Line data Source code
1 : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 : /*
3 : * This file is part of the LibreOffice project.
4 : *
5 : * This Source Code Form is subject to the terms of the Mozilla Public
6 : * License, v. 2.0. If a copy of the MPL was not distributed with this
7 : * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 : *
9 : * This file incorporates work covered by the following license notice:
10 : *
11 : * Licensed to the Apache Software Foundation (ASF) under one or more
12 : * contributor license agreements. See the NOTICE file distributed
13 : * with this work for additional information regarding copyright
14 : * ownership. The ASF licenses this file to you under the Apache
15 : * License, Version 2.0 (the "License"); you may not use this file
16 : * except in compliance with the License. You may obtain a copy of
17 : * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 : */
19 :
20 :
21 : #include "secerr.h"
22 : #include "secerror.hxx"
23 : #include "sslerr.h"
24 : #include "nspr.h"
25 : #include "nss.h"
26 : #include "certt.h"
27 : #include <sal/log.hxx>
28 : #include <sal/macros.h>
29 : #include <sal/types.h>
30 :
31 : struct ErrDesc {
32 : PRErrorCode errNum;
33 : const char * errString;
34 : };
35 :
36 :
37 :
38 : const ErrDesc allDesc[] = {
39 :
40 : #include "certerrors.h"
41 :
42 : };
43 :
44 :
45 :
46 : /* Returns a UTF-8 encoded constant error string for "errNum".
47 : * Returns NULL of errNum is unknown.
48 : */
49 : const char *
50 0 : getCertError(PRErrorCode errNum)
51 : {
52 : static const char sEmpty[] = "";
53 0 : const int numDesc = SAL_N_ELEMENTS(allDesc);
54 0 : for (int i = 0; i < numDesc; i++)
55 : {
56 0 : if (allDesc[i].errNum == errNum)
57 0 : return allDesc[i].errString;
58 : }
59 :
60 0 : return sEmpty;
61 : }
62 :
63 : void
64 0 : printChainFailure(CERTVerifyLog *log)
65 : {
66 0 : unsigned int depth = (unsigned int)-1;
67 0 : const char * specificError = NULL;
68 0 : const char * issuer = NULL;
69 0 : CERTVerifyLogNode *node = NULL;
70 :
71 0 : if (log->count > 0)
72 : {
73 : SAL_INFO("xmlsecurity.xmlsec", "Bad certifcation path:");
74 0 : unsigned long errorFlags = 0;
75 0 : for (node = log->head; node; node = node->next)
76 : {
77 0 : if (depth != node->depth)
78 : {
79 0 : depth = node->depth;
80 : SAL_INFO("xmlsecurity.xmlsec", "Certificate: " << depth <<
81 : node->cert->subjectName << ": " <<
82 : (depth ? "[Certificate Authority]": ""));
83 : }
84 : SAL_INFO("xmlsecurity.xmlsec", " ERROR " << node->error << ": " <<
85 : getCertError(node->error));
86 0 : specificError = NULL;
87 0 : issuer = NULL;
88 0 : switch (node->error)
89 : {
90 : case SEC_ERROR_INADEQUATE_KEY_USAGE:
91 0 : errorFlags = reinterpret_cast<unsigned long>(node->arg);
92 0 : switch (errorFlags)
93 : {
94 : case KU_DIGITAL_SIGNATURE:
95 0 : specificError = "Certificate cannot sign.";
96 0 : break;
97 : case KU_KEY_ENCIPHERMENT:
98 0 : specificError = "Certificate cannot encrypt.";
99 0 : break;
100 : case KU_KEY_CERT_SIGN:
101 0 : specificError = "Certificate cannot sign other certs.";
102 0 : break;
103 : default:
104 0 : specificError = "[unknown usage].";
105 0 : break;
106 : }
107 0 : break;
108 : case SEC_ERROR_INADEQUATE_CERT_TYPE:
109 0 : errorFlags = reinterpret_cast<unsigned long>(node->arg);
110 0 : switch (errorFlags)
111 : {
112 : case NS_CERT_TYPE_SSL_CLIENT:
113 : case NS_CERT_TYPE_SSL_SERVER:
114 0 : specificError = "Certificate cannot be used for SSL.";
115 0 : break;
116 : case NS_CERT_TYPE_SSL_CA:
117 0 : specificError = "Certificate cannot be used as an SSL CA.";
118 0 : break;
119 : case NS_CERT_TYPE_EMAIL:
120 0 : specificError = "Certificate cannot be used for SMIME.";
121 0 : break;
122 : case NS_CERT_TYPE_EMAIL_CA:
123 0 : specificError = "Certificate cannot be used as an SMIME CA.";
124 0 : break;
125 : case NS_CERT_TYPE_OBJECT_SIGNING:
126 0 : specificError = "Certificate cannot be used for object signing.";
127 0 : break;
128 : case NS_CERT_TYPE_OBJECT_SIGNING_CA:
129 0 : specificError = "Certificate cannot be used as an object signing CA.";
130 0 : break;
131 : default:
132 0 : specificError = "[unknown usage].";
133 0 : break;
134 : }
135 0 : break;
136 : case SEC_ERROR_UNKNOWN_ISSUER:
137 0 : specificError = "Unknown issuer:";
138 0 : issuer = node->cert->issuerName;
139 0 : break;
140 : case SEC_ERROR_UNTRUSTED_ISSUER:
141 0 : specificError = "Untrusted issuer:";
142 0 : issuer = node->cert->issuerName;
143 0 : break;
144 : case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
145 0 : specificError = "Expired issuer certificate:";
146 0 : issuer = node->cert->issuerName;
147 0 : break;
148 : default:
149 0 : break;
150 : }
151 0 : if (specificError)
152 : SAL_INFO("xmlsecurity.xmlsec", specificError);
153 0 : if (issuer)
154 : SAL_INFO("xmlsecurity.xmlsec", issuer);
155 : }
156 : }
157 0 : }
158 :
159 : /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
