2010-10-12 15:57:08 +02:00
|
|
|
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
2012-07-16 17:32:30 +01:00
|
|
|
/*
|
|
|
|
|
* This file is part of the LibreOffice project.
|
|
|
|
|
*
|
|
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
|
*
|
|
|
|
|
* This file incorporates work covered by the following license notice:
|
|
|
|
|
*
|
|
|
|
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
|
|
|
* contributor license agreements. See the NOTICE file distributed
|
|
|
|
|
* with this work for additional information regarding copyright
|
|
|
|
|
* ownership. The ASF licenses this file to you under the Apache
|
|
|
|
|
* License, Version 2.0 (the "License"); you may not use this file
|
|
|
|
|
* except in compliance with the License. You may obtain a copy of
|
|
|
|
|
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
|
|
|
|
|
*/
|
2009-11-09 16:49:25 +01:00
|
|
|
|
|
|
|
|
|
2009-10-29 11:31:59 +01:00
|
|
|
#include "secerr.h"
|
2014-04-14 16:00:03 +02:00
|
|
|
#include "secerror.hxx"
|
2009-10-29 11:31:59 +01:00
|
|
|
#include "sslerr.h"
|
|
|
|
|
#include "nspr.h"
|
2013-03-18 17:08:59 +01:00
|
|
|
#include "nss.h"
|
2009-10-29 11:31:59 +01:00
|
|
|
#include "certt.h"
|
2014-08-12 14:41:21 +03:00
|
|
|
#include <sal/log.hxx>
|
2010-12-03 13:59:47 +00:00
|
|
|
#include <sal/macros.h>
|
2013-06-06 19:48:48 +02:00
|
|
|
#include <sal/types.h>
|
2009-10-29 11:31:59 +01:00
|
|
|
|
|
|
|
|
struct ErrDesc {
|
|
|
|
|
PRErrorCode errNum;
|
|
|
|
|
const char * errString;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
const ErrDesc allDesc[] = {
|
|
|
|
|
|
|
|
|
|
#include "certerrors.h"
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Returns a UTF-8 encoded constant error string for "errNum".
|
|
|
|
|
* Returns NULL of errNum is unknown.
|
|
|
|
|
*/
|
|
|
|
|
const char *
|
|
|
|
|
getCertError(PRErrorCode errNum)
|
|
|
|
|
{
|
2013-07-22 20:57:11 +09:00
|
|
|
static const char sEmpty[] = "";
|
2010-12-03 13:59:47 +00:00
|
|
|
const int numDesc = SAL_N_ELEMENTS(allDesc);
|
2009-10-29 11:31:59 +01:00
|
|
|
for (int i = 0; i < numDesc; i++)
|
|
|
|
|
{
|
|
|
|
|
if (allDesc[i].errNum == errNum)
|
|
|
|
|
return allDesc[i].errString;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return sEmpty;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
2009-11-09 16:49:25 +01:00
|
|
|
printChainFailure(CERTVerifyLog *log)
|
2009-10-29 11:31:59 +01:00
|
|
|
{
|
|
|
|
|
unsigned int depth = (unsigned int)-1;
|
|
|
|
|
CERTVerifyLogNode *node = NULL;
|
|
|
|
|
|
|
|
|
|
if (log->count > 0)
|
|
|
|
|
{
|
2014-08-12 14:41:21 +03:00
|
|
|
SAL_INFO("xmlsecurity.xmlsec", "Bad certifcation path:");
|
2011-01-11 21:06:19 +00:00
|
|
|
unsigned long errorFlags = 0;
|
2009-10-29 11:31:59 +01:00
|
|
|
for (node = log->head; node; node = node->next)
|
|
|
|
|
{
|
|
|
|
|
if (depth != node->depth)
|
|
|
|
|
{
|
|
|
|
|
depth = node->depth;
|
2014-08-12 14:41:21 +03:00
|
|
|
SAL_INFO("xmlsecurity.xmlsec", "Certificate: " << depth <<
|
|
|
|
|
node->cert->subjectName << ": " <<
|
|
|
|
|
(depth ? "[Certificate Authority]": ""));
|
2009-10-29 11:31:59 +01:00
|
|
|
}
|
2014-08-12 14:41:21 +03:00
|
|
|
SAL_INFO("xmlsecurity.xmlsec", " ERROR " << node->error << ": " <<
|
|
|
|
|
getCertError(node->error));
|
2015-01-17 02:00:35 +01:00
|
|
|
const char * specificError = NULL;
|
|
|
|
|
const char * issuer = NULL;
|
2009-10-29 11:31:59 +01:00
|
|
|
switch (node->error)
|
|
|
|
|
{
|
|
|
|
|
case SEC_ERROR_INADEQUATE_KEY_USAGE:
|
2014-10-15 13:52:39 +02:00
|
|
|
errorFlags = reinterpret_cast<unsigned long>(node->arg);
|
2009-10-29 11:31:59 +01:00
|
|
|
switch (errorFlags)
|
|
|
|
|
{
|
|
|
|
|
case KU_DIGITAL_SIGNATURE:
|
|
|
|
|
specificError = "Certificate cannot sign.";
|
|
|
|
|
break;
|
|
|
|
|
case KU_KEY_ENCIPHERMENT:
|
|
|
|
|
specificError = "Certificate cannot encrypt.";
|
|
|
|
|
break;
|
|
|
|
|
case KU_KEY_CERT_SIGN:
|
|
|
|
|
specificError = "Certificate cannot sign other certs.";
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
specificError = "[unknown usage].";
|
|
|
|
|
break;
|
|
|
|
|
}
|
2013-02-18 04:11:42 -06:00
|
|
|
break;
|
2009-10-29 11:31:59 +01:00
|
|
|
case SEC_ERROR_INADEQUATE_CERT_TYPE:
|
2014-10-15 13:52:39 +02:00
|
|
|
errorFlags = reinterpret_cast<unsigned long>(node->arg);
|
2009-10-29 11:31:59 +01:00
|
|
|
switch (errorFlags)
|
|
|
|
|
{
|
|
|
|
|
case NS_CERT_TYPE_SSL_CLIENT:
|
|
|
|
|
case NS_CERT_TYPE_SSL_SERVER:
|
|
|
|
|
specificError = "Certificate cannot be used for SSL.";
|
|
|
|
|
break;
|
|
|
|
|
case NS_CERT_TYPE_SSL_CA:
|
|
|
|
|
specificError = "Certificate cannot be used as an SSL CA.";
|
|
|
|
|
break;
|
|
|
|
|
case NS_CERT_TYPE_EMAIL:
|
|
|
|
|
specificError = "Certificate cannot be used for SMIME.";
|
|
|
|
|
break;
|
|
|
|
|
case NS_CERT_TYPE_EMAIL_CA:
|
|
|
|
|
specificError = "Certificate cannot be used as an SMIME CA.";
|
|
|
|
|
break;
|
|
|
|
|
case NS_CERT_TYPE_OBJECT_SIGNING:
|
|
|
|
|
specificError = "Certificate cannot be used for object signing.";
|
|
|
|
|
break;
|
|
|
|
|
case NS_CERT_TYPE_OBJECT_SIGNING_CA:
|
|
|
|
|
specificError = "Certificate cannot be used as an object signing CA.";
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
specificError = "[unknown usage].";
|
|
|
|
|
break;
|
|
|
|
|
}
|
2013-02-18 04:11:42 -06:00
|
|
|
break;
|
2009-10-29 11:31:59 +01:00
|
|
|
case SEC_ERROR_UNKNOWN_ISSUER:
|
2009-11-05 16:55:26 +01:00
|
|
|
specificError = "Unknown issuer:";
|
|
|
|
|
issuer = node->cert->issuerName;
|
|
|
|
|
break;
|
2009-10-29 11:31:59 +01:00
|
|
|
case SEC_ERROR_UNTRUSTED_ISSUER:
|
2009-11-05 16:55:26 +01:00
|
|
|
specificError = "Untrusted issuer:";
|
|
|
|
|
issuer = node->cert->issuerName;
|
|
|
|
|
break;
|
2009-10-29 11:31:59 +01:00
|
|
|
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
|
2009-11-05 16:55:26 +01:00
|
|
|
specificError = "Expired issuer certificate:";
|
|
|
|
|
issuer = node->cert->issuerName;
|
2009-10-29 11:31:59 +01:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (specificError)
|
2014-08-12 14:41:21 +03:00
|
|
|
SAL_INFO("xmlsecurity.xmlsec", specificError);
|
2009-11-05 16:55:26 +01:00
|
|
|
if (issuer)
|
2014-08-12 14:41:21 +03:00
|
|
|
SAL_INFO("xmlsecurity.xmlsec", issuer);
|
2009-10-29 11:31:59 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2010-10-12 15:57:08 +02:00
|
|
|
|
|
|
|
|
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
