Add certificate error handling to devtools.

content/browser/devtools/protocol/security_handler.cc

Index: content/browser/devtools/protocol/security_handler.cc
diff --git a/content/browser/devtools/protocol/security_handler.cc b/content/browser/devtools/protocol/security_handler.cc
index cf214a7fc8782702fab8d8bb77bc1a9cd7b96764..3ba03f3779099663117b7ed8b32abcd9d467ab3d 100644
--- a/content/browser/devtools/protocol/security_handler.cc
+++ b/content/browser/devtools/protocol/security_handler.cc
@@ -59,8 +59,9 @@ void AddExplanations(
 SecurityHandler::SecurityHandler()
     : DevToolsDomainHandler(Security::Metainfo::domainName),
       enabled_(false),
-      host_(nullptr) {
-}
+      host_(nullptr),
+      last_cert_error_id_(0),
+      certificate_error_enabled_(false) {}
 
 SecurityHandler::~SecurityHandler() {
 }
@@ -136,6 +137,18 @@ void SecurityHandler::DidChangeVisibleSecurityState() {
       Maybe<std::string>(security_style_explanations.summary));
 }
 
+bool SecurityHandler::NotifyCertificateError(int cert_error,
+                                             const GURL& request_url,
+                                             CertErrorCallback handler) {
+  frontend_->CertificateError(++last_cert_error_id_,
+                              net::ErrorToShortString(cert_error),

[Eric Seckler, 2017/02/14 18:42:25]

might be useful to have this both as descriptive string and as error code?

[irisu, 2017/02/16 00:24:30]

Done.

+                              request_url.spec());
+  if (!certificate_error_enabled_)
+    return false;
+  callbacks_[last_cert_error_id_] = handler;
+  return true;
+}
+
 Response SecurityHandler::Enable() {
   enabled_ = true;
   if (host_)
@@ -147,6 +160,9 @@ Response SecurityHandler::Enable() {
 Response SecurityHandler::Disable() {
   enabled_ = false;
   WebContentsObserver::Observe(nullptr);
+  for (auto callback : callbacks_)
+    callback.second.Run(content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL);
+  callbacks_.clear();
   return Response::OK();
 }
 
@@ -163,5 +179,36 @@ Response SecurityHandler::ShowCertificateViewer() {
   return Response::OK();
 }
 
+Response SecurityHandler::HandleCertificateError(int event_id,
+                                                 const String& action) {
+  content::CertificateRequestResultType type =
+      content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY;
+  Response response = Response::OK();
+  if (action == "continue") {

[pfeldman, 2017/02/14 19:00:24]

CertificateErrorActionTypeEnum::Continue

[irisu, 2017/02/16 00:24:30]

Done.

+    type = content::CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE;
+  } else if (action == "cancel") {
+    type = content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL;
+  } else if (action == "deny") {
+    type = content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY;
+  } else {
+    response =
+        Response::Error(String("Unknown Certificate Error Action: " + action));
+  }
+  if (callbacks_.find(event_id) == callbacks_.end()) {

[pfeldman, 2017/02/14 19:00:24]

You could do this first.

[irisu, 2017/02/16 00:24:30]

Done.

+    return Response::Error(
+        String("Unknown event id: " + std::to_string(event_id)));
+  }
+  callbacks_[event_id].Run(type);
+  callbacks_.erase(event_id);
+  return response;
+}
+
+Response SecurityHandler::SetOverrideCertificateErrors(bool override) {
+  if (override && !enabled_)
+    return Response::Error("Security not enabled");

[pfeldman, 2017/02/14 19:00:24]

Security domain not enabled

[irisu, 2017/02/16 00:24:30]

Done.

+  certificate_error_enabled_ = override;

[pfeldman, 2017/02/14 19:00:24]

If override == false, you want to flush existing pending requests. Also, you
might want to flush everything upon navigation.

[irisu, 2017/02/16 00:24:30]

Done.

+  return Response::OK();
+}
+
 }  // namespace protocol
 }  // namespace content