1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
|
// Copyright 2018 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CONTENT_BROWSER_WEB_PACKAGE_SIGNED_EXCHANGE_ERROR_H_
#define CONTENT_BROWSER_WEB_PACKAGE_SIGNED_EXCHANGE_ERROR_H_
#include <optional>
#include <string>
#include <utility>
#include "content/browser/web_package/signed_exchange_signature_verifier.h"
namespace content {
// This enum is used for recording histograms. Treat as append-only.
enum class SignedExchangeLoadResult {
kSuccess,
// SXG was served from non-secure origin.
kSXGServedFromNonHTTPS,
// SXG parse error (couldn't extract fallback URL).
kFallbackURLParseError,
// Unsupported version of SXG (could extract fallback URL).
kVersionMismatch,
// SXG parse error (could extract fallback URL).
kHeaderParseError,
// Network error occurred while loading SXG header.
kSXGHeaderNetError,
// Failed to fetch certificate chain.
kCertFetchError,
// Failed to parse certificate chain.
kCertParseError,
// Signature verification failed.
kSignatureVerificationError,
// Cert verification failed.
kCertVerificationError,
// CT verification failed.
kCTVerificationError,
// OCSP check failed.
kOCSPError,
// Certificate Requirements aren't met.
// https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html#cross-origin-cert-req
kCertRequirementsNotMet,
// SXG was served without "X-Content-Type-Options: nosniff" header.
kSXGServedWithoutNosniff,
// Merkle integrity error.
kMerkleIntegrityError,
// Invalid integrity header error.
kInvalidIntegrityHeader,
// SXG has Variants / Variant-Key headers that don't match the request.
kVariantMismatch,
// Certificate's validity period is too long.
kCertValidityPeriodTooLong,
// SXG had "Vary: Cookie" inner header but we had a cookie for the URL.
kHadCookieForCookielessOnlySXG,
// The certificate didn't match the built-in public key pins for the host
// name.
kPKPViolationError,
kMaxValue = kPKPViolationError
};
struct SignedExchangeError {
public:
enum class Field {
kSignatureSig,
kSignatureIintegrity,
kSignatureCertUrl,
kSignatureCertSha256,
kSignatureValidityUrl,
kSignatureTimestamps,
};
// |signature_index| will be used when we will support multiple signatures in
// a signed exchange header to indicate which signature is causing the error.
using FieldIndexPair = std::pair<int /* signature_index */, Field>;
static std::optional<Field> GetFieldFromSignatureVerifierResult(
SignedExchangeSignatureVerifier::Result verify_result);
SignedExchangeError(const std::string& message,
std::optional<FieldIndexPair> field);
// Copy constructor.
SignedExchangeError(const SignedExchangeError& other);
// Move constructor.
SignedExchangeError(SignedExchangeError&& other);
~SignedExchangeError();
std::string message;
std::optional<FieldIndexPair> field;
};
} // namespace content
#endif // CONTENT_BROWSER_WEB_PACKAGE_SIGNED_EXCHANGE_ERROR_H_
|