Coverage Report

Created: 2020-11-21 08:34

/src/botan/src/lib/x509/cert_status.cpp
Line
Count
Source (jump to first uncovered line)
1
/*
2
* (C) 2016 Jack Lloyd
3
*
4
* Botan is released under the Simplified BSD License (see license.txt)
5
*/
6
7
#include <botan/pkix_enums.h>
8
9
namespace Botan {
10
11
const char* to_string(Certificate_Status_Code code)
12
526
   {
13
526
   switch(code)
14
526
      {
15
0
      case Certificate_Status_Code::VERIFIED:
16
0
         return "Verified";
17
0
      case Certificate_Status_Code::OCSP_RESPONSE_GOOD:
18
0
         return "OCSP response accepted as affirming unrevoked status for certificate";
19
0
      case Certificate_Status_Code::OCSP_SIGNATURE_OK:
20
0
         return "Signature on OCSP response was found valid";
21
0
      case Certificate_Status_Code::VALID_CRL_CHECKED:
22
0
         return "Valid CRL examined";
23
24
0
      case Certificate_Status_Code::CERT_SERIAL_NEGATIVE:
25
0
         return "Certificate serial number is negative";
26
0
      case Certificate_Status_Code::DN_TOO_LONG:
27
0
         return "Distinguished name too long";
28
0
      case Certificate_Status_Code::OCSP_NO_REVOCATION_URL:
29
0
         return "OCSP URL not available";
30
0
      case Certificate_Status_Code::OCSP_SERVER_NOT_AVAILABLE:
31
0
         return "OCSP server not available";
32
33
0
      case Certificate_Status_Code::NO_REVOCATION_DATA:
34
0
         return "No revocation data";
35
0
      case Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK:
36
0
         return "Signature method too weak";
37
0
      case Certificate_Status_Code::UNTRUSTED_HASH:
38
0
         return "Hash function used is considered too weak for security";
39
40
0
      case Certificate_Status_Code::CERT_NOT_YET_VALID:
41
0
         return "Certificate is not yet valid";
42
0
      case Certificate_Status_Code::CERT_HAS_EXPIRED:
43
0
         return "Certificate has expired";
44
0
      case Certificate_Status_Code::OCSP_NOT_YET_VALID:
45
0
         return "OCSP is not yet valid";
46
0
      case Certificate_Status_Code::OCSP_HAS_EXPIRED:
47
0
         return "OCSP response has expired";
48
0
      case Certificate_Status_Code::OCSP_IS_TOO_OLD:
49
0
         return "OCSP response is too old";
50
0
      case Certificate_Status_Code::CRL_NOT_YET_VALID:
51
0
         return "CRL response is not yet valid";
52
0
      case Certificate_Status_Code::CRL_HAS_EXPIRED:
53
0
         return "CRL has expired";
54
55
415
      case Certificate_Status_Code::CERT_ISSUER_NOT_FOUND:
56
415
         return "Certificate issuer not found";
57
25
      case Certificate_Status_Code::CANNOT_ESTABLISH_TRUST:
58
25
         return "Cannot establish trust";
59
86
      case Certificate_Status_Code::CERT_CHAIN_LOOP:
60
86
         return "Loop in certificate chain";
61
0
      case Certificate_Status_Code::CHAIN_LACKS_TRUST_ROOT:
62
0
         return "Certificate chain does not end in a CA certificate";
63
0
      case Certificate_Status_Code::CHAIN_NAME_MISMATCH:
64
0
         return "Certificate issuer does not match subject of issuing cert";
65
66
0
      case Certificate_Status_Code::POLICY_ERROR:
67
0
         return "Certificate policy error";
68
0
      case Certificate_Status_Code::DUPLICATE_CERT_POLICY:
69
0
         return "Certificate contains duplicate policy";
70
0
      case Certificate_Status_Code::INVALID_USAGE:
71
0
         return "Certificate does not allow the requested usage";
72
0
      case Certificate_Status_Code::CERT_CHAIN_TOO_LONG:
73
0
         return "Certificate chain too long";
74
0
      case Certificate_Status_Code::CA_CERT_NOT_FOR_CERT_ISSUER:
75
0
         return "CA certificate not allowed to issue certs";
76
0
      case Certificate_Status_Code::CA_CERT_NOT_FOR_CRL_ISSUER:
77
0
         return "CA certificate not allowed to issue CRLs";
78
0
      case Certificate_Status_Code::NO_MATCHING_CRLDP:
79
0
         return "No CRL with matching distribution point for certificate";
80
0
      case Certificate_Status_Code::OCSP_CERT_NOT_LISTED:
81
0
         return "OCSP cert not listed";
82
0
      case Certificate_Status_Code::OCSP_BAD_STATUS:
83
0
         return "OCSP bad status";
84
0
      case Certificate_Status_Code::CERT_NAME_NOMATCH:
85
0
         return "Certificate does not match provided name";
86
0
      case Certificate_Status_Code::NAME_CONSTRAINT_ERROR:
87
0
         return "Certificate does not pass name constraint";
88
0
      case Certificate_Status_Code::UNKNOWN_CRITICAL_EXTENSION:
89
0
         return "Unknown critical extension encountered";
90
0
      case Certificate_Status_Code::DUPLICATE_CERT_EXTENSION:
91
0
         return "Duplicate certificate extension encountered";
92
0
      case Certificate_Status_Code::EXT_IN_V1_V2_CERT:
93
0
         return "Encountered extension in certificate with version that does not allow it";
94
0
      case Certificate_Status_Code::V2_IDENTIFIERS_IN_V1_CERT:
95
0
         return "Encountered v2 identifiers in v1 certificate";
96
0
      case Certificate_Status_Code::OCSP_SIGNATURE_ERROR:
97
0
         return "OCSP signature error";
98
0
      case Certificate_Status_Code::OCSP_ISSUER_NOT_FOUND:
99
0
         return "Unable to find certificate issusing OCSP response";
100
0
      case Certificate_Status_Code::OCSP_RESPONSE_MISSING_KEYUSAGE:
101
0
         return "OCSP issuer's keyusage prohibits OCSP";
102
0
      case Certificate_Status_Code::OCSP_RESPONSE_INVALID:
103
0
         return "OCSP parsing valid";
104
0
      case Certificate_Status_Code::OCSP_NO_HTTP:
105
0
         return "OCSP requests not available, no HTTP support compiled in";
106
0
      case Certificate_Status_Code::CERT_IS_REVOKED:
107
0
         return "Certificate is revoked";
108
0
      case Certificate_Status_Code::CRL_BAD_SIGNATURE:
109
0
         return "CRL bad signature";
110
0
      case Certificate_Status_Code::SIGNATURE_ERROR:
111
0
         return "Signature error";
112
0
      case Certificate_Status_Code::CERT_PUBKEY_INVALID:
113
0
         return "Certificate public key invalid";
114
0
      case Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN:
115
0
         return "Certificate signed with unknown/unavailable algorithm";
116
0
      case Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS:
117
0
         return "Certificate signature has invalid parameters";
118
119
      // intentionally no default so we are warned if new enum values are added
120
0
      }
121
122
0
   return nullptr;
123
0
   }
124
125
}