diff options
Diffstat (limited to 'cast/sender/channel/cast_auth_util.cc')
-rw-r--r-- | cast/sender/channel/cast_auth_util.cc | 47 |
1 files changed, 31 insertions, 16 deletions
diff --git a/cast/sender/channel/cast_auth_util.cc b/cast/sender/channel/cast_auth_util.cc index f76a1dd8..6e9cf626 100644 --- a/cast/sender/channel/cast_auth_util.cc +++ b/cast/sender/channel/cast_auth_util.cc @@ -9,6 +9,7 @@ #include <algorithm> #include <memory> +#include "absl/strings/str_cat.h" #include "cast/common/certificate/cast_cert_validator.h" #include "cast/common/certificate/cast_cert_validator_internal.h" #include "cast/common/certificate/cast_crl.h" @@ -104,41 +105,55 @@ class CastNonce { std::chrono::seconds nonce_generation_time_; }; -// Maps Error::Code from certificate verification to Error. -// If crl_required is set to false, all revocation related errors are ignored. -Error MapToOpenscreenError(Error::Code error, bool crl_required) { - switch (error) { +// Maps an error from certificate verification to an error reported to the +// library client. If crl_required is set to false, all revocation related +// errors are ignored. +// +// TODO(https://issuetracker.google.com/issues/193164666): It would be simpler +// to just pass the underlying verification error directly to the client. +Error MapToOpenscreenError(Error verify_error, bool crl_required) { + switch (verify_error.code()) { case Error::Code::kErrCertsMissing: return Error(Error::Code::kCastV2PeerCertEmpty, - "Failed to locate certificates."); + absl::StrCat("Failed to locate certificates: ", + verify_error.message())); case Error::Code::kErrCertsParse: return Error(Error::Code::kErrCertsParse, - "Failed to parse certificates."); + absl::StrCat("Failed to parse certificates: ", + verify_error.message())); case Error::Code::kErrCertsDateInvalid: - return Error(Error::Code::kCastV2CertNotSignedByTrustedCa, - "Failed date validity check."); + return Error( + Error::Code::kCastV2CertNotSignedByTrustedCa, + absl::StrCat("Failed date validity check: ", verify_error.message())); case Error::Code::kErrCertsVerifyGeneric: - return Error(Error::Code::kCastV2CertNotSignedByTrustedCa, - "Failed with a generic certificate verification error."); + return Error( + Error::Code::kCastV2CertNotSignedByTrustedCa, + absl::StrCat("Failed with a generic certificate verification error: ", + verify_error.message())); case Error::Code::kErrCertsRestrictions: return Error(Error::Code::kCastV2CertNotSignedByTrustedCa, - "Failed certificate restrictions."); + absl::StrCat("Failed certificate restrictions: ", + verify_error.message())); case Error::Code::kErrCertsVerifyUntrustedCert: return Error(Error::Code::kCastV2CertNotSignedByTrustedCa, - "Failed with untrusted certificate."); + absl::StrCat("Failed with untrusted certificate: ", + verify_error.message())); case Error::Code::kErrCrlInvalid: // This error is only encountered if |crl_required| is true. OSP_DCHECK(crl_required); return Error(Error::Code::kErrCrlInvalid, - "Failed to provide a valid CRL."); + absl::StrCat("Failed to provide a valid CRL: ", + verify_error.message())); case Error::Code::kErrCertsRevoked: return Error(Error::Code::kErrCertsRevoked, - "Failed certificate revocation check."); + absl::StrCat("Failed certificate revocation check: ", + verify_error.message())); case Error::Code::kNone: return Error::None(); default: return Error(Error::Code::kCastV2CertNotSignedByTrustedCa, - "Failed verifying cast device certificate."); + absl::StrCat("Failed verifying cast device certificate: ", + verify_error.message())); } } @@ -355,7 +370,7 @@ ErrorOr<CastDeviceCertPolicy> VerifyCredentialsImpl( &device_policy, crl.get(), crl_policy, cast_trust_store); // Handle and report errors. - Error result = MapToOpenscreenError(verify_result.code(), + Error result = MapToOpenscreenError(verify_result, crl_policy == CRLPolicy::kCrlRequired); if (!result.ok()) { return result; |