Remove the externs for VerifyCertificateChain()'s errors.

These are not ready to be exposed as API yet, as the structure and types
of errors is still being adjusted.

They aren't needed for testing either, since it is using text
comparisons.

BUG=634443

Review-Url: https://codereview.chromium.org/2342973003
Cr-Commit-Position: refs/heads/master@{#419300}

net/cert/internal/verify_certificate_chain.cc

@@ -22,10 +22,40 @@
 
 namespace net {
 
-using namespace verify_certificate_chain_errors;
-
 namespace {
 
+// -----------------------------------------------
+// Errors/Warnings set by VerifyCertificateChain
+// -----------------------------------------------
+
+DEFINE_CERT_ERROR_ID(
+    kSignatureAlgorithmMismatch,
+    "Certificate.signatureAlgorithm != TBSCertificate.signature");
+DEFINE_CERT_ERROR_ID(kInvalidOrUnsupportedSignatureAlgorithm,
+                     "Invalid or unsupported signature algorithm");
+DEFINE_CERT_ERROR_ID(kChainIsEmpty, "Chain is empty");
+DEFINE_CERT_ERROR_ID(kUnconsumedCriticalExtension,
+                     "Unconsumed critical extension");
+DEFINE_CERT_ERROR_ID(
+    kTargetCertInconsistentCaBits,
+    "Target certificate looks like a CA but does not set all CA properties");
+DEFINE_CERT_ERROR_ID(kKeyCertSignBitNotSet, "keyCertSign bit is not set");
+DEFINE_CERT_ERROR_ID(kMaxPathLengthViolated, "max_path_length reached");
+DEFINE_CERT_ERROR_ID(kBasicConstraintsIndicatesNotCa,
+                     "Basic Constraints indicates not a CA");
+DEFINE_CERT_ERROR_ID(kMissingBasicConstraints,
+                     "Does not have Basic Constraints");
+DEFINE_CERT_ERROR_ID(kNotPermittedByNameConstraints,
+                     "Not permitted by name constraints");
+DEFINE_CERT_ERROR_ID(kSubjectDoesNotMatchIssuer,
+                     "subject does not match issuer");
+DEFINE_CERT_ERROR_ID(kVerifySignedDataFailed, "VerifySignedData failed");
+DEFINE_CERT_ERROR_ID(kValidityFailedNotAfter, "Time is after notAfter");
+DEFINE_CERT_ERROR_ID(kValidityFailedNotBefore, "Time is before notBefore");
+DEFINE_CERT_ERROR_ID(kSignatureAlgorithmsDifferentEncoding,
+                     "Certificate.signatureAlgorithm is encoded differently "
+                     "than TBSCertificate.signature");
+
 DEFINE_CERT_ERROR_ID(kContextTrustAnchor, "Processing Trust Anchor");
 DEFINE_CERT_ERROR_ID(kContextCertificate, "Processing Certificate");
 
@@ -593,36 +623,4 @@ bool VerifyCertificateChain(const ParsedCertificateList& certs,
   return true;
 }
 
-namespace verify_certificate_chain_errors {
-
-DEFINE_CERT_ERROR_ID(
-    kSignatureAlgorithmMismatch,
-    "Certificate.signatureAlgorithm != TBSCertificate.signature");
-DEFINE_CERT_ERROR_ID(kInvalidOrUnsupportedSignatureAlgorithm,
-                     "Invalid or unsupported signature algorithm");
-DEFINE_CERT_ERROR_ID(kChainIsEmpty, "Chain is empty");
-DEFINE_CERT_ERROR_ID(kUnconsumedCriticalExtension,
-                     "Unconsumed critical extension");
-DEFINE_CERT_ERROR_ID(
-    kTargetCertInconsistentCaBits,
-    "Target certificate looks like a CA but does not set all CA properties");
-DEFINE_CERT_ERROR_ID(kKeyCertSignBitNotSet, "keyCertSign bit is not set");
-DEFINE_CERT_ERROR_ID(kMaxPathLengthViolated, "max_path_length reached");
-DEFINE_CERT_ERROR_ID(kBasicConstraintsIndicatesNotCa,
-                     "Basic Constraints indicates not a CA");
-DEFINE_CERT_ERROR_ID(kMissingBasicConstraints,
-                     "Does not have Basic Constraints");
-DEFINE_CERT_ERROR_ID(kNotPermittedByNameConstraints,
-                     "Not permitted by name constraints");
-DEFINE_CERT_ERROR_ID(kSubjectDoesNotMatchIssuer,
-                     "subject does not match issuer");
-DEFINE_CERT_ERROR_ID(kVerifySignedDataFailed, "VerifySignedData failed");
-DEFINE_CERT_ERROR_ID(kValidityFailedNotAfter, "Time is after notAfter");
-DEFINE_CERT_ERROR_ID(kValidityFailedNotBefore, "Time is before notBefore");
-DEFINE_CERT_ERROR_ID(kSignatureAlgorithmsDifferentEncoding,
-                     "Certificate.signatureAlgorithm is encoded differently "
-                     "than TBSCertificate.signature");
-
-}  // verify_certificate_chain_errors
-
 }  // namespace net

net/cert/internal/verify_certificate_chain.h

@@ -75,31 +75,6 @@ NET_EXPORT bool VerifyCertificateChain(const ParsedCertificateList& certs,
                                        const der::GeneralizedTime& time,
                                        CertErrors* errors) WARN_UNUSED_RESULT;
 
-// -----------------------------------------------
-// Errors/Warnings set by VerifyCertificateChain
-// -----------------------------------------------
-
-namespace verify_certificate_chain_errors {
-
-// TODO(eroman): Document each of these and their parameters.
-extern CertErrorId kSignatureAlgorithmMismatch;
-extern CertErrorId kInvalidOrUnsupportedSignatureAlgorithm;
-extern CertErrorId kChainIsEmpty;
-extern CertErrorId kUnconsumedCriticalExtension;
-extern CertErrorId kTargetCertInconsistentCaBits;
-extern CertErrorId kKeyCertSignBitNotSet;
-extern CertErrorId kMaxPathLengthViolated;
-extern CertErrorId kBasicConstraintsIndicatesNotCa;
-extern CertErrorId kMissingBasicConstraints;
-extern CertErrorId kNotPermittedByNameConstraints;
-extern CertErrorId kSubjectDoesNotMatchIssuer;
-extern CertErrorId kVerifySignedDataFailed;
-extern CertErrorId kValidityFailedNotAfter;
-extern CertErrorId kValidityFailedNotBefore;
-extern CertErrorId kSignatureAlgorithmsDifferentEncoding;
-
-}  // namespace verify_certificate_chain_errors
-
 }  // namespace net
 
 #endif  // NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_