| OLD | NEW |
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <cryptohi.h> | 8 #include <cryptohi.h> |
| 9 #include <keyhi.h> | 9 #include <keyhi.h> |
| 10 #include <nss.h> | 10 #include <nss.h> |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 91 int MapSecurityError(int err) { | 91 int MapSecurityError(int err) { |
| 92 switch (err) { | 92 switch (err) { |
| 93 case PR_DIRECTORY_LOOKUP_ERROR: // DNS lookup error. | 93 case PR_DIRECTORY_LOOKUP_ERROR: // DNS lookup error. |
| 94 return ERR_NAME_NOT_RESOLVED; | 94 return ERR_NAME_NOT_RESOLVED; |
| 95 case SEC_ERROR_INVALID_ARGS: | 95 case SEC_ERROR_INVALID_ARGS: |
| 96 return ERR_INVALID_ARGUMENT; | 96 return ERR_INVALID_ARGUMENT; |
| 97 case SSL_ERROR_BAD_CERT_DOMAIN: | 97 case SSL_ERROR_BAD_CERT_DOMAIN: |
| 98 return ERR_CERT_COMMON_NAME_INVALID; | 98 return ERR_CERT_COMMON_NAME_INVALID; |
| 99 case SEC_ERROR_INVALID_TIME: | 99 case SEC_ERROR_INVALID_TIME: |
| 100 case SEC_ERROR_EXPIRED_CERTIFICATE: | 100 case SEC_ERROR_EXPIRED_CERTIFICATE: |
| 101 case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: |
| 101 return ERR_CERT_DATE_INVALID; | 102 return ERR_CERT_DATE_INVALID; |
| 102 case SEC_ERROR_UNKNOWN_ISSUER: | 103 case SEC_ERROR_UNKNOWN_ISSUER: |
| 103 case SEC_ERROR_UNTRUSTED_ISSUER: | 104 case SEC_ERROR_UNTRUSTED_ISSUER: |
| 104 case SEC_ERROR_CA_CERT_INVALID: | 105 case SEC_ERROR_CA_CERT_INVALID: |
| 105 case SEC_ERROR_UNTRUSTED_CERT: | 106 case SEC_ERROR_UNTRUSTED_CERT: |
| 106 return ERR_CERT_AUTHORITY_INVALID; | 107 return ERR_CERT_AUTHORITY_INVALID; |
| 107 case SEC_ERROR_REVOKED_CERTIFICATE: | 108 case SEC_ERROR_REVOKED_CERTIFICATE: |
| 108 return ERR_CERT_REVOKED; | 109 return ERR_CERT_REVOKED; |
| 109 case SEC_ERROR_BAD_DER: | 110 case SEC_ERROR_BAD_DER: |
| 110 case SEC_ERROR_BAD_SIGNATURE: | 111 case SEC_ERROR_BAD_SIGNATURE: |
| 111 case SEC_ERROR_CERT_NOT_VALID: | 112 case SEC_ERROR_CERT_NOT_VALID: |
| 112 // TODO(port): add an ERR_CERT_WRONG_USAGE error code. | 113 // TODO(port): add an ERR_CERT_WRONG_USAGE error code. |
| 113 case SEC_ERROR_CERT_USAGES_INVALID: | 114 case SEC_ERROR_CERT_USAGES_INVALID: |
| 115 case SEC_ERROR_INADEQUATE_KEY_USAGE: |
| 116 case SEC_ERROR_INADEQUATE_CERT_TYPE: |
| 114 case SEC_ERROR_POLICY_VALIDATION_FAILED: | 117 case SEC_ERROR_POLICY_VALIDATION_FAILED: |
| 118 case SEC_ERROR_CERT_NOT_IN_NAME_SPACE: |
| 119 case SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID: |
| 120 case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION: |
| 121 case SEC_ERROR_EXTENSION_VALUE_INVALID: |
| 115 return ERR_CERT_INVALID; | 122 return ERR_CERT_INVALID; |
| 116 default: | 123 default: |
| 117 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED"; | 124 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED"; |
| 118 return ERR_FAILED; | 125 return ERR_FAILED; |
| 119 } | 126 } |
| 120 } | 127 } |
| 121 | 128 |
| 122 // Map PORT_GetError() return values to our cert status flags. | 129 // Map PORT_GetError() return values to our cert status flags. |
| 123 int MapCertErrorToCertStatus(int err) { | 130 int MapCertErrorToCertStatus(int err) { |
| 124 switch (err) { | 131 switch (err) { |
| 125 case SSL_ERROR_BAD_CERT_DOMAIN: | 132 case SSL_ERROR_BAD_CERT_DOMAIN: |
| 126 return CERT_STATUS_COMMON_NAME_INVALID; | 133 return CERT_STATUS_COMMON_NAME_INVALID; |
| 127 case SEC_ERROR_INVALID_TIME: | 134 case SEC_ERROR_INVALID_TIME: |
| 128 case SEC_ERROR_EXPIRED_CERTIFICATE: | 135 case SEC_ERROR_EXPIRED_CERTIFICATE: |
| 136 case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: |
| 129 return CERT_STATUS_DATE_INVALID; | 137 return CERT_STATUS_DATE_INVALID; |
| 130 case SEC_ERROR_UNTRUSTED_CERT: | 138 case SEC_ERROR_UNTRUSTED_CERT: |
| 131 case SEC_ERROR_UNKNOWN_ISSUER: | 139 case SEC_ERROR_UNKNOWN_ISSUER: |
| 132 case SEC_ERROR_UNTRUSTED_ISSUER: | 140 case SEC_ERROR_UNTRUSTED_ISSUER: |
| 133 case SEC_ERROR_CA_CERT_INVALID: | 141 case SEC_ERROR_CA_CERT_INVALID: |
| 134 return CERT_STATUS_AUTHORITY_INVALID; | 142 return CERT_STATUS_AUTHORITY_INVALID; |
| 135 // TODO(port): map CERT_STATUS_NO_REVOCATION_MECHANISM. | 143 // TODO(port): map CERT_STATUS_NO_REVOCATION_MECHANISM. |
| 136 case SEC_ERROR_OCSP_BAD_HTTP_RESPONSE: | 144 case SEC_ERROR_OCSP_BAD_HTTP_RESPONSE: |
| 137 case SEC_ERROR_OCSP_SERVER_ERROR: | 145 case SEC_ERROR_OCSP_SERVER_ERROR: |
| 138 return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; | 146 return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; |
| 139 case SEC_ERROR_REVOKED_CERTIFICATE: | 147 case SEC_ERROR_REVOKED_CERTIFICATE: |
| 140 return CERT_STATUS_REVOKED; | 148 return CERT_STATUS_REVOKED; |
| 141 case SEC_ERROR_BAD_DER: | 149 case SEC_ERROR_BAD_DER: |
| 142 case SEC_ERROR_BAD_SIGNATURE: | 150 case SEC_ERROR_BAD_SIGNATURE: |
| 143 case SEC_ERROR_CERT_NOT_VALID: | 151 case SEC_ERROR_CERT_NOT_VALID: |
| 144 // TODO(port): add a CERT_STATUS_WRONG_USAGE error code. | 152 // TODO(port): add a CERT_STATUS_WRONG_USAGE error code. |
| 145 case SEC_ERROR_CERT_USAGES_INVALID: | 153 case SEC_ERROR_CERT_USAGES_INVALID: |
| 154 case SEC_ERROR_INADEQUATE_KEY_USAGE: // Key usage. |
| 155 case SEC_ERROR_INADEQUATE_CERT_TYPE: // Extended key usage and whether |
| 156 // the certificate is a CA. |
| 146 case SEC_ERROR_POLICY_VALIDATION_FAILED: | 157 case SEC_ERROR_POLICY_VALIDATION_FAILED: |
| 158 case SEC_ERROR_CERT_NOT_IN_NAME_SPACE: |
| 159 case SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID: |
| 160 case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION: |
| 161 case SEC_ERROR_EXTENSION_VALUE_INVALID: |
| 147 return CERT_STATUS_INVALID; | 162 return CERT_STATUS_INVALID; |
| 148 default: | 163 default: |
| 149 return 0; | 164 return 0; |
| 150 } | 165 } |
| 151 } | 166 } |
| 152 | 167 |
| 153 // Saves some information about the certificate chain cert_list in | 168 // Saves some information about the certificate chain cert_list in |
| 154 // *verify_result. The caller MUST initialize *verify_result before calling | 169 // *verify_result. The caller MUST initialize *verify_result before calling |
| 155 // this function. | 170 // this function. |
| 156 // Note that cert_list[0] is the end entity certificate and cert_list doesn't | 171 // Note that cert_list[0] is the end entity certificate and cert_list doesn't |
| (...skipping 774 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 931 DCHECK(0 != cert->derCert.len); | 946 DCHECK(0 != cert->derCert.len); |
| 932 | 947 |
| 933 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, sha1.data, | 948 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, sha1.data, |
| 934 cert->derCert.data, cert->derCert.len); | 949 cert->derCert.data, cert->derCert.len); |
| 935 DCHECK(rv == SECSuccess); | 950 DCHECK(rv == SECSuccess); |
| 936 | 951 |
| 937 return sha1; | 952 return sha1; |
| 938 } | 953 } |
| 939 | 954 |
| 940 } // namespace net | 955 } // namespace net |
| OLD | NEW |