• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2017 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "net/cert/pki/common_cert_errors.h"
6 
7 namespace net::cert_errors {
8 
9 DEFINE_CERT_ERROR_ID(kInternalError, "Internal error");
10 DEFINE_CERT_ERROR_ID(kValidityFailedNotAfter, "Time is after notAfter");
11 DEFINE_CERT_ERROR_ID(kValidityFailedNotBefore, "Time is before notBefore");
12 DEFINE_CERT_ERROR_ID(kDistrustedByTrustStore, "Distrusted by trust store");
13 
14 DEFINE_CERT_ERROR_ID(
15     kSignatureAlgorithmMismatch,
16     "Certificate.signatureAlgorithm != TBSCertificate.signature");
17 
18 DEFINE_CERT_ERROR_ID(kChainIsEmpty, "Chain is empty");
19 DEFINE_CERT_ERROR_ID(kUnconsumedCriticalExtension,
20                      "Unconsumed critical extension");
21 DEFINE_CERT_ERROR_ID(kKeyCertSignBitNotSet, "keyCertSign bit is not set");
22 DEFINE_CERT_ERROR_ID(kMaxPathLengthViolated, "max_path_length reached");
23 DEFINE_CERT_ERROR_ID(kBasicConstraintsIndicatesNotCa,
24                      "Basic Constraints indicates not a CA");
25 DEFINE_CERT_ERROR_ID(kTargetCertShouldNotBeCa,
26                      "Certificate has Basic Constraints indicating it is a CA "
27                      "when it should not be a CA");
28 DEFINE_CERT_ERROR_ID(kMissingBasicConstraints,
29                      "Does not have Basic Constraints");
30 DEFINE_CERT_ERROR_ID(kNotPermittedByNameConstraints,
31                      "Not permitted by name constraints");
32 DEFINE_CERT_ERROR_ID(kTooManyNameConstraintChecks,
33                      "Too many name constraints checks");
34 DEFINE_CERT_ERROR_ID(kSubjectDoesNotMatchIssuer,
35                      "subject does not match issuer");
36 DEFINE_CERT_ERROR_ID(kVerifySignedDataFailed, "VerifySignedData failed");
37 DEFINE_CERT_ERROR_ID(kSignatureAlgorithmsDifferentEncoding,
38                      "Certificate.signatureAlgorithm is encoded differently "
39                      "than TBSCertificate.signature");
40 DEFINE_CERT_ERROR_ID(kEkuLacksServerAuth,
41                      "The extended key usage does not include server auth");
42 DEFINE_CERT_ERROR_ID(kEkuLacksServerAuthButHasGatedCrypto,
43                      "The extended key usage does not include server auth but "
44                      "instead includes Netscape Server Gated Crypto");
45 DEFINE_CERT_ERROR_ID(kEkuLacksServerAuthButHasAnyEKU,
46                      "The extended key usage does not include server auth but "
47                      "instead includes anyExtendeKeyUsage");
48 DEFINE_CERT_ERROR_ID(kEkuLacksClientAuth,
49                      "The extended key usage does not include client auth");
50 DEFINE_CERT_ERROR_ID(kEkuLacksClientAuthButHasAnyEKU,
51                      "The extended key usage does not include client auth but "
52                      "instead includes anyExtendedKeyUsage");
53 DEFINE_CERT_ERROR_ID(kEkuLacksClientAuthOrServerAuth,
54                      "The extended key usage does not include client auth "
55                      "or server auth");
56 DEFINE_CERT_ERROR_ID(kEkuHasProhibitedOCSPSigning,
57                      "The extended key usage includes OCSP signing which "
58                      "is not permitted for this use");
59 DEFINE_CERT_ERROR_ID(kEkuHasProhibitedTimeStamping,
60                      "The extended key usage includes time stamping which "
61                      "is not permitted for this use");
62 DEFINE_CERT_ERROR_ID(kEkuHasProhibitedCodeSigning,
63                      "The extended key usage includes code signing which "
64                      "is not permitted for this use");
65 DEFINE_CERT_ERROR_ID(kEkuNotPresent,
66                      "Certificate does not have extended key usage");
67 DEFINE_CERT_ERROR_ID(kCertIsNotTrustAnchor,
68                      "Certificate is not a trust anchor");
69 DEFINE_CERT_ERROR_ID(kNoValidPolicy, "No valid policy");
70 DEFINE_CERT_ERROR_ID(kPolicyMappingAnyPolicy,
71                      "PolicyMappings must not map anyPolicy");
72 DEFINE_CERT_ERROR_ID(kFailedParsingSpki, "Couldn't parse SubjectPublicKeyInfo");
73 DEFINE_CERT_ERROR_ID(kUnacceptableSignatureAlgorithm,
74                      "Unacceptable signature algorithm");
75 DEFINE_CERT_ERROR_ID(kUnacceptablePublicKey, "Unacceptable public key");
76 DEFINE_CERT_ERROR_ID(kCertificateRevoked, "Certificate is revoked");
77 DEFINE_CERT_ERROR_ID(kNoRevocationMechanism,
78                      "Certificate lacks a revocation mechanism");
79 DEFINE_CERT_ERROR_ID(kUnableToCheckRevocation, "Unable to check revocation");
80 DEFINE_CERT_ERROR_ID(kNoIssuersFound, "No matching issuer found");
81 DEFINE_CERT_ERROR_ID(kDeadlineExceeded, "Deadline exceeded");
82 DEFINE_CERT_ERROR_ID(kIterationLimitExceeded, "Iteration limit exceeded");
83 DEFINE_CERT_ERROR_ID(kDepthLimitExceeded, "Depth limit exceeded");
84 
85 }  // namespace net::cert_errors
86