1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "net/cert/x509_certificate.h"
6
7#include <stdlib.h>
8
9#include <algorithm>
10#include <map>
11#include <string>
12#include <vector>
13
14#include "base/base64.h"
15#include "base/lazy_instance.h"
16#include "base/logging.h"
17#include "base/memory/scoped_ptr.h"
18#include "base/memory/singleton.h"
19#include "base/metrics/histogram.h"
20#include "base/pickle.h"
21#include "base/sha1.h"
22#include "base/strings/string_piece.h"
23#include "base/strings/string_util.h"
24#include "base/synchronization/lock.h"
25#include "base/time/time.h"
26#include "crypto/secure_hash.h"
27#include "net/base/net_util.h"
28#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
29#include "net/cert/pem_tokenizer.h"
30#include "url/url_canon.h"
31
32namespace net {
33
34namespace {
35
36// Indicates the order to use when trying to decode binary data, which is
37// based on (speculation) as to what will be most common -> least common
38const X509Certificate::Format kFormatDecodePriority[] = {
39  X509Certificate::FORMAT_SINGLE_CERTIFICATE,
40  X509Certificate::FORMAT_PKCS7
41};
42
43// The PEM block header used for DER certificates
44const char kCertificateHeader[] = "CERTIFICATE";
45// The PEM block header used for PKCS#7 data
46const char kPKCS7Header[] = "PKCS7";
47
48#if !defined(USE_NSS)
49// A thread-safe cache for OS certificate handles.
50//
51// Within each of the supported underlying crypto libraries, a certificate
52// handle is represented as a ref-counted object that contains the parsed
53// data for the certificate. In addition, the underlying OS handle may also
54// contain a copy of the original ASN.1 DER used to constructed the handle.
55//
56// In order to reduce the memory usage when multiple SSL connections exist,
57// with each connection storing the server's identity certificate plus any
58// intermediates supplied, the certificate handles are cached. Any two
59// X509Certificates that were created from the same ASN.1 DER data,
60// regardless of where that data came from, will share the same underlying
61// OS certificate handle.
62class X509CertificateCache {
63 public:
64  // Performs a compare-and-swap like operation. If an OS certificate handle
65  // for the same certificate data as |*cert_handle| already exists in the
66  // cache, the original |*cert_handle| will be freed and |cert_handle|
67  // will be updated to point to a duplicated reference to the existing cached
68  // certificate, with the caller taking ownership of this duplicated handle.
69  // If an equivalent OS certificate handle is not found, a duplicated
70  // reference to |*cert_handle| will be added to the cache. In either case,
71  // upon return, the caller fully owns |*cert_handle| and is responsible for
72  // calling FreeOSCertHandle(), after first calling Remove().
73  void InsertOrUpdate(X509Certificate::OSCertHandle* cert_handle);
74
75  // Decrements the cache reference count for |cert_handle|, a handle that was
76  // previously obtained by calling InsertOrUpdate(). If this is the last
77  // cached reference held, this will remove the handle from the cache. The
78  // caller retains ownership of |cert_handle| and remains responsible for
79  // calling FreeOSCertHandle() to release the underlying OS certificate
80  void Remove(X509Certificate::OSCertHandle cert_handle);
81
82 private:
83  // A single entry in the cache. Certificates will be keyed by their SHA1
84  // fingerprints, but will not be considered equivalent unless the entire
85  // certificate data matches.
86  struct Entry {
87    Entry() : cert_handle(NULL), ref_count(0) {}
88
89    X509Certificate::OSCertHandle cert_handle;
90
91    // Increased by each call to InsertOrUpdate(), and balanced by each call
92    // to Remove(). When it equals 0, all references created by
93    // InsertOrUpdate() have been released, so the cache entry will be removed
94    // the cached OS certificate handle will be freed.
95    int ref_count;
96  };
97  typedef std::map<SHA1HashValue, Entry, SHA1HashValueLessThan> CertMap;
98
99  // Obtain an instance of X509CertificateCache via a LazyInstance.
100  X509CertificateCache() {}
101  ~X509CertificateCache() {}
102  friend struct base::DefaultLazyInstanceTraits<X509CertificateCache>;
103
104  // You must acquire this lock before using any private data of this object
105  // You must not block while holding this lock.
106  base::Lock lock_;
107
108  // The certificate cache.  You must acquire |lock_| before using |cache_|.
109  CertMap cache_;
110
111  DISALLOW_COPY_AND_ASSIGN(X509CertificateCache);
112};
113
114base::LazyInstance<X509CertificateCache>::Leaky
115    g_x509_certificate_cache = LAZY_INSTANCE_INITIALIZER;
116
117void X509CertificateCache::InsertOrUpdate(
118    X509Certificate::OSCertHandle* cert_handle) {
119  DCHECK(cert_handle);
120  SHA1HashValue fingerprint =
121      X509Certificate::CalculateFingerprint(*cert_handle);
122
123  X509Certificate::OSCertHandle old_handle = NULL;
124  {
125    base::AutoLock lock(lock_);
126    CertMap::iterator pos = cache_.find(fingerprint);
127    if (pos == cache_.end()) {
128      // A cached entry was not found, so initialize a new entry. The entry
129      // assumes ownership of the current |*cert_handle|.
130      Entry cache_entry;
131      cache_entry.cert_handle = *cert_handle;
132      cache_entry.ref_count = 0;
133      CertMap::value_type cache_value(fingerprint, cache_entry);
134      pos = cache_.insert(cache_value).first;
135    } else {
136      bool is_same_cert =
137          X509Certificate::IsSameOSCert(*cert_handle, pos->second.cert_handle);
138      if (!is_same_cert) {
139        // Two certificates don't match, due to a SHA1 hash collision. Given
140        // the low probability, the simplest solution is to not cache the
141        // certificate, which should not affect performance too negatively.
142        return;
143      }
144      // A cached entry was found and will be used instead of the caller's
145      // handle. Ensure the caller's original handle will be freed, since
146      // ownership is assumed.
147      old_handle = *cert_handle;
148    }
149    // Whether an existing cached handle or a new handle, increment the
150    // cache's reference count and return a handle that the caller can own.
151    ++pos->second.ref_count;
152    *cert_handle = X509Certificate::DupOSCertHandle(pos->second.cert_handle);
153  }
154  // If the caller's handle was replaced with a cached handle, free the
155  // original handle now. This is done outside of the lock because
156  // |old_handle| may be the only handle for this particular certificate, so
157  // freeing it may be complex or resource-intensive and does not need to
158  // be guarded by the lock.
159  if (old_handle) {
160    X509Certificate::FreeOSCertHandle(old_handle);
161#ifndef NDEBUG
162    LOCAL_HISTOGRAM_BOOLEAN("X509CertificateReuseCount", true);
163#endif
164  }
165}
166
167void X509CertificateCache::Remove(X509Certificate::OSCertHandle cert_handle) {
168  SHA1HashValue fingerprint =
169      X509Certificate::CalculateFingerprint(cert_handle);
170  base::AutoLock lock(lock_);
171
172  CertMap::iterator pos = cache_.find(fingerprint);
173  if (pos == cache_.end())
174    return;  // A hash collision where the winning cert was already freed.
175
176  bool is_same_cert = X509Certificate::IsSameOSCert(cert_handle,
177                                                    pos->second.cert_handle);
178  if (!is_same_cert)
179    return;  // A hash collision where the winning cert is still around.
180
181  if (--pos->second.ref_count == 0) {
182    // The last reference to |cert_handle| has been removed, so release the
183    // Entry's OS handle and remove the Entry. The caller still holds a
184    // reference to |cert_handle| and is responsible for freeing it.
185    X509Certificate::FreeOSCertHandle(pos->second.cert_handle);
186    cache_.erase(pos);
187  }
188}
189#endif  // !defined(USE_NSS)
190
191// See X509CertificateCache::InsertOrUpdate. NSS has a built-in cache, so there
192// is no point in wrapping another cache around it.
193void InsertOrUpdateCache(X509Certificate::OSCertHandle* cert_handle) {
194#if !defined(USE_NSS)
195  g_x509_certificate_cache.Pointer()->InsertOrUpdate(cert_handle);
196#endif
197}
198
199// See X509CertificateCache::Remove.
200void RemoveFromCache(X509Certificate::OSCertHandle cert_handle) {
201#if !defined(USE_NSS)
202  g_x509_certificate_cache.Pointer()->Remove(cert_handle);
203#endif
204}
205
206// Utility to split |src| on the first occurrence of |c|, if any. |right| will
207// either be empty if |c| was not found, or will contain the remainder of the
208// string including the split character itself.
209void SplitOnChar(const base::StringPiece& src,
210                 char c,
211                 base::StringPiece* left,
212                 base::StringPiece* right) {
213  size_t pos = src.find(c);
214  if (pos == base::StringPiece::npos) {
215    *left = src;
216    right->clear();
217  } else {
218    *left = src.substr(0, pos);
219    *right = src.substr(pos);
220  }
221}
222
223}  // namespace
224
225bool X509Certificate::LessThan::operator()(
226    const scoped_refptr<X509Certificate>& lhs,
227    const scoped_refptr<X509Certificate>& rhs) const {
228  if (lhs.get() == rhs.get())
229    return false;
230
231  int rv = memcmp(lhs->fingerprint_.data, rhs->fingerprint_.data,
232                  sizeof(lhs->fingerprint_.data));
233  if (rv != 0)
234    return rv < 0;
235
236  rv = memcmp(lhs->ca_fingerprint_.data, rhs->ca_fingerprint_.data,
237              sizeof(lhs->ca_fingerprint_.data));
238  return rv < 0;
239}
240
241X509Certificate::X509Certificate(const std::string& subject,
242                                 const std::string& issuer,
243                                 base::Time start_date,
244                                 base::Time expiration_date)
245    : subject_(subject),
246      issuer_(issuer),
247      valid_start_(start_date),
248      valid_expiry_(expiration_date),
249      cert_handle_(NULL) {
250  memset(fingerprint_.data, 0, sizeof(fingerprint_.data));
251  memset(ca_fingerprint_.data, 0, sizeof(ca_fingerprint_.data));
252}
253
254// static
255X509Certificate* X509Certificate::CreateFromHandle(
256    OSCertHandle cert_handle,
257    const OSCertHandles& intermediates) {
258  DCHECK(cert_handle);
259  return new X509Certificate(cert_handle, intermediates);
260}
261
262// static
263X509Certificate* X509Certificate::CreateFromDERCertChain(
264    const std::vector<base::StringPiece>& der_certs) {
265  if (der_certs.empty())
266    return NULL;
267
268  X509Certificate::OSCertHandles intermediate_ca_certs;
269  for (size_t i = 1; i < der_certs.size(); i++) {
270    OSCertHandle handle = CreateOSCertHandleFromBytes(
271        const_cast<char*>(der_certs[i].data()), der_certs[i].size());
272    if (!handle)
273      break;
274    intermediate_ca_certs.push_back(handle);
275  }
276
277  OSCertHandle handle = NULL;
278  // Return NULL if we failed to parse any of the certs.
279  if (der_certs.size() - 1 == intermediate_ca_certs.size()) {
280    handle = CreateOSCertHandleFromBytes(
281        const_cast<char*>(der_certs[0].data()), der_certs[0].size());
282  }
283
284  X509Certificate* cert = NULL;
285  if (handle) {
286    cert = CreateFromHandle(handle, intermediate_ca_certs);
287    FreeOSCertHandle(handle);
288  }
289
290  for (size_t i = 0; i < intermediate_ca_certs.size(); i++)
291    FreeOSCertHandle(intermediate_ca_certs[i]);
292
293  return cert;
294}
295
296// static
297X509Certificate* X509Certificate::CreateFromBytes(const char* data,
298                                                  int length) {
299  OSCertHandle cert_handle = CreateOSCertHandleFromBytes(data, length);
300  if (!cert_handle)
301    return NULL;
302
303  X509Certificate* cert = CreateFromHandle(cert_handle, OSCertHandles());
304  FreeOSCertHandle(cert_handle);
305  return cert;
306}
307
308// static
309X509Certificate* X509Certificate::CreateFromPickle(const Pickle& pickle,
310                                                   PickleIterator* pickle_iter,
311                                                   PickleType type) {
312  if (type == PICKLETYPE_CERTIFICATE_CHAIN_V3) {
313    int chain_length = 0;
314    if (!pickle_iter->ReadLength(&chain_length))
315      return NULL;
316
317    std::vector<base::StringPiece> cert_chain;
318    const char* data = NULL;
319    int data_length = 0;
320    for (int i = 0; i < chain_length; ++i) {
321      if (!pickle_iter->ReadData(&data, &data_length))
322        return NULL;
323      cert_chain.push_back(base::StringPiece(data, data_length));
324    }
325    return CreateFromDERCertChain(cert_chain);
326  }
327
328  // Legacy / Migration code. This should eventually be removed once
329  // sufficient time has passed that all pickles serialized prior to
330  // PICKLETYPE_CERTIFICATE_CHAIN_V3 have been removed.
331  OSCertHandle cert_handle = ReadOSCertHandleFromPickle(pickle_iter);
332  if (!cert_handle)
333    return NULL;
334
335  OSCertHandles intermediates;
336  uint32 num_intermediates = 0;
337  if (type != PICKLETYPE_SINGLE_CERTIFICATE) {
338    if (!pickle_iter->ReadUInt32(&num_intermediates)) {
339      FreeOSCertHandle(cert_handle);
340      return NULL;
341    }
342
343#if defined(OS_POSIX) && !defined(OS_MACOSX) && defined(__x86_64__)
344    // On 64-bit Linux (and any other 64-bit platforms), the intermediate count
345    // might really be a 64-bit field since we used to use Pickle::WriteSize(),
346    // which writes either 32 or 64 bits depending on the architecture. Since
347    // x86-64 is little-endian, if that happens, the next 32 bits will be all
348    // zeroes (the high bits) and the 32 bits we already read above are the
349    // correct value (we assume there are never more than 2^32 - 1 intermediate
350    // certificates in a chain; in practice, more than a dozen or so is
351    // basically unheard of). Since it's invalid for a certificate to start with
352    // 32 bits of zeroes, we check for that here and skip it if we find it. We
353    // save a copy of the pickle iterator to restore in case we don't get 32
354    // bits of zeroes. Now we always write 32 bits, so after a while, these old
355    // cached pickles will all get replaced.
356    // TODO(mdm): remove this compatibility code in April 2013 or so.
357    PickleIterator saved_iter = *pickle_iter;
358    uint32 zero_check = 0;
359    if (!pickle_iter->ReadUInt32(&zero_check)) {
360      // This may not be an error. If there are no intermediates, and we're
361      // reading an old 32-bit pickle, and there's nothing else after this in
362      // the pickle, we should report success. Note that it is technically
363      // possible for us to skip over zeroes that should have occurred after
364      // an empty certificate list; to avoid this going forward, only do this
365      // backward-compatibility stuff for PICKLETYPE_CERTIFICATE_CHAIN_V1
366      // which comes from the pickle version number in http_response_info.cc.
367      if (num_intermediates) {
368        FreeOSCertHandle(cert_handle);
369        return NULL;
370      }
371    }
372    if (zero_check)
373      *pickle_iter = saved_iter;
374#endif  // defined(OS_POSIX) && !defined(OS_MACOSX) && defined(__x86_64__)
375
376    for (uint32 i = 0; i < num_intermediates; ++i) {
377      OSCertHandle intermediate = ReadOSCertHandleFromPickle(pickle_iter);
378      if (!intermediate)
379        break;
380      intermediates.push_back(intermediate);
381    }
382  }
383
384  X509Certificate* cert = NULL;
385  if (intermediates.size() == num_intermediates)
386    cert = CreateFromHandle(cert_handle, intermediates);
387  FreeOSCertHandle(cert_handle);
388  for (size_t i = 0; i < intermediates.size(); ++i)
389    FreeOSCertHandle(intermediates[i]);
390
391  return cert;
392}
393
394// static
395CertificateList X509Certificate::CreateCertificateListFromBytes(
396    const char* data, int length, int format) {
397  OSCertHandles certificates;
398
399  // Check to see if it is in a PEM-encoded form. This check is performed
400  // first, as both OS X and NSS will both try to convert if they detect
401  // PEM encoding, except they don't do it consistently between the two.
402  base::StringPiece data_string(data, length);
403  std::vector<std::string> pem_headers;
404
405  // To maintain compatibility with NSS/Firefox, CERTIFICATE is a universally
406  // valid PEM block header for any format.
407  pem_headers.push_back(kCertificateHeader);
408  if (format & FORMAT_PKCS7)
409    pem_headers.push_back(kPKCS7Header);
410
411  PEMTokenizer pem_tok(data_string, pem_headers);
412  while (pem_tok.GetNext()) {
413    std::string decoded(pem_tok.data());
414
415    OSCertHandle handle = NULL;
416    if (format & FORMAT_PEM_CERT_SEQUENCE)
417      handle = CreateOSCertHandleFromBytes(decoded.c_str(), decoded.size());
418    if (handle != NULL) {
419      // Parsed a DER encoded certificate. All PEM blocks that follow must
420      // also be DER encoded certificates wrapped inside of PEM blocks.
421      format = FORMAT_PEM_CERT_SEQUENCE;
422      certificates.push_back(handle);
423      continue;
424    }
425
426    // If the first block failed to parse as a DER certificate, and
427    // formats other than PEM are acceptable, check to see if the decoded
428    // data is one of the accepted formats.
429    if (format & ~FORMAT_PEM_CERT_SEQUENCE) {
430      for (size_t i = 0; certificates.empty() &&
431           i < arraysize(kFormatDecodePriority); ++i) {
432        if (format & kFormatDecodePriority[i]) {
433          certificates = CreateOSCertHandlesFromBytes(decoded.c_str(),
434              decoded.size(), kFormatDecodePriority[i]);
435        }
436      }
437    }
438
439    // Stop parsing after the first block for any format but a sequence of
440    // PEM-encoded DER certificates. The case of FORMAT_PEM_CERT_SEQUENCE
441    // is handled above, and continues processing until a certificate fails
442    // to parse.
443    break;
444  }
445
446  // Try each of the formats, in order of parse preference, to see if |data|
447  // contains the binary representation of a Format, if it failed to parse
448  // as a PEM certificate/chain.
449  for (size_t i = 0; certificates.empty() &&
450       i < arraysize(kFormatDecodePriority); ++i) {
451    if (format & kFormatDecodePriority[i])
452      certificates = CreateOSCertHandlesFromBytes(data, length,
453                                                  kFormatDecodePriority[i]);
454  }
455
456  CertificateList results;
457  // No certificates parsed.
458  if (certificates.empty())
459    return results;
460
461  for (OSCertHandles::iterator it = certificates.begin();
462       it != certificates.end(); ++it) {
463    X509Certificate* result = CreateFromHandle(*it, OSCertHandles());
464    results.push_back(scoped_refptr<X509Certificate>(result));
465    FreeOSCertHandle(*it);
466  }
467
468  return results;
469}
470
471void X509Certificate::Persist(Pickle* pickle) {
472  DCHECK(cert_handle_);
473  // This would be an absolutely insane number of intermediates.
474  if (intermediate_ca_certs_.size() > static_cast<size_t>(INT_MAX) - 1) {
475    NOTREACHED();
476    return;
477  }
478  if (!pickle->WriteInt(
479          static_cast<int>(intermediate_ca_certs_.size() + 1)) ||
480      !WriteOSCertHandleToPickle(cert_handle_, pickle)) {
481    NOTREACHED();
482    return;
483  }
484  for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {
485    if (!WriteOSCertHandleToPickle(intermediate_ca_certs_[i], pickle)) {
486      NOTREACHED();
487      return;
488    }
489  }
490}
491
492void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const {
493  GetSubjectAltName(dns_names, NULL);
494  if (dns_names->empty())
495    dns_names->push_back(subject_.common_name);
496}
497
498bool X509Certificate::HasExpired() const {
499  return base::Time::Now() > valid_expiry();
500}
501
502bool X509Certificate::Equals(const X509Certificate* other) const {
503  return IsSameOSCert(cert_handle_, other->cert_handle_);
504}
505
506// static
507bool X509Certificate::VerifyHostname(
508    const std::string& hostname,
509    const std::string& cert_common_name,
510    const std::vector<std::string>& cert_san_dns_names,
511    const std::vector<std::string>& cert_san_ip_addrs,
512    bool* common_name_fallback_used) {
513  DCHECK(!hostname.empty());
514  // Perform name verification following http://tools.ietf.org/html/rfc6125.
515  // The terminology used in this method is as per that RFC:-
516  // Reference identifier == the host the local user/agent is intending to
517  //                         access, i.e. the thing displayed in the URL bar.
518  // Presented identifier(s) == name(s) the server knows itself as, in its cert.
519
520  // CanonicalizeHost requires surrounding brackets to parse an IPv6 address.
521  const std::string host_or_ip = hostname.find(':') != std::string::npos ?
522      "[" + hostname + "]" : hostname;
523  url::CanonHostInfo host_info;
524  std::string reference_name = CanonicalizeHost(host_or_ip, &host_info);
525  // CanonicalizeHost does not normalize absolute vs relative DNS names. If
526  // the input name was absolute (included trailing .), normalize it as if it
527  // was relative.
528  if (!reference_name.empty() && *reference_name.rbegin() == '.')
529    reference_name.resize(reference_name.size() - 1);
530  if (reference_name.empty())
531    return false;
532
533  // Allow fallback to Common name matching?
534  const bool common_name_fallback = cert_san_dns_names.empty() &&
535                                    cert_san_ip_addrs.empty();
536  *common_name_fallback_used = common_name_fallback;
537
538  // Fully handle all cases where |hostname| contains an IP address.
539  if (host_info.IsIPAddress()) {
540    if (common_name_fallback && host_info.family == url::CanonHostInfo::IPV4) {
541      // Fallback to Common name matching. As this is deprecated and only
542      // supported for compatibility refuse it for IPv6 addresses.
543      return reference_name == cert_common_name;
544    }
545    base::StringPiece ip_addr_string(
546        reinterpret_cast<const char*>(host_info.address),
547        host_info.AddressLength());
548    return std::find(cert_san_ip_addrs.begin(), cert_san_ip_addrs.end(),
549                     ip_addr_string) != cert_san_ip_addrs.end();
550  }
551
552  // |reference_domain| is the remainder of |host| after the leading host
553  // component is stripped off, but includes the leading dot e.g.
554  // "www.f.com" -> ".f.com".
555  // If there is no meaningful domain part to |host| (e.g. it contains no dots)
556  // then |reference_domain| will be empty.
557  base::StringPiece reference_host, reference_domain;
558  SplitOnChar(reference_name, '.', &reference_host, &reference_domain);
559  bool allow_wildcards = false;
560  if (!reference_domain.empty()) {
561    DCHECK(reference_domain.starts_with("."));
562
563    // Do not allow wildcards for public/ICANN registry controlled domains -
564    // that is, prevent *.com or *.co.uk as valid presented names, but do not
565    // prevent *.appspot.com (a private registry controlled domain).
566    // In addition, unknown top-level domains (such as 'intranet' domains or
567    // new TLDs/gTLDs not yet added to the registry controlled domain dataset)
568    // are also implicitly prevented.
569    // Because |reference_domain| must contain at least one name component that
570    // is not registry controlled, this ensures that all reference domains
571    // contain at least three domain components when using wildcards.
572    size_t registry_length =
573        registry_controlled_domains::GetRegistryLength(
574            reference_name,
575            registry_controlled_domains::INCLUDE_UNKNOWN_REGISTRIES,
576            registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES);
577
578    // Because |reference_name| was already canonicalized, the following
579    // should never happen.
580    CHECK_NE(std::string::npos, registry_length);
581
582    // Account for the leading dot in |reference_domain|.
583    bool is_registry_controlled =
584        registry_length != 0 &&
585        registry_length == (reference_domain.size() - 1);
586
587    // Additionally, do not attempt wildcard matching for purely numeric
588    // hostnames.
589    allow_wildcards =
590        !is_registry_controlled &&
591        reference_name.find_first_not_of("0123456789.") != std::string::npos;
592  }
593
594  // Now step through the DNS names doing wild card comparison (if necessary)
595  // on each against the reference name. If subjectAltName is empty, then
596  // fallback to use the common name instead.
597  std::vector<std::string> common_name_as_vector;
598  const std::vector<std::string>* presented_names = &cert_san_dns_names;
599  if (common_name_fallback) {
600    // Note: there's a small possibility cert_common_name is an international
601    // domain name in non-standard encoding (e.g. UTF8String or BMPString
602    // instead of A-label). As common name fallback is deprecated we're not
603    // doing anything specific to deal with this.
604    common_name_as_vector.push_back(cert_common_name);
605    presented_names = &common_name_as_vector;
606  }
607  for (std::vector<std::string>::const_iterator it =
608           presented_names->begin();
609       it != presented_names->end(); ++it) {
610    // Catch badly corrupt cert names up front.
611    if (it->empty() || it->find('\0') != std::string::npos) {
612      DVLOG(1) << "Bad name in cert: " << *it;
613      continue;
614    }
615    std::string presented_name(base::StringToLowerASCII(*it));
616
617    // Remove trailing dot, if any.
618    if (*presented_name.rbegin() == '.')
619      presented_name.resize(presented_name.length() - 1);
620
621    // The hostname must be at least as long as the cert name it is matching,
622    // as we require the wildcard (if present) to match at least one character.
623    if (presented_name.length() > reference_name.length())
624      continue;
625
626    base::StringPiece presented_host, presented_domain;
627    SplitOnChar(presented_name, '.', &presented_host, &presented_domain);
628
629    if (presented_domain != reference_domain)
630      continue;
631
632    base::StringPiece pattern_begin, pattern_end;
633    SplitOnChar(presented_host, '*', &pattern_begin, &pattern_end);
634
635    if (pattern_end.empty()) {  // No '*' in the presented_host
636      if (presented_host == reference_host)
637        return true;
638      continue;
639    }
640    pattern_end.remove_prefix(1);  // move past the *
641
642    if (!allow_wildcards)
643      continue;
644
645    // * must not match a substring of an IDN A label; just a whole fragment.
646    if (reference_host.starts_with("xn--") &&
647        !(pattern_begin.empty() && pattern_end.empty()))
648      continue;
649
650    if (reference_host.starts_with(pattern_begin) &&
651        reference_host.ends_with(pattern_end))
652      return true;
653  }
654  return false;
655}
656
657bool X509Certificate::VerifyNameMatch(const std::string& hostname,
658                                      bool* common_name_fallback_used) const {
659  std::vector<std::string> dns_names, ip_addrs;
660  GetSubjectAltName(&dns_names, &ip_addrs);
661  return VerifyHostname(hostname, subject_.common_name, dns_names, ip_addrs,
662                        common_name_fallback_used);
663}
664
665// static
666bool X509Certificate::GetPEMEncodedFromDER(const std::string& der_encoded,
667                                           std::string* pem_encoded) {
668  if (der_encoded.empty())
669    return false;
670  std::string b64_encoded;
671  base::Base64Encode(der_encoded, &b64_encoded);
672  *pem_encoded = "-----BEGIN CERTIFICATE-----\n";
673
674  // Divide the Base-64 encoded data into 64-character chunks, as per
675  // 4.3.2.4 of RFC 1421.
676  static const size_t kChunkSize = 64;
677  size_t chunks = (b64_encoded.size() + (kChunkSize - 1)) / kChunkSize;
678  for (size_t i = 0, chunk_offset = 0; i < chunks;
679       ++i, chunk_offset += kChunkSize) {
680    pem_encoded->append(b64_encoded, chunk_offset, kChunkSize);
681    pem_encoded->append("\n");
682  }
683  pem_encoded->append("-----END CERTIFICATE-----\n");
684  return true;
685}
686
687// static
688bool X509Certificate::GetPEMEncoded(OSCertHandle cert_handle,
689                                    std::string* pem_encoded) {
690  std::string der_encoded;
691  if (!GetDEREncoded(cert_handle, &der_encoded))
692    return false;
693  return GetPEMEncodedFromDER(der_encoded, pem_encoded);
694}
695
696bool X509Certificate::GetPEMEncodedChain(
697    std::vector<std::string>* pem_encoded) const {
698  std::vector<std::string> encoded_chain;
699  std::string pem_data;
700  if (!GetPEMEncoded(os_cert_handle(), &pem_data))
701    return false;
702  encoded_chain.push_back(pem_data);
703  for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {
704    if (!GetPEMEncoded(intermediate_ca_certs_[i], &pem_data))
705      return false;
706    encoded_chain.push_back(pem_data);
707  }
708  pem_encoded->swap(encoded_chain);
709  return true;
710}
711
712// static
713SHA256HashValue X509Certificate::CalculateCAFingerprint256(
714    const OSCertHandles& intermediates) {
715  SHA256HashValue sha256;
716  memset(sha256.data, 0, sizeof(sha256.data));
717
718  scoped_ptr<crypto::SecureHash> hash(
719      crypto::SecureHash::Create(crypto::SecureHash::SHA256));
720
721  for (size_t i = 0; i < intermediates.size(); ++i) {
722    std::string der_encoded;
723    if (!GetDEREncoded(intermediates[i], &der_encoded))
724      return sha256;
725    hash->Update(der_encoded.data(), der_encoded.length());
726  }
727  hash->Finish(sha256.data, sizeof(sha256.data));
728
729  return sha256;
730}
731
732// static
733SHA256HashValue X509Certificate::CalculateChainFingerprint256(
734    OSCertHandle leaf,
735    const OSCertHandles& intermediates) {
736  OSCertHandles chain;
737  chain.push_back(leaf);
738  chain.insert(chain.end(), intermediates.begin(), intermediates.end());
739
740  return CalculateCAFingerprint256(chain);
741}
742
743X509Certificate::X509Certificate(OSCertHandle cert_handle,
744                                 const OSCertHandles& intermediates)
745    : cert_handle_(DupOSCertHandle(cert_handle)) {
746  InsertOrUpdateCache(&cert_handle_);
747  for (size_t i = 0; i < intermediates.size(); ++i) {
748    // Duplicate the incoming certificate, as the caller retains ownership
749    // of |intermediates|.
750    OSCertHandle intermediate = DupOSCertHandle(intermediates[i]);
751    // Update the cache, which will assume ownership of the duplicated
752    // handle and return a suitable equivalent, potentially from the cache.
753    InsertOrUpdateCache(&intermediate);
754    intermediate_ca_certs_.push_back(intermediate);
755  }
756  // Platform-specific initialization.
757  Initialize();
758}
759
760X509Certificate::~X509Certificate() {
761  if (cert_handle_) {
762    RemoveFromCache(cert_handle_);
763    FreeOSCertHandle(cert_handle_);
764  }
765  for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {
766    RemoveFromCache(intermediate_ca_certs_[i]);
767    FreeOSCertHandle(intermediate_ca_certs_[i]);
768  }
769}
770
771}  // namespace net
772