Version 7.6.3.2-android, tag libreoffice-7.6.3.2-android
[LibreOffice.git] / xmlsecurity / source / xmlsec / nss / secerror.cxx
blobb7e623ce00b89f2b14c1ce51fcc494cc76c5a65d
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3 * This file is part of the LibreOffice project.
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
9 * This file incorporates work covered by the following license notice:
11 * Licensed to the Apache Software Foundation (ASF) under one or more
12 * contributor license agreements. See the NOTICE file distributed
13 * with this work for additional information regarding copyright
14 * ownership. The ASF licenses this file to you under the Apache
15 * License, Version 2.0 (the "License"); you may not use this file
16 * except in compliance with the License. You may obtain a copy of
17 * the License at http://www.apache.org/licenses/LICENSE-2.0 .
21 #include <secerr.h>
22 #include "secerror.hxx"
23 #include <nss.h>
24 #include <certt.h>
25 #include <sal/log.hxx>
27 namespace {
29 struct ErrDesc {
30 PRErrorCode const errNum;
31 const char * errString;
36 const ErrDesc allDesc[] = {
38 #include "certerrors.h"
43 /* Returns a UTF-8 encoded constant error string for "errNum".
44 * Returns NULL of errNum is unknown.
46 const char *
47 getCertError(PRErrorCode errNum)
49 for (const ErrDesc& i : allDesc)
51 if (i.errNum == errNum)
52 return i.errString;
55 return "";
58 void
59 printChainFailure(CERTVerifyLog *log)
61 unsigned int depth = static_cast<unsigned int>(-1);
62 CERTVerifyLogNode *node = nullptr;
64 if (log->count > 0)
66 SAL_INFO("xmlsecurity.xmlsec", "Bad certification path:");
67 unsigned long errorFlags = 0;
68 for (node = log->head; node; node = node->next)
70 if (depth != node->depth)
72 depth = node->depth;
73 SAL_INFO("xmlsecurity.xmlsec", "Certificate: " << depth <<
74 node->cert->subjectName << ": " <<
75 (depth ? "[Certificate Authority]": ""));
77 SAL_INFO("xmlsecurity.xmlsec", " ERROR " << node->error << ": " <<
78 getCertError(node->error));
79 const char * specificError = nullptr;
80 const char * issuer = nullptr;
81 switch (node->error)
83 case SEC_ERROR_INADEQUATE_KEY_USAGE:
84 errorFlags = reinterpret_cast<unsigned long>(node->arg);
85 switch (errorFlags)
87 case KU_DIGITAL_SIGNATURE:
88 specificError = "Certificate cannot sign.";
89 break;
90 case KU_KEY_ENCIPHERMENT:
91 specificError = "Certificate cannot encrypt.";
92 break;
93 case KU_KEY_CERT_SIGN:
94 specificError = "Certificate cannot sign other certs.";
95 break;
96 default:
97 specificError = "[unknown usage].";
98 break;
100 break;
101 case SEC_ERROR_INADEQUATE_CERT_TYPE:
102 errorFlags = reinterpret_cast<unsigned long>(node->arg);
103 switch (errorFlags)
105 case NS_CERT_TYPE_SSL_CLIENT:
106 case NS_CERT_TYPE_SSL_SERVER:
107 specificError = "Certificate cannot be used for SSL.";
108 break;
109 case NS_CERT_TYPE_SSL_CA:
110 specificError = "Certificate cannot be used as an SSL CA.";
111 break;
112 case NS_CERT_TYPE_EMAIL:
113 specificError = "Certificate cannot be used for SMIME.";
114 break;
115 case NS_CERT_TYPE_EMAIL_CA:
116 specificError = "Certificate cannot be used as an SMIME CA.";
117 break;
118 case NS_CERT_TYPE_OBJECT_SIGNING:
119 specificError = "Certificate cannot be used for object signing.";
120 break;
121 case NS_CERT_TYPE_OBJECT_SIGNING_CA:
122 specificError = "Certificate cannot be used as an object signing CA.";
123 break;
124 default:
125 specificError = "[unknown usage].";
126 break;
128 break;
129 case SEC_ERROR_UNKNOWN_ISSUER:
130 specificError = "Unknown issuer:";
131 issuer = node->cert->issuerName;
132 break;
133 case SEC_ERROR_UNTRUSTED_ISSUER:
134 specificError = "Untrusted issuer:";
135 issuer = node->cert->issuerName;
136 break;
137 case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
138 specificError = "Expired issuer certificate:";
139 issuer = node->cert->issuerName;
140 break;
141 default:
142 break;
144 if (specificError)
145 SAL_INFO("xmlsecurity.xmlsec", specificError);
146 if (issuer)
147 SAL_INFO("xmlsecurity.xmlsec", issuer);
152 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */