xref: /aosp_15_r20/external/cronet/net/cert/cert_status_flags.cc (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2011 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "net/cert/cert_status_flags.h"
6 
7 #include "base/check_op.h"
8 #include "base/notreached.h"
9 #include "net/base/net_errors.h"
10 
11 namespace net {
12 
MapCertStatusToNetError(CertStatus cert_status)13 int MapCertStatusToNetError(CertStatus cert_status) {
14   // A certificate may have multiple errors.  We report the most
15   // serious error.
16 
17   // Unrecoverable errors
18   if (cert_status & CERT_STATUS_INVALID)
19     return ERR_CERT_INVALID;
20   if (cert_status & CERT_STATUS_PINNED_KEY_MISSING)
21     return ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
22 
23   // Potentially recoverable errors
24   if (cert_status & CERT_STATUS_KNOWN_INTERCEPTION_BLOCKED)
25     return ERR_CERT_KNOWN_INTERCEPTION_BLOCKED;
26   if (cert_status & CERT_STATUS_REVOKED)
27     return ERR_CERT_REVOKED;
28   if (cert_status & CERT_STATUS_AUTHORITY_INVALID)
29     return ERR_CERT_AUTHORITY_INVALID;
30   if (cert_status & CERT_STATUS_COMMON_NAME_INVALID)
31     return ERR_CERT_COMMON_NAME_INVALID;
32   if (cert_status & CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED)
33     return ERR_CERTIFICATE_TRANSPARENCY_REQUIRED;
34   if (cert_status & CERT_STATUS_SYMANTEC_LEGACY)
35     return ERR_CERT_SYMANTEC_LEGACY;
36   // CERT_STATUS_NON_UNIQUE_NAME is intentionally not mapped to an error.
37   // It is treated as just a warning and used to degrade the SSL UI.
38   if (cert_status & CERT_STATUS_NAME_CONSTRAINT_VIOLATION)
39     return ERR_CERT_NAME_CONSTRAINT_VIOLATION;
40   if (cert_status & CERT_STATUS_WEAK_SIGNATURE_ALGORITHM)
41     return ERR_CERT_WEAK_SIGNATURE_ALGORITHM;
42   if (cert_status & CERT_STATUS_WEAK_KEY)
43     return ERR_CERT_WEAK_KEY;
44   if (cert_status & CERT_STATUS_DATE_INVALID)
45     return ERR_CERT_DATE_INVALID;
46   if (cert_status & CERT_STATUS_VALIDITY_TOO_LONG)
47     return ERR_CERT_VALIDITY_TOO_LONG;
48   if (cert_status & CERT_STATUS_UNABLE_TO_CHECK_REVOCATION)
49     return ERR_CERT_UNABLE_TO_CHECK_REVOCATION;
50   if (cert_status & CERT_STATUS_NO_REVOCATION_MECHANISM)
51     return ERR_CERT_NO_REVOCATION_MECHANISM;
52 
53   // Unknown status. The assumption is 0 (an OK status) won't be used here.
54   NOTREACHED();
55   return ERR_UNEXPECTED;
56 }
57 
58 }  // namespace net
59