WebContent+WebWorker: Use custom certificate paths with Qt networking

This change adds a `--certificate` option to both WebContent and WebWorker, which allows one or more custom root certificate paths to be specified. Certificates are then loaded from these paths when Qt networking is used. This allows WPT tests that require a https connecion to be run locally with Qt networking.
tcl3 · Jul 10, 2024 · 4d4b401 · 4d4b401
1 parent 772d64a
commit 4d4b401
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 6 deletions.
diff --git a/Ladybird/Qt/RequestManagerQt.cpp b/Ladybird/Qt/RequestManagerQt.cpp
@@ -5,15 +5,24 @@
  */
 
 #include "RequestManagerQt.h"
+#include "StringUtils.h"
 #include "WebSocketImplQt.h"
 #include "WebSocketQt.h"
 #include <QNetworkCookie>
 
 namespace Ladybird {
 
-RequestManagerQt::RequestManagerQt()
+RequestManagerQt::RequestManagerQt(Vector<ByteString> const& certificate_paths)
 {
     m_qnam = new QNetworkAccessManager(this);
+    auto ssl_configuration = QSslConfiguration::defaultConfiguration();
+    ssl_configuration.setPeerVerifyMode(QSslSocket::VerifyNone);
+    for (auto const& certificate_path : certificate_paths) {
+        auto certificates = QSslCertificate::fromPath(qstring_from_ak_string(certificate_path));
+        for (auto const& certificate : certificates)
+            ssl_configuration.addCaCertificate(certificate);
+    }
+    QSslConfiguration::setDefaultConfiguration(ssl_configuration);
 
     QObject::connect(m_qnam, &QNetworkAccessManager::finished, this, &RequestManagerQt::reply_finished);
 }

diff --git a/Ladybird/Qt/RequestManagerQt.h b/Ladybird/Qt/RequestManagerQt.h
@@ -17,9 +17,9 @@ class RequestManagerQt
     , public Web::ResourceLoaderConnector {
     Q_OBJECT
 public:
-    static NonnullRefPtr<RequestManagerQt> create()
+    static NonnullRefPtr<RequestManagerQt> create(Vector<ByteString> const& certificate_paths)
     {
-        return adopt_ref(*new RequestManagerQt());
+        return adopt_ref(*new RequestManagerQt(certificate_paths));
     }
 
     virtual ~RequestManagerQt() override { }
@@ -34,7 +34,7 @@ private slots:
     void reply_finished(QNetworkReply*);
 
 private:
-    RequestManagerQt();
+    explicit RequestManagerQt(Vector<ByteString> const& certificate_paths);
 
     class Request
         : public Web::ResourceLoaderConnectorRequest {

diff --git a/Ladybird/WebContent/main.cpp b/Ladybird/WebContent/main.cpp
@@ -113,6 +113,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
     args_parser.add_option(is_layout_test_mode, "Is layout test mode", "layout-test-mode");
     args_parser.add_option(expose_internals_object, "Expose internals object", "expose-internals-object");
     args_parser.add_option(use_lagom_networking, "Enable Lagom servers for networking", "use-lagom-networking");
+    args_parser.add_option(certificates, "Path to a certificate file", "certificate", 'C', "certificate");
     args_parser.add_option(use_skia_painter, "Enable Skia painter", "use-skia-painting");
     args_parser.add_option(wait_for_debugger, "Wait for debugger", "wait-for-debugger");
     args_parser.add_option(mach_server_name, "Mach server name", "mach-server-name", 0, "mach_server_name");
@@ -150,7 +151,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
 
 #if defined(HAVE_QT)
     if (!use_lagom_networking)
-        Web::ResourceLoader::initialize(Ladybird::RequestManagerQt::create());
+        Web::ResourceLoader::initialize(Ladybird::RequestManagerQt::create(certificates));
     else
 #endif
         TRY(initialize_lagom_networking(request_server_socket));

diff --git a/Ladybird/WebWorker/main.cpp b/Ladybird/WebWorker/main.cpp
@@ -39,12 +39,14 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
 
     int request_server_socket { -1 };
     StringView serenity_resource_root;
+    Vector<ByteString> certificates;
     bool use_lagom_networking { false };
 
     Core::ArgsParser args_parser;
     args_parser.add_option(request_server_socket, "File descriptor of the request server socket", "request-server-socket", 's', "request-server-socket");
     args_parser.add_option(serenity_resource_root, "Absolute path to directory for serenity resources", "serenity-resource-root", 'r', "serenity-resource-root");
     args_parser.add_option(use_lagom_networking, "Enable Lagom servers for networking", "use-lagom-networking");
+    args_parser.add_option(certificates, "Path to a certificate file", "certificate", 'C', "certificate");
     args_parser.parse(arguments);
 
 #if defined(HAVE_QT)
@@ -61,7 +63,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
 
 #if defined(HAVE_QT)
     if (!use_lagom_networking)
-        Web::ResourceLoader::initialize(Ladybird::RequestManagerQt::create());
+        Web::ResourceLoader::initialize(Ladybird::RequestManagerQt::create(certificates));
     else
 #endif
         TRY(initialize_lagom_networking(request_server_socket));