Branch data Line data Source code
1 : : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 : : /*
3 : : * This file is part of the LibreOffice project.
4 : : *
5 : : * This Source Code Form is subject to the terms of the Mozilla Public
6 : : * License, v. 2.0. If a copy of the MPL was not distributed with this
7 : : * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 : : *
9 : : * This file incorporates work covered by the following license notice:
10 : : *
11 : : * Licensed to the Apache Software Foundation (ASF) under one or more
12 : : * contributor license agreements. See the NOTICE file distributed
13 : : * with this work for additional information regarding copyright
14 : : * ownership. The ASF licenses this file to you under the Apache
15 : : * License, Version 2.0 (the "License"); you may not use this file
16 : : * except in compliance with the License. You may obtain a copy of
17 : : * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 : : */
19 : :
20 : :
21 : : #include "secerr.h"
22 : : #include "sslerr.h"
23 : : #include "nspr.h"
24 : : #include "certt.h"
25 : : #include <sal/macros.h>
26 : :
27 : : #include "../diagnose.hxx"
28 : :
29 : : using namespace xmlsecurity;
30 : :
31 : : struct ErrDesc {
32 : : PRErrorCode errNum;
33 : : const char * errString;
34 : : };
35 : :
36 : :
37 : :
38 : : const ErrDesc allDesc[] = {
39 : :
40 : : #include "certerrors.h"
41 : :
42 : : };
43 : :
44 : :
45 : :
46 : : /* Returns a UTF-8 encoded constant error string for "errNum".
47 : : * Returns NULL of errNum is unknown.
48 : : */
49 : : const char *
50 : 0 : getCertError(PRErrorCode errNum)
51 : : {
52 : : static char sEmpty[] = "";
53 : 0 : const int numDesc = SAL_N_ELEMENTS(allDesc);
54 [ # # ]: 0 : for (int i = 0; i < numDesc; i++)
55 : : {
56 [ # # ]: 0 : if (allDesc[i].errNum == errNum)
57 : 0 : return allDesc[i].errString;
58 : : }
59 : :
60 : 0 : return sEmpty;
61 : : }
62 : :
63 : : void
64 : 0 : printChainFailure(CERTVerifyLog *log)
65 : : {
66 : 0 : unsigned int depth = (unsigned int)-1;
67 : 0 : const char * specificError = NULL;
68 : 0 : const char * issuer = NULL;
69 : 0 : CERTVerifyLogNode *node = NULL;
70 : :
71 [ # # ]: 0 : if (log->count > 0)
72 : : {
73 : 0 : xmlsec_trace("Bad certifcation path:");
74 : 0 : unsigned long errorFlags = 0;
75 [ # # ]: 0 : for (node = log->head; node; node = node->next)
76 : : {
77 [ # # ]: 0 : if (depth != node->depth)
78 : : {
79 : 0 : depth = node->depth;
80 : : xmlsec_trace("Certificate: %d. %s %s:", depth,
81 : : node->cert->subjectName,
82 [ # # ]: 0 : depth ? "[Certificate Authority]": "");
83 : : }
84 : : xmlsec_trace(" ERROR %ld: %s", node->error,
85 : 0 : getCertError(node->error));
86 : 0 : specificError = NULL;
87 : 0 : issuer = NULL;
88 [ # # # # : 0 : switch (node->error)
# # ]
89 : : {
90 : : case SEC_ERROR_INADEQUATE_KEY_USAGE:
91 : 0 : errorFlags = (unsigned long)node->arg;
92 [ # # # # ]: 0 : switch (errorFlags)
93 : : {
94 : : case KU_DIGITAL_SIGNATURE:
95 : 0 : specificError = "Certificate cannot sign.";
96 : 0 : break;
97 : : case KU_KEY_ENCIPHERMENT:
98 : 0 : specificError = "Certificate cannot encrypt.";
99 : 0 : break;
100 : : case KU_KEY_CERT_SIGN:
101 : 0 : specificError = "Certificate cannot sign other certs.";
102 : 0 : break;
103 : : default:
104 : 0 : specificError = "[unknown usage].";
105 : 0 : break;
106 : : }
107 : : case SEC_ERROR_INADEQUATE_CERT_TYPE:
108 : 0 : errorFlags = (unsigned long)node->arg;
109 [ # # # # : 0 : switch (errorFlags)
# # # ]
110 : : {
111 : : case NS_CERT_TYPE_SSL_CLIENT:
112 : : case NS_CERT_TYPE_SSL_SERVER:
113 : 0 : specificError = "Certificate cannot be used for SSL.";
114 : 0 : break;
115 : : case NS_CERT_TYPE_SSL_CA:
116 : 0 : specificError = "Certificate cannot be used as an SSL CA.";
117 : 0 : break;
118 : : case NS_CERT_TYPE_EMAIL:
119 : 0 : specificError = "Certificate cannot be used for SMIME.";
120 : 0 : break;
121 : : case NS_CERT_TYPE_EMAIL_CA:
122 : 0 : specificError = "Certificate cannot be used as an SMIME CA.";
123 : 0 : break;
124 : : case NS_CERT_TYPE_OBJECT_SIGNING:
125 : 0 : specificError = "Certificate cannot be used for object signing.";
126 : 0 : break;
127 : : case NS_CERT_TYPE_OBJECT_SIGNING_CA:
128 : 0 : specificError = "Certificate cannot be used as an object signing CA.";
129 : 0 : break;
130 : : default:
131 : 0 : specificError = "[unknown usage].";
132 : 0 : break;
133 : : }
134 : : case SEC_ERROR_UNKNOWN_ISSUER:
135 : 0 : specificError = "Unknown issuer:";
136 : 0 : issuer = node->cert->issuerName;
137 : 0 : break;
138 : : case SEC_ERROR_UNTRUSTED_ISSUER:
139 : 0 : specificError = "Untrusted issuer:";
140 : 0 : issuer = node->cert->issuerName;
141 : 0 : break;
142 : : case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
143 : 0 : specificError = "Expired issuer certificate:";
144 : 0 : issuer = node->cert->issuerName;
145 : 0 : break;
146 : : default:
147 : 0 : break;
148 : : }
149 [ # # ]: 0 : if (specificError)
150 : 0 : xmlsec_trace("%s", specificError);
151 [ # # ]: 0 : if (issuer)
152 : 0 : xmlsec_trace("%s", issuer);
153 : : }
154 : : }
155 : 0 : }
156 : :
157 : : /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|