1// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "net/base/x509_certificate.h" 6 7#include <openssl/asn1.h> 8#include <openssl/crypto.h> 9#include <openssl/obj_mac.h> 10#include <openssl/pem.h> 11#include <openssl/pkcs7.h> 12#include <openssl/sha.h> 13#include <openssl/ssl.h> 14#include <openssl/x509v3.h> 15 16#include "base/memory/singleton.h" 17#include "base/pickle.h" 18#include "base/sha1.h" 19#include "base/string_number_conversions.h" 20#include "crypto/openssl_util.h" 21#include "net/base/asn1_util.h" 22#include "net/base/cert_status_flags.h" 23#include "net/base/cert_verify_result.h" 24#include "net/base/net_errors.h" 25#include "net/base/x509_openssl_util.h" 26 27namespace net { 28 29namespace nxou = net::x509_openssl_util; 30 31namespace { 32 33void CreateOSCertHandlesFromPKCS7Bytes( 34 const char* data, int length, 35 X509Certificate::OSCertHandles* handles) { 36 crypto::EnsureOpenSSLInit(); 37 const unsigned char* der_data = reinterpret_cast<const unsigned char*>(data); 38 crypto::ScopedOpenSSL<PKCS7, PKCS7_free> pkcs7_cert( 39 d2i_PKCS7(NULL, &der_data, length)); 40 if (!pkcs7_cert.get()) 41 return; 42 43 STACK_OF(X509)* certs = NULL; 44 int nid = OBJ_obj2nid(pkcs7_cert.get()->type); 45 if (nid == NID_pkcs7_signed) { 46 certs = pkcs7_cert.get()->d.sign->cert; 47 } else if (nid == NID_pkcs7_signedAndEnveloped) { 48 certs = pkcs7_cert.get()->d.signed_and_enveloped->cert; 49 } 50 51 if (certs) { 52 for (int i = 0; i < sk_X509_num(certs); ++i) { 53 X509* x509_cert = 54 X509Certificate::DupOSCertHandle(sk_X509_value(certs, i)); 55 handles->push_back(x509_cert); 56 } 57 } 58} 59 60void ParsePrincipalValues(X509_NAME* name, 61 int nid, 62 std::vector<std::string>* fields) { 63 for (int index = -1; 64 (index = X509_NAME_get_index_by_NID(name, nid, index)) != -1;) { 65 std::string field; 66 if (!nxou::ParsePrincipalValueByIndex(name, index, &field)) 67 break; 68 fields->push_back(field); 69 } 70} 71 72void ParsePrincipal(X509Certificate::OSCertHandle cert, 73 X509_NAME* x509_name, 74 CertPrincipal* principal) { 75 if (!x509_name) 76 return; 77 78 ParsePrincipalValues(x509_name, NID_streetAddress, 79 &principal->street_addresses); 80 ParsePrincipalValues(x509_name, NID_organizationName, 81 &principal->organization_names); 82 ParsePrincipalValues(x509_name, NID_organizationalUnitName, 83 &principal->organization_unit_names); 84 ParsePrincipalValues(x509_name, NID_domainComponent, 85 &principal->domain_components); 86 87 nxou::ParsePrincipalValueByNID(x509_name, NID_commonName, 88 &principal->common_name); 89 nxou::ParsePrincipalValueByNID(x509_name, NID_localityName, 90 &principal->locality_name); 91 nxou::ParsePrincipalValueByNID(x509_name, NID_stateOrProvinceName, 92 &principal->state_or_province_name); 93 nxou::ParsePrincipalValueByNID(x509_name, NID_countryName, 94 &principal->country_name); 95} 96 97void ParseSubjectAltNames(X509Certificate::OSCertHandle cert, 98 std::vector<std::string>* dns_names) { 99 int index = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1); 100 X509_EXTENSION* alt_name_ext = X509_get_ext(cert, index); 101 if (!alt_name_ext) 102 return; 103 104 crypto::ScopedOpenSSL<GENERAL_NAMES, GENERAL_NAMES_free> alt_names( 105 reinterpret_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(alt_name_ext))); 106 if (!alt_names.get()) 107 return; 108 109 for (int i = 0; i < sk_GENERAL_NAME_num(alt_names.get()); ++i) { 110 const GENERAL_NAME* name = sk_GENERAL_NAME_value(alt_names.get(), i); 111 if (name->type == GEN_DNS) { 112 unsigned char* dns_name = ASN1_STRING_data(name->d.dNSName); 113 if (!dns_name) 114 continue; 115 int dns_name_len = ASN1_STRING_length(name->d.dNSName); 116 dns_names->push_back( 117 std::string(reinterpret_cast<char*>(dns_name), dns_name_len)); 118 } 119 } 120} 121 122// Maps X509_STORE_CTX_get_error() return values to our cert status flags. 123int MapCertErrorToCertStatus(int err) { 124 switch (err) { 125 case X509_V_ERR_SUBJECT_ISSUER_MISMATCH: 126 return CERT_STATUS_COMMON_NAME_INVALID; 127 case X509_V_ERR_CERT_NOT_YET_VALID: 128 case X509_V_ERR_CERT_HAS_EXPIRED: 129 case X509_V_ERR_CRL_NOT_YET_VALID: 130 case X509_V_ERR_CRL_HAS_EXPIRED: 131 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 132 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 133 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: 134 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: 135 return CERT_STATUS_DATE_INVALID; 136 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 137 case X509_V_ERR_UNABLE_TO_GET_CRL: 138 case X509_V_ERR_INVALID_CA: 139 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: 140 case X509_V_ERR_INVALID_NON_CA: 141 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 142 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: 143 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: 144 return CERT_STATUS_AUTHORITY_INVALID; 145#if 0 146// TODO(bulach): what should we map to these status? 147 return CERT_STATUS_NO_REVOCATION_MECHANISM; 148 return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; 149 return CERT_STATUS_NOT_IN_DNS; 150#endif 151 case X509_V_ERR_CERT_REVOKED: 152 return CERT_STATUS_REVOKED; 153 case X509_V_ERR_KEYUSAGE_NO_CERTSIGN: 154 return CERT_STATUS_WEAK_SIGNATURE_ALGORITHM; 155 // All these status are mapped to CERT_STATUS_INVALID. 156 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: 157 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: 158 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: 159 case X509_V_ERR_CERT_SIGNATURE_FAILURE: 160 case X509_V_ERR_CRL_SIGNATURE_FAILURE: 161 case X509_V_ERR_OUT_OF_MEM: 162 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: 163 case X509_V_ERR_CERT_CHAIN_TOO_LONG: 164 case X509_V_ERR_PATH_LENGTH_EXCEEDED: 165 case X509_V_ERR_INVALID_PURPOSE: 166 case X509_V_ERR_CERT_UNTRUSTED: 167 case X509_V_ERR_CERT_REJECTED: 168 case X509_V_ERR_AKID_SKID_MISMATCH: 169 case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: 170 case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: 171 case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: 172 case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: 173 case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: 174 case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: 175 case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: 176 case X509_V_ERR_INVALID_EXTENSION: 177 case X509_V_ERR_INVALID_POLICY_EXTENSION: 178 case X509_V_ERR_NO_EXPLICIT_POLICY: 179 case X509_V_ERR_UNNESTED_RESOURCE: 180 case X509_V_ERR_APPLICATION_VERIFICATION: 181 return CERT_STATUS_INVALID; 182 default: 183 NOTREACHED() << "Invalid X509 err " << err; 184 return CERT_STATUS_INVALID; 185 } 186} 187 188// sk_X509_free is a function-style macro, so can't be used as a template 189// param directly. 190void sk_X509_free_fn(STACK_OF(X509)* st) { 191 sk_X509_free(st); 192} 193 194struct DERCache { 195 unsigned char* data; 196 int data_length; 197}; 198 199void DERCache_free(void* parent, void* ptr, CRYPTO_EX_DATA* ad, int idx, 200 long argl, void* argp) { 201 DERCache* der_cache = static_cast<DERCache*>(ptr); 202 if (!der_cache) 203 return; 204 if (der_cache->data) 205 OPENSSL_free(der_cache->data); 206 OPENSSL_free(der_cache); 207} 208 209class X509InitSingleton { 210 public: 211 static X509InitSingleton* GetInstance() { 212 // We allow the X509 store to leak, because it is used from a non-joinable 213 // worker that is not stopped on shutdown, hence may still be using 214 // OpenSSL library after the AtExit runner has completed. 215 return Singleton<X509InitSingleton, 216 LeakySingletonTraits<X509InitSingleton> >::get(); 217 } 218 int der_cache_ex_index() const { return der_cache_ex_index_; } 219 X509_STORE* store() const { return store_.get(); } 220 221 void ResetCertStore() { 222 store_.reset(X509_STORE_new()); 223 DCHECK(store_.get()); 224 X509_STORE_set_default_paths(store_.get()); 225 // TODO(joth): Enable CRL (see X509_STORE_set_flags(X509_V_FLAG_CRL_CHECK)). 226 } 227 228 private: 229 friend struct DefaultSingletonTraits<X509InitSingleton>; 230 X509InitSingleton() { 231 crypto::EnsureOpenSSLInit(); 232 der_cache_ex_index_ = X509_get_ex_new_index(0, 0, 0, 0, DERCache_free); 233 DCHECK_NE(der_cache_ex_index_, -1); 234 ResetCertStore(); 235 } 236 237 int der_cache_ex_index_; 238 crypto::ScopedOpenSSL<X509_STORE, X509_STORE_free> store_; 239 240 DISALLOW_COPY_AND_ASSIGN(X509InitSingleton); 241}; 242 243// Takes ownership of |data| (which must have been allocated by OpenSSL). 244DERCache* SetDERCache(X509Certificate::OSCertHandle cert, 245 int x509_der_cache_index, 246 unsigned char* data, 247 int data_length) { 248 DERCache* internal_cache = static_cast<DERCache*>( 249 OPENSSL_malloc(sizeof(*internal_cache))); 250 if (!internal_cache) { 251 // We took ownership of |data|, so we must free if we can't add it to 252 // |cert|. 253 OPENSSL_free(data); 254 return NULL; 255 } 256 257 internal_cache->data = data; 258 internal_cache->data_length = data_length; 259 X509_set_ex_data(cert, x509_der_cache_index, internal_cache); 260 return internal_cache; 261} 262 263// Returns true if |der_cache| points to valid data, false otherwise. 264// (note: the DER-encoded data in |der_cache| is owned by |cert|, callers should 265// not free it). 266bool GetDERAndCacheIfNeeded(X509Certificate::OSCertHandle cert, 267 DERCache* der_cache) { 268 int x509_der_cache_index = 269 X509InitSingleton::GetInstance()->der_cache_ex_index(); 270 271 // Re-encoding the DER data via i2d_X509 is an expensive operation, but it's 272 // necessary for comparing two certificates. We re-encode at most once per 273 // certificate and cache the data within the X509 cert using X509_set_ex_data. 274 DERCache* internal_cache = static_cast<DERCache*>( 275 X509_get_ex_data(cert, x509_der_cache_index)); 276 if (!internal_cache) { 277 unsigned char* data = NULL; 278 int data_length = i2d_X509(cert, &data); 279 if (data_length <= 0 || !data) 280 return false; 281 internal_cache = SetDERCache(cert, x509_der_cache_index, data, data_length); 282 if (!internal_cache) 283 return false; 284 } 285 *der_cache = *internal_cache; 286 return true; 287} 288 289} // namespace 290 291// static 292X509Certificate::OSCertHandle X509Certificate::DupOSCertHandle( 293 OSCertHandle cert_handle) { 294 DCHECK(cert_handle); 295 // Using X509_dup causes the entire certificate to be reparsed. This 296 // conversion, besides being non-trivial, drops any associated 297 // application-specific data set by X509_set_ex_data. Using CRYPTO_add 298 // just bumps up the ref-count for the cert, without causing any allocations 299 // or deallocations. 300 CRYPTO_add(&cert_handle->references, 1, CRYPTO_LOCK_X509); 301 return cert_handle; 302} 303 304// static 305void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { 306 // Decrement the ref-count for the cert and, if all references are gone, 307 // free the memory and any application-specific data associated with the 308 // certificate. 309 X509_free(cert_handle); 310} 311 312void X509Certificate::Initialize() { 313 crypto::EnsureOpenSSLInit(); 314 fingerprint_ = CalculateFingerprint(cert_handle_); 315 316 ASN1_INTEGER* num = X509_get_serialNumber(cert_handle_); 317 if (num) { 318 serial_number_ = std::string( 319 reinterpret_cast<char*>(num->data), 320 num->length); 321 // Remove leading zeros. 322 while (serial_number_.size() > 1 && serial_number_[0] == 0) 323 serial_number_ = serial_number_.substr(1, serial_number_.size() - 1); 324 } 325 326 ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_); 327 ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_), &issuer_); 328 nxou::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_); 329 nxou::ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_); 330} 331 332// static 333void X509Certificate::ResetCertStore() { 334 X509InitSingleton::GetInstance()->ResetCertStore(); 335} 336 337SHA1Fingerprint X509Certificate::CalculateFingerprint(OSCertHandle cert) { 338 SHA1Fingerprint sha1; 339 unsigned int sha1_size = static_cast<unsigned int>(sizeof(sha1.data)); 340 int ret = X509_digest(cert, EVP_sha1(), sha1.data, &sha1_size); 341 CHECK(ret); 342 CHECK_EQ(sha1_size, sizeof(sha1.data)); 343 return sha1; 344} 345 346// static 347X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( 348 const char* data, int length) { 349 if (length < 0) 350 return NULL; 351 crypto::EnsureOpenSSLInit(); 352 const unsigned char* d2i_data = 353 reinterpret_cast<const unsigned char*>(data); 354 // Don't cache this data via SetDERCache as this wire format may be not be 355 // identical from the i2d_X509 roundtrip. 356 X509* cert = d2i_X509(NULL, &d2i_data, length); 357 return cert; 358} 359 360// static 361X509Certificate::OSCertHandles X509Certificate::CreateOSCertHandlesFromBytes( 362 const char* data, int length, Format format) { 363 OSCertHandles results; 364 if (length < 0) 365 return results; 366 367 switch (format) { 368 case FORMAT_SINGLE_CERTIFICATE: { 369 OSCertHandle handle = CreateOSCertHandleFromBytes(data, length); 370 if (handle) 371 results.push_back(handle); 372 break; 373 } 374 case FORMAT_PKCS7: { 375 CreateOSCertHandlesFromPKCS7Bytes(data, length, &results); 376 break; 377 } 378 default: { 379 NOTREACHED() << "Certificate format " << format << " unimplemented"; 380 break; 381 } 382 } 383 384 return results; 385} 386 387// static 388X509Certificate* X509Certificate::CreateSelfSigned( 389 crypto::RSAPrivateKey* key, 390 const std::string& subject, 391 uint32 serial_number, 392 base::TimeDelta valid_duration) { 393 // TODO(port): Implement. 394 return NULL; 395} 396 397void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { 398 dns_names->clear(); 399 400 ParseSubjectAltNames(cert_handle_, dns_names); 401 402 if (dns_names->empty()) 403 dns_names->push_back(subject_.common_name); 404} 405 406// static 407X509_STORE* X509Certificate::cert_store() { 408 return X509InitSingleton::GetInstance()->store(); 409} 410 411#ifndef ANDROID 412int X509Certificate::Verify(const std::string& hostname, 413 int flags, 414 CertVerifyResult* verify_result) const { 415 verify_result->Reset(); 416 417 if (IsBlacklisted()) { 418 verify_result->cert_status |= CERT_STATUS_REVOKED; 419 return ERR_CERT_REVOKED; 420 } 421 422 // TODO(joth): We should fetch the subjectAltNames directly rather than via 423 // GetDNSNames, so we can apply special handling for IP addresses vs DNS 424 // names, etc. See http://crbug.com/62973. 425 std::vector<std::string> cert_names; 426 GetDNSNames(&cert_names); 427 if (!VerifyHostname(hostname, cert_names)) 428 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; 429 430 crypto::ScopedOpenSSL<X509_STORE_CTX, X509_STORE_CTX_free> ctx( 431 X509_STORE_CTX_new()); 432 433 crypto::ScopedOpenSSL<STACK_OF(X509), sk_X509_free_fn> intermediates( 434 sk_X509_new_null()); 435 if (!intermediates.get()) 436 return ERR_OUT_OF_MEMORY; 437 438 for (OSCertHandles::const_iterator it = intermediate_ca_certs_.begin(); 439 it != intermediate_ca_certs_.end(); ++it) { 440 if (!sk_X509_push(intermediates.get(), *it)) 441 return ERR_OUT_OF_MEMORY; 442 } 443 int rv = X509_STORE_CTX_init(ctx.get(), cert_store(), 444 cert_handle_, intermediates.get()); 445 CHECK_EQ(1, rv); 446 447 if (X509_verify_cert(ctx.get()) != 1) { 448 int x509_error = X509_STORE_CTX_get_error(ctx.get()); 449 int cert_status = MapCertErrorToCertStatus(x509_error); 450 LOG(ERROR) << "X509 Verification error " 451 << X509_verify_cert_error_string(x509_error) 452 << " : " << x509_error 453 << " : " << X509_STORE_CTX_get_error_depth(ctx.get()) 454 << " : " << cert_status; 455 verify_result->cert_status |= cert_status; 456 } 457 458 if (IsCertStatusError(verify_result->cert_status)) 459 return MapCertStatusToNetError(verify_result->cert_status); 460 461 STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(ctx.get()); 462 for (int i = 0; i < sk_X509_num(chain); ++i) { 463 X509* cert = sk_X509_value(chain, i); 464 DERCache der_cache; 465 if (!GetDERAndCacheIfNeeded(cert, &der_cache)) 466 continue; 467 468 base::StringPiece der_bytes(reinterpret_cast<const char*>(der_cache.data), 469 der_cache.data_length); 470 base::StringPiece spki_bytes; 471 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) 472 continue; 473 474 SHA1Fingerprint hash; 475 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spki_bytes.data()), 476 spki_bytes.size(), hash.data); 477 verify_result->public_key_hashes.push_back(hash); 478 } 479 480 if (IsPublicKeyBlacklisted(verify_result->public_key_hashes)) { 481 verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID; 482 return MapCertStatusToNetError(verify_result->cert_status); 483 } 484 485 // Currently we only ues OpenSSL's default root CA paths, so treat all 486 // correctly verified certs as being from a known root. TODO(joth): if the 487 // motivations described in http://src.chromium.org/viewvc/chrome?view=rev&revision=80778 488 // become an issue on OpenSSL builds, we will need to embed a hardcoded list 489 // of well known root CAs, as per the _mac and _win versions. 490 verify_result->is_issued_by_known_root = true; 491 492 return OK; 493} 494 495bool X509Certificate::GetDEREncoded(std::string* encoded) { 496 DERCache der_cache; 497 if (!GetDERAndCacheIfNeeded(cert_handle_, &der_cache)) 498 return false; 499 encoded->assign(reinterpret_cast<const char*>(der_cache.data), 500 der_cache.data_length); 501 return true; 502} 503#endif 504 505// static 506bool X509Certificate::IsSameOSCert(X509Certificate::OSCertHandle a, 507 X509Certificate::OSCertHandle b) { 508 DCHECK(a && b); 509 if (a == b) 510 return true; 511 512 // X509_cmp only checks the fingerprint, but we want to compare the whole 513 // DER data. Encoding it from OSCertHandle is an expensive operation, so we 514 // cache the DER (if not already cached via X509_set_ex_data). 515 DERCache der_cache_a, der_cache_b; 516 517 return GetDERAndCacheIfNeeded(a, &der_cache_a) && 518 GetDERAndCacheIfNeeded(b, &der_cache_b) && 519 der_cache_a.data_length == der_cache_b.data_length && 520 memcmp(der_cache_a.data, der_cache_b.data, der_cache_a.data_length) == 0; 521} 522 523// static 524X509Certificate::OSCertHandle 525X509Certificate::ReadCertHandleFromPickle(const Pickle& pickle, 526 void** pickle_iter) { 527 const char* data; 528 int length; 529 if (!pickle.ReadData(pickle_iter, &data, &length)) 530 return NULL; 531 532 return CreateOSCertHandleFromBytes(data, length); 533} 534 535// static 536bool X509Certificate::WriteCertHandleToPickle(OSCertHandle cert_handle, 537 Pickle* pickle) { 538 DERCache der_cache; 539 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache)) 540 return false; 541 542 return pickle->WriteData( 543 reinterpret_cast<const char*>(der_cache.data), 544 der_cache.data_length); 545} 546 547#if defined(ANDROID) 548// static 549std::string X509Certificate::GetDEREncodedBytes(OSCertHandle handle) { 550 DERCache der_cache = {0}; 551 GetDERAndCacheIfNeeded(handle, &der_cache); 552 return std::string(reinterpret_cast<const char*>(der_cache.data), 553 der_cache.data_length); 554} 555#endif 556 557#if defined(ANDROID) 558void X509Certificate::GetChainDEREncodedBytes( 559 std::vector<std::string>* chain_bytes) const { 560 OSCertHandles cert_handles(intermediate_ca_certs_); 561 // Make sure the peer's own cert is the first in the chain, if it's not 562 // already there. 563 if (cert_handles.empty() || cert_handles[0] != cert_handle_) 564 cert_handles.insert(cert_handles.begin(), cert_handle_); 565 566 chain_bytes->reserve(cert_handles.size()); 567 for (OSCertHandles::const_iterator it = cert_handles.begin(); 568 it != cert_handles.end(); ++it) { 569 DERCache der_cache = {0}; 570 GetDERAndCacheIfNeeded(*it, &der_cache); 571 std::string cert_bytes = std::string( 572 reinterpret_cast<const char*>(der_cache.data), der_cache.data_length); 573 chain_bytes->push_back(cert_bytes); 574 } 575} 576#endif 577 578} // namespace net 579