/*
* Copyright (C) 2006 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.net.http;
import java.security.cert.X509Certificate;
/**
* This class represents a set of one or more SSL errors and the associated SSL
* certificate.
*/
public class SslError {
/**
* Individual SSL errors (in the order from the least to the most severe):
*/
/**
* The certificate is not yet valid
*/
public static final int SSL_NOTYETVALID = 0;
/**
* The certificate has expired
*/
public static final int SSL_EXPIRED = 1;
/**
* Hostname mismatch
*/
public static final int SSL_IDMISMATCH = 2;
/**
* The certificate authority is not trusted
*/
public static final int SSL_UNTRUSTED = 3;
/**
* The date of the certificate is invalid
*/
public static final int SSL_DATE_INVALID = 4;
/**
* A generic error occurred
*/
public static final int SSL_INVALID = 5;
/**
* The number of different SSL errors.
* @deprecated This constant is not necessary for using the SslError API and
* can change from release to release.
*/
// Update if you add a new SSL error!!!
@Deprecated
public static final int SSL_MAX_ERROR = 6;
/**
* The SSL error set bitfield (each individual error is a bit index;
* multiple individual errors can be OR-ed)
*/
int mErrors;
/**
* The SSL certificate associated with the error set
*/
final SslCertificate mCertificate;
/**
* The URL associated with the error set.
*/
final String mUrl;
/**
* Creates a new SslError object using the supplied error and certificate.
* The URL will be set to the empty string.
* @param error The SSL error
* @param certificate The associated SSL certificate
* @deprecated Use {@link #SslError(int, SslCertificate, String)}
*/
@Deprecated
public SslError(int error, SslCertificate certificate) {
this(error, certificate, "");
}
/**
* Creates a new SslError object using the supplied error and certificate.
* The URL will be set to the empty string.
* @param error The SSL error
* @param certificate The associated SSL certificate
* @deprecated Use {@link #SslError(int, X509Certificate, String)}
*/
@Deprecated
public SslError(int error, X509Certificate certificate) {
this(error, certificate, "");
}
/**
* Creates a new SslError object using the supplied error, certificate and
* URL.
* @param error The SSL error
* @param certificate The associated SSL certificate
* @param url The associated URL
*/
public SslError(int error, SslCertificate certificate, String url) {
assert certificate != null;
assert url != null;
addError(error);
mCertificate = certificate;
mUrl = url;
}
/**
* Creates a new SslError object using the supplied error, certificate and
* URL.
* @param error The SSL error
* @param certificate The associated SSL certificate
* @param url The associated URL
*/
public SslError(int error, X509Certificate certificate, String url) {
this(error, new SslCertificate(certificate), url);
}
/**
* Creates an SslError object from a chromium error code.
* @param error The chromium error code
* @param certificate The associated SSL certificate
* @param url The associated URL.
* @hide chromium error codes only available inside the framework
*/
public static SslError SslErrorFromChromiumErrorCode(
int error, SslCertificate cert, String url) {
// The chromium error codes are in:
// external/chromium/net/base/net_error_list.h
assert (error >= -299 && error <= -200);
if (error == -200)
return new SslError(SSL_IDMISMATCH, cert, url);
if (error == -201)
return new SslError(SSL_DATE_INVALID, cert, url);
if (error == -202)
return new SslError(SSL_UNTRUSTED, cert, url);
// Map all other codes to SSL_INVALID.
return new SslError(SSL_INVALID, cert, url);
}
/**
* Gets the SSL certificate associated with this object.
* @return The SSL certificate, non-null.
*/
public SslCertificate getCertificate() {
return mCertificate;
}
/**
* Gets the URL associated with this object.
* @return The URL, non-null.
*/
public String getUrl() {
return mUrl;
}
/**
* Adds the supplied SSL error to the set.
* @param error The SSL error to add
* @return True if the error being added is a known SSL error, otherwise
* false.
*/
public boolean addError(int error) {
boolean rval = (0 <= error && error < SslError.SSL_MAX_ERROR);
if (rval) {
mErrors |= (0x1 << error);
}
return rval;
}
/**
* Determines whether this object includes the supplied error.
* @param error The SSL error to check for
* @return True if this object includes the error, otherwise false.
*/
public boolean hasError(int error) {
boolean rval = (0 <= error && error < SslError.SSL_MAX_ERROR);
if (rval) {
rval = ((mErrors & (0x1 << error)) != 0);
}
return rval;
}
/**
* Gets the most severe SSL error in this object's set of errors.
* Returns -1 if the set is empty.
* @return The most severe SSL error, or -1 if the set is empty.
*/
public int getPrimaryError() {
if (mErrors != 0) {
// go from the most to the least severe errors
for (int error = SslError.SSL_MAX_ERROR - 1; error >= 0; --error) {
if ((mErrors & (0x1 << error)) != 0) {
return error;
}
}
// mErrors should never be set to an invalid value.
assert false;
}
return -1;
}
/**
* Returns a string representation of this object.
* @return A String representation of this object.
*/
public String toString() {
return "primary error: " + getPrimaryError() +
" certificate: " + getCertificate() +
" on URL: " + getUrl();
}
}