Send certificates to devtools when it's open instead of using certId

third_party/WebKit/Source/core/inspector/InspectorNetworkAgent.cpp

Index: third_party/WebKit/Source/core/inspector/InspectorNetworkAgent.cpp
diff --git a/third_party/WebKit/Source/core/inspector/InspectorNetworkAgent.cpp b/third_party/WebKit/Source/core/inspector/InspectorNetworkAgent.cpp
index c23cd6e6b90876686d037f4016f1a7853edc7309..87dcfb7b0d11f0e4687410daff48b272ed4c9ca2 100644
--- a/third_party/WebKit/Source/core/inspector/InspectorNetworkAgent.cpp
+++ b/third_party/WebKit/Source/core/inspector/InspectorNetworkAgent.cpp
@@ -315,7 +315,7 @@ static std::unique_ptr<protocol::Network::Request> buildObjectForResourceRequest
     return requestObject;
 }
 
-static std::unique_ptr<protocol::Network::Response> buildObjectForResourceResponse(const ResourceResponse& response, Resource* cachedResource = nullptr, bool* isEmpty = nullptr)
+static std::unique_ptr<protocol::Network::Response> buildObjectForResourceResponse(const ResourceResponse& response, HashMap<unsigned, AtomicString>* certificateMap, Resource* cachedResource = nullptr, bool* isEmpty = nullptr)
 {
     if (response.isNull())
         return nullptr;
@@ -420,6 +420,12 @@ static std::unique_ptr<protocol::Network::Response> buildObjectForResourceRespon
 
         const ResourceResponse::SecurityDetails* responseSecurityDetails = response.getSecurityDetails();
 
+        std::unique_ptr<protocol::Array<String>> sanList = protocol::Array<String>::create();
+        for (auto const& san : responseSecurityDetails->sanList)
+            sanList->addItem(san);
+
+        certificateMap->add(responseSecurityDetails->certificate.impl()->existingHash(), responseSecurityDetails->certificate);
+
         std::unique_ptr<protocol::Array<protocol::Network::SignedCertificateTimestamp>> signedCertificateTimestampList = protocol::Array<protocol::Network::SignedCertificateTimestamp>::create();
         for (auto const& sct : responseSecurityDetails->sctList) {
             std::unique_ptr<protocol::Network::SignedCertificateTimestamp> signedCertificateTimestamp = protocol::Network::SignedCertificateTimestamp::create()
@@ -439,8 +445,14 @@ static std::unique_ptr<protocol::Network::Response> buildObjectForResourceRespon
             .setProtocol(responseSecurityDetails->protocol)
             .setKeyExchange(responseSecurityDetails->keyExchange)
             .setCipher(responseSecurityDetails->cipher)
-            .setCertificateId(responseSecurityDetails->certID)
+            .setSubjectName(responseSecurityDetails->subjectName)
+            .setSanList(std::move(sanList))
+            .setIssuer(responseSecurityDetails->issuer)
+            .setValidFrom(responseSecurityDetails->validFrom)
+            .setValidTo(responseSecurityDetails->validTo)
+            .setCertificateId(0) // Keep this in protocol for compatability.

[jam, 2016/08/31 22:13:28]

Pavel: I tried to remove this from the protocol, but got the following errors

D:\src\chrome1\src>ninja -C out\Debug_gn chrome
ninja: Entering directory `out\Debug_gn'
[3/1995] ACTION
//third_party/WebKit/Source/core/inspector:protocol_compatibility_check(//build/toolchain/win:x86)
FAILED: gen/blink/core/inspector/browser_protocol.stamp
C:/python_27_amd64/files/python.exe
../../third_party/WebKit/Source/platform/inspector_protocol/CheckProtocolCompatibility.py
--stamp gen/bl
ink/core/inspector/browser_protocol.stamp
../../third_party/WebKit/Source/core/inspector/browser_protocol.json
../../third_party/WebKit/Sour
ce/platform/v8_inspector/js_protocol.json
  Compatibility checks FAILED
    Network.responseReceived.response
parameter->Network.Response.securityDetails
property->Network.SecurityDetails.certificateId: required
property has been removed
    Network.requestWillBeSent.redirectResponse
parameter->Network.Response.securityDetails
property->Network.SecurityDetails.certificateId:
required property has been removed
ninja: build stopped: subcommand failed.

This is even with tagging SecurityDetails as experimental. so i left it for now.
any better option?

[pfeldman, 2016/08/31 23:08:45]

I'll take a look at it.

             .setSignedCertificateTimestampList(std::move(signedCertificateTimestampList))
+            .setCertificateHash(responseSecurityDetails->certificate.impl()->existingHash())
             .build();
         if (responseSecurityDetails->mac.length() > 0)
             securityDetails->setMac(responseSecurityDetails->mac);
@@ -524,7 +536,7 @@ void InspectorNetworkAgent::willSendRequestInternal(LocalFrame* frame, unsigned
     requestInfo->setMixedContentType(mixedContentTypeForContextType(MixedContentChecker::contextTypeForInspector(frame, request)));
 
     String resourceType = InspectorPageAgent::resourceTypeJson(type);
-    frontend()->requestWillBeSent(requestId, frameId, loaderId, urlWithoutFragment(loader->url()).getString(), std::move(requestInfo), monotonicallyIncreasingTime(), currentTime(), std::move(initiatorObject), buildObjectForResourceResponse(redirectResponse), resourceType);
+    frontend()->requestWillBeSent(requestId, frameId, loaderId, urlWithoutFragment(loader->url()).getString(), std::move(requestInfo), monotonicallyIncreasingTime(), currentTime(), std::move(initiatorObject), buildObjectForResourceResponse(redirectResponse, &m_certificateHashMap), resourceType);
     if (m_pendingXHRReplayData && !m_pendingXHRReplayData->async())
         frontend()->flush();
 }
@@ -574,7 +586,7 @@ void InspectorNetworkAgent::didReceiveResourceResponse(LocalFrame* frame, unsign
     bool isNotModified = response.httpStatusCode() == 304;
 
     bool resourceIsEmpty = true;
-    std::unique_ptr<protocol::Network::Response> resourceResponse = buildObjectForResourceResponse(response, cachedResource, &resourceIsEmpty);
+    std::unique_ptr<protocol::Network::Response> resourceResponse = buildObjectForResourceResponse(response, &m_certificateHashMap, cachedResource, &resourceIsEmpty);
 
     InspectorPageAgent::ResourceType type = cachedResource ? InspectorPageAgent::cachedResourceType(*cachedResource) : InspectorPageAgent::OtherResource;
     // Override with already discovered resource type.
@@ -1120,6 +1132,13 @@ void InspectorNetworkAgent::setDataSizeLimitsForTest(ErrorString*, int maxTotal,
     m_resourcesData->setResourcesDataSizeLimits(maxTotal, maxResource);
 }
 
+void InspectorNetworkAgent::showCertificateViewer(ErrorString*, int certificateHash)
+{
+    unsigned hash = static_cast<unsigned>(certificateHash);
+    DCHECK(m_certificateHashMap.contains(hash));
+    m_client->showCertificateViewer(m_certificateHashMap.get(hash));
+}
+
 void InspectorNetworkAgent::didCommitLoad(LocalFrame* frame, DocumentLoader* loader)
 {
     if (loader->frame() != m_inspectedFrames->root())
@@ -1172,8 +1191,9 @@ void InspectorNetworkAgent::removeFinishedReplayXHRFired(TimerBase*)
     m_replayXHRsToBeDeleted.clear();
 }
 
-InspectorNetworkAgent::InspectorNetworkAgent(InspectedFrames* inspectedFrames)
-    : m_inspectedFrames(inspectedFrames)
+InspectorNetworkAgent::InspectorNetworkAgent(Client* client, InspectedFrames* inspectedFrames)
+    : m_client(client)
+    , m_inspectedFrames(inspectedFrames)
     , m_resourcesData(NetworkResourcesData::create(maximumTotalBufferSize, maximumResourceBufferSize))
     , m_pendingRequest(nullptr)
     , m_isRecalculatingStyle(false)