net/cert/cert_status_flags.cc

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/cert/cert_status_flags.h"
   6
   7 #include "base/logging.h"
   8 #include "net/base/net_errors.h"
   9
  10 namespace net {
  11
  12 bool IsCertStatusMinorError(CertStatus cert_status) {
  13   static const CertStatus kMinorErrors =
  14       CERT_STATUS_UNABLE_TO_CHECK_REVOCATION |
  15       CERT_STATUS_NO_REVOCATION_MECHANISM;
  16   cert_status &= CERT_STATUS_ALL_ERRORS;
  17   return cert_status != 0 && (cert_status & ~kMinorErrors) == 0;
  18 }
  19
  20 CertStatus MapNetErrorToCertStatus(int error) {
  21   switch (error) {
  22     case ERR_CERT_COMMON_NAME_INVALID:
  23       return CERT_STATUS_COMMON_NAME_INVALID;
  24     case ERR_CERT_DATE_INVALID:
  25       return CERT_STATUS_DATE_INVALID;
  26     case ERR_CERT_AUTHORITY_INVALID:
  27       return CERT_STATUS_AUTHORITY_INVALID;
  28     case ERR_CERT_NO_REVOCATION_MECHANISM:
  29       return CERT_STATUS_NO_REVOCATION_MECHANISM;
  30     case ERR_CERT_UNABLE_TO_CHECK_REVOCATION:
  31       return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION;
  32     case ERR_CERT_REVOKED:
  33       return CERT_STATUS_REVOKED;
  34     // We added the ERR_CERT_CONTAINS_ERRORS error code when we were using
  35     // WinInet, but we never figured out how it differs from ERR_CERT_INVALID.
  36     // We should not use ERR_CERT_CONTAINS_ERRORS in new code.
  37     case ERR_CERT_CONTAINS_ERRORS:
  38       NOTREACHED();
  39       // Falls through.
  40     case ERR_CERT_INVALID:
  41       return CERT_STATUS_INVALID;
  42     case ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
  43       return CERT_STATUS_WEAK_SIGNATURE_ALGORITHM;
  44     case ERR_CERT_WEAK_KEY:
  45       return CERT_STATUS_WEAK_KEY;
  46     case ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN:
  47       return CERT_STATUS_PINNED_KEY_MISSING;
  48     case ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY:
  49       return CERT_STATUS_WEAK_DH_KEY;
  50     default:
  51       return 0;
  52   }
  53 }
  54
  55 int MapCertStatusToNetError(CertStatus cert_status) {
  56   // A certificate may have multiple errors.  We report the most
  57   // serious error.
  58
  59   // Unrecoverable errors
  60   if (cert_status & CERT_STATUS_REVOKED)
  61     return ERR_CERT_REVOKED;
  62   if (cert_status & CERT_STATUS_INVALID)
  63     return ERR_CERT_INVALID;
  64   if (cert_status & CERT_STATUS_PINNED_KEY_MISSING)
  65     return ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
  66   if (cert_status & CERT_STATUS_WEAK_DH_KEY)
  67     return ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY;
  68
  69   // Recoverable errors
  70   if (cert_status & CERT_STATUS_AUTHORITY_INVALID)
  71     return ERR_CERT_AUTHORITY_INVALID;
  72   if (cert_status & CERT_STATUS_COMMON_NAME_INVALID)
  73     return ERR_CERT_COMMON_NAME_INVALID;
  74   if (cert_status & CERT_STATUS_WEAK_SIGNATURE_ALGORITHM)
  75     return ERR_CERT_WEAK_SIGNATURE_ALGORITHM;
  76   if (cert_status & CERT_STATUS_WEAK_KEY)
  77     return ERR_CERT_WEAK_KEY;
  78   if (cert_status & CERT_STATUS_DATE_INVALID)
  79     return ERR_CERT_DATE_INVALID;
  80
  81   // Unknown status.  Give it the benefit of the doubt.
  82   if (cert_status & CERT_STATUS_UNABLE_TO_CHECK_REVOCATION)
  83     return ERR_CERT_UNABLE_TO_CHECK_REVOCATION;
  84   if (cert_status & CERT_STATUS_NO_REVOCATION_MECHANISM)
  85     return ERR_CERT_NO_REVOCATION_MECHANISM;
  86
  87   NOTREACHED();
  88   return ERR_UNEXPECTED;
  89 }
  90
  91 }  // namespace net