1 | // Copyright (C) 2016 The Qt Company Ltd. |
2 | // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only |
3 | |
4 | |
5 | /*! |
6 | \class QSslError |
7 | \brief The QSslError class provides an SSL error. |
8 | \since 4.3 |
9 | |
10 | \reentrant |
11 | \ingroup network |
12 | \ingroup ssl |
13 | \ingroup shared |
14 | \inmodule QtNetwork |
15 | |
16 | QSslError provides a simple API for managing errors during QSslSocket's |
17 | SSL handshake. |
18 | |
19 | \sa QSslSocket, QSslCertificate, QSslCipher |
20 | */ |
21 | |
22 | /*! |
23 | \enum QSslError::SslError |
24 | |
25 | Describes all recognized errors that can occur during an SSL handshake. |
26 | |
27 | \value NoError |
28 | \value UnableToGetIssuerCertificate |
29 | \value UnableToDecryptCertificateSignature |
30 | \value UnableToDecodeIssuerPublicKey |
31 | \value CertificateSignatureFailed |
32 | \value CertificateNotYetValid |
33 | \value CertificateExpired |
34 | \value InvalidNotBeforeField |
35 | \value InvalidNotAfterField |
36 | \value SelfSignedCertificate |
37 | \value SelfSignedCertificateInChain |
38 | \value UnableToGetLocalIssuerCertificate |
39 | \value UnableToVerifyFirstCertificate |
40 | \value CertificateRevoked |
41 | \value InvalidCaCertificate |
42 | \value PathLengthExceeded |
43 | \value InvalidPurpose |
44 | \value CertificateUntrusted |
45 | \value CertificateRejected |
46 | \value SubjectIssuerMismatch |
47 | \value AuthorityIssuerSerialNumberMismatch |
48 | \value NoPeerCertificate |
49 | \value HostNameMismatch |
50 | \value UnspecifiedError |
51 | \value NoSslSupport |
52 | \value CertificateBlacklisted |
53 | \value CertificateStatusUnknown |
54 | \value OcspNoResponseFound |
55 | \value OcspMalformedRequest |
56 | \value OcspMalformedResponse |
57 | \value OcspInternalError |
58 | \value OcspTryLater |
59 | \value OcspSigRequred |
60 | \value OcspUnauthorized |
61 | \value OcspResponseCannotBeTrusted |
62 | \value OcspResponseCertIdUnknown |
63 | \value OcspResponseExpired |
64 | \value OcspStatusUnknown |
65 | |
66 | |
67 | \sa QSslError::errorString() |
68 | */ |
69 | |
70 | #include "qsslerror.h" |
71 | #include "qsslsocket.h" |
72 | #ifndef QT_NO_DEBUG_STREAM |
73 | #include <QtCore/qdebug.h> |
74 | #endif |
75 | |
76 | QT_BEGIN_NAMESPACE |
77 | |
78 | #ifndef QT_NO_SSL |
79 | QT_IMPL_METATYPE_EXTERN_TAGGED(QList<QSslError>, QList_QSslError) |
80 | #endif |
81 | |
82 | |
83 | #if QT_VERSION < QT_VERSION_CHECK(7, 0, 0) |
84 | // Avoid an ABI break due to the QScopedPointer->std::unique_ptr change |
85 | static_assert(sizeof(QScopedPointer<QSslErrorPrivate>) == sizeof(std::unique_ptr<QSslErrorPrivate>)); |
86 | #endif |
87 | |
88 | class QSslErrorPrivate |
89 | { |
90 | public: |
91 | QSslError::SslError error = QSslError::NoError; |
92 | QSslCertificate certificate; |
93 | }; |
94 | |
95 | // RVCT compiler in debug build does not like about default values in const- |
96 | // So as an workaround we define all constructor overloads here explicitly |
97 | /*! |
98 | Constructs a QSslError object with no error and default certificate. |
99 | |
100 | */ |
101 | |
102 | QSslError::QSslError() |
103 | : d(new QSslErrorPrivate) |
104 | { |
105 | } |
106 | |
107 | /*! |
108 | Constructs a QSslError object. The argument specifies the \a |
109 | error that occurred. |
110 | |
111 | */ |
112 | QSslError::QSslError(SslError error) |
113 | : d(new QSslErrorPrivate) |
114 | { |
115 | d->error = error; |
116 | } |
117 | |
118 | /*! |
119 | Constructs a QSslError object. The two arguments specify the \a |
120 | error that occurred, and which \a certificate the error relates to. |
121 | |
122 | \sa QSslCertificate |
123 | */ |
124 | QSslError::QSslError(SslError error, const QSslCertificate &certificate) |
125 | : d(new QSslErrorPrivate) |
126 | { |
127 | d->error = error; |
128 | d->certificate = certificate; |
129 | } |
130 | |
131 | /*! |
132 | Constructs an identical copy of \a other. |
133 | */ |
134 | QSslError::QSslError(const QSslError &other) |
135 | : d(new QSslErrorPrivate) |
136 | { |
137 | *d.get() = *other.d.get(); |
138 | } |
139 | |
140 | /*! |
141 | Destroys the QSslError object. |
142 | */ |
143 | QSslError::~QSslError() |
144 | { |
145 | } |
146 | |
147 | /*! |
148 | \since 4.4 |
149 | |
150 | Assigns the contents of \a other to this error. |
151 | */ |
152 | QSslError &QSslError::operator=(const QSslError &other) |
153 | { |
154 | *d.get() = *other.d.get(); |
155 | return *this; |
156 | } |
157 | |
158 | /*! |
159 | \fn void QSslError::swap(QSslError &other) |
160 | \since 5.0 |
161 | |
162 | Swaps this error instance with \a other. This function is very |
163 | fast and never fails. |
164 | */ |
165 | |
166 | /*! |
167 | \since 4.4 |
168 | |
169 | Returns \c true if this error is equal to \a other; otherwise returns \c false. |
170 | */ |
171 | bool QSslError::operator==(const QSslError &other) const |
172 | { |
173 | return d->error == other.d->error |
174 | && d->certificate == other.d->certificate; |
175 | } |
176 | |
177 | /*! |
178 | \fn bool QSslError::operator!=(const QSslError &other) const |
179 | \since 4.4 |
180 | |
181 | Returns \c true if this error is not equal to \a other; otherwise returns |
182 | false. |
183 | */ |
184 | |
185 | /*! |
186 | Returns the type of the error. |
187 | |
188 | \sa errorString(), certificate() |
189 | */ |
190 | QSslError::SslError QSslError::error() const |
191 | { |
192 | return d->error; |
193 | } |
194 | |
195 | /*! |
196 | Returns a short localized human-readable description of the error. |
197 | |
198 | \sa error(), certificate() |
199 | */ |
200 | QString QSslError::errorString() const |
201 | { |
202 | QString errStr; |
203 | switch (d->error) { |
204 | case NoError: |
205 | errStr = QSslSocket::tr(s: "No error" ); |
206 | break; |
207 | case UnableToGetIssuerCertificate: |
208 | errStr = QSslSocket::tr(s: "The issuer certificate could not be found" ); |
209 | break; |
210 | case UnableToDecryptCertificateSignature: |
211 | errStr = QSslSocket::tr(s: "The certificate signature could not be decrypted" ); |
212 | break; |
213 | case UnableToDecodeIssuerPublicKey: |
214 | errStr = QSslSocket::tr(s: "The public key in the certificate could not be read" ); |
215 | break; |
216 | case CertificateSignatureFailed: |
217 | errStr = QSslSocket::tr(s: "The signature of the certificate is invalid" ); |
218 | break; |
219 | case CertificateNotYetValid: |
220 | errStr = QSslSocket::tr(s: "The certificate is not yet valid" ); |
221 | break; |
222 | case CertificateExpired: |
223 | errStr = QSslSocket::tr(s: "The certificate has expired" ); |
224 | break; |
225 | case InvalidNotBeforeField: |
226 | errStr = QSslSocket::tr(s: "The certificate's notBefore field contains an invalid time" ); |
227 | break; |
228 | case InvalidNotAfterField: |
229 | errStr = QSslSocket::tr(s: "The certificate's notAfter field contains an invalid time" ); |
230 | break; |
231 | case SelfSignedCertificate: |
232 | errStr = QSslSocket::tr(s: "The certificate is self-signed, and untrusted" ); |
233 | break; |
234 | case SelfSignedCertificateInChain: |
235 | errStr = QSslSocket::tr(s: "The root certificate of the certificate chain is self-signed, and untrusted" ); |
236 | break; |
237 | case UnableToGetLocalIssuerCertificate: |
238 | errStr = QSslSocket::tr(s: "The issuer certificate of a locally looked up certificate could not be found" ); |
239 | break; |
240 | case UnableToVerifyFirstCertificate: |
241 | errStr = QSslSocket::tr(s: "No certificates could be verified" ); |
242 | break; |
243 | case InvalidCaCertificate: |
244 | errStr = QSslSocket::tr(s: "One of the CA certificates is invalid" ); |
245 | break; |
246 | case PathLengthExceeded: |
247 | errStr = QSslSocket::tr(s: "The basicConstraints path length parameter has been exceeded" ); |
248 | break; |
249 | case InvalidPurpose: |
250 | errStr = QSslSocket::tr(s: "The supplied certificate is unsuitable for this purpose" ); |
251 | break; |
252 | case CertificateUntrusted: |
253 | errStr = QSslSocket::tr(s: "The root CA certificate is not trusted for this purpose" ); |
254 | break; |
255 | case CertificateRejected: |
256 | errStr = QSslSocket::tr(s: "The root CA certificate is marked to reject the specified purpose" ); |
257 | break; |
258 | case SubjectIssuerMismatch: // hostname mismatch |
259 | errStr = QSslSocket::tr(s: "The current candidate issuer certificate was rejected because its" |
260 | " subject name did not match the issuer name of the current certificate" ); |
261 | break; |
262 | case AuthorityIssuerSerialNumberMismatch: |
263 | errStr = QSslSocket::tr(s: "The current candidate issuer certificate was rejected because" |
264 | " its issuer name and serial number was present and did not match the" |
265 | " authority key identifier of the current certificate" ); |
266 | break; |
267 | case NoPeerCertificate: |
268 | errStr = QSslSocket::tr(s: "The peer did not present any certificate" ); |
269 | break; |
270 | case HostNameMismatch: |
271 | errStr = QSslSocket::tr(s: "The host name did not match any of the valid hosts" |
272 | " for this certificate" ); |
273 | break; |
274 | case NoSslSupport: |
275 | break; |
276 | case CertificateBlacklisted: |
277 | errStr = QSslSocket::tr(s: "The peer certificate is blacklisted" ); |
278 | break; |
279 | case OcspNoResponseFound: |
280 | errStr = QSslSocket::tr(s: "No OCSP status response found" ); |
281 | break; |
282 | case OcspMalformedRequest: |
283 | errStr = QSslSocket::tr(s: "The OCSP status request had invalid syntax" ); |
284 | break; |
285 | case OcspMalformedResponse: |
286 | errStr = QSslSocket::tr(s: "OCSP response contains an unexpected number of SingleResponse structures" ); |
287 | break; |
288 | case OcspInternalError: |
289 | errStr = QSslSocket::tr(s: "OCSP responder reached an inconsistent internal state" ); |
290 | break; |
291 | case OcspTryLater: |
292 | errStr = QSslSocket::tr(s: "OCSP responder was unable to return a status for the requested certificate" ); |
293 | break; |
294 | case OcspSigRequred: |
295 | errStr = QSslSocket::tr(s: "The server requires the client to sign the OCSP request in order to construct a response" ); |
296 | break; |
297 | case OcspUnauthorized: |
298 | errStr = QSslSocket::tr(s: "The client is not authorized to request OCSP status from this server" ); |
299 | break; |
300 | case OcspResponseCannotBeTrusted: |
301 | errStr = QSslSocket::tr(s: "OCSP responder's identity cannot be verified" ); |
302 | break; |
303 | case OcspResponseCertIdUnknown: |
304 | errStr = QSslSocket::tr(s: "The identity of a certificate in an OCSP response cannot be established" ); |
305 | break; |
306 | case OcspResponseExpired: |
307 | errStr = QSslSocket::tr(s: "The certificate status response has expired" ); |
308 | break; |
309 | case OcspStatusUnknown: |
310 | errStr = QSslSocket::tr(s: "The certificate's status is unknown" ); |
311 | break; |
312 | default: |
313 | errStr = QSslSocket::tr(s: "Unknown error" ); |
314 | break; |
315 | } |
316 | |
317 | return errStr; |
318 | } |
319 | |
320 | /*! |
321 | Returns the certificate associated with this error, or a null certificate |
322 | if the error does not relate to any certificate. |
323 | |
324 | \sa error(), errorString() |
325 | */ |
326 | QSslCertificate QSslError::certificate() const |
327 | { |
328 | return d->certificate; |
329 | } |
330 | |
331 | /*! |
332 | Returns the hash value for the \a key, using \a seed to seed the calculation. |
333 | \since 5.4 |
334 | \relates QHash |
335 | */ |
336 | size_t qHash(const QSslError &key, size_t seed) noexcept |
337 | { |
338 | QtPrivate::QHashCombine hash; |
339 | seed = hash(seed, key.error()); |
340 | seed = hash(seed, key.certificate()); |
341 | return seed; |
342 | } |
343 | |
344 | #ifndef QT_NO_DEBUG_STREAM |
345 | //class QDebug; |
346 | QDebug operator<<(QDebug debug, const QSslError &error) |
347 | { |
348 | debug << error.errorString(); |
349 | return debug; |
350 | } |
351 | |
352 | QDebug print(QDebug debug, QSslError::SslError error) |
353 | { |
354 | debug << QSslError(error).errorString(); |
355 | return debug; |
356 | } |
357 | #endif |
358 | |
359 | QT_END_NAMESPACE |
360 | |
361 | #include "moc_qsslerror.cpp" |
362 | |