search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Disable view source for Developer Tools.
[chromium-blink-merge.git] / net / cert / cert_verify_proc_nss.cc
blobe48888218b523da7786d719f724000b30efa0a8c
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/cert_verify_proc_nss.h"
6
7 #include <string>
8 #include <vector>
9
10 #include <cert.h>
11 #include <nss.h>
12 #include <prerror.h>
13 #include <secerr.h>
14 #include <sechash.h>
15 #include <sslerr.h>
16
17 #include "base/logging.h"
18 #include "crypto/nss_util.h"
19 #include "crypto/scoped_nss_types.h"
20 #include "crypto/sha2.h"
21 #include "net/base/net_errors.h"
22 #include "net/cert/asn1_util.h"
23 #include "net/cert/cert_status_flags.h"
24 #include "net/cert/cert_verifier.h"
25 #include "net/cert/cert_verify_result.h"
26 #include "net/cert/crl_set.h"
27 #include "net/cert/ev_root_ca_metadata.h"
28 #include "net/cert/x509_certificate.h"
29 #include "net/cert/x509_util_nss.h"
30
31 #if defined(OS_IOS)
32 #include <CommonCrypto/CommonDigest.h>
33 #include "net/cert/x509_util_ios.h"
34 #endif // defined(OS_IOS)
35
36 namespace net {
37
38 namespace {
39
40 typedef scoped_ptr_malloc<
41 CERTCertificatePolicies,
42 crypto::NSSDestroyer<CERTCertificatePolicies,
43 CERT_DestroyCertificatePoliciesExtension> >
44 ScopedCERTCertificatePolicies;
45
46 typedef scoped_ptr_malloc<
47 CERTCertList,
48 crypto::NSSDestroyer<CERTCertList, CERT_DestroyCertList> >
49 ScopedCERTCertList;
50
51 // ScopedCERTValOutParam manages destruction of values in the CERTValOutParam
52 // array that cvout points to. cvout must be initialized as passed to
53 // CERT_PKIXVerifyCert, so that the array must be terminated with
54 // cert_po_end type.
55 // When it goes out of scope, it destroys values of cert_po_trustAnchor
56 // and cert_po_certList types, but doesn't release the array itself.
57 class ScopedCERTValOutParam {
58 public:
59 explicit ScopedCERTValOutParam(CERTValOutParam* cvout) : cvout_(cvout) {}
60
61 ~ScopedCERTValOutParam() {
62 Clear();
63 }
64
65 // Free the internal resources, but do not release the array itself.
66 void Clear() {
67 if (cvout_ == NULL)
68 return;
69 for (CERTValOutParam *p = cvout_; p->type != cert_po_end; p++) {
70 switch (p->type) {
71 case cert_po_trustAnchor:
72 if (p->value.pointer.cert) {
73 CERT_DestroyCertificate(p->value.pointer.cert);
74 p->value.pointer.cert = NULL;
75 }
76 break;
77 case cert_po_certList:
78 if (p->value.pointer.chain) {
79 CERT_DestroyCertList(p->value.pointer.chain);
80 p->value.pointer.chain = NULL;
81 }
82 break;
83 default:
84 break;
85 }
86 }
87 }
88
89 private:
90 CERTValOutParam* cvout_;
91
92 DISALLOW_COPY_AND_ASSIGN(ScopedCERTValOutParam);
93 };
94
95 // Map PORT_GetError() return values to our network error codes.
96 int MapSecurityError(int err) {
97 switch (err) {
98 case PR_DIRECTORY_LOOKUP_ERROR: // DNS lookup error.
99 return ERR_NAME_NOT_RESOLVED;
100 case SEC_ERROR_INVALID_ARGS:
101 return ERR_INVALID_ARGUMENT;
102 case SSL_ERROR_BAD_CERT_DOMAIN:
103 return ERR_CERT_COMMON_NAME_INVALID;
104 case SEC_ERROR_INVALID_TIME:
105 case SEC_ERROR_EXPIRED_CERTIFICATE:
106 case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
107 return ERR_CERT_DATE_INVALID;
108 case SEC_ERROR_UNKNOWN_ISSUER:
109 case SEC_ERROR_UNTRUSTED_ISSUER:
110 case SEC_ERROR_CA_CERT_INVALID:
111 return ERR_CERT_AUTHORITY_INVALID;
112 // TODO(port): map ERR_CERT_NO_REVOCATION_MECHANISM.
113 case SEC_ERROR_OCSP_BAD_HTTP_RESPONSE:
114 case SEC_ERROR_OCSP_SERVER_ERROR:
115 return ERR_CERT_UNABLE_TO_CHECK_REVOCATION;
116 case SEC_ERROR_REVOKED_CERTIFICATE:
117 case SEC_ERROR_UNTRUSTED_CERT: // Treat as revoked.
118 return ERR_CERT_REVOKED;
119 case SEC_ERROR_CERT_NOT_IN_NAME_SPACE:
120 return ERR_CERT_NAME_CONSTRAINT_VIOLATION;
121 case SEC_ERROR_BAD_DER:
122 case SEC_ERROR_BAD_SIGNATURE:
123 case SEC_ERROR_CERT_NOT_VALID:
124 // TODO(port): add an ERR_CERT_WRONG_USAGE error code.
125 case SEC_ERROR_CERT_USAGES_INVALID:
126 case SEC_ERROR_INADEQUATE_KEY_USAGE: // Key usage.
127 case SEC_ERROR_INADEQUATE_CERT_TYPE: // Extended key usage and whether
128 // the certificate is a CA.
129 case SEC_ERROR_POLICY_VALIDATION_FAILED:
130 case SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID:
131 case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
132 case SEC_ERROR_EXTENSION_VALUE_INVALID:
133 return ERR_CERT_INVALID;
134 case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
135 return ERR_CERT_WEAK_SIGNATURE_ALGORITHM;
136 default:
137 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED";
138 return ERR_FAILED;
139 }
140 }
141
142 // Map PORT_GetError() return values to our cert status flags.
143 CertStatus MapCertErrorToCertStatus(int err) {
144 int net_error = MapSecurityError(err);
145 return MapNetErrorToCertStatus(net_error);
146 }
147
148 // Saves some information about the certificate chain cert_list in
149 // *verify_result. The caller MUST initialize *verify_result before calling
150 // this function.
151 // Note that cert_list[0] is the end entity certificate.
152 void GetCertChainInfo(CERTCertList* cert_list,
153 CERTCertificate* root_cert,
154 CertVerifyResult* verify_result) {
155 DCHECK(cert_list);
156
157 CERTCertificate* verified_cert = NULL;
158 std::vector<CERTCertificate*> verified_chain;
159 int i = 0;
160 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
161 !CERT_LIST_END(node, cert_list);
162 node = CERT_LIST_NEXT(node), ++i) {
163 if (i == 0) {
164 verified_cert = node->cert;
165 } else {
166 // Because of an NSS bug, CERT_PKIXVerifyCert may chain a self-signed
167 // certificate of a root CA to another certificate of the same root CA
168 // key. Detect that error and ignore the root CA certificate.
169 // See https://bugzilla.mozilla.org/show_bug.cgi?id=721288.
170 if (node->cert->isRoot) {
171 // NOTE: isRoot doesn't mean the certificate is a trust anchor. It
172 // means the certificate is self-signed. Here we assume isRoot only
173 // implies the certificate is self-issued.
174 CERTCertListNode* next_node = CERT_LIST_NEXT(node);
175 CERTCertificate* next_cert;
176 if (!CERT_LIST_END(next_node, cert_list)) {
177 next_cert = next_node->cert;
178 } else {
179 next_cert = root_cert;
180 }
181 // Test that |node->cert| is actually a self-signed certificate
182 // whose key is equal to |next_cert|, and not a self-issued
183 // certificate signed by another key of the same CA.
184 if (next_cert && SECITEM_ItemsAreEqual(&node->cert->derPublicKey,
185 &next_cert->derPublicKey)) {
186 continue;
187 }
188 }
189 verified_chain.push_back(node->cert);
190 }
191
192 SECAlgorithmID& signature = node->cert->signature;
193 SECOidTag oid_tag = SECOID_FindOIDTag(&signature.algorithm);
194 switch (oid_tag) {
195 case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
196 verify_result->has_md5 = true;
197 break;
198 case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
199 verify_result->has_md2 = true;
200 break;
201 case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
202 verify_result->has_md4 = true;
203 break;
204 default:
205 break;
206 }
207 }
208
209 if (root_cert)
210 verified_chain.push_back(root_cert);
211 #if defined(OS_IOS)
212 verify_result->verified_cert =
213 x509_util_ios::CreateCertFromNSSHandles(verified_cert, verified_chain);
214 #else
215 verify_result->verified_cert =
216 X509Certificate::CreateFromHandle(verified_cert, verified_chain);
217 #endif // defined(OS_IOS)
218 }
219
220 // IsKnownRoot returns true if the given certificate is one that we believe
221 // is a standard (as opposed to user-installed) root.
222 bool IsKnownRoot(CERTCertificate* root) {
223 if (!root || !root->slot)
224 return false;
225
226 // This magic name is taken from
227 // http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ckfw/builtins/constants.c&rev=1.13&mark=86,89#79
228 return 0 == strcmp(PK11_GetSlotName(root->slot),
229 "NSS Builtin Objects");
230 }
231
232 // Returns true if the given certificate is one of the additional trust anchors.
233 bool IsAdditionalTrustAnchor(CERTCertList* additional_trust_anchors,
234 CERTCertificate* root) {
235 if (!additional_trust_anchors || !root)
236 return false;
237 for (CERTCertListNode* node = CERT_LIST_HEAD(additional_trust_anchors);
238 !CERT_LIST_END(node, additional_trust_anchors);
239 node = CERT_LIST_NEXT(node)) {
240 if (CERT_CompareCerts(node->cert, root))
241 return true;
242 }
243 return false;
244 }
245
246 enum CRLSetResult {
247 kCRLSetOk,
248 kCRLSetRevoked,
249 kCRLSetUnknown,
250 };
251
252 // CheckRevocationWithCRLSet attempts to check each element of |cert_list|
253 // against |crl_set|. It returns:
254 // kCRLSetRevoked: if any element of the chain is known to have been revoked.
255 // kCRLSetUnknown: if there is no fresh information about some element in
256 // the chain.
257 // kCRLSetOk: if every element in the chain is covered by a fresh CRLSet and
258 // is unrevoked.
259 CRLSetResult CheckRevocationWithCRLSet(CERTCertList* cert_list,
260 CERTCertificate* root,
261 CRLSet* crl_set) {
262 std::vector<CERTCertificate*> certs;
263
264 if (cert_list) {
265 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
266 !CERT_LIST_END(node, cert_list);
267 node = CERT_LIST_NEXT(node)) {
268 certs.push_back(node->cert);
269 }
270 }
271 if (root)
272 certs.push_back(root);
273
274 bool covered = true;
275
276 // We iterate from the root certificate down to the leaf, keeping track of
277 // the issuer's SPKI at each step.
278 std::string issuer_spki_hash;
279 for (std::vector<CERTCertificate*>::reverse_iterator i = certs.rbegin();
280 i != certs.rend(); ++i) {
281 CERTCertificate* cert = *i;
282
283 base::StringPiece der(reinterpret_cast<char*>(cert->derCert.data),
284 cert->derCert.len);
285
286 base::StringPiece spki;
287 if (!asn1::ExtractSPKIFromDERCert(der, &spki)) {
288 NOTREACHED();
289 covered = false;
290 continue;
291 }
292 const std::string spki_hash = crypto::SHA256HashString(spki);
293
294 base::StringPiece serial_number = base::StringPiece(
295 reinterpret_cast<char*>(cert->serialNumber.data),
296 cert->serialNumber.len);
297
298 CRLSet::Result result = crl_set->CheckSPKI(spki_hash);
299
300 if (result != CRLSet::REVOKED && !issuer_spki_hash.empty())
301 result = crl_set->CheckSerial(serial_number, issuer_spki_hash);
302
303 issuer_spki_hash = spki_hash;
304
305 switch (result) {
306 case CRLSet::REVOKED:
307 return kCRLSetRevoked;
308 case CRLSet::UNKNOWN:
309 covered = false;
310 continue;
311 case CRLSet::GOOD:
312 continue;
313 default:
314 NOTREACHED();
315 covered = false;
316 continue;
317 }
318 }
319
320 if (!covered || crl_set->IsExpired())
321 return kCRLSetUnknown;
322 return kCRLSetOk;
323 }
324
325 // Forward declarations.
326 SECStatus RetryPKIXVerifyCertWithWorkarounds(
327 CERTCertificate* cert_handle, int num_policy_oids,
328 bool cert_io_enabled, std::vector<CERTValInParam>* cvin,
329 CERTValOutParam* cvout);
330 SECOidTag GetFirstCertPolicy(CERTCertificate* cert_handle);
331
332 // Call CERT_PKIXVerifyCert for the cert_handle.
333 // Verification results are stored in an array of CERTValOutParam.
334 // If |hard_fail| is true, and no policy_oids are supplied (eg: EV is NOT being
335 // checked), then the failure to obtain valid CRL/OCSP information for all
336 // certificates that contain CRL/OCSP URLs will cause the certificate to be
337 // treated as if it was revoked. Since failures may be caused by transient
338 // network failures or by malicious attackers, in general, hard_fail should be
339 // false.
340 // If policy_oids is not NULL and num_policy_oids is positive, policies
341 // are also checked.
342 // additional_trust_anchors is an optional list of certificates that can be
343 // trusted as anchors when building a certificate chain.
344 // Caller must initialize cvout before calling this function.
345 SECStatus PKIXVerifyCert(CERTCertificate* cert_handle,
346 bool check_revocation,
347 bool hard_fail,
348 bool cert_io_enabled,
349 const SECOidTag* policy_oids,
350 int num_policy_oids,
351 CERTCertList* additional_trust_anchors,
352 CERTValOutParam* cvout) {
353 bool use_crl = check_revocation;
354 bool use_ocsp = check_revocation;
355
356 PRUint64 revocation_method_flags =
357 CERT_REV_M_DO_NOT_TEST_USING_THIS_METHOD |
358 CERT_REV_M_ALLOW_NETWORK_FETCHING |
359 CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE |
360 CERT_REV_M_IGNORE_MISSING_FRESH_INFO |
361 CERT_REV_M_STOP_TESTING_ON_FRESH_INFO;
362 PRUint64 revocation_method_independent_flags =
363 CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST;
364 if (check_revocation && policy_oids && num_policy_oids > 0) {
365 // EV verification requires revocation checking. Consider the certificate
366 // revoked if we don't have revocation info.
367 // TODO(wtc): Add a bool parameter to expressly specify we're doing EV
368 // verification or we want strict revocation flags.
369 revocation_method_flags |= CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE;
370 revocation_method_independent_flags |=
371 CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE;
372 } else if (check_revocation && hard_fail) {
373 revocation_method_flags |= CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO;
374 revocation_method_independent_flags |=
375 CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE;
376 } else {
377 revocation_method_flags |= CERT_REV_M_SKIP_TEST_ON_MISSING_SOURCE;
378 revocation_method_independent_flags |=
379 CERT_REV_MI_NO_OVERALL_INFO_REQUIREMENT;
380 }
381 PRUint64 method_flags[2];
382 method_flags[cert_revocation_method_crl] = revocation_method_flags;
383 method_flags[cert_revocation_method_ocsp] = revocation_method_flags;
384
385 if (use_crl) {
386 method_flags[cert_revocation_method_crl] |=
387 CERT_REV_M_TEST_USING_THIS_METHOD;
388 }
389 if (use_ocsp) {
390 method_flags[cert_revocation_method_ocsp] |=
391 CERT_REV_M_TEST_USING_THIS_METHOD;
392 }
393
394 CERTRevocationMethodIndex preferred_revocation_methods[1];
395 if (use_ocsp) {
396 preferred_revocation_methods[0] = cert_revocation_method_ocsp;
397 } else {
398 preferred_revocation_methods[0] = cert_revocation_method_crl;
399 }
400
401 CERTRevocationFlags revocation_flags;
402 revocation_flags.leafTests.number_of_defined_methods =
403 arraysize(method_flags);
404 revocation_flags.leafTests.cert_rev_flags_per_method = method_flags;
405 revocation_flags.leafTests.number_of_preferred_methods =
406 arraysize(preferred_revocation_methods);
407 revocation_flags.leafTests.preferred_methods = preferred_revocation_methods;
408 revocation_flags.leafTests.cert_rev_method_independent_flags =
409 revocation_method_independent_flags;
410
411 revocation_flags.chainTests.number_of_defined_methods =
412 arraysize(method_flags);
413 revocation_flags.chainTests.cert_rev_flags_per_method = method_flags;
414 revocation_flags.chainTests.number_of_preferred_methods =
415 arraysize(preferred_revocation_methods);
416 revocation_flags.chainTests.preferred_methods = preferred_revocation_methods;
417 revocation_flags.chainTests.cert_rev_method_independent_flags =
418 revocation_method_independent_flags;
419
420
421 std::vector<CERTValInParam> cvin;
422 cvin.reserve(7);
423 CERTValInParam in_param;
424 in_param.type = cert_pi_revocationFlags;
425 in_param.value.pointer.revocation = &revocation_flags;
426 cvin.push_back(in_param);
427 if (policy_oids && num_policy_oids > 0) {
428 in_param.type = cert_pi_policyOID;
429 in_param.value.arraySize = num_policy_oids;
430 in_param.value.array.oids = policy_oids;
431 cvin.push_back(in_param);
432 }
433 if (additional_trust_anchors) {
434 in_param.type = cert_pi_trustAnchors;
435 in_param.value.pointer.chain = additional_trust_anchors;
436 cvin.push_back(in_param);
437 in_param.type = cert_pi_useOnlyTrustAnchors;
438 in_param.value.scalar.b = PR_FALSE;
439 cvin.push_back(in_param);
440 }
441 in_param.type = cert_pi_end;
442 cvin.push_back(in_param);
443
444 SECStatus rv = CERT_PKIXVerifyCert(cert_handle, certificateUsageSSLServer,
445 &cvin[0], cvout, NULL);
446 if (rv != SECSuccess) {
447 rv = RetryPKIXVerifyCertWithWorkarounds(cert_handle, num_policy_oids,
448 cert_io_enabled, &cvin, cvout);
449 }
450 return rv;
451 }
452
453 // PKIXVerifyCert calls this function to work around some bugs in
454 // CERT_PKIXVerifyCert. All the arguments of this function are either the
455 // arguments or local variables of PKIXVerifyCert.
456 SECStatus RetryPKIXVerifyCertWithWorkarounds(
457 CERTCertificate* cert_handle, int num_policy_oids,
458 bool cert_io_enabled, std::vector<CERTValInParam>* cvin,
459 CERTValOutParam* cvout) {
460 // We call this function when the first CERT_PKIXVerifyCert call in
461 // PKIXVerifyCert failed, so we initialize |rv| to SECFailure.
462 SECStatus rv = SECFailure;
463 int nss_error = PORT_GetError();
464 CERTValInParam in_param;
465
466 // If we get SEC_ERROR_UNKNOWN_ISSUER, we may be missing an intermediate
467 // CA certificate, so we retry with cert_pi_useAIACertFetch.
468 // cert_pi_useAIACertFetch has several bugs in its error handling and
469 // error reporting (NSS bug 528743), so we don't use it by default.
470 // Note: When building a certificate chain, CERT_PKIXVerifyCert may
471 // incorrectly pick a CA certificate with the same subject name as the
472 // missing intermediate CA certificate, and fail with the
473 // SEC_ERROR_BAD_SIGNATURE error (NSS bug 524013), so we also retry with
474 // cert_pi_useAIACertFetch on SEC_ERROR_BAD_SIGNATURE.
475 if (cert_io_enabled &&
476 (nss_error == SEC_ERROR_UNKNOWN_ISSUER ||
477 nss_error == SEC_ERROR_BAD_SIGNATURE)) {
478 DCHECK_EQ(cvin->back().type, cert_pi_end);
479 cvin->pop_back();
480 in_param.type = cert_pi_useAIACertFetch;
481 in_param.value.scalar.b = PR_TRUE;
482 cvin->push_back(in_param);
483 in_param.type = cert_pi_end;
484 cvin->push_back(in_param);
485 rv = CERT_PKIXVerifyCert(cert_handle, certificateUsageSSLServer,
486 &(*cvin)[0], cvout, NULL);
487 if (rv == SECSuccess)
488 return rv;
489 int new_nss_error = PORT_GetError();
490 if (new_nss_error == SEC_ERROR_INVALID_ARGS ||
491 new_nss_error == SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE ||
492 new_nss_error == SEC_ERROR_BAD_INFO_ACCESS_LOCATION ||
493 new_nss_error == SEC_ERROR_BAD_HTTP_RESPONSE ||
494 new_nss_error == SEC_ERROR_BAD_LDAP_RESPONSE ||
495 !IS_SEC_ERROR(new_nss_error)) {
496 // Use the original error code because of cert_pi_useAIACertFetch's
497 // bad error reporting.
498 PORT_SetError(nss_error);
499 return rv;
500 }
501 nss_error = new_nss_error;
502 }
503
504 // If an intermediate CA certificate has requireExplicitPolicy in its
505 // policyConstraints extension, CERT_PKIXVerifyCert fails with
506 // SEC_ERROR_POLICY_VALIDATION_FAILED because we didn't specify any
507 // certificate policy (NSS bug 552775). So we retry with the certificate
508 // policy found in the server certificate.
509 if (nss_error == SEC_ERROR_POLICY_VALIDATION_FAILED &&
510 num_policy_oids == 0) {
511 SECOidTag policy = GetFirstCertPolicy(cert_handle);
512 if (policy != SEC_OID_UNKNOWN) {
513 DCHECK_EQ(cvin->back().type, cert_pi_end);
514 cvin->pop_back();
515 in_param.type = cert_pi_policyOID;
516 in_param.value.arraySize = 1;
517 in_param.value.array.oids = &policy;
518 cvin->push_back(in_param);
519 in_param.type = cert_pi_end;
520 cvin->push_back(in_param);
521 rv = CERT_PKIXVerifyCert(cert_handle, certificateUsageSSLServer,
522 &(*cvin)[0], cvout, NULL);
523 if (rv != SECSuccess) {
524 // Use the original error code.
525 PORT_SetError(nss_error);
526 }
527 }
528 }
529
530 return rv;
531 }
532
533 // Decodes the certificatePolicies extension of the certificate. Returns
534 // NULL if the certificate doesn't have the extension or the extension can't
535 // be decoded. The returned value must be freed with a
536 // CERT_DestroyCertificatePoliciesExtension call.
537 CERTCertificatePolicies* DecodeCertPolicies(
538 CERTCertificate* cert_handle) {
539 SECItem policy_ext;
540 SECStatus rv = CERT_FindCertExtension(cert_handle,
541 SEC_OID_X509_CERTIFICATE_POLICIES,
542 &policy_ext);
543 if (rv != SECSuccess)
544 return NULL;
545 CERTCertificatePolicies* policies =
546 CERT_DecodeCertificatePoliciesExtension(&policy_ext);
547 SECITEM_FreeItem(&policy_ext, PR_FALSE);
548 return policies;
549 }
550
551 // Returns the OID tag for the first certificate policy in the certificate's
552 // certificatePolicies extension. Returns SEC_OID_UNKNOWN if the certificate
553 // has no certificate policy.
554 SECOidTag GetFirstCertPolicy(CERTCertificate* cert_handle) {
555 ScopedCERTCertificatePolicies policies(DecodeCertPolicies(cert_handle));
556 if (!policies.get())
557 return SEC_OID_UNKNOWN;
558
559 CERTPolicyInfo* policy_info = policies->policyInfos[0];
560 if (!policy_info)
561 return SEC_OID_UNKNOWN;
562 if (policy_info->oid != SEC_OID_UNKNOWN)
563 return policy_info->oid;
564
565 // The certificate policy is unknown to NSS. We need to create a dynamic
566 // OID tag for the policy.
567 SECOidData od;
568 od.oid.len = policy_info->policyID.len;
569 od.oid.data = policy_info->policyID.data;
570 od.offset = SEC_OID_UNKNOWN;
571 // NSS doesn't allow us to pass an empty description, so I use a hardcoded,
572 // default description here. The description doesn't need to be unique for
573 // each OID.
574 od.desc = "a certificate policy";
575 od.mechanism = CKM_INVALID_MECHANISM;
576 od.supportedExtension = INVALID_CERT_EXTENSION;
577 return SECOID_AddEntry(&od);
578 }
579
580 HashValue CertPublicKeyHashSHA1(CERTCertificate* cert) {
581 HashValue hash(HASH_VALUE_SHA1);
582 #if defined(OS_IOS)
583 CC_SHA1(cert->derPublicKey.data, cert->derPublicKey.len, hash.data());
584 #else
585 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, hash.data(),
586 cert->derPublicKey.data, cert->derPublicKey.len);
587 DCHECK_EQ(SECSuccess, rv);
588 #endif
589 return hash;
590 }
591
592 HashValue CertPublicKeyHashSHA256(CERTCertificate* cert) {
593 HashValue hash(HASH_VALUE_SHA256);
594 #if defined(OS_IOS)
595 CC_SHA256(cert->derPublicKey.data, cert->derPublicKey.len, hash.data());
596 #else
597 SECStatus rv = HASH_HashBuf(HASH_AlgSHA256, hash.data(),
598 cert->derPublicKey.data, cert->derPublicKey.len);
599 DCHECK_EQ(rv, SECSuccess);
600 #endif
601 return hash;
602 }
603
604 void AppendPublicKeyHashes(CERTCertList* cert_list,
605 CERTCertificate* root_cert,
606 HashValueVector* hashes) {
607 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
608 !CERT_LIST_END(node, cert_list);
609 node = CERT_LIST_NEXT(node)) {
610 hashes->push_back(CertPublicKeyHashSHA1(node->cert));
611 hashes->push_back(CertPublicKeyHashSHA256(node->cert));
612 }
613 if (root_cert) {
614 hashes->push_back(CertPublicKeyHashSHA1(root_cert));
615 hashes->push_back(CertPublicKeyHashSHA256(root_cert));
616 }
617 }
618
619 // Returns true if |cert_handle| contains a policy OID that is an EV policy
620 // OID according to |metadata|, storing the resulting policy OID in
621 // |*ev_policy_oid|. A true return is not sufficient to establish that a
622 // certificate is EV, but a false return is sufficient to establish the
623 // certificate cannot be EV.
624 bool IsEVCandidate(EVRootCAMetadata* metadata,
625 CERTCertificate* cert_handle,
626 SECOidTag* ev_policy_oid) {
627 DCHECK(cert_handle);
628 ScopedCERTCertificatePolicies policies(DecodeCertPolicies(cert_handle));
629 if (!policies.get())
630 return false;
631
632 CERTPolicyInfo** policy_infos = policies->policyInfos;
633 while (*policy_infos != NULL) {
634 CERTPolicyInfo* policy_info = *policy_infos++;
635 // If the Policy OID is unknown, that implicitly means it has not been
636 // registered as an EV policy.
637 if (policy_info->oid == SEC_OID_UNKNOWN)
638 continue;
639 if (metadata->IsEVPolicyOID(policy_info->oid)) {
640 *ev_policy_oid = policy_info->oid;
641 return true;
642 }
643 }
644
645 return false;
646 }
647
648 // Studied Mozilla's code (esp. security/manager/ssl/src/nsIdentityChecking.cpp
649 // and nsNSSCertHelper.cpp) to learn how to verify EV certificate.
650 // TODO(wtc): A possible optimization is that we get the trust anchor from
651 // the first PKIXVerifyCert call. We look up the EV policy for the trust
652 // anchor. If the trust anchor has no EV policy, we know the cert isn't EV.
653 // Otherwise, we pass just that EV policy (as opposed to all the EV policies)
654 // to the second PKIXVerifyCert call.
655 bool VerifyEV(CERTCertificate* cert_handle,
656 int flags,
657 CRLSet* crl_set,
658 bool rev_checking_enabled,
659 EVRootCAMetadata* metadata,
660 SECOidTag ev_policy_oid,
661 CERTCertList* additional_trust_anchors) {
662 CERTValOutParam cvout[3];
663 int cvout_index = 0;
664 cvout[cvout_index].type = cert_po_certList;
665 cvout[cvout_index].value.pointer.chain = NULL;
666 int cvout_cert_list_index = cvout_index;
667 cvout_index++;
668 cvout[cvout_index].type = cert_po_trustAnchor;
669 cvout[cvout_index].value.pointer.cert = NULL;
670 int cvout_trust_anchor_index = cvout_index;
671 cvout_index++;
672 cvout[cvout_index].type = cert_po_end;
673 ScopedCERTValOutParam scoped_cvout(cvout);
674
675 SECStatus status = PKIXVerifyCert(
676 cert_handle,
677 rev_checking_enabled,
678 true, /* hard fail is implied in EV. */
679 flags & CertVerifier::VERIFY_CERT_IO_ENABLED,
680 &ev_policy_oid,
681 1,
682 additional_trust_anchors,
683 cvout);
684 if (status != SECSuccess)
685 return false;
686
687 CERTCertificate* root_ca =
688 cvout[cvout_trust_anchor_index].value.pointer.cert;
689 if (root_ca == NULL)
690 return false;
691
692 // This second PKIXVerifyCert call could have found a different certification
693 // path and one or more of the certificates on this new path, that weren't on
694 // the old path, might have been revoked.
695 if (crl_set) {
696 CRLSetResult crl_set_result = CheckRevocationWithCRLSet(
697 cvout[cvout_cert_list_index].value.pointer.chain,
698 cvout[cvout_trust_anchor_index].value.pointer.cert,
699 crl_set);
700 if (crl_set_result == kCRLSetRevoked)
701 return false;
702 }
703
704 #if defined(OS_IOS)
705 SHA1HashValue fingerprint = x509_util_ios::CalculateFingerprintNSS(root_ca);
706 #else
707 SHA1HashValue fingerprint =
708 X509Certificate::CalculateFingerprint(root_ca);
709 #endif
710 return metadata->HasEVPolicyOID(fingerprint, ev_policy_oid);
711 }
712
713 CERTCertList* CertificateListToCERTCertList(const CertificateList& list) {
714 CERTCertList* result = CERT_NewCertList();
715 for (size_t i = 0; i < list.size(); ++i) {
716 #if defined(OS_IOS)
717 // X509Certificate::os_cert_handle() on iOS is a SecCertificateRef; convert
718 // it to an NSS CERTCertificate.
719 CERTCertificate* cert = x509_util_ios::CreateNSSCertHandleFromOSHandle(
720 list[i]->os_cert_handle());
721 #else
722 CERTCertificate* cert = list[i]->os_cert_handle();
723 #endif
724 CERT_AddCertToListTail(result, CERT_DupCertificate(cert));
725 }
726 return result;
727 }
728
729 } // namespace
730
731 CertVerifyProcNSS::CertVerifyProcNSS() {}
732
733 CertVerifyProcNSS::~CertVerifyProcNSS() {}
734
735 bool CertVerifyProcNSS::SupportsAdditionalTrustAnchors() const {
736 return true;
737 }
738
739 int CertVerifyProcNSS::VerifyInternal(
740 X509Certificate* cert,
741 const std::string& hostname,
742 int flags,
743 CRLSet* crl_set,
744 const CertificateList& additional_trust_anchors,
745 CertVerifyResult* verify_result) {
746 #if defined(OS_IOS)
747 // For iOS, the entire chain must be loaded into NSS's in-memory certificate
748 // store.
749 x509_util_ios::NSSCertChain scoped_chain(cert);
750 CERTCertificate* cert_handle = scoped_chain.cert_handle();
751 #else
752 CERTCertificate* cert_handle = cert->os_cert_handle();
753 #endif // defined(OS_IOS)
754
755 if (!cert->VerifyNameMatch(hostname,
756 &verify_result->common_name_fallback_used)) {
757 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID;
758 }
759
760 // Make sure that the cert is valid now.
761 SECCertTimeValidity validity = CERT_CheckCertValidTimes(
762 cert_handle, PR_Now(), PR_TRUE);
763 if (validity != secCertTimeValid)
764 verify_result->cert_status |= CERT_STATUS_DATE_INVALID;
765
766 CERTValOutParam cvout[3];
767 int cvout_index = 0;
768 cvout[cvout_index].type = cert_po_certList;
769 cvout[cvout_index].value.pointer.chain = NULL;
770 int cvout_cert_list_index = cvout_index;
771 cvout_index++;
772 cvout[cvout_index].type = cert_po_trustAnchor;
773 cvout[cvout_index].value.pointer.cert = NULL;
774 int cvout_trust_anchor_index = cvout_index;
775 cvout_index++;
776 cvout[cvout_index].type = cert_po_end;
777 ScopedCERTValOutParam scoped_cvout(cvout);
778
779 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance();
780 SECOidTag ev_policy_oid = SEC_OID_UNKNOWN;
781 bool is_ev_candidate =
782 (flags & CertVerifier::VERIFY_EV_CERT) &&
783 IsEVCandidate(metadata, cert_handle, &ev_policy_oid);
784 bool cert_io_enabled = flags & CertVerifier::VERIFY_CERT_IO_ENABLED;
785 bool check_revocation =
786 cert_io_enabled &&
787 (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED);
788 if (check_revocation)
789 verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED;
790
791 ScopedCERTCertList trust_anchors;
792 if (!additional_trust_anchors.empty()) {
793 trust_anchors.reset(
794 CertificateListToCERTCertList(additional_trust_anchors));
795 }
796
797 SECStatus status = PKIXVerifyCert(cert_handle, check_revocation, false,
798 cert_io_enabled, NULL, 0,
799 trust_anchors.get(), cvout);
800
801 if (status == SECSuccess &&
802 (flags & CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS) &&
803 !IsKnownRoot(cvout[cvout_trust_anchor_index].value.pointer.cert)) {
804 // TODO(rsleevi): Optimize this by supplying the constructed chain to
805 // libpkix via cvin. Omitting for now, due to lack of coverage in upstream
806 // NSS tests for that feature.
807 scoped_cvout.Clear();
808 verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED;
809 status = PKIXVerifyCert(cert_handle, true, true,
810 cert_io_enabled, NULL, 0, trust_anchors.get(),
811 cvout);
812 }
813
814 if (status == SECSuccess) {
815 AppendPublicKeyHashes(cvout[cvout_cert_list_index].value.pointer.chain,
816 cvout[cvout_trust_anchor_index].value.pointer.cert,
817 &verify_result->public_key_hashes);
818
819 verify_result->is_issued_by_known_root =
820 IsKnownRoot(cvout[cvout_trust_anchor_index].value.pointer.cert);
821 verify_result->is_issued_by_additional_trust_anchor =
822 IsAdditionalTrustAnchor(
823 trust_anchors.get(),
824 cvout[cvout_trust_anchor_index].value.pointer.cert);
825
826 GetCertChainInfo(cvout[cvout_cert_list_index].value.pointer.chain,
827 cvout[cvout_trust_anchor_index].value.pointer.cert,
828 verify_result);
829 }
830
831 CRLSetResult crl_set_result = kCRLSetUnknown;
832 if (crl_set) {
833 crl_set_result = CheckRevocationWithCRLSet(
834 cvout[cvout_cert_list_index].value.pointer.chain,
835 cvout[cvout_trust_anchor_index].value.pointer.cert,
836 crl_set);
837 if (crl_set_result == kCRLSetRevoked) {
838 PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
839 status = SECFailure;
840 }
841 }
842
843 if (status != SECSuccess) {
844 int err = PORT_GetError();
845 LOG(ERROR) << "CERT_PKIXVerifyCert for " << hostname
846 << " failed err=" << err;
847 // CERT_PKIXVerifyCert rerports the wrong error code for
848 // expired certificates (NSS bug 491174)
849 if (err == SEC_ERROR_CERT_NOT_VALID &&
850 (verify_result->cert_status & CERT_STATUS_DATE_INVALID))
851 err = SEC_ERROR_EXPIRED_CERTIFICATE;
852 CertStatus cert_status = MapCertErrorToCertStatus(err);
853 if (cert_status) {
854 verify_result->cert_status |= cert_status;
855 return MapCertStatusToNetError(verify_result->cert_status);
856 }
857 // |err| is not a certificate error.
858 return MapSecurityError(err);
859 }
860
861 if (IsCertStatusError(verify_result->cert_status))
862 return MapCertStatusToNetError(verify_result->cert_status);
863
864 if ((flags & CertVerifier::VERIFY_EV_CERT) && is_ev_candidate) {
865 check_revocation |=
866 crl_set_result != kCRLSetOk &&
867 cert_io_enabled &&
868 (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY);
869 if (check_revocation)
870 verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED;
871
872 if (VerifyEV(cert_handle, flags, crl_set, check_revocation, metadata,
873 ev_policy_oid, trust_anchors.get())) {
874 verify_result->cert_status |= CERT_STATUS_IS_EV;
875 }
876 }
877
878 return OK;
879 }
880
881 } // namespace net