* Intercept and handle SSL errors for JS resolvers.

2025-08-28 16:20:01 +02:00 · 2013-05-04 13:01:16 +02:00
parent 7e0213bc38
commit 79e6d9ec27
2 changed files with 103 additions and 44 deletions
--- a/src/libtomahawk/resolvers/QtScriptResolver.cpp
+++ b/src/libtomahawk/resolvers/QtScriptResolver.cpp
@@ -26,6 +26,7 @@
 #include "Pipeline.h"
 #include "ScriptCollection.h"
 #include "SourceList.h"
+#include "TomahawkSettings.h"

 #include "accounts/AccountConfigWidget.h"

@@ -45,6 +46,7 @@
 #include <QNetworkReply>
 #include <QMetaProperty>
 #include <QCryptographicHash>
+#include <QSslError>

 #include <boost/bind.hpp>

@@ -384,16 +386,6 @@ QtScriptResolverHelper::returnStreamUrl( const QString& streamUrl, boost::functi
 }


-void
-ScriptEngine::javaScriptConsoleMessage( const QString& message, int lineNumber, const QString& sourceID )
-{
-    tLog() << "JAVASCRIPT:" << m_scriptPath << message << lineNumber << sourceID;
-#ifndef DEBUG_BUILD
-    JobStatusView::instance()->model()->addJob( new ErrorStatusMessage( tr( "Script Resolver Error: %1 %2 %3 %4" ).arg( m_scriptPath ).arg( message ).arg( lineNumber ).arg( sourceID ) ) );
-#endif
-}
-
-
 QtScriptResolver::QtScriptResolver( const QString& scriptPath, const QStringList& additionalScriptPaths )
    : Tomahawk::ExternalResolverGui( scriptPath )
    , m_ready( false )
@@ -924,7 +916,7 @@ QVariantMap
 QtScriptResolver::loadDataFromWidgets()
 {
    QVariantMap saveData;
-    foreach(const QVariant& dataWidget, m_dataWidgets)
+    foreach( const QVariant& dataWidget, m_dataWidgets )
    {
        QVariantMap data = dataWidget.toMap();

@@ -1099,3 +1091,96 @@ QtScriptResolver::resolverCollections()
    // + data.
 }

+
+ScriptEngine::ScriptEngine( QtScriptResolver* parent )
+    : QWebPage( (QObject*) parent )
+    , m_parent( parent )
+{
+    settings()->setAttribute( QWebSettings::OfflineStorageDatabaseEnabled, true );
+    settings()->setOfflineStoragePath( TomahawkUtils::appDataDir().path() );
+    settings()->setAttribute(QWebSettings::LocalStorageEnabled, true );
+    settings()->setLocalStoragePath( TomahawkUtils::appDataDir().path() );
+    settings()->setAttribute( QWebSettings::LocalStorageDatabaseEnabled, true );
+    settings()->setAttribute( QWebSettings::LocalContentCanAccessFileUrls, true );
+    settings()->setAttribute( QWebSettings::LocalContentCanAccessRemoteUrls, true );
+
+    // Tomahawk is not a user agent
+    m_header = QWebPage::userAgentForUrl( QUrl() ).replace( QString( "%1/%2" )
+               .arg( TOMAHAWK_APPLICATION_NAME )
+               .arg( TOMAHAWK_VERSION )
+               ,"");
+    tLog( LOGVERBOSE ) << "QtScriptResolver Using header" << m_header;
+
+    connect( networkAccessManager(), SIGNAL( sslErrors( QNetworkReply*, QList<QSslError> ) ),
+                                       SLOT( sslErrorHandler( QNetworkReply*, QList<QSslError> ) ) );
+}
+
+
+void
+ScriptEngine::javaScriptConsoleMessage( const QString& message, int lineNumber, const QString& sourceID )
+{
+    tLog() << "JAVASCRIPT:" << m_scriptPath << message << lineNumber << sourceID;
+    #ifndef DEBUG_BUILD
+    JobStatusView::instance()->model()->addJob( new ErrorStatusMessage( tr( "Script Resolver Error: %1 %2 %3 %4" ).arg( m_scriptPath ).arg( message ).arg( lineNumber ).arg( sourceID ) ) );
+    #endif
+}
+
+
+void
+ScriptEngine::sslErrorHandler( QNetworkReply* qnr, const QList<QSslError>& errlist )
+{
+    tDebug() << Q_FUNC_INFO;
+
+    QByteArray digest = errlist.first().certificate().digest();
+    int result = -1;
+
+    if ( !TomahawkSettings::instance()->isSslCertKnown( digest ) )
+    {
+        foreach ( const QSslError& err, errlist )
+            tDebug() << Q_FUNC_INFO << "SSL error:" << err;
+
+        QMessageBox question( TomahawkUtils::tomahawkWindow() );
+        question.setWindowTitle( tr( "SSL Error" ) );
+        question.setText( tr( "You have asked Tomahawk to connect securely to <b>%1</b>, but we can't confirm that your connection is secure:<br><br>"
+                            "<b>%2</b><br><br>"
+                            "Do you want to trust this connection?" )
+                            .arg( qnr->url().host() )
+                            .arg( errlist.first().errorString() ) );
+
+        question.setStandardButtons( QMessageBox::No );
+        question.addButton( tr( "Trust certificate" ), QMessageBox::AcceptRole );
+
+        result = question.exec();
+
+        //FIXME: discuss whether we want to store rejects, too (needs settings management to remove the decision?)
+        if ( result == QMessageBox::AcceptRole )
+            TomahawkSettings::instance()->setSslCertTrusted( digest, result == QMessageBox::AcceptRole );
+    }
+
+    if ( TomahawkSettings::instance()->isSslCertTrusted( digest ) )
+    {
+        qnr->ignoreSslErrors();
+    }
+}
+
+
+QString
+ScriptEngine::userAgentForUrl( const QUrl& url ) const
+{
+    Q_UNUSED( url );
+    return m_header;
+}
+
+
+void
+ScriptEngine::setScriptPath( const QString& scriptPath )
+{
+    m_scriptPath = scriptPath;
+}
+
+
+bool
+ScriptEngine::shouldInterruptJavaScript()
+{
+    return true;
+}
--- a/src/libtomahawk/resolvers/QtScriptResolver.h
+++ b/src/libtomahawk/resolvers/QtScriptResolver.h
@@ -99,46 +99,20 @@ class DLLEXPORT ScriptEngine : public QWebPage
 Q_OBJECT

 public:
-    explicit ScriptEngine( QtScriptResolver* parent )
-        : QWebPage( (QObject*) parent )
-        , m_parent( parent )
-    {
-        settings()->setAttribute( QWebSettings::OfflineStorageDatabaseEnabled, true );
-        settings()->setOfflineStoragePath( TomahawkUtils::appDataDir().path() );
-        settings()->setAttribute(QWebSettings::LocalStorageEnabled, true);
-        settings()->setLocalStoragePath( TomahawkUtils::appDataDir().path() );
-        settings()->setAttribute( QWebSettings::LocalStorageDatabaseEnabled, true );
-        settings()->setAttribute( QWebSettings::LocalContentCanAccessFileUrls, true );
-        settings()->setAttribute( QWebSettings::LocalContentCanAccessRemoteUrls, true );
+    explicit ScriptEngine( QtScriptResolver* parent );

-        // Tomahawk is not a user agent
-        m_header = QWebPage::userAgentForUrl( QUrl() ).replace( QString( "%1/%2" )
-                                                                .arg( TOMAHAWK_APPLICATION_NAME )
-                                                                .arg( TOMAHAWK_VERSION )
-                                                                ,"");
-        tLog() << "QtScriptResolver Using header" << m_header;
-    }
-
-    QString userAgentForUrl ( const QUrl & url ) const
-    {
-        Q_UNUSED(url);
-        return m_header;
-    }
-
-    void setScriptPath( const QString& scriptPath )
-    {
-        m_scriptPath = scriptPath;
-    }
+    QString userAgentForUrl( const QUrl& url ) const;
+    void setScriptPath( const QString& scriptPath );

 public slots:
-    bool shouldInterruptJavaScript()
-    {
-        return true;
-    }
+    bool shouldInterruptJavaScript();

 protected:
    virtual void javaScriptConsoleMessage( const QString& message, int lineNumber, const QString& sourceID );

+private slots:
+    void sslErrorHandler( QNetworkReply* qnr, const QList<QSslError>& errlist );
+
 private:
    QtScriptResolver* m_parent;
    QString m_scriptPath;