Package Torello.Browser.BrowserAPI

Class Security

java.lang.Object

Torello.Browser.BrowserAPI.Security

public class Security
extends java.lang.Object

This class was built using the Chrome Remote Dev-Tools A.P.I., which is specified by two JSON-RPC Files. These files were obtained from the Chrome Dev Tools Protocol Git Hub Page, which has a "Tip of Tree" (the latest) API-Specification Page Here: JSON-RPC Protocol Specification.

These files were converted into this Java-Browser (CDP) Library. The intention is to have them function in a similar fasion to the Node.js Tool known as 'Puppeteer', Microsoft's 'Playwright' and of course the Main-Stay 'Selenium.' The Java-HTML JAR Library merely implements the Java Types & Commands defined by Google's DevTools Protocol.

🧠 View the Google CDP API:

• browser_protocol.json
• js_protocol.json
• Browser API HTML-Page
• Java-Script API HTML-Page

Security

The top-level description and explanation for this class (this comment, at the top this Java-Doc Page) is repeated, verbatim, across all of the domain classes which comprise Google's CDP API.

This class is intended to be used with a Browser Instance

These methods have been tested, to some degree, using Google Chrome. In order to use this class you must start a web-browser instance and make a connection to the browser using a Remote Debugging Port. Google-Corporation is the developer of this API, but any browser which accepts a Remote Debug Port Connection over Web-Sockets.

Google-Chrome was used during the development process of the classes in this particular package. Lately, it has been asserted Microsoft has switched to using the Chrome Browser-Engine for its Microsoft Edge Internal Code-Base. Therefore, there may some functionality available when running the methods in this class with Microsoft-Edge.

Check whether the your Web-Browser will allow itself to be driven by the Web-Socket RDP-Port 9223. See the examples available in package Torello.Browser to undertand how to build a PageConn and BrowserConn Web-Socket Connection, and how to build a WebSocketSender instance in order to execute the methods in this class.

Web-Socket & JSON API:
Every one of the methods that reside in this class are designed to do nothing more than:

1. Accept Parameters from the User, and "Marshall Them" into a Valid JSON-Request
2. Transmit the Marshalled Request-JSON to a Headless Web-Browser over a Web-Socket Connection
3. Receive BOTH that Command-Results AND any Browser Event-Firings from the Web-Socket
4. Parse JSON Method-Results and Browser-Event Firings, and Subsequently Convert them to Standard Java-Types
5. Report these Method-Results and Browser-Events to the User via a User-Registered, Event-Listener (Events) or a Promise Object (Command Responses / Results)

Unlike the bulk of the Java HTML JAR Library, there is very little native Java-Code, and very little testing that may be done on any of the classes & methods in this package. The code inside these classes does nothing more than marshall-and-unmarshall Java-Types into Json-Requests (and vice-versa). The Java-Script & Browser modules inside of a Google-Chrome instance are, theoretically, handling these requests, and returning their results (or events) over the Web-Socket Connection.

It has been asserted (by Google Chrome Developers) that some of these methods are only "partially working" or "experimental".


Asking Chat-GPT for Help:
The LLM otherwise known as "Chat-GPT" does, indeed, have an expert level of knowledge about the "Remote DevTools Protocol". The API that the Chrome DevTools Protocl (CDP) exports is extremely well understood by the LLM, and generally I have found that Chat-GPT understands (by 2 or 3 orders of magnitude) better what my Auto-Generated JSON-Wrappers can do in controlling a Web-Browser than I could ever possibly hope to understand.

Though not available today, there will soon be an automatically downloadable Token-Stream (AI Embeddings) BUTTON available on my Java-Doc Pages that should hopefully make it extremely easy to post my code-base, RAG Style, to Chat-GPT and other LLM's when 'interogating' them. Presently, because my "Get Token Stream Button" does not exist yet on any of my pages, what you can do is copy-and-paste any Method-Signature from any one of these pages and then ask Chat-GPT to explain what that Browser or Java-Script Function is actually doing. It is very likely to give you some pretty neat answers.

I have found that every single one of the Domains, Types & Events which are offered by the CDP Protocol (though not documented very well by Google), are perfectly understood by the A.I. LLM - literally to the point where it does know (much better than I ever could) what my own code base actually does!

Try it out, it's a lot of fun. Note that this package and these classes were originally developed solely to be able to execute the Java-Script that a browser executes when visiting a Web-Site. Complete HTML-Page Content can be scraped (using the HTML Data-Scraping Tools in Java-HTML) off of Web-Sites that have dynamic / Java-Script Generated Content.


Conspicuous Boxed-Types Usage:
You may notice that there are many methods that have parameters which accept, for instance, an Integer, instead of a primitive int. Just to remind the readiner, in Java Programs a Boxed Type is a standard Java-Primitive which has been converted into an Object-Reference. The use of Boxed-Types in this code base is an easy-and-fast-way to allow for the concept of "Optional Parameters" or "Optional Field Value."

Whenever you see a method that accepts an Integer, the reason for this Parameter-Type choice is actually to allow a user to pass 'null' to it. This is a simple way to ELIDE passing any value at all to parameters which Google-Chrome would otherwise assert are "Optional." Whenever you pass 'null' to a Boxed-Types in this class, the Json-Processor will simply eliminate that Object-Property from the command altogether; and the browser will simply not receive any value for that parameter when that command is invoked.

The Java Language Specification does not have an easy or well defined means of accepting optional method parameters; so Boxed-Types and 'null' are utilized here. Note that 'null' may be passed to any Command Method-Parameter that is listed as Optional on the Java-Doc Page description for that parameter.

Hi-Lited Source-Code:

This File's Source Code:

• View Here: Torello/Browser/BrowserAPI/Security.java
• Open New Browser-Tab: Torello/Browser/BrowserAPI/Security.java

File Size: 35,117 Bytes Line Count: 840 '\n' Characters Found
Helper: Command Invocation Helpers

• View Here: Security$$Commands.java
• Open New Browser-Tab: Security$$Commands.java

File Size: 1,479 Bytes Line Count: 39 '\n' Characters Found

Stateless Class:

This class neither contains any program-state, nor can it be instantiated. The @StaticFunctional Annotation may also be called 'The Spaghetti Report'. Static-Functional classes are, essentially, C-Styled Files, without any constructors or non-static member fields. It is a concept very similar to the Java-Bean's @Stateless Annotation.

• 1 Constructor(s), 1 declared private, zero-argument constructor
• 5 Method(s), 5 declared static
• 5 Field(s), 5 declared static, 5 declared final

Nested Class Summary

Type Nested Classes: Types / Classes that Are Used & Exported by this Domain
Modifier and Type	Class	Description
static class	Security.CertificateSecurityState	Details about the security state of the page certificate.
static class	Security.InsecureContentStatus	Information about insecure content on the page.
static class	Security.SafetyTipInfo	[No Description Provided by Google]
static class	Security.SecurityStateExplanation	An explanation of an factor contributing to the security state.
static class	Security.VisibleSecurityState	Security state information about the page.
Event Nested Classes: Browser Events, as Java Inner Classes, Which are Fired by this Domain
Modifier and Type	Class	Description
static class	Security.certificateError	There is a certificate error.
static class	Security.securityStateChanged	The security state of the page changed.
static class	Security.visibleSecurityStateChanged	The security state of the page changed.

Field Summary

Enumerated Strings: Like Java 'enum' Types, but Converted to Read-Only String-Lists
Modifier and Type	Field	Description
static ReadOnlyList<String>	CertificateErrorAction	The action to take when a certificate error occurs.
static ReadOnlyList<String>	MixedContentType	A description of mixed content (HTTP resources on HTTPS pages), as defined by https://www.w3.org/TR/mixed-content/#categories
static ReadOnlyList<String>	SafetyTipStatus	[No Description Provided by Google]
static ReadOnlyList<String>	SecurityState	The security level of a page or resource.
Eliminated Types: Removed CDP Types which Have Been Re-Mapped to Basic Java String Constants
Modifier and Type	Field	Description
static String	CertificateId	An internal certificate ID value.

Method Summary

Security Domain Commands
Script Returns	Modifier and Type	Method
Void	static Script<>	disable() Disables tracking security state changes.
Void	static Script<>	enable() Enables tracking security state changes.
Void	static Script<>	handleCertificateError(int eventId, String action) Handles a certificate error that fired a certificateError event.
Void	static Script<>	setIgnoreCertificateErrors(boolean ignore) Enable/disable whether all certificate errors should be ignored.
Void	static Script<>	setOverrideCertificateErrors(boolean override) Enable/disable overriding certificate errors.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CertificateId

🡇 ⇈ ⮫ 🗕 🗗 🗖

public static final java.lang.String CertificateId

An internal certificate ID value.

The Type CertificateId has been eliminated, because it is a direct mapping to a basic Java-Type; it has no additional fields, or other distinguishing properties. Instead, this CDP defined type has been relegated to a simple String Constant, for documentation & reference purposes only.

The code which is generated which employs this type replaces its use with the Standard Java-Type: int

Eliminated Type

See Also:

Constant Field Values

CertificateErrorAction

🡅 🡇 ⇈ ⮫ 🗕 🗗 🗖

public static final ReadOnlyList<java.lang.String> CertificateErrorAction

The action to take when a certificate error occurs. continue will continue processing the request and cancel will cancel the request.

String-Enumeration Type

MixedContentType

🡅 🡇 ⇈ ⮫ 🗕 🗗 🗖

public static final ReadOnlyList<java.lang.String> MixedContentType

A description of mixed content (HTTP resources on HTTPS pages), as defined by https://www.w3.org/TR/mixed-content/#categories

String-Enumeration Type

SafetyTipStatus

🡅 🡇 ⇈ ⮫ 🗕 🗗 🗖

public static final ReadOnlyList<java.lang.String> SafetyTipStatus

[No Description Provided by Google]
EXPERIMENTAL

String-Enumeration Type

SecurityState

🡅 🡇 ⇈ ⮫ 🗕 🗗 🗖

public static final ReadOnlyList<java.lang.String> SecurityState

The security level of a page or resource.

String-Enumeration Type

Method Detail

disable

🡅 🡇 ⇈ ⮫ 🗕 🗗 🗖

public static Script<java.lang.Void> disable()

Disables tracking security state changes.

Returns:

An instance of Script<Void>

This Script instance must be executed before the browser receives the invocation-request.

This Browser-Function does not have a return-value. You may choose to await the Promise<Void> to ensure that the Browser Function has run to completion.

enable

🡅 🡇 ⇈ ⮫ 🗕 🗗 🗖

public static Script<java.lang.Void> enable()

Enables tracking security state changes.

Returns:

An instance of Script<Void>

This Script instance must be executed before the browser receives the invocation-request.

This Browser-Function does not have a return-value. You may choose to await the Promise<Void> to ensure that the Browser Function has run to completion.

handleCertificateError

🡅 🡇 ⇈ ⮫ 🗕 🗗 🗖

public static Script<java.lang.Void> handleCertificateError
            (int eventId,
             java.lang.String action)

Handles a certificate error that fired a certificateError event.
DEPRECATED

Parameters:

eventId - The ID of the event.

action - The action to take on the certificate error.

Returns:

An instance of Script<Void>

This Script instance must be executed before the browser receives the invocation-request.

This Browser-Function does not have a return-value. You may choose to await the Promise<Void> to ensure that the Browser Function has run to completion.

setIgnoreCertificateErrors

🡅 🡇 ⇈ ⮫ 🗕 🗗 🗖

public static Script<java.lang.Void> setIgnoreCertificateErrors
            (boolean ignore)

Enable/disable whether all certificate errors should be ignored.

Parameters:

ignore - If true, all certificate errors will be ignored.

Returns:

An instance of Script<Void>

This Script instance must be executed before the browser receives the invocation-request.

This Browser-Function does not have a return-value. You may choose to await the Promise<Void> to ensure that the Browser Function has run to completion.

setOverrideCertificateErrors

🡅 ⇈ ⮫ 🗕 🗗 🗖

public static Script<java.lang.Void> setOverrideCertificateErrors
            (boolean override)

Enable/disable overriding certificate errors. If enabled, all certificate error events need to be handled by the DevTools client and should be answered with handleCertificateError commands.
DEPRECATED

Parameters:

override - If true, certificate errors will be overridden.

Returns:

An instance of Script<Void>

This Script instance must be executed before the browser receives the invocation-request.

This Browser-Function does not have a return-value. You may choose to await the Promise<Void> to ensure that the Browser Function has run to completion.