| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/ssl_error_info.h" | 5 #include "chrome/browser/ssl/ssl_error_info.h" |
| 6 | 6 |
| 7 #include "base/i18n/time_formatting.h" | 7 #include "base/i18n/time_formatting.h" |
| 8 #include "base/strings/string_number_conversions.h" | 8 #include "base/strings/string_number_conversions.h" |
| 9 #include "base/strings/utf_string_conversions.h" | 9 #include "base/strings/utf_string_conversions.h" |
| 10 #include "chrome/grit/chromium_strings.h" | 10 #include "chrome/grit/chromium_strings.h" |
| (...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 138 IDS_CERT_ERROR_WEAK_KEY_DETAILS, UTF8ToUTF16(request_url.host())); | 138 IDS_CERT_ERROR_WEAK_KEY_DETAILS, UTF8ToUTF16(request_url.host())); |
| 139 short_description = l10n_util::GetStringUTF16( | 139 short_description = l10n_util::GetStringUTF16( |
| 140 IDS_CERT_ERROR_WEAK_KEY_DESCRIPTION); | 140 IDS_CERT_ERROR_WEAK_KEY_DESCRIPTION); |
| 141 case CERT_NAME_CONSTRAINT_VIOLATION: | 141 case CERT_NAME_CONSTRAINT_VIOLATION: |
| 142 details = l10n_util::GetStringFUTF16( | 142 details = l10n_util::GetStringFUTF16( |
| 143 IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DETAILS, | 143 IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DETAILS, |
| 144 UTF8ToUTF16(request_url.host())); | 144 UTF8ToUTF16(request_url.host())); |
| 145 short_description = l10n_util::GetStringUTF16( | 145 short_description = l10n_util::GetStringUTF16( |
| 146 IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DESCRIPTION); | 146 IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DESCRIPTION); |
| 147 break; | 147 break; |
| 148 case CERT_TOO_LONG_VALIDITY: |
| 149 title = l10n_util::GetStringUTF16(IDS_CERT_ERROR_TOO_LONG_VALIDITY_TITLE); |
| 150 details = l10n_util::GetStringFUTF16( |
| 151 IDS_CERT_ERROR_TOO_LONG_VALIDITY_DETAILS, |
| 152 UTF8ToUTF16(request_url.host())); |
| 153 short_description = l10n_util::GetStringUTF16( |
| 154 IDS_CERT_ERROR_TOO_LONG_VALIDITY_DESCRIPTION); |
| 155 extra_info.push_back( |
| 156 l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_1)); |
| 157 extra_info.push_back( |
| 158 l10n_util::GetStringUTF16( |
| 159 IDS_CERT_ERROR_TOO_LONG_VALIDITY_EXTRA_INFO_2)); |
| 160 break; |
| 148 case CERT_PINNED_KEY_MISSING: | 161 case CERT_PINNED_KEY_MISSING: |
| 149 details = l10n_util::GetStringUTF16( | 162 details = l10n_util::GetStringUTF16( |
| 150 IDS_ERRORPAGES_SUMMARY_PINNING_FAILURE); | 163 IDS_ERRORPAGES_SUMMARY_PINNING_FAILURE); |
| 151 short_description = l10n_util::GetStringUTF16( | 164 short_description = l10n_util::GetStringUTF16( |
| 152 IDS_ERRORPAGES_DETAILS_PINNING_FAILURE); | 165 IDS_ERRORPAGES_DETAILS_PINNING_FAILURE); |
| 153 break; | 166 break; |
| 154 case UNKNOWN: | 167 case UNKNOWN: |
| 155 details = l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DETAILS); | 168 details = l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DETAILS); |
| 156 short_description = | 169 short_description = |
| 157 l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DESCRIPTION); | 170 l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DESCRIPTION); |
| (...skipping 26 matching lines...) Expand all Loading... |
| 184 case net::ERR_CERT_REVOKED: | 197 case net::ERR_CERT_REVOKED: |
| 185 return CERT_REVOKED; | 198 return CERT_REVOKED; |
| 186 case net::ERR_CERT_INVALID: | 199 case net::ERR_CERT_INVALID: |
| 187 return CERT_INVALID; | 200 return CERT_INVALID; |
| 188 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM: | 201 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM: |
| 189 return CERT_WEAK_SIGNATURE_ALGORITHM; | 202 return CERT_WEAK_SIGNATURE_ALGORITHM; |
| 190 case net::ERR_CERT_WEAK_KEY: | 203 case net::ERR_CERT_WEAK_KEY: |
| 191 return CERT_WEAK_KEY; | 204 return CERT_WEAK_KEY; |
| 192 case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION: | 205 case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION: |
| 193 return CERT_NAME_CONSTRAINT_VIOLATION; | 206 return CERT_NAME_CONSTRAINT_VIOLATION; |
| 207 case net::ERR_CERT_TOO_LONG_VALIDITY: |
| 208 return CERT_TOO_LONG_VALIDITY; |
| 194 case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY: | 209 case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY: |
| 195 return CERT_WEAK_KEY_DH; | 210 return CERT_WEAK_KEY_DH; |
| 196 case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN: | 211 case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN: |
| 197 return CERT_PINNED_KEY_MISSING; | 212 return CERT_PINNED_KEY_MISSING; |
| 198 default: | 213 default: |
| 199 NOTREACHED(); | 214 NOTREACHED(); |
| 200 return UNKNOWN; | 215 return UNKNOWN; |
| 201 } | 216 } |
| 202 } | 217 } |
| 203 | 218 |
| 204 // static | 219 // static |
| 205 int SSLErrorInfo::GetErrorsForCertStatus(int cert_id, | 220 int SSLErrorInfo::GetErrorsForCertStatus(int cert_id, |
| 206 net::CertStatus cert_status, | 221 net::CertStatus cert_status, |
| 207 const GURL& url, | 222 const GURL& url, |
| 208 std::vector<SSLErrorInfo>* errors) { | 223 std::vector<SSLErrorInfo>* errors) { |
| 209 const net::CertStatus kErrorFlags[] = { | 224 const net::CertStatus kErrorFlags[] = { |
| 210 net::CERT_STATUS_COMMON_NAME_INVALID, | 225 net::CERT_STATUS_COMMON_NAME_INVALID, |
| 211 net::CERT_STATUS_DATE_INVALID, | 226 net::CERT_STATUS_DATE_INVALID, |
| 212 net::CERT_STATUS_AUTHORITY_INVALID, | 227 net::CERT_STATUS_AUTHORITY_INVALID, |
| 213 net::CERT_STATUS_NO_REVOCATION_MECHANISM, | 228 net::CERT_STATUS_NO_REVOCATION_MECHANISM, |
| 214 net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, | 229 net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, |
| 215 net::CERT_STATUS_REVOKED, | 230 net::CERT_STATUS_REVOKED, |
| 216 net::CERT_STATUS_INVALID, | 231 net::CERT_STATUS_INVALID, |
| 217 net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM, | 232 net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM, |
| 218 net::CERT_STATUS_WEAK_KEY, | 233 net::CERT_STATUS_WEAK_KEY, |
| 219 net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION, | 234 net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION, |
| 235 net::CERT_STATUS_TOO_LONG_VALIDITY, |
| 220 }; | 236 }; |
| 221 | 237 |
| 222 const ErrorType kErrorTypes[] = { | 238 const ErrorType kErrorTypes[] = { |
| 223 CERT_COMMON_NAME_INVALID, | 239 CERT_COMMON_NAME_INVALID, |
| 224 CERT_DATE_INVALID, | 240 CERT_DATE_INVALID, |
| 225 CERT_AUTHORITY_INVALID, | 241 CERT_AUTHORITY_INVALID, |
| 226 CERT_NO_REVOCATION_MECHANISM, | 242 CERT_NO_REVOCATION_MECHANISM, |
| 227 CERT_UNABLE_TO_CHECK_REVOCATION, | 243 CERT_UNABLE_TO_CHECK_REVOCATION, |
| 228 CERT_REVOKED, | 244 CERT_REVOKED, |
| 229 CERT_INVALID, | 245 CERT_INVALID, |
| 230 CERT_WEAK_SIGNATURE_ALGORITHM, | 246 CERT_WEAK_SIGNATURE_ALGORITHM, |
| 231 CERT_WEAK_KEY, | 247 CERT_WEAK_KEY, |
| 232 CERT_NAME_CONSTRAINT_VIOLATION, | 248 CERT_NAME_CONSTRAINT_VIOLATION, |
| 249 CERT_TOO_LONG_VALIDITY, |
| 233 }; | 250 }; |
| 234 DCHECK(arraysize(kErrorFlags) == arraysize(kErrorTypes)); | 251 DCHECK(arraysize(kErrorFlags) == arraysize(kErrorTypes)); |
| 235 | 252 |
| 236 scoped_refptr<net::X509Certificate> cert = NULL; | 253 scoped_refptr<net::X509Certificate> cert = NULL; |
| 237 int count = 0; | 254 int count = 0; |
| 238 for (size_t i = 0; i < arraysize(kErrorFlags); ++i) { | 255 for (size_t i = 0; i < arraysize(kErrorFlags); ++i) { |
| 239 if (cert_status & kErrorFlags[i]) { | 256 if (cert_status & kErrorFlags[i]) { |
| 240 count++; | 257 count++; |
| 241 if (!cert.get()) { | 258 if (!cert.get()) { |
| 242 bool r = content::CertStore::GetInstance()->RetrieveCert( | 259 bool r = content::CertStore::GetInstance()->RetrieveCert( |
| 243 cert_id, &cert); | 260 cert_id, &cert); |
| 244 DCHECK(r); | 261 DCHECK(r); |
| 245 } | 262 } |
| 246 if (errors) | 263 if (errors) { |
| 247 errors->push_back( | 264 errors->push_back( |
| 248 SSLErrorInfo::CreateError(kErrorTypes[i], cert.get(), url)); | 265 SSLErrorInfo::CreateError(kErrorTypes[i], cert.get(), url)); |
| 266 } |
| 249 } | 267 } |
| 250 } | 268 } |
| 251 return count; | 269 return count; |
| 252 } | 270 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 20628006:
Reject certificates that are valid for too long. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src