Add certificate error handling to devtools.

content/browser/devtools/protocol/security_handler.cc

Index: content/browser/devtools/protocol/security_handler.cc
diff --git a/content/browser/devtools/protocol/security_handler.cc b/content/browser/devtools/protocol/security_handler.cc
index cf214a7fc8782702fab8d8bb77bc1a9cd7b96764..c0ce2ed7bd1c3162d099255a6468b52503ac4e9a 100644
--- a/content/browser/devtools/protocol/security_handler.cc
+++ b/content/browser/devtools/protocol/security_handler.cc
@@ -6,6 +6,7 @@
 
 #include <string>
 
+#include "content/browser/devtools/devtools_session.h"
 #include "content/browser/frame_host/render_frame_host_impl.h"
 #include "content/public/browser/navigation_controller.h"
 #include "content/public/browser/navigation_entry.h"
@@ -59,12 +60,19 @@ void AddExplanations(
 SecurityHandler::SecurityHandler()
     : DevToolsDomainHandler(Security::Metainfo::domainName),
       enabled_(false),
-      host_(nullptr) {
-}
+      host_(nullptr),
+      last_cert_error_id_(0),

[pfeldman, 2017/02/16 01:35:34]

you no longer need these!

[irisu, 2017/02/16 04:47:32]

Done.

+      certificate_error_enabled_(false) {}
 
 SecurityHandler::~SecurityHandler() {
 }
 
+// static
+SecurityHandler* SecurityHandler::FromSession(DevToolsSession* session) {
+  return static_cast<SecurityHandler*>(
+      session->GetHandlerByName(Security::Metainfo::domainName));
+}
+
 void SecurityHandler::Wire(UberDispatcher* dispatcher) {
   frontend_.reset(new Security::Frontend(dispatcher->channel()));
   Security::Dispatcher::wire(dispatcher, this);
@@ -136,6 +144,30 @@ void SecurityHandler::DidChangeVisibleSecurityState() {
       Maybe<std::string>(security_style_explanations.summary));
 }
 
+void SecurityHandler::DidFinishLoad(RenderFrameHost* render_frame_host,
+                                    const GURL& validated_url) {
+  if (certificate_error_enabled_)
+    FlushPendingRequests();
+}
+
+void SecurityHandler::FlushPendingRequests() {
+  for (auto callback : callbacks_)
+    callback.second.Run(content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL);
+  callbacks_.clear();
+}
+
+bool SecurityHandler::NotifyCertificateError(int cert_error,
+                                             const GURL& request_url,
+                                             CertErrorCallback handler) {
+  frontend_->CertificateError(++last_cert_error_id_, cert_error,

[pfeldman, 2017/02/16 01:35:34]

if (!enabled_)
  return;

[irisu, 2017/02/16 04:47:32]

Done.

+                              net::ErrorToShortString(cert_error),

[pfeldman, 2017/02/16 01:35:34]

cert_error is internal to chrome, so we should not be providing it.

[Eric Seckler, 2017/02/16 02:01:07]

Shall we add an enum type to the Security domain that covers the "Certificate
error codes" from net/base/net_error_list.h?

+                              request_url.spec());
+  if (!certificate_error_enabled_)

[pfeldman, 2017/02/16 01:35:34]

nit: this now needs a new name (certificate_errors_overriden_ or alike)

[irisu, 2017/02/16 04:47:32]

Done.

+    return false;
+  callbacks_[last_cert_error_id_] = handler;
+  return true;
+}
+
 Response SecurityHandler::Enable() {
   enabled_ = true;
   if (host_)
@@ -146,7 +178,9 @@ Response SecurityHandler::Enable() {
 
 Response SecurityHandler::Disable() {
   enabled_ = false;
+  certificate_error_enabled_ = false;
   WebContentsObserver::Observe(nullptr);
+  FlushPendingRequests();
   return Response::OK();
 }
 
@@ -163,5 +197,38 @@ Response SecurityHandler::ShowCertificateViewer() {
   return Response::OK();
 }
 
+Response SecurityHandler::HandleCertificateError(int event_id,
+                                                 const String& action) {
+  if (callbacks_.find(event_id) == callbacks_.end()) {
+    return Response::Error(
+        String("Unknown event id: " + std::to_string(event_id)));
+  }
+  content::CertificateRequestResultType type =
+      content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY;
+  Response response = Response::OK();
+  if (action == Security::CertificateErrorActionEnum::Continue) {
+    type = content::CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE;
+  } else if (action == Security::CertificateErrorActionEnum::Cancel) {
+    type = content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL;
+  } else if (action == Security::CertificateErrorActionEnum::Deny) {
+    type = content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY;
+  } else {
+    response =
+        Response::Error(String("Unknown Certificate Error Action: " + action));
+  }
+  callbacks_[event_id].Run(type);
+  callbacks_.erase(event_id);
+  return response;
+}
+
+Response SecurityHandler::SetOverrideCertificateErrors(bool override) {
+  if (override && !enabled_)
+    return Response::Error("Security domain not enabled");
+  certificate_error_enabled_ = override;
+  if (!override)
+    FlushPendingRequests();
+  return Response::OK();
+}
+
 }  // namespace protocol
 }  // namespace content