[banshee] WebBrowser: Implement SSL certificate validation (bgo#671536)

From: Bertrand Lorentz <blorentz src gnome org>
To: commits-list gnome org
Cc:
Subject: [banshee] WebBrowser: Implement SSL certificate validation (bgo#671536)
Date: Thu, 15 Mar 2012 20:55:41 +0000 (UTC)
commit 3e1728264da3af9fb164bb8e27814f2f266e4e0d
Author: Bertrand Lorentz <bertrand lorentz gmail com>
Date:   Sun Mar 11 19:09:26 2012 +0100

    WebBrowser: Implement SSL certificate validation (bgo#671536)
    
    Add a SecurityLevel property to OssiferWebView that indicates the result
    of the SSL certificate validation.
    
    For now, any page loaded using HTTPS with an invalid or untrusted
    certificate will be blocked, and an ugly message will be displayed
    instead.
    
    This commit breaks our string freeze by adding two strings, but it
    couldn't be avoided.

 po/POTFILES.in                                     |    1 +
 .../Banshee.WebBrowser/Banshee.WebBrowser.csproj   |    1 +
 .../Banshee.WebBrowser/NavigationControl.cs        |   12 ++++++
 .../Banshee.WebBrowser/OssiferSecurityLevel.cs     |   38 ++++++++++++++++++++
 .../Banshee.WebBrowser/OssiferWebView.cs           |    7 ++++
 src/Core/Banshee.WebBrowser/Makefile.am            |    1 +
 .../libossifer/ossifer-web-view.c                  |   33 +++++++++++++++++
 .../libossifer/ossifer-web-view.h                  |    8 ++++
 8 files changed, 101 insertions(+), 0 deletions(-)
---
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 7c94f6d..ec698a5 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -154,6 +154,7 @@ src/Core/Banshee.ThickClient/Banshee.Sources.Gui/CompositeTrackSourceContents.cs
 src/Core/Banshee.ThickClient/Banshee.Sources.Gui/FilteredListSourceContents.cs
 src/Core/Banshee.ThickClient/Banshee.Sources.Gui/SourceView.cs
 src/Core/Banshee.ThickClient/Banshee.Sources.Gui/SourceView_DragAndDrop.cs
+src/Core/Banshee.WebBrowser/Banshee.WebBrowser/NavigationControl.cs
 src/Core/Banshee.WebBrowser/Banshee.WebSource/WebBrowserShell.cs
 src/Core/Banshee.Widgets/Banshee.Widgets/DiscUsageDisplay.cs
 src/Core/Banshee.Widgets/Banshee.Widgets/SearchEntry.cs
diff --git a/src/Core/Banshee.WebBrowser/Banshee.WebBrowser.csproj b/src/Core/Banshee.WebBrowser/Banshee.WebBrowser.csproj
index 7eb2448..515a862 100644
--- a/src/Core/Banshee.WebBrowser/Banshee.WebBrowser.csproj
+++ b/src/Core/Banshee.WebBrowser/Banshee.WebBrowser.csproj
@@ -146,5 +146,6 @@
     <Compile Include="JavaScriptCore\JSStaticFunction.cs" />
     <Compile Include="JavaScriptCore\JSStaticFunctionAttribute.cs" />
     <Compile Include="JavaScriptCore\Tests\JSClassTests.cs" />
+    <Compile Include="Banshee.WebBrowser\OssiferSecurityLevel.cs" />
   </ItemGroup>
 </Project>
diff --git a/src/Core/Banshee.WebBrowser/Banshee.WebBrowser/NavigationControl.cs b/src/Core/Banshee.WebBrowser/Banshee.WebBrowser/NavigationControl.cs
index 9ad7e03..b379c85 100644
--- a/src/Core/Banshee.WebBrowser/Banshee.WebBrowser/NavigationControl.cs
+++ b/src/Core/Banshee.WebBrowser/Banshee.WebBrowser/NavigationControl.cs
@@ -28,6 +28,7 @@
 using System;
 
 using Gtk;
+using Mono.Unix;
 using Hyena.Gui;
 using Hyena.Widgets;
 
@@ -147,6 +148,17 @@ namespace Banshee.WebBrowser
                 web_view.LoadStatus == OssiferLoadStatus.Failed) {
                 UpdateNavigation ();
             }
+
+            if (web_view.LoadStatus == OssiferLoadStatus.Committed &&
+                web_view.Uri.StartsWith ("https", StringComparison.InvariantCultureIgnoreCase) &&
+                web_view.SecurityLevel != OssiferSecurityLevel.Secure) {
+                string message = Catalog.GetString (
+                    "This page is blocked because it is probably not the one you are looking for!");
+                // Translators: {0} is the URL of the web page that was requested
+                string details = String.Format (Catalog.GetString ("The security certificate for {0} is invalid."),
+                                                web_view.Uri);
+                web_view.LoadString (String.Format ("{0}<br>{1}", message, details), "text/html", "UTF-8", null);
+            }
         }
     }
 }
diff --git a/src/Core/Banshee.WebBrowser/Banshee.WebBrowser/OssiferSecurityLevel.cs b/src/Core/Banshee.WebBrowser/Banshee.WebBrowser/OssiferSecurityLevel.cs
new file mode 100644
index 0000000..cddaca8
--- /dev/null
+++ b/src/Core/Banshee.WebBrowser/Banshee.WebBrowser/OssiferSecurityLevel.cs
@@ -0,0 +1,38 @@
+//
+// OssiferSecurityLevel.cs
+//
+// Author:
+//   Bertrand Lorentz <bertrand lorentz gmail com>
+//
+// Copyright 2012 Bertrand Lorentz
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+using System;
+
+namespace Banshee.WebBrowser
+{
+    public enum OssiferSecurityLevel
+    {
+        Unknown,
+        Insecure,
+        Broken,
+        Secure
+    }
+}
\ No newline at end of file
diff --git a/src/Core/Banshee.WebBrowser/Banshee.WebBrowser/OssiferWebView.cs b/src/Core/Banshee.WebBrowser/Banshee.WebBrowser/OssiferWebView.cs
index 600e091..e6fe800 100644
--- a/src/Core/Banshee.WebBrowser/Banshee.WebBrowser/OssiferWebView.cs
+++ b/src/Core/Banshee.WebBrowser/Banshee.WebBrowser/OssiferWebView.cs
@@ -308,6 +308,13 @@ namespace Banshee.WebBrowser
             get { return ossifer_web_view_get_load_status (Handle); }
         }
 
+        [DllImport (LIBOSSIFER)]
+        private static extern OssiferSecurityLevel ossifer_web_view_get_security_level (IntPtr ossifer);
+
+        public virtual OssiferSecurityLevel SecurityLevel {
+            get { return ossifer_web_view_get_security_level (Handle); }
+        }
+
 #endregion
 
     }
diff --git a/src/Core/Banshee.WebBrowser/Makefile.am b/src/Core/Banshee.WebBrowser/Makefile.am
index f524016..d017bef 100644
--- a/src/Core/Banshee.WebBrowser/Makefile.am
+++ b/src/Core/Banshee.WebBrowser/Makefile.am
@@ -11,6 +11,7 @@ SOURCES =  \
 	Banshee.WebBrowser/OssiferDownloadStatus.cs \
 	Banshee.WebBrowser/OssiferLoadStatus.cs \
 	Banshee.WebBrowser/OssiferNavigationResponse.cs \
+	Banshee.WebBrowser/OssiferSecurityLevel.cs \
 	Banshee.WebBrowser/OssiferSession.cs \
 	Banshee.WebBrowser/OssiferWebView.cs \
 	Banshee.WebSource/WebBrowserShell.cs \
diff --git a/src/Core/Banshee.WebBrowser/libossifer/ossifer-web-view.c b/src/Core/Banshee.WebBrowser/libossifer/ossifer-web-view.c
index 8f3aff2..1a544e7 100644
--- a/src/Core/Banshee.WebBrowser/libossifer/ossifer-web-view.c
+++ b/src/Core/Banshee.WebBrowser/libossifer/ossifer-web-view.c
@@ -380,3 +380,36 @@ ossifer_web_view_execute_script (OssiferWebView *ossifer, const gchar *script)
     g_return_if_fail (OSSIFER_WEB_VIEW (ossifer));
     return webkit_web_view_execute_script (WEBKIT_WEB_VIEW (ossifer), script);
 }
+
+OssiferSecurityLevel
+ossifer_web_view_get_security_level (OssiferWebView *ossifer)
+{
+    g_return_val_if_fail (OSSIFER_WEB_VIEW (ossifer), WEBKIT_LOAD_FAILED);
+
+    OssiferSecurityLevel security_level = OSSIFER_SECURITY_IS_UNKNOWN;
+    WebKitWebView *web_view = WEBKIT_WEB_VIEW (ossifer);
+      
+    const gchar* uri = webkit_web_view_get_uri (web_view);
+
+    if (uri && g_str_has_prefix (uri, "https")) {
+        WebKitWebFrame *frame;
+        WebKitWebDataSource *source;
+        WebKitNetworkRequest *request;
+        SoupMessage *message;
+
+        frame = webkit_web_view_get_main_frame (web_view);
+        source = webkit_web_frame_get_data_source (frame);
+        request = webkit_web_data_source_get_request (source);
+        message = webkit_network_request_get_message (request);
+
+        if (message && (soup_message_get_flags (message) & SOUP_MESSAGE_CERTIFICATE_TRUSTED)) {
+            security_level = OSSIFER_SECURITY_IS_SECURE;
+        } else {
+            security_level = OSSIFER_SECURITY_IS_BROKEN;
+        }
+    } else {
+        security_level = OSSIFER_SECURITY_IS_UNKNOWN;
+    }
+    
+    return security_level;
+}
diff --git a/src/Core/Banshee.WebBrowser/libossifer/ossifer-web-view.h b/src/Core/Banshee.WebBrowser/libossifer/ossifer-web-view.h
index b948662..84d37e4 100644
--- a/src/Core/Banshee.WebBrowser/libossifer/ossifer-web-view.h
+++ b/src/Core/Banshee.WebBrowser/libossifer/ossifer-web-view.h
@@ -15,6 +15,14 @@ typedef struct OssiferWebView OssiferWebView;
 typedef struct OssiferWebViewClass OssiferWebViewClass;
 typedef struct OssiferWebViewPrivate OssiferWebViewPrivate;
 
+typedef enum
+{
+    OSSIFER_SECURITY_IS_UNKNOWN,
+    OSSIFER_SECURITY_IS_INSECURE,
+    OSSIFER_SECURITY_IS_BROKEN,
+    OSSIFER_SECURITY_IS_SECURE
+} OssiferSecurityLevel;
+
 struct OssiferWebView {
     WebKitWebView parent;
     OssiferWebViewPrivate *priv;
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]