WebContent+WebWorker: Use custom certificate paths with Qt networking

This change adds a `--certificate` option to both WebContent and WebWorker, which allows one or more custom root certificate paths to be specified. Certificates are then loaded from these paths when Qt networking is used. This allows WPT tests that require a https connection to be run locally with Qt networking.
Author: https://github.com/tcl3 Commit: https://github.com/LadybirdBrowser/ladybird/commit/28b95e8ed0 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/549
2024-11-25 00:50:22 +00:00 · 2024-07-10 12:50:21 +01:00 · 2024-07-10 12:50:21 +01:00 · 28b95e8ed0 · 2024-07-17 01:12:07 +09:00
commit 28b95e8ed0
parent 772d64aca2
4 changed files with 18 additions and 6 deletions
--- a/Ladybird/Qt/RequestManagerQt.cpp
+++ b/Ladybird/Qt/RequestManagerQt.cpp
@ -5,15 +5,24 @@
 */

 #include "RequestManagerQt.h"
+#include "StringUtils.h"
 #include "WebSocketImplQt.h"
 #include "WebSocketQt.h"
 #include <QNetworkCookie>

 namespace Ladybird {

-RequestManagerQt::RequestManagerQt()
+RequestManagerQt::RequestManagerQt(Vector<ByteString> const& certificate_paths)
 {
    m_qnam = new QNetworkAccessManager(this);
+    auto ssl_configuration = QSslConfiguration::defaultConfiguration();
+    ssl_configuration.setPeerVerifyMode(QSslSocket::VerifyNone);
+    for (auto const& certificate_path : certificate_paths) {
+        auto certificates = QSslCertificate::fromPath(qstring_from_ak_string(certificate_path));
+        for (auto const& certificate : certificates)
+            ssl_configuration.addCaCertificate(certificate);
+    }
+    QSslConfiguration::setDefaultConfiguration(ssl_configuration);

    QObject::connect(m_qnam, &QNetworkAccessManager::finished, this, &RequestManagerQt::reply_finished);
 }
--- a/Ladybird/Qt/RequestManagerQt.h
+++ b/Ladybird/Qt/RequestManagerQt.h
@ -17,9 +17,9 @@ class RequestManagerQt
    , public Web::ResourceLoaderConnector {
    Q_OBJECT
 public:
-    static NonnullRefPtr<RequestManagerQt> create()
+    static NonnullRefPtr<RequestManagerQt> create(Vector<ByteString> const& certificate_paths)
    {
-        return adopt_ref(*new RequestManagerQt());
+        return adopt_ref(*new RequestManagerQt(certificate_paths));
    }

    virtual ~RequestManagerQt() override { }
@ -34,7 +34,7 @@ private slots:
    void reply_finished(QNetworkReply*);

 private:
-    RequestManagerQt();
+    explicit RequestManagerQt(Vector<ByteString> const& certificate_paths);

    class Request
        : public Web::ResourceLoaderConnectorRequest {
--- a/Ladybird/WebContent/main.cpp
+++ b/Ladybird/WebContent/main.cpp
@ -113,6 +113,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
    args_parser.add_option(is_layout_test_mode, "Is layout test mode", "layout-test-mode");
    args_parser.add_option(expose_internals_object, "Expose internals object", "expose-internals-object");
    args_parser.add_option(use_lagom_networking, "Enable Lagom servers for networking", "use-lagom-networking");
+    args_parser.add_option(certificates, "Path to a certificate file", "certificate", 'C', "certificate");
    args_parser.add_option(use_skia_painter, "Enable Skia painter", "use-skia-painting");
    args_parser.add_option(wait_for_debugger, "Wait for debugger", "wait-for-debugger");
    args_parser.add_option(mach_server_name, "Mach server name", "mach-server-name", 0, "mach_server_name");
@ -150,7 +151,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)

 #if defined(HAVE_QT)
    if (!use_lagom_networking)
-        Web::ResourceLoader::initialize(Ladybird::RequestManagerQt::create());
+        Web::ResourceLoader::initialize(Ladybird::RequestManagerQt::create(certificates));
    else
 #endif
        TRY(initialize_lagom_networking(request_server_socket));
--- a/Ladybird/WebWorker/main.cpp
+++ b/Ladybird/WebWorker/main.cpp
@ -39,12 +39,14 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)

    int request_server_socket { -1 };
    StringView serenity_resource_root;
+    Vector<ByteString> certificates;
    bool use_lagom_networking { false };

    Core::ArgsParser args_parser;
    args_parser.add_option(request_server_socket, "File descriptor of the request server socket", "request-server-socket", 's', "request-server-socket");
    args_parser.add_option(serenity_resource_root, "Absolute path to directory for serenity resources", "serenity-resource-root", 'r', "serenity-resource-root");
    args_parser.add_option(use_lagom_networking, "Enable Lagom servers for networking", "use-lagom-networking");
+    args_parser.add_option(certificates, "Path to a certificate file", "certificate", 'C', "certificate");
    args_parser.parse(arguments);

 #if defined(HAVE_QT)
@ -61,7 +63,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)

 #if defined(HAVE_QT)
    if (!use_lagom_networking)
-        Web::ResourceLoader::initialize(Ladybird::RequestManagerQt::create());
+        Web::ResourceLoader::initialize(Ladybird::RequestManagerQt::create(certificates));
    else
 #endif
        TRY(initialize_lagom_networking(request_server_socket));