net/base/cert_status_flags.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_BASE_CERT_STATUS_FLAGS_H_
   6 #define NET_BASE_CERT_STATUS_FLAGS_H_
   7
   8 #include "base/basictypes.h"
   9 #include "net/base/net_export.h"
  10
  11 namespace net {
  12
  13 // Bitmask of status flags of a certificate, representing any errors, as well as
  14 // other non-error status information such as whether the certificate is EV.
  15 typedef uint32 CertStatus;
  16
  17 // The possible status bits for CertStatus.
  18 // NOTE: Because these names have appeared in bug reports, we preserve them as
  19 // MACRO_STYLE for continuity, instead of renaming them to kConstantStyle as
  20 // befits most static consts.
  21 // Bits 0 to 15 are for errors.
  22 static const CertStatus CERT_STATUS_ALL_ERRORS                 = 0xFFFF;
  23 static const CertStatus CERT_STATUS_COMMON_NAME_INVALID        = 1 << 0;
  24 static const CertStatus CERT_STATUS_DATE_INVALID               = 1 << 1;
  25 static const CertStatus CERT_STATUS_AUTHORITY_INVALID          = 1 << 2;
  26 // 1 << 3 is reserved for ERR_CERT_CONTAINS_ERRORS (not useful with WinHTTP).
  27 static const CertStatus CERT_STATUS_NO_REVOCATION_MECHANISM    = 1 << 4;
  28 static const CertStatus CERT_STATUS_UNABLE_TO_CHECK_REVOCATION = 1 << 5;
  29 static const CertStatus CERT_STATUS_REVOKED                    = 1 << 6;
  30 static const CertStatus CERT_STATUS_INVALID                    = 1 << 7;
  31 static const CertStatus CERT_STATUS_WEAK_SIGNATURE_ALGORITHM   = 1 << 8;
  32 // 1 << 9 was used for CERT_STATUS_NOT_IN_DNS
  33 static const CertStatus CERT_STATUS_NON_UNIQUE_NAME            = 1 << 10;
  34 static const CertStatus CERT_STATUS_WEAK_KEY                   = 1 << 11;
  35
  36 // Bits 16 to 31 are for non-error statuses.
  37 static const CertStatus CERT_STATUS_IS_EV                      = 1 << 16;
  38 static const CertStatus CERT_STATUS_REV_CHECKING_ENABLED       = 1 << 17;
  39 // bit 18 was CERT_STATUS_IS_DNSSEC.
  40
  41 // Returns true if the specified cert status has an error set.
  42 static inline bool IsCertStatusError(CertStatus status) {
  43   return (CERT_STATUS_ALL_ERRORS & status) != 0;
  44 }
  45
  46 // IsCertStatusMinorError returns true iff |cert_status| indicates a condition
  47 // that should typically be ignored by automated requests. (i.e. a revocation
  48 // check failure.)
  49 NET_EXPORT bool IsCertStatusMinorError(CertStatus cert_status);
  50
  51 // Maps a network error code to the equivalent certificate status flag.  If
  52 // the error code is not a certificate error, it is mapped to 0.
  53 NET_EXPORT CertStatus MapNetErrorToCertStatus(int error);
  54
  55 // Maps the most serious certificate error in the certificate status flags
  56 // to the equivalent network error code.
  57 NET_EXPORT int MapCertStatusToNetError(CertStatus cert_status);
  58
  59 }  // namespace net
  60
  61 #endif  // NET_BASE_CERT_STATUS_FLAGS_H_