't trust this website"), MIDORI_CERT_REVOKE, NULL); else if (tls_flags > 0) @@ -1422,7 +1422,7 @@ midori_location_action_show_page_info (GtkWidget* widget, gtk_dialog_add_button (GTK_DIALOG (dialog), _("_Export certificate"), MIDORI_CERT_EXPORT), "secondary", TRUE, NULL); - g_object_set_data_full (G_OBJECT (gcr_cert), "peer", g_strdup (uri->host), (GDestroyNotify)g_free); + g_object_set_data_full (G_OBJECT (gcr_cert), "peer", hostname, (GDestroyNotify)g_free); g_object_set_data_full (G_OBJECT (dialog), "gcr-cert", gcr_cert, (GDestroyNotify)g_object_unref); g_signal_connect (dialog, "response", G_CALLBACK (midori_location_action_cert_response_cb), gcr_cert); @@ -1440,7 +1440,6 @@ midori_location_action_show_page_info (GtkWidget* widget, #endif g_object_unref (tls_cert); -#endif } #endif diff --git a/midori/midori-view.c b/midori/midori-view.c index 3c57423..c274f5a 100644 --- a/midori/midori-view.c +++ b/midori/midori-view.c @@ -721,6 +721,34 @@ midori_view_update_load_status (MidoriView* view, #endif } +gboolean +midori_view_get_tls_info (MidoriView* view, + void* request, + GTlsCertificate** tls_cert, + GTlsCertificateFlags* tls_flags, + gchar** hostname) +{ + #ifdef HAVE_WEBKIT2 + WebKitWebView* web_view = WEBKIT_WEB_VIEW (view->web_view); + *hostname = midori_uri_parse_hostname (webkit_web_view_get_uri (web_view), NULL); + return webkit_web_view_get_tls_info (web_view, tls_cert, tls_flags); + #else + SoupMessage* message = midori_map_get_message (webkit_network_request_get_message (request)); + if (message != NULL) + { + SoupURI* uri = soup_message_get_uri (message); + *hostname = uri ? g_strdup (uri->host) : NULL; + g_object_get (message, "tls-certificate", tls_cert, "tls-errors", tls_flags, NULL); + return tls_flags == 0 + && soup_message_get_flags (message) & SOUP_MESSAGE_CERTIFICATE_TRUSTED; + } + *tls_cert = NULL; + *tls_flags = 0; + *hostname = NULL; + return FALSE; + #endif +} + static gboolean midori_view_web_view_navigation_decision_cb (WebKitWebView* web_view, #ifdef HAVE_WEBKIT2 @@ -735,6 +763,7 @@ midori_view_web_view_navigation_decision_cb (WebKitWebView* web_view MidoriView* view) { #ifdef HAVE_WEBKIT2 + void* request = NULL; const gchar* uri = webkit_web_view_get_uri (web_view); #else const gchar* uri = webkit_network_request_get_uri (request); @@ -770,33 +799,35 @@ midori_view_web_view_navigation_decision_cb (WebKitWebView* web_view #endif return TRUE; } - #if defined (HAVE_GCR) && !defined (HAVE_WEBKIT2) + #if defined (HAVE_GCR) else if (/* midori_tab_get_special (MIDORI_TAB (view)) && */ !strncmp (uri, "https", 5)) { /* We show an error page if the certificate is invalid. If a "special", unverified page loads a form, it must be that page. if (webkit_web_navigation_action_get_reason (action) == WEBKIT_WEB_NAVIGATION_REASON_FORM_SUBMITTED) FIXME: Verify more stricly that this cannot be eg. a simple Reload */ + #ifdef HAVE_WEBKIT2 + if (decision_type == WEBKIT_POLICY_DECISION_TYPE_NAVIGATION_ACTION) + #else if (webkit_web_navigation_action_get_reason (action) == WEBKIT_WEB_NAVIGATION_REASON_RELOAD) + #endif { - SoupMessage* message = webkit_network_request_get_message (request); - if (!(soup_message_get_flags (message) & SOUP_MESSAGE_CERTIFICATE_TRUSTED)) + GTlsCertificate* tls_cert; + GTlsCertificateFlags tls_flags; + gchar* hostname; + if (!midori_view_get_tls_info (view, request, &tls_cert, &tls_flags, &hostname) + && tls_cert != NULL) { - SoupURI* soup_uri = soup_message_get_uri (message); - GTlsCertificate* tls_cert; GcrCertificate* gcr_cert; GByteArray* der_cert; - message = midori_map_get_message (message); - g_object_get (message, "tls-certificate", &tls_cert, NULL); - g_return_val_if_fail (tls_cert != NULL, FALSE); g_object_get (tls_cert, "certificate", &der_cert, NULL); gcr_cert = gcr_simple_certificate_new (der_cert->data, der_cert->len); g_byte_array_unref (der_cert); - if (soup_uri && soup_uri->host && !gcr_trust_is_certificate_pinned (gcr_cert, GCR_PURPOSE_SERVER_AUTH, soup_uri->host, NULL, NULL)) + if (hostname && !gcr_trust_is_certificate_pinned (gcr_cert, GCR_PURPOSE_SERVER_AUTH, hostname, NULL, NULL)) { GError* error = NULL; - gcr_trust_add_pinned_certificate (gcr_cert, GCR_PURPOSE_SERVER_AUTH, soup_uri->host, NULL, &error); + gcr_trust_add_pinned_certificate (gcr_cert, GCR_PURPOSE_SERVER_AUTH, hostname, NULL, &error); if (error != NULL) { gchar* slots = g_strjoinv (" , ", (gchar**)gcr_pkcs11_get_trust_lookup_uris ()); @@ -814,6 +845,7 @@ midori_view_web_view_navigation_decision_cb (WebKitWebView* web_view g_object_unref (gcr_cert); g_object_unref (tls_cert); } + g_free (hostname); } } #endif diff --git a/midori/midori-view.h b/midori/midori-view.h index 05f9f38..3192295 100644 --- a/midori/midori-view.h +++ b/midori/midori-view.h @@ -248,6 +248,13 @@ midori_view_set_colors (MidoriView* view, GdkColor* fg_color, GdkColor* bg_color); +gboolean +midori_view_get_tls_info (MidoriView* view, + void* request, + GTlsCertificate** tls_cert, + GTlsCertificateFlags* tls_flags, + gchar** hostname); + G_END_DECLS #endif /* __MIDORI_VIEW_H__ */ _______________________________________________ Xfce4-commits mailing list Xfce4-commits@xfce.org https://mail.xfce.org/mailman/listinfo/xfce4-commits