1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/cert/cert_status_flags.h" 6 7 #include "base/logging.h" 8 #include "net/base/net_errors.h" 9 10 namespace net { 11 12 bool IsCertStatusMinorError(CertStatus cert_status) { 13 static const CertStatus kMinorErrors = 14 CERT_STATUS_UNABLE_TO_CHECK_REVOCATION | 15 CERT_STATUS_NO_REVOCATION_MECHANISM; 16 cert_status &= CERT_STATUS_ALL_ERRORS; 17 return cert_status != 0 && (cert_status & ~kMinorErrors) == 0; 18 } 19 20 CertStatus MapNetErrorToCertStatus(int error) { 21 switch (error) { 22 case ERR_CERT_COMMON_NAME_INVALID: 23 return CERT_STATUS_COMMON_NAME_INVALID; 24 case ERR_CERT_DATE_INVALID: 25 return CERT_STATUS_DATE_INVALID; 26 case ERR_CERT_AUTHORITY_INVALID: 27 return CERT_STATUS_AUTHORITY_INVALID; 28 case ERR_CERT_NO_REVOCATION_MECHANISM: 29 return CERT_STATUS_NO_REVOCATION_MECHANISM; 30 case ERR_CERT_UNABLE_TO_CHECK_REVOCATION: 31 return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; 32 case ERR_CERT_REVOKED: 33 return CERT_STATUS_REVOKED; 34 // We added the ERR_CERT_CONTAINS_ERRORS error code when we were using 35 // WinInet, but we never figured out how it differs from ERR_CERT_INVALID. 36 // We should not use ERR_CERT_CONTAINS_ERRORS in new code. 37 case ERR_CERT_CONTAINS_ERRORS: 38 NOTREACHED(); 39 // Falls through. 40 case ERR_CERT_INVALID: 41 return CERT_STATUS_INVALID; 42 case ERR_CERT_WEAK_SIGNATURE_ALGORITHM: 43 return CERT_STATUS_WEAK_SIGNATURE_ALGORITHM; 44 case ERR_CERT_WEAK_KEY: 45 return CERT_STATUS_WEAK_KEY; 46 default: 47 return 0; 48 } 49 } 50 51 int MapCertStatusToNetError(CertStatus cert_status) { 52 // A certificate may have multiple errors. We report the most 53 // serious error. 54 55 // Unrecoverable errors 56 if (cert_status & CERT_STATUS_REVOKED) 57 return ERR_CERT_REVOKED; 58 if (cert_status & CERT_STATUS_INVALID) 59 return ERR_CERT_INVALID; 60 61 // Recoverable errors 62 if (cert_status & CERT_STATUS_AUTHORITY_INVALID) 63 return ERR_CERT_AUTHORITY_INVALID; 64 if (cert_status & CERT_STATUS_COMMON_NAME_INVALID) 65 return ERR_CERT_COMMON_NAME_INVALID; 66 if (cert_status & CERT_STATUS_WEAK_SIGNATURE_ALGORITHM) 67 return ERR_CERT_WEAK_SIGNATURE_ALGORITHM; 68 if (cert_status & CERT_STATUS_WEAK_KEY) 69 return ERR_CERT_WEAK_KEY; 70 if (cert_status & CERT_STATUS_DATE_INVALID) 71 return ERR_CERT_DATE_INVALID; 72 73 // Unknown status. Give it the benefit of the doubt. 74 if (cert_status & CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) 75 return ERR_CERT_UNABLE_TO_CHECK_REVOCATION; 76 if (cert_status & CERT_STATUS_NO_REVOCATION_MECHANISM) 77 return ERR_CERT_NO_REVOCATION_MECHANISM; 78 79 NOTREACHED(); 80 return ERR_UNEXPECTED; 81 } 82 83 } // namespace net 84