Don't export MapNetErrorToCertStatus from //net

CertStatus contains additional information than contained solely within a net::Error, and so converting from a Status -> Error -> Status loses that fidelity, even though it's "safe" to go Error -> Status -> Error. This also corrects a few unittest CertVerifiers flagged during review which have no functional impact. Bug: 618799 Change-Id: I6a098c70c2a870f4f9c22801f24d906a4faf04ba Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1879852Reviewed-by: Boris Sazonov <bsazonov@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Matt Mueller <mattm@chromium.org> Commit-Queue: Ryan Sleevi <rsleevi@chromium.org> Cr-Commit-Position: refs/heads/master@{#709467}

Don't export MapNetErrorToCertStatus from //net
CertStatus contains additional information than contained solely within a net::Error, and so converting from a Status -> Error -> Status loses that fidelity, even though it's "safe" to go Error -> Status -> Error. This also corrects a few unittest CertVerifiers flagged during review which have no functional impact. Bug: 618799 Change-Id: I6a098c70c2a870f4f9c22801f24d906a4faf04ba Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1879852Reviewed-by: Boris Sazonov <bsazonov@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Matt Mueller <mattm@chromium.org> Commit-Queue: Ryan Sleevi <rsleevi@chromium.org> Cr-Commit-Position: refs/heads/master@{#709467}
3f5ff3e9 · Ryan Sleevi · Commit Bot · 9ab9bdd9 · 3f5ff3e9 · 3f5ff3e9
Commit 3f5ff3e9 authored Oct 25, 2019 by Ryan Sleevi Committed by Commit Bot Oct 25, 2019
7 changed files
--- a/components/cronet/ios/Cronet.mm
+++ b/components/cronet/ios/Cronet.mm
@@ -80,11 +80,10 @@ class TestCertVerifier : public net::CertVerifier {
             net::CompletionOnceCallback callback,
             std::unique_ptr<Request>* out_req,
             const net::NetLogWithSource& net_log) override {
-    net::Error result = net::OK;
+    verify_result->Reset();
    verify_result->verified_cert = params.certificate();
-    verify_result->cert_status = net::MapNetErrorToCertStatus(result);
    verify_result->is_issued_by_known_root = true;
-    return result;
+    return net::OK;
  }
  void SetConfig(const Config& config) override {}
 };

--- a/components/cronet/native/test/test_util.cc
+++ b/components/cronet/native/test/test_util.cc
@@ -36,9 +36,9 @@ class TestCertVerifier : public net::MockCertVerifier {
             net::CompletionOnceCallback callback,
             std::unique_ptr<Request>* out_req,
             const net::NetLogWithSource& net_log) override {
+    verify_result->Reset();
    if (params.hostname() == "test.example.com") {
      verify_result->verified_cert = params.certificate();
-      verify_result->cert_status = MapNetErrorToCertStatus(net::OK);
      verify_result->is_issued_by_known_root = true;
      return net::OK;
    }

--- a/content/browser/web_package/signed_exchange_handler_unittest.cc
+++ b/content/browser/web_package/signed_exchange_handler_unittest.cc
@@ -136,6 +136,7 @@ class GMockCertVerifier : public net::CertVerifier {
             net::CompletionOnceCallback callback,
             std::unique_ptr<net::CertVerifier::Request>* out_req,
             const net::NetLogWithSource& net_log) override {
+    verify_result->Reset();
    return VerifyImpl(params, verify_result, out_req, net_log);
  }

--- a/google_apis/gcm/tools/mcs_probe.cc
+++ b/google_apis/gcm/tools/mcs_probe.cc
@@ -153,6 +153,8 @@ class MyTestCertVerifier : public net::CertVerifier {
             net::CompletionOnceCallback callback,
             std::unique_ptr<Request>* out_req,
             const net::NetLogWithSource& net_log) override {
+    verify_result->Reset();
+    verify_result->verified_cert = params.certificate();
    return net::OK;
  }
  void SetConfig(const Config& config) override {}

--- a/net/cert/cert_status_flags.h
+++ b/net/cert/cert_status_flags.h
@@ -30,9 +30,14 @@ static inline bool IsCertStatusError(CertStatus status) {
  return (CERT_STATUS_ALL_ERRORS & status) != 0;
 }
-// Maps a network error code to the equivalent certificate status flag.  If
+// Maps a network error code to the equivalent certificate status flag. If
 // the error code is not a certificate error, it is mapped to 0.
-NET_EXPORT CertStatus MapNetErrorToCertStatus(int error);
+// Note: It is not safe to go net::CertStatus -> net::Error -> net::CertStatus,
+// as the CertStatus contains more information. Conversely, going from
+// net::Error -> net::CertStatus -> net::Error is not a lossy function, for the
+// same reason.
+// To avoid incorrect use, this is only exported for unittest helpers.
+NET_EXPORT_PRIVATE CertStatus MapNetErrorToCertStatus(int error);
 // Maps the most serious certificate error in the certificate status flags
 // to the equivalent network error code.

--- a/net/quic/crypto/proof_verifier_chromium_test.cc
+++ b/net/quic/crypto/proof_verifier_chromium_test.cc
@@ -447,7 +447,7 @@ HashValueVector MakeHashValueVector(uint8_t tag) {
 }
 TEST_F(ProofVerifierChromiumTest, IsFatalErrorNotSetForNonFatalError) {
-  dummy_result_.cert_status = MapNetErrorToCertStatus(ERR_CERT_DATE_INVALID);
+  dummy_result_.cert_status = CERT_STATUS_DATE_INVALID;
  MockCertVerifier dummy_verifier;
  dummy_verifier.AddResultForCert(test_cert_.get(), dummy_result_,
@@ -471,7 +471,7 @@ TEST_F(ProofVerifierChromiumTest, IsFatalErrorNotSetForNonFatalError) {
 }
 TEST_F(ProofVerifierChromiumTest, IsFatalErrorSetForFatalError) {
-  dummy_result_.cert_status = MapNetErrorToCertStatus(ERR_CERT_DATE_INVALID);
+  dummy_result_.cert_status = CERT_STATUS_DATE_INVALID;
  MockCertVerifier dummy_verifier;
  dummy_verifier.AddResultForCert(test_cert_.get(), dummy_result_,

--- a/net/quic/quic_chromium_client_session_test.cc
+++ b/net/quic/quic_chromium_client_session_test.cc
@@ -305,8 +305,7 @@ TEST_P(QuicChromiumClientSessionTest, IsFatalErrorNotSetForNonFatalError) {
  ProofVerifyDetailsChromium details;
  details.cert_verify_result.verified_cert =
      ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem");
-  details.cert_verify_result.cert_status =
+  details.cert_verify_result.cert_status = CERT_STATUS_DATE_INVALID;
-      MapNetErrorToCertStatus(ERR_CERT_DATE_INVALID);
  details.is_fatal_cert_error = false;
  CompleteCryptoHandshake();
  session_->OnProofVerifyDetailsAvailable(details);
@@ -328,8 +327,7 @@ TEST_P(QuicChromiumClientSessionTest, IsFatalErrorSetForFatalError) {
  ProofVerifyDetailsChromium details;
  details.cert_verify_result.verified_cert =
      ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem");
-  details.cert_verify_result.cert_status =
+  details.cert_verify_result.cert_status = CERT_STATUS_DATE_INVALID;
-      MapNetErrorToCertStatus(ERR_CERT_DATE_INVALID);
  details.is_fatal_cert_error = true;
  CompleteCryptoHandshake();
  session_->OnProofVerifyDetailsAvailable(details);