1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/cert/cert_verify_proc.h"
9 #include "base/basictypes.h"
10 #include "base/metrics/histogram.h"
11 #include "base/sha1.h"
12 #include "base/strings/stringprintf.h"
13 #include "base/time/time.h"
14 #include "build/build_config.h"
15 #include "net/base/net_errors.h"
16 #include "net/base/net_util.h"
17 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
18 #include "net/cert/cert_status_flags.h"
19 #include "net/cert/cert_verifier.h"
20 #include "net/cert/cert_verify_result.h"
21 #include "net/cert/crl_set.h"
22 #include "net/cert/x509_certificate.h"
23 #include "url/url_canon.h"
25 #if defined(USE_NSS) || defined(OS_IOS)
26 #include "net/cert/cert_verify_proc_nss.h"
27 #elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
28 #include "net/cert/cert_verify_proc_openssl.h"
29 #elif defined(OS_ANDROID)
30 #include "net/cert/cert_verify_proc_android.h"
31 #elif defined(OS_MACOSX)
32 #include "net/cert/cert_verify_proc_mac.h"
34 #include "net/cert/cert_verify_proc_win.h"
36 #error Implement certificate verification.
43 // Constants used to build histogram names
44 const char kLeafCert
[] = "Leaf";
45 const char kIntermediateCert
[] = "Intermediate";
46 const char kRootCert
[] = "Root";
47 // Matches the order of X509Certificate::PublicKeyType
48 const char* const kCertTypeStrings
[] = {
56 // Histogram buckets for RSA/DSA/DH key sizes.
57 const int kRsaDsaKeySizes
[] = {512, 768, 1024, 1536, 2048, 3072, 4096, 8192,
59 // Histogram buckets for ECDSA/ECDH key sizes. The list is based upon the FIPS
60 // 186-4 approved curves.
61 const int kEccKeySizes
[] = {163, 192, 224, 233, 256, 283, 384, 409, 521, 571};
63 const char* CertTypeToString(int cert_type
) {
65 static_cast<size_t>(cert_type
) >= arraysize(kCertTypeStrings
)) {
68 return kCertTypeStrings
[cert_type
];
71 void RecordPublicKeyHistogram(const char* chain_position
,
72 bool baseline_keysize_applies
,
74 X509Certificate::PublicKeyType cert_type
) {
75 std::string histogram_name
=
76 base::StringPrintf("CertificateType2.%s.%s.%s",
77 baseline_keysize_applies
? "BR" : "NonBR",
79 CertTypeToString(cert_type
));
80 // Do not use UMA_HISTOGRAM_... macros here, as it caches the Histogram
81 // instance and thus only works if |histogram_name| is constant.
82 base::HistogramBase
* counter
= NULL
;
84 // Histogram buckets are contingent upon the underlying algorithm being used.
85 if (cert_type
== X509Certificate::kPublicKeyTypeECDH
||
86 cert_type
== X509Certificate::kPublicKeyTypeECDSA
) {
87 // Typical key sizes match SECP/FIPS 186-3 recommendations for prime and
88 // binary curves - which range from 163 bits to 571 bits.
89 counter
= base::CustomHistogram::FactoryGet(
91 base::CustomHistogram::ArrayToCustomRanges(kEccKeySizes
,
92 arraysize(kEccKeySizes
)),
93 base::HistogramBase::kUmaTargetedHistogramFlag
);
95 // Key sizes < 1024 bits should cause errors, while key sizes > 16K are not
96 // uniformly supported by the underlying cryptographic libraries.
97 counter
= base::CustomHistogram::FactoryGet(
99 base::CustomHistogram::ArrayToCustomRanges(kRsaDsaKeySizes
,
100 arraysize(kRsaDsaKeySizes
)),
101 base::HistogramBase::kUmaTargetedHistogramFlag
);
103 counter
->Add(size_bits
);
106 // Returns true if |type| is |kPublicKeyTypeRSA| or |kPublicKeyTypeDSA|, and
107 // if |size_bits| is < 1024. Note that this means there may be false
108 // negatives: keys for other algorithms and which are weak will pass this
110 bool IsWeakKey(X509Certificate::PublicKeyType type
, size_t size_bits
) {
112 case X509Certificate::kPublicKeyTypeRSA
:
113 case X509Certificate::kPublicKeyTypeDSA
:
114 return size_bits
< 1024;
120 // Returns true if |cert| contains a known-weak key. Additionally, histograms
121 // the observed keys for future tightening of the definition of what
122 // constitutes a weak key.
123 bool ExaminePublicKeys(const scoped_refptr
<X509Certificate
>& cert
,
124 bool should_histogram
) {
125 // The effective date of the CA/Browser Forum's Baseline Requirements -
126 // 2012-07-01 00:00:00 UTC.
127 const base::Time kBaselineEffectiveDate
=
128 base::Time::FromInternalValue(GG_INT64_C(12985574400000000));
129 // The effective date of the key size requirements from Appendix A, v1.1.5
130 // 2014-01-01 00:00:00 UTC.
131 const base::Time kBaselineKeysizeEffectiveDate
=
132 base::Time::FromInternalValue(GG_INT64_C(13033008000000000));
134 size_t size_bits
= 0;
135 X509Certificate::PublicKeyType type
= X509Certificate::kPublicKeyTypeUnknown
;
136 bool weak_key
= false;
137 bool baseline_keysize_applies
=
138 cert
->valid_start() >= kBaselineEffectiveDate
&&
139 cert
->valid_expiry() >= kBaselineKeysizeEffectiveDate
;
141 X509Certificate::GetPublicKeyInfo(cert
->os_cert_handle(), &size_bits
, &type
);
142 if (should_histogram
) {
143 RecordPublicKeyHistogram(kLeafCert
, baseline_keysize_applies
, size_bits
,
146 if (IsWeakKey(type
, size_bits
))
149 const X509Certificate::OSCertHandles
& intermediates
=
150 cert
->GetIntermediateCertificates();
151 for (size_t i
= 0; i
< intermediates
.size(); ++i
) {
152 X509Certificate::GetPublicKeyInfo(intermediates
[i
], &size_bits
, &type
);
153 if (should_histogram
) {
154 RecordPublicKeyHistogram(
155 (i
< intermediates
.size() - 1) ? kIntermediateCert
: kRootCert
,
156 baseline_keysize_applies
,
160 if (!weak_key
&& IsWeakKey(type
, size_bits
))
170 CertVerifyProc
* CertVerifyProc::CreateDefault() {
171 #if defined(USE_NSS) || defined(OS_IOS)
172 return new CertVerifyProcNSS();
173 #elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
174 return new CertVerifyProcOpenSSL();
175 #elif defined(OS_ANDROID)
176 return new CertVerifyProcAndroid();
177 #elif defined(OS_MACOSX)
178 return new CertVerifyProcMac();
179 #elif defined(OS_WIN)
180 return new CertVerifyProcWin();
186 CertVerifyProc::CertVerifyProc() {}
188 CertVerifyProc::~CertVerifyProc() {}
190 int CertVerifyProc::Verify(X509Certificate
* cert
,
191 const std::string
& hostname
,
194 const CertificateList
& additional_trust_anchors
,
195 CertVerifyResult
* verify_result
) {
196 verify_result
->Reset();
197 verify_result
->verified_cert
= cert
;
199 if (IsBlacklisted(cert
)) {
200 verify_result
->cert_status
|= CERT_STATUS_REVOKED
;
201 return ERR_CERT_REVOKED
;
204 // We do online revocation checking for EV certificates that aren't covered
205 // by a fresh CRLSet.
206 // TODO(rsleevi): http://crbug.com/142974 - Allow preferences to fully
207 // disable revocation checking.
208 if (flags
& CertVerifier::VERIFY_EV_CERT
)
209 flags
|= CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY
;
211 int rv
= VerifyInternal(cert
, hostname
, flags
, crl_set
,
212 additional_trust_anchors
, verify_result
);
214 UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallback",
215 verify_result
->common_name_fallback_used
);
216 if (!verify_result
->is_issued_by_known_root
) {
217 UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallbackPrivateCA",
218 verify_result
->common_name_fallback_used
);
221 // This check is done after VerifyInternal so that VerifyInternal can fill
222 // in the list of public key hashes.
223 if (IsPublicKeyBlacklisted(verify_result
->public_key_hashes
)) {
224 verify_result
->cert_status
|= CERT_STATUS_REVOKED
;
225 rv
= MapCertStatusToNetError(verify_result
->cert_status
);
228 std::vector
<std::string
> dns_names
, ip_addrs
;
229 cert
->GetSubjectAltName(&dns_names
, &ip_addrs
);
230 if (HasNameConstraintsViolation(verify_result
->public_key_hashes
,
231 cert
->subject().common_name
,
234 verify_result
->cert_status
|= CERT_STATUS_NAME_CONSTRAINT_VIOLATION
;
235 rv
= MapCertStatusToNetError(verify_result
->cert_status
);
238 // Check for weak keys in the entire verified chain.
239 bool weak_key
= ExaminePublicKeys(verify_result
->verified_cert
,
240 verify_result
->is_issued_by_known_root
);
243 verify_result
->cert_status
|= CERT_STATUS_WEAK_KEY
;
244 // Avoid replacing a more serious error, such as an OS/library failure,
245 // by ensuring that if verification failed, it failed with a certificate
247 if (rv
== OK
|| IsCertificateError(rv
))
248 rv
= MapCertStatusToNetError(verify_result
->cert_status
);
251 // Treat certificates signed using broken signature algorithms as invalid.
252 if (verify_result
->has_md2
|| verify_result
->has_md4
) {
253 verify_result
->cert_status
|= CERT_STATUS_INVALID
;
254 rv
= MapCertStatusToNetError(verify_result
->cert_status
);
257 // Flag certificates using weak signature algorithms.
258 if (verify_result
->has_md5
) {
259 verify_result
->cert_status
|= CERT_STATUS_WEAK_SIGNATURE_ALGORITHM
;
260 // Avoid replacing a more serious error, such as an OS/library failure,
261 // by ensuring that if verification failed, it failed with a certificate
263 if (rv
== OK
|| IsCertificateError(rv
))
264 rv
= MapCertStatusToNetError(verify_result
->cert_status
);
267 if (verify_result
->has_sha1
)
268 verify_result
->cert_status
|= CERT_STATUS_SHA1_SIGNATURE_PRESENT
;
270 // Flag certificates from publicly-trusted CAs that are issued to intranet
271 // hosts. While the CA/Browser Forum Baseline Requirements (v1.1) permit
272 // these to be issued until 1 November 2015, they represent a real risk for
273 // the deployment of gTLDs and are being phased out ahead of the hard
275 if (verify_result
->is_issued_by_known_root
&& IsHostnameNonUnique(hostname
)) {
276 verify_result
->cert_status
|= CERT_STATUS_NON_UNIQUE_NAME
;
277 // CERT_STATUS_NON_UNIQUE_NAME will eventually become a hard error. For
278 // now treat it as a warning and do not map it to an error return value.
281 // Flag certificates using too long validity periods.
282 if (verify_result
->is_issued_by_known_root
&& HasTooLongValidity(*cert
)) {
283 verify_result
->cert_status
|= CERT_STATUS_VALIDITY_TOO_LONG
;
285 rv
= MapCertStatusToNetError(verify_result
->cert_status
);
292 bool CertVerifyProc::IsBlacklisted(X509Certificate
* cert
) {
293 static const unsigned kComodoSerialBytes
= 16;
294 static const uint8 kComodoSerials
[][kComodoSerialBytes
] = {
295 // Not a real certificate. For testing only.
296 {0x07,0x7a,0x59,0xbc,0xd5,0x34,0x59,0x60,0x1c,0xa6,0x90,0x72,0x67,0xa6,0xdd,0x1c},
298 // The next nine certificates all expire on Fri Mar 14 23:59:59 2014.
299 // Some serial numbers actually have a leading 0x00 byte required to
300 // encode a positive integer in DER if the most significant bit is 0.
301 // We omit the leading 0x00 bytes to make all serial numbers 16 bytes.
303 // Subject: CN=mail.google.com
304 // subjectAltName dNSName: mail.google.com, www.mail.google.com
305 {0x04,0x7e,0xcb,0xe9,0xfc,0xa5,0x5f,0x7b,0xd0,0x9e,0xae,0x36,0xe1,0x0c,0xae,0x1e},
306 // Subject: CN=global trustee
307 // subjectAltName dNSName: global trustee
308 // Note: not a CA certificate.
309 {0xd8,0xf3,0x5f,0x4e,0xb7,0x87,0x2b,0x2d,0xab,0x06,0x92,0xe3,0x15,0x38,0x2f,0xb0},
310 // Subject: CN=login.live.com
311 // subjectAltName dNSName: login.live.com, www.login.live.com
312 {0xb0,0xb7,0x13,0x3e,0xd0,0x96,0xf9,0xb5,0x6f,0xae,0x91,0xc8,0x74,0xbd,0x3a,0xc0},
313 // Subject: CN=addons.mozilla.org
314 // subjectAltName dNSName: addons.mozilla.org, www.addons.mozilla.org
315 {0x92,0x39,0xd5,0x34,0x8f,0x40,0xd1,0x69,0x5a,0x74,0x54,0x70,0xe1,0xf2,0x3f,0x43},
316 // Subject: CN=login.skype.com
317 // subjectAltName dNSName: login.skype.com, www.login.skype.com
318 {0xe9,0x02,0x8b,0x95,0x78,0xe4,0x15,0xdc,0x1a,0x71,0x0a,0x2b,0x88,0x15,0x44,0x47},
319 // Subject: CN=login.yahoo.com
320 // subjectAltName dNSName: login.yahoo.com, www.login.yahoo.com
321 {0xd7,0x55,0x8f,0xda,0xf5,0xf1,0x10,0x5b,0xb2,0x13,0x28,0x2b,0x70,0x77,0x29,0xa3},
322 // Subject: CN=www.google.com
323 // subjectAltName dNSName: www.google.com, google.com
324 {0xf5,0xc8,0x6a,0xf3,0x61,0x62,0xf1,0x3a,0x64,0xf5,0x4f,0x6d,0xc9,0x58,0x7c,0x06},
325 // Subject: CN=login.yahoo.com
326 // subjectAltName dNSName: login.yahoo.com
327 {0x39,0x2a,0x43,0x4f,0x0e,0x07,0xdf,0x1f,0x8a,0xa3,0x05,0xde,0x34,0xe0,0xc2,0x29},
328 // Subject: CN=login.yahoo.com
329 // subjectAltName dNSName: login.yahoo.com
330 {0x3e,0x75,0xce,0xd4,0x6b,0x69,0x30,0x21,0x21,0x88,0x30,0xae,0x86,0xa8,0x2a,0x71},
333 const std::string
& serial_number
= cert
->serial_number();
334 if (!serial_number
.empty() && (serial_number
[0] & 0x80) != 0) {
335 // This is a negative serial number, which isn't technically allowed but
336 // which probably happens. In order to avoid confusing a negative serial
337 // number with a positive one once the leading zeros have been removed, we
342 base::StringPiece
serial(serial_number
);
343 // Remove leading zeros.
344 while (serial
.size() > 1 && serial
[0] == 0)
345 serial
.remove_prefix(1);
347 if (serial
.size() == kComodoSerialBytes
) {
348 for (unsigned i
= 0; i
< arraysize(kComodoSerials
); i
++) {
349 if (memcmp(kComodoSerials
[i
], serial
.data(), kComodoSerialBytes
) == 0) {
350 UMA_HISTOGRAM_ENUMERATION("Net.SSLCertBlacklisted", i
,
351 arraysize(kComodoSerials
) + 1);
357 // CloudFlare revoked all certificates issued prior to April 2nd, 2014. Thus
358 // all certificates where the CN ends with ".cloudflare.com" with a prior
359 // issuance date are rejected.
361 // The old certs had a lifetime of five years, so this can be removed April
363 const std::string
& cn
= cert
->subject().common_name
;
364 static const char kCloudFlareCNSuffix
[] = ".cloudflare.com";
365 // kCloudFlareEpoch is the base::Time internal value for midnight at the
366 // beginning of April 2nd, 2014, UTC.
367 static const int64 kCloudFlareEpoch
= INT64_C(13040870400000000);
368 if (cn
.size() > arraysize(kCloudFlareCNSuffix
) - 1 &&
369 cn
.compare(cn
.size() - (arraysize(kCloudFlareCNSuffix
) - 1),
370 arraysize(kCloudFlareCNSuffix
) - 1,
371 kCloudFlareCNSuffix
) == 0 &&
372 cert
->valid_start() < base::Time::FromInternalValue(kCloudFlareEpoch
)) {
380 // NOTE: This implementation assumes and enforces that the hashes are SHA1.
381 bool CertVerifyProc::IsPublicKeyBlacklisted(
382 const HashValueVector
& public_key_hashes
) {
383 static const unsigned kNumHashes
= 17;
384 static const uint8 kHashes
[kNumHashes
][base::kSHA1Length
] = {
385 // Subject: CN=DigiNotar Root CA
386 // Issuer: CN=Entrust.net x2 and self-signed
387 {0x41, 0x0f, 0x36, 0x36, 0x32, 0x58, 0xf3, 0x0b, 0x34, 0x7d,
388 0x12, 0xce, 0x48, 0x63, 0xe4, 0x33, 0x43, 0x78, 0x06, 0xa8},
389 // Subject: CN=DigiNotar Cyber CA
390 // Issuer: CN=GTE CyberTrust Global Root
391 {0xc4, 0xf9, 0x66, 0x37, 0x16, 0xcd, 0x5e, 0x71, 0xd6, 0x95,
392 0x0b, 0x5f, 0x33, 0xce, 0x04, 0x1c, 0x95, 0xb4, 0x35, 0xd1},
393 // Subject: CN=DigiNotar Services 1024 CA
394 // Issuer: CN=Entrust.net
395 {0xe2, 0x3b, 0x8d, 0x10, 0x5f, 0x87, 0x71, 0x0a, 0x68, 0xd9,
396 0x24, 0x80, 0x50, 0xeb, 0xef, 0xc6, 0x27, 0xbe, 0x4c, 0xa6},
397 // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2
398 // Issuer: CN=Staat der Nederlanden Organisatie CA - G2
399 {0x7b, 0x2e, 0x16, 0xbc, 0x39, 0xbc, 0xd7, 0x2b, 0x45, 0x6e,
400 0x9f, 0x05, 0x5d, 0x1d, 0xe6, 0x15, 0xb7, 0x49, 0x45, 0xdb},
401 // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven
402 // Issuer: CN=Staat der Nederlanden Overheid CA
403 {0xe8, 0xf9, 0x12, 0x00, 0xc6, 0x5c, 0xee, 0x16, 0xe0, 0x39,
404 0xb9, 0xf8, 0x83, 0x84, 0x16, 0x61, 0x63, 0x5f, 0x81, 0xc5},
405 // Subject: O=Digicert Sdn. Bhd.
406 // Issuer: CN=GTE CyberTrust Global Root
407 // Expires: Jul 17 15:16:54 2012 GMT
408 {0x01, 0x29, 0xbc, 0xd5, 0xb4, 0x48, 0xae, 0x8d, 0x24, 0x96,
409 0xd1, 0xc3, 0xe1, 0x97, 0x23, 0x91, 0x90, 0x88, 0xe1, 0x52},
410 // Subject: O=Digicert Sdn. Bhd.
411 // Issuer: CN=Entrust.net Certification Authority (2048)
412 // Expires: Jul 16 17:53:37 2015 GMT
413 {0xd3, 0x3c, 0x5b, 0x41, 0xe4, 0x5c, 0xc4, 0xb3, 0xbe, 0x9a,
414 0xd6, 0x95, 0x2c, 0x4e, 0xcc, 0x25, 0x28, 0x03, 0x29, 0x81},
415 // Issuer: CN=Trustwave Organization Issuing CA, Level 2
416 // Covers two certificates, the latter of which expires Apr 15 21:09:30
418 {0xe1, 0x2d, 0x89, 0xf5, 0x6d, 0x22, 0x76, 0xf8, 0x30, 0xe6,
419 0xce, 0xaf, 0xa6, 0x6c, 0x72, 0x5c, 0x0b, 0x41, 0xa9, 0x32},
420 // Cyberoam CA certificate. Private key leaked, but this certificate would
421 // only have been installed by Cyberoam customers. The certificate expires
422 // in 2036, but we can probably remove in a couple of years (2014).
423 {0xd9, 0xf5, 0xc6, 0xce, 0x57, 0xff, 0xaa, 0x39, 0xcc, 0x7e,
424 0xd1, 0x72, 0xbd, 0x53, 0xe0, 0xd3, 0x07, 0x83, 0x4b, 0xd1},
425 // Win32/Sirefef.gen!C generates fake certificates with this public key.
426 {0xa4, 0xf5, 0x6e, 0x9e, 0x1d, 0x9a, 0x3b, 0x7b, 0x1a, 0xc3,
427 0x31, 0xcf, 0x64, 0xfc, 0x76, 0x2c, 0xd0, 0x51, 0xfb, 0xa4},
428 // Three retired intermediate certificates from Symantec. No compromise;
429 // just for robustness. All expire May 17 23:59:59 2018.
430 // See https://bugzilla.mozilla.org/show_bug.cgi?id=966060
431 {0x68, 0x5e, 0xec, 0x0a, 0x39, 0xf6, 0x68, 0xae, 0x8f, 0xd8,
432 0x96, 0x4f, 0x98, 0x74, 0x76, 0xb4, 0x50, 0x4f, 0xd2, 0xbe},
433 {0x0e, 0x50, 0x2d, 0x4d, 0xd1, 0xe1, 0x60, 0x36, 0x8a, 0x31,
434 0xf0, 0x6a, 0x81, 0x04, 0x31, 0xba, 0x6f, 0x72, 0xc0, 0x41},
435 {0x93, 0xd1, 0x53, 0x22, 0x29, 0xcc, 0x2a, 0xbd, 0x21, 0xdf,
436 0xf5, 0x97, 0xee, 0x32, 0x0f, 0xe4, 0x24, 0x6f, 0x3d, 0x0c},
437 // C=IN, O=National Informatics Centre, OU=NICCA, CN=NIC Certifying
438 // Authority. Issued by C=IN, O=India PKI, CN=CCA India 2007.
439 // Expires July 4th, 2015.
440 {0xf5, 0x71, 0x79, 0xfa, 0xea, 0x10, 0xc5, 0x43, 0x8c, 0xb0,
441 0xc6, 0xe1, 0xcc, 0x27, 0x7b, 0x6e, 0x0d, 0xb2, 0xff, 0x54},
442 // C=IN, O=National Informatics Centre, CN=NIC CA 2011. Issued by
443 // C=IN, O=India PKI, CN=CCA India 2011.
444 // Expires March 11th 2016.
445 {0x07, 0x7a, 0xc7, 0xde, 0x8d, 0xa5, 0x58, 0x64, 0x3a, 0x06,
446 0xc5, 0x36, 0x9e, 0x55, 0x4f, 0xae, 0xb3, 0xdf, 0xa1, 0x66},
447 // C=IN, O=National Informatics Centre, CN=NIC CA 2014. Issued by
448 // C=IN, O=India PKI, CN=CCA India 2014.
449 // Expires: March 5th, 2024.
450 {0xe5, 0x8e, 0x31, 0x5b, 0xaa, 0xee, 0xaa, 0xc6, 0xe7, 0x2e,
451 0xc9, 0x57, 0x36, 0x70, 0xca, 0x2f, 0x25, 0x4e, 0xc3, 0x47},
452 // C=DE, O=Fraunhofer, OU=Fraunhofer Corporate PKI,
453 // CN=Fraunhofer Service CA 2007.
454 // Expires: Jun 30 2019.
455 // No compromise, just for robustness. See
456 // https://bugzilla.mozilla.org/show_bug.cgi?id=1076940
457 {0x38, 0x4d, 0x0c, 0x1d, 0xc4, 0x77, 0xa7, 0xb3, 0xf8, 0x67,
458 0x86, 0xd0, 0x18, 0x51, 0x9f, 0x58, 0x9f, 0x1e, 0x9e, 0x25},
461 for (unsigned i
= 0; i
< kNumHashes
; i
++) {
462 for (HashValueVector::const_iterator j
= public_key_hashes
.begin();
463 j
!= public_key_hashes
.end(); ++j
) {
464 if (j
->tag
== HASH_VALUE_SHA1
&&
465 memcmp(j
->data(), kHashes
[i
], base::kSHA1Length
) == 0) {
474 static const size_t kMaxDomainLength
= 18;
476 // CheckNameConstraints verifies that every name in |dns_names| is in one of
477 // the domains specified by |domains|. The |domains| array is terminated by an
479 static bool CheckNameConstraints(const std::vector
<std::string
>& dns_names
,
480 const char domains
[][kMaxDomainLength
]) {
481 for (std::vector
<std::string
>::const_iterator i
= dns_names
.begin();
482 i
!= dns_names
.end(); ++i
) {
484 url::CanonHostInfo host_info
;
485 const std::string dns_name
= CanonicalizeHost(*i
, &host_info
);
486 if (host_info
.IsIPAddress())
489 const size_t registry_len
= registry_controlled_domains::GetRegistryLength(
491 registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES
,
492 registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES
);
493 // If the name is not in a known TLD, ignore it. This permits internal
495 if (registry_len
== 0)
498 for (size_t j
= 0; domains
[j
][0]; ++j
) {
499 const size_t domain_length
= strlen(domains
[j
]);
500 // The DNS name must have "." + domains[j] as a suffix.
501 if (i
->size() <= (1 /* period before domain */ + domain_length
))
504 const char* suffix
= &dns_name
[i
->size() - domain_length
- 1];
505 if (suffix
[0] != '.')
507 if (memcmp(&suffix
[1], domains
[j
], domain_length
) != 0)
520 // PublicKeyDomainLimitation contains a SHA1, SPKI hash and a pointer to an
521 // array of fixed-length strings that contain the domains that the SPKI is
522 // allowed to issue for.
523 struct PublicKeyDomainLimitation
{
524 uint8 public_key
[base::kSHA1Length
];
525 const char (*domains
)[kMaxDomainLength
];
529 bool CertVerifyProc::HasNameConstraintsViolation(
530 const HashValueVector
& public_key_hashes
,
531 const std::string
& common_name
,
532 const std::vector
<std::string
>& dns_names
,
533 const std::vector
<std::string
>& ip_addrs
) {
534 static const char kDomainsANSSI
[][kMaxDomainLength
] = {
541 "pm", // Saint-Pierre et Miquelon
542 "bl", // Saint Barthélemy
543 "mf", // Saint Martin
544 "wf", // Wallis et Futuna
545 "pf", // Polynésie française
546 "nc", // Nouvelle Calédonie
547 "tf", // Terres australes et antarctiques françaises
551 static const char kDomainsIndiaCCA
[][kMaxDomainLength
] = {
562 static const char kDomainsTest
[][kMaxDomainLength
] = {
567 static const PublicKeyDomainLimitation kLimits
[] = {
568 // C=FR, ST=France, L=Paris, O=PM/SGDN, OU=DCSSI,
569 // CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
571 {0x79, 0x23, 0xd5, 0x8d, 0x0f, 0xe0, 0x3c, 0xe6, 0xab, 0xad,
572 0xae, 0x27, 0x1a, 0x6d, 0x94, 0xf4, 0x14, 0xd1, 0xa8, 0x73},
575 // C=IN, O=India PKI, CN=CCA India 2007
576 // Expires: July 4th 2015.
578 {0xfe, 0xe3, 0x95, 0x21, 0x2d, 0x5f, 0xea, 0xfc, 0x7e, 0xdc,
579 0xcf, 0x88, 0x3f, 0x1e, 0xc0, 0x58, 0x27, 0xd8, 0xb8, 0xe4},
582 // C=IN, O=India PKI, CN=CCA India 2011
583 // Expires: March 11 2016.
585 {0xf1, 0x42, 0xf6, 0xa2, 0x7d, 0x29, 0x3e, 0xa8, 0xf9, 0x64,
586 0x52, 0x56, 0xed, 0x07, 0xa8, 0x63, 0xf2, 0xdb, 0x1c, 0xdf},
589 // C=IN, O=India PKI, CN=CCA India 2014
590 // Expires: March 5 2024.
592 {0x36, 0x8c, 0x4a, 0x1e, 0x2d, 0xb7, 0x81, 0xe8, 0x6b, 0xed,
593 0x5a, 0x0a, 0x42, 0xb8, 0xc5, 0xcf, 0x6d, 0xb3, 0x57, 0xe1},
596 // Not a real certificate - just for testing. This is the SPKI hash of
597 // the keys used in net/data/ssl/certificates/name_constraint_*.crt.
599 {0x61, 0xec, 0x82, 0x8b, 0xdb, 0x5c, 0x78, 0x2a, 0x8f, 0xcc,
600 0x4f, 0x0f, 0x14, 0xbb, 0x85, 0x31, 0x93, 0x9f, 0xf7, 0x3d},
605 for (unsigned i
= 0; i
< arraysize(kLimits
); ++i
) {
606 for (HashValueVector::const_iterator j
= public_key_hashes
.begin();
607 j
!= public_key_hashes
.end(); ++j
) {
608 if (j
->tag
== HASH_VALUE_SHA1
&&
609 memcmp(j
->data(), kLimits
[i
].public_key
, base::kSHA1Length
) == 0) {
610 if (dns_names
.empty() && ip_addrs
.empty()) {
611 std::vector
<std::string
> dns_names
;
612 dns_names
.push_back(common_name
);
613 if (!CheckNameConstraints(dns_names
, kLimits
[i
].domains
))
616 if (!CheckNameConstraints(dns_names
, kLimits
[i
].domains
))
627 bool CertVerifyProc::HasTooLongValidity(const X509Certificate
& cert
) {
628 const base::Time
& start
= cert
.valid_start();
629 const base::Time
& expiry
= cert
.valid_expiry();
630 if (start
.is_max() || start
.is_null() || expiry
.is_max() ||
631 expiry
.is_null() || start
> expiry
) {
635 base::Time::Exploded exploded_start
;
636 base::Time::Exploded exploded_expiry
;
637 cert
.valid_start().UTCExplode(&exploded_start
);
638 cert
.valid_expiry().UTCExplode(&exploded_expiry
);
640 if (exploded_expiry
.year
- exploded_start
.year
> 10)
643 int month_diff
= (exploded_expiry
.year
- exploded_start
.year
) * 12 +
644 (exploded_expiry
.month
- exploded_start
.month
);
646 // Add any remainder as a full month.
647 if (exploded_expiry
.day_of_month
> exploded_start
.day_of_month
)
650 static const base::Time time_2012_07_01
=
651 base::Time::FromUTCExploded({2012, 7, 0, 1, 0, 0, 0, 0});
652 static const base::Time time_2015_04_01
=
653 base::Time::FromUTCExploded({2015, 4, 0, 1, 0, 0, 0, 0});
654 static const base::Time time_2019_07_01
=
655 base::Time::FromUTCExploded({2019, 7, 0, 1, 0, 0, 0, 0});
657 // For certificates issued before the BRs took effect.
658 if (start
< time_2012_07_01
&& (month_diff
> 120 || expiry
> time_2019_07_01
))
661 // For certificates issued after 1 July 2012: 60 months.
662 if (start
>= time_2012_07_01
&& month_diff
> 60)
665 // For certificates issued after 1 April 2015: 39 months.
666 if (start
>= time_2015_04_01
&& month_diff
> 39)
