| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/ssl_error_info.h" | 5 #include "chrome/browser/ssl/ssl_error_info.h" |
| 6 | 6 |
| 7 #include "base/i18n/time_formatting.h" | 7 #include "base/i18n/time_formatting.h" |
| 8 #include "base/strings/string_number_conversions.h" | 8 #include "base/strings/string_number_conversions.h" |
| 9 #include "base/strings/utf_string_conversions.h" | 9 #include "base/strings/utf_string_conversions.h" |
| 10 #include "chrome/grit/chromium_strings.h" | 10 #include "chrome/grit/chromium_strings.h" |
| (...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 138 IDS_CERT_ERROR_WEAK_KEY_DETAILS, UTF8ToUTF16(request_url.host())); | 138 IDS_CERT_ERROR_WEAK_KEY_DETAILS, UTF8ToUTF16(request_url.host())); |
| 139 short_description = l10n_util::GetStringUTF16( | 139 short_description = l10n_util::GetStringUTF16( |
| 140 IDS_CERT_ERROR_WEAK_KEY_DESCRIPTION); | 140 IDS_CERT_ERROR_WEAK_KEY_DESCRIPTION); |
| 141 case CERT_NAME_CONSTRAINT_VIOLATION: | 141 case CERT_NAME_CONSTRAINT_VIOLATION: |
| 142 details = l10n_util::GetStringFUTF16( | 142 details = l10n_util::GetStringFUTF16( |
| 143 IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DETAILS, | 143 IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DETAILS, |
| 144 UTF8ToUTF16(request_url.host())); | 144 UTF8ToUTF16(request_url.host())); |
| 145 short_description = l10n_util::GetStringUTF16( | 145 short_description = l10n_util::GetStringUTF16( |
| 146 IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DESCRIPTION); | 146 IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DESCRIPTION); |
| 147 break; | 147 break; |
| 148 case CERT_VALIDITY_TOO_LONG: |
| 149 details = |
| 150 l10n_util::GetStringFUTF16(IDS_CERT_ERROR_VALIDITY_TOO_LONG_DETAILS, |
| 151 UTF8ToUTF16(request_url.host())); |
| 152 short_description = l10n_util::GetStringUTF16( |
| 153 IDS_CERT_ERROR_VALIDITY_TOO_LONG_DESCRIPTION); |
| 154 break; |
| 148 case CERT_PINNED_KEY_MISSING: | 155 case CERT_PINNED_KEY_MISSING: |
| 149 details = l10n_util::GetStringUTF16( | 156 details = l10n_util::GetStringUTF16( |
| 150 IDS_ERRORPAGES_SUMMARY_PINNING_FAILURE); | 157 IDS_ERRORPAGES_SUMMARY_PINNING_FAILURE); |
| 151 short_description = l10n_util::GetStringUTF16( | 158 short_description = l10n_util::GetStringUTF16( |
| 152 IDS_ERRORPAGES_DETAILS_PINNING_FAILURE); | 159 IDS_ERRORPAGES_DETAILS_PINNING_FAILURE); |
| 153 break; | 160 break; |
| 154 case UNKNOWN: | 161 case UNKNOWN: |
| 155 details = l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DETAILS); | 162 details = l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DETAILS); |
| 156 short_description = | 163 short_description = |
| 157 l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DESCRIPTION); | 164 l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DESCRIPTION); |
| (...skipping 26 matching lines...) Expand all Loading... |
| 184 case net::ERR_CERT_REVOKED: | 191 case net::ERR_CERT_REVOKED: |
| 185 return CERT_REVOKED; | 192 return CERT_REVOKED; |
| 186 case net::ERR_CERT_INVALID: | 193 case net::ERR_CERT_INVALID: |
| 187 return CERT_INVALID; | 194 return CERT_INVALID; |
| 188 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM: | 195 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM: |
| 189 return CERT_WEAK_SIGNATURE_ALGORITHM; | 196 return CERT_WEAK_SIGNATURE_ALGORITHM; |
| 190 case net::ERR_CERT_WEAK_KEY: | 197 case net::ERR_CERT_WEAK_KEY: |
| 191 return CERT_WEAK_KEY; | 198 return CERT_WEAK_KEY; |
| 192 case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION: | 199 case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION: |
| 193 return CERT_NAME_CONSTRAINT_VIOLATION; | 200 return CERT_NAME_CONSTRAINT_VIOLATION; |
| 201 case net::ERR_CERT_VALIDITY_TOO_LONG: |
| 202 return CERT_VALIDITY_TOO_LONG; |
| 194 case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY: | 203 case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY: |
| 195 return CERT_WEAK_KEY_DH; | 204 return CERT_WEAK_KEY_DH; |
| 196 case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN: | 205 case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN: |
| 197 return CERT_PINNED_KEY_MISSING; | 206 return CERT_PINNED_KEY_MISSING; |
| 198 default: | 207 default: |
| 199 NOTREACHED(); | 208 NOTREACHED(); |
| 200 return UNKNOWN; | 209 return UNKNOWN; |
| 201 } | 210 } |
| 202 } | 211 } |
| 203 | 212 |
| 204 // static | 213 // static |
| 205 int SSLErrorInfo::GetErrorsForCertStatus(int cert_id, | 214 int SSLErrorInfo::GetErrorsForCertStatus(int cert_id, |
| 206 net::CertStatus cert_status, | 215 net::CertStatus cert_status, |
| 207 const GURL& url, | 216 const GURL& url, |
| 208 std::vector<SSLErrorInfo>* errors) { | 217 std::vector<SSLErrorInfo>* errors) { |
| 209 const net::CertStatus kErrorFlags[] = { | 218 const net::CertStatus kErrorFlags[] = { |
| 210 net::CERT_STATUS_COMMON_NAME_INVALID, | 219 net::CERT_STATUS_COMMON_NAME_INVALID, |
| 211 net::CERT_STATUS_DATE_INVALID, | 220 net::CERT_STATUS_DATE_INVALID, |
| 212 net::CERT_STATUS_AUTHORITY_INVALID, | 221 net::CERT_STATUS_AUTHORITY_INVALID, |
| 213 net::CERT_STATUS_NO_REVOCATION_MECHANISM, | 222 net::CERT_STATUS_NO_REVOCATION_MECHANISM, |
| 214 net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, | 223 net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, |
| 215 net::CERT_STATUS_REVOKED, | 224 net::CERT_STATUS_REVOKED, |
| 216 net::CERT_STATUS_INVALID, | 225 net::CERT_STATUS_INVALID, |
| 217 net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM, | 226 net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM, |
| 218 net::CERT_STATUS_WEAK_KEY, | 227 net::CERT_STATUS_WEAK_KEY, |
| 219 net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION, | 228 net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION, |
| 229 net::CERT_STATUS_VALIDITY_TOO_LONG, |
| 220 }; | 230 }; |
| 221 | 231 |
| 222 const ErrorType kErrorTypes[] = { | 232 const ErrorType kErrorTypes[] = { |
| 223 CERT_COMMON_NAME_INVALID, | 233 CERT_COMMON_NAME_INVALID, |
| 224 CERT_DATE_INVALID, | 234 CERT_DATE_INVALID, |
| 225 CERT_AUTHORITY_INVALID, | 235 CERT_AUTHORITY_INVALID, |
| 226 CERT_NO_REVOCATION_MECHANISM, | 236 CERT_NO_REVOCATION_MECHANISM, |
| 227 CERT_UNABLE_TO_CHECK_REVOCATION, | 237 CERT_UNABLE_TO_CHECK_REVOCATION, |
| 228 CERT_REVOKED, | 238 CERT_REVOKED, |
| 229 CERT_INVALID, | 239 CERT_INVALID, |
| 230 CERT_WEAK_SIGNATURE_ALGORITHM, | 240 CERT_WEAK_SIGNATURE_ALGORITHM, |
| 231 CERT_WEAK_KEY, | 241 CERT_WEAK_KEY, |
| 232 CERT_NAME_CONSTRAINT_VIOLATION, | 242 CERT_NAME_CONSTRAINT_VIOLATION, |
| 243 CERT_VALIDITY_TOO_LONG, |
| 233 }; | 244 }; |
| 234 DCHECK(arraysize(kErrorFlags) == arraysize(kErrorTypes)); | 245 DCHECK(arraysize(kErrorFlags) == arraysize(kErrorTypes)); |
| 235 | 246 |
| 236 scoped_refptr<net::X509Certificate> cert = NULL; | 247 scoped_refptr<net::X509Certificate> cert = NULL; |
| 237 int count = 0; | 248 int count = 0; |
| 238 for (size_t i = 0; i < arraysize(kErrorFlags); ++i) { | 249 for (size_t i = 0; i < arraysize(kErrorFlags); ++i) { |
| 239 if (cert_status & kErrorFlags[i]) { | 250 if (cert_status & kErrorFlags[i]) { |
| 240 count++; | 251 count++; |
| 241 if (!cert.get()) { | 252 if (!cert.get()) { |
| 242 bool r = content::CertStore::GetInstance()->RetrieveCert( | 253 bool r = content::CertStore::GetInstance()->RetrieveCert( |
| 243 cert_id, &cert); | 254 cert_id, &cert); |
| 244 DCHECK(r); | 255 DCHECK(r); |
| 245 } | 256 } |
| 246 if (errors) | 257 if (errors) { |
| 247 errors->push_back( | 258 errors->push_back( |
| 248 SSLErrorInfo::CreateError(kErrorTypes[i], cert.get(), url)); | 259 SSLErrorInfo::CreateError(kErrorTypes[i], cert.get(), url)); |
| 260 } |
| 249 } | 261 } |
| 250 } | 262 } |
| 251 return count; | 263 return count; |
| 252 } | 264 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 20628006:
Reject certificates that are valid for too long. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src