Move certificate verification off the IO thread....

net/base/ssl_client_socket_win.cc

 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/ssl_client_socket_win.h"
 
 #include <schnlsp.h>
 
 #include "base/lock.h"
 #include "base/singleton.h"
 #include "base/string_util.h"
 #include "net/base/connection_type_histograms.h"
 #include "net/base/net_errors.h"
-#include "net/base/scoped_cert_chain_context.h"
 #include "net/base/ssl_info.h"
 
 #pragma comment(lib, "secur32.lib")
 
 namespace net {
 
 //-----------------------------------------------------------------------------
 
 // TODO(wtc): See http://msdn.microsoft.com/en-us/library/aa377188(VS.85).aspx
 // for the other error codes we may need to map.
@@ skipping 28 matching lines @@
     case SEC_E_INVALID_HANDLE:
       return ERR_UNEXPECTED;
     case SEC_E_OK:
       return OK;
     default:
       LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED";
       return ERR_FAILED;
   }
 }
 
-// Map a network error code to the equivalent certificate status flag.  If
-// the error code is not a certificate error, it is mapped to 0.
-static int MapNetErrorToCertStatus(int error) {
-  switch (error) {
-    case ERR_CERT_COMMON_NAME_INVALID:
-      return CERT_STATUS_COMMON_NAME_INVALID;
-    case ERR_CERT_DATE_INVALID:
-      return CERT_STATUS_DATE_INVALID;
-    case ERR_CERT_AUTHORITY_INVALID:
-      return CERT_STATUS_AUTHORITY_INVALID;
-    case ERR_CERT_NO_REVOCATION_MECHANISM:
-      return CERT_STATUS_NO_REVOCATION_MECHANISM;
-    case ERR_CERT_UNABLE_TO_CHECK_REVOCATION:
-      return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION;
-    case ERR_CERT_REVOKED:
-      return CERT_STATUS_REVOKED;
-    case ERR_CERT_CONTAINS_ERRORS:
-      NOTREACHED();
-      // Falls through.
-    case ERR_CERT_INVALID:
-      return CERT_STATUS_INVALID;
-    default:
-      return 0;
-  }
-}
-
-static int MapCertStatusToNetError(int cert_status) {
-  // A certificate may have multiple errors.  We report the most
-  // serious error.
-
-  // Unrecoverable errors
-  if (cert_status & CERT_STATUS_INVALID)
-    return ERR_CERT_INVALID;
-  if (cert_status & CERT_STATUS_REVOKED)
-    return ERR_CERT_REVOKED;
-
-  // Recoverable errors
-  if (cert_status & CERT_STATUS_AUTHORITY_INVALID)
-    return ERR_CERT_AUTHORITY_INVALID;
-  if (cert_status & CERT_STATUS_COMMON_NAME_INVALID)
-    return ERR_CERT_COMMON_NAME_INVALID;
-  if (cert_status & CERT_STATUS_DATE_INVALID)
-    return ERR_CERT_DATE_INVALID;
-
-  // Unknown status.  Give it the benefit of the doubt.
-  if (cert_status & CERT_STATUS_UNABLE_TO_CHECK_REVOCATION)
-    return ERR_CERT_UNABLE_TO_CHECK_REVOCATION;
-  if (cert_status & CERT_STATUS_NO_REVOCATION_MECHANISM)
-    return ERR_CERT_NO_REVOCATION_MECHANISM;
-
-  NOTREACHED();
-  return ERR_UNEXPECTED;
-}
-
-// Map the errors in the chain_context->TrustStatus.dwErrorStatus returned by
-// CertGetCertificateChain to our certificate status flags.
-static int MapCertChainErrorStatusToCertStatus(DWORD error_status) {
-  int cert_status = 0;
-
-  // CERT_TRUST_IS_NOT_TIME_NESTED means a subject certificate's time validity
-  // does not nest correctly within its issuer's time validity.
-  const DWORD kDateInvalidErrors = CERT_TRUST_IS_NOT_TIME_VALID |
-                                   CERT_TRUST_IS_NOT_TIME_NESTED |
-                                   CERT_TRUST_CTL_IS_NOT_TIME_VALID;
-  if (error_status & kDateInvalidErrors)
-    cert_status |= CERT_STATUS_DATE_INVALID;
-
-  const DWORD kAuthorityInvalidErrors = CERT_TRUST_IS_UNTRUSTED_ROOT |
-                                        CERT_TRUST_IS_EXPLICIT_DISTRUST |
-                                        CERT_TRUST_IS_PARTIAL_CHAIN;
-  if (error_status & kAuthorityInvalidErrors)
-    cert_status |= CERT_STATUS_AUTHORITY_INVALID;
-
-  if ((error_status & CERT_TRUST_REVOCATION_STATUS_UNKNOWN) &&
-      !(error_status & CERT_TRUST_IS_OFFLINE_REVOCATION))
-    cert_status |= CERT_STATUS_NO_REVOCATION_MECHANISM;
-
-  if (error_status & CERT_TRUST_IS_OFFLINE_REVOCATION)
-    cert_status |= CERT_STATUS_UNABLE_TO_CHECK_REVOCATION;
-
-  if (error_status & CERT_TRUST_IS_REVOKED)
-    cert_status |= CERT_STATUS_REVOKED;
-
-  const DWORD kWrongUsageErrors = CERT_TRUST_IS_NOT_VALID_FOR_USAGE |
-                                  CERT_TRUST_CTL_IS_NOT_VALID_FOR_USAGE;
-  if (error_status & kWrongUsageErrors) {
-    // TODO(wtc): Handle these errors.
-    // cert_status = |= CERT_STATUS_WRONG_USAGE;
-  }
-
-  // The rest of the errors.
-  const DWORD kCertInvalidErrors =
-      CERT_TRUST_IS_NOT_SIGNATURE_VALID |
-      CERT_TRUST_IS_CYCLIC |
-      CERT_TRUST_INVALID_EXTENSION |
-      CERT_TRUST_INVALID_POLICY_CONSTRAINTS |
-      CERT_TRUST_INVALID_BASIC_CONSTRAINTS |
-      CERT_TRUST_INVALID_NAME_CONSTRAINTS |
-      CERT_TRUST_CTL_IS_NOT_SIGNATURE_VALID |
-      CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT |
-      CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT |
-      CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT |
-      CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT |
-      CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY |
-      CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT;
-  if (error_status & kCertInvalidErrors)
-    cert_status |= CERT_STATUS_INVALID;
-
-  return cert_status;
-}
-
 //-----------------------------------------------------------------------------
 
 // A bitmask consisting of these bit flags encodes which versions of the SSL
 // protocol (SSL 2.0, SSL 3.0, and TLS 1.0) are enabled.
 enum {
   SSL2 = 1 << 0,
   SSL3 = 1 << 1,
   TLS1 = 1 << 2,
   SSL_VERSION_MASKS = 1 << 3  // The number of SSL version bitmasks.
 };
@@ skipping 137 matching lines @@
 #pragma warning(suppress: 4355)
     : io_callback_(this, &SSLClientSocketWin::OnIOComplete),
       transport_(transport_socket),
       hostname_(hostname),
       ssl_config_(ssl_config),
       user_callback_(NULL),
       user_buf_(NULL),
       user_buf_len_(0),
       next_state_(STATE_NONE),
       server_cert_(NULL),
-      server_cert_status_(0),
       creds_(NULL),
       payload_send_buffer_len_(0),
       bytes_sent_(0),
       decrypted_ptr_(NULL),
       bytes_decrypted_(0),
       received_ptr_(NULL),
       bytes_received_(0),
       completed_handshake_(false),
       complete_handshake_on_write_complete_(false),
       ignore_ok_result_(false),
@@ skipping 23 matching lines @@
   SecPkgContext_ConnectionInfo connection_info;
   status = QueryContextAttributes(&ctxt_,
                                   SECPKG_ATTR_CONNECTION_INFO,
                                   &connection_info);
   if (status == SEC_E_OK) {
     // TODO(wtc): compute the overall security strength, taking into account
     // dwExchStrength and dwHashStrength.  dwExchStrength needs to be
     // normalized.
     ssl_info->security_bits = connection_info.dwCipherStrength;
   }
-  ssl_info->cert_status = server_cert_status_;
+  ssl_info->cert_status = server_cert_verify_result_.cert_status;
 }
 
 int SSLClientSocketWin::Connect(CompletionCallback* callback) {
   DCHECK(transport_.get());
   DCHECK(next_state_ == STATE_NONE);
   DCHECK(!user_callback_);
 
   int ssl_version_mask = 0;
   if (ssl_config_.ssl2_enabled)
     ssl_version_mask |= SSL2;
@@ skipping 141 matching lines @@
         break;
       case STATE_HANDSHAKE_READ_COMPLETE:
         rv = DoHandshakeReadComplete(rv);
         break;
       case STATE_HANDSHAKE_WRITE:
         rv = DoHandshakeWrite();
         break;
       case STATE_HANDSHAKE_WRITE_COMPLETE:
         rv = DoHandshakeWriteComplete(rv);
         break;
+      case STATE_VERIFY_CERT:
+        rv = DoVerifyCert();
+        break;
+      case STATE_VERIFY_CERT_COMPLETE:
+        rv = DoVerifyCertComplete(rv);
+        break;
       case STATE_PAYLOAD_READ:
         rv = DoPayloadRead();
         break;
       case STATE_PAYLOAD_READ_COMPLETE:
         rv = DoPayloadReadComplete(rv);
         break;
       case STATE_PAYLOAD_ENCRYPT:
         rv = DoPayloadEncrypt();
         break;
       case STATE_PAYLOAD_WRITE:
@@ skipping 245 matching lines @@
       return DidCompleteHandshake();
     next_state_ = STATE_HANDSHAKE_READ;
   } else {
     // Send the remaining bytes.
     next_state_ = STATE_HANDSHAKE_WRITE;
   }
 
   return OK;
 }
 
+// Set server_cert_status_ and return OK or a network error.
+int SSLClientSocketWin::DoVerifyCert() {
+  next_state_ = STATE_VERIFY_CERT_COMPLETE;
+
+  DCHECK(server_cert_);
+
+  PCCERT_CONTEXT dup_cert = CertDuplicateCertificateContext(server_cert_);
+  scoped_refptr<X509Certificate> cert =
+      X509Certificate::CreateFromHandle(dup_cert,
+                                        X509Certificate::SOURCE_FROM_NETWORK);
+  return verifier_.Verify(cert, hostname_, ssl_config_.rev_checking_enabled,
+                          &server_cert_verify_result_, &io_callback_);
+}
+
+int SSLClientSocketWin::DoVerifyCertComplete(int result) {
+  LogConnectionTypeMetrics();
+  return result;
+}
+
 int SSLClientSocketWin::DoPayloadRead() {
   next_state_ = STATE_PAYLOAD_READ_COMPLETE;
 
   DCHECK(recv_buffer_.get());
 
   char* buf = recv_buffer_.get() + bytes_received_;
   int buf_len = kRecvBufferSize - bytes_received_;
 
   if (buf_len <= 0) {
     NOTREACHED() << "Receive buffer is too small!";
@@ skipping 201 matching lines @@
   }
   DCHECK(!server_cert_);
   status = QueryContextAttributes(
       &ctxt_, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &server_cert_);
   if (status != SEC_E_OK) {
     DLOG(ERROR) << "QueryContextAttributes failed: " << status;
     return MapSecurityError(status);
   }
 
   completed_handshake_ = true;
-  return VerifyServerCert();
+  next_state_ = STATE_VERIFY_CERT;
+  return OK;
 }
 
-// static
-void SSLClientSocketWin::LogConnectionTypeMetrics(
-    PCCERT_CHAIN_CONTEXT chain_context) {
+void SSLClientSocketWin::LogConnectionTypeMetrics() const {
   UpdateConnectionTypeHistograms(CONNECTION_SSL);
-
-  PCERT_SIMPLE_CHAIN first_chain = chain_context->rgpChain[0];
-  int num_elements = first_chain->cElement;
-  PCERT_CHAIN_ELEMENT* element = first_chain->rgpElement;
-  bool has_md5 = false;
-  bool has_md2 = false;
-  bool has_md4 = false;
-  bool has_md5_ca = false;
-  bool has_md2_ca = false;
-
-  // Each chain starts with the end entity certificate (i = 0) and ends with
-  // the root CA certificate (i = num_elements - 1).  Do not inspect the
-  // signature algorithm of the root CA certificate because the signature on
-  // the trust anchor is not important.
-  for (int i = 0; i < num_elements - 1; ++i) {
-    PCCERT_CONTEXT cert = element[i]->pCertContext;
-    const char* algorithm = cert->pCertInfo->SignatureAlgorithm.pszObjId;
-    if (strcmp(algorithm, szOID_RSA_MD5RSA) == 0) {
-      // md5WithRSAEncryption: 1.2.840.113549.1.1.4
-      has_md5 = true;
-      if (i != 0)
-        has_md5_ca = true;
-    } else if (strcmp(algorithm, szOID_RSA_MD2RSA) == 0) {
-      // md2WithRSAEncryption: 1.2.840.113549.1.1.2
-      has_md2 = true;
-      if (i != 0)
-        has_md2_ca = true;
-    } else if (strcmp(algorithm, szOID_RSA_MD4RSA) == 0) {
-      // md4WithRSAEncryption: 1.2.840.113549.1.1.3
-      has_md4 = true;
-    }
-  }
-
-  if (has_md5)
+  if (server_cert_verify_result_.has_md5)
     UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5);
-  if (has_md2)
+  if (server_cert_verify_result_.has_md2)
     UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2);
-  if (has_md4)
+  if (server_cert_verify_result_.has_md4)
     UpdateConnectionTypeHistograms(CONNECTION_SSL_MD4);
-  if (has_md5_ca)
+  if (server_cert_verify_result_.has_md5_ca)
     UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5_CA);
-  if (has_md2_ca)
+  if (server_cert_verify_result_.has_md2_ca)
     UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA);
 }
 
-// Set server_cert_status_ and return OK or a network error.
-int SSLClientSocketWin::VerifyServerCert() {
-  DCHECK(server_cert_);
-  server_cert_status_ = 0;
-
-  // Build and validate certificate chain.
-
-  CERT_CHAIN_PARA chain_para;
-  memset(&chain_para, 0, sizeof(chain_para));
-  chain_para.cbSize = sizeof(chain_para);
-  // TODO(wtc): consider requesting the usage szOID_PKIX_KP_SERVER_AUTH
-  // or szOID_SERVER_GATED_CRYPTO or szOID_SGC_NETSCAPE
-  chain_para.RequestedUsage.dwType = USAGE_MATCH_TYPE_AND;
-  chain_para.RequestedUsage.Usage.cUsageIdentifier = 0;
-  chain_para.RequestedUsage.Usage.rgpszUsageIdentifier = NULL;  // LPSTR*
-  // We can set CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS to get more chains.
-  DWORD flags = CERT_CHAIN_CACHE_END_CERT;
-  if (ssl_config_.rev_checking_enabled) {
-    server_cert_status_ |= CERT_STATUS_REV_CHECKING_ENABLED;
-    flags |= CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;
-  } else {
-    flags |= CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY;
-  }
-  PCCERT_CHAIN_CONTEXT chain_context;
-  if (!CertGetCertificateChain(
-           NULL,  // default chain engine, HCCE_CURRENT_USER
-           server_cert_,
-           NULL,  // current system time
-           server_cert_->hCertStore,  // search this store
-           &chain_para,
-           flags,
-           NULL,  // reserved
-           &chain_context)) {
-    return MapSecurityError(GetLastError());
-  }
-  ScopedCertChainContext scoped_chain_context(chain_context);
-
-  LogConnectionTypeMetrics(chain_context);
-
-  server_cert_status_ |= MapCertChainErrorStatusToCertStatus(
-      chain_context->TrustStatus.dwErrorStatus);
-
-  std::wstring wstr_hostname = ASCIIToWide(hostname_);
-
-  SSL_EXTRA_CERT_CHAIN_POLICY_PARA extra_policy_para;
-  memset(&extra_policy_para, 0, sizeof(extra_policy_para));
-  extra_policy_para.cbSize = sizeof(extra_policy_para);
-  extra_policy_para.dwAuthType = AUTHTYPE_SERVER;
-  extra_policy_para.fdwChecks = 0;
-  extra_policy_para.pwszServerName =
-      const_cast<wchar_t*>(wstr_hostname.c_str());
-
-  CERT_CHAIN_POLICY_PARA policy_para;
-  memset(&policy_para, 0, sizeof(policy_para));
-  policy_para.cbSize = sizeof(policy_para);
-  policy_para.dwFlags = 0;
-  policy_para.pvExtraPolicyPara = &extra_policy_para;
-
-  CERT_CHAIN_POLICY_STATUS policy_status;
-  memset(&policy_status, 0, sizeof(policy_status));
-  policy_status.cbSize = sizeof(policy_status);
-
-  if (!CertVerifyCertificateChainPolicy(
-           CERT_CHAIN_POLICY_SSL,
-           chain_context,
-           &policy_para,
-           &policy_status)) {
-    return MapSecurityError(GetLastError());
-  }
-
-  if (policy_status.dwError) {
-    server_cert_status_ |= MapNetErrorToCertStatus(
-        MapSecurityError(policy_status.dwError));
-
-    // CertVerifyCertificateChainPolicy reports only one error (in
-    // policy_status.dwError) if the certificate has multiple errors.
-    // CertGetCertificateChain doesn't report certificate name mismatch, so
-    // CertVerifyCertificateChainPolicy is the only function that can report
-    // certificate name mismatch.
-    //
-    // To prevent a potential certificate name mismatch from being hidden by
-    // some other certificate error, if we get any other certificate error,
-    // we call CertVerifyCertificateChainPolicy again, ignoring all other
-    // certificate errors.  Both extra_policy_para.fdwChecks and
-    // policy_para.dwFlags allow us to ignore certificate errors, so we set
-    // them both.
-    if (policy_status.dwError != CERT_E_CN_NO_MATCH) {
-      const DWORD extra_ignore_flags =
-          0x00000080 |  // SECURITY_FLAG_IGNORE_REVOCATION
-          0x00000100 |  // SECURITY_FLAG_IGNORE_UNKNOWN_CA
-          0x00002000 |  // SECURITY_FLAG_IGNORE_CERT_DATE_INVALID
-          0x00000200;   // SECURITY_FLAG_IGNORE_WRONG_USAGE
-      extra_policy_para.fdwChecks = extra_ignore_flags;
-      const DWORD ignore_flags =
-          CERT_CHAIN_POLICY_IGNORE_ALL_NOT_TIME_VALID_FLAGS |
-          CERT_CHAIN_POLICY_IGNORE_INVALID_BASIC_CONSTRAINTS_FLAG |
-          CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG |
-          CERT_CHAIN_POLICY_IGNORE_WRONG_USAGE_FLAG |
-          CERT_CHAIN_POLICY_IGNORE_INVALID_NAME_FLAG |
-          CERT_CHAIN_POLICY_IGNORE_INVALID_POLICY_FLAG |
-          CERT_CHAIN_POLICY_IGNORE_ALL_REV_UNKNOWN_FLAGS |
-          CERT_CHAIN_POLICY_ALLOW_TESTROOT_FLAG |
-          CERT_CHAIN_POLICY_TRUST_TESTROOT_FLAG |
-          CERT_CHAIN_POLICY_IGNORE_NOT_SUPPORTED_CRITICAL_EXT_FLAG |
-          CERT_CHAIN_POLICY_IGNORE_PEER_TRUST_FLAG;
-      policy_para.dwFlags = ignore_flags;
-      if (!CertVerifyCertificateChainPolicy(
-               CERT_CHAIN_POLICY_SSL,
-               chain_context,
-               &policy_para,
-               &policy_status)) {
-        return MapSecurityError(GetLastError());
-      }
-      if (policy_status.dwError) {
-        server_cert_status_ |= MapNetErrorToCertStatus(
-            MapSecurityError(policy_status.dwError));
-      }
-    }
-  }
-
-  // TODO(wtc): Suppress CERT_STATUS_NO_REVOCATION_MECHANISM for now to be
-  // compatible with WinHTTP, which doesn't report this error (bug 3004).
-  server_cert_status_ &= ~CERT_STATUS_NO_REVOCATION_MECHANISM;
-
-  if (IsCertStatusError(server_cert_status_))
-    return MapCertStatusToNetError(server_cert_status_);
-  return OK;
-}
-
 }  // namespace net