| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/ssl_error_info.h" | 5 #include "chrome/browser/ssl/ssl_error_info.h" |
| 6 | 6 |
| 7 #include "base/i18n/time_formatting.h" | 7 #include "base/i18n/time_formatting.h" |
| 8 #include "base/strings/utf_string_conversions.h" | 8 #include "base/strings/utf_string_conversions.h" |
| 9 #include "content/public/browser/cert_store.h" | 9 #include "content/public/browser/cert_store.h" |
| 10 #include "grit/chromium_strings.h" | 10 #include "grit/chromium_strings.h" |
| (...skipping 208 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 219 short_description = l10n_util::GetStringUTF16( | 219 short_description = l10n_util::GetStringUTF16( |
| 220 IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DESCRIPTION); | 220 IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DESCRIPTION); |
| 221 break; | 221 break; |
| 222 case CERT_PINNED_KEY_MISSING: | 222 case CERT_PINNED_KEY_MISSING: |
| 223 title = l10n_util::GetStringUTF16( | 223 title = l10n_util::GetStringUTF16( |
| 224 IDS_ERRORPAGES_HEADING_PINNING_FAILURE); | 224 IDS_ERRORPAGES_HEADING_PINNING_FAILURE); |
| 225 details = l10n_util::GetStringUTF16( | 225 details = l10n_util::GetStringUTF16( |
| 226 IDS_ERRORPAGES_SUMMARY_PINNING_FAILURE); | 226 IDS_ERRORPAGES_SUMMARY_PINNING_FAILURE); |
| 227 short_description = l10n_util::GetStringUTF16( | 227 short_description = l10n_util::GetStringUTF16( |
| 228 IDS_ERRORPAGES_DETAILS_PINNING_FAILURE); | 228 IDS_ERRORPAGES_DETAILS_PINNING_FAILURE); |
| 229 case CERT_TOO_LONG_VALIDITY: |
| 230 title = l10n_util::GetStringUTF16(IDS_CERT_ERROR_TOO_LONG_VALIDITY_TITLE); |
| 231 details = l10n_util::GetStringFUTF16( |
| 232 IDS_CERT_ERROR_TOO_LONG_VALIDITY_DETAILS, |
| 233 UTF8ToUTF16(request_url.host())); |
| 234 short_description = l10n_util::GetStringUTF16( |
| 235 IDS_CERT_ERROR_TOO_LONG_VALIDITY_DESCRIPTION); |
| 236 extra_info.push_back( |
| 237 l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_1)); |
| 238 extra_info.push_back( |
| 239 l10n_util::GetStringUTF16( |
| 240 IDS_CERT_ERROR_TOO_LONG_VALIDITY_EXTRA_INFO_2)); |
| 241 break; |
| 229 case UNKNOWN: | 242 case UNKNOWN: |
| 230 title = l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_TITLE); | 243 title = l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_TITLE); |
| 231 details = l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DETAILS); | 244 details = l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DETAILS); |
| 232 short_description = | 245 short_description = |
| 233 l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DESCRIPTION); | 246 l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DESCRIPTION); |
| 234 break; | 247 break; |
| 235 default: | 248 default: |
| 236 NOTREACHED(); | 249 NOTREACHED(); |
| 237 } | 250 } |
| 238 return SSLErrorInfo(title, details, short_description, extra_info); | 251 return SSLErrorInfo(title, details, short_description, extra_info); |
| (...skipping 24 matching lines...) Expand all Loading... |
| 263 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM: | 276 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM: |
| 264 return CERT_WEAK_SIGNATURE_ALGORITHM; | 277 return CERT_WEAK_SIGNATURE_ALGORITHM; |
| 265 case net::ERR_CERT_WEAK_KEY: | 278 case net::ERR_CERT_WEAK_KEY: |
| 266 return CERT_WEAK_KEY; | 279 return CERT_WEAK_KEY; |
| 267 case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION: | 280 case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION: |
| 268 return CERT_NAME_CONSTRAINT_VIOLATION; | 281 return CERT_NAME_CONSTRAINT_VIOLATION; |
| 269 case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY: | 282 case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY: |
| 270 return CERT_WEAK_KEY_DH; | 283 return CERT_WEAK_KEY_DH; |
| 271 case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN: | 284 case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN: |
| 272 return CERT_PINNED_KEY_MISSING; | 285 return CERT_PINNED_KEY_MISSING; |
| 286 case net::ERR_CERT_TOO_LONG_VALIDITY: |
| 287 return CERT_TOO_LONG_VALIDITY; |
| 273 default: | 288 default: |
| 274 NOTREACHED(); | 289 NOTREACHED(); |
| 275 return UNKNOWN; | 290 return UNKNOWN; |
| 276 } | 291 } |
| 277 } | 292 } |
| 278 | 293 |
| 279 // static | 294 // static |
| 280 int SSLErrorInfo::GetErrorsForCertStatus(int cert_id, | 295 int SSLErrorInfo::GetErrorsForCertStatus(int cert_id, |
| 281 net::CertStatus cert_status, | 296 net::CertStatus cert_status, |
| 282 const GURL& url, | 297 const GURL& url, |
| 283 std::vector<SSLErrorInfo>* errors) { | 298 std::vector<SSLErrorInfo>* errors) { |
| 284 const net::CertStatus kErrorFlags[] = { | 299 const net::CertStatus kErrorFlags[] = { |
| 285 net::CERT_STATUS_COMMON_NAME_INVALID, | 300 net::CERT_STATUS_COMMON_NAME_INVALID, |
| 286 net::CERT_STATUS_DATE_INVALID, | 301 net::CERT_STATUS_DATE_INVALID, |
| 287 net::CERT_STATUS_AUTHORITY_INVALID, | 302 net::CERT_STATUS_AUTHORITY_INVALID, |
| 288 net::CERT_STATUS_NO_REVOCATION_MECHANISM, | 303 net::CERT_STATUS_NO_REVOCATION_MECHANISM, |
| 289 net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, | 304 net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, |
| 290 net::CERT_STATUS_REVOKED, | 305 net::CERT_STATUS_REVOKED, |
| 291 net::CERT_STATUS_INVALID, | 306 net::CERT_STATUS_INVALID, |
| 292 net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM, | 307 net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM, |
| 293 net::CERT_STATUS_WEAK_KEY, | 308 net::CERT_STATUS_WEAK_KEY, |
| 294 net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION, | 309 net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION, |
| 310 net::CERT_STATUS_TOO_LONG_VALIDITY |
| 295 }; | 311 }; |
| 296 | 312 |
| 297 const ErrorType kErrorTypes[] = { | 313 const ErrorType kErrorTypes[] = { |
| 298 CERT_COMMON_NAME_INVALID, | 314 CERT_COMMON_NAME_INVALID, |
| 299 CERT_DATE_INVALID, | 315 CERT_DATE_INVALID, |
| 300 CERT_AUTHORITY_INVALID, | 316 CERT_AUTHORITY_INVALID, |
| 301 CERT_NO_REVOCATION_MECHANISM, | 317 CERT_NO_REVOCATION_MECHANISM, |
| 302 CERT_UNABLE_TO_CHECK_REVOCATION, | 318 CERT_UNABLE_TO_CHECK_REVOCATION, |
| 303 CERT_REVOKED, | 319 CERT_REVOKED, |
| 304 CERT_INVALID, | 320 CERT_INVALID, |
| 305 CERT_WEAK_SIGNATURE_ALGORITHM, | 321 CERT_WEAK_SIGNATURE_ALGORITHM, |
| 306 CERT_WEAK_KEY, | 322 CERT_WEAK_KEY, |
| 307 CERT_NAME_CONSTRAINT_VIOLATION, | 323 CERT_NAME_CONSTRAINT_VIOLATION, |
| 324 CERT_TOO_LONG_VALIDITY |
| 308 }; | 325 }; |
| 309 DCHECK(arraysize(kErrorFlags) == arraysize(kErrorTypes)); | 326 DCHECK(arraysize(kErrorFlags) == arraysize(kErrorTypes)); |
| 310 | 327 |
| 311 scoped_refptr<net::X509Certificate> cert = NULL; | 328 scoped_refptr<net::X509Certificate> cert = NULL; |
| 312 int count = 0; | 329 int count = 0; |
| 313 for (size_t i = 0; i < arraysize(kErrorFlags); ++i) { | 330 for (size_t i = 0; i < arraysize(kErrorFlags); ++i) { |
| 314 if (cert_status & kErrorFlags[i]) { | 331 if (cert_status & kErrorFlags[i]) { |
| 315 count++; | 332 count++; |
| 316 if (!cert.get()) { | 333 if (!cert.get()) { |
| 317 bool r = content::CertStore::GetInstance()->RetrieveCert( | 334 bool r = content::CertStore::GetInstance()->RetrieveCert( |
| 318 cert_id, &cert); | 335 cert_id, &cert); |
| 319 DCHECK(r); | 336 DCHECK(r); |
| 320 } | 337 } |
| 321 if (errors) | 338 if (errors) { |
| 322 errors->push_back( | 339 errors->push_back( |
| 323 SSLErrorInfo::CreateError(kErrorTypes[i], cert.get(), url)); | 340 SSLErrorInfo::CreateError(kErrorTypes[i], cert.get(), url)); |
| 341 } |
| 324 } | 342 } |
| 325 } | 343 } |
| 326 return count; | 344 return count; |
| 327 } | 345 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 20628006:
Reject certificates that are valid for too long. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src