1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_CERT_CERT_STATUS_FLAGS_H_ 6 #define NET_CERT_CERT_STATUS_FLAGS_H_ 7 8 #include "base/basictypes.h" 9 #include "net/base/net_export.h" 10 11 namespace net { 12 13 // Bitmask of status flags of a certificate, representing any errors, as well as 14 // other non-error status information such as whether the certificate is EV. 15 typedef uint32 CertStatus; 16 17 // The possible status bits for CertStatus. 18 // NOTE: Because these names have appeared in bug reports, we preserve them as 19 // MACRO_STYLE for continuity, instead of renaming them to kConstantStyle as 20 // befits most static consts. 21 // Bits 0 to 15 are for errors. 22 static const CertStatus CERT_STATUS_ALL_ERRORS = 0xFFFF; 23 static const CertStatus CERT_STATUS_COMMON_NAME_INVALID = 1 << 0; 24 static const CertStatus CERT_STATUS_DATE_INVALID = 1 << 1; 25 static const CertStatus CERT_STATUS_AUTHORITY_INVALID = 1 << 2; 26 // 1 << 3 is reserved for ERR_CERT_CONTAINS_ERRORS (not useful with WinHTTP). 27 static const CertStatus CERT_STATUS_NO_REVOCATION_MECHANISM = 1 << 4; 28 static const CertStatus CERT_STATUS_UNABLE_TO_CHECK_REVOCATION = 1 << 5; 29 static const CertStatus CERT_STATUS_REVOKED = 1 << 6; 30 static const CertStatus CERT_STATUS_INVALID = 1 << 7; 31 static const CertStatus CERT_STATUS_WEAK_SIGNATURE_ALGORITHM = 1 << 8; 32 // 1 << 9 was used for CERT_STATUS_NOT_IN_DNS 33 static const CertStatus CERT_STATUS_NON_UNIQUE_NAME = 1 << 10; 34 static const CertStatus CERT_STATUS_WEAK_KEY = 1 << 11; 35 static const CertStatus CERT_STATUS_WEAK_DH_KEY = 1 << 12; 36 static const CertStatus CERT_STATUS_PINNED_KEY_MISSING = 1 << 13; 37 static const CertStatus CERT_STATUS_NAME_CONSTRAINT_VIOLATION = 1 << 14; 38 39 // Bits 16 to 31 are for non-error statuses. 40 static const CertStatus CERT_STATUS_IS_EV = 1 << 16; 41 static const CertStatus CERT_STATUS_REV_CHECKING_ENABLED = 1 << 17; 42 // bit 18 was CERT_STATUS_IS_DNSSEC. 43 44 // Returns true if the specified cert status has an error set. 45 static inline bool IsCertStatusError(CertStatus status) { 46 return (CERT_STATUS_ALL_ERRORS & status) != 0; 47 } 48 49 // IsCertStatusMinorError returns true iff |cert_status| indicates a condition 50 // that should typically be ignored by automated requests. (i.e. a revocation 51 // check failure.) 52 NET_EXPORT bool IsCertStatusMinorError(CertStatus cert_status); 53 54 // Maps a network error code to the equivalent certificate status flag. If 55 // the error code is not a certificate error, it is mapped to 0. 56 NET_EXPORT CertStatus MapNetErrorToCertStatus(int error); 57 58 // Maps the most serious certificate error in the certificate status flags 59 // to the equivalent network error code. 60 NET_EXPORT int MapCertStatusToNetError(CertStatus cert_status); 61 62 } // namespace net 63 64 #endif // NET_CERT_CERT_STATUS_FLAGS_H_ 65
