ssl_error_info.cc revision 8bcbed890bc3ce4d7a057a8f32cab53fa534672e
15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "chrome/browser/ssl/ssl_error_info.h" 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/i18n/time_formatting.h" 8868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#include "base/strings/utf_string_conversions.h" 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "content/public/browser/cert_store.h" 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "grit/chromium_strings.h" 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "grit/generated_resources.h" 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/escape.h" 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/net_errors.h" 14c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/cert_status_flags.h" 152a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "net/ssl/ssl_info.h" 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "ui/base/l10n/l10n_util.h" 17eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "url/gurl.h" 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SSLErrorInfo::SSLErrorInfo(const string16& title, 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const string16& details, 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const string16& short_description, 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::vector<string16>& extra_info) 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) : title_(title), 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details_(details), 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description_(short_description), 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) extra_information_(extra_info) { 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SSLErrorInfo SSLErrorInfo::CreateError(ErrorType error_type, 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::X509Certificate* cert, 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const GURL& request_url) { 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) string16 title, details, short_description; 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::vector<string16> extra_info; 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) switch (error_type) { 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case CERT_COMMON_NAME_INVALID: { 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) title = 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_COMMON_NAME_INVALID_TITLE); 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // If the certificate contains multiple DNS names, we choose the most 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // representative one -- either the DNS name that's also in the subject 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // field, or the first one. If this heuristic turns out to be 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // inadequate, we can consider choosing the DNS name that is the 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // "closest match" to the host name in the request URL, or listing all 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // the DNS names with an HTML <ul>. 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::vector<std::string> dns_names; 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cert->GetDNSNames(&dns_names); 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(!dns_names.empty()); 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) size_t i = 0; 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) for (; i < dns_names.size(); ++i) { 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (dns_names[i] == cert->subject().common_name) 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (i == dns_names.size()) 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) i = 0; 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringFUTF16(IDS_CERT_ERROR_COMMON_NAME_INVALID_DETAILS, 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host()), 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::EscapeForHTML( 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(dns_names[i])), 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host())); 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = l10n_util::GetStringUTF16( 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_COMMON_NAME_INVALID_DESCRIPTION); 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) extra_info.push_back( 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_1)); 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) extra_info.push_back( 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringFUTF16( 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_COMMON_NAME_INVALID_EXTRA_INFO_2, 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::EscapeForHTML(UTF8ToUTF16(cert->subject().common_name)), 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host()))); 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case CERT_DATE_INVALID: 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) extra_info.push_back( 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_1)); 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (cert->HasExpired()) { 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) title = l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXPIRED_TITLE); 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = l10n_util::GetStringFUTF16( 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_EXPIRED_DETAILS, 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host()), 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host()), 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::TimeFormatFriendlyDateAndTime(base::Time::Now())); 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXPIRED_DESCRIPTION); 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) extra_info.push_back(l10n_util::GetStringUTF16( 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_EXPIRED_DETAILS_EXTRA_INFO_2)); 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Then it must be not yet valid. We don't check that it is not yet 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // valid as there is still a very unlikely chance that the cert might 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // have become valid since the error occurred. 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) title = l10n_util::GetStringUTF16(IDS_CERT_ERROR_NOT_YET_VALID_TITLE); 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = l10n_util::GetStringFUTF16( 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_NOT_YET_VALID_DETAILS, 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host()), 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host()), 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::TimeFormatFriendlyDateAndTime(base::Time::Now())); 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_NOT_YET_VALID_DESCRIPTION); 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) extra_info.push_back( 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16( 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_NOT_YET_VALID_DETAILS_EXTRA_INFO_2)); 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case CERT_AUTHORITY_INVALID: 1045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) title = l10n_util::GetStringUTF16(IDS_CERT_ERROR_AUTHORITY_INVALID_TITLE); 1055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = l10n_util::GetStringFUTF16( 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_AUTHORITY_INVALID_DETAILS, 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host())); 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = l10n_util::GetStringUTF16( 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_AUTHORITY_INVALID_DESCRIPTION); 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) extra_info.push_back( 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_1)); 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) extra_info.push_back(l10n_util::GetStringFUTF16( 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_AUTHORITY_INVALID_EXTRA_INFO_2, 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host()), 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host()))); 116a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles)#if !defined(OS_IOS) 117a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) // The third paragraph advises users to install a private trust anchor, 118a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) // but that is not possible in Chrome for iOS at this time. 1195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) extra_info.push_back(l10n_util::GetStringUTF16( 1205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_AUTHORITY_INVALID_EXTRA_INFO_3)); 121a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles)#endif 1225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case CERT_CONTAINS_ERRORS: 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) title = l10n_util::GetStringUTF16(IDS_CERT_ERROR_CONTAINS_ERRORS_TITLE); 1255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = l10n_util::GetStringFUTF16( 1265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_CONTAINS_ERRORS_DETAILS, 1275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host())); 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = 1295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_CONTAINS_ERRORS_DESCRIPTION); 1305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) extra_info.push_back( 1315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringFUTF16(IDS_CERT_ERROR_EXTRA_INFO_1, 1325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host()))); 1335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) extra_info.push_back(l10n_util::GetStringUTF16( 1345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_CONTAINS_ERRORS_EXTRA_INFO_2)); 1355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 1365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case CERT_NO_REVOCATION_MECHANISM: 1375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) title = l10n_util::GetStringUTF16( 1385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_NO_REVOCATION_MECHANISM_TITLE); 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = l10n_util::GetStringUTF16( 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_NO_REVOCATION_MECHANISM_DETAILS); 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = l10n_util::GetStringUTF16( 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_NO_REVOCATION_MECHANISM_DESCRIPTION); 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 1445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case CERT_UNABLE_TO_CHECK_REVOCATION: 1455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) title = l10n_util::GetStringUTF16( 1465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_TITLE); 1475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = l10n_util::GetStringUTF16( 1485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_DETAILS); 1495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = l10n_util::GetStringUTF16( 1505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_DESCRIPTION); 1515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 1525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case CERT_REVOKED: 1535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) title = l10n_util::GetStringUTF16(IDS_CERT_ERROR_REVOKED_CERT_TITLE); 1545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = l10n_util::GetStringFUTF16(IDS_CERT_ERROR_REVOKED_CERT_DETAILS, 1555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host())); 1565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = 1575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_REVOKED_CERT_DESCRIPTION); 1585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) extra_info.push_back( 1595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_1)); 1605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) extra_info.push_back( 1615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_REVOKED_CERT_EXTRA_INFO_2)); 1625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 1635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case CERT_INVALID: 1645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) title = l10n_util::GetStringUTF16(IDS_CERT_ERROR_INVALID_CERT_TITLE); 1655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = l10n_util::GetStringFUTF16( 1665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_INVALID_CERT_DETAILS, 1675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host())); 1685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = 1695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_INVALID_CERT_DESCRIPTION); 1705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) extra_info.push_back( 1715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_1)); 1725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) extra_info.push_back(l10n_util::GetStringUTF16( 1735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_INVALID_CERT_EXTRA_INFO_2)); 1745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 1755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case CERT_WEAK_SIGNATURE_ALGORITHM: 1765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) title = l10n_util::GetStringUTF16( 1775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_TITLE); 1785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = l10n_util::GetStringFUTF16( 1795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_DETAILS, 1805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UTF8ToUTF16(request_url.host())); 1815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = l10n_util::GetStringUTF16( 1825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_DESCRIPTION); 1835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) extra_info.push_back( 1845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_1)); 1855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) extra_info.push_back( 1865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16( 1875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_EXTRA_INFO_2)); 1885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 1895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case CERT_WEAK_KEY: 1905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) title = l10n_util::GetStringUTF16(IDS_CERT_ERROR_WEAK_KEY_TITLE); 1915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = l10n_util::GetStringFUTF16( 1925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_WEAK_KEY_DETAILS, UTF8ToUTF16(request_url.host())); 1935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = l10n_util::GetStringUTF16( 1945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_WEAK_KEY_DESCRIPTION); 1955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) extra_info.push_back( 1965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_1)); 1975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) extra_info.push_back( 1985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16( 1995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IDS_CERT_ERROR_WEAK_KEY_EXTRA_INFO_2)); 2005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2018bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) case CERT_WEAK_KEY_DH: 2028bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) title = l10n_util::GetStringUTF16( 2038bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) IDS_ERRORPAGES_HEADING_WEAK_SERVER_EPHEMERAL_DH_KEY); 2048bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) details = l10n_util::GetStringFUTF16( 2058bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) IDS_CERT_ERROR_WEAK_KEY_DETAILS, UTF8ToUTF16(request_url.host())); 2068bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) short_description = l10n_util::GetStringUTF16( 2078bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) IDS_CERT_ERROR_WEAK_KEY_DESCRIPTION); 2088bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) extra_info.push_back( 2098bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) l10n_util::GetStringUTF16( 2108bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) IDS_ERRORPAGES_SUMMARY_WEAK_SERVER_EPHEMERAL_DH_KEY)); 2118bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) case CERT_PINNED_KEY_MISSING: 2128bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) title = l10n_util::GetStringUTF16( 2138bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) IDS_ERRORPAGES_HEADING_PINNING_FAILURE); 2148bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) details = l10n_util::GetStringUTF16( 2158bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) IDS_ERRORPAGES_SUMMARY_PINNING_FAILURE); 2168bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) short_description = l10n_util::GetStringUTF16( 2178bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) IDS_ERRORPAGES_DETAILS_PINNING_FAILURE); 2185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case UNKNOWN: 2195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) title = l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_TITLE); 2205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) details = l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DETAILS); 2215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) short_description = 2225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DESCRIPTION); 2235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) default: 2255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NOTREACHED(); 2265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return SSLErrorInfo(title, details, short_description, extra_info); 2285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SSLErrorInfo::~SSLErrorInfo() { 2315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 2345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SSLErrorInfo::ErrorType SSLErrorInfo::NetErrorToErrorType(int net_error) { 2355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) switch (net_error) { 2365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case net::ERR_CERT_COMMON_NAME_INVALID: 2375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return CERT_COMMON_NAME_INVALID; 2385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case net::ERR_CERT_DATE_INVALID: 2395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return CERT_DATE_INVALID; 2405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case net::ERR_CERT_AUTHORITY_INVALID: 2415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return CERT_AUTHORITY_INVALID; 2425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case net::ERR_CERT_CONTAINS_ERRORS: 2435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return CERT_CONTAINS_ERRORS; 2445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case net::ERR_CERT_NO_REVOCATION_MECHANISM: 2455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return CERT_NO_REVOCATION_MECHANISM; 2465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION: 2475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return CERT_UNABLE_TO_CHECK_REVOCATION; 2485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case net::ERR_CERT_REVOKED: 2495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return CERT_REVOKED; 2505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case net::ERR_CERT_INVALID: 2515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return CERT_INVALID; 2525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM: 2535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return CERT_WEAK_SIGNATURE_ALGORITHM; 2545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case net::ERR_CERT_WEAK_KEY: 2555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return CERT_WEAK_KEY; 2568bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY: 2578bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) return CERT_WEAK_KEY_DH; 2588bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN: 2598bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) return CERT_PINNED_KEY_MISSING; 2605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) default: 2615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NOTREACHED(); 2625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return UNKNOWN; 2635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 2675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int SSLErrorInfo::GetErrorsForCertStatus(int cert_id, 2685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::CertStatus cert_status, 2695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const GURL& url, 2705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::vector<SSLErrorInfo>* errors) { 2715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const net::CertStatus kErrorFlags[] = { 2725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::CERT_STATUS_COMMON_NAME_INVALID, 2735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::CERT_STATUS_DATE_INVALID, 2745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::CERT_STATUS_AUTHORITY_INVALID, 2755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::CERT_STATUS_NO_REVOCATION_MECHANISM, 2765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, 2775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::CERT_STATUS_REVOKED, 2785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::CERT_STATUS_INVALID, 2795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM, 2805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net::CERT_STATUS_WEAK_KEY 2815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }; 2825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const ErrorType kErrorTypes[] = { 2845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_COMMON_NAME_INVALID, 2855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_DATE_INVALID, 2865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_AUTHORITY_INVALID, 2875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_NO_REVOCATION_MECHANISM, 2885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_UNABLE_TO_CHECK_REVOCATION, 2895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_REVOKED, 2905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_INVALID, 2915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_WEAK_SIGNATURE_ALGORITHM, 2925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_WEAK_KEY 2935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }; 2945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(arraysize(kErrorFlags) == arraysize(kErrorTypes)); 2955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<net::X509Certificate> cert = NULL; 2975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int count = 0; 2985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) for (size_t i = 0; i < arraysize(kErrorFlags); ++i) { 2995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (cert_status & kErrorFlags[i]) { 3005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) count++; 3015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!cert.get()) { 3025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool r = content::CertStore::GetInstance()->RetrieveCert( 3035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cert_id, &cert); 3045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(r); 3055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (errors) 307868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) errors->push_back( 308868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) SSLErrorInfo::CreateError(kErrorTypes[i], cert.get(), url)); 3095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return count; 3125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 313