diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-02-03 16:51:15 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-02-03 16:51:15 +0000 |
| commit | dedb594391d9ec31a6eac1eccbdd754ac2ce5ed7 (patch) | |
| tree | cac5603ceb1a8dd526624c428d6ffd6eafaf3de5 /net/base/cert_status_flags.cc | |
| parent | 7f969d6b73d925d306032565179d6b2109646ee0 (diff) | |
| download | chromium_src-dedb594391d9ec31a6eac1eccbdd754ac2ce5ed7.zip chromium_src-dedb594391d9ec31a6eac1eccbdd754ac2ce5ed7.tar.gz chromium_src-dedb594391d9ec31a6eac1eccbdd754ac2ce5ed7.tar.bz2 | |
Move certificate verification off the IO thread.
Move the MapNetErrorToCertStatus and MapCertStatusToNetError
functions to cert_status_flags.h so they can be shared with
Mac and Linux code.
Move the certificate verification function to the
X509Certificate class. Right now X509Certificate::Verify is
only implemented on Windows.
R=eroman
BUG=3592
Review URL: http://codereview.chromium.org/14915
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@9084 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/cert_status_flags.cc')
| -rw-r--r-- | net/base/cert_status_flags.cc | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/net/base/cert_status_flags.cc b/net/base/cert_status_flags.cc new file mode 100644 index 0000000..a0ddc13 --- /dev/null +++ b/net/base/cert_status_flags.cc @@ -0,0 +1,67 @@ +// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/base/cert_status_flags.h" + +#include "base/logging.h" +#include "net/base/net_errors.h" + +namespace net { + +int MapNetErrorToCertStatus(int error) { + switch (error) { + case ERR_CERT_COMMON_NAME_INVALID: + return CERT_STATUS_COMMON_NAME_INVALID; + case ERR_CERT_DATE_INVALID: + return CERT_STATUS_DATE_INVALID; + case ERR_CERT_AUTHORITY_INVALID: + return CERT_STATUS_AUTHORITY_INVALID; + case ERR_CERT_NO_REVOCATION_MECHANISM: + return CERT_STATUS_NO_REVOCATION_MECHANISM; + case ERR_CERT_UNABLE_TO_CHECK_REVOCATION: + return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; + case ERR_CERT_REVOKED: + return CERT_STATUS_REVOKED; + // We added the ERR_CERT_CONTAINS_ERRORS error code when we were using + // WinInet, but we never figured out how it differs from ERR_CERT_INVALID. + // We should not use ERR_CERT_CONTAINS_ERRORS in new code. + case ERR_CERT_CONTAINS_ERRORS: + NOTREACHED(); + // Falls through. + case ERR_CERT_INVALID: + return CERT_STATUS_INVALID; + default: + return 0; + } +} + +int MapCertStatusToNetError(int cert_status) { + // A certificate may have multiple errors. We report the most + // serious error. + + // Unrecoverable errors + if (cert_status & CERT_STATUS_INVALID) + return ERR_CERT_INVALID; + if (cert_status & CERT_STATUS_REVOKED) + return ERR_CERT_REVOKED; + + // Recoverable errors + if (cert_status & CERT_STATUS_AUTHORITY_INVALID) + return ERR_CERT_AUTHORITY_INVALID; + if (cert_status & CERT_STATUS_COMMON_NAME_INVALID) + return ERR_CERT_COMMON_NAME_INVALID; + if (cert_status & CERT_STATUS_DATE_INVALID) + return ERR_CERT_DATE_INVALID; + + // Unknown status. Give it the benefit of the doubt. + if (cert_status & CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) + return ERR_CERT_UNABLE_TO_CHECK_REVOCATION; + if (cert_status & CERT_STATUS_NO_REVOCATION_MECHANISM) + return ERR_CERT_NO_REVOCATION_MECHANISM; + + NOTREACHED(); + return ERR_UNEXPECTED; +} + +} // namespace net |