search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add signalSyncPoint to the WebGraphicsContext3D command buffer impls.
[chromium-blink-merge.git] / net / cert / cert_verify_proc_win.cc
blob8f6f80567b363bc00df9d3ff36f568216532a5fe
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/cert_verify_proc_win.h"
6
7 #include <string>
8 #include <vector>
9
10 #include "base/memory/scoped_ptr.h"
11 #include "base/sha1.h"
12 #include "base/string_util.h"
13 #include "base/utf_string_conversions.h"
14 #include "crypto/capi_util.h"
15 #include "crypto/scoped_capi_types.h"
16 #include "crypto/sha2.h"
17 #include "net/base/net_errors.h"
18 #include "net/cert/asn1_util.h"
19 #include "net/cert/cert_status_flags.h"
20 #include "net/cert/cert_verifier.h"
21 #include "net/cert/cert_verify_result.h"
22 #include "net/cert/crl_set.h"
23 #include "net/cert/ev_root_ca_metadata.h"
24 #include "net/cert/test_root_certs.h"
25 #include "net/cert/x509_certificate.h"
26 #include "net/cert/x509_certificate_known_roots_win.h"
27
28 #pragma comment(lib, "crypt32.lib")
29
30 #if !defined(CERT_TRUST_HAS_WEAK_SIGNATURE)
31 // This was introduced in Windows 8 / Windows Server 2012, but retroactively
32 // ported as far back as Windows XP via system update.
33 #define CERT_TRUST_HAS_WEAK_SIGNATURE 0x00100000
34 #endif
35
36 namespace net {
37
38 namespace {
39
40 struct FreeChainEngineFunctor {
41 void operator()(HCERTCHAINENGINE engine) const {
42 if (engine)
43 CertFreeCertificateChainEngine(engine);
44 }
45 };
46
47 struct FreeCertChainContextFunctor {
48 void operator()(PCCERT_CHAIN_CONTEXT chain_context) const {
49 if (chain_context)
50 CertFreeCertificateChain(chain_context);
51 }
52 };
53
54 struct FreeCertContextFunctor {
55 void operator()(PCCERT_CONTEXT context) const {
56 if (context)
57 CertFreeCertificateContext(context);
58 }
59 };
60
61 typedef crypto::ScopedCAPIHandle<HCERTCHAINENGINE, FreeChainEngineFunctor>
62 ScopedHCERTCHAINENGINE;
63
64 typedef scoped_ptr_malloc<const CERT_CHAIN_CONTEXT,
65 FreeCertChainContextFunctor>
66 ScopedPCCERT_CHAIN_CONTEXT;
67
68 typedef scoped_ptr_malloc<const CERT_CONTEXT,
69 FreeCertContextFunctor> ScopedPCCERT_CONTEXT;
70
71 //-----------------------------------------------------------------------------
72
73 int MapSecurityError(SECURITY_STATUS err) {
74 // There are numerous security error codes, but these are the ones we thus
75 // far find interesting.
76 switch (err) {
77 case SEC_E_WRONG_PRINCIPAL: // Schannel
78 case CERT_E_CN_NO_MATCH: // CryptoAPI
79 return ERR_CERT_COMMON_NAME_INVALID;
80 case SEC_E_UNTRUSTED_ROOT: // Schannel
81 case CERT_E_UNTRUSTEDROOT: // CryptoAPI
82 return ERR_CERT_AUTHORITY_INVALID;
83 case SEC_E_CERT_EXPIRED: // Schannel
84 case CERT_E_EXPIRED: // CryptoAPI
85 return ERR_CERT_DATE_INVALID;
86 case CRYPT_E_NO_REVOCATION_CHECK:
87 return ERR_CERT_NO_REVOCATION_MECHANISM;
88 case CRYPT_E_REVOCATION_OFFLINE:
89 return ERR_CERT_UNABLE_TO_CHECK_REVOCATION;
90 case CRYPT_E_REVOKED: // Schannel and CryptoAPI
91 return ERR_CERT_REVOKED;
92 case SEC_E_CERT_UNKNOWN:
93 case CERT_E_ROLE:
94 return ERR_CERT_INVALID;
95 case CERT_E_WRONG_USAGE:
96 // TODO(wtc): Should we add ERR_CERT_WRONG_USAGE?
97 return ERR_CERT_INVALID;
98 // We received an unexpected_message or illegal_parameter alert message
99 // from the server.
100 case SEC_E_ILLEGAL_MESSAGE:
101 return ERR_SSL_PROTOCOL_ERROR;
102 case SEC_E_ALGORITHM_MISMATCH:
103 return ERR_SSL_VERSION_OR_CIPHER_MISMATCH;
104 case SEC_E_INVALID_HANDLE:
105 return ERR_UNEXPECTED;
106 case SEC_E_OK:
107 return OK;
108 default:
109 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED";
110 return ERR_FAILED;
111 }
112 }
113
114 // Map the errors in the chain_context->TrustStatus.dwErrorStatus returned by
115 // CertGetCertificateChain to our certificate status flags.
116 int MapCertChainErrorStatusToCertStatus(DWORD error_status) {
117 CertStatus cert_status = 0;
118
119 // We don't include CERT_TRUST_IS_NOT_TIME_NESTED because it's obsolete and
120 // we wouldn't consider it an error anyway
121 const DWORD kDateInvalidErrors = CERT_TRUST_IS_NOT_TIME_VALID |
122 CERT_TRUST_CTL_IS_NOT_TIME_VALID;
123 if (error_status & kDateInvalidErrors)
124 cert_status |= CERT_STATUS_DATE_INVALID;
125
126 const DWORD kAuthorityInvalidErrors = CERT_TRUST_IS_UNTRUSTED_ROOT |
127 CERT_TRUST_IS_EXPLICIT_DISTRUST |
128 CERT_TRUST_IS_PARTIAL_CHAIN;
129 if (error_status & kAuthorityInvalidErrors)
130 cert_status |= CERT_STATUS_AUTHORITY_INVALID;
131
132 if ((error_status & CERT_TRUST_REVOCATION_STATUS_UNKNOWN) &&
133 !(error_status & CERT_TRUST_IS_OFFLINE_REVOCATION))
134 cert_status |= CERT_STATUS_NO_REVOCATION_MECHANISM;
135
136 if (error_status & CERT_TRUST_IS_OFFLINE_REVOCATION)
137 cert_status |= CERT_STATUS_UNABLE_TO_CHECK_REVOCATION;
138
139 if (error_status & CERT_TRUST_IS_REVOKED)
140 cert_status |= CERT_STATUS_REVOKED;
141
142 const DWORD kWrongUsageErrors = CERT_TRUST_IS_NOT_VALID_FOR_USAGE |
143 CERT_TRUST_CTL_IS_NOT_VALID_FOR_USAGE;
144 if (error_status & kWrongUsageErrors) {
145 // TODO(wtc): Should we add CERT_STATUS_WRONG_USAGE?
146 cert_status |= CERT_STATUS_INVALID;
147 }
148
149 if (error_status & CERT_TRUST_IS_NOT_SIGNATURE_VALID) {
150 // Check for a signature that does not meet the OS criteria for strong
151 // signatures.
152 // Note: These checks may be more restrictive than the current weak key
153 // criteria implemented within CertVerifier, such as excluding SHA-1 or
154 // excluding RSA keys < 2048 bits. However, if the user has configured
155 // these more stringent checks, respect that configuration and err on the
156 // more restrictive criteria.
157 if (error_status & CERT_TRUST_HAS_WEAK_SIGNATURE) {
158 cert_status |= CERT_STATUS_WEAK_KEY;
159 } else {
160 cert_status |= CERT_STATUS_INVALID;
161 }
162 }
163
164 // The rest of the errors.
165 const DWORD kCertInvalidErrors =
166 CERT_TRUST_IS_CYCLIC |
167 CERT_TRUST_INVALID_EXTENSION |
168 CERT_TRUST_INVALID_POLICY_CONSTRAINTS |
169 CERT_TRUST_INVALID_BASIC_CONSTRAINTS |
170 CERT_TRUST_INVALID_NAME_CONSTRAINTS |
171 CERT_TRUST_CTL_IS_NOT_SIGNATURE_VALID |
172 CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT |
173 CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT |
174 CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT |
175 CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT |
176 CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY |
177 CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT;
178 if (error_status & kCertInvalidErrors)
179 cert_status |= CERT_STATUS_INVALID;
180
181 return cert_status;
182 }
183
184 // Returns true if any common name in the certificate's Subject field contains
185 // a NULL character.
186 bool CertSubjectCommonNameHasNull(PCCERT_CONTEXT cert) {
187 CRYPT_DECODE_PARA decode_para;
188 decode_para.cbSize = sizeof(decode_para);
189 decode_para.pfnAlloc = crypto::CryptAlloc;
190 decode_para.pfnFree = crypto::CryptFree;
191 CERT_NAME_INFO* name_info = NULL;
192 DWORD name_info_size = 0;
193 BOOL rv;
194 rv = CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
195 X509_NAME,
196 cert->pCertInfo->Subject.pbData,
197 cert->pCertInfo->Subject.cbData,
198 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG,
199 &decode_para,
200 &name_info,
201 &name_info_size);
202 if (rv) {
203 scoped_ptr_malloc<CERT_NAME_INFO> scoped_name_info(name_info);
204
205 // The Subject field may have multiple common names. According to the
206 // "PKI Layer Cake" paper, CryptoAPI uses every common name in the
207 // Subject field, so we inspect every common name.
208 //
209 // From RFC 5280:
210 // X520CommonName ::= CHOICE {
211 // teletexString TeletexString (SIZE (1..ub-common-name)),
212 // printableString PrintableString (SIZE (1..ub-common-name)),
213 // universalString UniversalString (SIZE (1..ub-common-name)),
214 // utf8String UTF8String (SIZE (1..ub-common-name)),
215 // bmpString BMPString (SIZE (1..ub-common-name)) }
216 //
217 // We also check IA5String and VisibleString.
218 for (DWORD i = 0; i < name_info->cRDN; ++i) {
219 PCERT_RDN rdn = &name_info->rgRDN[i];
220 for (DWORD j = 0; j < rdn->cRDNAttr; ++j) {
221 PCERT_RDN_ATTR rdn_attr = &rdn->rgRDNAttr[j];
222 if (strcmp(rdn_attr->pszObjId, szOID_COMMON_NAME) == 0) {
223 switch (rdn_attr->dwValueType) {
224 // After the CryptoAPI ASN.1 security vulnerabilities described in
225 // http://www.microsoft.com/technet/security/Bulletin/MS09-056.mspx
226 // were patched, we get CERT_RDN_ENCODED_BLOB for a common name
227 // that contains a NULL character.
228 case CERT_RDN_ENCODED_BLOB:
229 break;
230 // Array of 8-bit characters.
231 case CERT_RDN_PRINTABLE_STRING:
232 case CERT_RDN_TELETEX_STRING:
233 case CERT_RDN_IA5_STRING:
234 case CERT_RDN_VISIBLE_STRING:
235 for (DWORD k = 0; k < rdn_attr->Value.cbData; ++k) {
236 if (rdn_attr->Value.pbData[k] == '\0')
237 return true;
238 }
239 break;
240 // Array of 16-bit characters.
241 case CERT_RDN_BMP_STRING:
242 case CERT_RDN_UTF8_STRING: {
243 DWORD num_wchars = rdn_attr->Value.cbData / 2;
244 wchar_t* common_name =
245 reinterpret_cast<wchar_t*>(rdn_attr->Value.pbData);
246 for (DWORD k = 0; k < num_wchars; ++k) {
247 if (common_name[k] == L'\0')
248 return true;
249 }
250 break;
251 }
252 // Array of ints (32-bit).
253 case CERT_RDN_UNIVERSAL_STRING: {
254 DWORD num_ints = rdn_attr->Value.cbData / 4;
255 int* common_name =
256 reinterpret_cast<int*>(rdn_attr->Value.pbData);
257 for (DWORD k = 0; k < num_ints; ++k) {
258 if (common_name[k] == 0)
259 return true;
260 }
261 break;
262 }
263 default:
264 NOTREACHED();
265 break;
266 }
267 }
268 }
269 }
270 }
271 return false;
272 }
273
274 // IsIssuedByKnownRoot returns true if the given chain is rooted at a root CA
275 // which we recognise as a standard root.
276 // static
277 bool IsIssuedByKnownRoot(PCCERT_CHAIN_CONTEXT chain_context) {
278 PCERT_SIMPLE_CHAIN first_chain = chain_context->rgpChain[0];
279 int num_elements = first_chain->cElement;
280 if (num_elements < 1)
281 return false;
282 PCERT_CHAIN_ELEMENT* element = first_chain->rgpElement;
283 PCCERT_CONTEXT cert = element[num_elements - 1]->pCertContext;
284
285 SHA1HashValue hash = X509Certificate::CalculateFingerprint(cert);
286 return IsSHA1HashInSortedArray(
287 hash, &kKnownRootCertSHA1Hashes[0][0], sizeof(kKnownRootCertSHA1Hashes));
288 }
289
290 // Saves some information about the certificate chain |chain_context| in
291 // |*verify_result|. The caller MUST initialize |*verify_result| before
292 // calling this function.
293 void GetCertChainInfo(PCCERT_CHAIN_CONTEXT chain_context,
294 CertVerifyResult* verify_result) {
295 if (chain_context->cChain == 0)
296 return;
297
298 PCERT_SIMPLE_CHAIN first_chain = chain_context->rgpChain[0];
299 int num_elements = first_chain->cElement;
300 PCERT_CHAIN_ELEMENT* element = first_chain->rgpElement;
301
302 PCCERT_CONTEXT verified_cert = NULL;
303 std::vector<PCCERT_CONTEXT> verified_chain;
304
305 bool has_root_ca = num_elements > 1 &&
306 !(chain_context->TrustStatus.dwErrorStatus &
307 CERT_TRUST_IS_PARTIAL_CHAIN);
308
309 // Each chain starts with the end entity certificate (i = 0) and ends with
310 // either the root CA certificate or the last available intermediate. If a
311 // root CA certificate is present, do not inspect the signature algorithm of
312 // the root CA certificate because the signature on the trust anchor is not
313 // important.
314 if (has_root_ca) {
315 // If a full chain was constructed, regardless of whether it was trusted,
316 // don't inspect the root's signature algorithm.
317 num_elements -= 1;
318 }
319
320 for (int i = 0; i < num_elements; ++i) {
321 PCCERT_CONTEXT cert = element[i]->pCertContext;
322 if (i == 0) {
323 verified_cert = cert;
324 } else {
325 verified_chain.push_back(cert);
326 }
327
328 const char* algorithm = cert->pCertInfo->SignatureAlgorithm.pszObjId;
329 if (strcmp(algorithm, szOID_RSA_MD5RSA) == 0) {
330 // md5WithRSAEncryption: 1.2.840.113549.1.1.4
331 verify_result->has_md5 = true;
332 if (i != 0)
333 verify_result->has_md5_ca = true;
334 } else if (strcmp(algorithm, szOID_RSA_MD2RSA) == 0) {
335 // md2WithRSAEncryption: 1.2.840.113549.1.1.2
336 verify_result->has_md2 = true;
337 if (i != 0)
338 verify_result->has_md2_ca = true;
339 } else if (strcmp(algorithm, szOID_RSA_MD4RSA) == 0) {
340 // md4WithRSAEncryption: 1.2.840.113549.1.1.3
341 verify_result->has_md4 = true;
342 }
343 }
344
345 if (verified_cert) {
346 // Add the root certificate, if present, as it was not added above.
347 if (has_root_ca)
348 verified_chain.push_back(element[num_elements]->pCertContext);
349 verify_result->verified_cert =
350 X509Certificate::CreateFromHandle(verified_cert, verified_chain);
351 }
352 }
353
354 // Decodes the cert's certificatePolicies extension into a CERT_POLICIES_INFO
355 // structure and stores it in *output.
356 void GetCertPoliciesInfo(PCCERT_CONTEXT cert,
357 scoped_ptr_malloc<CERT_POLICIES_INFO>* output) {
358 PCERT_EXTENSION extension = CertFindExtension(szOID_CERT_POLICIES,
359 cert->pCertInfo->cExtension,
360 cert->pCertInfo->rgExtension);
361 if (!extension)
362 return;
363
364 CRYPT_DECODE_PARA decode_para;
365 decode_para.cbSize = sizeof(decode_para);
366 decode_para.pfnAlloc = crypto::CryptAlloc;
367 decode_para.pfnFree = crypto::CryptFree;
368 CERT_POLICIES_INFO* policies_info = NULL;
369 DWORD policies_info_size = 0;
370 BOOL rv;
371 rv = CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
372 szOID_CERT_POLICIES,
373 extension->Value.pbData,
374 extension->Value.cbData,
375 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG,
376 &decode_para,
377 &policies_info,
378 &policies_info_size);
379 if (rv)
380 output->reset(policies_info);
381 }
382
383 bool CheckRevocationWithCRLSet(PCCERT_CHAIN_CONTEXT chain,
384 CRLSet* crl_set) {
385 if (chain->cChain == 0)
386 return true;
387
388 const PCERT_SIMPLE_CHAIN first_chain = chain->rgpChain[0];
389 const PCERT_CHAIN_ELEMENT* element = first_chain->rgpElement;
390
391 const int num_elements = first_chain->cElement;
392 if (num_elements == 0)
393 return true;
394
395 // We iterate from the root certificate down to the leaf, keeping track of
396 // the issuer's SPKI at each step.
397 std::string issuer_spki_hash;
398 for (int i = num_elements - 1; i >= 0; i--) {
399 PCCERT_CONTEXT cert = element[i]->pCertContext;
400
401 base::StringPiece der_bytes(
402 reinterpret_cast<const char*>(cert->pbCertEncoded),
403 cert->cbCertEncoded);
404
405 base::StringPiece spki;
406 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki)) {
407 NOTREACHED();
408 continue;
409 }
410
411 const std::string spki_hash = crypto::SHA256HashString(spki);
412
413 const CRYPT_INTEGER_BLOB* serial_blob = &cert->pCertInfo->SerialNumber;
414 scoped_ptr<uint8[]> serial_bytes(new uint8[serial_blob->cbData]);
415 // The bytes of the serial number are stored little-endian.
416 for (unsigned j = 0; j < serial_blob->cbData; j++)
417 serial_bytes[j] = serial_blob->pbData[serial_blob->cbData - j - 1];
418 base::StringPiece serial(reinterpret_cast<const char*>(serial_bytes.get()),
419 serial_blob->cbData);
420
421 CRLSet::Result result = crl_set->CheckSPKI(spki_hash);
422
423 if (result != CRLSet::REVOKED && !issuer_spki_hash.empty())
424 result = crl_set->CheckSerial(serial, issuer_spki_hash);
425
426 issuer_spki_hash = spki_hash;
427
428 switch (result) {
429 case CRLSet::REVOKED:
430 return false;
431 case CRLSet::UNKNOWN:
432 case CRLSet::GOOD:
433 continue;
434 default:
435 NOTREACHED();
436 continue;
437 }
438 }
439
440 return true;
441 }
442
443 void AppendPublicKeyHashes(PCCERT_CHAIN_CONTEXT chain,
444 HashValueVector* hashes) {
445 if (chain->cChain == 0)
446 return;
447
448 PCERT_SIMPLE_CHAIN first_chain = chain->rgpChain[0];
449 PCERT_CHAIN_ELEMENT* const element = first_chain->rgpElement;
450
451 const DWORD num_elements = first_chain->cElement;
452 for (DWORD i = 0; i < num_elements; i++) {
453 PCCERT_CONTEXT cert = element[i]->pCertContext;
454
455 base::StringPiece der_bytes(
456 reinterpret_cast<const char*>(cert->pbCertEncoded),
457 cert->cbCertEncoded);
458 base::StringPiece spki_bytes;
459 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes))
460 continue;
461
462 HashValue sha1(HASH_VALUE_SHA1);
463 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spki_bytes.data()),
464 spki_bytes.size(), sha1.data());
465 hashes->push_back(sha1);
466
467 HashValue sha256(HASH_VALUE_SHA256);
468 crypto::SHA256HashString(spki_bytes, sha256.data(), crypto::kSHA256Length);
469 hashes->push_back(sha256);
470 }
471 }
472
473 // Returns true if the certificate is an extended-validation certificate.
474 //
475 // This function checks the certificatePolicies extensions of the
476 // certificates in the certificate chain according to Section 7 (pp. 11-12)
477 // of the EV Certificate Guidelines Version 1.0 at
478 // http://cabforum.org/EV_Certificate_Guidelines.pdf.
479 bool CheckEV(PCCERT_CHAIN_CONTEXT chain_context,
480 bool rev_checking_enabled,
481 const char* policy_oid) {
482 DCHECK_NE(static_cast<DWORD>(0), chain_context->cChain);
483 // If the cert doesn't match any of the policies, the
484 // CERT_TRUST_IS_NOT_VALID_FOR_USAGE bit (0x10) in
485 // chain_context->TrustStatus.dwErrorStatus is set.
486 DWORD error_status = chain_context->TrustStatus.dwErrorStatus;
487
488 if (!rev_checking_enabled) {
489 // If online revocation checking is disabled then we will have still
490 // requested that the revocation cache be checked. However, that will often
491 // cause the following two error bits to be set. These error bits mean that
492 // the local OCSP/CRL is stale or missing entries for these certificates.
493 // Since they are expected, we mask them away.
494 error_status &= ~(CERT_TRUST_IS_OFFLINE_REVOCATION |
495 CERT_TRUST_REVOCATION_STATUS_UNKNOWN);
496 }
497 if (!chain_context->cChain || error_status != CERT_TRUST_NO_ERROR)
498 return false;
499
500 // Check the end certificate simple chain (chain_context->rgpChain[0]).
501 // If the end certificate's certificatePolicies extension contains the
502 // EV policy OID of the root CA, return true.
503 PCERT_CHAIN_ELEMENT* element = chain_context->rgpChain[0]->rgpElement;
504 int num_elements = chain_context->rgpChain[0]->cElement;
505 if (num_elements < 2)
506 return false;
507
508 // Look up the EV policy OID of the root CA.
509 PCCERT_CONTEXT root_cert = element[num_elements - 1]->pCertContext;
510 SHA1HashValue fingerprint =
511 X509Certificate::CalculateFingerprint(root_cert);
512 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance();
513 return metadata->HasEVPolicyOID(fingerprint, policy_oid);
514 }
515
516 } // namespace
517
518 CertVerifyProcWin::CertVerifyProcWin() {}
519
520 CertVerifyProcWin::~CertVerifyProcWin() {}
521
522 bool CertVerifyProcWin::SupportsAdditionalTrustAnchors() const {
523 return false;
524 }
525
526 int CertVerifyProcWin::VerifyInternal(
527 X509Certificate* cert,
528 const std::string& hostname,
529 int flags,
530 CRLSet* crl_set,
531 const CertificateList& additional_trust_anchors,
532 CertVerifyResult* verify_result) {
533 PCCERT_CONTEXT cert_handle = cert->os_cert_handle();
534 if (!cert_handle)
535 return ERR_UNEXPECTED;
536
537 // Build and validate certificate chain.
538 CERT_CHAIN_PARA chain_para;
539 memset(&chain_para, 0, sizeof(chain_para));
540 chain_para.cbSize = sizeof(chain_para);
541 // ExtendedKeyUsage.
542 // We still need to request szOID_SERVER_GATED_CRYPTO and szOID_SGC_NETSCAPE
543 // today because some certificate chains need them. IE also requests these
544 // two usages.
545 static const LPSTR usage[] = {
546 szOID_PKIX_KP_SERVER_AUTH,
547 szOID_SERVER_GATED_CRYPTO,
548 szOID_SGC_NETSCAPE
549 };
550 chain_para.RequestedUsage.dwType = USAGE_MATCH_TYPE_OR;
551 chain_para.RequestedUsage.Usage.cUsageIdentifier = arraysize(usage);
552 chain_para.RequestedUsage.Usage.rgpszUsageIdentifier =
553 const_cast<LPSTR*>(usage);
554
555 // Get the certificatePolicies extension of the certificate.
556 scoped_ptr_malloc<CERT_POLICIES_INFO> policies_info;
557 LPSTR ev_policy_oid = NULL;
558 if (flags & CertVerifier::VERIFY_EV_CERT) {
559 GetCertPoliciesInfo(cert_handle, &policies_info);
560 if (policies_info.get()) {
561 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance();
562 for (DWORD i = 0; i < policies_info->cPolicyInfo; ++i) {
563 LPSTR policy_oid = policies_info->rgPolicyInfo[i].pszPolicyIdentifier;
564 if (metadata->IsEVPolicyOID(policy_oid)) {
565 ev_policy_oid = policy_oid;
566 chain_para.RequestedIssuancePolicy.dwType = USAGE_MATCH_TYPE_AND;
567 chain_para.RequestedIssuancePolicy.Usage.cUsageIdentifier = 1;
568 chain_para.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier =
569 &ev_policy_oid;
570 break;
571 }
572 }
573 }
574 }
575
576 // We can set CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS to get more chains.
577 DWORD chain_flags = CERT_CHAIN_CACHE_END_CERT |
578 CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;
579 const bool rev_checking_enabled =
580 (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED) ||
581 (ev_policy_oid != NULL &&
582 (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY));
583
584 if (rev_checking_enabled) {
585 verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED;
586 } else {
587 chain_flags |= CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY;
588 }
589
590 // For non-test scenarios, use the default HCERTCHAINENGINE, NULL, which
591 // corresponds to HCCE_CURRENT_USER and is is initialized as needed by
592 // crypt32. However, when testing, it is necessary to create a new
593 // HCERTCHAINENGINE and use that instead. This is because each
594 // HCERTCHAINENGINE maintains a cache of information about certificates
595 // encountered, and each test run may modify the trust status of a
596 // certificate.
597 ScopedHCERTCHAINENGINE chain_engine(NULL);
598 if (TestRootCerts::HasInstance())
599 chain_engine.reset(TestRootCerts::GetInstance()->GetChainEngine());
600
601 ScopedPCCERT_CONTEXT cert_list(cert->CreateOSCertChainForCert());
602 PCCERT_CHAIN_CONTEXT chain_context;
603 // IE passes a non-NULL pTime argument that specifies the current system
604 // time. IE passes CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT as the
605 // chain_flags argument.
606 if (!CertGetCertificateChain(
607 chain_engine,
608 cert_list.get(),
609 NULL, // current system time
610 cert_list->hCertStore,
611 &chain_para,
612 chain_flags,
613 NULL, // reserved
614 &chain_context)) {
615 verify_result->cert_status |= CERT_STATUS_INVALID;
616 return MapSecurityError(GetLastError());
617 }
618
619 if (chain_context->TrustStatus.dwErrorStatus &
620 CERT_TRUST_IS_NOT_VALID_FOR_USAGE) {
621 ev_policy_oid = NULL;
622 chain_para.RequestedIssuancePolicy.Usage.cUsageIdentifier = 0;
623 chain_para.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = NULL;
624 CertFreeCertificateChain(chain_context);
625 if (!CertGetCertificateChain(
626 chain_engine,
627 cert_list.get(),
628 NULL, // current system time
629 cert_list->hCertStore,
630 &chain_para,
631 chain_flags,
632 NULL, // reserved
633 &chain_context)) {
634 verify_result->cert_status |= CERT_STATUS_INVALID;
635 return MapSecurityError(GetLastError());
636 }
637 }
638
639 ScopedPCCERT_CHAIN_CONTEXT scoped_chain_context(chain_context);
640
641 GetCertChainInfo(chain_context, verify_result);
642 verify_result->cert_status |= MapCertChainErrorStatusToCertStatus(
643 chain_context->TrustStatus.dwErrorStatus);
644
645 // Flag certificates that have a Subject common name with a NULL character.
646 if (CertSubjectCommonNameHasNull(cert_handle))
647 verify_result->cert_status |= CERT_STATUS_INVALID;
648
649 if (crl_set && !CheckRevocationWithCRLSet(chain_context, crl_set))
650 verify_result->cert_status |= CERT_STATUS_REVOKED;
651
652 std::wstring wstr_hostname = ASCIIToWide(hostname);
653
654 SSL_EXTRA_CERT_CHAIN_POLICY_PARA extra_policy_para;
655 memset(&extra_policy_para, 0, sizeof(extra_policy_para));
656 extra_policy_para.cbSize = sizeof(extra_policy_para);
657 extra_policy_para.dwAuthType = AUTHTYPE_SERVER;
658 extra_policy_para.fdwChecks = 0;
659 extra_policy_para.pwszServerName =
660 const_cast<wchar_t*>(wstr_hostname.c_str());
661
662 CERT_CHAIN_POLICY_PARA policy_para;
663 memset(&policy_para, 0, sizeof(policy_para));
664 policy_para.cbSize = sizeof(policy_para);
665 policy_para.dwFlags = 0;
666 policy_para.pvExtraPolicyPara = &extra_policy_para;
667
668 CERT_CHAIN_POLICY_STATUS policy_status;
669 memset(&policy_status, 0, sizeof(policy_status));
670 policy_status.cbSize = sizeof(policy_status);
671
672 if (!CertVerifyCertificateChainPolicy(
673 CERT_CHAIN_POLICY_SSL,
674 chain_context,
675 &policy_para,
676 &policy_status)) {
677 return MapSecurityError(GetLastError());
678 }
679
680 if (policy_status.dwError) {
681 verify_result->cert_status |= MapNetErrorToCertStatus(
682 MapSecurityError(policy_status.dwError));
683
684 // CertVerifyCertificateChainPolicy reports only one error (in
685 // policy_status.dwError) if the certificate has multiple errors.
686 // CertGetCertificateChain doesn't report certificate name mismatch, so
687 // CertVerifyCertificateChainPolicy is the only function that can report
688 // certificate name mismatch.
689 //
690 // To prevent a potential certificate name mismatch from being hidden by
691 // some other certificate error, if we get any other certificate error,
692 // we call CertVerifyCertificateChainPolicy again, ignoring all other
693 // certificate errors. Both extra_policy_para.fdwChecks and
694 // policy_para.dwFlags allow us to ignore certificate errors, so we set
695 // them both.
696 if (policy_status.dwError != CERT_E_CN_NO_MATCH) {
697 const DWORD extra_ignore_flags =
698 0x00000080 | // SECURITY_FLAG_IGNORE_REVOCATION
699 0x00000100 | // SECURITY_FLAG_IGNORE_UNKNOWN_CA
700 0x00002000 | // SECURITY_FLAG_IGNORE_CERT_DATE_INVALID
701 0x00000200; // SECURITY_FLAG_IGNORE_WRONG_USAGE
702 extra_policy_para.fdwChecks = extra_ignore_flags;
703 const DWORD ignore_flags =
704 CERT_CHAIN_POLICY_IGNORE_ALL_NOT_TIME_VALID_FLAGS |
705 CERT_CHAIN_POLICY_IGNORE_INVALID_BASIC_CONSTRAINTS_FLAG |
706 CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG |
707 CERT_CHAIN_POLICY_IGNORE_WRONG_USAGE_FLAG |
708 CERT_CHAIN_POLICY_IGNORE_INVALID_NAME_FLAG |
709 CERT_CHAIN_POLICY_IGNORE_INVALID_POLICY_FLAG |
710 CERT_CHAIN_POLICY_IGNORE_ALL_REV_UNKNOWN_FLAGS |
711 CERT_CHAIN_POLICY_ALLOW_TESTROOT_FLAG |
712 CERT_CHAIN_POLICY_TRUST_TESTROOT_FLAG |
713 CERT_CHAIN_POLICY_IGNORE_NOT_SUPPORTED_CRITICAL_EXT_FLAG |
714 CERT_CHAIN_POLICY_IGNORE_PEER_TRUST_FLAG;
715 policy_para.dwFlags = ignore_flags;
716 if (!CertVerifyCertificateChainPolicy(
717 CERT_CHAIN_POLICY_SSL,
718 chain_context,
719 &policy_para,
720 &policy_status)) {
721 return MapSecurityError(GetLastError());
722 }
723 if (policy_status.dwError) {
724 verify_result->cert_status |= MapNetErrorToCertStatus(
725 MapSecurityError(policy_status.dwError));
726 }
727 }
728 }
729
730 // TODO(wtc): Suppress CERT_STATUS_NO_REVOCATION_MECHANISM for now to be
731 // compatible with WinHTTP, which doesn't report this error (bug 3004).
732 verify_result->cert_status &= ~CERT_STATUS_NO_REVOCATION_MECHANISM;
733
734 if (!rev_checking_enabled) {
735 // If we didn't do online revocation checking then Windows will report
736 // CERT_UNABLE_TO_CHECK_REVOCATION unless it had cached OCSP or CRL
737 // information for every certificate. We only want to put up revoked
738 // statuses from the offline checks so we squash this error.
739 verify_result->cert_status &= ~CERT_STATUS_UNABLE_TO_CHECK_REVOCATION;
740 }
741
742 AppendPublicKeyHashes(chain_context, &verify_result->public_key_hashes);
743 verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(chain_context);
744
745 if (IsCertStatusError(verify_result->cert_status))
746 return MapCertStatusToNetError(verify_result->cert_status);
747
748 if (ev_policy_oid &&
749 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) {
750 verify_result->cert_status |= CERT_STATUS_IS_EV;
751 }
752 return OK;
753 }
754
755 } // namespace net