components/cast_certificate/cast_crl.cc - Issue 2327973002: Add CertErrors* parameter to the main Certificate parsing functions.

Side by Side Diff: components/cast_certificate/cast_crl.cc

Issue 2327973002: Add CertErrors* parameter to the main Certificate parsing functions. (Closed)

Patch Set: fix comment typeo Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2016 The Chromium Authors. All rights reserved.	1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "components/cast_certificate/cast_crl.h"	5 #include "components/cast_certificate/cast_crl.h"

6	6

7 #include <unordered_map>	7 #include <unordered_map>

8 #include <unordered_set>	8 #include <unordered_set>

9	9

10 #include "base/base64.h"	10 #include "base/base64.h"

11 #include "base/memory/ptr_util.h"	11 #include "base/memory/ptr_util.h"

12 #include "base/memory/singleton.h"	12 #include "base/memory/singleton.h"

13 #include "components/cast_certificate/proto/revocation.pb.h"	13 #include "components/cast_certificate/proto/revocation.pb.h"

14 #include "crypto/sha2.h"	14 #include "crypto/sha2.h"

	15 #include "net/cert/internal/cert_errors.h"

15 #include "net/cert/internal/parse_certificate.h"	16 #include "net/cert/internal/parse_certificate.h"

16 #include "net/cert/internal/parsed_certificate.h"	17 #include "net/cert/internal/parsed_certificate.h"

17 #include "net/cert/internal/path_builder.h"	18 #include "net/cert/internal/path_builder.h"

18 #include "net/cert/internal/signature_algorithm.h"	19 #include "net/cert/internal/signature_algorithm.h"

19 #include "net/cert/internal/signature_policy.h"	20 #include "net/cert/internal/signature_policy.h"

20 #include "net/cert/internal/trust_store_in_memory.h"	21 #include "net/cert/internal/trust_store_in_memory.h"

21 #include "net/cert/internal/verify_certificate_chain.h"	22 #include "net/cert/internal/verify_certificate_chain.h"

22 #include "net/cert/internal/verify_signed_data.h"	23 #include "net/cert/internal/verify_signed_data.h"

23 #include "net/cert/x509_certificate.h"	24 #include "net/cert/x509_certificate.h"

24 #include "net/der/encode_values.h"	25 #include "net/der/encode_values.h"

25 #include "net/der/input.h"	26 #include "net/der/input.h"

	27 #include "net/der/parse_values.h"

26 #include "net/der/parser.h"	28 #include "net/der/parser.h"

27 #include "net/der/parse_values.h"

28	29

29 namespace cast_certificate {	30 namespace cast_certificate {

30 namespace {	31 namespace {

31	32

32 enum CrlVersion {	33 enum CrlVersion {

33 // version 0: Spki Hash Algorithm = SHA-256	34 // version 0: Spki Hash Algorithm = SHA-256

34 // Signature Algorithm = RSA-PKCS1 V1.5 with SHA-256	35 // Signature Algorithm = RSA-PKCS1 V1.5 with SHA-256

35 CRL_VERSION_0 = 0,	36 CRL_VERSION_0 = 0,

36 };	37 };

37	38

(...skipping 17 matching lines...) Expand all Loading...
55 CastCRLTrustStore>>::get();	56 CastCRLTrustStore>>::get();

56 }	57 }

57	58

58 static net::TrustStore& Get() { return GetInstance()->store_; }	59 static net::TrustStore& Get() { return GetInstance()->store_; }

59	60

60 private:	61 private:

61 friend struct base::DefaultSingletonTraits<CastCRLTrustStore>;	62 friend struct base::DefaultSingletonTraits<CastCRLTrustStore>;

62	63

63 CastCRLTrustStore() {	64 CastCRLTrustStore() {

64 // Initialize the trust store with the root certificate.	65 // Initialize the trust store with the root certificate.

	66 net::CertErrors errors;

65 scoped_refptr<net::ParsedCertificate> cert =	67 scoped_refptr<net::ParsedCertificate> cert =

66 net::ParsedCertificate::CreateFromCertificateData(	68 net::ParsedCertificate::CreateWithoutCopyingUnsafe(

67 kCastCRLRootCaDer, sizeof(kCastCRLRootCaDer),	69 kCastCRLRootCaDer, sizeof(kCastCRLRootCaDer), {}, &errors);

68 net::ParsedCertificate::DataSource::EXTERNAL_REFERENCE, {});	70 CHECK(cert) << errors.ToDebugString();

69 CHECK(cert);

70 // Enforce pathlen constraints and policies defined on the root certificate.	71 // Enforce pathlen constraints and policies defined on the root certificate.

71 scoped_refptr<net::TrustAnchor> anchor =	72 scoped_refptr<net::TrustAnchor> anchor =

72 net::TrustAnchor::CreateFromCertificateWithConstraints(std::move(cert));	73 net::TrustAnchor::CreateFromCertificateWithConstraints(std::move(cert));

73 CHECK(anchor);	74 CHECK(anchor);

74 store_.AddTrustAnchor(std::move(anchor));	75 store_.AddTrustAnchor(std::move(anchor));

75 }	76 }

76	77

77 net::TrustStoreInMemory store_;	78 net::TrustStoreInMemory store_;

78 DISALLOW_COPY_AND_ASSIGN(CastCRLTrustStore);	79 DISALLOW_COPY_AND_ASSIGN(CastCRLTrustStore);

79 };	80 };

(...skipping 20 matching lines...) Expand all Loading...
100 // certificate and signature in \|crl\|. The validity of \|tbs_crl\| is verified	101 // certificate and signature in \|crl\|. The validity of \|tbs_crl\| is verified

101 // at \|time\|. The validity period of the CRL is adjusted to be the earliest	102 // at \|time\|. The validity period of the CRL is adjusted to be the earliest

102 // of the issuer certificate chain's expiration and the CRL's expiration and	103 // of the issuer certificate chain's expiration and the CRL's expiration and

103 // the result is stored in \|overall_not_after\|.	104 // the result is stored in \|overall_not_after\|.

104 bool VerifyCRL(const Crl& crl,	105 bool VerifyCRL(const Crl& crl,

105 const TbsCrl& tbs_crl,	106 const TbsCrl& tbs_crl,

106 const base::Time& time,	107 const base::Time& time,

107 net::TrustStore* trust_store,	108 net::TrustStore* trust_store,

108 net::der::GeneralizedTime* overall_not_after) {	109 net::der::GeneralizedTime* overall_not_after) {

109 // Verify the trust of the CRL authority.	110 // Verify the trust of the CRL authority.

	111 net::CertErrors errors;

110 scoped_refptr<net::ParsedCertificate> parsed_cert =	112 scoped_refptr<net::ParsedCertificate> parsed_cert =

111 net::ParsedCertificate::CreateFromCertificateData(	113 net::ParsedCertificate::Create(crl.signer_cert().data(), {}, &errors);

112 reinterpret_cast<const uint8_t*>(crl.signer_cert().data()),

113 crl.signer_cert().size(),

114 net::ParsedCertificate::DataSource::EXTERNAL_REFERENCE, {});

115 if (parsed_cert == nullptr) {	114 if (parsed_cert == nullptr) {

116 VLOG(2) << "CRL - Issuer certificate parsing failed.";	115 VLOG(2) << "CRL - Issuer certificate parsing failed:\n"

	116 << errors.ToDebugString();

117 return false;	117 return false;

118 }	118 }

119	119

120 // Wrap the signature in a BitString.	120 // Wrap the signature in a BitString.

121 net::der::BitString signature_value_bit_string = net::der::BitString(	121 net::der::BitString signature_value_bit_string = net::der::BitString(

122 net::der::Input(base::StringPiece(crl.signature())), 0);	122 net::der::Input(base::StringPiece(crl.signature())), 0);

123	123

124 // Verify the signature.	124 // Verify the signature.

125 auto signature_policy = CreateCastSignaturePolicy();	125 auto signature_policy = CreateCastSignaturePolicy();

126 std::unique_ptr<net::SignatureAlgorithm> signature_algorithm_type =	126 std::unique_ptr<net::SignatureAlgorithm> signature_algorithm_type =

127 net::SignatureAlgorithm::CreateRsaPkcs1(net::DigestAlgorithm::Sha256);	127 net::SignatureAlgorithm::CreateRsaPkcs1(net::DigestAlgorithm::Sha256);

128 net::CertErrors errors;

129 if (!VerifySignedData(*signature_algorithm_type,	128 if (!VerifySignedData(*signature_algorithm_type,

130 net::der::Input(&crl.tbs_crl()),	129 net::der::Input(&crl.tbs_crl()),

131 signature_value_bit_string, parsed_cert->tbs().spki_tlv,	130 signature_value_bit_string, parsed_cert->tbs().spki_tlv,

132 signature_policy.get(), &errors)) {	131 signature_policy.get(), &errors)) {
	mattm 2016/09/12 23:29:27 Should it use a separate errors object just in cas Should it use a separate errors object just in case there is anything left over from the ParsedCertificate call? eroman 2016/09/12 23:42:59 Good question. I debated this a bit when writing, Show quoted text On 2016/09/12 23:29:27, mattm wrote: > Should it use a separate errors object just in case there is anything left over > from the ParsedCertificate call? Good question. I debated this a bit when writing, and my thinking was: (a) If there was an error, the first call would return (b) If there was a warning from the parsing, and then VerifySignedData failed, that warning would leak through here. In case (b) it isn't necessarily harmful to show that warning here, maybe it is even relevant. (Logging the warnings each time might be overkill though) WDYT if I add a ".Clear()" method on CertErrors? Having two different named "errors" seems a bit weird, so I could either use .Clear() or use a short lived instance for each call. mattm 2016/09/13 22:27:38 I worry a bit about a Clear() method since it seem Show quoted text On 2016/09/12 23:42:59, eroman wrote: > On 2016/09/12 23:29:27, mattm wrote: > > Should it use a separate errors object just in case there is anything left > over > > from the ParsedCertificate call? > > Good question. > > I debated this a bit when writing, and my thinking was: > (a) If there was an error, the first call would return > (b) If there was a warning from the parsing, and then VerifySignedData failed, > that warning would leak through here. > > In case (b) it isn't necessarily harmful to show that warning here, maybe it is > even relevant. (Logging the warnings each time might be overkill though) > > WDYT if I add a ".Clear()" method on CertErrors? > Having two different named "errors" seems a bit weird, so I could either use > .Clear() or use a short lived instance for each call. I worry a bit about a Clear() method since it seems it could get weird if you used it in the presence of scopers. I guess you could add rules about when it's allowed to be called, but seems easier just to not have it. I suppose there is little chance that parsing and verifying would use the same error ids, so it wouldn't be overly confusing if it did happen. So I guess just leaving it could be okay too. eroman 2016/09/13 22:47:30 I went ahead and created 2 different error objects Show quoted text On 2016/09/13 22:27:38, mattm wrote: > On 2016/09/12 23:42:59, eroman wrote: > > On 2016/09/12 23:29:27, mattm wrote: > > > Should it use a separate errors object just in case there is anything left > > over > > > from the ParsedCertificate call? > > > > Good question. > > > > I debated this a bit when writing, and my thinking was: > > (a) If there was an error, the first call would return > > (b) If there was a warning from the parsing, and then VerifySignedData > failed, > > that warning would leak through here. > > > > In case (b) it isn't necessarily harmful to show that warning here, maybe it > is > > even relevant. (Logging the warnings each time might be overkill though) > > > > WDYT if I add a ".Clear()" method on CertErrors? > > Having two different named "errors" seems a bit weird, so I could either use > > .Clear() or use a short lived instance for each call. > > I worry a bit about a Clear() method since it seems it could get weird if you > used it in the presence of scopers. I guess you could add rules about when it's > allowed to be called, but seems easier just to not have it. > > I suppose there is little chance that parsing and verifying would use the same > error ids, so it wouldn't be overly confusing if it did happen. So I guess just > leaving it could be okay too. > I went ahead and created 2 different error objects: \|parse_errors\| and \|verify_errors\| to remove the ambiguity. (I decided against enclosing them in smaller scopes since I found it hurt readability.) I'll see what the Cast reviewer thinks.
133 // TODO(634443): Dump the error information.	132 // TODO(634443): Dump the error information.

134 VLOG(2) << "CRL - Signature verification failed.";	133 VLOG(2) << "CRL - Signature verification failed:\n"

	134 << errors.ToDebugString();

135 return false;	135 return false;

136 }	136 }

137	137

138 // Verify the issuer certificate.	138 // Verify the issuer certificate.

139 net::der::GeneralizedTime verification_time;	139 net::der::GeneralizedTime verification_time;

140 if (!net::der::EncodeTimeAsGeneralizedTime(time, &verification_time)) {	140 if (!net::der::EncodeTimeAsGeneralizedTime(time, &verification_time)) {

141 VLOG(2) << "CRL - Unable to parse verification time.";	141 VLOG(2) << "CRL - Unable to parse verification time.";

142 return false;	142 return false;

143 }	143 }

144 net::CertPathBuilder::Result result;	144 net::CertPathBuilder::Result result;

(...skipping 209 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
354 }	354 }

355	355

356 std::unique_ptr<CastCRL> ParseAndVerifyCRLForTest(	356 std::unique_ptr<CastCRL> ParseAndVerifyCRLForTest(

357 const std::string& crl_proto,	357 const std::string& crl_proto,

358 const base::Time& time,	358 const base::Time& time,

359 net::TrustStore* trust_store) {	359 net::TrustStore* trust_store) {

360 return ParseAndVerifyCRL(crl_proto, time, trust_store);	360 return ParseAndVerifyCRL(crl_proto, time, trust_store);

361 }	361 }

362	362

363 } // namespace cast_certificate	363 } // namespace cast_certificate

OLD	NEW

« no previous file with comments | « components/cast_certificate/cast_cert_validator_unittest.cc ('k') | components/cast_certificate/cast_crl_unittest.cc » ('j') | net/cert/x509_util.cc » ('J')