From 31894e2ee325097c3eb5aea4979e8f9c3aa08cca Mon Sep 17 00:00:00 2001
From: Juraj Oravec <jurajoravec@mailo.com>
Date: Sun, 18 Aug 2024 19:30:54 +0200
Subject: [PATCH] Set security icon according to certificate error.

BUG: 420902
FIXED-IN: 24.12.0

Signed-off-by: Juraj Oravec <jurajoravec@mailo.com>
---
 src/lib/navigation/locationbar.cpp |  14 +++-
 src/lib/network/networkmanager.cpp |  63 ++++++++++++++++
 src/lib/network/networkmanager.h   |   6 ++
 src/lib/other/siteinfo.cpp         |  21 +++++-
 src/lib/other/siteinfowidget.cpp   |  22 ++++++
 src/lib/other/siteinfowidget.ui    | 117 +++++++++++++++--------------
 6 files changed, 183 insertions(+), 60 deletions(-)

diff --git a/src/lib/navigation/locationbar.cpp b/src/lib/navigation/locationbar.cpp
index 6dbfcbaf5..aa6998c34 100644
--- a/src/lib/navigation/locationbar.cpp
+++ b/src/lib/navigation/locationbar.cpp
@@ -35,6 +35,7 @@
 #include "autofillicon.h"
 #include "completer/locationcompleter.h"
 #include "zoomlabel.h"
+#include "networkmanager.h"
 
 #include <QTimer>
 #include <QMimeData>
@@ -431,7 +432,18 @@ void LocationBar::updateSiteIcon()
     } else {
         QIcon icon = IconProvider::emptyWebIcon();
         if (property("secured").toBool()) {
-            icon = QIcon::fromTheme(QSL("document-encrypted"), icon);
+            auto* nm =  mApp->networkManager();
+            auto host = m_webView->url().host();
+
+            if (nm->ignoredSslHosts().contains(host) || nm->ignoredSslErrors().contains(host)) {
+                icon = QIcon::fromTheme(QSL("security-medium"), icon);
+            }
+            else if (nm->rejectedSslErrors().contains(host)) {
+                icon = QIcon::fromTheme(QSL("security-low"), icon);
+            }
+            else {
+                icon = QIcon::fromTheme(QSL("document-encrypted"), icon);
+            }
         }
         m_siteIcon->setIcon(QIcon(icon.pixmap(16)));
     }
diff --git a/src/lib/network/networkmanager.cpp b/src/lib/network/networkmanager.cpp
index 12869faa2..754ec14dd 100644
--- a/src/lib/network/networkmanager.cpp
+++ b/src/lib/network/networkmanager.cpp
@@ -319,6 +319,69 @@ void NetworkManager::shutdown()
     saveIgnoredSslHosts();
 }
 
+const QStringList NetworkManager::ignoredSslHosts() const
+{
+    return m_ignoredSslHosts;
+}
+
+const QHash<QString, QWebEngineCertificateError::Type> NetworkManager::ignoredSslErrors() const
+{
+    return m_ignoredSslErrors;
+}
+
+const QHash<QString, QWebEngineCertificateError::Type> NetworkManager::rejectedSslErrors() const
+{
+    return m_rejectedSslErrors;
+}
+
+QString NetworkManager::sslErrorDescription(const QWebEngineCertificateError::Type error) const
+{
+    /* DISCLAIMER
+       The error descriptions are taken from Qt documentation.
+     */
+    switch (error) {
+        case QWebEngineCertificateError::SslPinnedKeyNotInCertificateChain:
+            return tr("The certificate did not match the built-in public keys pinned for the host name.");
+        case QWebEngineCertificateError::CertificateCommonNameInvalid:
+            return tr("The certificate's common name did not match the host name.");
+        case QWebEngineCertificateError::CertificateDateInvalid:
+            return tr("The certificate is not valid at the current date and time.");
+        case QWebEngineCertificateError::CertificateAuthorityInvalid:
+            return tr("The certificate is not signed by a trusted authority.");
+        case QWebEngineCertificateError::CertificateContainsErrors:
+            return tr("The certificate contains errors.");
+        case QWebEngineCertificateError::CertificateNoRevocationMechanism:
+            return tr("The certificate has no mechanism for determining if it has been revoked.");
+        case QWebEngineCertificateError::CertificateUnableToCheckRevocation:
+            return tr("Revocation information for the certificate is not available.");
+        case QWebEngineCertificateError::CertificateRevoked:
+            return tr("The certificate has been revoked.");
+        case QWebEngineCertificateError::CertificateInvalid:
+            return tr("The certificate is invalid.");
+        case QWebEngineCertificateError::CertificateWeakSignatureAlgorithm:
+            return tr("The certificate is signed using a weak signature algorithm.");
+        case QWebEngineCertificateError::CertificateNonUniqueName:
+            return tr("The host name specified in the certificate is not unique.");
+        case QWebEngineCertificateError::CertificateWeakKey:
+            return tr("The certificate contains a weak key.");
+        case QWebEngineCertificateError::CertificateNameConstraintViolation:
+            return tr("The certificate claimed DNS names that are in violation of name constraints.");
+        case QWebEngineCertificateError::CertificateValidityTooLong:
+            return tr("The certificate has a validity period that is too long.");
+        case QWebEngineCertificateError::CertificateTransparencyRequired:
+            return tr("Certificate Transparency was required for this connection, but the server did not provide CT information that complied with the policy.");
+        case QWebEngineCertificateError::CertificateKnownInterceptionBlocked:
+            return tr("The certificate is known to be used for interception by an entity other the device owner.");
+        case QWebEngineCertificateError::SslObsoleteVersion:
+            return tr("The connection uses an obsolete version of SSL/TLS");
+        case QWebEngineCertificateError::CertificateSymantecLegacy:
+            return tr("The certificate is a legacy Symantec one that's no longer valid.");
+
+        default:
+            return tr("Unknown error");
+    }
+}
+
 // static
 void NetworkManager::registerSchemes()
 {
diff --git a/src/lib/network/networkmanager.h b/src/lib/network/networkmanager.h
index 4fd89923c..f4b04d2d3 100644
--- a/src/lib/network/networkmanager.h
+++ b/src/lib/network/networkmanager.h
@@ -48,6 +48,12 @@ public:
     void loadSettings();
     void shutdown();
 
+    const QHash<QString, QWebEngineCertificateError::Type> ignoredSslErrors() const;
+    const QHash<QString, QWebEngineCertificateError::Type> rejectedSslErrors() const;
+    const QStringList ignoredSslHosts() const;
+
+    QString sslErrorDescription(const QWebEngineCertificateError::Type error) const;
+
     static void registerSchemes();
 
 protected:
diff --git a/src/lib/other/siteinfo.cpp b/src/lib/other/siteinfo.cpp
index 8fbc85360..f64c8c511 100644
--- a/src/lib/other/siteinfo.cpp
+++ b/src/lib/other/siteinfo.cpp
@@ -66,8 +66,25 @@ SiteInfo::SiteInfo(WebView *view)
     ui->heading->setText(QSL("<b>%1</b>:").arg(m_view->title()));
     ui->siteAddress->setText(m_view->url().toString());
 
-    if (m_view->url().scheme() == QL1S("https"))
-        ui->securityLabel->setText(tr("<b>Connection is Encrypted.</b>"));
+    if (m_view->url().scheme() == QL1S("https")) {
+        auto* nm = mApp->networkManager();
+        QString encryuptionText = tr("<b>Connection is Encrypted.</b>");
+        QString host = m_baseUrl.host();
+
+        if (nm->ignoredSslHosts().contains(host)) {
+            encryuptionText += QSL("<br>") + tr("Any certificate error is <b>permanently</b> ignored.");
+        }
+        else if (nm->ignoredSslErrors().contains(host)) {
+            encryuptionText += QSL("<br>") + tr("The certificate error is <b>temporarily</b> ignored.");
+            encryuptionText += QSL("<br>") + nm->sslErrorDescription(nm->ignoredSslErrors()[host]);
+        }
+        else if (nm->rejectedSslErrors().contains(host)) {
+            encryuptionText += QSL("<br>") + tr("Certificate was rejected.");
+            encryuptionText += QSL("<br>") + nm->sslErrorDescription(nm->rejectedSslErrors()[host]);
+        }
+
+        ui->securityLabel->setText(encryuptionText);
+    }
     else
         ui->securityLabel->setText(tr("<b>Connection Not Encrypted.</b>"));
 
diff --git a/src/lib/other/siteinfowidget.cpp b/src/lib/other/siteinfowidget.cpp
index fdc004ba2..ea71c23aa 100644
--- a/src/lib/other/siteinfowidget.cpp
+++ b/src/lib/other/siteinfowidget.cpp
@@ -24,6 +24,7 @@
 #include "tabbedwebview.h"
 #include "sqldatabase.h"
 #include "protocolhandlermanager.h"
+#include "networkmanager.h"
 
 #include <QToolTip>
 
@@ -41,7 +42,28 @@ SiteInfoWidget::SiteInfoWidget(BrowserWindow* window, QWidget* parent)
 
     ui->titleLabel->setText(tr("<b>Site %1<b/>").arg(view->url().host()));
 
+    bool secure = false;
+
     if (view->url().scheme() == QL1S("https")) {
+        auto* nm = mApp->networkManager();
+        QString host = view->url().host();
+
+        if (nm->ignoredSslHosts().contains(host)) {
+            ui->secureDescriptionLabel->setText(tr("Any certificate error is <b>permanently</b> ignored."));
+        }
+        else if (nm->ignoredSslErrors().contains(host)) {
+            ui->secureDescriptionLabel->setText(tr("The certificate error is <b>temporarily</b> ignored."));
+        }
+        else if (nm->rejectedSslErrors().contains(host)) {
+            ui->secureDescriptionLabel->setText(tr("Certificate was rejected."));
+        }
+        else {
+            secure = true;
+            ui->secureDescriptionLabel->hide();
+        }
+    }
+
+    if (secure) {
         ui->secureLabel->setText(tr("Your connection to this site is <b>secured</b>."));
         ui->secureIcon->setPixmap(QPixmap(QSL(":/icons/locationbar/safe.png")));
     }
diff --git a/src/lib/other/siteinfowidget.ui b/src/lib/other/siteinfowidget.ui
index acfd8320d..08192683e 100644
--- a/src/lib/other/siteinfowidget.ui
+++ b/src/lib/other/siteinfowidget.ui
@@ -6,8 +6,8 @@
    <rect>
     <x>0</x>
     <y>0</y>
-    <width>117</width>
-    <height>144</height>
+    <width>123</width>
+    <height>198</height>
    </rect>
   </property>
   <property name="sizePolicy">
@@ -38,7 +38,34 @@
       <property name="rightMargin">
        <number>15</number>
       </property>
-      <item row="8" column="0" colspan="3">
+      <item row="6" column="0" colspan="3">
+       <layout class="QHBoxLayout" name="horizontalLayout_3">
+        <item>
+         <widget class="QLabel" name="protocolHandlerLabel"/>
+        </item>
+        <item>
+         <widget class="QPushButton" name="protocolHandlerButton">
+          <property name="sizePolicy">
+           <sizepolicy hsizetype="Maximum" vsizetype="Fixed">
+            <horstretch>0</horstretch>
+            <verstretch>0</verstretch>
+           </sizepolicy>
+          </property>
+         </widget>
+        </item>
+       </layout>
+      </item>
+      <item row="4" column="2">
+       <widget class="QLabel" name="historyLabel">
+        <property name="sizePolicy">
+         <sizepolicy hsizetype="MinimumExpanding" vsizetype="Preferred">
+          <horstretch>0</horstretch>
+          <verstretch>0</verstretch>
+         </sizepolicy>
+        </property>
+       </widget>
+      </item>
+      <item row="9" column="0" colspan="3">
        <layout class="QHBoxLayout" name="horizontalLayout_2">
         <property name="spacing">
          <number>6</number>
@@ -74,43 +101,6 @@
         </item>
        </layout>
       </item>
-      <item row="2" column="0">
-       <widget class="QLabel" name="secureIcon"/>
-      </item>
-      <item row="3" column="2">
-       <widget class="QLabel" name="historyLabel">
-        <property name="sizePolicy">
-         <sizepolicy hsizetype="MinimumExpanding" vsizetype="Preferred">
-          <horstretch>0</horstretch>
-          <verstretch>0</verstretch>
-         </sizepolicy>
-        </property>
-       </widget>
-      </item>
-      <item row="0" column="0" colspan="3">
-       <widget class="QLabel" name="titleLabel">
-        <property name="alignment">
-         <set>Qt::AlignCenter</set>
-        </property>
-       </widget>
-      </item>
-      <item row="1" column="0" colspan="3">
-       <widget class="Line" name="line_2">
-        <property name="orientation">
-         <enum>Qt::Horizontal</enum>
-        </property>
-       </widget>
-      </item>
-      <item row="3" column="0">
-       <widget class="QLabel" name="historyIcon"/>
-      </item>
-      <item row="7" column="0" colspan="3">
-       <widget class="Line" name="line">
-        <property name="orientation">
-         <enum>Qt::Horizontal</enum>
-        </property>
-       </widget>
-      </item>
       <item row="2" column="2">
        <widget class="QLabel" name="secureLabel">
         <property name="sizePolicy">
@@ -121,29 +111,42 @@
         </property>
        </widget>
       </item>
-      <item row="4" column="0" colspan="3">
+      <item row="5" column="0" colspan="3">
        <widget class="Line" name="protocolHandlerLine">
         <property name="orientation">
          <enum>Qt::Horizontal</enum>
         </property>
        </widget>
       </item>
-      <item row="5" column="0" colspan="3">
-       <layout class="QHBoxLayout" name="horizontalLayout_3">
-        <item>
-         <widget class="QLabel" name="protocolHandlerLabel"/>
-        </item>
-        <item>
-         <widget class="QPushButton" name="protocolHandlerButton">
-          <property name="sizePolicy">
-           <sizepolicy hsizetype="Maximum" vsizetype="Fixed">
-            <horstretch>0</horstretch>
-            <verstretch>0</verstretch>
-           </sizepolicy>
-          </property>
-         </widget>
-        </item>
-       </layout>
+      <item row="1" column="0" colspan="3">
+       <widget class="Line" name="line_2">
+        <property name="orientation">
+         <enum>Qt::Horizontal</enum>
+        </property>
+       </widget>
+      </item>
+      <item row="8" column="0" colspan="3">
+       <widget class="Line" name="line">
+        <property name="orientation">
+         <enum>Qt::Horizontal</enum>
+        </property>
+       </widget>
+      </item>
+      <item row="0" column="0" colspan="3">
+       <widget class="QLabel" name="titleLabel">
+        <property name="alignment">
+         <set>Qt::AlignCenter</set>
+        </property>
+       </widget>
+      </item>
+      <item row="4" column="0">
+       <widget class="QLabel" name="historyIcon"/>
+      </item>
+      <item row="2" column="0">
+       <widget class="QLabel" name="secureIcon"/>
+      </item>
+      <item row="3" column="2">
+       <widget class="QLabel" name="secureDescriptionLabel"/>
       </item>
      </layout>
     </widget>