Add certificate error handling to devtools.

content/browser/devtools/protocol/security_handler.cc

Index: content/browser/devtools/protocol/security_handler.cc
diff --git a/content/browser/devtools/protocol/security_handler.cc b/content/browser/devtools/protocol/security_handler.cc
index cf214a7fc8782702fab8d8bb77bc1a9cd7b96764..aef85e5d4c41f22e240756482754ed5e0432f01e 100644
--- a/content/browser/devtools/protocol/security_handler.cc
+++ b/content/browser/devtools/protocol/security_handler.cc
@@ -59,8 +59,9 @@ void AddExplanations(
 SecurityHandler::SecurityHandler()
     : DevToolsDomainHandler(Security::Metainfo::domainName),
       enabled_(false),
-      host_(nullptr) {
-}
+      host_(nullptr),
+      last_cert_error_id_(0),
+      certificate_error_enabled_(false) {}
 
 SecurityHandler::~SecurityHandler() {
 }
@@ -136,6 +137,14 @@ void SecurityHandler::DidChangeVisibleSecurityState() {
       Maybe<std::string>(security_style_explanations.summary));
 }
 
+bool SecurityHandler::NotifyCertificateError(CertErrorCallback handler) {
+  if (!certificate_error_enabled_)
+    return false;
+  callbacks_[++last_cert_error_id_] = handler;
+  frontend_->CertificateError(last_cert_error_id_);

[pfeldman, 2017/02/08 18:24:00]

You should report certificate errors whenever Security domain is enabled. Store
handler conditionally instead.

[irisu, 2017/02/14 05:46:14]

Done.

+  return true;
+}
+
 Response SecurityHandler::Enable() {
   enabled_ = true;
   if (host_)
@@ -163,5 +172,38 @@ Response SecurityHandler::ShowCertificateViewer() {
   return Response::OK();
 }
 
+Response SecurityHandler::HandleCertificateError(int event_id,
+                                                 const String& action) {
+  content::CertificateRequestResultType type =
+      content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY;
+  Response response = Response::OK();
+  if (action == "continue") {
+    type = content::CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE;
+  } else if (action == "cancel") {
+    type = content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL;
+  } else if (action == "deny") {
+    type = content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY;
+  } else {
+    response =
+        Response::Error(String("Unknown Certificate Error Action: " + action));
+  }
+  if (callbacks_.find(event_id) == callbacks_.end())

[Sami, 2017/02/08 14:58:43]

nit: add {} please

[irisu, 2017/02/14 05:46:14]

Done.

+    return Response::Error(
+        String("Unknown event id: " + std::to_string(event_id)));
+  callbacks_[event_id].Run(type);
+  callbacks_.erase(event_id);
+  return response;
+}
+
+Response SecurityHandler::EnableCertificateErrorHandling() {
+  certificate_error_enabled_ = true;
+  if (!enabled_) {

[Sami, 2017/02/08 14:58:43]

I think we should just require the user to also call Enable() instead doing it
for them.

[pfeldman, 2017/02/08 18:24:00]

+1, you also need to provide a way to disable it. setOverrideCertificateErrors

[irisu, 2017/02/14 05:46:14]

Done.

+    enabled_ = true;
+    if (host_)
+      AttachToRenderFrameHost();
+  }
+  return Response::OK();
+}
+
 }  // namespace protocol
 }  // namespace content