Add OCSPVerifyResult for tracking stapled OCSP responses cross-platform.

net/tools/testserver/minica.py

 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 import asn1
+import datetime
 import hashlib
 import os
+import time
 
+GENERALIZED_TIME_FORMAT = "%Y%m%d%H%M%SZ"
+
+OCSP_STATE_GOOD = 1
+OCSP_STATE_REVOKED = 2
+OCSP_STATE_INVALID = 3
+OCSP_STATE_UNAUTHORIZED = 4
+OCSP_STATE_UNKNOWN = 5
+
+OCSP_DATE_VALID = 1
+OCSP_DATE_OLD = 2
+OCSP_DATE_EARLY = 3
+OCSP_DATE_LONG = 4
 
 # This file implements very minimal certificate and OCSP generation. It's
 # designed to test revocation checking.
 
 def RandomNumber(length_in_bytes):
   '''RandomNumber returns a random number of length 8*|length_in_bytes| bits'''
   rand = os.urandom(length_in_bytes)
   n = 0
   for x in rand:
     n <<= 8
@@ skipping 219 matching lines @@
 
   return asn1.ToDER(asn1.SEQUENCE([
     asn1.Raw(tbsCert),
     asn1.SEQUENCE([
       SHA256_WITH_RSA_ENCRYPTION,
       None,
     ]),
     asn1.BitString(privkey.Sign(tbsCert)),
   ]))
 
-
-def MakeOCSPResponse(issuer_cn, issuer_key, serial, ocsp_state):
+def MakeOCSPResponse(issuer_cn, issuer_key, serial, ocsp_state, ocsp_date):
   # https://tools.ietf.org/html/rfc2560
   issuer_name_hash = asn1.OCTETSTRING(
       hashlib.sha1(asn1.ToDER(Name(cn = issuer_cn))).digest())
 
   issuer_key_hash = asn1.OCTETSTRING(
       hashlib.sha1(asn1.ToDER(issuer_key)).digest())
 
   cert_status = None
   if ocsp_state == OCSP_STATE_REVOKED:
     cert_status = asn1.Explicit(1, asn1.GeneralizedTime("20100101060000Z"))
   elif ocsp_state == OCSP_STATE_UNKNOWN:
     cert_status = asn1.Raw(asn1.TagAndLength(0x80 | 2, 0))
   elif ocsp_state == OCSP_STATE_GOOD:
     cert_status = asn1.Raw(asn1.TagAndLength(0x80 | 0, 0))
   else:
     raise ValueError('Bad OCSP state: ' + str(ocsp_state))
 
+  now = datetime.datetime.fromtimestamp(time.mktime(time.gmtime()))
+  if ocsp_date == OCSP_DATE_VALID:
+    thisUpdate = now - datetime.timedelta(days=1)
+    nextUpdate = thisUpdate + datetime.timedelta(weeks=1)
+  elif ocsp_date == OCSP_DATE_OLD:
+    thisUpdate = now - datetime.timedelta(hours=1, weeks=1)
+    nextUpdate = thisUpdate + datetime.timedelta(weeks=1)
+  elif ocsp_date == OCSP_DATE_EARLY:
+    thisUpdate = now + datetime.timedelta(hours=1)
+    nextUpdate = thisUpdate + datetime.timedelta(weeks=1)
+  elif ocsp_date == OCSP_DATE_LONG:
+    thisUpdate = now - datetime.timedelta(days=365)
+    nextUpdate = thisUpdate + datetime.timedelta(hours=1, days=365)
+  else:
+    raise ValueError('Bad OCSP date: ' + str(ocsp_date))
+  producedAt = thisUpdate

[dadrian, 2016/06/27 22:43:03]

I had to modify producedAt because apparently NSS enforces some level of
recentness of producedAt relative to thisUpdate. I'm not sure how recent it has
to be, just that the previous value was definitely too old, and NSS validation
was failing when thisUpdate and nextUpdate were dynamically set, but producedAt
was not. Probably a question for rsleevi, but do we know what restrictions other
platforms enforce on producedAt? The current date validation ignores it, and I
don't believe any particular policy is specified in RFC 6960.

[svaldez, 2016/06/29 14:41:23]

From the RFC, the only requirement on producedAt is that it should be within the
validity period of the certificate that signed the response.

Unfortunately it looks like NSS adds a bunch of additional constraints, which
aren't necessarily valid
(https://dxr.mozilla.org/mozilla-central/source/security/nss/lib/certhigh/ocsp...).

We should probably still allow responses where producedAt < thisUpdate, since
pre-signing is allowed by the spec.

[dadrian, 2016/06/30 21:52:43]

I added a check to make sure notBefore <= producedAt <= notAfter.

[Ryan Sleevi, 2016/06/30 22:14:50]

There were some security bugs about this. From an ops side, CAs presigning
creates substantial risk for compromise, so we haven't been too keen to allow a
large window here. I'd have to dig up bugzilla for the details.

For Windows/OS X, I'd have to check the implementation, I don't know off the top
of my head. How pressing is it?

[dadrian, 2016/07/08 22:17:30]

I mangled these down to one test class that _should_ be platform independent.
We'll see what happens once these hit the try bots after the dependent CL lands.

+
   basic_resp_data_der = asn1.ToDER(asn1.SEQUENCE([
     asn1.Explicit(2, issuer_key_hash),
-    asn1.GeneralizedTime("20100101060000Z"), # producedAt
+    asn1.GeneralizedTime(producedAt.strftime(GENERALIZED_TIME_FORMAT)),
     asn1.SEQUENCE([
       asn1.SEQUENCE([ # SingleResponse
         asn1.SEQUENCE([ # CertID
           asn1.SEQUENCE([ # hashAlgorithm
             HASH_SHA1,
             None,
           ]),
           issuer_name_hash,
           issuer_key_hash,
           serial,
         ]),
         cert_status,
-        asn1.GeneralizedTime("20100101060000Z"), # thisUpdate
-        asn1.Explicit(0, asn1.GeneralizedTime("20300101060000Z")), # nextUpdate
+        asn1.GeneralizedTime( # thisUpdate
+          thisUpdate.strftime(GENERALIZED_TIME_FORMAT)
+        ),
+        asn1.Explicit( # nextUpdate
+          0,
+          asn1.GeneralizedTime(nextUpdate.strftime(GENERALIZED_TIME_FORMAT))
+        ),
       ]),
     ]),
   ]))
 
   basic_resp = asn1.SEQUENCE([
     asn1.Raw(basic_resp_data_der),
     asn1.SEQUENCE([
       SHA256_WITH_RSA_ENCRYPTION,
       None,
     ]),
@@ skipping 10 matching lines @@
 
   return asn1.ToDER(resp)
 
 
 def DERToPEM(der):
   pem = '-----BEGIN CERTIFICATE-----\n'
   pem += der.encode('base64')
   pem += '-----END CERTIFICATE-----\n'
   return pem
 
-OCSP_STATE_GOOD = 1
-OCSP_STATE_REVOKED = 2
-OCSP_STATE_INVALID = 3
-OCSP_STATE_UNAUTHORIZED = 4
-OCSP_STATE_UNKNOWN = 5
-
 # unauthorizedDER is an OCSPResponse with a status of 6:
 # SEQUENCE { ENUM(6) }
 unauthorizedDER = '30030a0106'.decode('hex')
 
 def GenerateCertKeyAndOCSP(subject = "127.0.0.1",
                            ocsp_url = "http://127.0.0.1",
                            ocsp_state = OCSP_STATE_GOOD,
+                           ocsp_date = OCSP_DATE_VALID,
                            serial = 0):
   '''GenerateCertKeyAndOCSP returns a (cert_and_key_pem, ocsp_der) where:
        * cert_and_key_pem contains a certificate and private key in PEM format
          with the given subject common name and OCSP URL.
        * ocsp_der contains a DER encoded OCSP response or None if ocsp_url is
          None'''
 
   if serial == 0:
     serial = RandomNumber(16)
   cert_der = MakeCertificate(ISSUER_CN, bytes(subject), serial, KEY, KEY,
                              bytes(ocsp_url))
   cert_pem = DERToPEM(cert_der)
 
   ocsp_der = None
   if ocsp_url is not None:
     if ocsp_state == OCSP_STATE_UNAUTHORIZED:
       ocsp_der = unauthorizedDER
     elif ocsp_state == OCSP_STATE_INVALID:
       ocsp_der = '3'
     else:
-      ocsp_der = MakeOCSPResponse(ISSUER_CN, KEY, serial, ocsp_state)
+      ocsp_der = MakeOCSPResponse(
+          ISSUER_CN, KEY, serial, ocsp_state, ocsp_date)
 
   return (cert_pem + KEY_PEM, ocsp_der)