Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(187)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/verify_certificate_chain.cc

Issue 2342973003: Remove the externs for VerifyCertificateChain()'s errors. (Closed)
Patch Set: Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/internal/verify_certificate_chain.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/verify_certificate_chain.h" 5 #include "net/cert/internal/verify_certificate_chain.h"
6 6
7 #include <memory> 7 #include <memory>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/memory/ptr_util.h" 10 #include "base/memory/ptr_util.h"
11 #include "net/cert/internal/cert_error_params.h" 11 #include "net/cert/internal/cert_error_params.h"
12 #include "net/cert/internal/cert_error_scoper.h" 12 #include "net/cert/internal/cert_error_scoper.h"
13 #include "net/cert/internal/cert_errors.h" 13 #include "net/cert/internal/cert_errors.h"
14 #include "net/cert/internal/name_constraints.h" 14 #include "net/cert/internal/name_constraints.h"
15 #include "net/cert/internal/parse_certificate.h" 15 #include "net/cert/internal/parse_certificate.h"
16 #include "net/cert/internal/signature_algorithm.h" 16 #include "net/cert/internal/signature_algorithm.h"
17 #include "net/cert/internal/signature_policy.h" 17 #include "net/cert/internal/signature_policy.h"
18 #include "net/cert/internal/trust_store.h" 18 #include "net/cert/internal/trust_store.h"
19 #include "net/cert/internal/verify_signed_data.h" 19 #include "net/cert/internal/verify_signed_data.h"
20 #include "net/der/input.h" 20 #include "net/der/input.h"
21 #include "net/der/parser.h" 21 #include "net/der/parser.h"
22 22
23 namespace net { 23 namespace net {
24 24
25 using namespace verify_certificate_chain_errors; 25 namespace {
26 26
27 namespace { 27 // -----------------------------------------------
28 // Errors/Warnings set by VerifyCertificateChain
29 // -----------------------------------------------
30
31 DEFINE_CERT_ERROR_ID(
32 kSignatureAlgorithmMismatch,
33 "Certificate.signatureAlgorithm != TBSCertificate.signature");
34 DEFINE_CERT_ERROR_ID(kInvalidOrUnsupportedSignatureAlgorithm,
35 "Invalid or unsupported signature algorithm");
36 DEFINE_CERT_ERROR_ID(kChainIsEmpty, "Chain is empty");
37 DEFINE_CERT_ERROR_ID(kUnconsumedCriticalExtension,
38 "Unconsumed critical extension");
39 DEFINE_CERT_ERROR_ID(
40 kTargetCertInconsistentCaBits,
41 "Target certificate looks like a CA but does not set all CA properties");
42 DEFINE_CERT_ERROR_ID(kKeyCertSignBitNotSet, "keyCertSign bit is not set");
43 DEFINE_CERT_ERROR_ID(kMaxPathLengthViolated, "max_path_length reached");
44 DEFINE_CERT_ERROR_ID(kBasicConstraintsIndicatesNotCa,
45 "Basic Constraints indicates not a CA");
46 DEFINE_CERT_ERROR_ID(kMissingBasicConstraints,
47 "Does not have Basic Constraints");
48 DEFINE_CERT_ERROR_ID(kNotPermittedByNameConstraints,
49 "Not permitted by name constraints");
50 DEFINE_CERT_ERROR_ID(kSubjectDoesNotMatchIssuer,
51 "subject does not match issuer");
52 DEFINE_CERT_ERROR_ID(kVerifySignedDataFailed, "VerifySignedData failed");
53 DEFINE_CERT_ERROR_ID(kValidityFailedNotAfter, "Time is after notAfter");
54 DEFINE_CERT_ERROR_ID(kValidityFailedNotBefore, "Time is before notBefore");
55 DEFINE_CERT_ERROR_ID(kSignatureAlgorithmsDifferentEncoding,
56 "Certificate.signatureAlgorithm is encoded differently "
57 "than TBSCertificate.signature");
28 58
29 DEFINE_CERT_ERROR_ID(kContextTrustAnchor, "Processing Trust Anchor"); 59 DEFINE_CERT_ERROR_ID(kContextTrustAnchor, "Processing Trust Anchor");
30 DEFINE_CERT_ERROR_ID(kContextCertificate, "Processing Certificate"); 60 DEFINE_CERT_ERROR_ID(kContextCertificate, "Processing Certificate");
31 61
32 // This class changes the error scope to indicate which certificate in the 62 // This class changes the error scope to indicate which certificate in the
33 // chain is currently being processed. 63 // chain is currently being processed.
34 class CertErrorScoperForCert : public CertErrorScoper { 64 class CertErrorScoperForCert : public CertErrorScoper {
35 public: 65 public:
36 CertErrorScoperForCert(CertErrors* parent_errors, size_t index) 66 CertErrorScoperForCert(CertErrors* parent_errors, size_t index)
37 : CertErrorScoper(parent_errors), index_(index) {} 67 : CertErrorScoper(parent_errors), index_(index) {}
(...skipping 548 matching lines...) Expand 10 before | Expand all | Expand 10 after
586 } 616 }
587 617
588 // TODO(eroman): RFC 5280 forbids duplicate certificates per section 6.1: 618 // TODO(eroman): RFC 5280 forbids duplicate certificates per section 6.1:
589 // 619 //
590 // A certificate MUST NOT appear more than once in a prospective 620 // A certificate MUST NOT appear more than once in a prospective
591 // certification path. 621 // certification path.
592 622
593 return true; 623 return true;
594 } 624 }
595 625
596 namespace verify_certificate_chain_errors {
597
598 DEFINE_CERT_ERROR_ID(
599 kSignatureAlgorithmMismatch,
600 "Certificate.signatureAlgorithm != TBSCertificate.signature");
601 DEFINE_CERT_ERROR_ID(kInvalidOrUnsupportedSignatureAlgorithm,
602 "Invalid or unsupported signature algorithm");
603 DEFINE_CERT_ERROR_ID(kChainIsEmpty, "Chain is empty");
604 DEFINE_CERT_ERROR_ID(kUnconsumedCriticalExtension,
605 "Unconsumed critical extension");
606 DEFINE_CERT_ERROR_ID(
607 kTargetCertInconsistentCaBits,
608 "Target certificate looks like a CA but does not set all CA properties");
609 DEFINE_CERT_ERROR_ID(kKeyCertSignBitNotSet, "keyCertSign bit is not set");
610 DEFINE_CERT_ERROR_ID(kMaxPathLengthViolated, "max_path_length reached");
611 DEFINE_CERT_ERROR_ID(kBasicConstraintsIndicatesNotCa,
612 "Basic Constraints indicates not a CA");
613 DEFINE_CERT_ERROR_ID(kMissingBasicConstraints,
614 "Does not have Basic Constraints");
615 DEFINE_CERT_ERROR_ID(kNotPermittedByNameConstraints,
616 "Not permitted by name constraints");
617 DEFINE_CERT_ERROR_ID(kSubjectDoesNotMatchIssuer,
618 "subject does not match issuer");
619 DEFINE_CERT_ERROR_ID(kVerifySignedDataFailed, "VerifySignedData failed");
620 DEFINE_CERT_ERROR_ID(kValidityFailedNotAfter, "Time is after notAfter");
621 DEFINE_CERT_ERROR_ID(kValidityFailedNotBefore, "Time is before notBefore");
622 DEFINE_CERT_ERROR_ID(kSignatureAlgorithmsDifferentEncoding,
623 "Certificate.signatureAlgorithm is encoded differently "
624 "than TBSCertificate.signature");
625
626 } // verify_certificate_chain_errors
627
628 } // namespace net 626 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/internal/verify_certificate_chain.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698