diff options
author | mark a. foltz <mfoltz@chromium.org> | 2021-07-08 13:24:29 -0700 |
---|---|---|
committer | Openscreen LUCI CQ <openscreen-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2021-07-09 20:10:00 +0000 |
commit | c493f7233e12569bbd6186c387b132e274a27d51 (patch) | |
tree | 7a695b062fbfa6ff115683dcddd7f7140c8b8a5e /cast/sender | |
parent | 6c8b744d97aa6c8c7de0f9a3e3098d09e833c2e2 (diff) | |
download | openscreen-c493f7233e12569bbd6186c387b132e274a27d51.tar.gz |
[Open Screen] Capture error messages in cast_auth_util_internal.cc.
This converts DVLOGs which were removed in 3001340 to messages passed
along with the Error object returned by functions in
cast_auth_util_internal.cc. It then propagates the messages via the
wrapped Error returned by VerifyCredentialsImpl().
Bug: b/159172782
Change-Id: I2a2b801aeaec71648ff195f7e917d40574ae05f8
Reviewed-on: https://chromium-review.googlesource.com/c/openscreen/+/3012114
Commit-Queue: mark a. foltz <mfoltz@chromium.org>
Reviewed-by: Jordan Bayles <jophba@chromium.org>
Diffstat (limited to 'cast/sender')
-rw-r--r-- | cast/sender/BUILD.gn | 5 | ||||
-rw-r--r-- | cast/sender/channel/cast_auth_util.cc | 47 |
2 files changed, 33 insertions, 19 deletions
diff --git a/cast/sender/BUILD.gn b/cast/sender/BUILD.gn index ae17f7cf..09e39453 100644 --- a/cast/sender/BUILD.gn +++ b/cast/sender/BUILD.gn @@ -13,6 +13,7 @@ source_set("channel") { ] deps = [ + "../../third_party/abseil", "../common:channel", "../common/certificate/proto:certificate_proto", "../common/channel/proto:channel_proto", @@ -65,9 +66,7 @@ source_set("test_helpers") { "../receiver:channel", ] - public_deps = [ - ":channel", - ] + public_deps = [ ":channel" ] } source_set("unittests") { diff --git a/cast/sender/channel/cast_auth_util.cc b/cast/sender/channel/cast_auth_util.cc index f76a1dd8..6e9cf626 100644 --- a/cast/sender/channel/cast_auth_util.cc +++ b/cast/sender/channel/cast_auth_util.cc @@ -9,6 +9,7 @@ #include <algorithm> #include <memory> +#include "absl/strings/str_cat.h" #include "cast/common/certificate/cast_cert_validator.h" #include "cast/common/certificate/cast_cert_validator_internal.h" #include "cast/common/certificate/cast_crl.h" @@ -104,41 +105,55 @@ class CastNonce { std::chrono::seconds nonce_generation_time_; }; -// Maps Error::Code from certificate verification to Error. -// If crl_required is set to false, all revocation related errors are ignored. -Error MapToOpenscreenError(Error::Code error, bool crl_required) { - switch (error) { +// Maps an error from certificate verification to an error reported to the +// library client. If crl_required is set to false, all revocation related +// errors are ignored. +// +// TODO(https://issuetracker.google.com/issues/193164666): It would be simpler +// to just pass the underlying verification error directly to the client. +Error MapToOpenscreenError(Error verify_error, bool crl_required) { + switch (verify_error.code()) { case Error::Code::kErrCertsMissing: return Error(Error::Code::kCastV2PeerCertEmpty, - "Failed to locate certificates."); + absl::StrCat("Failed to locate certificates: ", + verify_error.message())); case Error::Code::kErrCertsParse: return Error(Error::Code::kErrCertsParse, - "Failed to parse certificates."); + absl::StrCat("Failed to parse certificates: ", + verify_error.message())); case Error::Code::kErrCertsDateInvalid: - return Error(Error::Code::kCastV2CertNotSignedByTrustedCa, - "Failed date validity check."); + return Error( + Error::Code::kCastV2CertNotSignedByTrustedCa, + absl::StrCat("Failed date validity check: ", verify_error.message())); case Error::Code::kErrCertsVerifyGeneric: - return Error(Error::Code::kCastV2CertNotSignedByTrustedCa, - "Failed with a generic certificate verification error."); + return Error( + Error::Code::kCastV2CertNotSignedByTrustedCa, + absl::StrCat("Failed with a generic certificate verification error: ", + verify_error.message())); case Error::Code::kErrCertsRestrictions: return Error(Error::Code::kCastV2CertNotSignedByTrustedCa, - "Failed certificate restrictions."); + absl::StrCat("Failed certificate restrictions: ", + verify_error.message())); case Error::Code::kErrCertsVerifyUntrustedCert: return Error(Error::Code::kCastV2CertNotSignedByTrustedCa, - "Failed with untrusted certificate."); + absl::StrCat("Failed with untrusted certificate: ", + verify_error.message())); case Error::Code::kErrCrlInvalid: // This error is only encountered if |crl_required| is true. OSP_DCHECK(crl_required); return Error(Error::Code::kErrCrlInvalid, - "Failed to provide a valid CRL."); + absl::StrCat("Failed to provide a valid CRL: ", + verify_error.message())); case Error::Code::kErrCertsRevoked: return Error(Error::Code::kErrCertsRevoked, - "Failed certificate revocation check."); + absl::StrCat("Failed certificate revocation check: ", + verify_error.message())); case Error::Code::kNone: return Error::None(); default: return Error(Error::Code::kCastV2CertNotSignedByTrustedCa, - "Failed verifying cast device certificate."); + absl::StrCat("Failed verifying cast device certificate: ", + verify_error.message())); } } @@ -355,7 +370,7 @@ ErrorOr<CastDeviceCertPolicy> VerifyCredentialsImpl( &device_policy, crl.get(), crl_policy, cast_trust_store); // Handle and report errors. - Error result = MapToOpenscreenError(verify_result.code(), + Error result = MapToOpenscreenError(verify_result, crl_policy == CRLPolicy::kCrlRequired); if (!result.ok()) { return result; |