1 /* 2 * Copyright (C) 2006 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.net.http; 18 19 import java.security.cert.X509Certificate; 20 21 /** 22 * One or more individual SSL errors and the associated SSL certificate 23 */ 24 public class SslError { 25 26 /** 27 * Individual SSL errors (in the order from the least to the most severe): 28 */ 29 30 /** 31 * The certificate is not yet valid 32 */ 33 public static final int SSL_NOTYETVALID = 0; 34 /** 35 * The certificate has expired 36 */ 37 public static final int SSL_EXPIRED = 1; 38 /** 39 * Hostname mismatch 40 */ 41 public static final int SSL_IDMISMATCH = 2; 42 /** 43 * The certificate authority is not trusted 44 */ 45 public static final int SSL_UNTRUSTED = 3; 46 47 48 /** 49 * The number of different SSL errors (update if you add a new SSL error!!!) 50 */ 51 public static final int SSL_MAX_ERROR = 4; 52 53 /** 54 * The SSL error set bitfield (each individual error is an bit index; 55 * multiple individual errors can be OR-ed) 56 */ 57 int mErrors; 58 59 /** 60 * The SSL certificate associated with the error set 61 */ 62 SslCertificate mCertificate; 63 64 /** 65 * Creates a new SSL error set object 66 * @param error The SSL error 67 * @param certificate The associated SSL certificate 68 */ SslError(int error, SslCertificate certificate)69 public SslError(int error, SslCertificate certificate) { 70 addError(error); 71 mCertificate = certificate; 72 } 73 74 /** 75 * Creates a new SSL error set object 76 * @param error The SSL error 77 * @param certificate The associated SSL certificate 78 */ SslError(int error, X509Certificate certificate)79 public SslError(int error, X509Certificate certificate) { 80 addError(error); 81 mCertificate = new SslCertificate(certificate); 82 } 83 84 /** 85 * @return The SSL certificate associated with the error set 86 */ getCertificate()87 public SslCertificate getCertificate() { 88 return mCertificate; 89 } 90 91 /** 92 * Adds the SSL error to the error set 93 * @param error The SSL error to add 94 * @return True iff the error being added is a known SSL error 95 */ addError(int error)96 public boolean addError(int error) { 97 boolean rval = (0 <= error && error < SslError.SSL_MAX_ERROR); 98 if (rval) { 99 mErrors |= (0x1 << error); 100 } 101 102 return rval; 103 } 104 105 /** 106 * @param error The SSL error to check 107 * @return True iff the set includes the error 108 */ hasError(int error)109 public boolean hasError(int error) { 110 boolean rval = (0 <= error && error < SslError.SSL_MAX_ERROR); 111 if (rval) { 112 rval = ((mErrors & (0x1 << error)) != 0); 113 } 114 115 return rval; 116 } 117 118 /** 119 * @return The primary, most severe, SSL error in the set 120 */ getPrimaryError()121 public int getPrimaryError() { 122 if (mErrors != 0) { 123 // go from the most to the least severe errors 124 for (int error = SslError.SSL_MAX_ERROR - 1; error >= 0; --error) { 125 if ((mErrors & (0x1 << error)) != 0) { 126 return error; 127 } 128 } 129 } 130 131 return 0; 132 } 133 134 /** 135 * @return A String representation of this SSL error object 136 * (used mostly for debugging). 137 */ toString()138 public String toString() { 139 return "primary error: " + getPrimaryError() + 140 " certificate: " + getCertificate(); 141 } 142 } 143