RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 23:07:35 +00:00
Code Issues Activity Actions

Ladybird: Plumb overriding root certificate paths through the chromes

Browse source
This commit is contained in:
Andrew Kaster 2024-02-06 08:25:22 -07:00 committed by Andrew Kaster
parent 080aa567a5
commit bb9da0ed8d
10 changed files with 63 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Ladybird/AppKit/UI/LadybirdWebViewBridge.cpp
View file

@ -52,8 +52,8 @@ WebViewBridge::WebViewBridge(Vector<Web::DevicePixelRect> screen_rects, float de
on_scroll(to_widget_position(position));
};
on_request_worker_agent = []() {
auto worker_client = MUST(launch_web_worker_process(MUST(get_paths_for_helper_process("WebWorker"sv))));
on_request_worker_agent = [this]() {
auto worker_client = MUST(launch_web_worker_process(MUST(get_paths_for_helper_process("WebWorker"sv)), m_web_content_options.certificates));
return worker_client->dup_sockets();
};
}

3
Ladybird/AppKit/main.mm
View file

@ -41,6 +41,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
Gfx::FontDatabase::set_fixed_width_font_query("Csilla 10 400 0");
Vector<StringView> raw_urls;
Vector<ByteString> certificates;
StringView webdriver_content_ipc_path;
bool use_gpu_painting = false;
bool debug_web_content = false;
@ -51,6 +52,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
args_parser.add_option(webdriver_content_ipc_path, "Path to WebDriver IPC for WebContent", "webdriver-content-path", 0, "path", Core::ArgsParser::OptionHideMode::CommandLineAndMarkdown);
args_parser.add_option(use_gpu_painting, "Enable GPU painting", "enable-gpu-painting", 0);
args_parser.add_option(debug_web_content, "Wait for debugger to attach to WebContent", "debug-web-content", 0);
args_parser.add_option(certificates, "Path to a certificate file", "certificate", 'C', "certificate");
args_parser.parse(arguments);
auto sql_server_paths = TRY(get_paths_for_helper_process("SQLServer"sv));
@ -73,6 +75,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
Ladybird::WebContentOptions web_content_options {
.command_line = MUST(command_line_builder.to_string()),
.executable_path = MUST(String::from_byte_string(MUST(Core::System::current_executable_path()))),
.certificates = move(certificates),
.enable_gpu_painting = use_gpu_painting ? Ladybird::EnableGPUPainting::Yes : Ladybird::EnableGPUPainting::No,
.use_lagom_networking = Ladybird::UseLagomNetworking::Yes,
.wait_for_debugger = debug_web_content ? Ladybird::WaitForDebugger::Yes : Ladybird::WaitForDebugger::No,

32
Ladybird/HelperProcess.cpp
View file

@ -61,6 +61,11 @@ ErrorOr<NonnullRefPtr<WebView::WebContentClient>> launch_web_content_process(
arguments.append("--use-gpu-painting"sv);
if (web_content_options.wait_for_debugger == Ladybird::WaitForDebugger::Yes)
arguments.append("--wait-for-debugger"sv);
Vector<ByteString> certificate_args;
for (auto const& certificate : web_content_options.certificates) {
certificate_args.append(ByteString::formatted("--certificate={}", certificate));
arguments.append(certificate_args.last().view());
}
result = Core::System::exec(arguments[0], arguments.span(), Core::System::SearchInPath::Yes);
if (!result.is_error())
@ -92,7 +97,7 @@ ErrorOr<NonnullRefPtr<WebView::WebContentClient>> launch_web_content_process(
}
template<typename Client>
ErrorOr<NonnullRefPtr<Client>> launch_generic_server_process(ReadonlySpan<String> candidate_server_paths, StringView serenity_resource_root, StringView server_name)
ErrorOr<NonnullRefPtr<Client>> launch_generic_server_process(ReadonlySpan<String> candidate_server_paths, StringView serenity_resource_root, Vector<ByteString> const& certificates, StringView server_name)
{
int socket_fds[2] {};
TRY(Core::System::socketpair(AF_LOCAL, SOCK_STREAM, 0, socket_fds));
@ -125,9 +130,16 @@ ErrorOr<NonnullRefPtr<Client>> launch_generic_server_process(ReadonlySpan<String
path.bytes_as_string_view(),
"--fd-passing-socket"sv,
fd_passing_socket_string,
"--serenity-resource-root"sv,
serenity_resource_root,
};
if (!serenity_resource_root.is_empty()) {
arguments.append("--serenity-resource-root"sv);
arguments.append(serenity_resource_root);
}
Vector<ByteString> certificate_args;
for (auto const& certificate : certificates) {
certificate_args.append(ByteString::formatted("--certificate={}", certificate));
arguments.append(certificate_args.last().view());
}
result = Core::System::exec(arguments[0], arguments.span(), Core::System::SearchInPath::Yes);
if (!result.is_error())
@ -153,20 +165,20 @@ ErrorOr<NonnullRefPtr<Client>> launch_generic_server_process(ReadonlySpan<String
ErrorOr<NonnullRefPtr<ImageDecoderClient::Client>> launch_image_decoder_process(ReadonlySpan<String> candidate_image_decoder_paths)
{
return launch_generic_server_process<ImageDecoderClient::Client>(candidate_image_decoder_paths, ""sv, "ImageDecoder"sv);
return launch_generic_server_process<ImageDecoderClient::Client>(candidate_image_decoder_paths, ""sv, {}, "ImageDecoder"sv);
}
ErrorOr<NonnullRefPtr<Web::HTML::WebWorkerClient>> launch_web_worker_process(ReadonlySpan<String> candidate_web_worker_paths)
ErrorOr<NonnullRefPtr<Web::HTML::WebWorkerClient>> launch_web_worker_process(ReadonlySpan<String> candidate_web_worker_paths, Vector<ByteString> const& certificates)
{
return launch_generic_server_process<Web::HTML::WebWorkerClient>(candidate_web_worker_paths, ""sv, "WebWorker"sv);
return launch_generic_server_process<Web::HTML::WebWorkerClient>(candidate_web_worker_paths, ""sv, certificates, "WebWorker"sv);
}
ErrorOr<NonnullRefPtr<Protocol::RequestClient>> launch_request_server_process(ReadonlySpan<String> candidate_request_server_paths, StringView serenity_resource_root)
ErrorOr<NonnullRefPtr<Protocol::RequestClient>> launch_request_server_process(ReadonlySpan<String> candidate_request_server_paths, StringView serenity_resource_root, Vector<ByteString> const& certificates)
{
return launch_generic_server_process<Protocol::RequestClient>(candidate_request_server_paths, serenity_resource_root, "RequestServer"sv);
return launch_generic_server_process<Protocol::RequestClient>(candidate_request_server_paths, serenity_resource_root, certificates, "RequestServer"sv);
}
ErrorOr<NonnullRefPtr<Protocol::WebSocketClient>> launch_web_socket_process(ReadonlySpan<String> candidate_web_socket_paths, StringView serenity_resource_root)
ErrorOr<NonnullRefPtr<Protocol::WebSocketClient>> launch_web_socket_process(ReadonlySpan<String> candidate_web_socket_paths, StringView serenity_resource_root, Vector<ByteString> const& certificates)
{
return launch_generic_server_process<Protocol::WebSocketClient>(candidate_web_socket_paths, serenity_resource_root, "WebSocket"sv);
return launch_generic_server_process<Protocol::WebSocketClient>(candidate_web_socket_paths, serenity_resource_root, certificates, "WebSocket"sv);
}

6
Ladybird/HelperProcess.h
View file

@ -23,6 +23,6 @@ ErrorOr<NonnullRefPtr<WebView::WebContentClient>> launch_web_content_process(
Ladybird::WebContentOptions const&);
ErrorOr<NonnullRefPtr<ImageDecoderClient::Client>> launch_image_decoder_process(ReadonlySpan<String> candidate_image_decoder_paths);
ErrorOr<NonnullRefPtr<Web::HTML::WebWorkerClient>> launch_web_worker_process(ReadonlySpan<String> candidate_web_worker_paths);
ErrorOr<NonnullRefPtr<Protocol::RequestClient>> launch_request_server_process(ReadonlySpan<String> candidate_request_server_paths, StringView serenity_resource_root);
ErrorOr<NonnullRefPtr<Protocol::WebSocketClient>> launch_web_socket_process(ReadonlySpan<String> candidate_web_socket_paths, StringView serenity_resource_root);
ErrorOr<NonnullRefPtr<Web::HTML::WebWorkerClient>> launch_web_worker_process(ReadonlySpan<String> candidate_web_worker_paths, Vector<ByteString> const& certificates);
ErrorOr<NonnullRefPtr<Protocol::RequestClient>> launch_request_server_process(ReadonlySpan<String> candidate_request_server_paths, StringView serenity_resource_root, Vector<ByteString> const& certificates);
ErrorOr<NonnullRefPtr<Protocol::WebSocketClient>> launch_web_socket_process(ReadonlySpan<String> candidate_web_socket_paths, StringView serenity_resource_root, Vector<ByteString> const& certificates);

4
Ladybird/Qt/WebContentView.cpp
View file

@ -119,8 +119,8 @@ WebContentView::WebContentView(QWidget* window, WebContentOptions const& web_con
QToolTip::hideText();
};
on_request_worker_agent = []() {
auto worker_client = MUST(launch_web_worker_process(MUST(get_paths_for_helper_process("WebWorker"sv))));
on_request_worker_agent = [this]() {
auto worker_client = MUST(launch_web_worker_process(MUST(get_paths_for_helper_process("WebWorker"sv)), m_web_content_options.certificates));
return worker_client->dup_sockets();
};
}

3
Ladybird/Qt/main.cpp
View file

@ -105,6 +105,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
Vector<StringView> raw_urls;
StringView webdriver_content_ipc_path;
Vector<ByteString> certificates;
bool enable_callgrind_profiling = false;
bool disable_sql_database = false;
bool enable_qt_networking = false;
@ -120,6 +121,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
args_parser.add_option(enable_qt_networking, "Enable Qt as the backend networking service", "enable-qt-networking", 0);
args_parser.add_option(use_gpu_painting, "Enable GPU painting", "enable-gpu-painting", 0);
args_parser.add_option(debug_web_content, "Wait for debugger to attach to WebContent", "debug-web-content", 0);
args_parser.add_option(certificates, "Path to a certificate file", "certificate", 'C', "certificate");
args_parser.parse(arguments);
RefPtr<WebView::Database> database;
@ -148,6 +150,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
Ladybird::WebContentOptions web_content_options {
.command_line = MUST(command_line_builder.to_string()),
.executable_path = MUST(String::from_byte_string(MUST(Core::System::current_executable_path()))),
.certificates = move(certificates),
.enable_callgrind_profiling = enable_callgrind_profiling ? Ladybird::EnableCallgrindProfiling::Yes : Ladybird::EnableCallgrindProfiling::No,
.enable_gpu_painting = use_gpu_painting ? Ladybird::EnableGPUPainting::Yes : Ladybird::EnableGPUPainting::No,
.use_lagom_networking = enable_qt_networking ? Ladybird::UseLagomNetworking::No : Ladybird::UseLagomNetworking::Yes,

1
Ladybird/Types.h
View file

@ -38,6 +38,7 @@ enum class WaitForDebugger {
struct WebContentOptions {
String command_line;
String executable_path;
Vector<ByteString> certificates;
EnableCallgrindProfiling enable_callgrind_profiling { EnableCallgrindProfiling::No };
EnableGPUPainting enable_gpu_painting { EnableGPUPainting::No };
IsLayoutTestMode is_layout_test_mode { IsLayoutTestMode::No };

12
Ladybird/WebContent/main.cpp
View file

@ -47,7 +47,7 @@
static ErrorOr<void> load_content_filters();
static ErrorOr<void> load_autoplay_allowlist();
static ErrorOr<void> initialize_lagom_networking();
static ErrorOr<void> initialize_lagom_networking(Vector<ByteString> const& certificates);
ErrorOr<int> serenity_main(Main::Arguments arguments)
{
@ -78,6 +78,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
StringView command_line {};
StringView executable_path {};
Vector<ByteString> certificates;
int webcontent_fd_passing_socket { -1 };
bool is_layout_test_mode = false;
bool use_lagom_networking = false;
@ -87,6 +88,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
Core::ArgsParser args_parser;
args_parser.add_option(command_line, "Chrome process command line", "command-line", 0, "command_line");
args_parser.add_option(executable_path, "Chrome process executable path", "executable-path", 0, "executable_path");
args_parser.add_option(certificates, "Path to a certificate file", "certificate", 'C', "certificate");
args_parser.add_option(webcontent_fd_passing_socket, "File descriptor of the passing socket for the WebContent connection", "webcontent-fd-passing-socket", 'c', "webcontent_fd_passing_socket");
args_parser.add_option(is_layout_test_mode, "Is layout test mode", "layout-test-mode", 0);
args_parser.add_option(use_lagom_networking, "Enable Lagom servers for networking", "use-lagom-networking", 0);
@ -112,7 +114,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
} else
#endif
{
TRY(initialize_lagom_networking());
TRY(initialize_lagom_networking(certificates));
}
Web::HTML::Window::set_internals_object_exposed(is_layout_test_mode);
@ -196,14 +198,14 @@ static ErrorOr<void> load_autoplay_allowlist()
return {};
}
static ErrorOr<void> initialize_lagom_networking()
static ErrorOr<void> initialize_lagom_networking(Vector<ByteString> const& certificates)
{
auto candidate_request_server_paths = TRY(get_paths_for_helper_process("RequestServer"sv));
auto request_server_client = TRY(launch_request_server_process(candidate_request_server_paths, s_serenity_resource_root));
auto request_server_client = TRY(launch_request_server_process(candidate_request_server_paths, s_serenity_resource_root, certificates));
Web::ResourceLoader::initialize(TRY(WebView::RequestServerAdapter::try_create(move(request_server_client))));
auto candidate_web_socket_paths = TRY(get_paths_for_helper_process("WebSocket"sv));
auto web_socket_client = TRY(launch_web_socket_process(candidate_web_socket_paths, s_serenity_resource_root));
auto web_socket_client = TRY(launch_web_socket_process(candidate_web_socket_paths, s_serenity_resource_root, certificates));
Web::WebSockets::WebSocketClientManager::initialize(TRY(WebView::WebSocketClientManagerAdapter::try_create(move(web_socket_client))));
return {};

12
Ladybird/WebWorker/main.cpp
View file

@ -26,7 +26,7 @@
#include <LibWebView/WebSocketClientAdapter.h>
#include <WebWorker/ConnectionFromClient.h>
static ErrorOr<void> initialize_lagom_networking();
static ErrorOr<void> initialize_lagom_networking(Vector<ByteString> const& certificates);
ErrorOr<int> serenity_main(Main::Arguments arguments)
{
@ -34,10 +34,12 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
int fd_passing_socket { -1 };
StringView serenity_resource_root;
Vector<ByteString> certificates;
Core::ArgsParser args_parser;
args_parser.add_option(fd_passing_socket, "File descriptor of the fd passing socket", "fd-passing-socket", 'c', "fd-passing-socket");
args_parser.add_option(serenity_resource_root, "Absolute path to directory for serenity resources", "serenity-resource-root", 'r', "serenity-resource-root");
args_parser.add_option(certificates, "Path to a certificate file", "certificate", 'C', "certificate");
args_parser.parse(arguments);
platform_init();
@ -47,7 +49,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
Web::Platform::FontPlugin::install(*new Web::Platform::FontPluginSerenity);
TRY(initialize_lagom_networking());
TRY(initialize_lagom_networking(certificates));
VERIFY(fd_passing_socket >= 0);
@ -59,14 +61,14 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
return event_loop.exec();
}
static ErrorOr<void> initialize_lagom_networking()
static ErrorOr<void> initialize_lagom_networking(Vector<ByteString> const& certificates)
{
auto candidate_request_server_paths = TRY(get_paths_for_helper_process("RequestServer"sv));
auto request_server_client = TRY(launch_request_server_process(candidate_request_server_paths, s_serenity_resource_root));
auto request_server_client = TRY(launch_request_server_process(candidate_request_server_paths, s_serenity_resource_root, certificates));
Web::ResourceLoader::initialize(TRY(WebView::RequestServerAdapter::try_create(move(request_server_client))));
auto candidate_web_socket_paths = TRY(get_paths_for_helper_process("WebSocket"sv));
auto web_socket_client = TRY(launch_web_socket_process(candidate_web_socket_paths, s_serenity_resource_root));
auto web_socket_client = TRY(launch_web_socket_process(candidate_web_socket_paths, s_serenity_resource_root, certificates));
Web::WebSockets::WebSocketClientManager::initialize(TRY(WebView::WebSocketClientManagerAdapter::try_create(move(web_socket_client))));
return {};