/src/botan/src/lib/x509/cert_status.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * (C) 2016 Jack Lloyd |
3 | | * |
4 | | * Botan is released under the Simplified BSD License (see license.txt) |
5 | | */ |
6 | | |
7 | | #include <botan/pkix_enums.h> |
8 | | |
9 | | namespace Botan { |
10 | | |
11 | | const char* to_string(Certificate_Status_Code code) |
12 | 0 | { |
13 | 0 | switch(code) |
14 | 0 | { |
15 | 0 | case Certificate_Status_Code::VERIFIED: |
16 | 0 | return "Verified"; |
17 | 0 | case Certificate_Status_Code::OCSP_RESPONSE_GOOD: |
18 | 0 | return "OCSP response accepted as affirming unrevoked status for certificate"; |
19 | 0 | case Certificate_Status_Code::OCSP_SIGNATURE_OK: |
20 | 0 | return "Signature on OCSP response was found valid"; |
21 | 0 | case Certificate_Status_Code::VALID_CRL_CHECKED: |
22 | 0 | return "Valid CRL examined"; |
23 | | |
24 | 0 | case Certificate_Status_Code::CERT_SERIAL_NEGATIVE: |
25 | 0 | return "Certificate serial number is negative"; |
26 | 0 | case Certificate_Status_Code::DN_TOO_LONG: |
27 | 0 | return "Distinguished name too long"; |
28 | 0 | case Certificate_Status_Code::OCSP_NO_REVOCATION_URL: |
29 | 0 | return "OCSP URL not available"; |
30 | 0 | case Certificate_Status_Code::OCSP_SERVER_NOT_AVAILABLE: |
31 | 0 | return "OCSP server not available"; |
32 | 0 | case Certificate_Status_Code::OCSP_ISSUER_NOT_TRUSTED: |
33 | 0 | return "OCSP issuer is not trustworthy"; |
34 | | |
35 | 0 | case Certificate_Status_Code::NO_REVOCATION_DATA: |
36 | 0 | return "No revocation data"; |
37 | 0 | case Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK: |
38 | 0 | return "Signature method too weak"; |
39 | 0 | case Certificate_Status_Code::UNTRUSTED_HASH: |
40 | 0 | return "Hash function used is considered too weak for security"; |
41 | | |
42 | 0 | case Certificate_Status_Code::CERT_NOT_YET_VALID: |
43 | 0 | return "Certificate is not yet valid"; |
44 | 0 | case Certificate_Status_Code::CERT_HAS_EXPIRED: |
45 | 0 | return "Certificate has expired"; |
46 | 0 | case Certificate_Status_Code::OCSP_NOT_YET_VALID: |
47 | 0 | return "OCSP is not yet valid"; |
48 | 0 | case Certificate_Status_Code::OCSP_HAS_EXPIRED: |
49 | 0 | return "OCSP response has expired"; |
50 | 0 | case Certificate_Status_Code::OCSP_IS_TOO_OLD: |
51 | 0 | return "OCSP response is too old"; |
52 | 0 | case Certificate_Status_Code::CRL_NOT_YET_VALID: |
53 | 0 | return "CRL response is not yet valid"; |
54 | 0 | case Certificate_Status_Code::CRL_HAS_EXPIRED: |
55 | 0 | return "CRL has expired"; |
56 | | |
57 | 0 | case Certificate_Status_Code::CERT_ISSUER_NOT_FOUND: |
58 | 0 | return "Certificate issuer not found"; |
59 | 0 | case Certificate_Status_Code::CANNOT_ESTABLISH_TRUST: |
60 | 0 | return "Cannot establish trust"; |
61 | 0 | case Certificate_Status_Code::CERT_CHAIN_LOOP: |
62 | 0 | return "Loop in certificate chain"; |
63 | 0 | case Certificate_Status_Code::CHAIN_LACKS_TRUST_ROOT: |
64 | 0 | return "Certificate chain does not end in a CA certificate"; |
65 | 0 | case Certificate_Status_Code::CHAIN_NAME_MISMATCH: |
66 | 0 | return "Certificate issuer does not match subject of issuing cert"; |
67 | | |
68 | 0 | case Certificate_Status_Code::POLICY_ERROR: |
69 | 0 | return "Certificate policy error"; |
70 | 0 | case Certificate_Status_Code::DUPLICATE_CERT_POLICY: |
71 | 0 | return "Certificate contains duplicate policy"; |
72 | 0 | case Certificate_Status_Code::INVALID_USAGE: |
73 | 0 | return "Certificate does not allow the requested usage"; |
74 | 0 | case Certificate_Status_Code::CERT_CHAIN_TOO_LONG: |
75 | 0 | return "Certificate chain too long"; |
76 | 0 | case Certificate_Status_Code::CA_CERT_NOT_FOR_CERT_ISSUER: |
77 | 0 | return "CA certificate not allowed to issue certs"; |
78 | 0 | case Certificate_Status_Code::CA_CERT_NOT_FOR_CRL_ISSUER: |
79 | 0 | return "CA certificate not allowed to issue CRLs"; |
80 | 0 | case Certificate_Status_Code::NO_MATCHING_CRLDP: |
81 | 0 | return "No CRL with matching distribution point for certificate"; |
82 | 0 | case Certificate_Status_Code::OCSP_CERT_NOT_LISTED: |
83 | 0 | return "OCSP cert not listed"; |
84 | 0 | case Certificate_Status_Code::OCSP_BAD_STATUS: |
85 | 0 | return "OCSP bad status"; |
86 | 0 | case Certificate_Status_Code::CERT_NAME_NOMATCH: |
87 | 0 | return "Certificate does not match provided name"; |
88 | 0 | case Certificate_Status_Code::NAME_CONSTRAINT_ERROR: |
89 | 0 | return "Certificate does not pass name constraint"; |
90 | 0 | case Certificate_Status_Code::UNKNOWN_CRITICAL_EXTENSION: |
91 | 0 | return "Unknown critical extension encountered"; |
92 | 0 | case Certificate_Status_Code::DUPLICATE_CERT_EXTENSION: |
93 | 0 | return "Duplicate certificate extension encountered"; |
94 | 0 | case Certificate_Status_Code::EXT_IN_V1_V2_CERT: |
95 | 0 | return "Encountered extension in certificate with version that does not allow it"; |
96 | 0 | case Certificate_Status_Code::V2_IDENTIFIERS_IN_V1_CERT: |
97 | 0 | return "Encountered v2 identifiers in v1 certificate"; |
98 | 0 | case Certificate_Status_Code::OCSP_SIGNATURE_ERROR: |
99 | 0 | return "OCSP signature error"; |
100 | 0 | case Certificate_Status_Code::OCSP_ISSUER_NOT_FOUND: |
101 | 0 | return "Unable to find certificate issusing OCSP response"; |
102 | 0 | case Certificate_Status_Code::OCSP_RESPONSE_MISSING_KEYUSAGE: |
103 | 0 | return "OCSP issuer's keyusage prohibits OCSP"; |
104 | 0 | case Certificate_Status_Code::OCSP_RESPONSE_INVALID: |
105 | 0 | return "OCSP parsing valid"; |
106 | 0 | case Certificate_Status_Code::OCSP_NO_HTTP: |
107 | 0 | return "OCSP requests not available, no HTTP support compiled in"; |
108 | 0 | case Certificate_Status_Code::CERT_IS_REVOKED: |
109 | 0 | return "Certificate is revoked"; |
110 | 0 | case Certificate_Status_Code::CRL_BAD_SIGNATURE: |
111 | 0 | return "CRL bad signature"; |
112 | 0 | case Certificate_Status_Code::SIGNATURE_ERROR: |
113 | 0 | return "Signature error"; |
114 | 0 | case Certificate_Status_Code::CERT_PUBKEY_INVALID: |
115 | 0 | return "Certificate public key invalid"; |
116 | 0 | case Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN: |
117 | 0 | return "Certificate signed with unknown/unavailable algorithm"; |
118 | 0 | case Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS: |
119 | 0 | return "Certificate signature has invalid parameters"; |
120 | | |
121 | | // intentionally no default so we are warned if new enum values are added |
122 | 0 | } |
123 | | |
124 | 0 | return nullptr; |
125 | 0 | } |
126 | | |
127 | | } |