OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/internal/cert_errors.h" | 5 #include "net/cert/internal/cert_errors.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 #include "base/memory/ptr_util.h" | 8 #include "base/memory/ptr_util.h" |
9 #include "base/strings/string_split.h" | 9 #include "base/strings/string_split.h" |
| 10 #include "base/strings/stringprintf.h" |
10 #include "net/cert/internal/cert_error_params.h" | 11 #include "net/cert/internal/cert_error_params.h" |
11 #include "net/cert/internal/cert_error_scoper.h" | 12 #include "net/cert/internal/parse_name.h" |
| 13 #include "net/cert/internal/parsed_certificate.h" |
12 | 14 |
13 namespace net { | 15 namespace net { |
14 | 16 |
15 namespace { | 17 namespace { |
16 | 18 |
17 // Helpers for pretty-printing CertErrors to a string. | |
18 void AppendNodeToDebugString(CertErrorNode* node, | |
19 const std::string& indentation, | |
20 std::string* out); | |
21 | |
22 void AppendChildrenToDebugString(const CertErrorNodes& children, | |
23 const std::string& indentation, | |
24 std::string* out) { | |
25 for (const auto& child : children) | |
26 AppendNodeToDebugString(child.get(), indentation, out); | |
27 } | |
28 | |
29 void AppendLinesWithIndentation(const std::string& text, | 19 void AppendLinesWithIndentation(const std::string& text, |
30 const std::string& indentation, | 20 const std::string& indentation, |
31 std::string* out) { | 21 std::string* out) { |
32 std::vector<base::StringPiece> lines = base::SplitStringPieceUsingSubstr( | 22 std::vector<base::StringPiece> lines = base::SplitStringPieceUsingSubstr( |
33 text, "\n", base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL); | 23 text, "\n", base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL); |
34 | 24 |
35 for (const auto& line : lines) { | 25 for (const auto& line : lines) { |
36 *out += indentation; | 26 *out += indentation; |
37 line.AppendToString(out); | 27 line.AppendToString(out); |
38 *out += "\n"; | 28 *out += "\n"; |
39 } | 29 } |
40 } | 30 } |
41 | 31 |
42 const char* CertErrorNodeTypeToString(CertErrorNodeType type) { | |
43 switch (type) { | |
44 case CertErrorNodeType::TYPE_CONTEXT: | |
45 return "[Context] "; | |
46 case CertErrorNodeType::TYPE_WARNING: | |
47 return "[Warning] "; | |
48 case CertErrorNodeType::TYPE_ERROR: | |
49 return "[Error] "; | |
50 } | |
51 return nullptr; | |
52 } | |
53 | |
54 void AppendNodeToDebugString(CertErrorNode* node, | |
55 const std::string& indentation, | |
56 std::string* out) { | |
57 std::string cur_indentation = indentation; | |
58 | |
59 *out += cur_indentation; | |
60 *out += CertErrorNodeTypeToString(node->node_type); | |
61 *out += CertErrorIdToDebugString(node->id); | |
62 *out += +"\n"; | |
63 | |
64 if (node->params) { | |
65 cur_indentation += " "; | |
66 AppendLinesWithIndentation(node->params->ToDebugString(), cur_indentation, | |
67 out); | |
68 } | |
69 | |
70 cur_indentation += " "; | |
71 | |
72 AppendChildrenToDebugString(node->children, cur_indentation, out); | |
73 } | |
74 | |
75 // Returns true if |children| contains the error |id| anywhere within it or its | |
76 // children recursively. | |
77 bool NodesContainError(const CertErrorNodes& children, CertErrorId id) { | |
78 for (const auto& child : children) { | |
79 if (child->node_type == CertErrorNodeType::TYPE_ERROR && child->id == id) | |
80 return true; | |
81 if (NodesContainError(child->children, id)) | |
82 return true; | |
83 } | |
84 return false; | |
85 } | |
86 | |
87 } // namespace | 32 } // namespace |
88 | 33 |
89 CertErrorNode::CertErrorNode(CertErrorNodeType node_type, | 34 CertError::CertError() = default; |
90 CertErrorId id, | |
91 std::unique_ptr<CertErrorParams> params) | |
92 : node_type(node_type), id(id), params(std::move(params)) {} | |
93 | 35 |
94 CertErrorNode::~CertErrorNode() = default; | 36 CertError::CertError(Severity severity, |
| 37 CertErrorId id, |
| 38 std::unique_ptr<CertErrorParams> params) |
| 39 : severity(severity), id(id), params(std::move(params)) {} |
95 | 40 |
96 void CertErrorNode::AddChild(std::unique_ptr<CertErrorNode> child) { | 41 CertError::CertError(CertError&& other) = default; |
97 DCHECK_EQ(CertErrorNodeType::TYPE_CONTEXT, node_type); | 42 |
98 children.push_back(std::move(child)); | 43 CertError& CertError::operator=(CertError&&) = default; |
| 44 |
| 45 CertError::~CertError() = default; |
| 46 |
| 47 std::string CertError::ToDebugString() const { |
| 48 std::string result; |
| 49 switch (severity) { |
| 50 case SEVERITY_WARNING: |
| 51 result += "WARNING: "; |
| 52 break; |
| 53 case SEVERITY_HIGH: |
| 54 result += "ERROR: "; |
| 55 break; |
| 56 } |
| 57 result += CertErrorIdToDebugString(id); |
| 58 result += +"\n"; |
| 59 |
| 60 if (params) |
| 61 AppendLinesWithIndentation(params->ToDebugString(), " ", &result); |
| 62 |
| 63 return result; |
99 } | 64 } |
100 | 65 |
101 CertErrors::CertErrors() = default; | 66 CertErrors::CertErrors() = default; |
102 | 67 CertErrors::CertErrors(CertErrors&& other) = default; |
| 68 CertErrors& CertErrors::operator=(CertErrors&&) = default; |
103 CertErrors::~CertErrors() = default; | 69 CertErrors::~CertErrors() = default; |
104 | 70 |
105 void CertErrors::Add(CertErrorNodeType node_type, | 71 void CertErrors::Add(CertError::Severity severity, |
106 CertErrorId id, | 72 CertErrorId id, |
107 std::unique_ptr<CertErrorParams> params) { | 73 std::unique_ptr<CertErrorParams> params) { |
108 AddNode(base::MakeUnique<CertErrorNode>(node_type, id, std::move(params))); | 74 nodes_.push_back(CertError(severity, id, std::move(params))); |
109 } | 75 } |
110 | 76 |
111 void CertErrors::AddError(CertErrorId id, | 77 void CertErrors::AddError(CertErrorId id, |
112 std::unique_ptr<CertErrorParams> params) { | 78 std::unique_ptr<CertErrorParams> params) { |
113 Add(CertErrorNodeType::TYPE_ERROR, id, std::move(params)); | 79 Add(CertError::SEVERITY_HIGH, id, std::move(params)); |
114 } | 80 } |
115 | 81 |
116 void CertErrors::AddError(CertErrorId id) { | 82 void CertErrors::AddError(CertErrorId id) { |
117 AddError(id, nullptr); | 83 AddError(id, nullptr); |
118 } | 84 } |
119 | 85 |
120 void CertErrors::AddWarning(CertErrorId id, | 86 void CertErrors::AddWarning(CertErrorId id, |
121 std::unique_ptr<CertErrorParams> params) { | 87 std::unique_ptr<CertErrorParams> params) { |
122 Add(CertErrorNodeType::TYPE_WARNING, id, std::move(params)); | 88 Add(CertError::SEVERITY_WARNING, id, std::move(params)); |
123 } | 89 } |
124 | 90 |
125 void CertErrors::AddWarning(CertErrorId id) { | 91 void CertErrors::AddWarning(CertErrorId id) { |
126 AddWarning(id, nullptr); | 92 AddWarning(id, nullptr); |
127 } | 93 } |
128 | 94 |
129 bool CertErrors::empty() const { | |
130 return nodes_.empty(); | |
131 } | |
132 | |
133 std::string CertErrors::ToDebugString() const { | 95 std::string CertErrors::ToDebugString() const { |
134 std::string result; | 96 std::string result; |
135 AppendChildrenToDebugString(nodes_, std::string(), &result); | 97 for (const CertError& node : nodes_) |
| 98 result += node.ToDebugString(); |
| 99 |
136 return result; | 100 return result; |
137 } | 101 } |
138 | 102 |
139 bool CertErrors::ContainsError(CertErrorId id) const { | 103 bool CertErrors::ContainsError(CertErrorId id) const { |
140 return NodesContainError(nodes_, id); | 104 for (const CertError& node : nodes_) { |
| 105 if (node.id == id) |
| 106 return true; |
| 107 } |
| 108 return false; |
141 } | 109 } |
142 | 110 |
143 void CertErrors::AddNode(std::unique_ptr<CertErrorNode> node) { | 111 bool CertErrors::ContainsAnyErrorWithSeverity( |
144 if (current_scoper_) | 112 CertError::Severity severity) const { |
145 current_scoper_->LazyGetRootNode()->AddChild(std::move(node)); | 113 for (const CertError& node : nodes_) { |
146 else | 114 if (node.severity == severity) |
147 nodes_.push_back(std::move(node)); | 115 return true; |
| 116 } |
| 117 return false; |
148 } | 118 } |
149 | 119 |
150 CertErrorScoper* CertErrors::SetScoper(CertErrorScoper* scoper) { | 120 CertPathErrors::CertPathErrors() = default; |
151 CertErrorScoper* prev = current_scoper_; | 121 |
152 current_scoper_ = scoper; | 122 CertPathErrors::CertPathErrors(CertPathErrors&& other) = default; |
153 return prev; | 123 CertPathErrors& CertPathErrors::operator=(CertPathErrors&&) = default; |
| 124 |
| 125 CertPathErrors::~CertPathErrors() = default; |
| 126 |
| 127 CertErrors* CertPathErrors::GetErrorsForCert(size_t cert_index) { |
| 128 if (cert_index >= cert_errors_.size()) |
| 129 cert_errors_.resize(cert_index + 1); |
| 130 return &cert_errors_[cert_index]; |
| 131 } |
| 132 |
| 133 CertErrors* CertPathErrors::GetOtherErrors() { |
| 134 return &other_errors_; |
| 135 } |
| 136 |
| 137 bool CertPathErrors::ContainsError(CertErrorId id) const { |
| 138 for (const CertErrors& errors : cert_errors_) { |
| 139 if (errors.ContainsError(id)) |
| 140 return true; |
| 141 } |
| 142 |
| 143 if (other_errors_.ContainsError(id)) |
| 144 return true; |
| 145 |
| 146 return false; |
| 147 } |
| 148 |
| 149 bool CertPathErrors::ContainsAnyErrorWithSeverity( |
| 150 CertError::Severity severity) const { |
| 151 for (const CertErrors& errors : cert_errors_) { |
| 152 if (errors.ContainsAnyErrorWithSeverity(severity)) |
| 153 return true; |
| 154 } |
| 155 |
| 156 if (other_errors_.ContainsAnyErrorWithSeverity(severity)) |
| 157 return true; |
| 158 |
| 159 return false; |
| 160 } |
| 161 |
| 162 std::string CertPathErrors::ToDebugString( |
| 163 const ParsedCertificateList& certs) const { |
| 164 std::string result; |
| 165 |
| 166 for (size_t i = 0; i < cert_errors_.size(); ++i) { |
| 167 // Pretty print the current CertErrors. If there were no errors/warnings, |
| 168 // then continue. |
| 169 const CertErrors& errors = cert_errors_[i]; |
| 170 std::string cert_errors_string = errors.ToDebugString(); |
| 171 if (cert_errors_string.empty()) |
| 172 continue; |
| 173 |
| 174 // Add a header for the CertErrors that describes which certificate they |
| 175 // apply to. |
| 176 // |
| 177 // TODO(eroman): Show the subject for trust anchor (which currently uses the |
| 178 // bucket cert_errors_[certs.size()]). |
| 179 std::string cert_name_debug_str; |
| 180 if (i < certs.size() && certs[i]) { |
| 181 RDNSequence subject; |
| 182 if (ParseName(certs[i]->tbs().subject_tlv, &subject) && |
| 183 ConvertToRFC2253(subject, &cert_name_debug_str)) { |
| 184 cert_name_debug_str = " (" + cert_name_debug_str + ")"; |
| 185 } |
| 186 } |
| 187 |
| 188 result += |
| 189 base::StringPrintf("----- Certificate i=%d%s -----\n", |
| 190 static_cast<int>(i), cert_name_debug_str.c_str()); |
| 191 |
| 192 result += cert_errors_string; |
| 193 result += "\n"; |
| 194 } |
| 195 |
| 196 // Print any other errors that aren't associated with a particular certificate |
| 197 // in the chain. |
| 198 std::string other_errors = other_errors_.ToDebugString(); |
| 199 if (!other_errors.empty()) { |
| 200 result += "----- Other errors (not certificate specific) -----\n"; |
| 201 result += other_errors; |
| 202 result += "\n"; |
| 203 } |
| 204 |
| 205 return result; |
154 } | 206 } |
155 | 207 |
156 } // namespace net | 208 } // namespace net |
OLD | NEW |