qt: Add the --trusted-cert command line argument

gm-vm · Mar 1, 2024 · 2da1313 · 2da1313
1 parent e32d7ff
commit 2da1313
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 1 deletion.
diff --git a/openfortivpn-webview-qt/main.cpp b/openfortivpn-webview-qt/main.cpp
@@ -31,13 +31,16 @@ int main(int argc, char *argv[])
  auto defaultUrlRegex = "/sslvpn/portal\\.html";
  auto urlRegexDescription = QString("A regex to detect the URL that needs to be visited before printing SVPNCOOKIE.\nThe default is \"%1\".").arg(defaultUrlRegex);
  auto optionUrlRegex = QCommandLineOption("url-regex", urlRegexDescription, "url-regex", defaultUrlRegex);
+ auto certificateToTrustDescription = QString("The fingerprint of a certificate to always trust, even if invalid. The details of invalid certificates, fingerprint included, will be dumped in the console.");
+ auto optionCertificateToTrust = QCommandLineOption("trusted-cert", certificateToTrustDescription, "trusted-cert");
 
  QCommandLineParser parser;
  parser.addPositionalArgument("host", "The VPN gateway host with an optional port.", "[host:port]");
  parser.addOption(optionRealm);
  parser.addOption(optionUrlRegex);
  parser.addOption(optionUrl);
  parser.addOption(optionKeepOpen);
+ parser.addOption(optionCertificateToTrust);
  parser.addOption(QCommandLineOption("remote-debugging-port", "Remote debugging server port.", "port"));
  parser.addHelpOption();
  parser.addVersionOption();
@@ -70,7 +73,9 @@ int main(int argc, char *argv[])
  exit(1);
  }
 
- MainWindow w(keepOpen, urlRegex);
+ auto certificateToTrust = parser.value(optionCertificateToTrust);
+
+ MainWindow w(keepOpen, urlRegex, certificateToTrust);
  w.loadUrl(url);
  w.resize(1024, 760);
  w.move(findScreenWithCursor()->geometry().center() - w.rect().center());

diff --git a/openfortivpn-webview-qt/mainwindow.cpp b/openfortivpn-webview-qt/mainwindow.cpp
@@ -7,6 +7,7 @@
 #include <QTextStream>
 #include <QWebEngineCookieStore>
 #include <QWebEngineHistory>
+#include <QWebEnginePage>
 #include <QWebEngineProfile>
 #include <QWebEngineView>
 #include <iostream>
@@ -15,14 +16,18 @@ Q_LOGGING_CATEGORY(category, "webview")
 
 MainWindow::MainWindow(const bool keepOpen,
  const QRegularExpression& urlToWaitForRegex,
+ const QString certificateHashToTrust,
  QWidget *parent) :
  QMainWindow(parent),
+ webEnginePage(new QWebEnginePage()),
  webEngineProfile(new QWebEngineProfile("vpn", parent)),
  webEngine(new QWebEngineView(webEngineProfile, parent)),
  urlToWaitForRegex(urlToWaitForRegex),
+ certificateHashToTrust(certificateHashToTrust),
  keepOpen(keepOpen)
 {
  setCentralWidget(webEngine);
+ webEngine->setPage(webEnginePage);
 
  createMenuBar();
 
@@ -42,12 +47,15 @@ MainWindow::MainWindow(const bool keepOpen,
  &MainWindow::onCookieAdded);
  connect(webEngineProfile->cookieStore(), &QWebEngineCookieStore::cookieRemoved, this,
  &MainWindow::onCookieRemoved);
+
+ connect(webEnginePage, &QWebEnginePage::certificateError, this, &MainWindow::onCertificateError);
 }
 
 MainWindow::~MainWindow()
 {
  delete webEngine;
  delete webEngineProfile;
+ delete webEnginePage;
 }
 
 void MainWindow::loadUrl(const QString &url)
@@ -80,6 +88,22 @@ void MainWindow::onCookieRemoved(const QNetworkCookie &cookie)
  }
 }
 
+void MainWindow::onCertificateError(QWebEngineCertificateError certificateError) {
+ auto sha256base64 = certificateError.certificateChain().constFirst().digest(QCryptographicHash::Sha256).toBase64();
+ auto hashString = "sha256/" + sha256base64;
+ if (certificateHashToTrust == hashString) {
+ certificateError.acceptCertificate();
+ return;
+ }
+
+ qCDebug(category) << "Found an invalid certificate:";
+ for (auto& certificate : certificateError.certificateChain()) {
+ qCDebug(category).noquote() << certificate.toText();
+ }
+ qCDebug(category).noquote() << "If you know that this certificate can be trusted, relaunch the application passing the following argument to ignore the error:";
+ qCDebug(category).noquote() << "--trusted-cert='" + hashString + "'";
+}
+
 void MainWindow::handleUrlChange(const QUrl &url)
 {
  qCDebug(category) << url.toString();

diff --git a/openfortivpn-webview-qt/mainwindow.h b/openfortivpn-webview-qt/mainwindow.h
@@ -4,6 +4,7 @@
 #include <QMainWindow>
 #include <QNetworkCookie>
 #include <QRegularExpression>
+#include <QWebEngineCertificateError>
 #include <QWebEngineView>
 
 class MainWindow : public QMainWindow
@@ -13,20 +14,24 @@ class MainWindow : public QMainWindow
 public:
  explicit MainWindow(const bool keepOpen,
  const QRegularExpression& urlToWaitForRegex,
+ const QString certificateHashToTrust,
  QWidget *parent = nullptr);
  ~MainWindow();
  void loadUrl(const QString &url);
 
 private slots:
  void onCookieAdded(const QNetworkCookie &cookie);
  void onCookieRemoved(const QNetworkCookie &cookie);
+ void onCertificateError(QWebEngineCertificateError certificateError);
  void updateTitle(const QString &title);
  void handleUrlChange(const QUrl &url);
 
 private:
+ QWebEnginePage *webEnginePage;
  QWebEngineProfile *webEngineProfile;
  QWebEngineView *webEngine;
  const QRegularExpression& urlToWaitForRegex;
+ const QString certificateHashToTrust;
  const bool keepOpen;
  QString svpncookie;
  bool didSeeUrlToWaitFor = false;