Move certificate verification off the IO thread....

net/base/x509_certificate_win.cc

 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/x509_certificate.h"
 
 #include "base/logging.h"
 #include "base/pickle.h"
 #include "base/string_tokenizer.h"
 #include "base/string_util.h"
 #include "net/base/cert_status_flags.h"
+#include "net/base/cert_verify_result.h"
 #include "net/base/ev_root_ca_metadata.h"
+#include "net/base/net_errors.h"
 #include "net/base/scoped_cert_chain_context.h"
 
 #pragma comment(lib, "crypt32.lib")
 
 using base::Time;
 
 namespace net {
 
 namespace {
 
+//-----------------------------------------------------------------------------
+
+// TODO(wtc): This is a copy of the MapSecurityError function in
+// ssl_client_socket_win.cc.  Another function that maps Windows error codes
+// to our network error codes is WinInetUtil::OSErrorToNetError.  We should
+// eliminate the code duplication.
+int MapSecurityError(SECURITY_STATUS err) {
+  // There are numerous security error codes, but these are the ones we thus
+  // far find interesting.
+  switch (err) {
+    case SEC_E_WRONG_PRINCIPAL:  // Schannel
+    case CERT_E_CN_NO_MATCH:  // CryptoAPI
+      return ERR_CERT_COMMON_NAME_INVALID;
+    case SEC_E_UNTRUSTED_ROOT:  // Schannel
+    case CERT_E_UNTRUSTEDROOT:  // CryptoAPI
+      return ERR_CERT_AUTHORITY_INVALID;
+    case SEC_E_CERT_EXPIRED:  // Schannel
+    case CERT_E_EXPIRED:  // CryptoAPI
+      return ERR_CERT_DATE_INVALID;
+    case CRYPT_E_NO_REVOCATION_CHECK:
+      return ERR_CERT_NO_REVOCATION_MECHANISM;
+    case CRYPT_E_REVOCATION_OFFLINE:
+      return ERR_CERT_UNABLE_TO_CHECK_REVOCATION;
+    case CRYPT_E_REVOKED:  // Schannel and CryptoAPI
+      return ERR_CERT_REVOKED;
+    case SEC_E_CERT_UNKNOWN:
+    case CERT_E_ROLE:
+      return ERR_CERT_INVALID;
+    // We received an unexpected_message or illegal_parameter alert message
+    // from the server.
+    case SEC_E_ILLEGAL_MESSAGE:
+      return ERR_SSL_PROTOCOL_ERROR;
+    case SEC_E_ALGORITHM_MISMATCH:
+      return ERR_SSL_VERSION_OR_CIPHER_MISMATCH;
+    case SEC_E_INVALID_HANDLE:
+      return ERR_UNEXPECTED;
+    case SEC_E_OK:
+      return OK;
+    default:
+      LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED";
+      return ERR_FAILED;
+  }
+}
+
+// Map the errors in the chain_context->TrustStatus.dwErrorStatus returned by
+// CertGetCertificateChain to our certificate status flags.
+int MapCertChainErrorStatusToCertStatus(DWORD error_status) {
+  int cert_status = 0;
+
+  // CERT_TRUST_IS_NOT_TIME_NESTED means a subject certificate's time validity
+  // does not nest correctly within its issuer's time validity.
+  const DWORD kDateInvalidErrors = CERT_TRUST_IS_NOT_TIME_VALID |
+                                   CERT_TRUST_IS_NOT_TIME_NESTED |
+                                   CERT_TRUST_CTL_IS_NOT_TIME_VALID;
+  if (error_status & kDateInvalidErrors)
+    cert_status |= CERT_STATUS_DATE_INVALID;
+
+  const DWORD kAuthorityInvalidErrors = CERT_TRUST_IS_UNTRUSTED_ROOT |
+                                        CERT_TRUST_IS_EXPLICIT_DISTRUST |
+                                        CERT_TRUST_IS_PARTIAL_CHAIN;
+  if (error_status & kAuthorityInvalidErrors)
+    cert_status |= CERT_STATUS_AUTHORITY_INVALID;
+
+  if ((error_status & CERT_TRUST_REVOCATION_STATUS_UNKNOWN) &&
+      !(error_status & CERT_TRUST_IS_OFFLINE_REVOCATION))
+    cert_status |= CERT_STATUS_NO_REVOCATION_MECHANISM;
+
+  if (error_status & CERT_TRUST_IS_OFFLINE_REVOCATION)
+    cert_status |= CERT_STATUS_UNABLE_TO_CHECK_REVOCATION;
+
+  if (error_status & CERT_TRUST_IS_REVOKED)
+    cert_status |= CERT_STATUS_REVOKED;
+
+  const DWORD kWrongUsageErrors = CERT_TRUST_IS_NOT_VALID_FOR_USAGE |
+                                  CERT_TRUST_CTL_IS_NOT_VALID_FOR_USAGE;
+  if (error_status & kWrongUsageErrors) {
+    // TODO(wtc): Handle these errors.
+    // cert_status = |= CERT_STATUS_WRONG_USAGE;
+  }
+
+  // The rest of the errors.
+  const DWORD kCertInvalidErrors =
+      CERT_TRUST_IS_NOT_SIGNATURE_VALID |
+      CERT_TRUST_IS_CYCLIC |
+      CERT_TRUST_INVALID_EXTENSION |
+      CERT_TRUST_INVALID_POLICY_CONSTRAINTS |
+      CERT_TRUST_INVALID_BASIC_CONSTRAINTS |
+      CERT_TRUST_INVALID_NAME_CONSTRAINTS |
+      CERT_TRUST_CTL_IS_NOT_SIGNATURE_VALID |
+      CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT |
+      CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT |
+      CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT |
+      CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT |
+      CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY |
+      CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT;
+  if (error_status & kCertInvalidErrors)
+    cert_status |= CERT_STATUS_INVALID;
+
+  return cert_status;
+}
+
+//-----------------------------------------------------------------------------
+
 // Wrappers of malloc and free for CRYPT_DECODE_PARA, which requires the
 // WINAPI calling convention.
 void* WINAPI MyCryptAlloc(size_t size) {
   return malloc(size);
 }
 
 void WINAPI MyCryptFree(void* p) {
   free(p);
 }
 
@@ skipping 19 matching lines @@
                            extension->Value.pbData,
                            extension->Value.cbData,
                            CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG,
                            &decode_para,
                            &alt_name_info,
                            &alt_name_info_size);
   if (rv)
     output->reset(alt_name_info);
 }
 
+// Saves some information about the certificate chain chain_context in
+// *verify_result.
+void GetCertChainInfo(PCCERT_CHAIN_CONTEXT chain_context,
+                      CertVerifyResult* verify_result) {
+  PCERT_SIMPLE_CHAIN first_chain = chain_context->rgpChain[0];
+  int num_elements = first_chain->cElement;
+  PCERT_CHAIN_ELEMENT* element = first_chain->rgpElement;
+
+  // Each chain starts with the end entity certificate (i = 0) and ends with
+  // the root CA certificate (i = num_elements - 1).  Do not inspect the
+  // signature algorithm of the root CA certificate because the signature on
+  // the trust anchor is not important.
+  for (int i = 0; i < num_elements - 1; ++i) {
+    PCCERT_CONTEXT cert = element[i]->pCertContext;
+    const char* algorithm = cert->pCertInfo->SignatureAlgorithm.pszObjId;
+    if (strcmp(algorithm, szOID_RSA_MD5RSA) == 0) {
+      // md5WithRSAEncryption: 1.2.840.113549.1.1.4
+      verify_result->has_md5 = true;
+      if (i != 0)
+        verify_result->has_md5_ca = true;
+    } else if (strcmp(algorithm, szOID_RSA_MD2RSA) == 0) {
+      // md2WithRSAEncryption: 1.2.840.113549.1.1.2
+      verify_result->has_md2 = true;
+      if (i != 0)
+        verify_result->has_md2_ca = true;
+    } else if (strcmp(algorithm, szOID_RSA_MD4RSA) == 0) {
+      // md4WithRSAEncryption: 1.2.840.113549.1.1.3
+      verify_result->has_md4 = true;
+    }
+  }
+}
+
 ///////////////////////////////////////////////////////////////////////////
 //
 // Functions used by X509Certificate::IsEV
 //
 ///////////////////////////////////////////////////////////////////////////
 
 // Constructs a certificate chain starting from the end certificate
 // 'cert_context', matching any of the certificate policies.
 //
 // Returns the certificate chain context on success, or NULL on failure.
@@ skipping 214 matching lines @@
     }
   }
   if (dns_names->empty())
     dns_names->push_back(subject_.common_name);
 }
 
 bool X509Certificate::HasExpired() const {
   return Time::Now() > valid_expiry();
 }
 
+int X509Certificate::Verify(const std::string& hostname,
+                            bool rev_checking_enabled,
+                            CertVerifyResult* verify_result) const {
+  verify_result->cert_status = 0;
+  verify_result->has_md5 = false;
+  verify_result->has_md2 = false;
+  verify_result->has_md4 = false;
+  verify_result->has_md5_ca = false;
+  verify_result->has_md2_ca = false;
+
+  // Build and validate certificate chain.
+
+  CERT_CHAIN_PARA chain_para;
+  memset(&chain_para, 0, sizeof(chain_para));
+  chain_para.cbSize = sizeof(chain_para);
+  // TODO(wtc): consider requesting the usage szOID_PKIX_KP_SERVER_AUTH
+  // or szOID_SERVER_GATED_CRYPTO or szOID_SGC_NETSCAPE
+  chain_para.RequestedUsage.dwType = USAGE_MATCH_TYPE_AND;
+  chain_para.RequestedUsage.Usage.cUsageIdentifier = 0;
+  chain_para.RequestedUsage.Usage.rgpszUsageIdentifier = NULL;  // LPSTR*
+  // We can set CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS to get more chains.
+  DWORD flags = CERT_CHAIN_CACHE_END_CERT;
+  if (rev_checking_enabled) {
+    verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED;
+    flags |= CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;
+  } else {
+    flags |= CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY;
+  }
+  PCCERT_CHAIN_CONTEXT chain_context;
+  if (!CertGetCertificateChain(
+           NULL,  // default chain engine, HCCE_CURRENT_USER
+           cert_handle_,
+           NULL,  // current system time
+           cert_handle_->hCertStore,  // search this store
+           &chain_para,
+           flags,
+           NULL,  // reserved
+           &chain_context)) {
+    return MapSecurityError(GetLastError());
+  }
+  ScopedCertChainContext scoped_chain_context(chain_context);
+
+  GetCertChainInfo(chain_context, verify_result);
+
+  verify_result->cert_status |= MapCertChainErrorStatusToCertStatus(
+      chain_context->TrustStatus.dwErrorStatus);
+
+  std::wstring wstr_hostname = ASCIIToWide(hostname);
+
+  SSL_EXTRA_CERT_CHAIN_POLICY_PARA extra_policy_para;
+  memset(&extra_policy_para, 0, sizeof(extra_policy_para));
+  extra_policy_para.cbSize = sizeof(extra_policy_para);
+  extra_policy_para.dwAuthType = AUTHTYPE_SERVER;
+  extra_policy_para.fdwChecks = 0;
+  extra_policy_para.pwszServerName =
+      const_cast<wchar_t*>(wstr_hostname.c_str());
+
+  CERT_CHAIN_POLICY_PARA policy_para;
+  memset(&policy_para, 0, sizeof(policy_para));
+  policy_para.cbSize = sizeof(policy_para);
+  policy_para.dwFlags = 0;
+  policy_para.pvExtraPolicyPara = &extra_policy_para;
+
+  CERT_CHAIN_POLICY_STATUS policy_status;
+  memset(&policy_status, 0, sizeof(policy_status));
+  policy_status.cbSize = sizeof(policy_status);
+
+  if (!CertVerifyCertificateChainPolicy(
+           CERT_CHAIN_POLICY_SSL,
+           chain_context,
+           &policy_para,
+           &policy_status)) {
+    return MapSecurityError(GetLastError());
+  }
+
+  if (policy_status.dwError) {
+    verify_result->cert_status |= MapNetErrorToCertStatus(
+        MapSecurityError(policy_status.dwError));
+
+    // CertVerifyCertificateChainPolicy reports only one error (in
+    // policy_status.dwError) if the certificate has multiple errors.
+    // CertGetCertificateChain doesn't report certificate name mismatch, so
+    // CertVerifyCertificateChainPolicy is the only function that can report
+    // certificate name mismatch.
+    //
+    // To prevent a potential certificate name mismatch from being hidden by
+    // some other certificate error, if we get any other certificate error,
+    // we call CertVerifyCertificateChainPolicy again, ignoring all other
+    // certificate errors.  Both extra_policy_para.fdwChecks and
+    // policy_para.dwFlags allow us to ignore certificate errors, so we set
+    // them both.
+    if (policy_status.dwError != CERT_E_CN_NO_MATCH) {
+      const DWORD extra_ignore_flags =
+          0x00000080 |  // SECURITY_FLAG_IGNORE_REVOCATION
+          0x00000100 |  // SECURITY_FLAG_IGNORE_UNKNOWN_CA
+          0x00002000 |  // SECURITY_FLAG_IGNORE_CERT_DATE_INVALID
+          0x00000200;   // SECURITY_FLAG_IGNORE_WRONG_USAGE
+      extra_policy_para.fdwChecks = extra_ignore_flags;
+      const DWORD ignore_flags =
+          CERT_CHAIN_POLICY_IGNORE_ALL_NOT_TIME_VALID_FLAGS |
+          CERT_CHAIN_POLICY_IGNORE_INVALID_BASIC_CONSTRAINTS_FLAG |
+          CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG |
+          CERT_CHAIN_POLICY_IGNORE_WRONG_USAGE_FLAG |
+          CERT_CHAIN_POLICY_IGNORE_INVALID_NAME_FLAG |
+          CERT_CHAIN_POLICY_IGNORE_INVALID_POLICY_FLAG |
+          CERT_CHAIN_POLICY_IGNORE_ALL_REV_UNKNOWN_FLAGS |
+          CERT_CHAIN_POLICY_ALLOW_TESTROOT_FLAG |
+          CERT_CHAIN_POLICY_TRUST_TESTROOT_FLAG |
+          CERT_CHAIN_POLICY_IGNORE_NOT_SUPPORTED_CRITICAL_EXT_FLAG |
+          CERT_CHAIN_POLICY_IGNORE_PEER_TRUST_FLAG;
+      policy_para.dwFlags = ignore_flags;
+      if (!CertVerifyCertificateChainPolicy(
+               CERT_CHAIN_POLICY_SSL,
+               chain_context,
+               &policy_para,
+               &policy_status)) {
+        return MapSecurityError(GetLastError());
+      }
+      if (policy_status.dwError) {
+        verify_result->cert_status |= MapNetErrorToCertStatus(
+            MapSecurityError(policy_status.dwError));
+      }
+    }
+  }
+
+  // TODO(wtc): Suppress CERT_STATUS_NO_REVOCATION_MECHANISM for now to be
+  // compatible with WinHTTP, which doesn't report this error (bug 3004).
+  verify_result->cert_status &= ~CERT_STATUS_NO_REVOCATION_MECHANISM;
+
+  if (IsCertStatusError(verify_result->cert_status))
+    return MapCertStatusToNetError(verify_result->cert_status);
+  return OK;
+}
+
 // Returns true if the certificate is an extended-validation certificate.
 //
 // The certificate has already been verified by the HTTP library.  cert_status
 // represents the result of that verification.  This function performs
 // additional checks of the certificatePolicies extensions of the certificates
 // in the certificate chain according to Section 7 (pp. 11-12) of the EV
 // Certificate Guidelines Version 1.0 at
 // http://cabforum.org/EV_Certificate_Guidelines.pdf.
 bool X509Certificate::IsEV(int cert_status) const {
   if (net::IsCertStatusError(cert_status) ||
@@ skipping 75 matching lines @@
   rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded,
                             cert->cbCertEncoded, sha1.data, &sha1_size);
   DCHECK(rv && sha1_size == sizeof(sha1.data));
   if (!rv)
     memset(sha1.data, 0, sizeof(sha1.data));
   return sha1;
 }
 
 }  // namespace net