net/cert/cert_status_flags.cc

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/cert/cert_status_flags.h"
   6
   7 #include "base/logging.h"
   8 #include "net/base/net_errors.h"
   9
  10 namespace net {
  11
  12 bool IsCertStatusMinorError(CertStatus cert_status) {
  13   static const CertStatus kMinorErrors =
  14       CERT_STATUS_UNABLE_TO_CHECK_REVOCATION |
  15       CERT_STATUS_NO_REVOCATION_MECHANISM;
  16   cert_status &= CERT_STATUS_ALL_ERRORS;
  17   return cert_status != 0 && (cert_status & ~kMinorErrors) == 0;
  18 }
  19
  20 CertStatus MapNetErrorToCertStatus(int error) {
  21   switch (error) {
  22     case ERR_CERT_COMMON_NAME_INVALID:
  23       return CERT_STATUS_COMMON_NAME_INVALID;
  24     case ERR_CERT_DATE_INVALID:
  25       return CERT_STATUS_DATE_INVALID;
  26     case ERR_CERT_AUTHORITY_INVALID:
  27       return CERT_STATUS_AUTHORITY_INVALID;
  28     case ERR_CERT_NO_REVOCATION_MECHANISM:
  29       return CERT_STATUS_NO_REVOCATION_MECHANISM;
  30     case ERR_CERT_UNABLE_TO_CHECK_REVOCATION:
  31       return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION;
  32     case ERR_CERT_REVOKED:
  33       return CERT_STATUS_REVOKED;
  34     // We added the ERR_CERT_CONTAINS_ERRORS error code when we were using
  35     // WinInet, but we never figured out how it differs from ERR_CERT_INVALID.
  36     // We should not use ERR_CERT_CONTAINS_ERRORS in new code.
  37     case ERR_CERT_CONTAINS_ERRORS:
  38       NOTREACHED();
  39       // Falls through.
  40     case ERR_CERT_INVALID:
  41       return CERT_STATUS_INVALID;
  42     case ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
  43       return CERT_STATUS_WEAK_SIGNATURE_ALGORITHM;
  44     case ERR_CERT_NON_UNIQUE_NAME:
  45       return CERT_STATUS_NON_UNIQUE_NAME;
  46     case ERR_CERT_WEAK_KEY:
  47       return CERT_STATUS_WEAK_KEY;
  48     case ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN:
  49       return CERT_STATUS_PINNED_KEY_MISSING;
  50     case ERR_CERT_NAME_CONSTRAINT_VIOLATION:
  51       return CERT_STATUS_NAME_CONSTRAINT_VIOLATION;
  52     default:
  53       return 0;
  54   }
  55 }
  56
  57 int MapCertStatusToNetError(CertStatus cert_status) {
  58   // A certificate may have multiple errors.  We report the most
  59   // serious error.
  60
  61   // Unrecoverable errors
  62   if (cert_status & CERT_STATUS_REVOKED)
  63     return ERR_CERT_REVOKED;
  64   if (cert_status & CERT_STATUS_INVALID)
  65     return ERR_CERT_INVALID;
  66   if (cert_status & CERT_STATUS_PINNED_KEY_MISSING)
  67     return ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
  68
  69   // Recoverable errors
  70   if (cert_status & CERT_STATUS_AUTHORITY_INVALID)
  71     return ERR_CERT_AUTHORITY_INVALID;
  72   if (cert_status & CERT_STATUS_COMMON_NAME_INVALID)
  73     return ERR_CERT_COMMON_NAME_INVALID;
  74   // CERT_STATUS_NON_UNIQUE_NAME is intentionally not mapped to an error.
  75   // It is treated as just a warning and used to degrade the SSL UI.
  76   if (cert_status & CERT_STATUS_NAME_CONSTRAINT_VIOLATION)
  77     return ERR_CERT_NAME_CONSTRAINT_VIOLATION;
  78   if (cert_status & CERT_STATUS_WEAK_SIGNATURE_ALGORITHM)
  79     return ERR_CERT_WEAK_SIGNATURE_ALGORITHM;
  80   if (cert_status & CERT_STATUS_WEAK_KEY)
  81     return ERR_CERT_WEAK_KEY;
  82   if (cert_status & CERT_STATUS_DATE_INVALID)
  83     return ERR_CERT_DATE_INVALID;
  84
  85   // Unknown status.  Give it the benefit of the doubt.
  86   if (cert_status & CERT_STATUS_UNABLE_TO_CHECK_REVOCATION)
  87     return ERR_CERT_UNABLE_TO_CHECK_REVOCATION;
  88   if (cert_status & CERT_STATUS_NO_REVOCATION_MECHANISM)
  89     return ERR_CERT_NO_REVOCATION_MECHANISM;
  90
  91   NOTREACHED();
  92   return ERR_UNEXPECTED;
  93 }
  94
  95 }  // namespace net