tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

Result.h (13532B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This code is made available to you under your choice of the following sets
      4 * of licensing terms:
      5 */
      6 /* This Source Code Form is subject to the terms of the Mozilla Public
      7 * License, v. 2.0. If a copy of the MPL was not distributed with this
      8 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
      9 */
     10 /* Copyright 2013 Mozilla Contributors
     11 *
     12 * Licensed under the Apache License, Version 2.0 (the "License");
     13 * you may not use this file except in compliance with the License.
     14 * You may obtain a copy of the License at
     15 *
     16 *     http://www.apache.org/licenses/LICENSE-2.0
     17 *
     18 * Unless required by applicable law or agreed to in writing, software
     19 * distributed under the License is distributed on an "AS IS" BASIS,
     20 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     21 * See the License for the specific language governing permissions and
     22 * limitations under the License.
     23 */
     24 
     25 #ifndef mozilla_pkix_Result_h
     26 #define mozilla_pkix_Result_h
     27 
     28 #include <cassert>
     29 
     30 namespace mozilla {
     31 namespace pkix {
     32 
     33 static const unsigned int FATAL_ERROR_FLAG = 0x800;
     34 
     35 // ----------------------------------------------------------------------------
     36 // SELECTED ERROR CODE EXPLANATIONS
     37 //
     38 // Result::ERROR_UNTRUSTED_CERT
     39 //         means that the end-entity certificate was actively distrusted.
     40 // Result::ERROR_UNTRUSTED_ISSUER
     41 //         means that path building failed because of active distrust.
     42 // Result::ERROR_INVALID_DER_TIME
     43 //         means the DER-encoded time was unexpected, such as being before the
     44 //         UNIX epoch (allowed by X500, but not valid here).
     45 // Result::ERROR_EXPIRED_CERTIFICATE
     46 //         means the end entity certificate expired.
     47 // Result::ERROR_EXPIRED_ISSUER_CERTIFICATE
     48 //         means the CA certificate expired.
     49 // Result::ERROR_UNKNOWN_ISSUER
     50 //         means that the CA could not be found in the root store.
     51 // Result::ERROR_POLICY_VALIDATION_FAILED
     52 //         means that an encoded policy could not be applied or wasn't present
     53 //         when expected. Usually this is in the context of Extended Validation.
     54 // Result::ERROR_BAD_CERT_DOMAIN
     55 //         means that the certificate's name couldn't be matched to the
     56 //         reference identifier.
     57 // Result::ERROR_CERT_NOT_IN_NAME_SPACE
     58 //         typically means the certificate violates name constraints applied
     59 //         by the issuer.
     60 // Result::ERROR_BAD_DER
     61 //         means the input was improperly encoded.
     62 // Result::ERROR_UNKNOWN_ERROR
     63 //         means that an external library (NSS) provided an error we didn't
     64 //         anticipate. See the map below in Result.h to add new ones.
     65 // Result::FATAL_ERROR_LIBRARY_FAILURE
     66 //         is an unexpected fatal error indicating a library had an unexpected
     67 //         failure, and we can't proceed.
     68 // Result::FATAL_ERROR_INVALID_ARGS
     69 //         means that we violated our own expectations on inputs and there's a
     70 //         bug somewhere.
     71 // Result::FATAL_ERROR_INVALID_STATE
     72 //         means that we violated our own expectations on state and there's a
     73 //         bug somewhere.
     74 // Result::FATAL_ERROR_NO_MEMORY
     75 //         means a memory allocation failed, prohibiting validation.
     76 // ----------------------------------------------------------------------------
     77 
     78 // The first argument to MOZILLA_PKIX_MAP() is used for building the mapping
     79 // from error code to error name in MapResultToName.
     80 //
     81 // The second argument is for defining the value for the enum literal in the
     82 // Result enum class.
     83 //
     84 // The third argument to MOZILLA_PKIX_MAP() is used, along with the first
     85 // argument, for maintaining the mapping of mozilla::pkix error codes to
     86 // NSS/NSPR error codes in pkixnss.cpp.
     87 #define MOZILLA_PKIX_MAP_LIST                                                  \
     88  MOZILLA_PKIX_MAP(Success, 0, 0)                                              \
     89  MOZILLA_PKIX_MAP(ERROR_BAD_DER, 1, SEC_ERROR_BAD_DER)                        \
     90  MOZILLA_PKIX_MAP(ERROR_CA_CERT_INVALID, 2, SEC_ERROR_CA_CERT_INVALID)        \
     91  MOZILLA_PKIX_MAP(ERROR_BAD_SIGNATURE, 3, SEC_ERROR_BAD_SIGNATURE)            \
     92  MOZILLA_PKIX_MAP(ERROR_CERT_BAD_ACCESS_LOCATION, 4,                          \
     93                   SEC_ERROR_CERT_BAD_ACCESS_LOCATION)                         \
     94  MOZILLA_PKIX_MAP(ERROR_CERT_NOT_IN_NAME_SPACE, 5,                            \
     95                   SEC_ERROR_CERT_NOT_IN_NAME_SPACE)                           \
     96  MOZILLA_PKIX_MAP(ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED, 6,                 \
     97                   SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED)                \
     98  MOZILLA_PKIX_MAP(ERROR_CONNECT_REFUSED, 7, PR_CONNECT_REFUSED_ERROR)         \
     99  MOZILLA_PKIX_MAP(ERROR_EXPIRED_CERTIFICATE, 8,                               \
    100                   SEC_ERROR_EXPIRED_CERTIFICATE)                              \
    101  MOZILLA_PKIX_MAP(ERROR_EXTENSION_VALUE_INVALID, 9,                           \
    102                   SEC_ERROR_EXTENSION_VALUE_INVALID)                          \
    103  MOZILLA_PKIX_MAP(ERROR_INADEQUATE_CERT_TYPE, 10,                             \
    104                   SEC_ERROR_INADEQUATE_CERT_TYPE)                             \
    105  MOZILLA_PKIX_MAP(ERROR_INADEQUATE_KEY_USAGE, 11,                             \
    106                   SEC_ERROR_INADEQUATE_KEY_USAGE)                             \
    107  MOZILLA_PKIX_MAP(ERROR_INVALID_ALGORITHM, 12, SEC_ERROR_INVALID_ALGORITHM)   \
    108  MOZILLA_PKIX_MAP(ERROR_INVALID_DER_TIME, 13, SEC_ERROR_INVALID_TIME)         \
    109  MOZILLA_PKIX_MAP(ERROR_KEY_PINNING_FAILURE, 14,                              \
    110                   MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE)                     \
    111  MOZILLA_PKIX_MAP(ERROR_PATH_LEN_CONSTRAINT_INVALID, 15,                      \
    112                   SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID)                      \
    113  MOZILLA_PKIX_MAP(ERROR_POLICY_VALIDATION_FAILED, 16,                         \
    114                   SEC_ERROR_POLICY_VALIDATION_FAILED)                         \
    115  MOZILLA_PKIX_MAP(ERROR_REVOKED_CERTIFICATE, 17,                              \
    116                   SEC_ERROR_REVOKED_CERTIFICATE)                              \
    117  MOZILLA_PKIX_MAP(ERROR_UNKNOWN_CRITICAL_EXTENSION, 18,                       \
    118                   SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION)                       \
    119  MOZILLA_PKIX_MAP(ERROR_UNKNOWN_ERROR, 19, PR_UNKNOWN_ERROR)                  \
    120  MOZILLA_PKIX_MAP(ERROR_UNKNOWN_ISSUER, 20, SEC_ERROR_UNKNOWN_ISSUER)         \
    121  MOZILLA_PKIX_MAP(ERROR_UNTRUSTED_CERT, 21, SEC_ERROR_UNTRUSTED_CERT)         \
    122  MOZILLA_PKIX_MAP(ERROR_UNTRUSTED_ISSUER, 22, SEC_ERROR_UNTRUSTED_ISSUER)     \
    123  MOZILLA_PKIX_MAP(ERROR_OCSP_BAD_SIGNATURE, 23, SEC_ERROR_OCSP_BAD_SIGNATURE) \
    124  MOZILLA_PKIX_MAP(ERROR_OCSP_INVALID_SIGNING_CERT, 24,                        \
    125                   SEC_ERROR_OCSP_INVALID_SIGNING_CERT)                        \
    126  MOZILLA_PKIX_MAP(ERROR_OCSP_MALFORMED_REQUEST, 25,                           \
    127                   SEC_ERROR_OCSP_MALFORMED_REQUEST)                           \
    128  MOZILLA_PKIX_MAP(ERROR_OCSP_MALFORMED_RESPONSE, 26,                          \
    129                   SEC_ERROR_OCSP_MALFORMED_RESPONSE)                          \
    130  MOZILLA_PKIX_MAP(ERROR_OCSP_OLD_RESPONSE, 27, SEC_ERROR_OCSP_OLD_RESPONSE)   \
    131  MOZILLA_PKIX_MAP(ERROR_OCSP_REQUEST_NEEDS_SIG, 28,                           \
    132                   SEC_ERROR_OCSP_REQUEST_NEEDS_SIG)                           \
    133  MOZILLA_PKIX_MAP(ERROR_OCSP_RESPONDER_CERT_INVALID, 29,                      \
    134                   SEC_ERROR_OCSP_RESPONDER_CERT_INVALID)                      \
    135  MOZILLA_PKIX_MAP(ERROR_OCSP_SERVER_ERROR, 30, SEC_ERROR_OCSP_SERVER_ERROR)   \
    136  MOZILLA_PKIX_MAP(ERROR_OCSP_TRY_SERVER_LATER, 31,                            \
    137                   SEC_ERROR_OCSP_TRY_SERVER_LATER)                            \
    138  MOZILLA_PKIX_MAP(ERROR_OCSP_UNAUTHORIZED_REQUEST, 32,                        \
    139                   SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST)                        \
    140  MOZILLA_PKIX_MAP(ERROR_OCSP_UNKNOWN_RESPONSE_STATUS, 33,                     \
    141                   SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS)                     \
    142  MOZILLA_PKIX_MAP(ERROR_OCSP_UNKNOWN_CERT, 34, SEC_ERROR_OCSP_UNKNOWN_CERT)   \
    143  MOZILLA_PKIX_MAP(ERROR_OCSP_FUTURE_RESPONSE, 35,                             \
    144                   SEC_ERROR_OCSP_FUTURE_RESPONSE)                             \
    145  MOZILLA_PKIX_MAP(ERROR_INVALID_KEY, 36, SEC_ERROR_INVALID_KEY)               \
    146  MOZILLA_PKIX_MAP(ERROR_UNSUPPORTED_KEYALG, 37, SEC_ERROR_UNSUPPORTED_KEYALG) \
    147  MOZILLA_PKIX_MAP(ERROR_EXPIRED_ISSUER_CERTIFICATE, 38,                       \
    148                   SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE)                       \
    149  MOZILLA_PKIX_MAP(ERROR_CA_CERT_USED_AS_END_ENTITY, 39,                       \
    150                   MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY)              \
    151  MOZILLA_PKIX_MAP(ERROR_INADEQUATE_KEY_SIZE, 40,                              \
    152                   MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE)                     \
    153  MOZILLA_PKIX_MAP(ERROR_V1_CERT_USED_AS_CA, 41,                               \
    154                   MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA)                      \
    155  MOZILLA_PKIX_MAP(ERROR_BAD_CERT_DOMAIN, 42, SSL_ERROR_BAD_CERT_DOMAIN)       \
    156  MOZILLA_PKIX_MAP(ERROR_NO_RFC822NAME_MATCH, 43,                              \
    157                   MOZILLA_PKIX_ERROR_NO_RFC822NAME_MATCH)                     \
    158  MOZILLA_PKIX_MAP(ERROR_UNSUPPORTED_ELLIPTIC_CURVE, 44,                       \
    159                   SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE)                       \
    160  MOZILLA_PKIX_MAP(ERROR_NOT_YET_VALID_CERTIFICATE, 45,                        \
    161                   MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE)               \
    162  MOZILLA_PKIX_MAP(ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE, 46,                 \
    163                   MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE)        \
    164  MOZILLA_PKIX_MAP(ERROR_UNSUPPORTED_EC_POINT_FORM, 47,                        \
    165                   SEC_ERROR_UNSUPPORTED_EC_POINT_FORM)                        \
    166  MOZILLA_PKIX_MAP(ERROR_SIGNATURE_ALGORITHM_MISMATCH, 48,                     \
    167                   MOZILLA_PKIX_ERROR_SIGNATURE_ALGORITHM_MISMATCH)            \
    168  MOZILLA_PKIX_MAP(ERROR_OCSP_RESPONSE_FOR_CERT_MISSING, 49,                   \
    169                   MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING)          \
    170  MOZILLA_PKIX_MAP(ERROR_VALIDITY_TOO_LONG, 50,                                \
    171                   MOZILLA_PKIX_ERROR_VALIDITY_TOO_LONG)                       \
    172  MOZILLA_PKIX_MAP(ERROR_REQUIRED_TLS_FEATURE_MISSING, 51,                     \
    173                   MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING)            \
    174  MOZILLA_PKIX_MAP(ERROR_INVALID_INTEGER_ENCODING, 52,                         \
    175                   MOZILLA_PKIX_ERROR_INVALID_INTEGER_ENCODING)                \
    176  MOZILLA_PKIX_MAP(ERROR_EMPTY_ISSUER_NAME, 53,                                \
    177                   MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME)                       \
    178  MOZILLA_PKIX_MAP(ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED, 54,              \
    179                   MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED)     \
    180  MOZILLA_PKIX_MAP(ERROR_SELF_SIGNED_CERT, 55,                                 \
    181                   MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT)                        \
    182  MOZILLA_PKIX_MAP(ERROR_MITM_DETECTED, 56, MOZILLA_PKIX_ERROR_MITM_DETECTED)  \
    183  MOZILLA_PKIX_MAP(ERROR_INSUFFICIENT_CERTIFICATE_TRANSPARENCY, 57,            \
    184                   MOZILLA_PKIX_ERROR_INSUFFICIENT_CERTIFICATE_TRANSPARENCY)   \
    185  MOZILLA_PKIX_MAP(ERROR_ISSUER_NO_LONGER_TRUSTED, 58,                         \
    186                   MOZILLA_PKIX_ERROR_ISSUER_NO_LONGER_TRUSTED)                \
    187  MOZILLA_PKIX_MAP(FATAL_ERROR_INVALID_ARGS, FATAL_ERROR_FLAG | 1,             \
    188                   SEC_ERROR_INVALID_ARGS)                                     \
    189  MOZILLA_PKIX_MAP(FATAL_ERROR_INVALID_STATE, FATAL_ERROR_FLAG | 2,            \
    190                   PR_INVALID_STATE_ERROR)                                     \
    191  MOZILLA_PKIX_MAP(FATAL_ERROR_LIBRARY_FAILURE, FATAL_ERROR_FLAG | 3,          \
    192                   SEC_ERROR_LIBRARY_FAILURE)                                  \
    193  MOZILLA_PKIX_MAP(FATAL_ERROR_NO_MEMORY, FATAL_ERROR_FLAG | 4,                \
    194                   SEC_ERROR_NO_MEMORY)                                        \
    195  MOZILLA_PKIX_MAP(ERROR_ONION_WITH_SELF_SIGNED_CERT, 155,                     \
    196                   MOZILLA_PKIX_ERROR_ONION_WITH_SELF_SIGNED_CERT)             \
    197  /* nothing here */
    198 
    199 enum class Result {
    200 #define MOZILLA_PKIX_MAP(name, value, nss_name) name = value,
    201  MOZILLA_PKIX_MAP_LIST
    202 #undef MOZILLA_PKIX_MAP
    203 };
    204 
    205 // Returns the stringified name of the given result, e.g. "Result::Success",
    206 // or nullptr if result is unknown (invalid).
    207 const char* MapResultToName(Result result);
    208 
    209 // We write many comparisons as (x != Success), and this shortened name makes
    210 // those comparisons clearer, especially because the shortened name often
    211 // results in less line wrapping.
    212 static const Result Success = Result::Success;
    213 
    214 inline bool IsFatalError(Result rv) {
    215  return (static_cast<unsigned int>(rv) & FATAL_ERROR_FLAG) != 0;
    216 }
    217 
    218 inline Result NotReached(const char* /*explanation*/, Result result) {
    219  assert(false);
    220  return result;
    221 }
    222 }  // namespace pkix
    223 }  // namespace mozilla
    224 
    225 #endif  // mozilla_pkix_Result_h