1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/cert/cert_verify_proc_win.h"
10 #include "base/memory/scoped_ptr.h"
11 #include "base/sha1.h"
12 #include "base/strings/string_util.h"
13 #include "base/strings/utf_string_conversions.h"
14 #include "crypto/capi_util.h"
15 #include "crypto/scoped_capi_types.h"
16 #include "crypto/sha2.h"
17 #include "net/base/net_errors.h"
18 #include "net/cert/asn1_util.h"
19 #include "net/cert/cert_status_flags.h"
20 #include "net/cert/cert_verifier.h"
21 #include "net/cert/cert_verify_result.h"
22 #include "net/cert/crl_set.h"
23 #include "net/cert/ev_root_ca_metadata.h"
24 #include "net/cert/test_root_certs.h"
25 #include "net/cert/x509_certificate.h"
26 #include "net/cert/x509_certificate_known_roots_win.h"
28 #pragma comment(lib, "crypt32.lib")
30 #if !defined(CERT_TRUST_HAS_WEAK_SIGNATURE)
31 // This was introduced in Windows 8 / Windows Server 2012, but retroactively
32 // ported as far back as Windows XP via system update.
33 #define CERT_TRUST_HAS_WEAK_SIGNATURE 0x00100000
40 struct FreeChainEngineFunctor
{
41 void operator()(HCERTCHAINENGINE engine
) const {
43 CertFreeCertificateChainEngine(engine
);
47 struct FreeCertChainContextFunctor
{
48 void operator()(PCCERT_CHAIN_CONTEXT chain_context
) const {
50 CertFreeCertificateChain(chain_context
);
54 struct FreeCertContextFunctor
{
55 void operator()(PCCERT_CONTEXT context
) const {
57 CertFreeCertificateContext(context
);
61 typedef crypto::ScopedCAPIHandle
<HCERTCHAINENGINE
, FreeChainEngineFunctor
>
62 ScopedHCERTCHAINENGINE
;
64 typedef scoped_ptr
<const CERT_CHAIN_CONTEXT
, FreeCertChainContextFunctor
>
65 ScopedPCCERT_CHAIN_CONTEXT
;
67 typedef scoped_ptr
<const CERT_CONTEXT
, FreeCertContextFunctor
>
70 //-----------------------------------------------------------------------------
72 int MapSecurityError(SECURITY_STATUS err
) {
73 // There are numerous security error codes, but these are the ones we thus
74 // far find interesting.
76 case SEC_E_WRONG_PRINCIPAL
: // Schannel
77 case CERT_E_CN_NO_MATCH
: // CryptoAPI
78 return ERR_CERT_COMMON_NAME_INVALID
;
79 case SEC_E_UNTRUSTED_ROOT
: // Schannel
80 case CERT_E_UNTRUSTEDROOT
: // CryptoAPI
81 return ERR_CERT_AUTHORITY_INVALID
;
82 case SEC_E_CERT_EXPIRED
: // Schannel
83 case CERT_E_EXPIRED
: // CryptoAPI
84 return ERR_CERT_DATE_INVALID
;
85 case CRYPT_E_NO_REVOCATION_CHECK
:
86 return ERR_CERT_NO_REVOCATION_MECHANISM
;
87 case CRYPT_E_REVOCATION_OFFLINE
:
88 return ERR_CERT_UNABLE_TO_CHECK_REVOCATION
;
89 case CRYPT_E_REVOKED
: // Schannel and CryptoAPI
90 return ERR_CERT_REVOKED
;
91 case SEC_E_CERT_UNKNOWN
:
93 return ERR_CERT_INVALID
;
94 case CERT_E_WRONG_USAGE
:
95 // TODO(wtc): Should we add ERR_CERT_WRONG_USAGE?
96 return ERR_CERT_INVALID
;
97 // We received an unexpected_message or illegal_parameter alert message
99 case SEC_E_ILLEGAL_MESSAGE
:
100 return ERR_SSL_PROTOCOL_ERROR
;
101 case SEC_E_ALGORITHM_MISMATCH
:
102 return ERR_SSL_VERSION_OR_CIPHER_MISMATCH
;
103 case SEC_E_INVALID_HANDLE
:
104 return ERR_UNEXPECTED
;
108 LOG(WARNING
) << "Unknown error " << err
<< " mapped to net::ERR_FAILED";
113 // Map the errors in the chain_context->TrustStatus.dwErrorStatus returned by
114 // CertGetCertificateChain to our certificate status flags.
115 int MapCertChainErrorStatusToCertStatus(DWORD error_status
) {
116 CertStatus cert_status
= 0;
118 // We don't include CERT_TRUST_IS_NOT_TIME_NESTED because it's obsolete and
119 // we wouldn't consider it an error anyway
120 const DWORD kDateInvalidErrors
= CERT_TRUST_IS_NOT_TIME_VALID
|
121 CERT_TRUST_CTL_IS_NOT_TIME_VALID
;
122 if (error_status
& kDateInvalidErrors
)
123 cert_status
|= CERT_STATUS_DATE_INVALID
;
125 const DWORD kAuthorityInvalidErrors
= CERT_TRUST_IS_UNTRUSTED_ROOT
|
126 CERT_TRUST_IS_EXPLICIT_DISTRUST
|
127 CERT_TRUST_IS_PARTIAL_CHAIN
;
128 if (error_status
& kAuthorityInvalidErrors
)
129 cert_status
|= CERT_STATUS_AUTHORITY_INVALID
;
131 if ((error_status
& CERT_TRUST_REVOCATION_STATUS_UNKNOWN
) &&
132 !(error_status
& CERT_TRUST_IS_OFFLINE_REVOCATION
))
133 cert_status
|= CERT_STATUS_NO_REVOCATION_MECHANISM
;
135 if (error_status
& CERT_TRUST_IS_OFFLINE_REVOCATION
)
136 cert_status
|= CERT_STATUS_UNABLE_TO_CHECK_REVOCATION
;
138 if (error_status
& CERT_TRUST_IS_REVOKED
)
139 cert_status
|= CERT_STATUS_REVOKED
;
141 const DWORD kWrongUsageErrors
= CERT_TRUST_IS_NOT_VALID_FOR_USAGE
|
142 CERT_TRUST_CTL_IS_NOT_VALID_FOR_USAGE
;
143 if (error_status
& kWrongUsageErrors
) {
144 // TODO(wtc): Should we add CERT_STATUS_WRONG_USAGE?
145 cert_status
|= CERT_STATUS_INVALID
;
148 if (error_status
& CERT_TRUST_IS_NOT_SIGNATURE_VALID
) {
149 // Check for a signature that does not meet the OS criteria for strong
151 // Note: These checks may be more restrictive than the current weak key
152 // criteria implemented within CertVerifier, such as excluding SHA-1 or
153 // excluding RSA keys < 2048 bits. However, if the user has configured
154 // these more stringent checks, respect that configuration and err on the
155 // more restrictive criteria.
156 if (error_status
& CERT_TRUST_HAS_WEAK_SIGNATURE
) {
157 cert_status
|= CERT_STATUS_WEAK_KEY
;
159 cert_status
|= CERT_STATUS_INVALID
;
163 // The rest of the errors.
164 const DWORD kCertInvalidErrors
=
165 CERT_TRUST_IS_CYCLIC
|
166 CERT_TRUST_INVALID_EXTENSION
|
167 CERT_TRUST_INVALID_POLICY_CONSTRAINTS
|
168 CERT_TRUST_INVALID_BASIC_CONSTRAINTS
|
169 CERT_TRUST_INVALID_NAME_CONSTRAINTS
|
170 CERT_TRUST_CTL_IS_NOT_SIGNATURE_VALID
|
171 CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT
|
172 CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT
|
173 CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT
|
174 CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT
|
175 CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY
|
176 CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT
;
177 if (error_status
& kCertInvalidErrors
)
178 cert_status
|= CERT_STATUS_INVALID
;
183 // Returns true if any common name in the certificate's Subject field contains
185 bool CertSubjectCommonNameHasNull(PCCERT_CONTEXT cert
) {
186 CRYPT_DECODE_PARA decode_para
;
187 decode_para
.cbSize
= sizeof(decode_para
);
188 decode_para
.pfnAlloc
= crypto::CryptAlloc
;
189 decode_para
.pfnFree
= crypto::CryptFree
;
190 CERT_NAME_INFO
* name_info
= NULL
;
191 DWORD name_info_size
= 0;
193 rv
= CryptDecodeObjectEx(X509_ASN_ENCODING
| PKCS_7_ASN_ENCODING
,
195 cert
->pCertInfo
->Subject
.pbData
,
196 cert
->pCertInfo
->Subject
.cbData
,
197 CRYPT_DECODE_ALLOC_FLAG
| CRYPT_DECODE_NOCOPY_FLAG
,
202 scoped_ptr
<CERT_NAME_INFO
, base::FreeDeleter
> scoped_name_info(name_info
);
204 // The Subject field may have multiple common names. According to the
205 // "PKI Layer Cake" paper, CryptoAPI uses every common name in the
206 // Subject field, so we inspect every common name.
209 // X520CommonName ::= CHOICE {
210 // teletexString TeletexString (SIZE (1..ub-common-name)),
211 // printableString PrintableString (SIZE (1..ub-common-name)),
212 // universalString UniversalString (SIZE (1..ub-common-name)),
213 // utf8String UTF8String (SIZE (1..ub-common-name)),
214 // bmpString BMPString (SIZE (1..ub-common-name)) }
216 // We also check IA5String and VisibleString.
217 for (DWORD i
= 0; i
< name_info
->cRDN
; ++i
) {
218 PCERT_RDN rdn
= &name_info
->rgRDN
[i
];
219 for (DWORD j
= 0; j
< rdn
->cRDNAttr
; ++j
) {
220 PCERT_RDN_ATTR rdn_attr
= &rdn
->rgRDNAttr
[j
];
221 if (strcmp(rdn_attr
->pszObjId
, szOID_COMMON_NAME
) == 0) {
222 switch (rdn_attr
->dwValueType
) {
223 // After the CryptoAPI ASN.1 security vulnerabilities described in
224 // http://www.microsoft.com/technet/security/Bulletin/MS09-056.mspx
225 // were patched, we get CERT_RDN_ENCODED_BLOB for a common name
226 // that contains a NULL character.
227 case CERT_RDN_ENCODED_BLOB
:
229 // Array of 8-bit characters.
230 case CERT_RDN_PRINTABLE_STRING
:
231 case CERT_RDN_TELETEX_STRING
:
232 case CERT_RDN_IA5_STRING
:
233 case CERT_RDN_VISIBLE_STRING
:
234 for (DWORD k
= 0; k
< rdn_attr
->Value
.cbData
; ++k
) {
235 if (rdn_attr
->Value
.pbData
[k
] == '\0')
239 // Array of 16-bit characters.
240 case CERT_RDN_BMP_STRING
:
241 case CERT_RDN_UTF8_STRING
: {
242 DWORD num_wchars
= rdn_attr
->Value
.cbData
/ 2;
243 wchar_t* common_name
=
244 reinterpret_cast<wchar_t*>(rdn_attr
->Value
.pbData
);
245 for (DWORD k
= 0; k
< num_wchars
; ++k
) {
246 if (common_name
[k
] == L
'\0')
251 // Array of ints (32-bit).
252 case CERT_RDN_UNIVERSAL_STRING
: {
253 DWORD num_ints
= rdn_attr
->Value
.cbData
/ 4;
255 reinterpret_cast<int*>(rdn_attr
->Value
.pbData
);
256 for (DWORD k
= 0; k
< num_ints
; ++k
) {
257 if (common_name
[k
] == 0)
273 // IsIssuedByKnownRoot returns true if the given chain is rooted at a root CA
274 // which we recognise as a standard root.
276 bool IsIssuedByKnownRoot(PCCERT_CHAIN_CONTEXT chain_context
) {
277 PCERT_SIMPLE_CHAIN first_chain
= chain_context
->rgpChain
[0];
278 int num_elements
= first_chain
->cElement
;
279 if (num_elements
< 1)
281 PCERT_CHAIN_ELEMENT
* element
= first_chain
->rgpElement
;
282 PCCERT_CONTEXT cert
= element
[num_elements
- 1]->pCertContext
;
284 SHA1HashValue hash
= X509Certificate::CalculateFingerprint(cert
);
285 return IsSHA1HashInSortedArray(
286 hash
, &kKnownRootCertSHA1Hashes
[0][0], sizeof(kKnownRootCertSHA1Hashes
));
289 // Saves some information about the certificate chain |chain_context| in
290 // |*verify_result|. The caller MUST initialize |*verify_result| before
291 // calling this function.
292 void GetCertChainInfo(PCCERT_CHAIN_CONTEXT chain_context
,
293 CertVerifyResult
* verify_result
) {
294 if (chain_context
->cChain
== 0)
297 PCERT_SIMPLE_CHAIN first_chain
= chain_context
->rgpChain
[0];
298 int num_elements
= first_chain
->cElement
;
299 PCERT_CHAIN_ELEMENT
* element
= first_chain
->rgpElement
;
301 PCCERT_CONTEXT verified_cert
= NULL
;
302 std::vector
<PCCERT_CONTEXT
> verified_chain
;
304 bool has_root_ca
= num_elements
> 1 &&
305 !(chain_context
->TrustStatus
.dwErrorStatus
&
306 CERT_TRUST_IS_PARTIAL_CHAIN
);
308 // Each chain starts with the end entity certificate (i = 0) and ends with
309 // either the root CA certificate or the last available intermediate. If a
310 // root CA certificate is present, do not inspect the signature algorithm of
311 // the root CA certificate because the signature on the trust anchor is not
314 // If a full chain was constructed, regardless of whether it was trusted,
315 // don't inspect the root's signature algorithm.
319 for (int i
= 0; i
< num_elements
; ++i
) {
320 PCCERT_CONTEXT cert
= element
[i
]->pCertContext
;
322 verified_cert
= cert
;
324 verified_chain
.push_back(cert
);
327 const char* algorithm
= cert
->pCertInfo
->SignatureAlgorithm
.pszObjId
;
328 if (strcmp(algorithm
, szOID_RSA_MD5RSA
) == 0) {
329 // md5WithRSAEncryption: 1.2.840.113549.1.1.4
330 verify_result
->has_md5
= true;
331 } else if (strcmp(algorithm
, szOID_RSA_MD2RSA
) == 0) {
332 // md2WithRSAEncryption: 1.2.840.113549.1.1.2
333 verify_result
->has_md2
= true;
334 } else if (strcmp(algorithm
, szOID_RSA_MD4RSA
) == 0) {
335 // md4WithRSAEncryption: 1.2.840.113549.1.1.3
336 verify_result
->has_md4
= true;
337 } else if (strcmp(algorithm
, szOID_RSA_SHA1RSA
) == 0 ||
338 strcmp(algorithm
, szOID_X957_SHA1DSA
) == 0 ||
339 strcmp(algorithm
, szOID_ECDSA_SHA1
) == 0) {
340 // sha1WithRSAEncryption: 1.2.840.113549.1.1.5
341 // id-dsa-with-sha1: 1.2.840.10040.4.3
342 // ecdsa-with-SHA1: 1.2.840.10045.4.1
343 verify_result
->has_sha1
= true;
348 // Add the root certificate, if present, as it was not added above.
350 verified_chain
.push_back(element
[num_elements
]->pCertContext
);
351 verify_result
->verified_cert
=
352 X509Certificate::CreateFromHandle(verified_cert
, verified_chain
);
356 // Decodes the cert's certificatePolicies extension into a CERT_POLICIES_INFO
357 // structure and stores it in *output.
358 void GetCertPoliciesInfo(
360 scoped_ptr
<CERT_POLICIES_INFO
, base::FreeDeleter
>* output
) {
361 PCERT_EXTENSION extension
= CertFindExtension(szOID_CERT_POLICIES
,
362 cert
->pCertInfo
->cExtension
,
363 cert
->pCertInfo
->rgExtension
);
367 CRYPT_DECODE_PARA decode_para
;
368 decode_para
.cbSize
= sizeof(decode_para
);
369 decode_para
.pfnAlloc
= crypto::CryptAlloc
;
370 decode_para
.pfnFree
= crypto::CryptFree
;
371 CERT_POLICIES_INFO
* policies_info
= NULL
;
372 DWORD policies_info_size
= 0;
374 rv
= CryptDecodeObjectEx(X509_ASN_ENCODING
| PKCS_7_ASN_ENCODING
,
376 extension
->Value
.pbData
,
377 extension
->Value
.cbData
,
378 CRYPT_DECODE_ALLOC_FLAG
| CRYPT_DECODE_NOCOPY_FLAG
,
381 &policies_info_size
);
383 output
->reset(policies_info
);
392 // CheckRevocationWithCRLSet attempts to check each element of |chain|
393 // against |crl_set|. It returns:
394 // kCRLSetRevoked: if any element of the chain is known to have been revoked.
395 // kCRLSetUnknown: if there is no fresh information about the leaf
396 // certificate in the chain or if the CRLSet has expired.
398 // Only the leaf certificate is considered for coverage because some
399 // intermediates have CRLs with no revocations (after filtering) and
400 // those CRLs are pruned from the CRLSet at generation time. This means
401 // that some EV sites would otherwise take the hit of an OCSP lookup for
403 // kCRLSetOk: otherwise.
404 CRLSetResult
CheckRevocationWithCRLSet(PCCERT_CHAIN_CONTEXT chain
,
406 if (chain
->cChain
== 0)
409 const PCERT_SIMPLE_CHAIN first_chain
= chain
->rgpChain
[0];
410 const PCERT_CHAIN_ELEMENT
* element
= first_chain
->rgpElement
;
412 const int num_elements
= first_chain
->cElement
;
413 if (num_elements
== 0)
416 // error is set to true if any errors are found. It causes such chains to be
417 // considered as not covered.
419 // last_covered is set to the coverage state of the previous certificate. The
420 // certificates are iterated over backwards thus, after the iteration,
421 // |last_covered| contains the coverage state of the leaf certificate.
422 bool last_covered
= false;
424 // We iterate from the root certificate down to the leaf, keeping track of
425 // the issuer's SPKI at each step.
426 std::string issuer_spki_hash
;
427 for (int i
= num_elements
- 1; i
>= 0; i
--) {
428 PCCERT_CONTEXT cert
= element
[i
]->pCertContext
;
430 base::StringPiece
der_bytes(
431 reinterpret_cast<const char*>(cert
->pbCertEncoded
),
432 cert
->cbCertEncoded
);
434 base::StringPiece spki
;
435 if (!asn1::ExtractSPKIFromDERCert(der_bytes
, &spki
)) {
441 const std::string spki_hash
= crypto::SHA256HashString(spki
);
443 const CRYPT_INTEGER_BLOB
* serial_blob
= &cert
->pCertInfo
->SerialNumber
;
444 scoped_ptr
<uint8_t[]> serial_bytes(new uint8_t[serial_blob
->cbData
]);
445 // The bytes of the serial number are stored little-endian.
446 for (unsigned j
= 0; j
< serial_blob
->cbData
; j
++)
447 serial_bytes
[j
] = serial_blob
->pbData
[serial_blob
->cbData
- j
- 1];
448 base::StringPiece
serial(reinterpret_cast<const char*>(serial_bytes
.get()),
449 serial_blob
->cbData
);
451 CRLSet::Result result
= crl_set
->CheckSPKI(spki_hash
);
453 if (result
!= CRLSet::REVOKED
&& !issuer_spki_hash
.empty())
454 result
= crl_set
->CheckSerial(serial
, issuer_spki_hash
);
456 issuer_spki_hash
= spki_hash
;
459 case CRLSet::REVOKED
:
460 return kCRLSetRevoked
;
461 case CRLSet::UNKNOWN
:
462 last_covered
= false;
474 if (error
|| !last_covered
|| crl_set
->IsExpired())
475 return kCRLSetUnknown
;
479 void AppendPublicKeyHashes(PCCERT_CHAIN_CONTEXT chain
,
480 HashValueVector
* hashes
) {
481 if (chain
->cChain
== 0)
484 PCERT_SIMPLE_CHAIN first_chain
= chain
->rgpChain
[0];
485 PCERT_CHAIN_ELEMENT
* const element
= first_chain
->rgpElement
;
487 const DWORD num_elements
= first_chain
->cElement
;
488 for (DWORD i
= 0; i
< num_elements
; i
++) {
489 PCCERT_CONTEXT cert
= element
[i
]->pCertContext
;
491 base::StringPiece
der_bytes(
492 reinterpret_cast<const char*>(cert
->pbCertEncoded
),
493 cert
->cbCertEncoded
);
494 base::StringPiece spki_bytes
;
495 if (!asn1::ExtractSPKIFromDERCert(der_bytes
, &spki_bytes
))
498 HashValue
sha1(HASH_VALUE_SHA1
);
499 base::SHA1HashBytes(reinterpret_cast<const uint8_t*>(spki_bytes
.data()),
500 spki_bytes
.size(), sha1
.data());
501 hashes
->push_back(sha1
);
503 HashValue
sha256(HASH_VALUE_SHA256
);
504 crypto::SHA256HashString(spki_bytes
, sha256
.data(), crypto::kSHA256Length
);
505 hashes
->push_back(sha256
);
509 // Returns true if the certificate is an extended-validation certificate.
511 // This function checks the certificatePolicies extensions of the
512 // certificates in the certificate chain according to Section 7 (pp. 11-12)
513 // of the EV Certificate Guidelines Version 1.0 at
514 // http://cabforum.org/EV_Certificate_Guidelines.pdf.
515 bool CheckEV(PCCERT_CHAIN_CONTEXT chain_context
,
516 bool rev_checking_enabled
,
517 const char* policy_oid
) {
518 DCHECK_NE(static_cast<DWORD
>(0), chain_context
->cChain
);
519 // If the cert doesn't match any of the policies, the
520 // CERT_TRUST_IS_NOT_VALID_FOR_USAGE bit (0x10) in
521 // chain_context->TrustStatus.dwErrorStatus is set.
522 DWORD error_status
= chain_context
->TrustStatus
.dwErrorStatus
;
524 if (!rev_checking_enabled
) {
525 // If online revocation checking is disabled then we will have still
526 // requested that the revocation cache be checked. However, that will often
527 // cause the following two error bits to be set. These error bits mean that
528 // the local OCSP/CRL is stale or missing entries for these certificates.
529 // Since they are expected, we mask them away.
530 error_status
&= ~(CERT_TRUST_IS_OFFLINE_REVOCATION
|
531 CERT_TRUST_REVOCATION_STATUS_UNKNOWN
);
533 if (!chain_context
->cChain
|| error_status
!= CERT_TRUST_NO_ERROR
)
536 // Check the end certificate simple chain (chain_context->rgpChain[0]).
537 // If the end certificate's certificatePolicies extension contains the
538 // EV policy OID of the root CA, return true.
539 PCERT_CHAIN_ELEMENT
* element
= chain_context
->rgpChain
[0]->rgpElement
;
540 int num_elements
= chain_context
->rgpChain
[0]->cElement
;
541 if (num_elements
< 2)
544 // Look up the EV policy OID of the root CA.
545 PCCERT_CONTEXT root_cert
= element
[num_elements
- 1]->pCertContext
;
546 SHA1HashValue fingerprint
=
547 X509Certificate::CalculateFingerprint(root_cert
);
548 EVRootCAMetadata
* metadata
= EVRootCAMetadata::GetInstance();
549 return metadata
->HasEVPolicyOID(fingerprint
, policy_oid
);
554 CertVerifyProcWin::CertVerifyProcWin() {}
556 CertVerifyProcWin::~CertVerifyProcWin() {}
558 bool CertVerifyProcWin::SupportsAdditionalTrustAnchors() const {
562 bool CertVerifyProcWin::SupportsOCSPStapling() const {
563 // CERT_OCSP_RESPONSE_PROP_ID is only implemented on Vista+, but it can be
564 // set on Windows XP without error. There is some overhead from the server
565 // sending the OCSP response if it supports the extension, for the subset of
566 // XP clients who will request it but be unable to use it, but this is an
567 // acceptable trade-off for simplicity of implementation.
571 int CertVerifyProcWin::VerifyInternal(
572 X509Certificate
* cert
,
573 const std::string
& hostname
,
574 const std::string
& ocsp_response
,
577 const CertificateList
& additional_trust_anchors
,
578 CertVerifyResult
* verify_result
) {
579 PCCERT_CONTEXT cert_handle
= cert
->os_cert_handle();
581 return ERR_UNEXPECTED
;
583 // Build and validate certificate chain.
584 CERT_CHAIN_PARA chain_para
;
585 memset(&chain_para
, 0, sizeof(chain_para
));
586 chain_para
.cbSize
= sizeof(chain_para
);
588 // We still need to request szOID_SERVER_GATED_CRYPTO and szOID_SGC_NETSCAPE
589 // today because some certificate chains need them. IE also requests these
591 static const LPCSTR usage
[] = {
592 szOID_PKIX_KP_SERVER_AUTH
,
593 szOID_SERVER_GATED_CRYPTO
,
596 chain_para
.RequestedUsage
.dwType
= USAGE_MATCH_TYPE_OR
;
597 chain_para
.RequestedUsage
.Usage
.cUsageIdentifier
= arraysize(usage
);
598 chain_para
.RequestedUsage
.Usage
.rgpszUsageIdentifier
=
599 const_cast<LPSTR
*>(usage
);
601 // Get the certificatePolicies extension of the certificate.
602 scoped_ptr
<CERT_POLICIES_INFO
, base::FreeDeleter
> policies_info
;
603 LPSTR ev_policy_oid
= NULL
;
604 if (flags
& CertVerifier::VERIFY_EV_CERT
) {
605 GetCertPoliciesInfo(cert_handle
, &policies_info
);
606 if (policies_info
.get()) {
607 EVRootCAMetadata
* metadata
= EVRootCAMetadata::GetInstance();
608 for (DWORD i
= 0; i
< policies_info
->cPolicyInfo
; ++i
) {
609 LPSTR policy_oid
= policies_info
->rgPolicyInfo
[i
].pszPolicyIdentifier
;
610 if (metadata
->IsEVPolicyOID(policy_oid
)) {
611 ev_policy_oid
= policy_oid
;
612 chain_para
.RequestedIssuancePolicy
.dwType
= USAGE_MATCH_TYPE_AND
;
613 chain_para
.RequestedIssuancePolicy
.Usage
.cUsageIdentifier
= 1;
614 chain_para
.RequestedIssuancePolicy
.Usage
.rgpszUsageIdentifier
=
622 // We can set CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS to get more chains.
623 DWORD chain_flags
= CERT_CHAIN_CACHE_END_CERT
|
624 CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT
;
625 bool rev_checking_enabled
=
626 (flags
& CertVerifier::VERIFY_REV_CHECKING_ENABLED
);
628 if (rev_checking_enabled
) {
629 verify_result
->cert_status
|= CERT_STATUS_REV_CHECKING_ENABLED
;
631 chain_flags
|= CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY
;
634 // For non-test scenarios, use the default HCERTCHAINENGINE, NULL, which
635 // corresponds to HCCE_CURRENT_USER and is is initialized as needed by
636 // crypt32. However, when testing, it is necessary to create a new
637 // HCERTCHAINENGINE and use that instead. This is because each
638 // HCERTCHAINENGINE maintains a cache of information about certificates
639 // encountered, and each test run may modify the trust status of a
641 ScopedHCERTCHAINENGINE
chain_engine(NULL
);
642 if (TestRootCerts::HasInstance())
643 chain_engine
.reset(TestRootCerts::GetInstance()->GetChainEngine());
645 ScopedPCCERT_CONTEXT
cert_list(cert
->CreateOSCertChainForCert());
647 if (!ocsp_response
.empty()) {
648 // Attach the OCSP response to the chain.
649 CRYPT_DATA_BLOB ocsp_response_blob
;
650 ocsp_response_blob
.cbData
= ocsp_response
.size();
651 ocsp_response_blob
.pbData
=
652 reinterpret_cast<BYTE
*>(const_cast<char*>(ocsp_response
.data()));
653 CertSetCertificateContextProperty(
654 cert_list
.get(), CERT_OCSP_RESPONSE_PROP_ID
,
655 CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG
, &ocsp_response_blob
);
658 PCCERT_CHAIN_CONTEXT chain_context
;
659 // IE passes a non-NULL pTime argument that specifies the current system
660 // time. IE passes CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT as the
661 // chain_flags argument.
662 if (!CertGetCertificateChain(
665 NULL
, // current system time
666 cert_list
->hCertStore
,
671 verify_result
->cert_status
|= CERT_STATUS_INVALID
;
672 return MapSecurityError(GetLastError());
675 CRLSetResult crl_set_result
= kCRLSetUnknown
;
677 crl_set_result
= CheckRevocationWithCRLSet(chain_context
, crl_set
);
679 if (crl_set_result
== kCRLSetRevoked
) {
680 verify_result
->cert_status
|= CERT_STATUS_REVOKED
;
681 } else if (crl_set_result
== kCRLSetUnknown
&&
682 (flags
& CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY
) &&
683 !rev_checking_enabled
&&
684 ev_policy_oid
!= NULL
) {
685 // We don't have fresh information about this chain from the CRLSet and
686 // it's probably an EV certificate. Retry with online revocation checking.
687 rev_checking_enabled
= true;
688 chain_flags
&= ~CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY
;
689 verify_result
->cert_status
|= CERT_STATUS_REV_CHECKING_ENABLED
;
691 CertFreeCertificateChain(chain_context
);
692 if (!CertGetCertificateChain(
695 NULL
, // current system time
696 cert_list
->hCertStore
,
701 verify_result
->cert_status
|= CERT_STATUS_INVALID
;
702 return MapSecurityError(GetLastError());
706 if (chain_context
->TrustStatus
.dwErrorStatus
&
707 CERT_TRUST_IS_NOT_VALID_FOR_USAGE
) {
708 ev_policy_oid
= NULL
;
709 chain_para
.RequestedIssuancePolicy
.Usage
.cUsageIdentifier
= 0;
710 chain_para
.RequestedIssuancePolicy
.Usage
.rgpszUsageIdentifier
= NULL
;
711 CertFreeCertificateChain(chain_context
);
712 if (!CertGetCertificateChain(
715 NULL
, // current system time
716 cert_list
->hCertStore
,
721 verify_result
->cert_status
|= CERT_STATUS_INVALID
;
722 return MapSecurityError(GetLastError());
726 CertVerifyResult temp_verify_result
= *verify_result
;
727 GetCertChainInfo(chain_context
, verify_result
);
728 if (!verify_result
->is_issued_by_known_root
&&
729 (flags
& CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS
)) {
730 *verify_result
= temp_verify_result
;
732 rev_checking_enabled
= true;
733 verify_result
->cert_status
|= CERT_STATUS_REV_CHECKING_ENABLED
;
734 chain_flags
&= ~CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY
;
736 CertFreeCertificateChain(chain_context
);
737 if (!CertGetCertificateChain(
740 NULL
, // current system time
741 cert_list
->hCertStore
,
746 verify_result
->cert_status
|= CERT_STATUS_INVALID
;
747 return MapSecurityError(GetLastError());
749 GetCertChainInfo(chain_context
, verify_result
);
751 if (chain_context
->TrustStatus
.dwErrorStatus
&
752 CERT_TRUST_IS_OFFLINE_REVOCATION
) {
753 verify_result
->cert_status
|= CERT_STATUS_REVOKED
;
757 ScopedPCCERT_CHAIN_CONTEXT
scoped_chain_context(chain_context
);
759 verify_result
->cert_status
|= MapCertChainErrorStatusToCertStatus(
760 chain_context
->TrustStatus
.dwErrorStatus
);
762 // Flag certificates that have a Subject common name with a NULL character.
763 if (CertSubjectCommonNameHasNull(cert_handle
))
764 verify_result
->cert_status
|= CERT_STATUS_INVALID
;
766 base::string16 hostname16
= base::ASCIIToUTF16(hostname
);
768 SSL_EXTRA_CERT_CHAIN_POLICY_PARA extra_policy_para
;
769 memset(&extra_policy_para
, 0, sizeof(extra_policy_para
));
770 extra_policy_para
.cbSize
= sizeof(extra_policy_para
);
771 extra_policy_para
.dwAuthType
= AUTHTYPE_SERVER
;
772 // Certificate name validation happens separately, later, using an internal
773 // routine that has better support for RFC 6125 name matching.
774 extra_policy_para
.fdwChecks
=
775 0x00001000; // SECURITY_FLAG_IGNORE_CERT_CN_INVALID
776 extra_policy_para
.pwszServerName
=
777 const_cast<base::char16
*>(hostname16
.c_str());
779 CERT_CHAIN_POLICY_PARA policy_para
;
780 memset(&policy_para
, 0, sizeof(policy_para
));
781 policy_para
.cbSize
= sizeof(policy_para
);
782 policy_para
.dwFlags
= 0;
783 policy_para
.pvExtraPolicyPara
= &extra_policy_para
;
785 CERT_CHAIN_POLICY_STATUS policy_status
;
786 memset(&policy_status
, 0, sizeof(policy_status
));
787 policy_status
.cbSize
= sizeof(policy_status
);
789 if (!CertVerifyCertificateChainPolicy(
790 CERT_CHAIN_POLICY_SSL
,
794 return MapSecurityError(GetLastError());
797 if (policy_status
.dwError
) {
798 verify_result
->cert_status
|= MapNetErrorToCertStatus(
799 MapSecurityError(policy_status
.dwError
));
802 // TODO(wtc): Suppress CERT_STATUS_NO_REVOCATION_MECHANISM for now to be
803 // compatible with WinHTTP, which doesn't report this error (bug 3004).
804 verify_result
->cert_status
&= ~CERT_STATUS_NO_REVOCATION_MECHANISM
;
806 // Perform hostname verification independent of
807 // CertVerifyCertificateChainPolicy.
808 if (!cert
->VerifyNameMatch(hostname
,
809 &verify_result
->common_name_fallback_used
)) {
810 verify_result
->cert_status
|= CERT_STATUS_COMMON_NAME_INVALID
;
813 if (!rev_checking_enabled
) {
814 // If we didn't do online revocation checking then Windows will report
815 // CERT_UNABLE_TO_CHECK_REVOCATION unless it had cached OCSP or CRL
816 // information for every certificate. We only want to put up revoked
817 // statuses from the offline checks so we squash this error.
818 verify_result
->cert_status
&= ~CERT_STATUS_UNABLE_TO_CHECK_REVOCATION
;
821 AppendPublicKeyHashes(chain_context
, &verify_result
->public_key_hashes
);
822 verify_result
->is_issued_by_known_root
= IsIssuedByKnownRoot(chain_context
);
824 if (IsCertStatusError(verify_result
->cert_status
))
825 return MapCertStatusToNetError(verify_result
->cert_status
);
828 CheckEV(chain_context
, rev_checking_enabled
, ev_policy_oid
)) {
829 verify_result
->cert_status
|= CERT_STATUS_IS_EV
;