1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/cert/cert_status_flags.h" 6 7 #include "base/logging.h" 8 #include "net/base/net_errors.h" 9 10 namespace net { 11 IsCertStatusMinorError(CertStatus cert_status)12bool IsCertStatusMinorError(CertStatus cert_status) { 13 static const CertStatus kMinorErrors = 14 CERT_STATUS_UNABLE_TO_CHECK_REVOCATION | 15 CERT_STATUS_NO_REVOCATION_MECHANISM; 16 cert_status &= CERT_STATUS_ALL_ERRORS; 17 return cert_status != 0 && (cert_status & ~kMinorErrors) == 0; 18 } 19 MapNetErrorToCertStatus(int error)20CertStatus MapNetErrorToCertStatus(int error) { 21 switch (error) { 22 case ERR_CERT_COMMON_NAME_INVALID: 23 return CERT_STATUS_COMMON_NAME_INVALID; 24 case ERR_CERT_DATE_INVALID: 25 return CERT_STATUS_DATE_INVALID; 26 case ERR_CERT_AUTHORITY_INVALID: 27 return CERT_STATUS_AUTHORITY_INVALID; 28 case ERR_CERT_NO_REVOCATION_MECHANISM: 29 return CERT_STATUS_NO_REVOCATION_MECHANISM; 30 case ERR_CERT_UNABLE_TO_CHECK_REVOCATION: 31 return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; 32 case ERR_CERT_REVOKED: 33 return CERT_STATUS_REVOKED; 34 // We added the ERR_CERT_CONTAINS_ERRORS error code when we were using 35 // WinInet, but we never figured out how it differs from ERR_CERT_INVALID. 36 // We should not use ERR_CERT_CONTAINS_ERRORS in new code. 37 case ERR_CERT_CONTAINS_ERRORS: 38 NOTREACHED(); 39 // Falls through. 40 case ERR_CERT_INVALID: 41 return CERT_STATUS_INVALID; 42 case ERR_CERT_WEAK_SIGNATURE_ALGORITHM: 43 return CERT_STATUS_WEAK_SIGNATURE_ALGORITHM; 44 case ERR_CERT_NON_UNIQUE_NAME: 45 return CERT_STATUS_NON_UNIQUE_NAME; 46 case ERR_CERT_WEAK_KEY: 47 return CERT_STATUS_WEAK_KEY; 48 case ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN: 49 return CERT_STATUS_PINNED_KEY_MISSING; 50 case ERR_CERT_NAME_CONSTRAINT_VIOLATION: 51 return CERT_STATUS_NAME_CONSTRAINT_VIOLATION; 52 default: 53 return 0; 54 } 55 } 56 MapCertStatusToNetError(CertStatus cert_status)57int MapCertStatusToNetError(CertStatus cert_status) { 58 // A certificate may have multiple errors. We report the most 59 // serious error. 60 61 // Unrecoverable errors 62 if (cert_status & CERT_STATUS_REVOKED) 63 return ERR_CERT_REVOKED; 64 if (cert_status & CERT_STATUS_INVALID) 65 return ERR_CERT_INVALID; 66 if (cert_status & CERT_STATUS_PINNED_KEY_MISSING) 67 return ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; 68 69 // Recoverable errors 70 if (cert_status & CERT_STATUS_AUTHORITY_INVALID) 71 return ERR_CERT_AUTHORITY_INVALID; 72 if (cert_status & CERT_STATUS_COMMON_NAME_INVALID) 73 return ERR_CERT_COMMON_NAME_INVALID; 74 // CERT_STATUS_NON_UNIQUE_NAME is intentionally not mapped to an error. 75 // It is treated as just a warning and used to degrade the SSL UI. 76 if (cert_status & CERT_STATUS_NAME_CONSTRAINT_VIOLATION) 77 return ERR_CERT_NAME_CONSTRAINT_VIOLATION; 78 if (cert_status & CERT_STATUS_WEAK_SIGNATURE_ALGORITHM) 79 return ERR_CERT_WEAK_SIGNATURE_ALGORITHM; 80 if (cert_status & CERT_STATUS_WEAK_KEY) 81 return ERR_CERT_WEAK_KEY; 82 if (cert_status & CERT_STATUS_DATE_INVALID) 83 return ERR_CERT_DATE_INVALID; 84 85 // Unknown status. Give it the benefit of the doubt. 86 if (cert_status & CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) 87 return ERR_CERT_UNABLE_TO_CHECK_REVOCATION; 88 if (cert_status & CERT_STATUS_NO_REVOCATION_MECHANISM) 89 return ERR_CERT_NO_REVOCATION_MECHANISM; 90 91 NOTREACHED(); 92 return ERR_UNEXPECTED; 93 } 94 95 } // namespace net 96