SslError.java revision 1abd5b3e6f11ef9d7076685c56ef942fa0dd77e4
1/* 2 * Copyright (C) 2006 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package android.net.http; 18 19import java.security.cert.X509Certificate; 20 21/** 22 * One or more individual SSL errors and the associated SSL certificate 23 */ 24public class SslError { 25 26 /** 27 * Individual SSL errors (in the order from the least to the most severe): 28 */ 29 30 /** 31 * The certificate is not yet valid 32 */ 33 public static final int SSL_NOTYETVALID = 0; 34 /** 35 * The certificate has expired 36 */ 37 public static final int SSL_EXPIRED = 1; 38 /** 39 * Hostname mismatch 40 */ 41 public static final int SSL_IDMISMATCH = 2; 42 /** 43 * The certificate authority is not trusted 44 */ 45 public static final int SSL_UNTRUSTED = 3; 46 /** 47 * The date of the certificate is invalid 48 */ 49 public static final int SSL_DATE_INVALID = 4; 50 /** 51 * The certificate is invalid 52 */ 53 public static final int SSL_INVALID = 5; 54 55 56 /** 57 * The number of different SSL errors (update if you add a new SSL error!!!) 58 * @deprecated This constant is not necessary for using the SslError API and 59 * can change from release to release. 60 */ 61 @Deprecated 62 public static final int SSL_MAX_ERROR = 6; 63 64 /** 65 * The SSL error set bitfield (each individual error is an bit index; 66 * multiple individual errors can be OR-ed) 67 */ 68 int mErrors; 69 70 /** 71 * The SSL certificate associated with the error set 72 */ 73 final SslCertificate mCertificate; 74 75 /** 76 * The URL associated with the error set. 77 */ 78 final String mUrl; 79 80 /** 81 * Creates a new SSL error set object 82 * @param error The SSL error 83 * @param certificate The associated SSL certificate 84 * @deprecated Use {@link #SslError(int, SslCertificate, String)} 85 */ 86 @Deprecated 87 public SslError(int error, SslCertificate certificate) { 88 addError(error); 89 if (certificate == null) { 90 throw new NullPointerException("certificate is null."); 91 } 92 mCertificate = certificate; 93 mUrl = ""; 94 } 95 96 /** 97 * Creates a new SSL error set object 98 * @param error The SSL error 99 * @param certificate The associated SSL certificate 100 * @deprecated Use {@link #SslError(int, X509Certificate, String)} 101 */ 102 @Deprecated 103 public SslError(int error, X509Certificate certificate) { 104 addError(error); 105 if (certificate == null) { 106 throw new NullPointerException("certificate is null."); 107 } 108 mCertificate = new SslCertificate(certificate); 109 mUrl = ""; 110 } 111 112 /** 113 * Creates a new SSL error set object 114 * @param error The SSL error 115 * @param certificate The associated SSL certificate 116 * @param url The associated URL. 117 */ 118 public SslError(int error, SslCertificate certificate, String url) { 119 addError(error); 120 if (certificate == null) { 121 throw new NullPointerException("certificate is null."); 122 } 123 mCertificate = certificate; 124 if (url == null) { 125 throw new NullPointerException("url is null."); 126 } 127 mUrl = url; 128 } 129 130 /** 131 * Creates an SslError object from a chromium error code. 132 * @param error The chromium error code 133 * @param certificate The associated SSL certificate 134 * @param url The associated URL. 135 * @hide chromium error codes only available inside the framework 136 */ 137 public static SslError SslErrorFromChromiumErrorCode( 138 int error, SslCertificate cert, String url) { 139 // The chromium error codes are in: 140 // external/chromium/net/base/net_error_list.h 141 if (error > -200 || error < -299) { 142 throw new NullPointerException("Not a valid chromium SSL error code."); 143 } 144 if (error == -200) 145 return new SslError(SSL_IDMISMATCH, cert, url); 146 if (error == -201) 147 return new SslError(SSL_DATE_INVALID, cert, url); 148 if (error == -202) 149 return new SslError(SSL_UNTRUSTED, cert, url); 150 // Map all other errors to SSL_INVALID 151 return new SslError(SSL_INVALID, cert, url); 152 } 153 154 /** 155 * Creates a new SSL error set object 156 * @param error The SSL error 157 * @param certificate The associated SSL certificate 158 * @param url The associated URL. 159 */ 160 public SslError(int error, X509Certificate certificate, String url) { 161 addError(error); 162 if (certificate == null) { 163 throw new NullPointerException("certificate is null."); 164 } 165 mCertificate = new SslCertificate(certificate); 166 if (url == null) { 167 throw new NullPointerException("url is null."); 168 } 169 mUrl = url; 170 } 171 172 /** 173 * @return The SSL certificate associated with the error set, non-null. 174 */ 175 public SslCertificate getCertificate() { 176 return mCertificate; 177 } 178 179 /** 180 * @return The URL associated with the error set, non-null. 181 * "" if one of the deprecated constructors is used. 182 */ 183 public String getUrl() { 184 return mUrl; 185 } 186 187 /** 188 * Adds the SSL error to the error set 189 * @param error The SSL error to add 190 * @return True iff the error being added is a known SSL error 191 */ 192 public boolean addError(int error) { 193 boolean rval = (0 <= error && error < SslError.SSL_MAX_ERROR); 194 if (rval) { 195 mErrors |= (0x1 << error); 196 } 197 198 return rval; 199 } 200 201 /** 202 * @param error The SSL error to check 203 * @return True iff the set includes the error 204 */ 205 public boolean hasError(int error) { 206 boolean rval = (0 <= error && error < SslError.SSL_MAX_ERROR); 207 if (rval) { 208 rval = ((mErrors & (0x1 << error)) != 0); 209 } 210 211 return rval; 212 } 213 214 /** 215 * @return The primary, most severe, SSL error in the set 216 */ 217 public int getPrimaryError() { 218 if (mErrors != 0) { 219 // go from the most to the least severe errors 220 for (int error = SslError.SSL_MAX_ERROR - 1; error >= 0; --error) { 221 if ((mErrors & (0x1 << error)) != 0) { 222 return error; 223 } 224 } 225 } 226 227 return 0; 228 } 229 230 /** 231 * @return A String representation of this SSL error object 232 * (used mostly for debugging). 233 */ 234 public String toString() { 235 return "primary error: " + getPrimaryError() + 236 " certificate: " + getCertificate() + 237 " on URL: " + getUrl(); 238 } 239} 240