qsslerror.cpp source code [qtbase/src/network/ssl/qsslerror.cpp]

1	// Copyright (C) 2016 The Qt Company Ltd.
2	// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
3
4
5	/!*
6	\class QSslError
7	\brief The QSslError class provides an SSL error.
8	\since 4.3
9
10	\reentrant
11	\ingroup network
12	\ingroup ssl
13	\ingroup shared
14	\inmodule QtNetwork
15
16	QSslError provides a simple API for managing errors during QSslSocket's
17	SSL handshake.
18
19	\sa QSslSocket, QSslCertificate, QSslCipher
20	*/
21
22	/!*
23	\enum QSslError::SslError
24
25	Describes all recognized errors that can occur during an SSL handshake.
26
27	\value NoError
28	\value UnableToGetIssuerCertificate
29	\value UnableToDecryptCertificateSignature
30	\value UnableToDecodeIssuerPublicKey
31	\value CertificateSignatureFailed
32	\value CertificateNotYetValid
33	\value CertificateExpired
34	\value InvalidNotBeforeField
35	\value InvalidNotAfterField
36	\value SelfSignedCertificate
37	\value SelfSignedCertificateInChain
38	\value UnableToGetLocalIssuerCertificate
39	\value UnableToVerifyFirstCertificate
40	\value CertificateRevoked
41	\value InvalidCaCertificate
42	\value PathLengthExceeded
43	\value InvalidPurpose
44	\value CertificateUntrusted
45	\value CertificateRejected
46	\value SubjectIssuerMismatch
47	\value AuthorityIssuerSerialNumberMismatch
48	\value NoPeerCertificate
49	\value HostNameMismatch
50	\value UnspecifiedError
51	\value NoSslSupport
52	\value CertificateBlacklisted
53	\value CertificateStatusUnknown
54	\value OcspNoResponseFound
55	\value OcspMalformedRequest
56	\value OcspMalformedResponse
57	\value OcspInternalError
58	\value OcspTryLater
59	\value OcspSigRequred
60	\value OcspUnauthorized
61	\value OcspResponseCannotBeTrusted
62	\value OcspResponseCertIdUnknown
63	\value OcspResponseExpired
64	\value OcspStatusUnknown
65
66
67	\sa QSslError::errorString()
68	*/
69
70	#include "qsslerror.h"
71	#include "qsslsocket.h"
72	#ifndef QT_NO_DEBUG_STREAM
73	#include <QtCore/qdebug.h>
74	#endif
75
76	QT_BEGIN_NAMESPACE
77
78	#ifndef QT_NO_SSL
79	QT_IMPL_METATYPE_EXTERN_TAGGED(QList<QSslError>, QList_QSslError)
80	#endif
81
82
83	#if QT_VERSION < QT_VERSION_CHECK(7, 0, 0)
84	// Avoid an ABI break due to the QScopedPointer->std::unique_ptr change
85	static_assert(sizeof(QScopedPointer<QSslErrorPrivate>) == sizeof(std::unique_ptr<QSslErrorPrivate>));
86	#endif
87
88	class QSslErrorPrivate
89	{
90	public:
91	QSslError::SslError error = QSslError::NoError;
92	QSslCertificate certificate;
93	};
94
95	// RVCT compiler in debug build does not like about default values in const-
96	// So as an workaround we define all constructor overloads here explicitly
97	/!*
98	Constructs a QSslError object with no error and default certificate.
99
100	*/
101
102	QSslError::QSslError()
103	: d (new QSslErrorPrivate)
104	{
105	}
106
107	/!*
108	Constructs a QSslError object. The argument specifies the \a
109	error that occurred.
110
111	*/
112	QSslError::QSslError(SslError error)
113	: d (new QSslErrorPrivate)
114	{
115	d ->error = error;
116	}
117
118	/!*
119	Constructs a QSslError object. The two arguments specify the \a
120	error that occurred, and which \a certificate the error relates to.
121
122	\sa QSslCertificate
123	*/
124	QSslError::QSslError(SslError error, const QSslCertificate &certificate)
125	: d (new QSslErrorPrivate)
126	{
127	d ->error = error;
128	d ->certificate = certificate;
129	}
130
131	/!*
132	Constructs an identical copy of \a other.
133	*/
134	QSslError::QSslError(const QSslError &other)
135	: d (new QSslErrorPrivate)
136	{
137	d.get() = other.d.get();
138	}
139
140	/!*
141	Destroys the QSslError object.
142	*/
143	QSslError::~QSslError()
144	{
145	}
146
147	/!*
148	\since 4.4
149
150	Assigns the contents of \a other to this error.
151	*/
152	QSslError &QSslError::operator=(const QSslError &other)
153	{
154	d.get() = other.d.get();
155	return *this;
156	}
157
158	/!*
159	\fn void QSslError::swap(QSslError &other)
160	\since 5.0
161
162	Swaps this error instance with \a other. This function is very
163	fast and never fails.
164	*/
165
166	/!*
167	\since 4.4
168
169	Returns \c true if this error is equal to \a other; otherwise returns \c false.
170	*/
171	bool QSslError::operator==(const QSslError &other) const
172	{
173	return d ->error == other.d ->error
174	&& d ->certificate == other.d ->certificate;
175	}
176
177	/!*
178	\fn bool QSslError::operator!=(const QSslError &other) const
179	\since 4.4
180
181	Returns \c true if this error is not equal to \a other; otherwise returns
182	false.
183	*/
184
185	/!*
186	Returns the type of the error.
187
188	\sa errorString(), certificate()
189	*/
190	QSslError::SslError QSslError::error() const
191	{
192	return d ->error;
193	}
194
195	/!*
196	Returns a short localized human-readable description of the error.
197
198	\sa error(), certificate()
199	*/
200	QString QSslError::errorString() const
201	{
202	QString errStr;
203	switch (d ->error) {
204	case NoError:
205	errStr = QSslSocket::tr(s: "No error");
206	break;
207	case UnableToGetIssuerCertificate:
208	errStr = QSslSocket::tr(s: "The issuer certificate could not be found");
209	break;
210	case UnableToDecryptCertificateSignature:
211	errStr = QSslSocket::tr(s: "The certificate signature could not be decrypted");
212	break;
213	case UnableToDecodeIssuerPublicKey:
214	errStr = QSslSocket::tr(s: "The public key in the certificate could not be read");
215	break;
216	case CertificateSignatureFailed:
217	errStr = QSslSocket::tr(s: "The signature of the certificate is invalid");
218	break;
219	case CertificateNotYetValid:
220	errStr = QSslSocket::tr(s: "The certificate is not yet valid");
221	break;
222	case CertificateExpired:
223	errStr = QSslSocket::tr(s: "The certificate has expired");
224	break;
225	case InvalidNotBeforeField:
226	errStr = QSslSocket::tr(s: "The certificate's notBefore field contains an invalid time");
227	break;
228	case InvalidNotAfterField:
229	errStr = QSslSocket::tr(s: "The certificate's notAfter field contains an invalid time");
230	break;
231	case SelfSignedCertificate:
232	errStr = QSslSocket::tr(s: "The certificate is self-signed, and untrusted");
233	break;
234	case SelfSignedCertificateInChain:
235	errStr = QSslSocket::tr(s: "The root certificate of the certificate chain is self-signed, and untrusted");
236	break;
237	case UnableToGetLocalIssuerCertificate:
238	errStr = QSslSocket::tr(s: "The issuer certificate of a locally looked up certificate could not be found");
239	break;
240	case UnableToVerifyFirstCertificate:
241	errStr = QSslSocket::tr(s: "No certificates could be verified");
242	break;
243	case InvalidCaCertificate:
244	errStr = QSslSocket::tr(s: "One of the CA certificates is invalid");
245	break;
246	case PathLengthExceeded:
247	errStr = QSslSocket::tr(s: "The basicConstraints path length parameter has been exceeded");
248	break;
249	case InvalidPurpose:
250	errStr = QSslSocket::tr(s: "The supplied certificate is unsuitable for this purpose");
251	break;
252	case CertificateUntrusted:
253	errStr = QSslSocket::tr(s: "The root CA certificate is not trusted for this purpose");
254	break;
255	case CertificateRejected:
256	errStr = QSslSocket::tr(s: "The root CA certificate is marked to reject the specified purpose");
257	break;
258	case SubjectIssuerMismatch: // hostname mismatch
259	errStr = QSslSocket::tr(s: "The current candidate issuer certificate was rejected because its"
260	" subject name did not match the issuer name of the current certificate");
261	break;
262	case AuthorityIssuerSerialNumberMismatch:
263	errStr = QSslSocket::tr(s: "The current candidate issuer certificate was rejected because"
264	" its issuer name and serial number was present and did not match the"
265	" authority key identifier of the current certificate");
266	break;
267	case NoPeerCertificate:
268	errStr = QSslSocket::tr(s: "The peer did not present any certificate");
269	break;
270	case HostNameMismatch:
271	errStr = QSslSocket::tr(s: "The host name did not match any of the valid hosts"
272	" for this certificate");
273	break;
274	case NoSslSupport:
275	break;
276	case CertificateBlacklisted:
277	errStr = QSslSocket::tr(s: "The peer certificate is blacklisted");
278	break;
279	case OcspNoResponseFound:
280	errStr = QSslSocket::tr(s: "No OCSP status response found");
281	break;
282	case OcspMalformedRequest:
283	errStr = QSslSocket::tr(s: "The OCSP status request had invalid syntax");
284	break;
285	case OcspMalformedResponse:
286	errStr = QSslSocket::tr(s: "OCSP response contains an unexpected number of SingleResponse structures");
287	break;
288	case OcspInternalError:
289	errStr = QSslSocket::tr(s: "OCSP responder reached an inconsistent internal state");
290	break;
291	case OcspTryLater:
292	errStr = QSslSocket::tr(s: "OCSP responder was unable to return a status for the requested certificate");
293	break;
294	case OcspSigRequred:
295	errStr = QSslSocket::tr(s: "The server requires the client to sign the OCSP request in order to construct a response");
296	break;
297	case OcspUnauthorized:
298	errStr = QSslSocket::tr(s: "The client is not authorized to request OCSP status from this server");
299	break;
300	case OcspResponseCannotBeTrusted:
301	errStr = QSslSocket::tr(s: "OCSP responder's identity cannot be verified");
302	break;
303	case OcspResponseCertIdUnknown:
304	errStr = QSslSocket::tr(s: "The identity of a certificate in an OCSP response cannot be established");
305	break;
306	case OcspResponseExpired:
307	errStr = QSslSocket::tr(s: "The certificate status response has expired");
308	break;
309	case OcspStatusUnknown:
310	errStr = QSslSocket::tr(s: "The certificate's status is unknown");
311	break;
312	default:
313	errStr = QSslSocket::tr(s: "Unknown error");
314	break;
315	}
316
317	return errStr;
318	}
319
320	/!*
321	Returns the certificate associated with this error, or a null certificate
322	if the error does not relate to any certificate.
323
324	\sa error(), errorString()
325	*/
326	QSslCertificate QSslError::certificate() const
327	{
328	return d ->certificate;
329	}
330
331	/!*
332	Returns the hash value for the \a key, using \a seed to seed the calculation.
333	\since 5.4
334	\relates QHash
335	*/
336	size_t qHash(const QSslError &key, size_t seed) noexcept
337	{
338	QtPrivate::QHashCombine hash;
339	seed = hash (seed, key.error());
340	seed = hash (seed, key.certificate());
341	return seed;
342	}
343
344	#ifndef QT_NO_DEBUG_STREAM
345	//class QDebug;
346	QDebug operator<<(QDebug debug, const QSslError &error)
347	{
348	debug << error.errorString();
349	return debug;
350	}
351
352	QDebug print(QDebug debug, QSslError::SslError error)
353	{
354	debug << QSslError (error).errorString();
355	return debug;
356	}
357	#endif
358
359	QT_END_NAMESPACE
360
361	#include "moc_qsslerror.cpp"
362

source code of qtbase/src/network/ssl/qsslerror.cpp