1 // Copyright 2017 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "common_cert_errors.h" 6 7 namespace bssl::cert_errors { 8 9 DEFINE_CERT_ERROR_ID(kInternalError, "Internal error"); 10 DEFINE_CERT_ERROR_ID(kValidityFailedNotAfter, "Time is after notAfter"); 11 DEFINE_CERT_ERROR_ID(kValidityFailedNotBefore, "Time is before notBefore"); 12 DEFINE_CERT_ERROR_ID(kDistrustedByTrustStore, "Distrusted by trust store"); 13 14 DEFINE_CERT_ERROR_ID( 15 kSignatureAlgorithmMismatch, 16 "Certificate.signatureAlgorithm != TBSCertificate.signature"); 17 18 DEFINE_CERT_ERROR_ID(kChainIsEmpty, "Chain is empty"); 19 DEFINE_CERT_ERROR_ID(kUnconsumedCriticalExtension, 20 "Unconsumed critical extension"); 21 DEFINE_CERT_ERROR_ID(kKeyCertSignBitNotSet, "keyCertSign bit is not set"); 22 DEFINE_CERT_ERROR_ID(kMaxPathLengthViolated, "max_path_length reached"); 23 DEFINE_CERT_ERROR_ID(kBasicConstraintsIndicatesNotCa, 24 "Basic Constraints indicates not a CA"); 25 DEFINE_CERT_ERROR_ID(kTargetCertShouldNotBeCa, 26 "Certificate has Basic Constraints indicating it is a CA " 27 "when it should not be a CA"); 28 DEFINE_CERT_ERROR_ID(kMissingBasicConstraints, 29 "Does not have Basic Constraints"); 30 DEFINE_CERT_ERROR_ID(kNotPermittedByNameConstraints, 31 "Not permitted by name constraints"); 32 DEFINE_CERT_ERROR_ID(kTooManyNameConstraintChecks, 33 "Too many name constraints checks"); 34 DEFINE_CERT_ERROR_ID(kSubjectDoesNotMatchIssuer, 35 "subject does not match issuer"); 36 DEFINE_CERT_ERROR_ID(kVerifySignedDataFailed, "VerifySignedData failed"); 37 DEFINE_CERT_ERROR_ID(kSignatureAlgorithmsDifferentEncoding, 38 "Certificate.signatureAlgorithm is encoded differently " 39 "than TBSCertificate.signature"); 40 DEFINE_CERT_ERROR_ID(kEkuLacksServerAuth, 41 "The extended key usage does not include server auth"); 42 DEFINE_CERT_ERROR_ID(kEkuLacksServerAuthButHasAnyEKU, 43 "The extended key usage does not include server auth but " 44 "instead includes anyExtendeKeyUsage"); 45 DEFINE_CERT_ERROR_ID(kEkuLacksClientAuth, 46 "The extended key usage does not include client auth"); 47 DEFINE_CERT_ERROR_ID(kEkuLacksClientAuthButHasAnyEKU, 48 "The extended key usage does not include client auth but " 49 "instead includes anyExtendedKeyUsage"); 50 DEFINE_CERT_ERROR_ID(kEkuLacksClientAuthOrServerAuth, 51 "The extended key usage does not include client auth " 52 "or server auth"); 53 DEFINE_CERT_ERROR_ID(kEkuHasProhibitedOCSPSigning, 54 "The extended key usage includes OCSP signing which " 55 "is not permitted for this use"); 56 DEFINE_CERT_ERROR_ID(kEkuHasProhibitedTimeStamping, 57 "The extended key usage includes time stamping which " 58 "is not permitted for this use"); 59 DEFINE_CERT_ERROR_ID(kEkuHasProhibitedCodeSigning, 60 "The extended key usage includes code signing which " 61 "is not permitted for this use"); 62 DEFINE_CERT_ERROR_ID(kEkuNotPresent, 63 "Certificate does not have extended key usage"); 64 DEFINE_CERT_ERROR_ID(kCertIsNotTrustAnchor, 65 "Certificate is not a trust anchor"); 66 DEFINE_CERT_ERROR_ID(kNoValidPolicy, "No valid policy"); 67 DEFINE_CERT_ERROR_ID(kPolicyMappingAnyPolicy, 68 "PolicyMappings must not map anyPolicy"); 69 DEFINE_CERT_ERROR_ID(kFailedParsingSpki, "Couldn't parse SubjectPublicKeyInfo"); 70 DEFINE_CERT_ERROR_ID(kUnacceptableSignatureAlgorithm, 71 "Unacceptable signature algorithm"); 72 DEFINE_CERT_ERROR_ID(kUnacceptablePublicKey, "Unacceptable public key"); 73 DEFINE_CERT_ERROR_ID(kCertificateRevoked, "Certificate is revoked"); 74 DEFINE_CERT_ERROR_ID(kNoRevocationMechanism, 75 "Certificate lacks a revocation mechanism"); 76 DEFINE_CERT_ERROR_ID(kUnableToCheckRevocation, "Unable to check revocation"); 77 DEFINE_CERT_ERROR_ID(kNoIssuersFound, "No matching issuer found"); 78 DEFINE_CERT_ERROR_ID(kDeadlineExceeded, "Deadline exceeded"); 79 DEFINE_CERT_ERROR_ID(kIterationLimitExceeded, "Iteration limit exceeded"); 80 DEFINE_CERT_ERROR_ID(kDepthLimitExceeded, "Depth limit exceeded"); 81 82 } // namespace bssl::cert_errors 83