File: signed_exchange_error.h

package info (click to toggle)
chromium 138.0.7204.183-1~deb12u1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm-proposed-updates
  • size: 6,080,960 kB
  • sloc: cpp: 34,937,079; ansic: 7,176,967; javascript: 4,110,704; python: 1,419,954; asm: 946,768; xml: 739,971; pascal: 187,324; sh: 89,623; perl: 88,663; objc: 79,944; sql: 50,304; cs: 41,786; fortran: 24,137; makefile: 21,811; php: 13,980; tcl: 13,166; yacc: 8,925; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (96 lines) | stat: -rw-r--r-- 3,097 bytes parent folder | download | duplicates (7)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
// Copyright 2018 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CONTENT_BROWSER_WEB_PACKAGE_SIGNED_EXCHANGE_ERROR_H_
#define CONTENT_BROWSER_WEB_PACKAGE_SIGNED_EXCHANGE_ERROR_H_

#include <optional>
#include <string>
#include <utility>

#include "content/browser/web_package/signed_exchange_signature_verifier.h"

namespace content {

// This enum is used for recording histograms. Treat as append-only.
enum class SignedExchangeLoadResult {
  kSuccess,
  // SXG was served from non-secure origin.
  kSXGServedFromNonHTTPS,
  // SXG parse error (couldn't extract fallback URL).
  kFallbackURLParseError,
  // Unsupported version of SXG (could extract fallback URL).
  kVersionMismatch,
  // SXG parse error (could extract fallback URL).
  kHeaderParseError,
  // Network error occurred while loading SXG header.
  kSXGHeaderNetError,
  // Failed to fetch certificate chain.
  kCertFetchError,
  // Failed to parse certificate chain.
  kCertParseError,
  // Signature verification failed.
  kSignatureVerificationError,
  // Cert verification failed.
  kCertVerificationError,
  // CT verification failed.
  kCTVerificationError,
  // OCSP check failed.
  kOCSPError,
  // Certificate Requirements aren't met.
  // https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html#cross-origin-cert-req
  kCertRequirementsNotMet,
  // SXG was served without "X-Content-Type-Options: nosniff" header.
  kSXGServedWithoutNosniff,
  // Merkle integrity error.
  kMerkleIntegrityError,
  // Invalid integrity header error.
  kInvalidIntegrityHeader,
  // SXG has Variants / Variant-Key headers that don't match the request.
  kVariantMismatch,
  // Certificate's validity period is too long.
  kCertValidityPeriodTooLong,
  // SXG had "Vary: Cookie" inner header but we had a cookie for the URL.
  kHadCookieForCookielessOnlySXG,
  // The certificate didn't match the built-in public key pins for the host
  // name.
  kPKPViolationError,
  kMaxValue = kPKPViolationError
};

struct SignedExchangeError {
 public:
  enum class Field {
    kSignatureSig,
    kSignatureIintegrity,
    kSignatureCertUrl,
    kSignatureCertSha256,
    kSignatureValidityUrl,
    kSignatureTimestamps,
  };

  // |signature_index| will be used when we will support multiple signatures in
  // a signed exchange header to indicate which signature is causing the error.
  using FieldIndexPair = std::pair<int /* signature_index */, Field>;

  static std::optional<Field> GetFieldFromSignatureVerifierResult(
      SignedExchangeSignatureVerifier::Result verify_result);

  SignedExchangeError(const std::string& message,
                      std::optional<FieldIndexPair> field);

  // Copy constructor.
  SignedExchangeError(const SignedExchangeError& other);
  // Move constructor.
  SignedExchangeError(SignedExchangeError&& other);

  ~SignedExchangeError();

  std::string message;
  std::optional<FieldIndexPair> field;
};

}  // namespace content

#endif  // CONTENT_BROWSER_WEB_PACKAGE_SIGNED_EXCHANGE_ERROR_H_