Line data Source code
1 : /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 : /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 : /* This code is made available to you under your choice of the following sets
4 : * of licensing terms:
5 : */
6 : /* This Source Code Form is subject to the terms of the Mozilla Public
7 : * License, v. 2.0. If a copy of the MPL was not distributed with this
8 : * file, You can obtain one at http://mozilla.org/MPL/2.0/.
9 : */
10 : /* Copyright 2013 Mozilla Contributors
11 : *
12 : * Licensed under the Apache License, Version 2.0 (the "License");
13 : * you may not use this file except in compliance with the License.
14 : * You may obtain a copy of the License at
15 : *
16 : * http://www.apache.org/licenses/LICENSE-2.0
17 : *
18 : * Unless required by applicable law or agreed to in writing, software
19 : * distributed under the License is distributed on an "AS IS" BASIS,
20 : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21 : * See the License for the specific language governing permissions and
22 : * limitations under the License.
23 : */
24 :
25 : #ifndef mozilla_pkix_Result_h
26 : #define mozilla_pkix_Result_h
27 :
28 : #include <cassert>
29 :
30 : namespace mozilla { namespace pkix {
31 :
32 : static const unsigned int FATAL_ERROR_FLAG = 0x800;
33 :
34 : // ----------------------------------------------------------------------------
35 : // SELECTED ERROR CODE EXPLANATIONS
36 : //
37 : // Result::ERROR_UNTRUSTED_CERT
38 : // means that the end-entity certificate was actively distrusted.
39 : // Result::ERROR_UNTRUSTED_ISSUER
40 : // means that path building failed because of active distrust.
41 : // Result::ERROR_INVALID_DER_TIME
42 : // means the DER-encoded time was unexpected, such as being before the
43 : // UNIX epoch (allowed by X500, but not valid here).
44 : // Result::ERROR_EXPIRED_CERTIFICATE
45 : // means the end entity certificate expired.
46 : // Result::ERROR_EXPIRED_ISSUER_CERTIFICATE
47 : // means the CA certificate expired.
48 : // Result::ERROR_UNKNOWN_ISSUER
49 : // means that the CA could not be found in the root store.
50 : // Result::ERROR_POLICY_VALIDATION_FAILED
51 : // means that an encoded policy could not be applied or wasn't present
52 : // when expected. Usually this is in the context of Extended Validation.
53 : // Result::ERROR_BAD_CERT_DOMAIN
54 : // means that the certificate's name couldn't be matched to the
55 : // reference identifier.
56 : // Result::ERROR_CERT_NOT_IN_NAME_SPACE
57 : // typically means the certificate violates name constraints applied
58 : // by the issuer.
59 : // Result::ERROR_BAD_DER
60 : // means the input was improperly encoded.
61 : // Result::ERROR_UNKNOWN_ERROR
62 : // means that an external library (NSS) provided an error we didn't
63 : // anticipate. See the map below in Result.h to add new ones.
64 : // Result::FATAL_ERROR_LIBRARY_FAILURE
65 : // is an unexpected fatal error indicating a library had an unexpected
66 : // failure, and we can't proceed.
67 : // Result::FATAL_ERROR_INVALID_ARGS
68 : // means that we violated our own expectations on inputs and there's a
69 : // bug somewhere.
70 : // Result::FATAL_ERROR_INVALID_STATE
71 : // means that we violated our own expectations on state and there's a
72 : // bug somewhere.
73 : // Result::FATAL_ERROR_NO_MEMORY
74 : // means a memory allocation failed, prohibiting validation.
75 : // ----------------------------------------------------------------------------
76 :
77 : // The first argument to MOZILLA_PKIX_MAP() is used for building the mapping
78 : // from error code to error name in MapResultToName.
79 : //
80 : // The second argument is for defining the value for the enum literal in the
81 : // Result enum class.
82 : //
83 : // The third argument to MOZILLA_PKIX_MAP() is used, along with the first
84 : // argument, for maintaining the mapping of mozilla::pkix error codes to
85 : // NSS/NSPR error codes in pkixnss.cpp.
86 : #define MOZILLA_PKIX_MAP_LIST \
87 : MOZILLA_PKIX_MAP(Success, 0, 0) \
88 : MOZILLA_PKIX_MAP(ERROR_BAD_DER, 1, \
89 : SEC_ERROR_BAD_DER) \
90 : MOZILLA_PKIX_MAP(ERROR_CA_CERT_INVALID, 2, \
91 : SEC_ERROR_CA_CERT_INVALID) \
92 : MOZILLA_PKIX_MAP(ERROR_BAD_SIGNATURE, 3, \
93 : SEC_ERROR_BAD_SIGNATURE) \
94 : MOZILLA_PKIX_MAP(ERROR_CERT_BAD_ACCESS_LOCATION, 4, \
95 : SEC_ERROR_CERT_BAD_ACCESS_LOCATION) \
96 : MOZILLA_PKIX_MAP(ERROR_CERT_NOT_IN_NAME_SPACE, 5, \
97 : SEC_ERROR_CERT_NOT_IN_NAME_SPACE) \
98 : MOZILLA_PKIX_MAP(ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED, 6, \
99 : SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED) \
100 : MOZILLA_PKIX_MAP(ERROR_CONNECT_REFUSED, 7, \
101 : PR_CONNECT_REFUSED_ERROR) \
102 : MOZILLA_PKIX_MAP(ERROR_EXPIRED_CERTIFICATE, 8, \
103 : SEC_ERROR_EXPIRED_CERTIFICATE) \
104 : MOZILLA_PKIX_MAP(ERROR_EXTENSION_VALUE_INVALID, 9, \
105 : SEC_ERROR_EXTENSION_VALUE_INVALID) \
106 : MOZILLA_PKIX_MAP(ERROR_INADEQUATE_CERT_TYPE, 10, \
107 : SEC_ERROR_INADEQUATE_CERT_TYPE) \
108 : MOZILLA_PKIX_MAP(ERROR_INADEQUATE_KEY_USAGE, 11, \
109 : SEC_ERROR_INADEQUATE_KEY_USAGE) \
110 : MOZILLA_PKIX_MAP(ERROR_INVALID_ALGORITHM, 12, \
111 : SEC_ERROR_INVALID_ALGORITHM) \
112 : MOZILLA_PKIX_MAP(ERROR_INVALID_DER_TIME, 13, \
113 : SEC_ERROR_INVALID_TIME) \
114 : MOZILLA_PKIX_MAP(ERROR_KEY_PINNING_FAILURE, 14, \
115 : MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE) \
116 : MOZILLA_PKIX_MAP(ERROR_PATH_LEN_CONSTRAINT_INVALID, 15, \
117 : SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID) \
118 : MOZILLA_PKIX_MAP(ERROR_POLICY_VALIDATION_FAILED, 16, \
119 : SEC_ERROR_POLICY_VALIDATION_FAILED) \
120 : MOZILLA_PKIX_MAP(ERROR_REVOKED_CERTIFICATE, 17, \
121 : SEC_ERROR_REVOKED_CERTIFICATE) \
122 : MOZILLA_PKIX_MAP(ERROR_UNKNOWN_CRITICAL_EXTENSION, 18, \
123 : SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION) \
124 : MOZILLA_PKIX_MAP(ERROR_UNKNOWN_ERROR, 19, \
125 : PR_UNKNOWN_ERROR) \
126 : MOZILLA_PKIX_MAP(ERROR_UNKNOWN_ISSUER, 20, \
127 : SEC_ERROR_UNKNOWN_ISSUER) \
128 : MOZILLA_PKIX_MAP(ERROR_UNTRUSTED_CERT, 21, \
129 : SEC_ERROR_UNTRUSTED_CERT) \
130 : MOZILLA_PKIX_MAP(ERROR_UNTRUSTED_ISSUER, 22, \
131 : SEC_ERROR_UNTRUSTED_ISSUER) \
132 : MOZILLA_PKIX_MAP(ERROR_OCSP_BAD_SIGNATURE, 23, \
133 : SEC_ERROR_OCSP_BAD_SIGNATURE) \
134 : MOZILLA_PKIX_MAP(ERROR_OCSP_INVALID_SIGNING_CERT, 24, \
135 : SEC_ERROR_OCSP_INVALID_SIGNING_CERT) \
136 : MOZILLA_PKIX_MAP(ERROR_OCSP_MALFORMED_REQUEST, 25, \
137 : SEC_ERROR_OCSP_MALFORMED_REQUEST) \
138 : MOZILLA_PKIX_MAP(ERROR_OCSP_MALFORMED_RESPONSE, 26, \
139 : SEC_ERROR_OCSP_MALFORMED_RESPONSE) \
140 : MOZILLA_PKIX_MAP(ERROR_OCSP_OLD_RESPONSE, 27, \
141 : SEC_ERROR_OCSP_OLD_RESPONSE) \
142 : MOZILLA_PKIX_MAP(ERROR_OCSP_REQUEST_NEEDS_SIG, 28, \
143 : SEC_ERROR_OCSP_REQUEST_NEEDS_SIG) \
144 : MOZILLA_PKIX_MAP(ERROR_OCSP_RESPONDER_CERT_INVALID, 29, \
145 : SEC_ERROR_OCSP_RESPONDER_CERT_INVALID) \
146 : MOZILLA_PKIX_MAP(ERROR_OCSP_SERVER_ERROR, 30, \
147 : SEC_ERROR_OCSP_SERVER_ERROR) \
148 : MOZILLA_PKIX_MAP(ERROR_OCSP_TRY_SERVER_LATER, 31, \
149 : SEC_ERROR_OCSP_TRY_SERVER_LATER) \
150 : MOZILLA_PKIX_MAP(ERROR_OCSP_UNAUTHORIZED_REQUEST, 32, \
151 : SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST) \
152 : MOZILLA_PKIX_MAP(ERROR_OCSP_UNKNOWN_RESPONSE_STATUS, 33, \
153 : SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS) \
154 : MOZILLA_PKIX_MAP(ERROR_OCSP_UNKNOWN_CERT, 34, \
155 : SEC_ERROR_OCSP_UNKNOWN_CERT) \
156 : MOZILLA_PKIX_MAP(ERROR_OCSP_FUTURE_RESPONSE, 35, \
157 : SEC_ERROR_OCSP_FUTURE_RESPONSE) \
158 : MOZILLA_PKIX_MAP(ERROR_INVALID_KEY, 36, \
159 : SEC_ERROR_INVALID_KEY) \
160 : MOZILLA_PKIX_MAP(ERROR_UNSUPPORTED_KEYALG, 37, \
161 : SEC_ERROR_UNSUPPORTED_KEYALG) \
162 : MOZILLA_PKIX_MAP(ERROR_EXPIRED_ISSUER_CERTIFICATE, 38, \
163 : SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE) \
164 : MOZILLA_PKIX_MAP(ERROR_CA_CERT_USED_AS_END_ENTITY, 39, \
165 : MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY) \
166 : MOZILLA_PKIX_MAP(ERROR_INADEQUATE_KEY_SIZE, 40, \
167 : MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE) \
168 : MOZILLA_PKIX_MAP(ERROR_V1_CERT_USED_AS_CA, 41, \
169 : MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA) \
170 : MOZILLA_PKIX_MAP(ERROR_BAD_CERT_DOMAIN, 42, \
171 : SSL_ERROR_BAD_CERT_DOMAIN) \
172 : MOZILLA_PKIX_MAP(ERROR_NO_RFC822NAME_MATCH, 43, \
173 : MOZILLA_PKIX_ERROR_NO_RFC822NAME_MATCH) \
174 : MOZILLA_PKIX_MAP(ERROR_UNSUPPORTED_ELLIPTIC_CURVE, 44, \
175 : SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE) \
176 : MOZILLA_PKIX_MAP(ERROR_NOT_YET_VALID_CERTIFICATE, 45, \
177 : MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE) \
178 : MOZILLA_PKIX_MAP(ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE, 46, \
179 : MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE) \
180 : MOZILLA_PKIX_MAP(ERROR_UNSUPPORTED_EC_POINT_FORM, 47, \
181 : SEC_ERROR_UNSUPPORTED_EC_POINT_FORM) \
182 : MOZILLA_PKIX_MAP(ERROR_SIGNATURE_ALGORITHM_MISMATCH, 48, \
183 : MOZILLA_PKIX_ERROR_SIGNATURE_ALGORITHM_MISMATCH) \
184 : MOZILLA_PKIX_MAP(ERROR_OCSP_RESPONSE_FOR_CERT_MISSING, 49, \
185 : MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING) \
186 : MOZILLA_PKIX_MAP(ERROR_VALIDITY_TOO_LONG, 50, \
187 : MOZILLA_PKIX_ERROR_VALIDITY_TOO_LONG) \
188 : MOZILLA_PKIX_MAP(ERROR_REQUIRED_TLS_FEATURE_MISSING, 51, \
189 : MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING) \
190 : MOZILLA_PKIX_MAP(ERROR_INVALID_INTEGER_ENCODING, 52, \
191 : MOZILLA_PKIX_ERROR_INVALID_INTEGER_ENCODING) \
192 : MOZILLA_PKIX_MAP(ERROR_EMPTY_ISSUER_NAME, 53, \
193 : MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME) \
194 : MOZILLA_PKIX_MAP(FATAL_ERROR_INVALID_ARGS, FATAL_ERROR_FLAG | 1, \
195 : SEC_ERROR_INVALID_ARGS) \
196 : MOZILLA_PKIX_MAP(FATAL_ERROR_INVALID_STATE, FATAL_ERROR_FLAG | 2, \
197 : PR_INVALID_STATE_ERROR) \
198 : MOZILLA_PKIX_MAP(FATAL_ERROR_LIBRARY_FAILURE, FATAL_ERROR_FLAG | 3, \
199 : SEC_ERROR_LIBRARY_FAILURE) \
200 : MOZILLA_PKIX_MAP(FATAL_ERROR_NO_MEMORY, FATAL_ERROR_FLAG | 4, \
201 : SEC_ERROR_NO_MEMORY) \
202 : /* nothing here */
203 :
204 : enum class Result
205 : {
206 : #define MOZILLA_PKIX_MAP(name, value, nss_name) name = value,
207 : MOZILLA_PKIX_MAP_LIST
208 : #undef MOZILLA_PKIX_MAP
209 : };
210 :
211 : // Returns the stringified name of the given result, e.g. "Result::Success",
212 : // or nullptr if result is unknown (invalid).
213 : const char* MapResultToName(Result result);
214 :
215 : // We write many comparisons as (x != Success), and this shortened name makes
216 : // those comparisons clearer, especially because the shortened name often
217 : // results in less line wrapping.
218 : static const Result Success = Result::Success;
219 :
220 : inline bool
221 0 : IsFatalError(Result rv)
222 : {
223 0 : return (static_cast<unsigned int>(rv) & FATAL_ERROR_FLAG) != 0;
224 : }
225 :
226 : inline Result
227 0 : NotReached(const char* /*explanation*/, Result result)
228 : {
229 0 : assert(false);
230 : return result;
231 : }
232 :
233 : } } // namespace mozilla::pkix
234 :
235 : #endif // mozilla_pkix_Result_h
|