search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert 254567 "don't create SkDevice directly, use SkBitmap or (..."
[chromium-blink-merge.git] / net / cert / cert_verify_proc_nss.cc
blob9d3652b8c593bfe3f4472046778dba6bc77c50e7
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/cert_verify_proc_nss.h"
6
7 #include <string>
8 #include <vector>
9
10 #include <cert.h>
11 #include <nss.h>
12 #include <prerror.h>
13 #include <secerr.h>
14 #include <sechash.h>
15 #include <sslerr.h>
16
17 #include "base/logging.h"
18 #include "crypto/nss_util.h"
19 #include "crypto/scoped_nss_types.h"
20 #include "crypto/sha2.h"
21 #include "net/base/net_errors.h"
22 #include "net/cert/asn1_util.h"
23 #include "net/cert/cert_status_flags.h"
24 #include "net/cert/cert_verifier.h"
25 #include "net/cert/cert_verify_result.h"
26 #include "net/cert/crl_set.h"
27 #include "net/cert/ev_root_ca_metadata.h"
28 #include "net/cert/x509_certificate.h"
29 #include "net/cert/x509_util_nss.h"
30
31 #if defined(OS_IOS)
32 #include <CommonCrypto/CommonDigest.h>
33 #include "net/cert/x509_util_ios.h"
34 #endif // defined(OS_IOS)
35
36 namespace net {
37
38 namespace {
39
40 typedef scoped_ptr<
41 CERTCertificatePolicies,
42 crypto::NSSDestroyer<CERTCertificatePolicies,
43 CERT_DestroyCertificatePoliciesExtension> >
44 ScopedCERTCertificatePolicies;
45
46 typedef scoped_ptr<
47 CERTCertList,
48 crypto::NSSDestroyer<CERTCertList, CERT_DestroyCertList> >
49 ScopedCERTCertList;
50
51 // ScopedCERTValOutParam manages destruction of values in the CERTValOutParam
52 // array that cvout points to. cvout must be initialized as passed to
53 // CERT_PKIXVerifyCert, so that the array must be terminated with
54 // cert_po_end type.
55 // When it goes out of scope, it destroys values of cert_po_trustAnchor
56 // and cert_po_certList types, but doesn't release the array itself.
57 class ScopedCERTValOutParam {
58 public:
59 explicit ScopedCERTValOutParam(CERTValOutParam* cvout) : cvout_(cvout) {}
60
61 ~ScopedCERTValOutParam() {
62 Clear();
63 }
64
65 // Free the internal resources, but do not release the array itself.
66 void Clear() {
67 if (cvout_ == NULL)
68 return;
69 for (CERTValOutParam *p = cvout_; p->type != cert_po_end; p++) {
70 switch (p->type) {
71 case cert_po_trustAnchor:
72 if (p->value.pointer.cert) {
73 CERT_DestroyCertificate(p->value.pointer.cert);
74 p->value.pointer.cert = NULL;
75 }
76 break;
77 case cert_po_certList:
78 if (p->value.pointer.chain) {
79 CERT_DestroyCertList(p->value.pointer.chain);
80 p->value.pointer.chain = NULL;
81 }
82 break;
83 default:
84 break;
85 }
86 }
87 }
88
89 private:
90 CERTValOutParam* cvout_;
91
92 DISALLOW_COPY_AND_ASSIGN(ScopedCERTValOutParam);
93 };
94
95 // Map PORT_GetError() return values to our network error codes.
96 int MapSecurityError(int err) {
97 switch (err) {
98 case PR_DIRECTORY_LOOKUP_ERROR: // DNS lookup error.
99 return ERR_NAME_NOT_RESOLVED;
100 case SEC_ERROR_INVALID_ARGS:
101 return ERR_INVALID_ARGUMENT;
102 case SSL_ERROR_BAD_CERT_DOMAIN:
103 return ERR_CERT_COMMON_NAME_INVALID;
104 case SEC_ERROR_INVALID_TIME:
105 case SEC_ERROR_EXPIRED_CERTIFICATE:
106 case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
107 return ERR_CERT_DATE_INVALID;
108 case SEC_ERROR_UNKNOWN_ISSUER:
109 case SEC_ERROR_UNTRUSTED_ISSUER:
110 case SEC_ERROR_CA_CERT_INVALID:
111 case SEC_ERROR_APPLICATION_CALLBACK_ERROR: // Rejected by
112 // chain_verify_callback.
113 return ERR_CERT_AUTHORITY_INVALID;
114 // TODO(port): map ERR_CERT_NO_REVOCATION_MECHANISM.
115 case SEC_ERROR_OCSP_BAD_HTTP_RESPONSE:
116 case SEC_ERROR_OCSP_SERVER_ERROR:
117 return ERR_CERT_UNABLE_TO_CHECK_REVOCATION;
118 case SEC_ERROR_REVOKED_CERTIFICATE:
119 case SEC_ERROR_UNTRUSTED_CERT: // Treat as revoked.
120 return ERR_CERT_REVOKED;
121 case SEC_ERROR_CERT_NOT_IN_NAME_SPACE:
122 return ERR_CERT_NAME_CONSTRAINT_VIOLATION;
123 case SEC_ERROR_BAD_DER:
124 case SEC_ERROR_BAD_SIGNATURE:
125 case SEC_ERROR_CERT_NOT_VALID:
126 // TODO(port): add an ERR_CERT_WRONG_USAGE error code.
127 case SEC_ERROR_CERT_USAGES_INVALID:
128 case SEC_ERROR_INADEQUATE_KEY_USAGE: // Key usage.
129 case SEC_ERROR_INADEQUATE_CERT_TYPE: // Extended key usage and whether
130 // the certificate is a CA.
131 case SEC_ERROR_POLICY_VALIDATION_FAILED:
132 case SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID:
133 case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
134 case SEC_ERROR_EXTENSION_VALUE_INVALID:
135 return ERR_CERT_INVALID;
136 case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
137 return ERR_CERT_WEAK_SIGNATURE_ALGORITHM;
138 default:
139 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED";
140 return ERR_FAILED;
141 }
142 }
143
144 // Map PORT_GetError() return values to our cert status flags.
145 CertStatus MapCertErrorToCertStatus(int err) {
146 int net_error = MapSecurityError(err);
147 return MapNetErrorToCertStatus(net_error);
148 }
149
150 // Saves some information about the certificate chain cert_list in
151 // *verify_result. The caller MUST initialize *verify_result before calling
152 // this function.
153 // Note that cert_list[0] is the end entity certificate.
154 void GetCertChainInfo(CERTCertList* cert_list,
155 CERTCertificate* root_cert,
156 CertVerifyResult* verify_result) {
157 DCHECK(cert_list);
158
159 CERTCertificate* verified_cert = NULL;
160 std::vector<CERTCertificate*> verified_chain;
161 int i = 0;
162 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
163 !CERT_LIST_END(node, cert_list);
164 node = CERT_LIST_NEXT(node), ++i) {
165 if (i == 0) {
166 verified_cert = node->cert;
167 } else {
168 // Because of an NSS bug, CERT_PKIXVerifyCert may chain a self-signed
169 // certificate of a root CA to another certificate of the same root CA
170 // key. Detect that error and ignore the root CA certificate.
171 // See https://bugzilla.mozilla.org/show_bug.cgi?id=721288.
172 if (node->cert->isRoot) {
173 // NOTE: isRoot doesn't mean the certificate is a trust anchor. It
174 // means the certificate is self-signed. Here we assume isRoot only
175 // implies the certificate is self-issued.
176 CERTCertListNode* next_node = CERT_LIST_NEXT(node);
177 CERTCertificate* next_cert;
178 if (!CERT_LIST_END(next_node, cert_list)) {
179 next_cert = next_node->cert;
180 } else {
181 next_cert = root_cert;
182 }
183 // Test that |node->cert| is actually a self-signed certificate
184 // whose key is equal to |next_cert|, and not a self-issued
185 // certificate signed by another key of the same CA.
186 if (next_cert && SECITEM_ItemsAreEqual(&node->cert->derPublicKey,
187 &next_cert->derPublicKey)) {
188 continue;
189 }
190 }
191 verified_chain.push_back(node->cert);
192 }
193
194 SECAlgorithmID& signature = node->cert->signature;
195 SECOidTag oid_tag = SECOID_FindOIDTag(&signature.algorithm);
196 switch (oid_tag) {
197 case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
198 verify_result->has_md5 = true;
199 break;
200 case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
201 verify_result->has_md2 = true;
202 break;
203 case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
204 verify_result->has_md4 = true;
205 break;
206 default:
207 break;
208 }
209 }
210
211 if (root_cert)
212 verified_chain.push_back(root_cert);
213 #if defined(OS_IOS)
214 verify_result->verified_cert =
215 x509_util_ios::CreateCertFromNSSHandles(verified_cert, verified_chain);
216 #else
217 verify_result->verified_cert =
218 X509Certificate::CreateFromHandle(verified_cert, verified_chain);
219 #endif // defined(OS_IOS)
220 }
221
222 // IsKnownRoot returns true if the given certificate is one that we believe
223 // is a standard (as opposed to user-installed) root.
224 bool IsKnownRoot(CERTCertificate* root) {
225 if (!root || !root->slot)
226 return false;
227
228 // This magic name is taken from
229 // http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ckfw/builtins/constants.c&rev=1.13&mark=86,89#79
230 return 0 == strcmp(PK11_GetSlotName(root->slot),
231 "NSS Builtin Objects");
232 }
233
234 // Returns true if the given certificate is one of the additional trust anchors.
235 bool IsAdditionalTrustAnchor(CERTCertList* additional_trust_anchors,
236 CERTCertificate* root) {
237 if (!additional_trust_anchors || !root)
238 return false;
239 for (CERTCertListNode* node = CERT_LIST_HEAD(additional_trust_anchors);
240 !CERT_LIST_END(node, additional_trust_anchors);
241 node = CERT_LIST_NEXT(node)) {
242 if (CERT_CompareCerts(node->cert, root))
243 return true;
244 }
245 return false;
246 }
247
248 enum CRLSetResult {
249 kCRLSetOk,
250 kCRLSetRevoked,
251 kCRLSetUnknown,
252 };
253
254 // CheckRevocationWithCRLSet attempts to check each element of |cert_list|
255 // against |crl_set|. It returns:
256 // kCRLSetRevoked: if any element of the chain is known to have been revoked.
257 // kCRLSetUnknown: if there is no fresh information about some element in
258 // the chain.
259 // kCRLSetOk: if every element in the chain is covered by a fresh CRLSet and
260 // is unrevoked.
261 CRLSetResult CheckRevocationWithCRLSet(CERTCertList* cert_list,
262 CERTCertificate* root,
263 CRLSet* crl_set) {
264 std::vector<CERTCertificate*> certs;
265
266 if (cert_list) {
267 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
268 !CERT_LIST_END(node, cert_list);
269 node = CERT_LIST_NEXT(node)) {
270 certs.push_back(node->cert);
271 }
272 }
273 if (root)
274 certs.push_back(root);
275
276 bool covered = true;
277
278 // We iterate from the root certificate down to the leaf, keeping track of
279 // the issuer's SPKI at each step.
280 std::string issuer_spki_hash;
281 for (std::vector<CERTCertificate*>::reverse_iterator i = certs.rbegin();
282 i != certs.rend(); ++i) {
283 CERTCertificate* cert = *i;
284
285 base::StringPiece der(reinterpret_cast<char*>(cert->derCert.data),
286 cert->derCert.len);
287
288 base::StringPiece spki;
289 if (!asn1::ExtractSPKIFromDERCert(der, &spki)) {
290 NOTREACHED();
291 covered = false;
292 continue;
293 }
294 const std::string spki_hash = crypto::SHA256HashString(spki);
295
296 base::StringPiece serial_number = base::StringPiece(
297 reinterpret_cast<char*>(cert->serialNumber.data),
298 cert->serialNumber.len);
299
300 CRLSet::Result result = crl_set->CheckSPKI(spki_hash);
301
302 if (result != CRLSet::REVOKED && !issuer_spki_hash.empty())
303 result = crl_set->CheckSerial(serial_number, issuer_spki_hash);
304
305 issuer_spki_hash = spki_hash;
306
307 switch (result) {
308 case CRLSet::REVOKED:
309 return kCRLSetRevoked;
310 case CRLSet::UNKNOWN:
311 covered = false;
312 continue;
313 case CRLSet::GOOD:
314 continue;
315 default:
316 NOTREACHED();
317 covered = false;
318 continue;
319 }
320 }
321
322 if (!covered || crl_set->IsExpired())
323 return kCRLSetUnknown;
324 return kCRLSetOk;
325 }
326
327 // Forward declarations.
328 SECStatus RetryPKIXVerifyCertWithWorkarounds(
329 CERTCertificate* cert_handle, int num_policy_oids,
330 bool cert_io_enabled, std::vector<CERTValInParam>* cvin,
331 CERTValOutParam* cvout);
332 SECOidTag GetFirstCertPolicy(CERTCertificate* cert_handle);
333
334 // Call CERT_PKIXVerifyCert for the cert_handle.
335 // Verification results are stored in an array of CERTValOutParam.
336 // If |hard_fail| is true, and no policy_oids are supplied (eg: EV is NOT being
337 // checked), then the failure to obtain valid CRL/OCSP information for all
338 // certificates that contain CRL/OCSP URLs will cause the certificate to be
339 // treated as if it was revoked. Since failures may be caused by transient
340 // network failures or by malicious attackers, in general, hard_fail should be
341 // false.
342 // If policy_oids is not NULL and num_policy_oids is positive, policies
343 // are also checked.
344 // additional_trust_anchors is an optional list of certificates that can be
345 // trusted as anchors when building a certificate chain.
346 // Caller must initialize cvout before calling this function.
347 SECStatus PKIXVerifyCert(CERTCertificate* cert_handle,
348 bool check_revocation,
349 bool hard_fail,
350 bool cert_io_enabled,
351 const SECOidTag* policy_oids,
352 int num_policy_oids,
353 CERTCertList* additional_trust_anchors,
354 CERTChainVerifyCallback* chain_verify_callback,
355 CERTValOutParam* cvout) {
356 bool use_crl = check_revocation;
357 bool use_ocsp = check_revocation;
358
359 PRUint64 revocation_method_flags =
360 CERT_REV_M_DO_NOT_TEST_USING_THIS_METHOD |
361 CERT_REV_M_ALLOW_NETWORK_FETCHING |
362 CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE |
363 CERT_REV_M_IGNORE_MISSING_FRESH_INFO |
364 CERT_REV_M_STOP_TESTING_ON_FRESH_INFO;
365 PRUint64 revocation_method_independent_flags =
366 CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST;
367 if (check_revocation && policy_oids && num_policy_oids > 0) {
368 // EV verification requires revocation checking. Consider the certificate
369 // revoked if we don't have revocation info.
370 // TODO(wtc): Add a bool parameter to expressly specify we're doing EV
371 // verification or we want strict revocation flags.
372 revocation_method_flags |= CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE;
373 revocation_method_independent_flags |=
374 CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE;
375 } else if (check_revocation && hard_fail) {
376 revocation_method_flags |= CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO;
377 revocation_method_independent_flags |=
378 CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE;
379 } else {
380 revocation_method_flags |= CERT_REV_M_SKIP_TEST_ON_MISSING_SOURCE;
381 revocation_method_independent_flags |=
382 CERT_REV_MI_NO_OVERALL_INFO_REQUIREMENT;
383 }
384 PRUint64 method_flags[2];
385 method_flags[cert_revocation_method_crl] = revocation_method_flags;
386 method_flags[cert_revocation_method_ocsp] = revocation_method_flags;
387
388 if (use_crl) {
389 method_flags[cert_revocation_method_crl] |=
390 CERT_REV_M_TEST_USING_THIS_METHOD;
391 }
392 if (use_ocsp) {
393 method_flags[cert_revocation_method_ocsp] |=
394 CERT_REV_M_TEST_USING_THIS_METHOD;
395 }
396
397 CERTRevocationMethodIndex preferred_revocation_methods[1];
398 if (use_ocsp) {
399 preferred_revocation_methods[0] = cert_revocation_method_ocsp;
400 } else {
401 preferred_revocation_methods[0] = cert_revocation_method_crl;
402 }
403
404 CERTRevocationFlags revocation_flags;
405 revocation_flags.leafTests.number_of_defined_methods =
406 arraysize(method_flags);
407 revocation_flags.leafTests.cert_rev_flags_per_method = method_flags;
408 revocation_flags.leafTests.number_of_preferred_methods =
409 arraysize(preferred_revocation_methods);
410 revocation_flags.leafTests.preferred_methods = preferred_revocation_methods;
411 revocation_flags.leafTests.cert_rev_method_independent_flags =
412 revocation_method_independent_flags;
413
414 revocation_flags.chainTests.number_of_defined_methods =
415 arraysize(method_flags);
416 revocation_flags.chainTests.cert_rev_flags_per_method = method_flags;
417 revocation_flags.chainTests.number_of_preferred_methods =
418 arraysize(preferred_revocation_methods);
419 revocation_flags.chainTests.preferred_methods = preferred_revocation_methods;
420 revocation_flags.chainTests.cert_rev_method_independent_flags =
421 revocation_method_independent_flags;
422
423
424 std::vector<CERTValInParam> cvin;
425 cvin.reserve(7);
426 CERTValInParam in_param;
427 in_param.type = cert_pi_revocationFlags;
428 in_param.value.pointer.revocation = &revocation_flags;
429 cvin.push_back(in_param);
430 if (policy_oids && num_policy_oids > 0) {
431 in_param.type = cert_pi_policyOID;
432 in_param.value.arraySize = num_policy_oids;
433 in_param.value.array.oids = policy_oids;
434 cvin.push_back(in_param);
435 }
436 if (additional_trust_anchors) {
437 in_param.type = cert_pi_trustAnchors;
438 in_param.value.pointer.chain = additional_trust_anchors;
439 cvin.push_back(in_param);
440 in_param.type = cert_pi_useOnlyTrustAnchors;
441 in_param.value.scalar.b = PR_FALSE;
442 cvin.push_back(in_param);
443 }
444 if (chain_verify_callback) {
445 in_param.type = cert_pi_chainVerifyCallback;
446 in_param.value.pointer.chainVerifyCallback = chain_verify_callback;
447 cvin.push_back(in_param);
448 }
449 in_param.type = cert_pi_end;
450 cvin.push_back(in_param);
451
452 SECStatus rv = CERT_PKIXVerifyCert(cert_handle, certificateUsageSSLServer,
453 &cvin[0], cvout, NULL);
454 if (rv != SECSuccess) {
455 rv = RetryPKIXVerifyCertWithWorkarounds(cert_handle, num_policy_oids,
456 cert_io_enabled, &cvin, cvout);
457 }
458 return rv;
459 }
460
461 // PKIXVerifyCert calls this function to work around some bugs in
462 // CERT_PKIXVerifyCert. All the arguments of this function are either the
463 // arguments or local variables of PKIXVerifyCert.
464 SECStatus RetryPKIXVerifyCertWithWorkarounds(
465 CERTCertificate* cert_handle, int num_policy_oids,
466 bool cert_io_enabled, std::vector<CERTValInParam>* cvin,
467 CERTValOutParam* cvout) {
468 // We call this function when the first CERT_PKIXVerifyCert call in
469 // PKIXVerifyCert failed, so we initialize |rv| to SECFailure.
470 SECStatus rv = SECFailure;
471 int nss_error = PORT_GetError();
472 CERTValInParam in_param;
473
474 // If we get SEC_ERROR_UNKNOWN_ISSUER, we may be missing an intermediate
475 // CA certificate, so we retry with cert_pi_useAIACertFetch.
476 // cert_pi_useAIACertFetch has several bugs in its error handling and
477 // error reporting (NSS bug 528743), so we don't use it by default.
478 // Note: When building a certificate chain, CERT_PKIXVerifyCert may
479 // incorrectly pick a CA certificate with the same subject name as the
480 // missing intermediate CA certificate, and fail with the
481 // SEC_ERROR_BAD_SIGNATURE error (NSS bug 524013), so we also retry with
482 // cert_pi_useAIACertFetch on SEC_ERROR_BAD_SIGNATURE.
483 if (cert_io_enabled &&
484 (nss_error == SEC_ERROR_UNKNOWN_ISSUER ||
485 nss_error == SEC_ERROR_BAD_SIGNATURE)) {
486 DCHECK_EQ(cvin->back().type, cert_pi_end);
487 cvin->pop_back();
488 in_param.type = cert_pi_useAIACertFetch;
489 in_param.value.scalar.b = PR_TRUE;
490 cvin->push_back(in_param);
491 in_param.type = cert_pi_end;
492 cvin->push_back(in_param);
493 rv = CERT_PKIXVerifyCert(cert_handle, certificateUsageSSLServer,
494 &(*cvin)[0], cvout, NULL);
495 if (rv == SECSuccess)
496 return rv;
497 int new_nss_error = PORT_GetError();
498 if (new_nss_error == SEC_ERROR_INVALID_ARGS ||
499 new_nss_error == SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE ||
500 new_nss_error == SEC_ERROR_BAD_INFO_ACCESS_LOCATION ||
501 new_nss_error == SEC_ERROR_BAD_HTTP_RESPONSE ||
502 new_nss_error == SEC_ERROR_BAD_LDAP_RESPONSE ||
503 !IS_SEC_ERROR(new_nss_error)) {
504 // Use the original error code because of cert_pi_useAIACertFetch's
505 // bad error reporting.
506 PORT_SetError(nss_error);
507 return rv;
508 }
509 nss_error = new_nss_error;
510 }
511
512 // If an intermediate CA certificate has requireExplicitPolicy in its
513 // policyConstraints extension, CERT_PKIXVerifyCert fails with
514 // SEC_ERROR_POLICY_VALIDATION_FAILED because we didn't specify any
515 // certificate policy (NSS bug 552775). So we retry with the certificate
516 // policy found in the server certificate.
517 if (nss_error == SEC_ERROR_POLICY_VALIDATION_FAILED &&
518 num_policy_oids == 0) {
519 SECOidTag policy = GetFirstCertPolicy(cert_handle);
520 if (policy != SEC_OID_UNKNOWN) {
521 DCHECK_EQ(cvin->back().type, cert_pi_end);
522 cvin->pop_back();
523 in_param.type = cert_pi_policyOID;
524 in_param.value.arraySize = 1;
525 in_param.value.array.oids = &policy;
526 cvin->push_back(in_param);
527 in_param.type = cert_pi_end;
528 cvin->push_back(in_param);
529 rv = CERT_PKIXVerifyCert(cert_handle, certificateUsageSSLServer,
530 &(*cvin)[0], cvout, NULL);
531 if (rv != SECSuccess) {
532 // Use the original error code.
533 PORT_SetError(nss_error);
534 }
535 }
536 }
537
538 return rv;
539 }
540
541 // Decodes the certificatePolicies extension of the certificate. Returns
542 // NULL if the certificate doesn't have the extension or the extension can't
543 // be decoded. The returned value must be freed with a
544 // CERT_DestroyCertificatePoliciesExtension call.
545 CERTCertificatePolicies* DecodeCertPolicies(
546 CERTCertificate* cert_handle) {
547 SECItem policy_ext;
548 SECStatus rv = CERT_FindCertExtension(cert_handle,
549 SEC_OID_X509_CERTIFICATE_POLICIES,
550 &policy_ext);
551 if (rv != SECSuccess)
552 return NULL;
553 CERTCertificatePolicies* policies =
554 CERT_DecodeCertificatePoliciesExtension(&policy_ext);
555 SECITEM_FreeItem(&policy_ext, PR_FALSE);
556 return policies;
557 }
558
559 // Returns the OID tag for the first certificate policy in the certificate's
560 // certificatePolicies extension. Returns SEC_OID_UNKNOWN if the certificate
561 // has no certificate policy.
562 SECOidTag GetFirstCertPolicy(CERTCertificate* cert_handle) {
563 ScopedCERTCertificatePolicies policies(DecodeCertPolicies(cert_handle));
564 if (!policies.get())
565 return SEC_OID_UNKNOWN;
566
567 CERTPolicyInfo* policy_info = policies->policyInfos[0];
568 if (!policy_info)
569 return SEC_OID_UNKNOWN;
570 if (policy_info->oid != SEC_OID_UNKNOWN)
571 return policy_info->oid;
572
573 // The certificate policy is unknown to NSS. We need to create a dynamic
574 // OID tag for the policy.
575 SECOidData od;
576 od.oid.len = policy_info->policyID.len;
577 od.oid.data = policy_info->policyID.data;
578 od.offset = SEC_OID_UNKNOWN;
579 // NSS doesn't allow us to pass an empty description, so I use a hardcoded,
580 // default description here. The description doesn't need to be unique for
581 // each OID.
582 od.desc = "a certificate policy";
583 od.mechanism = CKM_INVALID_MECHANISM;
584 od.supportedExtension = INVALID_CERT_EXTENSION;
585 return SECOID_AddEntry(&od);
586 }
587
588 HashValue CertPublicKeyHashSHA1(CERTCertificate* cert) {
589 HashValue hash(HASH_VALUE_SHA1);
590 #if defined(OS_IOS)
591 CC_SHA1(cert->derPublicKey.data, cert->derPublicKey.len, hash.data());
592 #else
593 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, hash.data(),
594 cert->derPublicKey.data, cert->derPublicKey.len);
595 DCHECK_EQ(SECSuccess, rv);
596 #endif
597 return hash;
598 }
599
600 HashValue CertPublicKeyHashSHA256(CERTCertificate* cert) {
601 HashValue hash(HASH_VALUE_SHA256);
602 #if defined(OS_IOS)
603 CC_SHA256(cert->derPublicKey.data, cert->derPublicKey.len, hash.data());
604 #else
605 SECStatus rv = HASH_HashBuf(HASH_AlgSHA256, hash.data(),
606 cert->derPublicKey.data, cert->derPublicKey.len);
607 DCHECK_EQ(rv, SECSuccess);
608 #endif
609 return hash;
610 }
611
612 void AppendPublicKeyHashes(CERTCertList* cert_list,
613 CERTCertificate* root_cert,
614 HashValueVector* hashes) {
615 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
616 !CERT_LIST_END(node, cert_list);
617 node = CERT_LIST_NEXT(node)) {
618 hashes->push_back(CertPublicKeyHashSHA1(node->cert));
619 hashes->push_back(CertPublicKeyHashSHA256(node->cert));
620 }
621 if (root_cert) {
622 hashes->push_back(CertPublicKeyHashSHA1(root_cert));
623 hashes->push_back(CertPublicKeyHashSHA256(root_cert));
624 }
625 }
626
627 // Returns true if |cert_handle| contains a policy OID that is an EV policy
628 // OID according to |metadata|, storing the resulting policy OID in
629 // |*ev_policy_oid|. A true return is not sufficient to establish that a
630 // certificate is EV, but a false return is sufficient to establish the
631 // certificate cannot be EV.
632 bool IsEVCandidate(EVRootCAMetadata* metadata,
633 CERTCertificate* cert_handle,
634 SECOidTag* ev_policy_oid) {
635 DCHECK(cert_handle);
636 ScopedCERTCertificatePolicies policies(DecodeCertPolicies(cert_handle));
637 if (!policies.get())
638 return false;
639
640 CERTPolicyInfo** policy_infos = policies->policyInfos;
641 while (*policy_infos != NULL) {
642 CERTPolicyInfo* policy_info = *policy_infos++;
643 // If the Policy OID is unknown, that implicitly means it has not been
644 // registered as an EV policy.
645 if (policy_info->oid == SEC_OID_UNKNOWN)
646 continue;
647 if (metadata->IsEVPolicyOID(policy_info->oid)) {
648 *ev_policy_oid = policy_info->oid;
649 return true;
650 }
651 }
652
653 return false;
654 }
655
656 // Studied Mozilla's code (esp. security/manager/ssl/src/nsIdentityChecking.cpp
657 // and nsNSSCertHelper.cpp) to learn how to verify EV certificate.
658 // TODO(wtc): A possible optimization is that we get the trust anchor from
659 // the first PKIXVerifyCert call. We look up the EV policy for the trust
660 // anchor. If the trust anchor has no EV policy, we know the cert isn't EV.
661 // Otherwise, we pass just that EV policy (as opposed to all the EV policies)
662 // to the second PKIXVerifyCert call.
663 bool VerifyEV(CERTCertificate* cert_handle,
664 int flags,
665 CRLSet* crl_set,
666 bool rev_checking_enabled,
667 EVRootCAMetadata* metadata,
668 SECOidTag ev_policy_oid,
669 CERTCertList* additional_trust_anchors,
670 CERTChainVerifyCallback* chain_verify_callback) {
671 CERTValOutParam cvout[3];
672 int cvout_index = 0;
673 cvout[cvout_index].type = cert_po_certList;
674 cvout[cvout_index].value.pointer.chain = NULL;
675 int cvout_cert_list_index = cvout_index;
676 cvout_index++;
677 cvout[cvout_index].type = cert_po_trustAnchor;
678 cvout[cvout_index].value.pointer.cert = NULL;
679 int cvout_trust_anchor_index = cvout_index;
680 cvout_index++;
681 cvout[cvout_index].type = cert_po_end;
682 ScopedCERTValOutParam scoped_cvout(cvout);
683
684 SECStatus status = PKIXVerifyCert(
685 cert_handle,
686 rev_checking_enabled,
687 true, /* hard fail is implied in EV. */
688 flags & CertVerifier::VERIFY_CERT_IO_ENABLED,
689 &ev_policy_oid,
690 1,
691 additional_trust_anchors,
692 chain_verify_callback,
693 cvout);
694 if (status != SECSuccess)
695 return false;
696
697 CERTCertificate* root_ca =
698 cvout[cvout_trust_anchor_index].value.pointer.cert;
699 if (root_ca == NULL)
700 return false;
701
702 // This second PKIXVerifyCert call could have found a different certification
703 // path and one or more of the certificates on this new path, that weren't on
704 // the old path, might have been revoked.
705 if (crl_set) {
706 CRLSetResult crl_set_result = CheckRevocationWithCRLSet(
707 cvout[cvout_cert_list_index].value.pointer.chain,
708 cvout[cvout_trust_anchor_index].value.pointer.cert,
709 crl_set);
710 if (crl_set_result == kCRLSetRevoked)
711 return false;
712 }
713
714 #if defined(OS_IOS)
715 SHA1HashValue fingerprint = x509_util_ios::CalculateFingerprintNSS(root_ca);
716 #else
717 SHA1HashValue fingerprint =
718 X509Certificate::CalculateFingerprint(root_ca);
719 #endif
720 return metadata->HasEVPolicyOID(fingerprint, ev_policy_oid);
721 }
722
723 CERTCertList* CertificateListToCERTCertList(const CertificateList& list) {
724 CERTCertList* result = CERT_NewCertList();
725 for (size_t i = 0; i < list.size(); ++i) {
726 #if defined(OS_IOS)
727 // X509Certificate::os_cert_handle() on iOS is a SecCertificateRef; convert
728 // it to an NSS CERTCertificate.
729 CERTCertificate* cert = x509_util_ios::CreateNSSCertHandleFromOSHandle(
730 list[i]->os_cert_handle());
731 #else
732 CERTCertificate* cert = list[i]->os_cert_handle();
733 #endif
734 CERT_AddCertToListTail(result, CERT_DupCertificate(cert));
735 }
736 return result;
737 }
738
739 } // namespace
740
741 CertVerifyProcNSS::CertVerifyProcNSS() {}
742
743 CertVerifyProcNSS::~CertVerifyProcNSS() {}
744
745 bool CertVerifyProcNSS::SupportsAdditionalTrustAnchors() const {
746 return true;
747 }
748
749 int CertVerifyProcNSS::VerifyInternalImpl(
750 X509Certificate* cert,
751 const std::string& hostname,
752 int flags,
753 CRLSet* crl_set,
754 const CertificateList& additional_trust_anchors,
755 CERTChainVerifyCallback* chain_verify_callback,
756 CertVerifyResult* verify_result) {
757 #if defined(OS_IOS)
758 // For iOS, the entire chain must be loaded into NSS's in-memory certificate
759 // store.
760 x509_util_ios::NSSCertChain scoped_chain(cert);
761 CERTCertificate* cert_handle = scoped_chain.cert_handle();
762 #else
763 CERTCertificate* cert_handle = cert->os_cert_handle();
764 #endif // defined(OS_IOS)
765
766 if (!cert->VerifyNameMatch(hostname,
767 &verify_result->common_name_fallback_used)) {
768 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID;
769 }
770
771 // Make sure that the cert is valid now.
772 SECCertTimeValidity validity = CERT_CheckCertValidTimes(
773 cert_handle, PR_Now(), PR_TRUE);
774 if (validity != secCertTimeValid)
775 verify_result->cert_status |= CERT_STATUS_DATE_INVALID;
776
777 CERTValOutParam cvout[3];
778 int cvout_index = 0;
779 cvout[cvout_index].type = cert_po_certList;
780 cvout[cvout_index].value.pointer.chain = NULL;
781 int cvout_cert_list_index = cvout_index;
782 cvout_index++;
783 cvout[cvout_index].type = cert_po_trustAnchor;
784 cvout[cvout_index].value.pointer.cert = NULL;
785 int cvout_trust_anchor_index = cvout_index;
786 cvout_index++;
787 cvout[cvout_index].type = cert_po_end;
788 ScopedCERTValOutParam scoped_cvout(cvout);
789
790 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance();
791 SECOidTag ev_policy_oid = SEC_OID_UNKNOWN;
792 bool is_ev_candidate =
793 (flags & CertVerifier::VERIFY_EV_CERT) &&
794 IsEVCandidate(metadata, cert_handle, &ev_policy_oid);
795 bool cert_io_enabled = flags & CertVerifier::VERIFY_CERT_IO_ENABLED;
796 bool check_revocation =
797 cert_io_enabled &&
798 (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED);
799 if (check_revocation)
800 verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED;
801
802 ScopedCERTCertList trust_anchors;
803 if (!additional_trust_anchors.empty()) {
804 trust_anchors.reset(
805 CertificateListToCERTCertList(additional_trust_anchors));
806 }
807
808 SECStatus status = PKIXVerifyCert(cert_handle,
809 check_revocation,
810 false,
811 cert_io_enabled,
812 NULL,
813 0,
814 trust_anchors.get(),
815 chain_verify_callback,
816 cvout);
817
818 if (status == SECSuccess &&
819 (flags & CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS) &&
820 !IsKnownRoot(cvout[cvout_trust_anchor_index].value.pointer.cert)) {
821 // TODO(rsleevi): Optimize this by supplying the constructed chain to
822 // libpkix via cvin. Omitting for now, due to lack of coverage in upstream
823 // NSS tests for that feature.
824 scoped_cvout.Clear();
825 verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED;
826 status = PKIXVerifyCert(cert_handle,
827 true,
828 true,
829 cert_io_enabled,
830 NULL,
831 0,
832 trust_anchors.get(),
833 chain_verify_callback,
834 cvout);
835 }
836
837 if (status == SECSuccess) {
838 AppendPublicKeyHashes(cvout[cvout_cert_list_index].value.pointer.chain,
839 cvout[cvout_trust_anchor_index].value.pointer.cert,
840 &verify_result->public_key_hashes);
841
842 verify_result->is_issued_by_known_root =
843 IsKnownRoot(cvout[cvout_trust_anchor_index].value.pointer.cert);
844 verify_result->is_issued_by_additional_trust_anchor =
845 IsAdditionalTrustAnchor(
846 trust_anchors.get(),
847 cvout[cvout_trust_anchor_index].value.pointer.cert);
848
849 GetCertChainInfo(cvout[cvout_cert_list_index].value.pointer.chain,
850 cvout[cvout_trust_anchor_index].value.pointer.cert,
851 verify_result);
852 }
853
854 CRLSetResult crl_set_result = kCRLSetUnknown;
855 if (crl_set) {
856 crl_set_result = CheckRevocationWithCRLSet(
857 cvout[cvout_cert_list_index].value.pointer.chain,
858 cvout[cvout_trust_anchor_index].value.pointer.cert,
859 crl_set);
860 if (crl_set_result == kCRLSetRevoked) {
861 PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
862 status = SECFailure;
863 }
864 }
865
866 if (status != SECSuccess) {
867 int err = PORT_GetError();
868 LOG(ERROR) << "CERT_PKIXVerifyCert for " << hostname
869 << " failed err=" << err;
870 // CERT_PKIXVerifyCert rerports the wrong error code for
871 // expired certificates (NSS bug 491174)
872 if (err == SEC_ERROR_CERT_NOT_VALID &&
873 (verify_result->cert_status & CERT_STATUS_DATE_INVALID))
874 err = SEC_ERROR_EXPIRED_CERTIFICATE;
875 CertStatus cert_status = MapCertErrorToCertStatus(err);
876 if (cert_status) {
877 verify_result->cert_status |= cert_status;
878 return MapCertStatusToNetError(verify_result->cert_status);
879 }
880 // |err| is not a certificate error.
881 return MapSecurityError(err);
882 }
883
884 if (IsCertStatusError(verify_result->cert_status))
885 return MapCertStatusToNetError(verify_result->cert_status);
886
887 if ((flags & CertVerifier::VERIFY_EV_CERT) && is_ev_candidate) {
888 check_revocation |=
889 crl_set_result != kCRLSetOk &&
890 cert_io_enabled &&
891 (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY);
892 if (check_revocation)
893 verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED;
894
895 if (VerifyEV(cert_handle,
896 flags,
897 crl_set,
898 check_revocation,
899 metadata,
900 ev_policy_oid,
901 trust_anchors.get(),
902 chain_verify_callback)) {
903 verify_result->cert_status |= CERT_STATUS_IS_EV;
904 }
905 }
906
907 return OK;
908 }
909
910 int CertVerifyProcNSS::VerifyInternal(
911 X509Certificate* cert,
912 const std::string& hostname,
913 int flags,
914 CRLSet* crl_set,
915 const CertificateList& additional_trust_anchors,
916 CertVerifyResult* verify_result) {
917 return VerifyInternalImpl(cert,
918 hostname,
919 flags,
920 crl_set,
921 additional_trust_anchors,
922 NULL, // chain_verify_callback
923 verify_result);
924 }
925
926 } // namespace net