From 99e3756464d92b496cd5e118da46c560bf213c15 Mon Sep 17 00:00:00 2001
From: Peter Hofmann <scm@uninformativ.de>
Date: Mon, 5 Jan 2015 20:05:35 +0100
Subject: Implement a simple certificate trust store

The WebKit1 version of lariza simply ignored certificate errors. I could
have turned off validation in WebKit2 as well, but I wanted to try to do
it right. :-)

Closes #12.
---
 browser.c | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

(limited to 'browser.c')

diff --git a/browser.c b/browser.c
index 1b12fe1..08c2b3e 100644
--- a/browser.c
+++ b/browser.c
@@ -41,6 +41,7 @@ static gboolean keywords_try_search(WebKitWebView *, const gchar *);
 static gboolean remote_msg(GIOChannel *, GIOCondition, gpointer);
 static void search(gpointer, gint);
 static Window tabbed_launch(void);
+static void trust_user_certs(WebKitWebContext *);
 static void usage(void);
 
 
@@ -187,6 +188,8 @@ client_new(const gchar *uri)
 		g_signal_connect(G_OBJECT(wc), "download-started",
 		                 G_CALLBACK(download_handle_start), NULL);
 
+		trust_user_certs(wc);
+
 		initial_wc_setup_done = TRUE;
 	}
 
@@ -593,6 +596,7 @@ key_location(GtkWidget *widget, GdkEvent *event, gpointer data)
 	struct Client *c = (struct Client *)data;
 	const gchar *t;
 	gchar *f;
+	WebKitWebContext *wc = webkit_web_view_get_context(WEBKIT_WEB_VIEW(c->web_view));
 
 	if (event->type == GDK_KEY_PRESS)
 	{
@@ -614,6 +618,9 @@ key_location(GtkWidget *widget, GdkEvent *event, gpointer data)
 					gtk_entry_set_text(GTK_ENTRY(c->location), "/");
 					gtk_editable_set_position(GTK_EDITABLE(c->location), -1);
 					return TRUE;
+				case GDK_KEY_c:  /* reload trusted certs (left hand) */
+					trust_user_certs(wc);
+					return TRUE;
 			}
 		}
 		else
@@ -656,6 +663,7 @@ key_web_view(GtkWidget *widget, GdkEvent *event, gpointer data)
 	gdouble dx, dy;
 	gchar *f;
 	gfloat z;
+	WebKitWebContext *wc = webkit_web_view_get_context(WEBKIT_WEB_VIEW(c->web_view));
 
 	if (event->type == GDK_KEY_PRESS)
 	{
@@ -698,6 +706,9 @@ key_web_view(GtkWidget *widget, GdkEvent *event, gpointer data)
 					gtk_entry_set_text(GTK_ENTRY(c->location), "/");
 					gtk_editable_set_position(GTK_EDITABLE(c->location), -1);
 					return TRUE;
+				case GDK_KEY_c:  /* reload trusted certs (left hand) */
+					trust_user_certs(wc);
+					return TRUE;
 			}
 		}
 		else if (((GdkEventKey *)event)->keyval == GDK_KEY_Escape)
@@ -882,6 +893,33 @@ tabbed_launch(void)
 	return plug_into;
 }
 
+void
+trust_user_certs(WebKitWebContext *wc)
+{
+	GTlsCertificate *cert;
+	const gchar *basedir, *file, *absfile;
+	GDir *dir;
+
+	basedir = g_build_filename(g_get_user_config_dir(), __NAME__, "certs", NULL);
+	dir = g_dir_open(basedir, 0, NULL);
+	if (dir != NULL)
+	{
+		file = g_dir_read_name(dir);
+		while (file != NULL)
+		{
+			absfile = g_build_filename(g_get_user_config_dir(), __NAME__, "certs",
+			                           file, NULL);
+			cert = g_tls_certificate_new_from_file(absfile, NULL);
+			if (cert == NULL)
+				fprintf(stderr, __NAME__": Could not load trusted cert '%s'\n", file);
+			else
+				webkit_web_context_allow_tls_certificate_for_host(wc, cert, file);
+			file = g_dir_read_name(dir);
+		}
+		g_dir_close(dir);
+	}
+}
+
 void
 usage(void)
 {
-- 
cgit v1.2.3