[epiphany/tls-errors: 2/2] Add custom certificate authentication error page

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [epiphany/tls-errors: 2/2] Add custom certificate authentication error page
Date: Mon, 7 Jul 2014 19:33:56 +0000 (UTC)
commit e9cdc58d11a7aab61523242f809162c8e6d85509
Author: Michael Catanzaro <mcatanzaro gnome org>
Date:   Sun Jul 6 21:58:40 2014 -0500

    Add custom certificate authentication error page
    
    Explain to the user why loading an untrusted page might be dangerous.
    
    It might be desirable to additionally explain the particular type of
    failure (lack of trust, mismatched URI, expired or revoked cert, etc.)
    
    This patch is based on groundwork by Brian Holt.

 embed/ephy-web-view.c        |   69 ++++++++++++++++++++++++++++++++++++++++++
 src/Makefile.am              |    1 +
 src/epiphany.gresource.xml   |    1 +
 src/resources/tls-error.html |   36 ++++++++++++++++++++++
 4 files changed, 107 insertions(+), 0 deletions(-)
---
diff --git a/embed/ephy-web-view.c b/embed/ephy-web-view.c
index de2e36f..6b0a17e 100644
--- a/embed/ephy-web-view.c
+++ b/embed/ephy-web-view.c
@@ -63,6 +63,7 @@
 #define MAX_HIDDEN_POPUPS       5
 
 #define EPHY_PAGE_TEMPLATE_ERROR         "/org/gnome/epiphany/page-templates/error.html"
+#define EPHY_PAGE_TEMPLATE_TLS_ERROR     "/org/gnome/epiphany/page-templates/tls-error.html"
 
 struct _EphyWebViewPrivate {
   EphyWebViewSecurityLevel security_level;
@@ -1866,6 +1867,70 @@ load_failed_cb (WebKitWebView *web_view,
   return FALSE;
 }
 
+static gboolean
+tls_error_cb (WebKitWebView *web_view,
+              WebKitCertificateInfo *info,
+              gchar *host,
+              gpointer user_data)
+{
+  EphyWebView *view = EPHY_WEB_VIEW (web_view);
+  EphyWebViewPrivate *priv = view->priv;
+  GString *html = g_string_new ("");
+  const char *uri;
+  char *lang;
+  char *page_title;
+  char *msg;
+  char *stylesheet;
+  GBytes *html_file;
+
+  priv->load_failed = TRUE;
+  ephy_web_view_set_link_message (view, NULL);
+  update_navigation_flags (view);
+  _ephy_web_view_update_icon (view);
+
+  html_file = g_resources_lookup_data (EPHY_PAGE_TEMPLATE_TLS_ERROR, 0, NULL);
+
+  lang = g_strdup (pango_language_to_string (gtk_get_default_language ()));
+  g_strdelimit (lang, "_-@", '\0');
+
+  /* Page title when a site's TLS certificate is invalid. %s is the site's hostname. */
+  page_title = g_strdup_printf (_("Problem loading “%s”"), host);
+
+  stylesheet = get_style_sheet ();
+
+  /* Message when a site's TLS certificate is invalid. The %s is the site's URL. */
+  msg = g_strdup_printf (_("<p>This might not be the real <strong>%s</strong>.</p>"
+                           "<p>When you try to connect securely, web sites present "
+                           "identification to prove that your connection has not been "
+                           "maliciously intercepted. There is something wrong with "
+                           "this site’s identification. A criminal organization or "
+                           "government agency may have hijacked your connection.</p>"),
+                         host);
+
+  g_string_printf (html,
+                   g_bytes_get_data (html_file, NULL),
+                   lang, lang,
+                   ((gtk_widget_get_default_direction () == GTK_TEXT_DIR_RTL) ? "rtl" : "ltr"),
+                   page_title, stylesheet,
+                   /* Title of error page when a website's TLS certificate is invalid */
+                   _("Look out!"),
+                   msg);
+
+  g_bytes_unref (html_file);
+  g_free (msg);
+  g_free (stylesheet);
+  g_free (lang);
+  g_free (page_title);
+
+  /* Make our history backend ignore the next page load, since it will be an error page. */
+  ephy_web_view_freeze_history (view);
+  uri = webkit_web_view_get_uri (web_view);
+  webkit_web_view_load_alternate_html (WEBKIT_WEB_VIEW (view), html->str, uri, 0);
+  g_string_free (html, TRUE);
+
+  return TRUE;
+}
+
 static void
 close_web_view_cb (WebKitWebView *web_view,
                    gpointer user_data)
@@ -1945,6 +2010,10 @@ ephy_web_view_init (EphyWebView *web_view)
                     G_CALLBACK (load_failed_cb),
                     NULL);
 
+  g_signal_connect (web_view, "load-failed-with-tls-errors",
+                    G_CALLBACK (tls_error_cb),
+                    NULL);
+
   g_signal_connect (web_view, "notify::zoom-level",
                     G_CALLBACK (zoom_changed_cb),
                     NULL);
diff --git a/src/Makefile.am b/src/Makefile.am
index 17d8eae..020b1ec 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -119,6 +119,7 @@ RESOURCE_FILES = \
        resources/passwords-dialog.ui             \
        resources/prefs-dialog.ui                 \
        resources/prefs-lang-dialog.ui            \
+       resources/tls-error.html                  \
        $(NULL)
 
 epiphany-resources.c: epiphany.gresource.xml $(RESOURCE_FILES)
diff --git a/src/epiphany.gresource.xml b/src/epiphany.gresource.xml
index 4197dc8..2cdfcf4 100644
--- a/src/epiphany.gresource.xml
+++ b/src/epiphany.gresource.xml
@@ -15,6 +15,7 @@
     <file preprocess="xml-stripblanks">epiphany-bookmark-editor-ui.xml</file>
     <file>epiphany.css</file>
     <file alias="page-templates/error.html" compressed="true">error.html</file>
+    <file alias="page-templates/tls-error.html" compressed="true">tls-error.html</file>
     <file alias="page-templates/overview.html" compressed="true">overview.html</file>
     <file>missing-thumbnail.png</file>
     <file alias="page-templates/about.css" compressed="true">about.css</file>
diff --git a/src/resources/tls-error.html b/src/resources/tls-error.html
new file mode 100644
index 0000000..1b42f5e
--- /dev/null
+++ b/src/resources/tls-error.html
@@ -0,0 +1,36 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
+<!--
+  Copyright © 2010, 2011 Vinicius Depizzol
+  Copyright © 2014 Igalia S.L.
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2, or (at your option)
+  any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program. If not, see <http://www.gnu.org/licenses/>.
+-->
+<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="%s" lang="%s" dir="%s">
+<head>
+  <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+  <title>%s</title>
+  <style type="text/css">%s</style>
+  </style>
+</head>
+<body>
+  <div id="container">
+      <div id="content">
+          <h1>%s</h1>
+          <div class="explanation">
+            %s
+          </div>
+      </div>
+  </div>
+</body>
+</html>
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]