How to display certificate of HTTPS request in embedded WebView

In my Mac OS X app I'm using an embedded WebView to do OAuth logins for different services. Most of them use a HTTPS request for the autho开发者_如何学编程rization form that's displayed in the WebView.

Now I need to display a small lock like in Safari, as soon as the connection is secure. A click on that lock should open a SFCertificatePanel that displays the certificate used for that request.

Can that be done in WebView for OS X? I checked all delegates but didn't find a usable message sent to them to display that lock-icon or to get the certificate.

Thanks for your help!

This sounds like a pretty dubious idea to me. I suspect it would not be secure in practice, given likely user behavior and user understanding (e.g., the mental models that users have about security).

Here's the core problem. There is no place in your app window to display a lock that users can trust, and that users will understand and know is unspoofable, and that users know to focus their attention on. It would be too easy for a malicious website to include an image of a lock icon on their page, and this might fool users into thinking that HTTPS has been used when it actually hasn't. The malicious website could even make the icon clickable, and if the user clicks on it, have spoofed certificate information pop up. Most users would have no hope of detecting such an attack.

Instead, if you know that a particular site needs to use HTTPS, I suggest that you load the original URL using a https:// URL. Since you specified the URL to be loaded in the WebView, you know that it will be using SSL. As far as I know, that's realistically about the best you can do from within your app. At least, I can't think of anything better, given the problem description specified here.