| blob | 222ba47f51c98fcab412a52334146ee064d77696 |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
22 #if defined(USE_NSS) || defined(OS_IOS)
24 #elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
26 #elif defined(OS_ANDROID)
28 #elif defined(OS_MACOSX)
30 #elif defined(OS_WIN)
32 #else
33 #error Implement certificate verification.
34 #endif
41 // Constants used to build histogram names
45 // Matches the order of X509Certificate::PublicKeyType
52 "ECDH"
53 };
54 // Histogram buckets for RSA/DSA/DH key sizes.
57 // Histogram buckets for ECDSA/ECDH key sizes. The list is based upon the FIPS
58 // 186-4 approved curves.
65 }
67 }
76 chain_position,
78 // Do not use UMA_HISTOGRAM_... macros here, as it caches the Histogram
79 // instance and thus only works if |histogram_name| is constant.
82 // Histogram buckets are contingent upon the underlying algorithm being used.
85 // Typical key sizes match SECP/FIPS 186-3 recommendations for prime and
86 // binary curves - which range from 163 bits to 571 bits.
88 histogram_name,
93 // Key sizes < 1024 bits should cause errors, while key sizes > 16K are not
94 // uniformly supported by the underlying cryptographic libraries.
96 histogram_name,
100 }
102 }
104 // Returns true if |type| is |kPublicKeyTypeRSA| or |kPublicKeyTypeDSA|, and
105 // if |size_bits| is < 1024. Note that this means there may be false
106 // negatives: keys for other algorithms and which are weak will pass this
107 // test.
115 }
116 }
118 // Returns true if |cert| contains a known-weak key. Additionally, histograms
119 // the observed keys for future tightening of the definition of what
120 // constitutes a weak key.
123 // The effective date of the CA/Browser Forum's Baseline Requirements -
124 // 2012-07-01 00:00:00 UTC.
127 // The effective date of the key size requirements from Appendix A, v1.1.5
128 // 2014-01-01 00:00:00 UTC.
142 type);
143 }
154 baseline_keysize_applies,
155 size_bits,
156 type);
157 }
160 }
163 }
167 // static
169 #if defined(USE_NSS) || defined(OS_IOS)
171 #elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
173 #elif defined(OS_ANDROID)
175 #elif defined(OS_MACOSX)
177 #elif defined(OS_WIN)
179 #else
181 #endif
182 }
200 }
202 // We do online revocation checking for EV certificates that aren't covered
203 // by a fresh CRLSet.
204 // TODO(rsleevi): http://crbug.com/142974 - Allow preferences to fully
205 // disable revocation checking.
217 }
219 // This check is done after VerifyInternal so that VerifyInternal can fill
220 // in the list of public key hashes.
224 }
230 dns_names,
231 ip_addrs)) {
234 }
236 // Check for weak keys in the entire verified chain.
242 // Avoid replacing a more serious error, such as an OS/library failure,
243 // by ensuring that if verification failed, it failed with a certificate
244 // error.
247 }
249 // Treat certificates signed using broken signature algorithms as invalid.
253 }
255 // Flag certificates using weak signature algorithms.
258 // Avoid replacing a more serious error, such as an OS/library failure,
259 // by ensuring that if verification failed, it failed with a certificate
260 // error.
263 }
268 // Flag certificates from publicly-trusted CAs that are issued to intranet
269 // hosts. While the CA/Browser Forum Baseline Requirements (v1.1) permit
270 // these to be issued until 1 November 2015, they represent a real risk for
271 // the deployment of gTLDs and are being phased out ahead of the hard
272 // deadline.
275 // CERT_STATUS_NON_UNIQUE_NAME will eventually become a hard error. For
276 // now treat it as a warning and do not map it to an error return value.
277 }
280 }
282 // static
286 // Not a real certificate. For testing only.
289 // The next nine certificates all expire on Fri Mar 14 23:59:59 2014.
290 // Some serial numbers actually have a leading 0x00 byte required to
291 // encode a positive integer in DER if the most significant bit is 0.
292 // We omit the leading 0x00 bytes to make all serial numbers 16 bytes.
294 // Subject: CN=mail.google.com
295 // subjectAltName dNSName: mail.google.com, www.mail.google.com
297 // Subject: CN=global trustee
298 // subjectAltName dNSName: global trustee
299 // Note: not a CA certificate.
301 // Subject: CN=login.live.com
302 // subjectAltName dNSName: login.live.com, www.login.live.com
304 // Subject: CN=addons.mozilla.org
305 // subjectAltName dNSName: addons.mozilla.org, www.addons.mozilla.org
307 // Subject: CN=login.skype.com
308 // subjectAltName dNSName: login.skype.com, www.login.skype.com
310 // Subject: CN=login.yahoo.com
311 // subjectAltName dNSName: login.yahoo.com, www.login.yahoo.com
313 // Subject: CN=www.google.com
314 // subjectAltName dNSName: www.google.com, google.com
316 // Subject: CN=login.yahoo.com
317 // subjectAltName dNSName: login.yahoo.com
319 // Subject: CN=login.yahoo.com
320 // subjectAltName dNSName: login.yahoo.com
322 };
326 // This is a negative serial number, which isn't technically allowed but
327 // which probably happens. In order to avoid confusing a negative serial
328 // number with a positive one once the leading zeros have been removed, we
329 // disregard it.
331 }
334 // Remove leading zeros.
344 }
345 }
346 }
348 // CloudFlare revoked all certificates issued prior to April 2nd, 2014. Thus
349 // all certificates where the CN ends with ".cloudflare.com" with a prior
350 // issuance date are rejected.
351 //
352 // The old certs had a lifetime of five years, so this can be removed April
353 // 2nd, 2019.
356 // kCloudFlareEpoch is the base::Time internal value for midnight at the
357 // beginning of April 2nd, 2014, UTC.
365 }
368 }
370 // static
371 // NOTE: This implementation assumes and enforces that the hashes are SHA1.
376 // Subject: CN=DigiNotar Root CA
377 // Issuer: CN=Entrust.net x2 and self-signed
380 // Subject: CN=DigiNotar Cyber CA
381 // Issuer: CN=GTE CyberTrust Global Root
384 // Subject: CN=DigiNotar Services 1024 CA
385 // Issuer: CN=Entrust.net
388 // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2
389 // Issuer: CN=Staat der Nederlanden Organisatie CA - G2
392 // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven
393 // Issuer: CN=Staat der Nederlanden Overheid CA
396 // Subject: O=Digicert Sdn. Bhd.
397 // Issuer: CN=GTE CyberTrust Global Root
398 // Expires: Jul 17 15:16:54 2012 GMT
401 // Subject: O=Digicert Sdn. Bhd.
402 // Issuer: CN=Entrust.net Certification Authority (2048)
403 // Expires: Jul 16 17:53:37 2015 GMT
406 // Issuer: CN=Trustwave Organization Issuing CA, Level 2
407 // Covers two certificates, the latter of which expires Apr 15 21:09:30
408 // 2021 GMT.
411 // Cyberoam CA certificate. Private key leaked, but this certificate would
412 // only have been installed by Cyberoam customers. The certificate expires
413 // in 2036, but we can probably remove in a couple of years (2014).
416 // Win32/Sirefef.gen!C generates fake certificates with this public key.
419 // Three retired intermediate certificates from Symantec. No compromise;
420 // just for robustness. All expire May 17 23:59:59 2018.
421 // See https://bugzilla.mozilla.org/show_bug.cgi?id=966060
428 // C=IN, O=National Informatics Centre, OU=NICCA, CN=NIC Certifying
429 // Authority. Issued by C=IN, O=India PKI, CN=CCA India 2007.
430 // Expires July 4th, 2015.
433 // C=IN, O=National Informatics Centre, CN=NIC CA 2011. Issued by
434 // C=IN, O=India PKI, CN=CCA India 2011.
435 // Expires March 11th 2016.
438 // C=IN, O=National Informatics Centre, CN=NIC CA 2014. Issued by
439 // C=IN, O=India PKI, CN=CCA India 2014.
440 // Expires: March 5th, 2024.
443 // C=DE, O=Fraunhofer, OU=Fraunhofer Corporate PKI,
444 // CN=Fraunhofer Service CA 2007.
445 // Expires: Jun 30 2019.
446 // No compromise, just for robustness. See
447 // https://bugzilla.mozilla.org/show_bug.cgi?id=1076940
450 };
458 }
459 }
460 }
463 }
467 // CheckNameConstraints verifies that every name in |dns_names| is in one of
468 // the domains specified by |domains|. The |domains| array is terminated by an
469 // empty string.
481 dns_name,
484 // If the name is not in a known TLD, ignore it. This permits internal
485 // names.
491 // The DNS name must have "." + domains[j] as a suffix.
502 }
506 }
509 }
511 // PublicKeyDomainLimitation contains a SHA1, SPKI hash and a pointer to an
512 // array of fixed-length strings that contain the domains that the SPKI is
513 // allowed to issue for.
517 };
519 // static
540 };
551 };
556 };
559 // C=FR, ST=France, L=Paris, O=PM/SGDN, OU=DCSSI,
560 // CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
561 {
564 kDomainsANSSI,
565 },
566 // C=IN, O=India PKI, CN=CCA India 2007
567 // Expires: July 4th 2015.
568 {
571 kDomainsIndiaCCA,
572 },
573 // C=IN, O=India PKI, CN=CCA India 2011
574 // Expires: March 11 2016.
575 {
578 kDomainsIndiaCCA,
579 },
580 // C=IN, O=India PKI, CN=CCA India 2014
581 // Expires: March 5 2024.
582 {
585 kDomainsIndiaCCA,
586 },
587 // Not a real certificate - just for testing. This is the SPKI hash of
588 // the keys used in net/data/ssl/certificates/name_constraint_*.crt.
589 {
592 kDomainsTest,
593 },
594 };
609 }
610 }
611 }
612 }
615 }