1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "net/cert/x509_certificate.h" 6 7#include <openssl/asn1.h> 8#include <openssl/crypto.h> 9#include <openssl/obj_mac.h> 10#include <openssl/pem.h> 11#include <openssl/pkcs7.h> 12#include <openssl/sha.h> 13#include <openssl/ssl.h> 14#include <openssl/x509v3.h> 15 16#include "base/memory/singleton.h" 17#include "base/pickle.h" 18#include "base/sha1.h" 19#include "base/strings/string_number_conversions.h" 20#include "base/strings/string_util.h" 21#include "crypto/openssl_util.h" 22#include "net/base/net_errors.h" 23#include "net/base/net_util.h" 24#include "net/cert/x509_util_openssl.h" 25 26#if defined(OS_ANDROID) 27#include "base/logging.h" 28#include "net/android/network_library.h" 29#endif 30 31namespace net { 32 33namespace { 34 35void CreateOSCertHandlesFromPKCS7Bytes( 36 const char* data, int length, 37 X509Certificate::OSCertHandles* handles) { 38 crypto::EnsureOpenSSLInit(); 39 const unsigned char* der_data = reinterpret_cast<const unsigned char*>(data); 40 crypto::ScopedOpenSSL<PKCS7, PKCS7_free> pkcs7_cert( 41 d2i_PKCS7(NULL, &der_data, length)); 42 if (!pkcs7_cert.get()) 43 return; 44 45 STACK_OF(X509)* certs = NULL; 46 int nid = OBJ_obj2nid(pkcs7_cert.get()->type); 47 if (nid == NID_pkcs7_signed) { 48 certs = pkcs7_cert.get()->d.sign->cert; 49 } else if (nid == NID_pkcs7_signedAndEnveloped) { 50 certs = pkcs7_cert.get()->d.signed_and_enveloped->cert; 51 } 52 53 if (certs) { 54 for (int i = 0; i < sk_X509_num(certs); ++i) { 55 X509* x509_cert = 56 X509Certificate::DupOSCertHandle(sk_X509_value(certs, i)); 57 handles->push_back(x509_cert); 58 } 59 } 60} 61 62void ParsePrincipalValues(X509_NAME* name, 63 int nid, 64 std::vector<std::string>* fields) { 65 for (int index = -1; 66 (index = X509_NAME_get_index_by_NID(name, nid, index)) != -1;) { 67 std::string field; 68 if (!x509_util::ParsePrincipalValueByIndex(name, index, &field)) 69 break; 70 fields->push_back(field); 71 } 72} 73 74void ParsePrincipal(X509Certificate::OSCertHandle cert, 75 X509_NAME* x509_name, 76 CertPrincipal* principal) { 77 if (!x509_name) 78 return; 79 80 ParsePrincipalValues(x509_name, NID_streetAddress, 81 &principal->street_addresses); 82 ParsePrincipalValues(x509_name, NID_organizationName, 83 &principal->organization_names); 84 ParsePrincipalValues(x509_name, NID_organizationalUnitName, 85 &principal->organization_unit_names); 86 ParsePrincipalValues(x509_name, NID_domainComponent, 87 &principal->domain_components); 88 89 x509_util::ParsePrincipalValueByNID(x509_name, NID_commonName, 90 &principal->common_name); 91 x509_util::ParsePrincipalValueByNID(x509_name, NID_localityName, 92 &principal->locality_name); 93 x509_util::ParsePrincipalValueByNID(x509_name, NID_stateOrProvinceName, 94 &principal->state_or_province_name); 95 x509_util::ParsePrincipalValueByNID(x509_name, NID_countryName, 96 &principal->country_name); 97} 98 99void ParseSubjectAltName(X509Certificate::OSCertHandle cert, 100 std::vector<std::string>* dns_names, 101 std::vector<std::string>* ip_addresses) { 102 DCHECK(dns_names || ip_addresses); 103 int index = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1); 104 X509_EXTENSION* alt_name_ext = X509_get_ext(cert, index); 105 if (!alt_name_ext) 106 return; 107 108 crypto::ScopedOpenSSL<GENERAL_NAMES, GENERAL_NAMES_free> alt_names( 109 reinterpret_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(alt_name_ext))); 110 if (!alt_names.get()) 111 return; 112 113 for (int i = 0; i < sk_GENERAL_NAME_num(alt_names.get()); ++i) { 114 const GENERAL_NAME* name = sk_GENERAL_NAME_value(alt_names.get(), i); 115 if (name->type == GEN_DNS && dns_names) { 116 const unsigned char* dns_name = ASN1_STRING_data(name->d.dNSName); 117 if (!dns_name) 118 continue; 119 int dns_name_len = ASN1_STRING_length(name->d.dNSName); 120 dns_names->push_back( 121 std::string(reinterpret_cast<const char*>(dns_name), dns_name_len)); 122 } else if (name->type == GEN_IPADD && ip_addresses) { 123 const unsigned char* ip_addr = name->d.iPAddress->data; 124 if (!ip_addr) 125 continue; 126 int ip_addr_len = name->d.iPAddress->length; 127 if (ip_addr_len != static_cast<int>(kIPv4AddressSize) && 128 ip_addr_len != static_cast<int>(kIPv6AddressSize)) { 129 // http://www.ietf.org/rfc/rfc3280.txt requires subjectAltName iPAddress 130 // to have 4 or 16 bytes, whereas in a name constraint it includes a 131 // net mask hence 8 or 32 bytes. Logging to help diagnose any mixup. 132 LOG(WARNING) << "Bad sized IP Address in cert: " << ip_addr_len; 133 continue; 134 } 135 ip_addresses->push_back( 136 std::string(reinterpret_cast<const char*>(ip_addr), ip_addr_len)); 137 } 138 } 139} 140 141struct DERCache { 142 unsigned char* data; 143 int data_length; 144}; 145 146void DERCache_free(void* parent, void* ptr, CRYPTO_EX_DATA* ad, int idx, 147 long argl, void* argp) { 148 DERCache* der_cache = static_cast<DERCache*>(ptr); 149 if (!der_cache) 150 return; 151 if (der_cache->data) 152 OPENSSL_free(der_cache->data); 153 OPENSSL_free(der_cache); 154} 155 156class X509InitSingleton { 157 public: 158 static X509InitSingleton* GetInstance() { 159 // We allow the X509 store to leak, because it is used from a non-joinable 160 // worker that is not stopped on shutdown, hence may still be using 161 // OpenSSL library after the AtExit runner has completed. 162 return Singleton<X509InitSingleton, 163 LeakySingletonTraits<X509InitSingleton> >::get(); 164 } 165 int der_cache_ex_index() const { return der_cache_ex_index_; } 166 X509_STORE* store() const { return store_.get(); } 167 168 void ResetCertStore() { 169 store_.reset(X509_STORE_new()); 170 DCHECK(store_.get()); 171 X509_STORE_set_default_paths(store_.get()); 172 // TODO(joth): Enable CRL (see X509_STORE_set_flags(X509_V_FLAG_CRL_CHECK)). 173 } 174 175 private: 176 friend struct DefaultSingletonTraits<X509InitSingleton>; 177 X509InitSingleton() { 178 crypto::EnsureOpenSSLInit(); 179 der_cache_ex_index_ = X509_get_ex_new_index(0, 0, 0, 0, DERCache_free); 180 DCHECK_NE(der_cache_ex_index_, -1); 181 ResetCertStore(); 182 } 183 184 int der_cache_ex_index_; 185 crypto::ScopedOpenSSL<X509_STORE, X509_STORE_free> store_; 186 187 DISALLOW_COPY_AND_ASSIGN(X509InitSingleton); 188}; 189 190// Takes ownership of |data| (which must have been allocated by OpenSSL). 191DERCache* SetDERCache(X509Certificate::OSCertHandle cert, 192 int x509_der_cache_index, 193 unsigned char* data, 194 int data_length) { 195 DERCache* internal_cache = static_cast<DERCache*>( 196 OPENSSL_malloc(sizeof(*internal_cache))); 197 if (!internal_cache) { 198 // We took ownership of |data|, so we must free if we can't add it to 199 // |cert|. 200 OPENSSL_free(data); 201 return NULL; 202 } 203 204 internal_cache->data = data; 205 internal_cache->data_length = data_length; 206 X509_set_ex_data(cert, x509_der_cache_index, internal_cache); 207 return internal_cache; 208} 209 210// Returns true if |der_cache| points to valid data, false otherwise. 211// (note: the DER-encoded data in |der_cache| is owned by |cert|, callers should 212// not free it). 213bool GetDERAndCacheIfNeeded(X509Certificate::OSCertHandle cert, 214 DERCache* der_cache) { 215 int x509_der_cache_index = 216 X509InitSingleton::GetInstance()->der_cache_ex_index(); 217 218 // Re-encoding the DER data via i2d_X509 is an expensive operation, but it's 219 // necessary for comparing two certificates. We re-encode at most once per 220 // certificate and cache the data within the X509 cert using X509_set_ex_data. 221 DERCache* internal_cache = static_cast<DERCache*>( 222 X509_get_ex_data(cert, x509_der_cache_index)); 223 if (!internal_cache) { 224 unsigned char* data = NULL; 225 int data_length = i2d_X509(cert, &data); 226 if (data_length <= 0 || !data) 227 return false; 228 internal_cache = SetDERCache(cert, x509_der_cache_index, data, data_length); 229 if (!internal_cache) 230 return false; 231 } 232 *der_cache = *internal_cache; 233 return true; 234} 235 236// Used to free a list of X509_NAMEs and the objects it points to. 237void sk_X509_NAME_free_all(STACK_OF(X509_NAME)* sk) { 238 sk_X509_NAME_pop_free(sk, X509_NAME_free); 239} 240 241} // namespace 242 243// static 244X509Certificate::OSCertHandle X509Certificate::DupOSCertHandle( 245 OSCertHandle cert_handle) { 246 DCHECK(cert_handle); 247 // Using X509_dup causes the entire certificate to be reparsed. This 248 // conversion, besides being non-trivial, drops any associated 249 // application-specific data set by X509_set_ex_data. Using CRYPTO_add 250 // just bumps up the ref-count for the cert, without causing any allocations 251 // or deallocations. 252 CRYPTO_add(&cert_handle->references, 1, CRYPTO_LOCK_X509); 253 return cert_handle; 254} 255 256// static 257void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { 258 // Decrement the ref-count for the cert and, if all references are gone, 259 // free the memory and any application-specific data associated with the 260 // certificate. 261 X509_free(cert_handle); 262} 263 264void X509Certificate::Initialize() { 265 crypto::EnsureOpenSSLInit(); 266 fingerprint_ = CalculateFingerprint(cert_handle_); 267 ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_); 268 269 ASN1_INTEGER* serial_num = X509_get_serialNumber(cert_handle_); 270 if (serial_num) { 271 // ASN1_INTEGERS represent the decoded number, in a format internal to 272 // OpenSSL. Most notably, this may have leading zeroes stripped off for 273 // numbers whose first byte is >= 0x80. Thus, it is necessary to 274 // re-encoded the integer back into DER, which is what the interface 275 // of X509Certificate exposes, to ensure callers get the proper (DER) 276 // value. 277 int bytes_required = i2c_ASN1_INTEGER(serial_num, NULL); 278 unsigned char* buffer = reinterpret_cast<unsigned char*>( 279 WriteInto(&serial_number_, bytes_required + 1)); 280 int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer); 281 DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size()); 282 } 283 284 ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_); 285 ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_), &issuer_); 286 x509_util::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_); 287 x509_util::ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_); 288} 289 290// static 291void X509Certificate::ResetCertStore() { 292 X509InitSingleton::GetInstance()->ResetCertStore(); 293} 294 295// static 296SHA1HashValue X509Certificate::CalculateFingerprint(OSCertHandle cert) { 297 SHA1HashValue sha1; 298 unsigned int sha1_size = static_cast<unsigned int>(sizeof(sha1.data)); 299 int ret = X509_digest(cert, EVP_sha1(), sha1.data, &sha1_size); 300 CHECK(ret); 301 CHECK_EQ(sha1_size, sizeof(sha1.data)); 302 return sha1; 303} 304 305// static 306SHA1HashValue X509Certificate::CalculateCAFingerprint( 307 const OSCertHandles& intermediates) { 308 SHA1HashValue sha1; 309 memset(sha1.data, 0, sizeof(sha1.data)); 310 311 SHA_CTX sha1_ctx; 312 SHA1_Init(&sha1_ctx); 313 DERCache der_cache; 314 for (size_t i = 0; i < intermediates.size(); ++i) { 315 if (!GetDERAndCacheIfNeeded(intermediates[i], &der_cache)) 316 return sha1; 317 SHA1_Update(&sha1_ctx, der_cache.data, der_cache.data_length); 318 } 319 SHA1_Final(sha1.data, &sha1_ctx); 320 321 return sha1; 322} 323 324// static 325X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( 326 const char* data, int length) { 327 if (length < 0) 328 return NULL; 329 crypto::EnsureOpenSSLInit(); 330 const unsigned char* d2i_data = 331 reinterpret_cast<const unsigned char*>(data); 332 // Don't cache this data via SetDERCache as this wire format may be not be 333 // identical from the i2d_X509 roundtrip. 334 X509* cert = d2i_X509(NULL, &d2i_data, length); 335 return cert; 336} 337 338// static 339X509Certificate::OSCertHandles X509Certificate::CreateOSCertHandlesFromBytes( 340 const char* data, int length, Format format) { 341 OSCertHandles results; 342 if (length < 0) 343 return results; 344 345 switch (format) { 346 case FORMAT_SINGLE_CERTIFICATE: { 347 OSCertHandle handle = CreateOSCertHandleFromBytes(data, length); 348 if (handle) 349 results.push_back(handle); 350 break; 351 } 352 case FORMAT_PKCS7: { 353 CreateOSCertHandlesFromPKCS7Bytes(data, length, &results); 354 break; 355 } 356 default: { 357 NOTREACHED() << "Certificate format " << format << " unimplemented"; 358 break; 359 } 360 } 361 362 return results; 363} 364 365void X509Certificate::GetSubjectAltName( 366 std::vector<std::string>* dns_names, 367 std::vector<std::string>* ip_addrs) const { 368 if (dns_names) 369 dns_names->clear(); 370 if (ip_addrs) 371 ip_addrs->clear(); 372 373 ParseSubjectAltName(cert_handle_, dns_names, ip_addrs); 374} 375 376// static 377X509_STORE* X509Certificate::cert_store() { 378 return X509InitSingleton::GetInstance()->store(); 379} 380 381// static 382bool X509Certificate::GetDEREncoded(X509Certificate::OSCertHandle cert_handle, 383 std::string* encoded) { 384 DERCache der_cache; 385 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache)) 386 return false; 387 encoded->assign(reinterpret_cast<const char*>(der_cache.data), 388 der_cache.data_length); 389 return true; 390} 391 392// static 393bool X509Certificate::IsSameOSCert(X509Certificate::OSCertHandle a, 394 X509Certificate::OSCertHandle b) { 395 DCHECK(a && b); 396 if (a == b) 397 return true; 398 399 // X509_cmp only checks the fingerprint, but we want to compare the whole 400 // DER data. Encoding it from OSCertHandle is an expensive operation, so we 401 // cache the DER (if not already cached via X509_set_ex_data). 402 DERCache der_cache_a, der_cache_b; 403 404 return GetDERAndCacheIfNeeded(a, &der_cache_a) && 405 GetDERAndCacheIfNeeded(b, &der_cache_b) && 406 der_cache_a.data_length == der_cache_b.data_length && 407 memcmp(der_cache_a.data, der_cache_b.data, der_cache_a.data_length) == 0; 408} 409 410// static 411X509Certificate::OSCertHandle 412X509Certificate::ReadOSCertHandleFromPickle(PickleIterator* pickle_iter) { 413 const char* data; 414 int length; 415 if (!pickle_iter->ReadData(&data, &length)) 416 return NULL; 417 418 return CreateOSCertHandleFromBytes(data, length); 419} 420 421// static 422bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, 423 Pickle* pickle) { 424 DERCache der_cache; 425 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache)) 426 return false; 427 428 return pickle->WriteData( 429 reinterpret_cast<const char*>(der_cache.data), 430 der_cache.data_length); 431} 432 433// static 434void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle, 435 size_t* size_bits, 436 PublicKeyType* type) { 437 *type = kPublicKeyTypeUnknown; 438 *size_bits = 0; 439 440 crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> scoped_key( 441 X509_get_pubkey(cert_handle)); 442 if (!scoped_key.get()) 443 return; 444 445 CHECK(scoped_key.get()); 446 EVP_PKEY* key = scoped_key.get(); 447 448 switch (key->type) { 449 case EVP_PKEY_RSA: 450 *type = kPublicKeyTypeRSA; 451 *size_bits = EVP_PKEY_size(key) * 8; 452 break; 453 case EVP_PKEY_DSA: 454 *type = kPublicKeyTypeDSA; 455 *size_bits = EVP_PKEY_size(key) * 8; 456 break; 457 case EVP_PKEY_EC: 458 *type = kPublicKeyTypeECDSA; 459 *size_bits = EVP_PKEY_bits(key); 460 break; 461 case EVP_PKEY_DH: 462 *type = kPublicKeyTypeDH; 463 *size_bits = EVP_PKEY_size(key) * 8; 464 break; 465 } 466} 467 468bool X509Certificate::IsIssuedByEncoded( 469 const std::vector<std::string>& valid_issuers) { 470 if (valid_issuers.empty()) 471 return false; 472 473 // Convert to a temporary list of X509_NAME objects. 474 // It will own the objects it points to. 475 crypto::ScopedOpenSSL<STACK_OF(X509_NAME), sk_X509_NAME_free_all> 476 issuer_names(sk_X509_NAME_new_null()); 477 if (!issuer_names.get()) 478 return false; 479 480 for (std::vector<std::string>::const_iterator it = valid_issuers.begin(); 481 it != valid_issuers.end(); ++it) { 482 const unsigned char* p = 483 reinterpret_cast<const unsigned char*>(it->data()); 484 long len = static_cast<long>(it->length()); 485 X509_NAME* ca_name = d2i_X509_NAME(NULL, &p, len); 486 if (ca_name == NULL) 487 return false; 488 sk_X509_NAME_push(issuer_names.get(), ca_name); 489 } 490 491 // Create a temporary list of X509_NAME objects corresponding 492 // to the certificate chain. It doesn't own the object it points to. 493 std::vector<X509_NAME*> cert_names; 494 X509_NAME* issuer = X509_get_issuer_name(cert_handle_); 495 if (issuer == NULL) 496 return false; 497 498 cert_names.push_back(issuer); 499 for (OSCertHandles::iterator it = intermediate_ca_certs_.begin(); 500 it != intermediate_ca_certs_.end(); ++it) { 501 issuer = X509_get_issuer_name(*it); 502 if (issuer == NULL) 503 return false; 504 cert_names.push_back(issuer); 505 } 506 507 // and 'cert_names'. 508 for (size_t n = 0; n < cert_names.size(); ++n) { 509 for (int m = 0; m < sk_X509_NAME_num(issuer_names.get()); ++m) { 510 X509_NAME* issuer = sk_X509_NAME_value(issuer_names.get(), m); 511 if (X509_NAME_cmp(issuer, cert_names[n]) == 0) { 512 return true; 513 } 514 } 515 } 516 517 return false; 518} 519 520} // namespace net 521