Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(69)

Side by Side Diff: net/base/x509_certificate_nss.cc

Issue 6626033: An RSA SSL server certificate whose Key Usage extension... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Comment out the untrusted CA check for USE_NSS Created 9 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | net/base/x509_certificate_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_certificate.h" 5 #include "net/base/x509_certificate.h"
6 6
7 #include <cert.h> 7 #include <cert.h>
8 #include <cryptohi.h> 8 #include <cryptohi.h>
9 #include <keyhi.h> 9 #include <keyhi.h>
10 #include <nss.h> 10 #include <nss.h>
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after
91 int MapSecurityError(int err) { 91 int MapSecurityError(int err) {
92 switch (err) { 92 switch (err) {
93 case PR_DIRECTORY_LOOKUP_ERROR: // DNS lookup error. 93 case PR_DIRECTORY_LOOKUP_ERROR: // DNS lookup error.
94 return ERR_NAME_NOT_RESOLVED; 94 return ERR_NAME_NOT_RESOLVED;
95 case SEC_ERROR_INVALID_ARGS: 95 case SEC_ERROR_INVALID_ARGS:
96 return ERR_INVALID_ARGUMENT; 96 return ERR_INVALID_ARGUMENT;
97 case SSL_ERROR_BAD_CERT_DOMAIN: 97 case SSL_ERROR_BAD_CERT_DOMAIN:
98 return ERR_CERT_COMMON_NAME_INVALID; 98 return ERR_CERT_COMMON_NAME_INVALID;
99 case SEC_ERROR_INVALID_TIME: 99 case SEC_ERROR_INVALID_TIME:
100 case SEC_ERROR_EXPIRED_CERTIFICATE: 100 case SEC_ERROR_EXPIRED_CERTIFICATE:
101 case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
101 return ERR_CERT_DATE_INVALID; 102 return ERR_CERT_DATE_INVALID;
102 case SEC_ERROR_UNKNOWN_ISSUER: 103 case SEC_ERROR_UNKNOWN_ISSUER:
103 case SEC_ERROR_UNTRUSTED_ISSUER: 104 case SEC_ERROR_UNTRUSTED_ISSUER:
104 case SEC_ERROR_CA_CERT_INVALID: 105 case SEC_ERROR_CA_CERT_INVALID:
105 case SEC_ERROR_UNTRUSTED_CERT: 106 case SEC_ERROR_UNTRUSTED_CERT:
106 return ERR_CERT_AUTHORITY_INVALID; 107 return ERR_CERT_AUTHORITY_INVALID;
107 case SEC_ERROR_REVOKED_CERTIFICATE: 108 case SEC_ERROR_REVOKED_CERTIFICATE:
108 return ERR_CERT_REVOKED; 109 return ERR_CERT_REVOKED;
109 case SEC_ERROR_BAD_DER: 110 case SEC_ERROR_BAD_DER:
110 case SEC_ERROR_BAD_SIGNATURE: 111 case SEC_ERROR_BAD_SIGNATURE:
111 case SEC_ERROR_CERT_NOT_VALID: 112 case SEC_ERROR_CERT_NOT_VALID:
112 // TODO(port): add an ERR_CERT_WRONG_USAGE error code. 113 // TODO(port): add an ERR_CERT_WRONG_USAGE error code.
113 case SEC_ERROR_CERT_USAGES_INVALID: 114 case SEC_ERROR_CERT_USAGES_INVALID:
115 case SEC_ERROR_INADEQUATE_KEY_USAGE:
116 case SEC_ERROR_INADEQUATE_CERT_TYPE:
114 case SEC_ERROR_POLICY_VALIDATION_FAILED: 117 case SEC_ERROR_POLICY_VALIDATION_FAILED:
118 case SEC_ERROR_CERT_NOT_IN_NAME_SPACE:
119 case SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID:
120 case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
121 case SEC_ERROR_EXTENSION_VALUE_INVALID:
115 return ERR_CERT_INVALID; 122 return ERR_CERT_INVALID;
116 default: 123 default:
117 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED"; 124 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED";
118 return ERR_FAILED; 125 return ERR_FAILED;
119 } 126 }
120 } 127 }
121 128
122 // Map PORT_GetError() return values to our cert status flags. 129 // Map PORT_GetError() return values to our cert status flags.
123 int MapCertErrorToCertStatus(int err) { 130 int MapCertErrorToCertStatus(int err) {
124 switch (err) { 131 switch (err) {
125 case SSL_ERROR_BAD_CERT_DOMAIN: 132 case SSL_ERROR_BAD_CERT_DOMAIN:
126 return CERT_STATUS_COMMON_NAME_INVALID; 133 return CERT_STATUS_COMMON_NAME_INVALID;
127 case SEC_ERROR_INVALID_TIME: 134 case SEC_ERROR_INVALID_TIME:
128 case SEC_ERROR_EXPIRED_CERTIFICATE: 135 case SEC_ERROR_EXPIRED_CERTIFICATE:
136 case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
129 return CERT_STATUS_DATE_INVALID; 137 return CERT_STATUS_DATE_INVALID;
130 case SEC_ERROR_UNTRUSTED_CERT: 138 case SEC_ERROR_UNTRUSTED_CERT:
131 case SEC_ERROR_UNKNOWN_ISSUER: 139 case SEC_ERROR_UNKNOWN_ISSUER:
132 case SEC_ERROR_UNTRUSTED_ISSUER: 140 case SEC_ERROR_UNTRUSTED_ISSUER:
133 case SEC_ERROR_CA_CERT_INVALID: 141 case SEC_ERROR_CA_CERT_INVALID:
134 return CERT_STATUS_AUTHORITY_INVALID; 142 return CERT_STATUS_AUTHORITY_INVALID;
135 // TODO(port): map CERT_STATUS_NO_REVOCATION_MECHANISM. 143 // TODO(port): map CERT_STATUS_NO_REVOCATION_MECHANISM.
136 case SEC_ERROR_OCSP_BAD_HTTP_RESPONSE: 144 case SEC_ERROR_OCSP_BAD_HTTP_RESPONSE:
137 case SEC_ERROR_OCSP_SERVER_ERROR: 145 case SEC_ERROR_OCSP_SERVER_ERROR:
138 return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; 146 return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION;
139 case SEC_ERROR_REVOKED_CERTIFICATE: 147 case SEC_ERROR_REVOKED_CERTIFICATE:
140 return CERT_STATUS_REVOKED; 148 return CERT_STATUS_REVOKED;
141 case SEC_ERROR_BAD_DER: 149 case SEC_ERROR_BAD_DER:
142 case SEC_ERROR_BAD_SIGNATURE: 150 case SEC_ERROR_BAD_SIGNATURE:
143 case SEC_ERROR_CERT_NOT_VALID: 151 case SEC_ERROR_CERT_NOT_VALID:
144 // TODO(port): add a CERT_STATUS_WRONG_USAGE error code. 152 // TODO(port): add a CERT_STATUS_WRONG_USAGE error code.
145 case SEC_ERROR_CERT_USAGES_INVALID: 153 case SEC_ERROR_CERT_USAGES_INVALID:
154 case SEC_ERROR_INADEQUATE_KEY_USAGE: // Key usage.
155 case SEC_ERROR_INADEQUATE_CERT_TYPE: // Extended key usage and whether
156 // the certificate is a CA.
146 case SEC_ERROR_POLICY_VALIDATION_FAILED: 157 case SEC_ERROR_POLICY_VALIDATION_FAILED:
158 case SEC_ERROR_CERT_NOT_IN_NAME_SPACE:
159 case SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID:
160 case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
161 case SEC_ERROR_EXTENSION_VALUE_INVALID:
147 return CERT_STATUS_INVALID; 162 return CERT_STATUS_INVALID;
148 default: 163 default:
149 return 0; 164 return 0;
150 } 165 }
151 } 166 }
152 167
153 // Saves some information about the certificate chain cert_list in 168 // Saves some information about the certificate chain cert_list in
154 // *verify_result. The caller MUST initialize *verify_result before calling 169 // *verify_result. The caller MUST initialize *verify_result before calling
155 // this function. 170 // this function.
156 // Note that cert_list[0] is the end entity certificate and cert_list doesn't 171 // Note that cert_list[0] is the end entity certificate and cert_list doesn't
(...skipping 774 matching lines...) Expand 10 before | Expand all | Expand 10 after
931 DCHECK(0 != cert->derCert.len); 946 DCHECK(0 != cert->derCert.len);
932 947
933 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, sha1.data, 948 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, sha1.data,
934 cert->derCert.data, cert->derCert.len); 949 cert->derCert.data, cert->derCert.len);
935 DCHECK(rv == SECSuccess); 950 DCHECK(rv == SECSuccess);
936 951
937 return sha1; 952 return sha1;
938 } 953 }
939 954
940 } // namespace net 955 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/base/x509_certificate_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698