| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "net/base/cert_verify_proc_win.h" | |
| 6 | |
| 7 #include <string> | |
| 8 #include <vector> | |
| 9 | |
| 10 #include "base/memory/scoped_ptr.h" | |
| 11 #include "base/sha1.h" | |
| 12 #include "base/string_util.h" | |
| 13 #include "base/utf_string_conversions.h" | |
| 14 #include "crypto/capi_util.h" | |
| 15 #include "crypto/scoped_capi_types.h" | |
| 16 #include "crypto/sha2.h" | |
| 17 #include "net/base/asn1_util.h" | |
| 18 #include "net/base/cert_status_flags.h" | |
| 19 #include "net/base/cert_verifier.h" | |
| 20 #include "net/base/cert_verify_result.h" | |
| 21 #include "net/base/crl_set.h" | |
| 22 #include "net/base/ev_root_ca_metadata.h" | |
| 23 #include "net/base/net_errors.h" | |
| 24 #include "net/base/test_root_certs.h" | |
| 25 #include "net/base/x509_certificate.h" | |
| 26 #include "net/base/x509_certificate_known_roots_win.h" | |
| 27 | |
| 28 #pragma comment(lib, "crypt32.lib") | |
| 29 | |
| 30 #if !defined(CERT_TRUST_HAS_WEAK_SIGNATURE) | |
| 31 // This was introduced in Windows 8 / Windows Server 2012, but retroactively | |
| 32 // ported as far back as Windows XP via system update. | |
| 33 #define CERT_TRUST_HAS_WEAK_SIGNATURE 0x00100000 | |
| 34 #endif | |
| 35 | |
| 36 namespace net { | |
| 37 | |
| 38 namespace { | |
| 39 | |
| 40 struct FreeChainEngineFunctor { | |
| 41 void operator()(HCERTCHAINENGINE engine) const { | |
| 42 if (engine) | |
| 43 CertFreeCertificateChainEngine(engine); | |
| 44 } | |
| 45 }; | |
| 46 | |
| 47 struct FreeCertChainContextFunctor { | |
| 48 void operator()(PCCERT_CHAIN_CONTEXT chain_context) const { | |
| 49 if (chain_context) | |
| 50 CertFreeCertificateChain(chain_context); | |
| 51 } | |
| 52 }; | |
| 53 | |
| 54 struct FreeCertContextFunctor { | |
| 55 void operator()(PCCERT_CONTEXT context) const { | |
| 56 if (context) | |
| 57 CertFreeCertificateContext(context); | |
| 58 } | |
| 59 }; | |
| 60 | |
| 61 typedef crypto::ScopedCAPIHandle<HCERTCHAINENGINE, FreeChainEngineFunctor> | |
| 62 ScopedHCERTCHAINENGINE; | |
| 63 | |
| 64 typedef scoped_ptr_malloc<const CERT_CHAIN_CONTEXT, | |
| 65 FreeCertChainContextFunctor> | |
| 66 ScopedPCCERT_CHAIN_CONTEXT; | |
| 67 | |
| 68 typedef scoped_ptr_malloc<const CERT_CONTEXT, | |
| 69 FreeCertContextFunctor> ScopedPCCERT_CONTEXT; | |
| 70 | |
| 71 //----------------------------------------------------------------------------- | |
| 72 | |
| 73 int MapSecurityError(SECURITY_STATUS err) { | |
| 74 // There are numerous security error codes, but these are the ones we thus | |
| 75 // far find interesting. | |
| 76 switch (err) { | |
| 77 case SEC_E_WRONG_PRINCIPAL: // Schannel | |
| 78 case CERT_E_CN_NO_MATCH: // CryptoAPI | |
| 79 return ERR_CERT_COMMON_NAME_INVALID; | |
| 80 case SEC_E_UNTRUSTED_ROOT: // Schannel | |
| 81 case CERT_E_UNTRUSTEDROOT: // CryptoAPI | |
| 82 return ERR_CERT_AUTHORITY_INVALID; | |
| 83 case SEC_E_CERT_EXPIRED: // Schannel | |
| 84 case CERT_E_EXPIRED: // CryptoAPI | |
| 85 return ERR_CERT_DATE_INVALID; | |
| 86 case CRYPT_E_NO_REVOCATION_CHECK: | |
| 87 return ERR_CERT_NO_REVOCATION_MECHANISM; | |
| 88 case CRYPT_E_REVOCATION_OFFLINE: | |
| 89 return ERR_CERT_UNABLE_TO_CHECK_REVOCATION; | |
| 90 case CRYPT_E_REVOKED: // Schannel and CryptoAPI | |
| 91 return ERR_CERT_REVOKED; | |
| 92 case SEC_E_CERT_UNKNOWN: | |
| 93 case CERT_E_ROLE: | |
| 94 return ERR_CERT_INVALID; | |
| 95 case CERT_E_WRONG_USAGE: | |
| 96 // TODO(wtc): Should we add ERR_CERT_WRONG_USAGE? | |
| 97 return ERR_CERT_INVALID; | |
| 98 // We received an unexpected_message or illegal_parameter alert message | |
| 99 // from the server. | |
| 100 case SEC_E_ILLEGAL_MESSAGE: | |
| 101 return ERR_SSL_PROTOCOL_ERROR; | |
| 102 case SEC_E_ALGORITHM_MISMATCH: | |
| 103 return ERR_SSL_VERSION_OR_CIPHER_MISMATCH; | |
| 104 case SEC_E_INVALID_HANDLE: | |
| 105 return ERR_UNEXPECTED; | |
| 106 case SEC_E_OK: | |
| 107 return OK; | |
| 108 default: | |
| 109 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED"; | |
| 110 return ERR_FAILED; | |
| 111 } | |
| 112 } | |
| 113 | |
| 114 // Map the errors in the chain_context->TrustStatus.dwErrorStatus returned by | |
| 115 // CertGetCertificateChain to our certificate status flags. | |
| 116 int MapCertChainErrorStatusToCertStatus(DWORD error_status) { | |
| 117 CertStatus cert_status = 0; | |
| 118 | |
| 119 // We don't include CERT_TRUST_IS_NOT_TIME_NESTED because it's obsolete and | |
| 120 // we wouldn't consider it an error anyway | |
| 121 const DWORD kDateInvalidErrors = CERT_TRUST_IS_NOT_TIME_VALID | | |
| 122 CERT_TRUST_CTL_IS_NOT_TIME_VALID; | |
| 123 if (error_status & kDateInvalidErrors) | |
| 124 cert_status |= CERT_STATUS_DATE_INVALID; | |
| 125 | |
| 126 const DWORD kAuthorityInvalidErrors = CERT_TRUST_IS_UNTRUSTED_ROOT | | |
| 127 CERT_TRUST_IS_EXPLICIT_DISTRUST | | |
| 128 CERT_TRUST_IS_PARTIAL_CHAIN; | |
| 129 if (error_status & kAuthorityInvalidErrors) | |
| 130 cert_status |= CERT_STATUS_AUTHORITY_INVALID; | |
| 131 | |
| 132 if ((error_status & CERT_TRUST_REVOCATION_STATUS_UNKNOWN) && | |
| 133 !(error_status & CERT_TRUST_IS_OFFLINE_REVOCATION)) | |
| 134 cert_status |= CERT_STATUS_NO_REVOCATION_MECHANISM; | |
| 135 | |
| 136 if (error_status & CERT_TRUST_IS_OFFLINE_REVOCATION) | |
| 137 cert_status |= CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; | |
| 138 | |
| 139 if (error_status & CERT_TRUST_IS_REVOKED) | |
| 140 cert_status |= CERT_STATUS_REVOKED; | |
| 141 | |
| 142 const DWORD kWrongUsageErrors = CERT_TRUST_IS_NOT_VALID_FOR_USAGE | | |
| 143 CERT_TRUST_CTL_IS_NOT_VALID_FOR_USAGE; | |
| 144 if (error_status & kWrongUsageErrors) { | |
| 145 // TODO(wtc): Should we add CERT_STATUS_WRONG_USAGE? | |
| 146 cert_status |= CERT_STATUS_INVALID; | |
| 147 } | |
| 148 | |
| 149 if (error_status & CERT_TRUST_IS_NOT_SIGNATURE_VALID) { | |
| 150 // Check for a signature that does not meet the OS criteria for strong | |
| 151 // signatures. | |
| 152 // Note: These checks may be more restrictive than the current weak key | |
| 153 // criteria implemented within CertVerifier, such as excluding SHA-1 or | |
| 154 // excluding RSA keys < 2048 bits. However, if the user has configured | |
| 155 // these more stringent checks, respect that configuration and err on the | |
| 156 // more restrictive criteria. | |
| 157 if (error_status & CERT_TRUST_HAS_WEAK_SIGNATURE) { | |
| 158 cert_status |= CERT_STATUS_WEAK_KEY; | |
| 159 } else { | |
| 160 cert_status |= CERT_STATUS_INVALID; | |
| 161 } | |
| 162 } | |
| 163 | |
| 164 // The rest of the errors. | |
| 165 const DWORD kCertInvalidErrors = | |
| 166 CERT_TRUST_IS_CYCLIC | | |
| 167 CERT_TRUST_INVALID_EXTENSION | | |
| 168 CERT_TRUST_INVALID_POLICY_CONSTRAINTS | | |
| 169 CERT_TRUST_INVALID_BASIC_CONSTRAINTS | | |
| 170 CERT_TRUST_INVALID_NAME_CONSTRAINTS | | |
| 171 CERT_TRUST_CTL_IS_NOT_SIGNATURE_VALID | | |
| 172 CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT | | |
| 173 CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT | | |
| 174 CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT | | |
| 175 CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT | | |
| 176 CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY | | |
| 177 CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT; | |
| 178 if (error_status & kCertInvalidErrors) | |
| 179 cert_status |= CERT_STATUS_INVALID; | |
| 180 | |
| 181 return cert_status; | |
| 182 } | |
| 183 | |
| 184 // Returns true if any common name in the certificate's Subject field contains | |
| 185 // a NULL character. | |
| 186 bool CertSubjectCommonNameHasNull(PCCERT_CONTEXT cert) { | |
| 187 CRYPT_DECODE_PARA decode_para; | |
| 188 decode_para.cbSize = sizeof(decode_para); | |
| 189 decode_para.pfnAlloc = crypto::CryptAlloc; | |
| 190 decode_para.pfnFree = crypto::CryptFree; | |
| 191 CERT_NAME_INFO* name_info = NULL; | |
| 192 DWORD name_info_size = 0; | |
| 193 BOOL rv; | |
| 194 rv = CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, | |
| 195 X509_NAME, | |
| 196 cert->pCertInfo->Subject.pbData, | |
| 197 cert->pCertInfo->Subject.cbData, | |
| 198 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, | |
| 199 &decode_para, | |
| 200 &name_info, | |
| 201 &name_info_size); | |
| 202 if (rv) { | |
| 203 scoped_ptr_malloc<CERT_NAME_INFO> scoped_name_info(name_info); | |
| 204 | |
| 205 // The Subject field may have multiple common names. According to the | |
| 206 // "PKI Layer Cake" paper, CryptoAPI uses every common name in the | |
| 207 // Subject field, so we inspect every common name. | |
| 208 // | |
| 209 // From RFC 5280: | |
| 210 // X520CommonName ::= CHOICE { | |
| 211 // teletexString TeletexString (SIZE (1..ub-common-name)), | |
| 212 // printableString PrintableString (SIZE (1..ub-common-name)), | |
| 213 // universalString UniversalString (SIZE (1..ub-common-name)), | |
| 214 // utf8String UTF8String (SIZE (1..ub-common-name)), | |
| 215 // bmpString BMPString (SIZE (1..ub-common-name)) } | |
| 216 // | |
| 217 // We also check IA5String and VisibleString. | |
| 218 for (DWORD i = 0; i < name_info->cRDN; ++i) { | |
| 219 PCERT_RDN rdn = &name_info->rgRDN[i]; | |
| 220 for (DWORD j = 0; j < rdn->cRDNAttr; ++j) { | |
| 221 PCERT_RDN_ATTR rdn_attr = &rdn->rgRDNAttr[j]; | |
| 222 if (strcmp(rdn_attr->pszObjId, szOID_COMMON_NAME) == 0) { | |
| 223 switch (rdn_attr->dwValueType) { | |
| 224 // After the CryptoAPI ASN.1 security vulnerabilities described in | |
| 225 // http://www.microsoft.com/technet/security/Bulletin/MS09-056.mspx | |
| 226 // were patched, we get CERT_RDN_ENCODED_BLOB for a common name | |
| 227 // that contains a NULL character. | |
| 228 case CERT_RDN_ENCODED_BLOB: | |
| 229 break; | |
| 230 // Array of 8-bit characters. | |
| 231 case CERT_RDN_PRINTABLE_STRING: | |
| 232 case CERT_RDN_TELETEX_STRING: | |
| 233 case CERT_RDN_IA5_STRING: | |
| 234 case CERT_RDN_VISIBLE_STRING: | |
| 235 for (DWORD k = 0; k < rdn_attr->Value.cbData; ++k) { | |
| 236 if (rdn_attr->Value.pbData[k] == '\0') | |
| 237 return true; | |
| 238 } | |
| 239 break; | |
| 240 // Array of 16-bit characters. | |
| 241 case CERT_RDN_BMP_STRING: | |
| 242 case CERT_RDN_UTF8_STRING: { | |
| 243 DWORD num_wchars = rdn_attr->Value.cbData / 2; | |
| 244 wchar_t* common_name = | |
| 245 reinterpret_cast<wchar_t*>(rdn_attr->Value.pbData); | |
| 246 for (DWORD k = 0; k < num_wchars; ++k) { | |
| 247 if (common_name[k] == L'\0') | |
| 248 return true; | |
| 249 } | |
| 250 break; | |
| 251 } | |
| 252 // Array of ints (32-bit). | |
| 253 case CERT_RDN_UNIVERSAL_STRING: { | |
| 254 DWORD num_ints = rdn_attr->Value.cbData / 4; | |
| 255 int* common_name = | |
| 256 reinterpret_cast<int*>(rdn_attr->Value.pbData); | |
| 257 for (DWORD k = 0; k < num_ints; ++k) { | |
| 258 if (common_name[k] == 0) | |
| 259 return true; | |
| 260 } | |
| 261 break; | |
| 262 } | |
| 263 default: | |
| 264 NOTREACHED(); | |
| 265 break; | |
| 266 } | |
| 267 } | |
| 268 } | |
| 269 } | |
| 270 } | |
| 271 return false; | |
| 272 } | |
| 273 | |
| 274 // IsIssuedByKnownRoot returns true if the given chain is rooted at a root CA | |
| 275 // which we recognise as a standard root. | |
| 276 // static | |
| 277 bool IsIssuedByKnownRoot(PCCERT_CHAIN_CONTEXT chain_context) { | |
| 278 PCERT_SIMPLE_CHAIN first_chain = chain_context->rgpChain[0]; | |
| 279 int num_elements = first_chain->cElement; | |
| 280 if (num_elements < 1) | |
| 281 return false; | |
| 282 PCERT_CHAIN_ELEMENT* element = first_chain->rgpElement; | |
| 283 PCCERT_CONTEXT cert = element[num_elements - 1]->pCertContext; | |
| 284 | |
| 285 SHA1HashValue hash = X509Certificate::CalculateFingerprint(cert); | |
| 286 return IsSHA1HashInSortedArray( | |
| 287 hash, &kKnownRootCertSHA1Hashes[0][0], sizeof(kKnownRootCertSHA1Hashes)); | |
| 288 } | |
| 289 | |
| 290 // Saves some information about the certificate chain |chain_context| in | |
| 291 // |*verify_result|. The caller MUST initialize |*verify_result| before | |
| 292 // calling this function. | |
| 293 void GetCertChainInfo(PCCERT_CHAIN_CONTEXT chain_context, | |
| 294 CertVerifyResult* verify_result) { | |
| 295 if (chain_context->cChain == 0) | |
| 296 return; | |
| 297 | |
| 298 PCERT_SIMPLE_CHAIN first_chain = chain_context->rgpChain[0]; | |
| 299 int num_elements = first_chain->cElement; | |
| 300 PCERT_CHAIN_ELEMENT* element = first_chain->rgpElement; | |
| 301 | |
| 302 PCCERT_CONTEXT verified_cert = NULL; | |
| 303 std::vector<PCCERT_CONTEXT> verified_chain; | |
| 304 | |
| 305 bool has_root_ca = num_elements > 1 && | |
| 306 !(chain_context->TrustStatus.dwErrorStatus & | |
| 307 CERT_TRUST_IS_PARTIAL_CHAIN); | |
| 308 | |
| 309 // Each chain starts with the end entity certificate (i = 0) and ends with | |
| 310 // either the root CA certificate or the last available intermediate. If a | |
| 311 // root CA certificate is present, do not inspect the signature algorithm of | |
| 312 // the root CA certificate because the signature on the trust anchor is not | |
| 313 // important. | |
| 314 if (has_root_ca) { | |
| 315 // If a full chain was constructed, regardless of whether it was trusted, | |
| 316 // don't inspect the root's signature algorithm. | |
| 317 num_elements -= 1; | |
| 318 } | |
| 319 | |
| 320 for (int i = 0; i < num_elements; ++i) { | |
| 321 PCCERT_CONTEXT cert = element[i]->pCertContext; | |
| 322 if (i == 0) { | |
| 323 verified_cert = cert; | |
| 324 } else { | |
| 325 verified_chain.push_back(cert); | |
| 326 } | |
| 327 | |
| 328 const char* algorithm = cert->pCertInfo->SignatureAlgorithm.pszObjId; | |
| 329 if (strcmp(algorithm, szOID_RSA_MD5RSA) == 0) { | |
| 330 // md5WithRSAEncryption: 1.2.840.113549.1.1.4 | |
| 331 verify_result->has_md5 = true; | |
| 332 if (i != 0) | |
| 333 verify_result->has_md5_ca = true; | |
| 334 } else if (strcmp(algorithm, szOID_RSA_MD2RSA) == 0) { | |
| 335 // md2WithRSAEncryption: 1.2.840.113549.1.1.2 | |
| 336 verify_result->has_md2 = true; | |
| 337 if (i != 0) | |
| 338 verify_result->has_md2_ca = true; | |
| 339 } else if (strcmp(algorithm, szOID_RSA_MD4RSA) == 0) { | |
| 340 // md4WithRSAEncryption: 1.2.840.113549.1.1.3 | |
| 341 verify_result->has_md4 = true; | |
| 342 } | |
| 343 } | |
| 344 | |
| 345 if (verified_cert) { | |
| 346 // Add the root certificate, if present, as it was not added above. | |
| 347 if (has_root_ca) | |
| 348 verified_chain.push_back(element[num_elements]->pCertContext); | |
| 349 verify_result->verified_cert = | |
| 350 X509Certificate::CreateFromHandle(verified_cert, verified_chain); | |
| 351 } | |
| 352 } | |
| 353 | |
| 354 // Decodes the cert's certificatePolicies extension into a CERT_POLICIES_INFO | |
| 355 // structure and stores it in *output. | |
| 356 void GetCertPoliciesInfo(PCCERT_CONTEXT cert, | |
| 357 scoped_ptr_malloc<CERT_POLICIES_INFO>* output) { | |
| 358 PCERT_EXTENSION extension = CertFindExtension(szOID_CERT_POLICIES, | |
| 359 cert->pCertInfo->cExtension, | |
| 360 cert->pCertInfo->rgExtension); | |
| 361 if (!extension) | |
| 362 return; | |
| 363 | |
| 364 CRYPT_DECODE_PARA decode_para; | |
| 365 decode_para.cbSize = sizeof(decode_para); | |
| 366 decode_para.pfnAlloc = crypto::CryptAlloc; | |
| 367 decode_para.pfnFree = crypto::CryptFree; | |
| 368 CERT_POLICIES_INFO* policies_info = NULL; | |
| 369 DWORD policies_info_size = 0; | |
| 370 BOOL rv; | |
| 371 rv = CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, | |
| 372 szOID_CERT_POLICIES, | |
| 373 extension->Value.pbData, | |
| 374 extension->Value.cbData, | |
| 375 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, | |
| 376 &decode_para, | |
| 377 &policies_info, | |
| 378 &policies_info_size); | |
| 379 if (rv) | |
| 380 output->reset(policies_info); | |
| 381 } | |
| 382 | |
| 383 bool CheckRevocationWithCRLSet(PCCERT_CHAIN_CONTEXT chain, | |
| 384 CRLSet* crl_set) { | |
| 385 if (chain->cChain == 0) | |
| 386 return true; | |
| 387 | |
| 388 const PCERT_SIMPLE_CHAIN first_chain = chain->rgpChain[0]; | |
| 389 const PCERT_CHAIN_ELEMENT* element = first_chain->rgpElement; | |
| 390 | |
| 391 const int num_elements = first_chain->cElement; | |
| 392 if (num_elements == 0) | |
| 393 return true; | |
| 394 | |
| 395 // We iterate from the root certificate down to the leaf, keeping track of | |
| 396 // the issuer's SPKI at each step. | |
| 397 std::string issuer_spki_hash; | |
| 398 for (int i = num_elements - 1; i >= 0; i--) { | |
| 399 PCCERT_CONTEXT cert = element[i]->pCertContext; | |
| 400 | |
| 401 base::StringPiece der_bytes( | |
| 402 reinterpret_cast<const char*>(cert->pbCertEncoded), | |
| 403 cert->cbCertEncoded); | |
| 404 | |
| 405 base::StringPiece spki; | |
| 406 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki)) { | |
| 407 NOTREACHED(); | |
| 408 continue; | |
| 409 } | |
| 410 | |
| 411 const std::string spki_hash = crypto::SHA256HashString(spki); | |
| 412 | |
| 413 const CRYPT_INTEGER_BLOB* serial_blob = &cert->pCertInfo->SerialNumber; | |
| 414 scoped_array<uint8> serial_bytes(new uint8[serial_blob->cbData]); | |
| 415 // The bytes of the serial number are stored little-endian. | |
| 416 for (unsigned j = 0; j < serial_blob->cbData; j++) | |
| 417 serial_bytes[j] = serial_blob->pbData[serial_blob->cbData - j - 1]; | |
| 418 base::StringPiece serial(reinterpret_cast<const char*>(serial_bytes.get()), | |
| 419 serial_blob->cbData); | |
| 420 | |
| 421 CRLSet::Result result = crl_set->CheckSPKI(spki_hash); | |
| 422 | |
| 423 if (result != CRLSet::REVOKED && !issuer_spki_hash.empty()) | |
| 424 result = crl_set->CheckSerial(serial, issuer_spki_hash); | |
| 425 | |
| 426 issuer_spki_hash = spki_hash; | |
| 427 | |
| 428 switch (result) { | |
| 429 case CRLSet::REVOKED: | |
| 430 return false; | |
| 431 case CRLSet::UNKNOWN: | |
| 432 case CRLSet::GOOD: | |
| 433 continue; | |
| 434 default: | |
| 435 NOTREACHED(); | |
| 436 continue; | |
| 437 } | |
| 438 } | |
| 439 | |
| 440 return true; | |
| 441 } | |
| 442 | |
| 443 void AppendPublicKeyHashes(PCCERT_CHAIN_CONTEXT chain, | |
| 444 HashValueVector* hashes) { | |
| 445 if (chain->cChain == 0) | |
| 446 return; | |
| 447 | |
| 448 PCERT_SIMPLE_CHAIN first_chain = chain->rgpChain[0]; | |
| 449 PCERT_CHAIN_ELEMENT* const element = first_chain->rgpElement; | |
| 450 | |
| 451 const DWORD num_elements = first_chain->cElement; | |
| 452 for (DWORD i = 0; i < num_elements; i++) { | |
| 453 PCCERT_CONTEXT cert = element[i]->pCertContext; | |
| 454 | |
| 455 base::StringPiece der_bytes( | |
| 456 reinterpret_cast<const char*>(cert->pbCertEncoded), | |
| 457 cert->cbCertEncoded); | |
| 458 base::StringPiece spki_bytes; | |
| 459 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) | |
| 460 continue; | |
| 461 | |
| 462 HashValue sha1(HASH_VALUE_SHA1); | |
| 463 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spki_bytes.data()), | |
| 464 spki_bytes.size(), sha1.data()); | |
| 465 hashes->push_back(sha1); | |
| 466 | |
| 467 HashValue sha256(HASH_VALUE_SHA256); | |
| 468 crypto::SHA256HashString(spki_bytes, sha1.data(), crypto::kSHA256Length); | |
| 469 hashes->push_back(sha256); | |
| 470 } | |
| 471 } | |
| 472 | |
| 473 // Returns true if the certificate is an extended-validation certificate. | |
| 474 // | |
| 475 // This function checks the certificatePolicies extensions of the | |
| 476 // certificates in the certificate chain according to Section 7 (pp. 11-12) | |
| 477 // of the EV Certificate Guidelines Version 1.0 at | |
| 478 // http://cabforum.org/EV_Certificate_Guidelines.pdf. | |
| 479 bool CheckEV(PCCERT_CHAIN_CONTEXT chain_context, | |
| 480 bool rev_checking_enabled, | |
| 481 const char* policy_oid) { | |
| 482 DCHECK_NE(static_cast<DWORD>(0), chain_context->cChain); | |
| 483 // If the cert doesn't match any of the policies, the | |
| 484 // CERT_TRUST_IS_NOT_VALID_FOR_USAGE bit (0x10) in | |
| 485 // chain_context->TrustStatus.dwErrorStatus is set. | |
| 486 DWORD error_status = chain_context->TrustStatus.dwErrorStatus; | |
| 487 | |
| 488 if (!rev_checking_enabled) { | |
| 489 // If online revocation checking is disabled then we will have still | |
| 490 // requested that the revocation cache be checked. However, that will often | |
| 491 // cause the following two error bits to be set. These error bits mean that | |
| 492 // the local OCSP/CRL is stale or missing entries for these certificates. | |
| 493 // Since they are expected, we mask them away. | |
| 494 error_status &= ~(CERT_TRUST_IS_OFFLINE_REVOCATION | | |
| 495 CERT_TRUST_REVOCATION_STATUS_UNKNOWN); | |
| 496 } | |
| 497 if (!chain_context->cChain || error_status != CERT_TRUST_NO_ERROR) | |
| 498 return false; | |
| 499 | |
| 500 // Check the end certificate simple chain (chain_context->rgpChain[0]). | |
| 501 // If the end certificate's certificatePolicies extension contains the | |
| 502 // EV policy OID of the root CA, return true. | |
| 503 PCERT_CHAIN_ELEMENT* element = chain_context->rgpChain[0]->rgpElement; | |
| 504 int num_elements = chain_context->rgpChain[0]->cElement; | |
| 505 if (num_elements < 2) | |
| 506 return false; | |
| 507 | |
| 508 // Look up the EV policy OID of the root CA. | |
| 509 PCCERT_CONTEXT root_cert = element[num_elements - 1]->pCertContext; | |
| 510 SHA1HashValue fingerprint = | |
| 511 X509Certificate::CalculateFingerprint(root_cert); | |
| 512 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance(); | |
| 513 return metadata->HasEVPolicyOID(fingerprint, policy_oid); | |
| 514 } | |
| 515 | |
| 516 } // namespace | |
| 517 | |
| 518 CertVerifyProcWin::CertVerifyProcWin() {} | |
| 519 | |
| 520 CertVerifyProcWin::~CertVerifyProcWin() {} | |
| 521 | |
| 522 bool CertVerifyProcWin::SupportsAdditionalTrustAnchors() const { | |
| 523 return false; | |
| 524 } | |
| 525 | |
| 526 int CertVerifyProcWin::VerifyInternal( | |
| 527 X509Certificate* cert, | |
| 528 const std::string& hostname, | |
| 529 int flags, | |
| 530 CRLSet* crl_set, | |
| 531 const CertificateList& additional_trust_anchors, | |
| 532 CertVerifyResult* verify_result) { | |
| 533 PCCERT_CONTEXT cert_handle = cert->os_cert_handle(); | |
| 534 if (!cert_handle) | |
| 535 return ERR_UNEXPECTED; | |
| 536 | |
| 537 // Build and validate certificate chain. | |
| 538 CERT_CHAIN_PARA chain_para; | |
| 539 memset(&chain_para, 0, sizeof(chain_para)); | |
| 540 chain_para.cbSize = sizeof(chain_para); | |
| 541 // ExtendedKeyUsage. | |
| 542 // We still need to request szOID_SERVER_GATED_CRYPTO and szOID_SGC_NETSCAPE | |
| 543 // today because some certificate chains need them. IE also requests these | |
| 544 // two usages. | |
| 545 static const LPSTR usage[] = { | |
| 546 szOID_PKIX_KP_SERVER_AUTH, | |
| 547 szOID_SERVER_GATED_CRYPTO, | |
| 548 szOID_SGC_NETSCAPE | |
| 549 }; | |
| 550 chain_para.RequestedUsage.dwType = USAGE_MATCH_TYPE_OR; | |
| 551 chain_para.RequestedUsage.Usage.cUsageIdentifier = arraysize(usage); | |
| 552 chain_para.RequestedUsage.Usage.rgpszUsageIdentifier = | |
| 553 const_cast<LPSTR*>(usage); | |
| 554 | |
| 555 // Get the certificatePolicies extension of the certificate. | |
| 556 scoped_ptr_malloc<CERT_POLICIES_INFO> policies_info; | |
| 557 LPSTR ev_policy_oid = NULL; | |
| 558 if (flags & CertVerifier::VERIFY_EV_CERT) { | |
| 559 GetCertPoliciesInfo(cert_handle, &policies_info); | |
| 560 if (policies_info.get()) { | |
| 561 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance(); | |
| 562 for (DWORD i = 0; i < policies_info->cPolicyInfo; ++i) { | |
| 563 LPSTR policy_oid = policies_info->rgPolicyInfo[i].pszPolicyIdentifier; | |
| 564 if (metadata->IsEVPolicyOID(policy_oid)) { | |
| 565 ev_policy_oid = policy_oid; | |
| 566 chain_para.RequestedIssuancePolicy.dwType = USAGE_MATCH_TYPE_AND; | |
| 567 chain_para.RequestedIssuancePolicy.Usage.cUsageIdentifier = 1; | |
| 568 chain_para.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = | |
| 569 &ev_policy_oid; | |
| 570 break; | |
| 571 } | |
| 572 } | |
| 573 } | |
| 574 } | |
| 575 | |
| 576 // We can set CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS to get more chains. | |
| 577 DWORD chain_flags = CERT_CHAIN_CACHE_END_CERT | | |
| 578 CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT; | |
| 579 const bool rev_checking_enabled = | |
| 580 (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED) || | |
| 581 (ev_policy_oid != NULL && | |
| 582 (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY)); | |
| 583 | |
| 584 if (rev_checking_enabled) { | |
| 585 verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED; | |
| 586 } else { | |
| 587 chain_flags |= CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY; | |
| 588 } | |
| 589 | |
| 590 // For non-test scenarios, use the default HCERTCHAINENGINE, NULL, which | |
| 591 // corresponds to HCCE_CURRENT_USER and is is initialized as needed by | |
| 592 // crypt32. However, when testing, it is necessary to create a new | |
| 593 // HCERTCHAINENGINE and use that instead. This is because each | |
| 594 // HCERTCHAINENGINE maintains a cache of information about certificates | |
| 595 // encountered, and each test run may modify the trust status of a | |
| 596 // certificate. | |
| 597 ScopedHCERTCHAINENGINE chain_engine(NULL); | |
| 598 if (TestRootCerts::HasInstance()) | |
| 599 chain_engine.reset(TestRootCerts::GetInstance()->GetChainEngine()); | |
| 600 | |
| 601 ScopedPCCERT_CONTEXT cert_list(cert->CreateOSCertChainForCert()); | |
| 602 PCCERT_CHAIN_CONTEXT chain_context; | |
| 603 // IE passes a non-NULL pTime argument that specifies the current system | |
| 604 // time. IE passes CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT as the | |
| 605 // chain_flags argument. | |
| 606 if (!CertGetCertificateChain( | |
| 607 chain_engine, | |
| 608 cert_list.get(), | |
| 609 NULL, // current system time | |
| 610 cert_list->hCertStore, | |
| 611 &chain_para, | |
| 612 chain_flags, | |
| 613 NULL, // reserved | |
| 614 &chain_context)) { | |
| 615 verify_result->cert_status |= CERT_STATUS_INVALID; | |
| 616 return MapSecurityError(GetLastError()); | |
| 617 } | |
| 618 | |
| 619 if (chain_context->TrustStatus.dwErrorStatus & | |
| 620 CERT_TRUST_IS_NOT_VALID_FOR_USAGE) { | |
| 621 ev_policy_oid = NULL; | |
| 622 chain_para.RequestedIssuancePolicy.Usage.cUsageIdentifier = 0; | |
| 623 chain_para.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = NULL; | |
| 624 CertFreeCertificateChain(chain_context); | |
| 625 if (!CertGetCertificateChain( | |
| 626 chain_engine, | |
| 627 cert_list.get(), | |
| 628 NULL, // current system time | |
| 629 cert_list->hCertStore, | |
| 630 &chain_para, | |
| 631 chain_flags, | |
| 632 NULL, // reserved | |
| 633 &chain_context)) { | |
| 634 verify_result->cert_status |= CERT_STATUS_INVALID; | |
| 635 return MapSecurityError(GetLastError()); | |
| 636 } | |
| 637 } | |
| 638 | |
| 639 ScopedPCCERT_CHAIN_CONTEXT scoped_chain_context(chain_context); | |
| 640 | |
| 641 GetCertChainInfo(chain_context, verify_result); | |
| 642 verify_result->cert_status |= MapCertChainErrorStatusToCertStatus( | |
| 643 chain_context->TrustStatus.dwErrorStatus); | |
| 644 | |
| 645 // Flag certificates that have a Subject common name with a NULL character. | |
| 646 if (CertSubjectCommonNameHasNull(cert_handle)) | |
| 647 verify_result->cert_status |= CERT_STATUS_INVALID; | |
| 648 | |
| 649 if (crl_set && !CheckRevocationWithCRLSet(chain_context, crl_set)) | |
| 650 verify_result->cert_status |= CERT_STATUS_REVOKED; | |
| 651 | |
| 652 std::wstring wstr_hostname = ASCIIToWide(hostname); | |
| 653 | |
| 654 SSL_EXTRA_CERT_CHAIN_POLICY_PARA extra_policy_para; | |
| 655 memset(&extra_policy_para, 0, sizeof(extra_policy_para)); | |
| 656 extra_policy_para.cbSize = sizeof(extra_policy_para); | |
| 657 extra_policy_para.dwAuthType = AUTHTYPE_SERVER; | |
| 658 extra_policy_para.fdwChecks = 0; | |
| 659 extra_policy_para.pwszServerName = | |
| 660 const_cast<wchar_t*>(wstr_hostname.c_str()); | |
| 661 | |
| 662 CERT_CHAIN_POLICY_PARA policy_para; | |
| 663 memset(&policy_para, 0, sizeof(policy_para)); | |
| 664 policy_para.cbSize = sizeof(policy_para); | |
| 665 policy_para.dwFlags = 0; | |
| 666 policy_para.pvExtraPolicyPara = &extra_policy_para; | |
| 667 | |
| 668 CERT_CHAIN_POLICY_STATUS policy_status; | |
| 669 memset(&policy_status, 0, sizeof(policy_status)); | |
| 670 policy_status.cbSize = sizeof(policy_status); | |
| 671 | |
| 672 if (!CertVerifyCertificateChainPolicy( | |
| 673 CERT_CHAIN_POLICY_SSL, | |
| 674 chain_context, | |
| 675 &policy_para, | |
| 676 &policy_status)) { | |
| 677 return MapSecurityError(GetLastError()); | |
| 678 } | |
| 679 | |
| 680 if (policy_status.dwError) { | |
| 681 verify_result->cert_status |= MapNetErrorToCertStatus( | |
| 682 MapSecurityError(policy_status.dwError)); | |
| 683 | |
| 684 // CertVerifyCertificateChainPolicy reports only one error (in | |
| 685 // policy_status.dwError) if the certificate has multiple errors. | |
| 686 // CertGetCertificateChain doesn't report certificate name mismatch, so | |
| 687 // CertVerifyCertificateChainPolicy is the only function that can report | |
| 688 // certificate name mismatch. | |
| 689 // | |
| 690 // To prevent a potential certificate name mismatch from being hidden by | |
| 691 // some other certificate error, if we get any other certificate error, | |
| 692 // we call CertVerifyCertificateChainPolicy again, ignoring all other | |
| 693 // certificate errors. Both extra_policy_para.fdwChecks and | |
| 694 // policy_para.dwFlags allow us to ignore certificate errors, so we set | |
| 695 // them both. | |
| 696 if (policy_status.dwError != CERT_E_CN_NO_MATCH) { | |
| 697 const DWORD extra_ignore_flags = | |
| 698 0x00000080 | // SECURITY_FLAG_IGNORE_REVOCATION | |
| 699 0x00000100 | // SECURITY_FLAG_IGNORE_UNKNOWN_CA | |
| 700 0x00002000 | // SECURITY_FLAG_IGNORE_CERT_DATE_INVALID | |
| 701 0x00000200; // SECURITY_FLAG_IGNORE_WRONG_USAGE | |
| 702 extra_policy_para.fdwChecks = extra_ignore_flags; | |
| 703 const DWORD ignore_flags = | |
| 704 CERT_CHAIN_POLICY_IGNORE_ALL_NOT_TIME_VALID_FLAGS | | |
| 705 CERT_CHAIN_POLICY_IGNORE_INVALID_BASIC_CONSTRAINTS_FLAG | | |
| 706 CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG | | |
| 707 CERT_CHAIN_POLICY_IGNORE_WRONG_USAGE_FLAG | | |
| 708 CERT_CHAIN_POLICY_IGNORE_INVALID_NAME_FLAG | | |
| 709 CERT_CHAIN_POLICY_IGNORE_INVALID_POLICY_FLAG | | |
| 710 CERT_CHAIN_POLICY_IGNORE_ALL_REV_UNKNOWN_FLAGS | | |
| 711 CERT_CHAIN_POLICY_ALLOW_TESTROOT_FLAG | | |
| 712 CERT_CHAIN_POLICY_TRUST_TESTROOT_FLAG | | |
| 713 CERT_CHAIN_POLICY_IGNORE_NOT_SUPPORTED_CRITICAL_EXT_FLAG | | |
| 714 CERT_CHAIN_POLICY_IGNORE_PEER_TRUST_FLAG; | |
| 715 policy_para.dwFlags = ignore_flags; | |
| 716 if (!CertVerifyCertificateChainPolicy( | |
| 717 CERT_CHAIN_POLICY_SSL, | |
| 718 chain_context, | |
| 719 &policy_para, | |
| 720 &policy_status)) { | |
| 721 return MapSecurityError(GetLastError()); | |
| 722 } | |
| 723 if (policy_status.dwError) { | |
| 724 verify_result->cert_status |= MapNetErrorToCertStatus( | |
| 725 MapSecurityError(policy_status.dwError)); | |
| 726 } | |
| 727 } | |
| 728 } | |
| 729 | |
| 730 // TODO(wtc): Suppress CERT_STATUS_NO_REVOCATION_MECHANISM for now to be | |
| 731 // compatible with WinHTTP, which doesn't report this error (bug 3004). | |
| 732 verify_result->cert_status &= ~CERT_STATUS_NO_REVOCATION_MECHANISM; | |
| 733 | |
| 734 if (!rev_checking_enabled) { | |
| 735 // If we didn't do online revocation checking then Windows will report | |
| 736 // CERT_UNABLE_TO_CHECK_REVOCATION unless it had cached OCSP or CRL | |
| 737 // information for every certificate. We only want to put up revoked | |
| 738 // statuses from the offline checks so we squash this error. | |
| 739 verify_result->cert_status &= ~CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; | |
| 740 } | |
| 741 | |
| 742 AppendPublicKeyHashes(chain_context, &verify_result->public_key_hashes); | |
| 743 verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(chain_context); | |
| 744 | |
| 745 if (IsCertStatusError(verify_result->cert_status)) | |
| 746 return MapCertStatusToNetError(verify_result->cert_status); | |
| 747 | |
| 748 if (ev_policy_oid && | |
| 749 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) { | |
| 750 verify_result->cert_status |= CERT_STATUS_IS_EV; | |
| 751 } | |
| 752 return OK; | |
| 753 } | |
| 754 | |
| 755 } // namespace net | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 13006020:
net: extract net/cert out of net/base (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src