1 // Copyright 2017 The Chromium Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // https://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 #include "common_cert_errors.h" 16 17 BSSL_NAMESPACE_BEGIN 18 namespace cert_errors { 19 20 DEFINE_CERT_ERROR_ID(kInternalError, "Internal error"); 21 DEFINE_CERT_ERROR_ID(kValidityFailedNotAfter, "Time is after notAfter"); 22 DEFINE_CERT_ERROR_ID(kValidityFailedNotBefore, "Time is before notBefore"); 23 DEFINE_CERT_ERROR_ID(kDistrustedByTrustStore, "Distrusted by trust store"); 24 25 DEFINE_CERT_ERROR_ID( 26 kSignatureAlgorithmMismatch, 27 "Certificate.signatureAlgorithm != TBSCertificate.signature"); 28 29 DEFINE_CERT_ERROR_ID(kChainIsEmpty, "Chain is empty"); 30 DEFINE_CERT_ERROR_ID(kUnconsumedCriticalExtension, 31 "Unconsumed critical extension"); 32 DEFINE_CERT_ERROR_ID(kKeyCertSignBitNotSet, "keyCertSign bit is not set"); 33 DEFINE_CERT_ERROR_ID(kKeyUsageIncorrectForRcsMlsClient, 34 "KeyUsage must have only the digitalSignature bit set for " 35 "rcsMlsClient auth"); 36 DEFINE_CERT_ERROR_ID(kMaxPathLengthViolated, "max_path_length reached"); 37 DEFINE_CERT_ERROR_ID(kBasicConstraintsIndicatesNotCa, 38 "Basic Constraints indicates not a CA"); 39 DEFINE_CERT_ERROR_ID(kTargetCertShouldNotBeCa, 40 "Certificate has Basic Constraints indicating it is a CA " 41 "when it should not be a CA"); 42 DEFINE_CERT_ERROR_ID(kMissingBasicConstraints, 43 "Does not have Basic Constraints"); 44 DEFINE_CERT_ERROR_ID(kNotPermittedByNameConstraints, 45 "Not permitted by name constraints"); 46 DEFINE_CERT_ERROR_ID(kTooManyNameConstraintChecks, 47 "Too many name constraints checks"); 48 DEFINE_CERT_ERROR_ID(kSubjectDoesNotMatchIssuer, 49 "subject does not match issuer"); 50 DEFINE_CERT_ERROR_ID(kVerifySignedDataFailed, "VerifySignedData failed"); 51 DEFINE_CERT_ERROR_ID(kSignatureAlgorithmsDifferentEncoding, 52 "Certificate.signatureAlgorithm is encoded differently " 53 "than TBSCertificate.signature"); 54 DEFINE_CERT_ERROR_ID(kEkuLacksServerAuth, 55 "The extended key usage does not include server auth"); 56 DEFINE_CERT_ERROR_ID(kEkuLacksServerAuthButHasAnyEKU, 57 "The extended key usage does not include server auth but " 58 "instead includes anyExtendeKeyUsage"); 59 DEFINE_CERT_ERROR_ID(kEkuLacksClientAuth, 60 "The extended key usage does not include client auth"); 61 DEFINE_CERT_ERROR_ID(kEkuLacksClientAuthButHasAnyEKU, 62 "The extended key usage does not include client auth but " 63 "instead includes anyExtendedKeyUsage"); 64 DEFINE_CERT_ERROR_ID(kEkuLacksClientAuthOrServerAuth, 65 "The extended key usage does not include client auth " 66 "or server auth"); 67 DEFINE_CERT_ERROR_ID(kEkuHasProhibitedOCSPSigning, 68 "The extended key usage includes OCSP signing which " 69 "is not permitted for this use"); 70 DEFINE_CERT_ERROR_ID(kEkuHasProhibitedTimeStamping, 71 "The extended key usage includes time stamping which " 72 "is not permitted for this use"); 73 DEFINE_CERT_ERROR_ID(kEkuHasProhibitedCodeSigning, 74 "The extended key usage includes code signing which " 75 "is not permitted for this use"); 76 DEFINE_CERT_ERROR_ID(kEkuIncorrectForRcsMlsClient, 77 "The extended key usage does not contain only the " 78 "rcsMlsClient key purpose."); 79 DEFINE_CERT_ERROR_ID(kEkuIncorrectForC2PATimeStamping, 80 "The extended key usage does not contain the time " 81 "stamping key purpose, or contains prohibited key usages"); 82 DEFINE_CERT_ERROR_ID( 83 kEkuIncorrectForC2PAManifest, 84 "The extended key usage must contain at least one of: email protection or " 85 "document signing, and must not contain prohibited key usages"); 86 87 DEFINE_CERT_ERROR_ID(kEkuNotPresent, 88 "Certificate does not have extended key usage"); 89 DEFINE_CERT_ERROR_ID(kCertIsNotTrustAnchor, 90 "Certificate is not a trust anchor"); 91 DEFINE_CERT_ERROR_ID(kNoValidPolicy, "No valid policy"); 92 DEFINE_CERT_ERROR_ID(kPolicyMappingAnyPolicy, 93 "PolicyMappings must not map anyPolicy"); 94 DEFINE_CERT_ERROR_ID(kFailedParsingSpki, "Couldn't parse SubjectPublicKeyInfo"); 95 DEFINE_CERT_ERROR_ID(kUnacceptableSignatureAlgorithm, 96 "Unacceptable signature algorithm"); 97 DEFINE_CERT_ERROR_ID(kUnacceptablePublicKey, "Unacceptable public key"); 98 DEFINE_CERT_ERROR_ID(kCertificateRevoked, "Certificate is revoked"); 99 DEFINE_CERT_ERROR_ID(kNoRevocationMechanism, 100 "Certificate lacks a revocation mechanism"); 101 DEFINE_CERT_ERROR_ID(kUnableToCheckRevocation, "Unable to check revocation"); 102 DEFINE_CERT_ERROR_ID(kNoIssuersFound, "No matching issuer found"); 103 DEFINE_CERT_ERROR_ID(kDeadlineExceeded, "Deadline exceeded"); 104 DEFINE_CERT_ERROR_ID(kIterationLimitExceeded, "Iteration limit exceeded"); 105 DEFINE_CERT_ERROR_ID(kDepthLimitExceeded, "Depth limit exceeded"); 106 107 } // namespace cert_errors 108 BSSL_NAMESPACE_END 109