From 28b95e8ed0e4eed87a8e4ffb60e2e28ec3b78056 Mon Sep 17 00:00:00 2001 From: Tim Ledbetter Date: Wed, 10 Jul 2024 12:50:21 +0100 Subject: [PATCH] WebContent+WebWorker: Use custom certificate paths with Qt networking This change adds a `--certificate` option to both WebContent and WebWorker, which allows one or more custom root certificate paths to be specified. Certificates are then loaded from these paths when Qt networking is used. This allows WPT tests that require a https connection to be run locally with Qt networking. --- Ladybird/Qt/RequestManagerQt.cpp | 11 ++++++++++- Ladybird/Qt/RequestManagerQt.h | 6 +++--- Ladybird/WebContent/main.cpp | 3 ++- Ladybird/WebWorker/main.cpp | 4 +++- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/Ladybird/Qt/RequestManagerQt.cpp b/Ladybird/Qt/RequestManagerQt.cpp index c3dfb838cbc..d1156d618ca 100644 --- a/Ladybird/Qt/RequestManagerQt.cpp +++ b/Ladybird/Qt/RequestManagerQt.cpp @@ -5,15 +5,24 @@ */ #include "RequestManagerQt.h" +#include "StringUtils.h" #include "WebSocketImplQt.h" #include "WebSocketQt.h" #include namespace Ladybird { -RequestManagerQt::RequestManagerQt() +RequestManagerQt::RequestManagerQt(Vector const& certificate_paths) { m_qnam = new QNetworkAccessManager(this); + auto ssl_configuration = QSslConfiguration::defaultConfiguration(); + ssl_configuration.setPeerVerifyMode(QSslSocket::VerifyNone); + for (auto const& certificate_path : certificate_paths) { + auto certificates = QSslCertificate::fromPath(qstring_from_ak_string(certificate_path)); + for (auto const& certificate : certificates) + ssl_configuration.addCaCertificate(certificate); + } + QSslConfiguration::setDefaultConfiguration(ssl_configuration); QObject::connect(m_qnam, &QNetworkAccessManager::finished, this, &RequestManagerQt::reply_finished); } diff --git a/Ladybird/Qt/RequestManagerQt.h b/Ladybird/Qt/RequestManagerQt.h index 578747d3ea4..c4698a0f308 100644 --- a/Ladybird/Qt/RequestManagerQt.h +++ b/Ladybird/Qt/RequestManagerQt.h @@ -17,9 +17,9 @@ class RequestManagerQt , public Web::ResourceLoaderConnector { Q_OBJECT public: - static NonnullRefPtr create() + static NonnullRefPtr create(Vector const& certificate_paths) { - return adopt_ref(*new RequestManagerQt()); + return adopt_ref(*new RequestManagerQt(certificate_paths)); } virtual ~RequestManagerQt() override { } @@ -34,7 +34,7 @@ private slots: void reply_finished(QNetworkReply*); private: - RequestManagerQt(); + explicit RequestManagerQt(Vector const& certificate_paths); class Request : public Web::ResourceLoaderConnectorRequest { diff --git a/Ladybird/WebContent/main.cpp b/Ladybird/WebContent/main.cpp index f8f9e75484c..cca477a5621 100644 --- a/Ladybird/WebContent/main.cpp +++ b/Ladybird/WebContent/main.cpp @@ -113,6 +113,7 @@ ErrorOr serenity_main(Main::Arguments arguments) args_parser.add_option(is_layout_test_mode, "Is layout test mode", "layout-test-mode"); args_parser.add_option(expose_internals_object, "Expose internals object", "expose-internals-object"); args_parser.add_option(use_lagom_networking, "Enable Lagom servers for networking", "use-lagom-networking"); + args_parser.add_option(certificates, "Path to a certificate file", "certificate", 'C', "certificate"); args_parser.add_option(use_skia_painter, "Enable Skia painter", "use-skia-painting"); args_parser.add_option(wait_for_debugger, "Wait for debugger", "wait-for-debugger"); args_parser.add_option(mach_server_name, "Mach server name", "mach-server-name", 0, "mach_server_name"); @@ -150,7 +151,7 @@ ErrorOr serenity_main(Main::Arguments arguments) #if defined(HAVE_QT) if (!use_lagom_networking) - Web::ResourceLoader::initialize(Ladybird::RequestManagerQt::create()); + Web::ResourceLoader::initialize(Ladybird::RequestManagerQt::create(certificates)); else #endif TRY(initialize_lagom_networking(request_server_socket)); diff --git a/Ladybird/WebWorker/main.cpp b/Ladybird/WebWorker/main.cpp index 4041a00965f..b1bf2924c22 100644 --- a/Ladybird/WebWorker/main.cpp +++ b/Ladybird/WebWorker/main.cpp @@ -39,12 +39,14 @@ ErrorOr serenity_main(Main::Arguments arguments) int request_server_socket { -1 }; StringView serenity_resource_root; + Vector certificates; bool use_lagom_networking { false }; Core::ArgsParser args_parser; args_parser.add_option(request_server_socket, "File descriptor of the request server socket", "request-server-socket", 's', "request-server-socket"); args_parser.add_option(serenity_resource_root, "Absolute path to directory for serenity resources", "serenity-resource-root", 'r', "serenity-resource-root"); args_parser.add_option(use_lagom_networking, "Enable Lagom servers for networking", "use-lagom-networking"); + args_parser.add_option(certificates, "Path to a certificate file", "certificate", 'C', "certificate"); args_parser.parse(arguments); #if defined(HAVE_QT) @@ -61,7 +63,7 @@ ErrorOr serenity_main(Main::Arguments arguments) #if defined(HAVE_QT) if (!use_lagom_networking) - Web::ResourceLoader::initialize(Ladybird::RequestManagerQt::create()); + Web::ResourceLoader::initialize(Ladybird::RequestManagerQt::create(certificates)); else #endif TRY(initialize_lagom_networking(request_server_socket));