Mirror of BoringSSL (grpc依赖)
https://boringssl.googlesource.com/boringssl
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
201 lines
5.3 KiB
201 lines
5.3 KiB
// Copyright 2016 The Chromium Authors |
|
// Use of this source code is governed by a BSD-style license that can be |
|
// found in the LICENSE file. |
|
|
|
#include "cert_errors.h" |
|
|
|
#include "cert_error_params.h" |
|
#include "parse_name.h" |
|
#include "parsed_certificate.h" |
|
|
|
#include <sstream> |
|
|
|
namespace bssl { |
|
|
|
namespace { |
|
|
|
void AppendLinesWithIndentation(const std::string& text, |
|
const std::string& indentation, |
|
std::string* out) { |
|
std::istringstream stream(text); |
|
for (std::string line; std::getline(stream, line, '\n');) { |
|
out->append(indentation); |
|
out->append(line); |
|
out->append("\n"); |
|
} |
|
} |
|
|
|
} // namespace |
|
|
|
CertError::CertError() = default; |
|
|
|
CertError::CertError(Severity in_severity, |
|
CertErrorId in_id, |
|
std::unique_ptr<CertErrorParams> in_params) |
|
: severity(in_severity), id(in_id), params(std::move(in_params)) {} |
|
|
|
CertError::CertError(CertError&& other) = default; |
|
|
|
CertError& CertError::operator=(CertError&&) = default; |
|
|
|
CertError::~CertError() = default; |
|
|
|
std::string CertError::ToDebugString() const { |
|
std::string result; |
|
switch (severity) { |
|
case SEVERITY_WARNING: |
|
result += "WARNING: "; |
|
break; |
|
case SEVERITY_HIGH: |
|
result += "ERROR: "; |
|
break; |
|
} |
|
result += CertErrorIdToDebugString(id); |
|
result += +"\n"; |
|
|
|
if (params) |
|
AppendLinesWithIndentation(params->ToDebugString(), " ", &result); |
|
|
|
return result; |
|
} |
|
|
|
CertErrors::CertErrors() = default; |
|
CertErrors::CertErrors(CertErrors&& other) = default; |
|
CertErrors& CertErrors::operator=(CertErrors&&) = default; |
|
CertErrors::~CertErrors() = default; |
|
|
|
void CertErrors::Add(CertError::Severity severity, |
|
CertErrorId id, |
|
std::unique_ptr<CertErrorParams> params) { |
|
nodes_.emplace_back(severity, id, std::move(params)); |
|
} |
|
|
|
void CertErrors::AddError(CertErrorId id, |
|
std::unique_ptr<CertErrorParams> params) { |
|
Add(CertError::SEVERITY_HIGH, id, std::move(params)); |
|
} |
|
|
|
void CertErrors::AddError(CertErrorId id) { |
|
AddError(id, nullptr); |
|
} |
|
|
|
void CertErrors::AddWarning(CertErrorId id, |
|
std::unique_ptr<CertErrorParams> params) { |
|
Add(CertError::SEVERITY_WARNING, id, std::move(params)); |
|
} |
|
|
|
void CertErrors::AddWarning(CertErrorId id) { |
|
AddWarning(id, nullptr); |
|
} |
|
|
|
std::string CertErrors::ToDebugString() const { |
|
std::string result; |
|
for (const CertError& node : nodes_) |
|
result += node.ToDebugString(); |
|
|
|
return result; |
|
} |
|
|
|
bool CertErrors::ContainsError(CertErrorId id) const { |
|
for (const CertError& node : nodes_) { |
|
if (node.id == id) |
|
return true; |
|
} |
|
return false; |
|
} |
|
|
|
bool CertErrors::ContainsAnyErrorWithSeverity( |
|
CertError::Severity severity) const { |
|
for (const CertError& node : nodes_) { |
|
if (node.severity == severity) |
|
return true; |
|
} |
|
return false; |
|
} |
|
|
|
CertPathErrors::CertPathErrors() = default; |
|
|
|
CertPathErrors::CertPathErrors(CertPathErrors&& other) = default; |
|
CertPathErrors& CertPathErrors::operator=(CertPathErrors&&) = default; |
|
|
|
CertPathErrors::~CertPathErrors() = default; |
|
|
|
CertErrors* CertPathErrors::GetErrorsForCert(size_t cert_index) { |
|
if (cert_index >= cert_errors_.size()) |
|
cert_errors_.resize(cert_index + 1); |
|
return &cert_errors_[cert_index]; |
|
} |
|
|
|
const CertErrors* CertPathErrors::GetErrorsForCert(size_t cert_index) const { |
|
if (cert_index >= cert_errors_.size()) |
|
return nullptr; |
|
return &cert_errors_[cert_index]; |
|
} |
|
|
|
CertErrors* CertPathErrors::GetOtherErrors() { |
|
return &other_errors_; |
|
} |
|
|
|
bool CertPathErrors::ContainsError(CertErrorId id) const { |
|
for (const CertErrors& errors : cert_errors_) { |
|
if (errors.ContainsError(id)) |
|
return true; |
|
} |
|
|
|
if (other_errors_.ContainsError(id)) |
|
return true; |
|
|
|
return false; |
|
} |
|
|
|
bool CertPathErrors::ContainsAnyErrorWithSeverity( |
|
CertError::Severity severity) const { |
|
for (const CertErrors& errors : cert_errors_) { |
|
if (errors.ContainsAnyErrorWithSeverity(severity)) |
|
return true; |
|
} |
|
|
|
if (other_errors_.ContainsAnyErrorWithSeverity(severity)) |
|
return true; |
|
|
|
return false; |
|
} |
|
|
|
std::string CertPathErrors::ToDebugString( |
|
const ParsedCertificateList& certs) const { |
|
std::ostringstream result; |
|
|
|
for (size_t i = 0; i < cert_errors_.size(); ++i) { |
|
// Pretty print the current CertErrors. If there were no errors/warnings, |
|
// then continue. |
|
const CertErrors& errors = cert_errors_[i]; |
|
std::string cert_errors_string = errors.ToDebugString(); |
|
if (cert_errors_string.empty()) |
|
continue; |
|
|
|
// Add a header that identifies which certificate this CertErrors pertains |
|
// to. |
|
std::string cert_name_debug_str; |
|
if (i < certs.size() && certs[i]) { |
|
RDNSequence subject; |
|
if (ParseName(certs[i]->tbs().subject_tlv, &subject) && |
|
ConvertToRFC2253(subject, &cert_name_debug_str)) { |
|
cert_name_debug_str = " (" + cert_name_debug_str + ")"; |
|
} |
|
} |
|
result << "----- Certificate i=" << i << cert_name_debug_str << " -----\n"; |
|
result << cert_errors_string << "\n"; |
|
} |
|
|
|
// Print any other errors that aren't associated with a particular certificate |
|
// in the chain. |
|
std::string other_errors = other_errors_.ToDebugString(); |
|
if (!other_errors.empty()) { |
|
result << "----- Other errors (not certificate specific) -----\n"; |
|
result << other_errors << "\n"; |
|
} |
|
|
|
return result.str(); |
|
} |
|
|
|
} // namespace net
|
|
|