search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Remove obsolete entries from .gitignore.
[chromium-blink-merge.git] / components / ssl_errors / error_info.cc
blob625a31b5510e49e1281676b5ac4ed71d8fd0b810
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "components/ssl_errors/error_info.h"
6
7 #include "base/i18n/message_formatter.h"
8 #include "base/strings/utf_string_conversions.h"
9 #include "grit/components_strings.h"
10 #include "net/base/escape.h"
11 #include "net/base/net_errors.h"
12 #include "net/cert/cert_status_flags.h"
13 #include "net/ssl/ssl_info.h"
14 #include "ui/base/l10n/l10n_util.h"
15 #include "url/gurl.h"
16
17 using base::UTF8ToUTF16;
18
19 namespace ssl_errors {
20
21 ErrorInfo::ErrorInfo(const base::string16& details,
22 const base::string16& short_description)
23 : details_(details), short_description_(short_description) {}
24
25 // static
26 ErrorInfo ErrorInfo::CreateError(ErrorType error_type,
27 net::X509Certificate* cert,
28 const GURL& request_url) {
29 base::string16 details, short_description;
30 switch (error_type) {
31 case CERT_COMMON_NAME_INVALID: {
32 // If the certificate contains multiple DNS names, we choose the most
33 // representative one -- either the DNS name that's also in the subject
34 // field, or the first one. If this heuristic turns out to be
35 // inadequate, we can consider choosing the DNS name that is the
36 // "closest match" to the host name in the request URL, or listing all
37 // the DNS names with an HTML <ul>.
38 std::vector<std::string> dns_names;
39 cert->GetDNSNames(&dns_names);
40 DCHECK(!dns_names.empty());
41 size_t i = 0;
42 for (; i < dns_names.size(); ++i) {
43 if (dns_names[i] == cert->subject().common_name)
44 break;
45 }
46 if (i == dns_names.size())
47 i = 0;
48 details = l10n_util::GetStringFUTF16(
49 IDS_CERT_ERROR_COMMON_NAME_INVALID_DETAILS,
50 UTF8ToUTF16(request_url.host()),
51 net::EscapeForHTML(UTF8ToUTF16(dns_names[i])));
52 short_description = l10n_util::GetStringUTF16(
53 IDS_CERT_ERROR_COMMON_NAME_INVALID_DESCRIPTION);
54 break;
55 }
56 case CERT_DATE_INVALID:
57 if (cert->HasExpired()) {
58 // Make sure to round up to the smallest integer value not less than
59 // the expiration value (https://crbug.com/476758).
60 int expiration_value =
61 (base::Time::Now() - cert->valid_expiry()).InDays() + 1;
62 details = base::i18n::MessageFormatter::FormatWithNumberedArgs(
63 l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXPIRED_DETAILS),
64 request_url.host(), expiration_value, base::Time::Now());
65 short_description =
66 l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXPIRED_DESCRIPTION);
67 } else if (base::Time::Now() < cert->valid_start()) {
68 details = base::i18n::MessageFormatter::FormatWithNumberedArgs(
69 l10n_util::GetStringUTF16(IDS_CERT_ERROR_NOT_YET_VALID_DETAILS),
70 request_url.host(),
71 (cert->valid_start() - base::Time::Now()).InDays());
72 short_description =
73 l10n_util::GetStringUTF16(IDS_CERT_ERROR_NOT_YET_VALID_DESCRIPTION);
74 } else {
75 // Two possibilities: (1) an intermediate or root certificate has
76 // expired, or (2) the certificate has become valid since the error
77 // occurred. Both are probably rare cases. To avoid giving the wrong
78 // date, remove the information.
79 details = l10n_util::GetStringFUTF16(
80 IDS_CERT_ERROR_NOT_VALID_AT_THIS_TIME_DETAILS,
81 UTF8ToUTF16(request_url.host()));
82 short_description = l10n_util::GetStringUTF16(
83 IDS_CERT_ERROR_NOT_VALID_AT_THIS_TIME_DESCRIPTION);
84 }
85 break;
86 case CERT_AUTHORITY_INVALID:
87 details =
88 l10n_util::GetStringFUTF16(IDS_CERT_ERROR_AUTHORITY_INVALID_DETAILS,
89 UTF8ToUTF16(request_url.host()));
90 short_description = l10n_util::GetStringUTF16(
91 IDS_CERT_ERROR_AUTHORITY_INVALID_DESCRIPTION);
92 break;
93 case CERT_CONTAINS_ERRORS:
94 details =
95 l10n_util::GetStringFUTF16(IDS_CERT_ERROR_CONTAINS_ERRORS_DETAILS,
96 UTF8ToUTF16(request_url.host()));
97 short_description =
98 l10n_util::GetStringUTF16(IDS_CERT_ERROR_CONTAINS_ERRORS_DESCRIPTION);
99 break;
100 case CERT_NO_REVOCATION_MECHANISM:
101 details = l10n_util::GetStringUTF16(
102 IDS_CERT_ERROR_NO_REVOCATION_MECHANISM_DETAILS);
103 short_description = l10n_util::GetStringUTF16(
104 IDS_CERT_ERROR_NO_REVOCATION_MECHANISM_DESCRIPTION);
105 break;
106 case CERT_REVOKED:
107 details = l10n_util::GetStringFUTF16(IDS_CERT_ERROR_REVOKED_CERT_DETAILS,
108 UTF8ToUTF16(request_url.host()));
109 short_description =
110 l10n_util::GetStringUTF16(IDS_CERT_ERROR_REVOKED_CERT_DESCRIPTION);
111 break;
112 case CERT_INVALID:
113 details = l10n_util::GetStringFUTF16(IDS_CERT_ERROR_INVALID_CERT_DETAILS,
114 UTF8ToUTF16(request_url.host()));
115 short_description =
116 l10n_util::GetStringUTF16(IDS_CERT_ERROR_INVALID_CERT_DESCRIPTION);
117 break;
118 case CERT_WEAK_SIGNATURE_ALGORITHM:
119 details = l10n_util::GetStringFUTF16(
120 IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_DETAILS,
121 UTF8ToUTF16(request_url.host()));
122 short_description = l10n_util::GetStringUTF16(
123 IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_DESCRIPTION);
124 break;
125 case CERT_WEAK_KEY:
126 details = l10n_util::GetStringFUTF16(IDS_CERT_ERROR_WEAK_KEY_DETAILS,
127 UTF8ToUTF16(request_url.host()));
128 short_description =
129 l10n_util::GetStringUTF16(IDS_CERT_ERROR_WEAK_KEY_DESCRIPTION);
130 break;
131 case CERT_WEAK_KEY_DH:
132 details = l10n_util::GetStringFUTF16(IDS_CERT_ERROR_WEAK_KEY_DETAILS,
133 UTF8ToUTF16(request_url.host()));
134 short_description =
135 l10n_util::GetStringUTF16(IDS_CERT_ERROR_WEAK_KEY_DESCRIPTION);
136 case CERT_NAME_CONSTRAINT_VIOLATION:
137 details = l10n_util::GetStringFUTF16(
138 IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DETAILS,
139 UTF8ToUTF16(request_url.host()));
140 short_description = l10n_util::GetStringUTF16(
141 IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DESCRIPTION);
142 break;
143 case CERT_VALIDITY_TOO_LONG:
144 details =
145 l10n_util::GetStringFUTF16(IDS_CERT_ERROR_VALIDITY_TOO_LONG_DETAILS,
146 UTF8ToUTF16(request_url.host()));
147 short_description = l10n_util::GetStringUTF16(
148 IDS_CERT_ERROR_VALIDITY_TOO_LONG_DESCRIPTION);
149 break;
150 case CERT_PINNED_KEY_MISSING:
151 details = l10n_util::GetStringUTF16(
152 IDS_CERT_ERROR_SUMMARY_PINNING_FAILURE_DETAILS);
153 short_description = l10n_util::GetStringUTF16(
154 IDS_CERT_ERROR_SUMMARY_PINNING_FAILURE_DESCRIPTION);
155 break;
156 case CERT_UNABLE_TO_CHECK_REVOCATION:
157 details = l10n_util::GetStringUTF16(
158 IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_DETAILS);
159 short_description = l10n_util::GetStringUTF16(
160 IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_DESCRIPTION);
161 break;
162 case UNKNOWN:
163 details = l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DETAILS);
164 short_description =
165 l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DESCRIPTION);
166 break;
167 default:
168 NOTREACHED();
169 }
170 return ErrorInfo(details, short_description);
171 }
172
173 ErrorInfo::~ErrorInfo() {}
174
175 // static
176 ErrorInfo::ErrorType ErrorInfo::NetErrorToErrorType(int net_error) {
177 switch (net_error) {
178 case net::ERR_CERT_COMMON_NAME_INVALID:
179 return CERT_COMMON_NAME_INVALID;
180 case net::ERR_CERT_DATE_INVALID:
181 return CERT_DATE_INVALID;
182 case net::ERR_CERT_AUTHORITY_INVALID:
183 return CERT_AUTHORITY_INVALID;
184 case net::ERR_CERT_CONTAINS_ERRORS:
185 return CERT_CONTAINS_ERRORS;
186 case net::ERR_CERT_NO_REVOCATION_MECHANISM:
187 return CERT_NO_REVOCATION_MECHANISM;
188 case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION:
189 return CERT_UNABLE_TO_CHECK_REVOCATION;
190 case net::ERR_CERT_REVOKED:
191 return CERT_REVOKED;
192 case net::ERR_CERT_INVALID:
193 return CERT_INVALID;
194 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
195 return CERT_WEAK_SIGNATURE_ALGORITHM;
196 case net::ERR_CERT_WEAK_KEY:
197 return CERT_WEAK_KEY;
198 case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION:
199 return CERT_NAME_CONSTRAINT_VIOLATION;
200 case net::ERR_CERT_VALIDITY_TOO_LONG:
201 return CERT_VALIDITY_TOO_LONG;
202 case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY:
203 return CERT_WEAK_KEY_DH;
204 case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN:
205 return CERT_PINNED_KEY_MISSING;
206 default:
207 NOTREACHED();
208 return UNKNOWN;
209 }
210 }
211
212 // static
213 void ErrorInfo::GetErrorsForCertStatus(
214 const scoped_refptr<net::X509Certificate>& cert,
215 net::CertStatus cert_status,
216 const GURL& url,
217 std::vector<ErrorInfo>* errors) {
218 const net::CertStatus kErrorFlags[] = {
219 net::CERT_STATUS_COMMON_NAME_INVALID,
220 net::CERT_STATUS_DATE_INVALID,
221 net::CERT_STATUS_AUTHORITY_INVALID,
222 net::CERT_STATUS_NO_REVOCATION_MECHANISM,
223 net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION,
224 net::CERT_STATUS_REVOKED,
225 net::CERT_STATUS_INVALID,
226 net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM,
227 net::CERT_STATUS_WEAK_KEY,
228 net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION,
229 net::CERT_STATUS_VALIDITY_TOO_LONG,
230 };
231
232 const ErrorType kErrorTypes[] = {
233 CERT_COMMON_NAME_INVALID,
234 CERT_DATE_INVALID,
235 CERT_AUTHORITY_INVALID,
236 CERT_NO_REVOCATION_MECHANISM,
237 CERT_UNABLE_TO_CHECK_REVOCATION,
238 CERT_REVOKED,
239 CERT_INVALID,
240 CERT_WEAK_SIGNATURE_ALGORITHM,
241 CERT_WEAK_KEY,
242 CERT_NAME_CONSTRAINT_VIOLATION,
243 CERT_VALIDITY_TOO_LONG,
244 };
245 DCHECK(arraysize(kErrorFlags) == arraysize(kErrorTypes));
246
247 for (size_t i = 0; i < arraysize(kErrorFlags); ++i) {
248 if ((cert_status & kErrorFlags[i]) && errors) {
249 errors->push_back(
250 ErrorInfo::CreateError(kErrorTypes[i], cert.get(), url));
251 }
252 }
253 }
254
255 } // namespace ssl_errors