SslError.java revision 1abd5b3e6f11ef9d7076685c56ef942fa0dd77e4 
1/*
2 * Copyright (C) 2006 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.net.http;
18
19import java.security.cert.X509Certificate;
20
21/**
22 * One or more individual SSL errors and the associated SSL certificate
23 */
24public class SslError {
25
26    /**
27     * Individual SSL errors (in the order from the least to the most severe):
28     */
29
30    /**
31     * The certificate is not yet valid
32     */
33    public static final int SSL_NOTYETVALID = 0;
34    /**
35     * The certificate has expired
36     */
37    public static final int SSL_EXPIRED = 1;
38    /**
39     * Hostname mismatch
40     */
41    public static final int SSL_IDMISMATCH = 2;
42    /**
43     * The certificate authority is not trusted
44     */
45    public static final int SSL_UNTRUSTED = 3;
46    /**
47     * The date of the certificate is invalid
48     */
49    public static final int SSL_DATE_INVALID = 4;
50    /**
51     * The certificate is invalid
52     */
53    public static final int SSL_INVALID = 5;
54
55
56    /**
57     * The number of different SSL errors (update if you add a new SSL error!!!)
58     * @deprecated This constant is not necessary for using the SslError API and
59     *             can change from release to release.
60     */
61    @Deprecated
62    public static final int SSL_MAX_ERROR = 6;
63
64    /**
65     * The SSL error set bitfield (each individual error is an bit index;
66     * multiple individual errors can be OR-ed)
67     */
68    int mErrors;
69
70    /**
71     * The SSL certificate associated with the error set
72     */
73    final SslCertificate mCertificate;
74
75    /**
76     * The URL associated with the error set.
77     */
78    final String mUrl;
79
80    /**
81     * Creates a new SSL error set object
82     * @param error The SSL error
83     * @param certificate The associated SSL certificate
84     * @deprecated Use {@link #SslError(int, SslCertificate, String)}
85     */
86    @Deprecated
87    public SslError(int error, SslCertificate certificate) {
88        addError(error);
89        if (certificate == null) {
90            throw new NullPointerException("certificate is null.");
91        }
92        mCertificate = certificate;
93        mUrl = "";
94    }
95
96    /**
97     * Creates a new SSL error set object
98     * @param error The SSL error
99     * @param certificate The associated SSL certificate
100     * @deprecated Use {@link #SslError(int, X509Certificate, String)}
101     */
102    @Deprecated
103    public SslError(int error, X509Certificate certificate) {
104        addError(error);
105        if (certificate == null) {
106            throw new NullPointerException("certificate is null.");
107        }
108        mCertificate = new SslCertificate(certificate);
109        mUrl = "";
110    }
111
112    /**
113     * Creates a new SSL error set object
114     * @param error The SSL error
115     * @param certificate The associated SSL certificate
116     * @param url The associated URL.
117     */
118    public SslError(int error, SslCertificate certificate, String url) {
119        addError(error);
120        if (certificate == null) {
121            throw new NullPointerException("certificate is null.");
122        }
123        mCertificate = certificate;
124        if (url == null) {
125            throw new NullPointerException("url is null.");
126        }
127        mUrl = url;
128    }
129
130    /**
131     * Creates an SslError object from a chromium error code.
132     * @param error The chromium error code
133     * @param certificate The associated SSL certificate
134     * @param url The associated URL.
135     * @hide  chromium error codes only available inside the framework
136     */
137    public static SslError SslErrorFromChromiumErrorCode(
138            int error, SslCertificate cert, String url) {
139        // The chromium error codes are in:
140        // external/chromium/net/base/net_error_list.h
141        if (error > -200 || error < -299) {
142            throw new NullPointerException("Not a valid chromium SSL error code.");
143        }
144        if (error == -200)
145            return new SslError(SSL_IDMISMATCH, cert, url);
146        if (error == -201)
147            return new SslError(SSL_DATE_INVALID, cert, url);
148        if (error == -202)
149            return new SslError(SSL_UNTRUSTED, cert, url);
150        // Map all other errors to SSL_INVALID
151        return new SslError(SSL_INVALID, cert, url);
152    }
153
154    /**
155     * Creates a new SSL error set object
156     * @param error The SSL error
157     * @param certificate The associated SSL certificate
158     * @param url The associated URL.
159     */
160    public SslError(int error, X509Certificate certificate, String url) {
161        addError(error);
162        if (certificate == null) {
163            throw new NullPointerException("certificate is null.");
164        }
165        mCertificate = new SslCertificate(certificate);
166        if (url == null) {
167            throw new NullPointerException("url is null.");
168        }
169        mUrl = url;
170    }
171
172    /**
173     * @return The SSL certificate associated with the error set, non-null.
174     */
175    public SslCertificate getCertificate() {
176        return mCertificate;
177    }
178
179    /**
180     * @return The URL associated with the error set, non-null.
181     * "" if one of the deprecated constructors is used.
182     */
183    public String getUrl() {
184        return mUrl;
185    }
186
187    /**
188     * Adds the SSL error to the error set
189     * @param error The SSL error to add
190     * @return True iff the error being added is a known SSL error
191     */
192    public boolean addError(int error) {
193        boolean rval = (0 <= error && error < SslError.SSL_MAX_ERROR);
194        if (rval) {
195            mErrors |= (0x1 << error);
196        }
197
198        return rval;
199    }
200
201    /**
202     * @param error The SSL error to check
203     * @return True iff the set includes the error
204     */
205    public boolean hasError(int error) {
206        boolean rval = (0 <= error && error < SslError.SSL_MAX_ERROR);
207        if (rval) {
208            rval = ((mErrors & (0x1 << error)) != 0);
209        }
210
211        return rval;
212    }
213
214    /**
215     * @return The primary, most severe, SSL error in the set
216     */
217    public int getPrimaryError() {
218        if (mErrors != 0) {
219            // go from the most to the least severe errors
220            for (int error = SslError.SSL_MAX_ERROR - 1; error >= 0; --error) {
221                if ((mErrors & (0x1 << error)) != 0) {
222                    return error;
223                }
224            }
225        }
226
227        return 0;
228    }
229
230    /**
231     * @return A String representation of this SSL error object
232     * (used mostly for debugging).
233     */
234    public String toString() {
235        return "primary error: " + getPrimaryError() +
236            " certificate: " + getCertificate() +
237            "  on URL: " + getUrl();
238    }
239}
240