Improvements to the net/cert/internal error handling.

net/cert/internal/path_builder.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/internal/path_builder.h"
 
 #include <set>
 #include <unordered_set>
 
 #include "base/logging.h"
@@ skipping 441 matching lines @@
     // Exhausted all paths.
     next_state_ = STATE_NONE;
   } else {
     // Continue exploring issuers of the previous path.
     next_state_ = STATE_GET_NEXT_ISSUER;
   }
 }
 
 CertPathBuilder::ResultPath::ResultPath() = default;
 CertPathBuilder::ResultPath::~ResultPath() = default;
+
+bool CertPathBuilder::ResultPath::IsValid() const {
+  return !path.certs.empty() && path.trust_anchor &&
+         !errors.ContainsHighSeverityErrors();
+}
+
 CertPathBuilder::Result::Result() = default;
 CertPathBuilder::Result::~Result() = default;
 
 const CertPathBuilder::ResultPath* CertPathBuilder::Result::GetBestValidPath()
     const {
   DCHECK((paths.empty() && best_result_index == 0) ||
          best_result_index < paths.size());
 
   if (best_result_index >= paths.size())
     return nullptr;
 
   const ResultPath* result_path = paths[best_result_index].get();
-  if (result_path->valid)
+  if (result_path->IsValid())
     return result_path;
 
   return nullptr;
 }
 
 bool CertPathBuilder::Result::HasValidPath() const {
   return GetBestValidPath() != nullptr;
 }
 
 CertPathBuilder::CertPathBuilder(scoped_refptr<ParsedCertificate> cert,
@@ skipping 47 matching lines @@
     next_state_ = STATE_NONE;
     return;
   }
 
   // Verify the entire certificate chain.
   auto result_path = base::MakeUnique<ResultPath>();
   bool verify_result =
       VerifyCertificateChain(next_path_.certs, next_path_.trust_anchor.get(),
                              signature_policy_, time_, &result_path->errors);
   DVLOG(1) << "CertPathBuilder VerifyCertificateChain result = "
-           << result_path->valid;
+           << verify_result;
   result_path->path = next_path_;
-  result_path->valid = verify_result;
+  DCHECK_EQ(verify_result, !result_path->errors.ContainsHighSeverityErrors());
   AddResultPath(std::move(result_path));
 
   if (verify_result) {
     // Found a valid path, return immediately.
     // TODO(mattm): add debug/test mode that tries all possible paths.
     next_state_ = STATE_NONE;
     return;
   }
 
   // Path did not verify. Try more paths. If there are no more paths, the result
   // will be returned next time DoGetNextPathComplete is called with next_path_
   // empty.
   next_state_ = STATE_GET_NEXT_PATH;
 }
 
 void CertPathBuilder::AddResultPath(std::unique_ptr<ResultPath> result_path) {
   // TODO(mattm): set best_result_index based on number or severity of errors.
-  if (result_path->valid)
+  if (result_path->IsValid())
     out_result_->best_result_index = out_result_->paths.size();
   // TODO(mattm): add flag to only return a single path or all attempted paths?
   out_result_->paths.push_back(std::move(result_path));
 }
 
 }  // namespace net