Support for client certs in ssl_server_socket.

net/socket/ssl_server_socket_nss.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_server_socket_nss.h"
 
 #if defined(OS_WIN)
 #include <winsock2.h>
 #endif
 
@@ skipping 19 matching lines @@
 #include <limits>
 
 #include "base/callback_helpers.h"
 #include "base/lazy_instance.h"
 #include "base/memory/ref_counted.h"
 #include "crypto/rsa_private_key.h"
 #include "crypto/nss_util_internal.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_log.h"
+#include "net/cert/cert_verifier.h"
+#include "net/cert/cert_verify_result.h"
 #include "net/socket/nss_ssl_util.h"
+#include "net/ssl/ssl_connection_status_flags.h"
+#include "net/ssl/ssl_info.h"
 
 // SSL plaintext fragments are shorter than 16KB. Although the record layer
 // overhead is allowed to be 2K + 5 bytes, in practice the overhead is much
 // smaller than 1KB. So a 17KB buffer should be large enough to hold an
 // entire SSL record.
 static const int kRecvBufferSize = 17 * 1024;
 static const int kSendBufferSize = 17 * 1024;
 
 #define GotoState(s) next_handshake_state_ = s
 
@@ skipping 11 matching lines @@
     SSL_ConfigServerSessionIDCache(64, 28800, 28800, NULL);
     g_nss_server_sockets_init = true;
   }
 
   ~NSSSSLServerInitSingleton() {
     SSL_ShutdownServerSessionIDCache();
     g_nss_server_sockets_init = false;
   }
 };
 
+void DoNothingOnCompletion(int ignore) {
+}
+
 static base::LazyInstance<NSSSSLServerInitSingleton>
     g_nss_ssl_server_init_singleton = LAZY_INSTANCE_INITIALIZER;
 
 }  // namespace
 
 void EnableSSLServerSockets() {
   g_nss_ssl_server_init_singleton.Get();
 }
 
 scoped_ptr<SSLServerSocket> CreateSSLServerSocket(
     scoped_ptr<StreamSocket> socket,
-    X509Certificate* cert,
+    X509Certificate* certificate,
     crypto::RSAPrivateKey* key,
     const SSLConfig& ssl_config) {
   DCHECK(g_nss_server_sockets_init) << "EnableSSLServerSockets() has not been"
                                     << " called yet!";
 
   return scoped_ptr<SSLServerSocket>(
-      new SSLServerSocketNSS(socket.Pass(), cert, key, ssl_config));
+      new SSLServerSocketNSS(socket.Pass(), certificate, key, ssl_config));
 }
 
 SSLServerSocketNSS::SSLServerSocketNSS(
     scoped_ptr<StreamSocket> transport_socket,
     scoped_refptr<X509Certificate> cert,
     crypto::RSAPrivateKey* key,
     const SSLConfig& ssl_config)
     : transport_send_busy_(false),
       transport_recv_busy_(false),
       user_read_buf_len_(0),
       user_write_buf_len_(0),
       nss_fd_(NULL),
       nss_bufs_(NULL),
       transport_socket_(transport_socket.Pass()),
       ssl_config_(ssl_config),
       cert_(cert),
       next_handshake_state_(STATE_NONE),
-      completed_handshake_(false) {
+      completed_handshake_(false),
+      client_cert_ca_list_(),
+      client_cert_verifier_(NULL) {
   // TODO(hclam): Need a better way to clone a key.
   std::vector<uint8> key_bytes;
   CHECK(key->ExportPrivateKey(&key_bytes));
   key_.reset(crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_bytes));
   CHECK(key_.get());
 }
 
 SSLServerSocketNSS::~SSLServerSocketNSS() {
   if (nss_fd_ != NULL) {
     PR_Close(nss_fd_);
@@ skipping 28 matching lines @@
   rv = DoHandshakeLoop(OK);
   if (rv == ERR_IO_PENDING) {
     user_handshake_callback_ = callback;
   } else {
     net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_SERVER_HANDSHAKE, rv);
   }
 
   return rv > OK ? OK : rv;
 }
 
+void SSLServerSocketNSS::SetAllowClientCert(bool allow_client_cert) {
+  ssl_config_.send_client_cert = allow_client_cert;
+}
+
+void SSLServerSocketNSS::SetClientCertCAList(
+    const CertificateList& client_cert_ca_list) {
+  client_cert_ca_list_ = client_cert_ca_list;
+}
+
+void SSLServerSocketNSS::SetClientCertVerifier(
+    CertVerifier* client_cert_verifier) {
+  client_cert_verifier_ = client_cert_verifier;
+}
+
 int SSLServerSocketNSS::ExportKeyingMaterial(const base::StringPiece& label,
                                              bool has_context,
                                              const base::StringPiece& context,
                                              unsigned char* out,
                                              unsigned int outlen) {
   if (!IsConnected())
     return ERR_SOCKET_NOT_CONNECTED;
   SECStatus result = SSL_ExportKeyingMaterial(
       nss_fd_, label.data(), label.size(), has_context,
       reinterpret_cast<const unsigned char*>(context.data()),
@@ skipping 128 matching lines @@
 bool SSLServerSocketNSS::WasNpnNegotiated() const {
   NOTIMPLEMENTED();
   return false;
 }
 
 NextProto SSLServerSocketNSS::GetNegotiatedProtocol() const {
   // NPN is not supported by this class.
   return kProtoUnknown;
 }
 
 bool SSLServerSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {

[Ryan Sleevi, 2015/03/19 04:38:25]

I'm vaguely uncomfortable with overloading SSLInfo to represent client cert
details now

-  NOTIMPLEMENTED();
-  return false;
+  ssl_info->Reset();
+  if (!completed_handshake_) {
+    return false;
+  }

[Ryan Sleevi, 2015/03/19 04:38:25]

No braces

+  ExtractClientCert();
+  ssl_info->cert = client_cert_;
+  UpdateSSLConnectionStatus(nss_fd_, ssl_config_, &ssl_info->connection_status);
+  ssl_info->client_cert_sent = client_cert_.get() ? true : false;

[Ryan Sleevi, 2015/03/19 04:38:25]

no .get()

ssl_info->client_cert_sent = client_cert_;

+  PRUint16 cipher_suite =
+      SSLConnectionStatusToCipherSuite(ssl_info->connection_status);
+  SSLCipherSuiteInfo cipher_info;
+  SECStatus ok =
+      SSL_GetCipherSuiteInfo(cipher_suite, &cipher_info, sizeof(cipher_info));
+  if (ok == SECSuccess) {
+    ssl_info->security_bits = cipher_info.effectiveKeyBits;
+  } else {
+    ssl_info->security_bits = -1;
+  }
+  PRBool last_handshake_resumed;
+  SECStatus rv = SSL_HandshakeResumedSession(nss_fd_, &last_handshake_resumed);
+  if (rv == SECSuccess && last_handshake_resumed) {
+    ssl_info->handshake_type = SSLInfo::HANDSHAKE_RESUME;
+  } else {
+    ssl_info->handshake_type = SSLInfo::HANDSHAKE_FULL;
+  }
+  return true;

[Ryan Sleevi, 2015/03/19 04:38:25]

Feels pretty unreadable/ wall of text. Break it into logical bits? (eg: line
breaks at 337, 347, 354; 335 should go to 333, with a linebreak between
ExtractClientCert and the two client cert methods)

 }
 
 int SSLServerSocketNSS::InitializeSSLOptions() {
   // Transport connected, now hook it up to nss
   nss_fd_ = memio_CreateIOLayer(kRecvBufferSize, kSendBufferSize);
   if (nss_fd_ == NULL) {
     return ERR_OUT_OF_MEMORY;  // TODO(port): map NSPR error code.
   }
 
   // Grab pointer to buffers
@@ skipping 69 matching lines @@
     LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_CLIENT");
     return ERR_UNEXPECTED;
   }
 
   rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_SERVER, PR_TRUE);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_SERVER");
     return ERR_UNEXPECTED;
   }
 
-  rv = SSL_OptionSet(nss_fd_, SSL_REQUEST_CERTIFICATE, PR_FALSE);
+  rv = SSL_OptionSet(nss_fd_, SSL_REQUEST_CERTIFICATE,
+                     ssl_config_.send_client_cert ? PR_TRUE : PR_FALSE);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_REQUEST_CERTIFICATE");
     return ERR_UNEXPECTED;
   }
 
-  rv = SSL_OptionSet(nss_fd_, SSL_REQUIRE_CERTIFICATE, PR_FALSE);
+  rv = SSL_OptionSet(nss_fd_, SSL_REQUIRE_CERTIFICATE,
+                     client_cert_verifier_ ? PR_TRUE : PR_FALSE);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_REQUIRE_CERTIFICATE");
     return ERR_UNEXPECTED;
   }
 
   rv = SSL_AuthCertificateHook(nss_fd_, OwnAuthCertHandler, this);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(net_log_, "SSL_AuthCertificateHook", "");
     return ERR_UNEXPECTED;
   }
@@ skipping 69 matching lines @@
     return ERR_UNEXPECTED;
   }
 
   // Tell SSL we're a server; needed if not letting NSPR do socket I/O
   rv = SSL_ResetHandshake(nss_fd_, PR_TRUE);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(net_log_, "SSL_ResetHandshake", "");
     return ERR_UNEXPECTED;
   }
 
+  // Set up the information needed for the CertificateRequest message
+  if (!client_cert_ca_list_.empty()) {
+    CERTCertList* certs = CERT_NewCertList();
+    if (!certs) {
+      LogFailedNSSFunction(net_log_, "CERT_NewCertList", "");
+      return ERR_UNEXPECTED;
+    }
+    for (CertificateList::const_iterator it = client_cert_ca_list_.begin();
+         it != client_cert_ca_list_.end(); ++it) {

[Ryan Sleevi, 2015/03/19 04:38:25]

for (const auto& certificate : client_cert_ca_list_)
  CERT_AddCertToListTail(certs,
CERT_DupCertificate(certificate->os_cert_handle()));

+      CERT_AddCertToListTail(certs,
+                             CERT_DupCertificate((*it)->os_cert_handle()));
+    }
+
+    rv = SSL_SetTrustAnchors(nss_fd_, certs);
+    CERT_DestroyCertList(certs);
+    if (rv != SECSuccess) {
+      LogFailedNSSFunction(net_log_, "SSL_SetTrustAnchors", "");
+      return ERR_UNEXPECTED;
+    }
+  }
+
   return OK;
 }
 
 void SSLServerSocketNSS::OnSendComplete(int result) {
   if (next_handshake_state_ == STATE_HANDSHAKE) {
     // In handshake phase.
     OnHandshakeIOComplete(result);
     return;
   }
 
@@ skipping 294 matching lines @@
   DCHECK(rv != ERR_IO_PENDING);
   DCHECK(!user_write_callback_.is_null());
 
   user_write_buf_ = NULL;
   user_write_buf_len_ = 0;
   ResetAndReturn(&user_write_callback_).Run(rv);
 }
 
 // static
 // NSS calls this if an incoming certificate needs to be verified.
-// Do nothing but return SECSuccess.
 // This is called only in full handshake mode.
 // Peer certificate is retrieved in HandshakeCallback() later, which is called
 // in full handshake mode or in resumption handshake mode.
 SECStatus SSLServerSocketNSS::OwnAuthCertHandler(void* arg,
                                                  PRFileDesc* socket,
                                                  PRBool checksig,
                                                  PRBool is_server) {
-  // TODO(hclam): Implement.
-  // Tell NSS to not verify the certificate.
-  return SECSuccess;
+  if (!is_server)
+    return SECFailure;
+  SSLServerSocketNSS* self = reinterpret_cast<SSLServerSocketNSS*>(arg);
+  DCHECK(self);
+  if (!self->client_cert_verifier_)
+    return SECSuccess;
+  self->ExtractClientCert();
+  X509Certificate* cert = self->client_cert_.get();
+  if (!cert) {
+    PR_SetError(SSL_ERROR_NO_CERTIFICATE, 0);
+    return SECFailure;
+  }
+  CertVerifyResult ignore_result;
+  CertVerifier::RequestHandle ignore_handle;
+  int res = self->client_cert_verifier_->Verify(
+      cert, std::string(), 0, NULL, &ignore_result,
+      base::Bind(&DoNothingOnCompletion), &ignore_handle, self->net_log_);
+  if (res != OK) {
+    PR_SetError(SSL_ERROR_BAD_CERTIFICATE, 0);
+  }

[Ryan Sleevi, 2015/03/19 04:38:25]

no braces

+  return res == OK ? SECSuccess : SECFailure;
 }
 
 // static
 // NSS calls this when handshake is completed.
 // After the SSL handshake is finished we need to verify the certificate.
 void SSLServerSocketNSS::HandshakeCallback(PRFileDesc* socket,
                                            void* arg) {
   // TODO(hclam): Implement.
 }
 
 int SSLServerSocketNSS::Init() {
   // Initialize the NSS SSL library in a threadsafe way.  This also
   // initializes the NSS base library.
   EnsureNSSSSLInit();
   if (!NSS_IsInitialized())
     return ERR_UNEXPECTED;
 
   EnableSSLServerSockets();
   return OK;
 }
 
+void SSLServerSocketNSS::ExtractClientCert() {
+  if (client_cert_.get())
+    return;
+  if (!completed_handshake_)
+    return;
+  CERTCertList* list = SSL_PeerCertificateChain(nss_fd_);

[Ryan Sleevi, 2015/03/19 04:38:25]

Use a scoped type helper

+  if (list == NULL)
+    return;
+  std::vector<base::StringPiece> certs;
+  for (CERTCertListNode* node = CERT_LIST_HEAD(list);
+       !CERT_LIST_END(node, list); node = CERT_LIST_NEXT(node)) {
+    SECItem& cert_der = node->cert->derCert;
+    base::StringPiece cert(reinterpret_cast<char*>(cert_der.data),
+                           cert_der.len);
+    certs.push_back(cert);
+  }
+  client_cert_ = X509Certificate::CreateFromDERCertChain(certs);
+  CERT_DestroyCertList(list);
+}
+
 }  // namespace net