trust high fidelity root CA cert for OAuth redirect

interface/src/Application.cpp

@@ -358,6 +358,8 @@ Application::Application(int& argc, char** argv, QElapsedTimer &startup_time) :
     
     // call the OAuthWebviewHandler static getter so that its instance lives in our thread
     OAuthWebViewHandler::getInstance();
+    // make sure the High Fidelity root CA is in our list of trusted certs
+    OAuthWebViewHandler::addHighFidelityRootCAToSSLConfig();
 }
 
 Application::~Application() {

interface/src/ui/OAuthWebViewHandler.cpp

@@ -26,10 +26,24 @@ OAuthWebViewHandler::OAuthWebViewHandler() :
     
 }
 
+void OAuthWebViewHandler::addHighFidelityRootCAToSSLConfig() {
+    QSslConfiguration sslConfig = QSslConfiguration::defaultConfiguration();
+    
+    // add the High Fidelity root CA to the list of trusted CA certificates
+    QByteArray highFidelityCACertificate(reinterpret_cast<char*>(DTLSSession::highFidelityCADatum()->data),
+                                         DTLSSession::highFidelityCADatum()->size);
+    sslConfig.setCaCertificates(sslConfig.caCertificates() + QSslCertificate::fromData(highFidelityCACertificate));
+    
+    // set the modified configuration
+    QSslConfiguration::setDefaultConfiguration(sslConfig);
+}
+
 void OAuthWebViewHandler::displayWebviewForAuthorizationURL(const QUrl& authorizationURL) {
     if (!_activeWebView) {
         _activeWebView = new QWebView();
         _activeWebView->setWindowFlags(Qt::WindowStaysOnTopHint);
+        
+        qDebug() << "Displaying QWebView for OAuth authorization at" << authorizationURL.toString();
         _activeWebView->load(authorizationURL);
         _activeWebView->show();
         

interface/src/ui/OAuthWebViewHandler.h

@@ -21,6 +21,7 @@ class OAuthWebViewHandler : public QObject {
 public:
     OAuthWebViewHandler();
     static OAuthWebViewHandler& getInstance();
+    static void addHighFidelityRootCAToSSLConfig();
     
 public slots:
     void displayWebviewForAuthorizationURL(const QUrl& authorizationURL);

libraries/networking/src/DTLSSession.cpp

@@ -78,7 +78,7 @@ gnutls_datum_t* DTLSSession::highFidelityCADatum() {
     static bool datumInitialized = false;
     
     static unsigned char HIGHFIDELITY_ROOT_CA_CERT[] =
-        "-----BEGIN CERTIFICATE-----"
+        "-----BEGIN CERTIFICATE-----\n"
         "MIID6TCCA1KgAwIBAgIJANlfRkRD9A8bMA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD\n"
         "VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5j\n"
         "aXNjbzEbMBkGA1UEChMSSGlnaCBGaWRlbGl0eSwgSW5jMRMwEQYDVQQLEwpPcGVy\n"
@@ -100,7 +100,7 @@ gnutls_datum_t* DTLSSession::highFidelityCADatum() {
         "SIb3DQEBBQUAA4GBAEkQl3p+lH5vuoCNgyfa67nL0MsBEt+5RSBOgjwCjjASjzou\n"
         "FTv5w0he2OypgMQb8i/BYtS1lJSFqjPJcSM1Salzrm3xDOK5pOXJ7h6SQLPDVEyf\n"
         "Hy2/9d/to+99+SOUlvfzfgycgjOc+s/AV7Y+GBd7uzGxUdrN4egCZW1F6/mH\n"
-        "-----END CERTIFICATE-----";
+        "-----END CERTIFICATE-----\n";
     
     if (!datumInitialized) {
         hifiCADatum.data = HIGHFIDELITY_ROOT_CA_CERT;