15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "chrome/browser/ssl/ssl_error_info.h" 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/i18n/time_formatting.h" 85f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "base/strings/string_number_conversions.h" 9868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#include "base/strings/utf_string_conversions.h" 1003b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)#include "chrome/grit/chromium_strings.h" 1103b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)#include "chrome/grit/generated_resources.h" 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "content/public/browser/cert_store.h" 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/escape.h" 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/net_errors.h" 15c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/cert_status_flags.h" 162a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "net/ssl/ssl_info.h" 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "ui/base/l10n/l10n_util.h" 18eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "url/gurl.h" 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)using base::UTF8ToUTF16; 215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 226e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)SSLErrorInfo::SSLErrorInfo(const base::string16& details, 236e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) const base::string16& short_description) 246e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) : details_(details), 256e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) short_description_(short_description) { 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SSLErrorInfo SSLErrorInfo::CreateError(ErrorType error_type, 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::X509Certificate* cert, 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const GURL& request_url) { 326e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) base::string16 details, short_description; 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) switch (error_type) { 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case CERT_COMMON_NAME_INVALID: { 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // If the certificate contains multiple DNS names, we choose the most 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // representative one -- either the DNS name that's also in the subject 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // field, or the first one. If this heuristic turns out to be 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // inadequate, we can consider choosing the DNS name that is the 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // "closest match" to the host name in the request URL, or listing all 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // the DNS names with an HTML <ul>. 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::vector<std::string> dns_names; 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cert->GetDNSNames(&dns_names); 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(!dns_names.empty()); 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) size_t i = 0; 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) for (; i < dns_names.size(); ++i) { 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (dns_names[i] == cert->subject().common_name) 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (i == dns_names.size()) 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) i = 0; 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringFUTF16(IDS_CERT_ERROR_COMMON_NAME_INVALID_DETAILS, 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host()), 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::EscapeForHTML( 555f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) UTF8ToUTF16(dns_names[i]))); 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = l10n_util::GetStringUTF16( 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_COMMON_NAME_INVALID_DESCRIPTION); 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case CERT_DATE_INVALID: 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (cert->HasExpired()) { 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = l10n_util::GetStringFUTF16( 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_EXPIRED_DETAILS, 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host()), 655f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::IntToString16( 665f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) (base::Time::Now() - cert->valid_expiry()).InDays()), 675f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::TimeFormatFriendlyDate(base::Time::Now())); 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXPIRED_DESCRIPTION); 7003b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles) } else if (base::Time::Now() < cert->valid_start()) { 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = l10n_util::GetStringFUTF16( 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_NOT_YET_VALID_DETAILS, 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host()), 745f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::IntToString16( 755f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) (cert->valid_start() - base::Time::Now()).InDays())); 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_NOT_YET_VALID_DESCRIPTION); 7803b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles) } else { 7903b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles) // Two possibilities: (1) an intermediate or root certificate has 8003b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles) // expired, or (2) the certificate has become valid since the error 8103b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles) // occurred. Since (1) is more likely, assume that's the case. 8203b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles) details = l10n_util::GetStringFUTF16( 8303b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles) IDS_CERT_ERROR_CHAIN_EXPIRED_DETAILS, 8403b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles) UTF8ToUTF16(request_url.host()), 8503b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles) base::TimeFormatFriendlyDate(base::Time::Now())); 8603b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles) short_description = 8703b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_CHAIN_EXPIRED_DESCRIPTION); 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case CERT_AUTHORITY_INVALID: 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = l10n_util::GetStringFUTF16( 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_AUTHORITY_INVALID_DETAILS, 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host())); 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = l10n_util::GetStringUTF16( 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_AUTHORITY_INVALID_DESCRIPTION); 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case CERT_CONTAINS_ERRORS: 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = l10n_util::GetStringFUTF16( 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_CONTAINS_ERRORS_DETAILS, 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host())); 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_CONTAINS_ERRORS_DESCRIPTION); 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 1045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case CERT_NO_REVOCATION_MECHANISM: 1055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = l10n_util::GetStringUTF16( 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_NO_REVOCATION_MECHANISM_DETAILS); 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = l10n_util::GetStringUTF16( 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_NO_REVOCATION_MECHANISM_DESCRIPTION); 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case CERT_REVOKED: 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = l10n_util::GetStringFUTF16(IDS_CERT_ERROR_REVOKED_CERT_DETAILS, 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host())); 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_REVOKED_CERT_DESCRIPTION); 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 1165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case CERT_INVALID: 1175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = l10n_util::GetStringFUTF16( 1185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_INVALID_CERT_DETAILS, 1195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host())); 1205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = 1215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_INVALID_CERT_DESCRIPTION); 1225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case CERT_WEAK_SIGNATURE_ALGORITHM: 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = l10n_util::GetStringFUTF16( 1255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_DETAILS, 1265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host())); 1275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = l10n_util::GetStringUTF16( 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_DESCRIPTION); 1295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 1305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case CERT_WEAK_KEY: 1315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = l10n_util::GetStringFUTF16( 1325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_WEAK_KEY_DETAILS, UTF8ToUTF16(request_url.host())); 1335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = l10n_util::GetStringUTF16( 1345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_WEAK_KEY_DESCRIPTION); 1355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 1368bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) case CERT_WEAK_KEY_DH: 1378bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) details = l10n_util::GetStringFUTF16( 1388bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) IDS_CERT_ERROR_WEAK_KEY_DETAILS, UTF8ToUTF16(request_url.host())); 1398bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) short_description = l10n_util::GetStringUTF16( 1408bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) IDS_CERT_ERROR_WEAK_KEY_DESCRIPTION); 1415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) case CERT_NAME_CONSTRAINT_VIOLATION: 1425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) details = l10n_util::GetStringFUTF16( 1435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DETAILS, 1445d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) UTF8ToUTF16(request_url.host())); 1455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) short_description = l10n_util::GetStringUTF16( 1465d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DESCRIPTION); 1475d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) break; 1488bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) case CERT_PINNED_KEY_MISSING: 1498bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) details = l10n_util::GetStringUTF16( 1508bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) IDS_ERRORPAGES_SUMMARY_PINNING_FAILURE); 1518bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) short_description = l10n_util::GetStringUTF16( 1528bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) IDS_ERRORPAGES_DETAILS_PINNING_FAILURE); 15334680572440d7894ef8dafce81d8039ed80726a2Torne (Richard Coles) break; 1545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case UNKNOWN: 1555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DETAILS); 1565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = 1575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DESCRIPTION); 1585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 1596e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) case CERT_UNABLE_TO_CHECK_REVOCATION: // Deprecated. 1605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) default: 1615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NOTREACHED(); 1625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1636e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) return SSLErrorInfo(details, short_description); 1645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SSLErrorInfo::~SSLErrorInfo() { 1675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 1705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SSLErrorInfo::ErrorType SSLErrorInfo::NetErrorToErrorType(int net_error) { 1715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) switch (net_error) { 1725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case net::ERR_CERT_COMMON_NAME_INVALID: 1735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return CERT_COMMON_NAME_INVALID; 1745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case net::ERR_CERT_DATE_INVALID: 1755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return CERT_DATE_INVALID; 1765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case net::ERR_CERT_AUTHORITY_INVALID: 1775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return CERT_AUTHORITY_INVALID; 1785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case net::ERR_CERT_CONTAINS_ERRORS: 1795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return CERT_CONTAINS_ERRORS; 1805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case net::ERR_CERT_NO_REVOCATION_MECHANISM: 1815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return CERT_NO_REVOCATION_MECHANISM; 1825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION: 1835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return CERT_UNABLE_TO_CHECK_REVOCATION; 1845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case net::ERR_CERT_REVOKED: 1855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return CERT_REVOKED; 1865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case net::ERR_CERT_INVALID: 1875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return CERT_INVALID; 1885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM: 1895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return CERT_WEAK_SIGNATURE_ALGORITHM; 1905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case net::ERR_CERT_WEAK_KEY: 1915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return CERT_WEAK_KEY; 1925d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION: 1935d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) return CERT_NAME_CONSTRAINT_VIOLATION; 1948bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY: 1958bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) return CERT_WEAK_KEY_DH; 1968bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN: 1978bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) return CERT_PINNED_KEY_MISSING; 1985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) default: 1995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NOTREACHED(); 2005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return UNKNOWN; 2015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 2055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int SSLErrorInfo::GetErrorsForCertStatus(int cert_id, 2065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::CertStatus cert_status, 2075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const GURL& url, 2085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::vector<SSLErrorInfo>* errors) { 2095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const net::CertStatus kErrorFlags[] = { 2105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::CERT_STATUS_COMMON_NAME_INVALID, 2115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::CERT_STATUS_DATE_INVALID, 2125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::CERT_STATUS_AUTHORITY_INVALID, 2135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::CERT_STATUS_NO_REVOCATION_MECHANISM, 2145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, 2155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::CERT_STATUS_REVOKED, 2165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::CERT_STATUS_INVALID, 2175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM, 2185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) net::CERT_STATUS_WEAK_KEY, 2195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION, 2205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }; 2215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const ErrorType kErrorTypes[] = { 2235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_COMMON_NAME_INVALID, 2245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_DATE_INVALID, 2255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_AUTHORITY_INVALID, 2265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_NO_REVOCATION_MECHANISM, 2275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_UNABLE_TO_CHECK_REVOCATION, 2285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_REVOKED, 2295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_INVALID, 2305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_WEAK_SIGNATURE_ALGORITHM, 2315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) CERT_WEAK_KEY, 2325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) CERT_NAME_CONSTRAINT_VIOLATION, 2335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }; 2345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(arraysize(kErrorFlags) == arraysize(kErrorTypes)); 2355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<net::X509Certificate> cert = NULL; 2375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int count = 0; 2385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) for (size_t i = 0; i < arraysize(kErrorFlags); ++i) { 2395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (cert_status & kErrorFlags[i]) { 2405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) count++; 2415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!cert.get()) { 2425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool r = content::CertStore::GetInstance()->RetrieveCert( 2435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cert_id, &cert); 2445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(r); 2455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (errors) 247868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) errors->push_back( 248868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) SSLErrorInfo::CreateError(kErrorTypes[i], cert.get(), url)); 2495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return count; 2525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 253