Add errors per ResultPath for CertPathBuilder.

net/tools/cert_verify_tool/verify_using_path_builder.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/tools/cert_verify_tool/verify_using_path_builder.h"
 
 #include <iostream>
 
 #include "base/memory/ptr_util.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "crypto/sha2.h"
-#include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
 #include "net/cert/internal/cert_issuer_source_aia.h"
 #include "net/cert/internal/cert_issuer_source_static.h"
 #include "net/cert/internal/parse_name.h"
 #include "net/cert/internal/parsed_certificate.h"
 #include "net/cert/internal/path_builder.h"
 #include "net/cert/internal/signature_policy.h"
 #include "net/cert/internal/trust_store_in_memory.h"
 #include "net/cert_net/cert_net_fetcher_impl.h"
 #include "net/tools/cert_verify_tool/cert_verify_tool_util.h"
@@ skipping 83 matching lines @@
   // the normalized subject.
   if (trust_anchor->cert())
     return SubjectFromParsedCertificate(trust_anchor->cert().get());
 
   net::RDNSequence parsed_subject;
   if (!net::ParseNameValue(trust_anchor->normalized_subject(), &parsed_subject))
     return std::string();
   return SubjectToString(parsed_subject);
 }
 
+void PrintCertErrors(const net::CertErrors& errors) {
+  // TODO(crbug.com/634443): Include more detailed error information. Also this
+  // should likely be extracted to a common location and used by unit-tests and
+  // other debugging needs.
+  for (const auto& error : errors.errors()) {
+    std::cout << " " << error.type;
+  }
+}
+
+// Dumps a ResultPath to std::cout.
+void PrintResultPath(const net::CertPathBuilder::ResultPath* result_path,
+                     size_t index,
+                     bool is_best) {
+  std::cout << "path " << index << " "
+            << (result_path->valid ? "valid" : "invalid")
+            << (is_best ? " (best)" : "") << "\n";
+
+  // Print the certificate chain.
+  for (const auto& cert : result_path->path.certs) {
+    std::cout << " " << FingerPrintParsedCertificate(cert.get()) << " "
+              << SubjectFromParsedCertificate(cert.get()) << "\n";
+  }
+
+  // Print the trust anchor (if there was one).
+  const auto& trust_anchor = result_path->path.trust_anchor;
+  if (trust_anchor) {
+    std::string trust_anchor_cert_fingerprint = "<no cert>";
+    if (trust_anchor->cert()) {
+      trust_anchor_cert_fingerprint =
+          FingerPrintParsedCertificate(trust_anchor->cert().get());
+    }
+    std::cout << " " << trust_anchor_cert_fingerprint << " "
+              << SubjectFromTrustAnchor(trust_anchor.get()) << "\n";
+  }
+
+  // Print the errors.
+  if (result_path->errors.errors().empty()) {
+    std::cout << "Errors:\n";
+    PrintCertErrors(result_path->errors);
+  }
+}
+
 }  // namespace
 
 // Verifies |target_der_cert| using CertPathBuilder.
 bool VerifyUsingPathBuilder(
     const CertInput& target_der_cert,
     const std::vector<CertInput>& intermediate_der_certs,
     const std::vector<CertInput>& root_der_certs,
     const base::Time at_time,
     const base::FilePath& dump_prefix_path) {
   std::cout << "NOTE: CertPathBuilder does not currently use OS trust settings "
@@ skipping 63 matching lines @@
 
   net::TestClosure callback;
   net::CompletionStatus rv = path_builder.Run(callback.closure());
 
   if (rv == net::CompletionStatus::ASYNC) {
     DVLOG(1) << "waiting for async completion...";
     callback.WaitForResult();
     DVLOG(1) << "async completed.";
   }
 
-  // TODO(crbug.com/634443): Display the full error information.
-  std::cout << "CertPathBuilder best result: "
-            << net::ErrorToShortString(result.error()) << "\n";
+  // TODO(crbug.com/634443): Display any errors/warnings associated with path
+  //                         building that were not part of a particular
+  //                         PathResult.
+  std::cout << "CertPathBuilder result: "
+            << (result.HasValidPath() ? "SUCCESS" : "FAILURE") << "\n";
 
   for (size_t i = 0; i < result.paths.size(); ++i) {
-    std::cout << "path " << i << " "
-              << net::ErrorToShortString(result.paths[i]->error)
-              << ((result.best_result_index == i) ? " (best)" : "") << "\n";
-    for (const auto& cert : result.paths[i]->path.certs) {
-      std::cout << " " << FingerPrintParsedCertificate(cert.get()) << " "
-                << SubjectFromParsedCertificate(cert.get()) << "\n";
-    }
-
-    const auto& trust_anchor = result.paths[i]->path.trust_anchor;
-    if (trust_anchor) {
-      std::string trust_anchor_cert_fingerprint = "<no cert>";
-      if (trust_anchor->cert()) {
-        trust_anchor_cert_fingerprint =
-            FingerPrintParsedCertificate(trust_anchor->cert().get());
-      }
-      std::cout << " " << trust_anchor_cert_fingerprint << " "
-                << SubjectFromTrustAnchor(trust_anchor.get()) << "\n";
-    }
+    PrintResultPath(result.paths[i].get(), i, i == result.best_result_index);
   }
 
   // TODO(mattm): add flag to dump all paths, not just the final one?
   if (!dump_prefix_path.empty() && result.paths.size()) {
     if (!DumpParsedCertificateChain(
             dump_prefix_path.AddExtension(
                 FILE_PATH_LITERAL(".CertPathBuilder.pem")),
             result.paths[result.best_result_index]->path)) {
       return false;
     }
   }
 
-  return result.error() == net::OK;
+  return result.HasValidPath();
 }