[hackers] [surf] Add a keybinding to show current TLS certificate || Quentin Rameau

From: <git_AT_suckless.org>
Date: Sun, 30 Apr 2017 23:25:11 +0200 (CEST)

commit 9eda6f5dd556552c29dd43095dd5a9bf026a8a5f
Author: Quentin Rameau <quinq_AT_fifth.space>
AuthorDate: Sat Apr 29 14:56:02 2017 +0200
Commit: Quentin Rameau <quinq_AT_fifth.space>
CommitDate: Sat Apr 29 17:59:07 2017 +0200

    Add a keybinding to show current TLS certificate

diff --git a/config.def.h b/config.def.h
index 9bdbe0c..57cef76 100644
--- a/config.def.h
+++ b/config.def.h
_AT_@ -152,6 +152,7 @@ static Key keys[] = {
         { MODKEY|GDK_SHIFT_MASK, GDK_KEY_n, find, { .i = -1 } },
 
         { MODKEY|GDK_SHIFT_MASK, GDK_KEY_p, print, { 0 } },
+ { MODKEY, GDK_KEY_x, showcert, { 0 } },
 
         { MODKEY|GDK_SHIFT_MASK, GDK_KEY_a, togglecookiepolicy, { 0 } },
         { 0, GDK_KEY_F11, togglefullscreen, { 0 } },
diff --git a/surf.1 b/surf.1
index 0f02357..920687e 100644
--- a/surf.1
+++ b/surf.1
_AT_@ -198,6 +198,9 @@ Copies current URI to primary selection.
 .B Ctrl\-o
 Show the sourcecode of the current page.
 .TP
+.B Ctrl\-x
+Display the current TLS certificate in a popup window.
+.TP
 .B Ctrl\-Shift\-a
 Toggle through the the
 .I cookie policies.
diff --git a/surf.c b/surf.c
index 40f514f..ba95063 100644
--- a/surf.c
+++ b/surf.c
_AT_@ -5,6 +5,7 @@
 #include <sys/file.h>
 #include <sys/types.h>
 #include <sys/wait.h>
+#include <glib.h>
 #include <libgen.h>
 #include <limits.h>
 #include <pwd.h>
_AT_@ -106,9 +107,10 @@ typedef struct Client {
         WebKitWebInspector *inspector;
         WebKitFindController *finder;
         WebKitHitTestResult *mousepos;
+ GTlsCertificate *cert, *failedcert;
         GTlsCertificateFlags tlserr;
         Window xid;
- int progress, fullscreen, https, insecure;
+ int progress, fullscreen, https, insecure, errorpage;
         const char *title, *overtitle, *targeturi;
         const char *needle;
         struct Client *next;
_AT_@ -216,6 +218,7 @@ static void destroywin(GtkWidget* w, Client *c);
 static void pasteuri(GtkClipboard *clipboard, const char *text, gpointer d);
 static void reload(Client *c, const Arg *a);
 static void print(Client *c, const Arg *a);
+static void showcert(Client *c, const Arg *a);
 static void clipboard(Client *c, const Arg *a);
 static void zoom(Client *c, const Arg *a);
 static void scroll(Client *c, const Arg *a);
_AT_@ -1294,7 +1297,9 @@ loadfailedtls(WebKitWebView *v, gchar *uri, GTlsCertificate *cert,
         GString *errmsg = g_string_new(NULL);
         gchar *html, *pem;
 
+ c->failedcert = g_object_ref(cert);
         c->tlserr = err;
+ c->errorpage = 1;
 
         if (err & G_TLS_CERTIFICATE_UNKNOWN_CA)
                 g_string_append(errmsg,
_AT_@ -1322,7 +1327,9 @@ loadfailedtls(WebKitWebView *v, gchar *uri, GTlsCertificate *cert,
 
         g_object_get(cert, "certificate-pem", &pem, NULL);
         html = g_strdup_printf("<p>Could not validate TLS for “%s”<br>%s</p>"
- "<p><pre>%s</pre><p>", uri, errmsg->str, pem);
+ "<p>You can inspect the following certificate "
+ "with Ctrl+Shift+x (default keybinding).</p>"
+ "<p><pre>%s</pre></p>", uri, errmsg->str, pem);
         g_free(pem);
         g_string_free(errmsg, TRUE);
 
_AT_@ -1344,6 +1351,10 @@ loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c)
                 c->title = title;
                 c->https = c->insecure = 0;
                 seturiparameters(c, geturi(c));
+ if (c->errorpage)
+ c->errorpage = 0;
+ else
+ g_clear_object(&c->failedcert);
                 break;
         case WEBKIT_LOAD_REDIRECTED:
                 setatom(c, AtomUri, title);
_AT_@ -1351,7 +1362,7 @@ loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c)
                 seturiparameters(c, geturi(c));
                 break;
         case WEBKIT_LOAD_COMMITTED:
- c->https = webkit_web_view_get_tls_info(c->view, NULL,
+ c->https = webkit_web_view_get_tls_info(c->view, &c->cert,
                                                         &c->tlserr);
                 break;
         case WEBKIT_LOAD_FINISHED:
_AT_@ -1605,6 +1616,30 @@ print(Client *c, const Arg *a)
 }
 
 void
+showcert(Client *c, const Arg *a)
+{
+ GTlsCertificate *cert = c->failedcert ? c->failedcert : c->cert;
+ GcrCertificate *gcrt;
+ GByteArray *crt;
+ GtkWidget *win;
+ GcrCertificateWidget *wcert;
+
+ if (!cert)
+ return;
+
+ g_object_get(cert, "certificate", &crt, NULL);
+ gcrt = gcr_simple_certificate_new(crt->data, crt->len);
+ g_byte_array_unref(crt);
+
+ win = gtk_window_new(GTK_WINDOW_TOPLEVEL);
+ wcert = gcr_certificate_widget_new(gcrt);
+ g_object_unref(gcrt);
+
+ gtk_container_add(GTK_CONTAINER(win), GTK_WIDGET(wcert));
+ gtk_widget_show_all(win);
+}
+
+void
 clipboard(Client *c, const Arg *a)
 {
         if (a->b) { /* load clipboard uri */
Received on Sun Apr 30 2017 - 23:25:11 CEST