Add certificate error handling to devtools.

content/browser/devtools/protocol/security_handler.cc

Index: content/browser/devtools/protocol/security_handler.cc
diff --git a/content/browser/devtools/protocol/security_handler.cc b/content/browser/devtools/protocol/security_handler.cc
index 6b6808e4367c2719ae13e36f62823be48c4487f1..332ff48dfc442df3591145c2b9cd2517a2fceb30 100644
--- a/content/browser/devtools/protocol/security_handler.cc
+++ b/content/browser/devtools/protocol/security_handler.cc
@@ -146,6 +146,37 @@ void SecurityHandler::DidChangeVisibleSecurityState() {
       Maybe<std::string>(security_style_explanations.summary));
 }
 
+void SecurityHandler::DidFinishNavigation(NavigationHandle* navigation_handle) {
+  if (certificate_errors_overriden_)
+    FlushPendingCertificateErrorNotifications();
+}
+
+void SecurityHandler::FlushPendingCertificateErrorNotifications() {
+  for (auto callback : cert_error_callbacks_)
+    callback.second.Run(content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL);
+  cert_error_callbacks_.clear();
+}
+
+bool SecurityHandler::NotifyCertificateError(int cert_error,
+                                             const GURL& request_url,
+                                             CertErrorCallback handler) {
+  if (!enabled_)
+    return false;
+  if (!certificate_errors_overriden_) {
+    // Send certificateError to devtools frontend to inform, but do not

[pfeldman, 2017/03/22 00:47:32]

I would always generate the id, regardless on whether certificate errors are
overridden. Client knows whether it needs to perform any action.

[irisu, 2017/03/22 02:48:58]

Done.

+    // assign a cert error id, since we do not want the error to be
+    // handled by devtools.
+    frontend_->CertificateError(-1, net::ErrorToShortString(cert_error),
+                                request_url.spec());
+    return false;
+  }
+  frontend_->CertificateError(++last_cert_error_id_,
+                              net::ErrorToShortString(cert_error),
+                              request_url.spec());
+  cert_error_callbacks_[last_cert_error_id_] = handler;

[pfeldman, 2017/03/22 00:47:32]

But still put it into the map conditionally.

[irisu, 2017/03/22 02:48:58]

Done.

+  return true;
+}
+
 Response SecurityHandler::Enable() {
   enabled_ = true;
   if (host_)
@@ -156,7 +187,9 @@ Response SecurityHandler::Enable() {
 
 Response SecurityHandler::Disable() {
   enabled_ = false;
+  certificate_errors_overriden_ = false;
   WebContentsObserver::Observe(nullptr);
+  FlushPendingCertificateErrorNotifications();
   return Response::OK();
 }
 
@@ -173,5 +206,36 @@ Response SecurityHandler::ShowCertificateViewer() {
   return Response::OK();
 }
 
+Response SecurityHandler::HandleCertificateError(int event_id,
+                                                 const String& action) {
+  if (cert_error_callbacks_.find(event_id) == cert_error_callbacks_.end()) {
+    return Response::Error(
+        String("Unknown event id: " + std::to_string(event_id)));
+  }
+  content::CertificateRequestResultType type =
+      content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL;
+  Response response = Response::OK();
+  if (action == Security::CertificateErrorActionEnum::Continue) {
+    type = content::CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE;
+  } else if (action == Security::CertificateErrorActionEnum::Cancel) {
+    type = content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL;
+  } else {
+    response =
+        Response::Error(String("Unknown Certificate Error Action: " + action));
+  }
+  cert_error_callbacks_[event_id].Run(type);
+  cert_error_callbacks_.erase(event_id);
+  return response;
+}
+
+Response SecurityHandler::SetOverrideCertificateErrors(bool override) {
+  if (override && !enabled_)
+    return Response::Error("Security domain not enabled");
+  certificate_errors_overriden_ = override;
+  if (!override)
+    FlushPendingCertificateErrorNotifications();
+  return Response::OK();
+}
+
 }  // namespace protocol
 }  // namespace content