| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/ssl_error_info.h" | 5 #include "chrome/browser/ssl/ssl_error_info.h" |
| 6 | 6 |
| 7 #include "base/i18n/time_formatting.h" | 7 #include "base/i18n/time_formatting.h" |
| 8 #include "base/strings/string_number_conversions.h" | 8 #include "base/strings/string_number_conversions.h" |
| 9 #include "base/strings/utf_string_conversions.h" | 9 #include "base/strings/utf_string_conversions.h" |
| 10 #include "chrome/grit/chromium_strings.h" | 10 #include "chrome/grit/chromium_strings.h" |
| (...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 138 IDS_CERT_ERROR_WEAK_KEY_DETAILS, UTF8ToUTF16(request_url.host())); | 138 IDS_CERT_ERROR_WEAK_KEY_DETAILS, UTF8ToUTF16(request_url.host())); |
| 139 short_description = l10n_util::GetStringUTF16( | 139 short_description = l10n_util::GetStringUTF16( |
| 140 IDS_CERT_ERROR_WEAK_KEY_DESCRIPTION); | 140 IDS_CERT_ERROR_WEAK_KEY_DESCRIPTION); |
| 141 case CERT_NAME_CONSTRAINT_VIOLATION: | 141 case CERT_NAME_CONSTRAINT_VIOLATION: |
| 142 details = l10n_util::GetStringFUTF16( | 142 details = l10n_util::GetStringFUTF16( |
| 143 IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DETAILS, | 143 IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DETAILS, |
| 144 UTF8ToUTF16(request_url.host())); | 144 UTF8ToUTF16(request_url.host())); |
| 145 short_description = l10n_util::GetStringUTF16( | 145 short_description = l10n_util::GetStringUTF16( |
| 146 IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DESCRIPTION); | 146 IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DESCRIPTION); |
| 147 break; | 147 break; |
| 148 case CERT_VALIDITY_TOO_LONG: | |
| 149 details = | |
| 150 l10n_util::GetStringFUTF16(IDS_CERT_ERROR_VALIDITY_TOO_LONG_DETAILS, | |
| 151 UTF8ToUTF16(request_url.host())); | |
| 152 short_description = l10n_util::GetStringUTF16( | |
| 153 IDS_CERT_ERROR_VALIDITY_TOO_LONG_DESCRIPTION); | |
| 154 break; | |
| 155 case CERT_PINNED_KEY_MISSING: | 148 case CERT_PINNED_KEY_MISSING: |
| 156 details = l10n_util::GetStringUTF16( | 149 details = l10n_util::GetStringUTF16( |
| 157 IDS_ERRORPAGES_SUMMARY_PINNING_FAILURE); | 150 IDS_ERRORPAGES_SUMMARY_PINNING_FAILURE); |
| 158 short_description = l10n_util::GetStringUTF16( | 151 short_description = l10n_util::GetStringUTF16( |
| 159 IDS_ERRORPAGES_DETAILS_PINNING_FAILURE); | 152 IDS_ERRORPAGES_DETAILS_PINNING_FAILURE); |
| 160 break; | 153 break; |
| 161 case UNKNOWN: | 154 case UNKNOWN: |
| 162 details = l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DETAILS); | 155 details = l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DETAILS); |
| 163 short_description = | 156 short_description = |
| 164 l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DESCRIPTION); | 157 l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DESCRIPTION); |
| (...skipping 26 matching lines...) Expand all Loading... |
| 191 case net::ERR_CERT_REVOKED: | 184 case net::ERR_CERT_REVOKED: |
| 192 return CERT_REVOKED; | 185 return CERT_REVOKED; |
| 193 case net::ERR_CERT_INVALID: | 186 case net::ERR_CERT_INVALID: |
| 194 return CERT_INVALID; | 187 return CERT_INVALID; |
| 195 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM: | 188 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM: |
| 196 return CERT_WEAK_SIGNATURE_ALGORITHM; | 189 return CERT_WEAK_SIGNATURE_ALGORITHM; |
| 197 case net::ERR_CERT_WEAK_KEY: | 190 case net::ERR_CERT_WEAK_KEY: |
| 198 return CERT_WEAK_KEY; | 191 return CERT_WEAK_KEY; |
| 199 case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION: | 192 case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION: |
| 200 return CERT_NAME_CONSTRAINT_VIOLATION; | 193 return CERT_NAME_CONSTRAINT_VIOLATION; |
| 201 case net::ERR_CERT_VALIDITY_TOO_LONG: | |
| 202 return CERT_VALIDITY_TOO_LONG; | |
| 203 case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY: | 194 case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY: |
| 204 return CERT_WEAK_KEY_DH; | 195 return CERT_WEAK_KEY_DH; |
| 205 case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN: | 196 case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN: |
| 206 return CERT_PINNED_KEY_MISSING; | 197 return CERT_PINNED_KEY_MISSING; |
| 207 default: | 198 default: |
| 208 NOTREACHED(); | 199 NOTREACHED(); |
| 209 return UNKNOWN; | 200 return UNKNOWN; |
| 210 } | 201 } |
| 211 } | 202 } |
| 212 | 203 |
| 213 // static | 204 // static |
| 214 int SSLErrorInfo::GetErrorsForCertStatus(int cert_id, | 205 int SSLErrorInfo::GetErrorsForCertStatus(int cert_id, |
| 215 net::CertStatus cert_status, | 206 net::CertStatus cert_status, |
| 216 const GURL& url, | 207 const GURL& url, |
| 217 std::vector<SSLErrorInfo>* errors) { | 208 std::vector<SSLErrorInfo>* errors) { |
| 218 const net::CertStatus kErrorFlags[] = { | 209 const net::CertStatus kErrorFlags[] = { |
| 219 net::CERT_STATUS_COMMON_NAME_INVALID, | 210 net::CERT_STATUS_COMMON_NAME_INVALID, |
| 220 net::CERT_STATUS_DATE_INVALID, | 211 net::CERT_STATUS_DATE_INVALID, |
| 221 net::CERT_STATUS_AUTHORITY_INVALID, | 212 net::CERT_STATUS_AUTHORITY_INVALID, |
| 222 net::CERT_STATUS_NO_REVOCATION_MECHANISM, | 213 net::CERT_STATUS_NO_REVOCATION_MECHANISM, |
| 223 net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, | 214 net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, |
| 224 net::CERT_STATUS_REVOKED, | 215 net::CERT_STATUS_REVOKED, |
| 225 net::CERT_STATUS_INVALID, | 216 net::CERT_STATUS_INVALID, |
| 226 net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM, | 217 net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM, |
| 227 net::CERT_STATUS_WEAK_KEY, | 218 net::CERT_STATUS_WEAK_KEY, |
| 228 net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION, | 219 net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION, |
| 229 net::CERT_STATUS_VALIDITY_TOO_LONG, | |
| 230 }; | 220 }; |
| 231 | 221 |
| 232 const ErrorType kErrorTypes[] = { | 222 const ErrorType kErrorTypes[] = { |
| 233 CERT_COMMON_NAME_INVALID, | 223 CERT_COMMON_NAME_INVALID, |
| 234 CERT_DATE_INVALID, | 224 CERT_DATE_INVALID, |
| 235 CERT_AUTHORITY_INVALID, | 225 CERT_AUTHORITY_INVALID, |
| 236 CERT_NO_REVOCATION_MECHANISM, | 226 CERT_NO_REVOCATION_MECHANISM, |
| 237 CERT_UNABLE_TO_CHECK_REVOCATION, | 227 CERT_UNABLE_TO_CHECK_REVOCATION, |
| 238 CERT_REVOKED, | 228 CERT_REVOKED, |
| 239 CERT_INVALID, | 229 CERT_INVALID, |
| 240 CERT_WEAK_SIGNATURE_ALGORITHM, | 230 CERT_WEAK_SIGNATURE_ALGORITHM, |
| 241 CERT_WEAK_KEY, | 231 CERT_WEAK_KEY, |
| 242 CERT_NAME_CONSTRAINT_VIOLATION, | 232 CERT_NAME_CONSTRAINT_VIOLATION, |
| 243 CERT_VALIDITY_TOO_LONG, | |
| 244 }; | 233 }; |
| 245 DCHECK(arraysize(kErrorFlags) == arraysize(kErrorTypes)); | 234 DCHECK(arraysize(kErrorFlags) == arraysize(kErrorTypes)); |
| 246 | 235 |
| 247 scoped_refptr<net::X509Certificate> cert = NULL; | 236 scoped_refptr<net::X509Certificate> cert = NULL; |
| 248 int count = 0; | 237 int count = 0; |
| 249 for (size_t i = 0; i < arraysize(kErrorFlags); ++i) { | 238 for (size_t i = 0; i < arraysize(kErrorFlags); ++i) { |
| 250 if (cert_status & kErrorFlags[i]) { | 239 if (cert_status & kErrorFlags[i]) { |
| 251 count++; | 240 count++; |
| 252 if (!cert.get()) { | 241 if (!cert.get()) { |
| 253 bool r = content::CertStore::GetInstance()->RetrieveCert( | 242 bool r = content::CertStore::GetInstance()->RetrieveCert( |
| 254 cert_id, &cert); | 243 cert_id, &cert); |
| 255 DCHECK(r); | 244 DCHECK(r); |
| 256 } | 245 } |
| 257 if (errors) { | 246 if (errors) |
| 258 errors->push_back( | 247 errors->push_back( |
| 259 SSLErrorInfo::CreateError(kErrorTypes[i], cert.get(), url)); | 248 SSLErrorInfo::CreateError(kErrorTypes[i], cert.get(), url)); |
| 260 } | |
| 261 } | 249 } |
| 262 } | 250 } |
| 263 return count; | 251 return count; |
| 264 } | 252 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 717653002:
Revert "Reject certificates that are valid for too long." (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master