badwolf.c: Add error details and adding exception - badwolf - Minimalist and privacy-oriented WebKitGTK+ browser

commit: 2e4298b105fab04e1ac092c99ce5d44dc90823af
parent: e5ecaf777659e8d3a625002826c4a1a3f8b31801
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Fri, 13 Dec 2019 14:20:28 +0100

badwolf.c: Add error details and adding exception

Diffstat:
M badwolf.c 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++-----

1 file changed, 53 insertions(+), 5 deletions(-)
diff --git a/badwolf.c b/badwolf.c
@@ -365,9 +365,38 @@ WebViewCb_decide_policy(WebKitWebView *web_view,
 	return TRUE;
 }
 
+static char *
+detail_tls_certificate_flags(GTlsCertificateFlags tls_errors)
+{
+	GString *errors = g_string_new(NULL);
+
+	if(tls_errors & G_TLS_CERTIFICATE_UNKNOWN_CA)
+		g_string_append_printf(errors, _("The Certificate Authority is unknown.\n"));
+
+	if(tls_errors & G_TLS_CERTIFICATE_BAD_IDENTITY)
+		g_string_append(errors, _("The given identity doesn't match the expected one.\n"));
+
+	if(tls_errors & G_TLS_CERTIFICATE_NOT_ACTIVATED)
+		g_string_append(errors, _("The certificate isn't valid yet.\n"));
+
+	if(tls_errors & G_TLS_CERTIFICATE_EXPIRED)
+		g_string_append(errors, _("The certificate has expired.\n"));
+
+	if(tls_errors & G_TLS_CERTIFICATE_REVOKED)
+		g_string_append(errors, _("The certificate has been revoked.\n"));
+
+	if(tls_errors & G_TLS_CERTIFICATE_INSECURE)
+		g_string_append(errors, _("The certificate is considered to be insecure.\n"));
+
+	if(tls_errors & G_TLS_CERTIFICATE_GENERIC_ERROR)
+		g_string_append(errors, _("Some unknown error occurred validating the certificate\n"));
+
+	return g_string_free(errors, FALSE);
+}
+
 static gboolean
 WebViewCb_load_failed_with_tls_errors(WebKitWebView *web_view,
-                                      gchar *failing_uri,
+                                      gchar *failing_text,
                                       GTlsCertificate *certificate,
                                       GTlsCertificateFlags errors,
                                       gpointer user_data)
@@ -376,13 +405,32 @@ WebViewCb_load_failed_with_tls_errors(WebKitWebView *web_view,
 	(void)certificate;
 	(void)errors;
 	struct Client *browser = (struct Client *)user_data;
+	gchar *error_details   = detail_tls_certificate_flags(errors);
+	gint dialog_response;
+	SoupURI *failing_uri = soup_uri_new(failing_text);
 
 	GtkWidget *dialog = gtk_message_dialog_new(GTK_WINDOW(browser->window->main_window),
-	                                           GTK_DIALOG_DESTROY_WITH_PARENT,
+	                                           GTK_DIALOG_MODAL & GTK_DIALOG_DESTROY_WITH_PARENT,
 	                                           GTK_MESSAGE_ERROR,
-	                                           GTK_BUTTONS_CLOSE,
-	                                           "TLS Error for: %s",
-	                                           failing_uri);
+	                                           GTK_BUTTONS_NONE,
+	                                           "TLS Error for %s.",
+	                                           failing_text);
+	gtk_dialog_add_buttons(GTK_DIALOG(dialog), _("Add Exception"), 1, _("Ignore"), 0, NULL);
+	gtk_dialog_set_default_response(GTK_DIALOG(dialog), 0);
+	gtk_message_dialog_format_secondary_text(GTK_MESSAGE_DIALOG(dialog), "%s\n", error_details);
+
+	dialog_response = gtk_dialog_run(GTK_DIALOG(dialog));
+
+	if(dialog_response == 1)
+	{
+		webkit_web_context_allow_tls_certificate_for_host(
+		    webkit_web_view_get_context(browser->webView), certificate, failing_uri->host);
+		webkit_web_view_reload(browser->webView);
+	}
+
+	soup_uri_free(failing_uri);
+	g_free(error_details);
+	gtk_widget_destroy(dialog);
 
 	return FALSE; /* propagate the event further */
 }