1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5package org.chromium.android_webview;
6
7import android.net.http.SslCertificate;
8import android.net.http.SslError;
9import android.util.Log;
10
11import org.chromium.net.NetError;
12import org.chromium.net.X509Util;
13
14import java.security.KeyStoreException;
15import java.security.NoSuchAlgorithmException;
16import java.security.cert.CertificateException;
17import java.security.cert.X509Certificate;
18
19public class SslUtil {
20    private static final String TAG = "SslUtil";
21
22    /**
23     * Creates an SslError object from a chromium net error code.
24     */
25    public static SslError sslErrorFromNetErrorCode(int error, SslCertificate cert, String url) {
26        assert (error >= NetError.ERR_CERT_END && error <= NetError.ERR_CERT_COMMON_NAME_INVALID);
27        switch(error) {
28            case NetError.ERR_CERT_COMMON_NAME_INVALID:
29                return new SslError(SslError.SSL_IDMISMATCH, cert, url);
30            case NetError.ERR_CERT_DATE_INVALID:
31                return new SslError(SslError.SSL_DATE_INVALID, cert, url);
32            case NetError.ERR_CERT_AUTHORITY_INVALID:
33                return new SslError(SslError.SSL_UNTRUSTED, cert, url);
34            default:
35                break;
36        }
37        // Map all other codes to SSL_INVALID.
38        return new SslError(SslError.SSL_INVALID, cert, url);
39    }
40
41    public static SslCertificate getCertificateFromDerBytes(byte[] derBytes) {
42        if (derBytes == null) {
43            return null;
44        }
45
46        try {
47            X509Certificate x509Certificate =
48                    X509Util.createCertificateFromBytes(derBytes);
49            return new SslCertificate(x509Certificate);
50        } catch (CertificateException e) {
51            // A SSL related exception must have occured.  This shouldn't happen.
52            Log.w(TAG, "Could not read certificate: " + e);
53        } catch (KeyStoreException e) {
54            // A SSL related exception must have occured.  This shouldn't happen.
55            Log.w(TAG, "Could not read certificate: " + e);
56        } catch (NoSuchAlgorithmException e) {
57            // A SSL related exception must have occured.  This shouldn't happen.
58            Log.w(TAG, "Could not read certificate: " + e);
59        }
60        return null;
61    }
62}