1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/cert/x509_certificate.h" 6 7 #include <openssl/asn1.h> 8 #include <openssl/bytestring.h> 9 #include <openssl/crypto.h> 10 #include <openssl/obj_mac.h> 11 #include <openssl/pem.h> 12 #include <openssl/sha.h> 13 #include <openssl/ssl.h> 14 #include <openssl/x509v3.h> 15 16 #include "base/memory/singleton.h" 17 #include "base/pickle.h" 18 #include "base/sha1.h" 19 #include "base/strings/string_number_conversions.h" 20 #include "base/strings/string_piece.h" 21 #include "base/strings/string_util.h" 22 #include "crypto/openssl_util.h" 23 #include "crypto/scoped_openssl_types.h" 24 #include "net/base/net_errors.h" 25 #include "net/base/net_util.h" 26 #include "net/cert/x509_util_openssl.h" 27 28 #if defined(OS_ANDROID) 29 #include "base/logging.h" 30 #include "net/android/network_library.h" 31 #endif 32 33 namespace net { 34 35 namespace { 36 37 typedef crypto::ScopedOpenSSL<GENERAL_NAMES, GENERAL_NAMES_free>::Type 38 ScopedGENERAL_NAMES; 39 40 void CreateOSCertHandlesFromPKCS7Bytes( 41 const char* data, int length, 42 X509Certificate::OSCertHandles* handles) { 43 crypto::EnsureOpenSSLInit(); 44 crypto::OpenSSLErrStackTracer err_cleaner(FROM_HERE); 45 46 CBS der_data; 47 CBS_init(&der_data, reinterpret_cast<const uint8_t*>(data), length); 48 STACK_OF(X509)* certs = sk_X509_new_null(); 49 50 if (PKCS7_get_certificates(certs, &der_data)) { 51 for (size_t i = 0; i < sk_X509_num(certs); ++i) { 52 X509* x509_cert = 53 X509Certificate::DupOSCertHandle(sk_X509_value(certs, i)); 54 handles->push_back(x509_cert); 55 } 56 } 57 sk_X509_pop_free(certs, X509_free); 58 } 59 60 void ParsePrincipalValues(X509_NAME* name, 61 int nid, 62 std::vector<std::string>* fields) { 63 for (int index = -1; 64 (index = X509_NAME_get_index_by_NID(name, nid, index)) != -1;) { 65 std::string field; 66 if (!x509_util::ParsePrincipalValueByIndex(name, index, &field)) 67 break; 68 fields->push_back(field); 69 } 70 } 71 72 void ParsePrincipal(X509Certificate::OSCertHandle cert, 73 X509_NAME* x509_name, 74 CertPrincipal* principal) { 75 if (!x509_name) 76 return; 77 78 ParsePrincipalValues(x509_name, NID_streetAddress, 79 &principal->street_addresses); 80 ParsePrincipalValues(x509_name, NID_organizationName, 81 &principal->organization_names); 82 ParsePrincipalValues(x509_name, NID_organizationalUnitName, 83 &principal->organization_unit_names); 84 ParsePrincipalValues(x509_name, NID_domainComponent, 85 &principal->domain_components); 86 87 x509_util::ParsePrincipalValueByNID(x509_name, NID_commonName, 88 &principal->common_name); 89 x509_util::ParsePrincipalValueByNID(x509_name, NID_localityName, 90 &principal->locality_name); 91 x509_util::ParsePrincipalValueByNID(x509_name, NID_stateOrProvinceName, 92 &principal->state_or_province_name); 93 x509_util::ParsePrincipalValueByNID(x509_name, NID_countryName, 94 &principal->country_name); 95 } 96 97 void ParseSubjectAltName(X509Certificate::OSCertHandle cert, 98 std::vector<std::string>* dns_names, 99 std::vector<std::string>* ip_addresses) { 100 DCHECK(dns_names || ip_addresses); 101 int index = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1); 102 X509_EXTENSION* alt_name_ext = X509_get_ext(cert, index); 103 if (!alt_name_ext) 104 return; 105 106 ScopedGENERAL_NAMES alt_names( 107 reinterpret_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(alt_name_ext))); 108 if (!alt_names.get()) 109 return; 110 111 for (size_t i = 0; i < sk_GENERAL_NAME_num(alt_names.get()); ++i) { 112 const GENERAL_NAME* name = sk_GENERAL_NAME_value(alt_names.get(), i); 113 if (name->type == GEN_DNS && dns_names) { 114 const unsigned char* dns_name = ASN1_STRING_data(name->d.dNSName); 115 if (!dns_name) 116 continue; 117 int dns_name_len = ASN1_STRING_length(name->d.dNSName); 118 dns_names->push_back( 119 std::string(reinterpret_cast<const char*>(dns_name), dns_name_len)); 120 } else if (name->type == GEN_IPADD && ip_addresses) { 121 const unsigned char* ip_addr = name->d.iPAddress->data; 122 if (!ip_addr) 123 continue; 124 int ip_addr_len = name->d.iPAddress->length; 125 if (ip_addr_len != static_cast<int>(kIPv4AddressSize) && 126 ip_addr_len != static_cast<int>(kIPv6AddressSize)) { 127 // http://www.ietf.org/rfc/rfc3280.txt requires subjectAltName iPAddress 128 // to have 4 or 16 bytes, whereas in a name constraint it includes a 129 // net mask hence 8 or 32 bytes. Logging to help diagnose any mixup. 130 LOG(WARNING) << "Bad sized IP Address in cert: " << ip_addr_len; 131 continue; 132 } 133 ip_addresses->push_back( 134 std::string(reinterpret_cast<const char*>(ip_addr), ip_addr_len)); 135 } 136 } 137 } 138 139 class X509InitSingleton { 140 public: 141 static X509InitSingleton* GetInstance() { 142 // We allow the X509 store to leak, because it is used from a non-joinable 143 // worker that is not stopped on shutdown, hence may still be using 144 // OpenSSL library after the AtExit runner has completed. 145 return Singleton<X509InitSingleton, 146 LeakySingletonTraits<X509InitSingleton> >::get(); 147 } 148 X509_STORE* store() const { return store_.get(); } 149 150 void ResetCertStore() { 151 store_.reset(X509_STORE_new()); 152 DCHECK(store_.get()); 153 X509_STORE_set_default_paths(store_.get()); 154 // TODO(joth): Enable CRL (see X509_STORE_set_flags(X509_V_FLAG_CRL_CHECK)). 155 } 156 157 private: 158 friend struct DefaultSingletonTraits<X509InitSingleton>; 159 X509InitSingleton() { 160 crypto::EnsureOpenSSLInit(); 161 ResetCertStore(); 162 } 163 164 crypto::ScopedOpenSSL<X509_STORE, X509_STORE_free>::Type store_; 165 166 DISALLOW_COPY_AND_ASSIGN(X509InitSingleton); 167 }; 168 169 // Used to free a list of X509_NAMEs and the objects it points to. 170 void sk_X509_NAME_free_all(STACK_OF(X509_NAME)* sk) { 171 sk_X509_NAME_pop_free(sk, X509_NAME_free); 172 } 173 174 } // namespace 175 176 // static 177 X509Certificate::OSCertHandle X509Certificate::DupOSCertHandle( 178 OSCertHandle cert_handle) { 179 DCHECK(cert_handle); 180 return X509_up_ref(cert_handle); 181 } 182 183 // static 184 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { 185 // Decrement the ref-count for the cert and, if all references are gone, 186 // free the memory and any application-specific data associated with the 187 // certificate. 188 X509_free(cert_handle); 189 } 190 191 void X509Certificate::Initialize() { 192 crypto::EnsureOpenSSLInit(); 193 fingerprint_ = CalculateFingerprint(cert_handle_); 194 ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_); 195 196 ASN1_INTEGER* serial_num = X509_get_serialNumber(cert_handle_); 197 if (serial_num) { 198 // ASN1_INTEGERS represent the decoded number, in a format internal to 199 // OpenSSL. Most notably, this may have leading zeroes stripped off for 200 // numbers whose first byte is >= 0x80. Thus, it is necessary to 201 // re-encoded the integer back into DER, which is what the interface 202 // of X509Certificate exposes, to ensure callers get the proper (DER) 203 // value. 204 int bytes_required = i2c_ASN1_INTEGER(serial_num, NULL); 205 unsigned char* buffer = reinterpret_cast<unsigned char*>( 206 WriteInto(&serial_number_, bytes_required + 1)); 207 int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer); 208 DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size()); 209 } 210 211 ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_); 212 ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_), &issuer_); 213 x509_util::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_); 214 x509_util::ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_); 215 } 216 217 // static 218 void X509Certificate::ResetCertStore() { 219 X509InitSingleton::GetInstance()->ResetCertStore(); 220 } 221 222 // static 223 SHA1HashValue X509Certificate::CalculateFingerprint(OSCertHandle cert) { 224 SHA1HashValue sha1; 225 unsigned int sha1_size = static_cast<unsigned int>(sizeof(sha1.data)); 226 int ret = X509_digest(cert, EVP_sha1(), sha1.data, &sha1_size); 227 CHECK(ret); 228 CHECK_EQ(sha1_size, sizeof(sha1.data)); 229 return sha1; 230 } 231 232 // static 233 SHA1HashValue X509Certificate::CalculateCAFingerprint( 234 const OSCertHandles& intermediates) { 235 SHA1HashValue sha1; 236 memset(sha1.data, 0, sizeof(sha1.data)); 237 238 SHA_CTX sha1_ctx; 239 SHA1_Init(&sha1_ctx); 240 base::StringPiece der; 241 for (size_t i = 0; i < intermediates.size(); ++i) { 242 if (!x509_util::GetDER(intermediates[i], &der)) 243 return sha1; 244 SHA1_Update(&sha1_ctx, der.data(), der.length()); 245 } 246 SHA1_Final(sha1.data, &sha1_ctx); 247 248 return sha1; 249 } 250 251 // static 252 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( 253 const char* data, int length) { 254 if (length < 0) 255 return NULL; 256 crypto::EnsureOpenSSLInit(); 257 const unsigned char* d2i_data = 258 reinterpret_cast<const unsigned char*>(data); 259 // Don't cache this data for x509_util::GetDER as this wire format 260 // may be not be identical from the i2d_X509 roundtrip. 261 X509* cert = d2i_X509(NULL, &d2i_data, length); 262 return cert; 263 } 264 265 // static 266 X509Certificate::OSCertHandles X509Certificate::CreateOSCertHandlesFromBytes( 267 const char* data, int length, Format format) { 268 OSCertHandles results; 269 if (length < 0) 270 return results; 271 272 switch (format) { 273 case FORMAT_SINGLE_CERTIFICATE: { 274 OSCertHandle handle = CreateOSCertHandleFromBytes(data, length); 275 if (handle) 276 results.push_back(handle); 277 break; 278 } 279 case FORMAT_PKCS7: { 280 CreateOSCertHandlesFromPKCS7Bytes(data, length, &results); 281 break; 282 } 283 default: { 284 NOTREACHED() << "Certificate format " << format << " unimplemented"; 285 break; 286 } 287 } 288 289 return results; 290 } 291 292 void X509Certificate::GetSubjectAltName( 293 std::vector<std::string>* dns_names, 294 std::vector<std::string>* ip_addrs) const { 295 if (dns_names) 296 dns_names->clear(); 297 if (ip_addrs) 298 ip_addrs->clear(); 299 300 ParseSubjectAltName(cert_handle_, dns_names, ip_addrs); 301 } 302 303 // static 304 X509_STORE* X509Certificate::cert_store() { 305 return X509InitSingleton::GetInstance()->store(); 306 } 307 308 // static 309 bool X509Certificate::GetDEREncoded(X509Certificate::OSCertHandle cert_handle, 310 std::string* encoded) { 311 base::StringPiece der; 312 if (!cert_handle || !x509_util::GetDER(cert_handle, &der)) 313 return false; 314 encoded->assign(der.data(), der.length()); 315 return true; 316 } 317 318 // static 319 bool X509Certificate::IsSameOSCert(X509Certificate::OSCertHandle a, 320 X509Certificate::OSCertHandle b) { 321 DCHECK(a && b); 322 if (a == b) 323 return true; 324 325 // X509_cmp only checks the fingerprint, but we want to compare the whole 326 // DER data. Encoding it from OSCertHandle is an expensive operation, so we 327 // cache the DER (if not already cached via X509_set_ex_data). 328 base::StringPiece der_a, der_b; 329 330 return x509_util::GetDER(a, &der_a) && 331 x509_util::GetDER(b, &der_b) && 332 der_a == der_b; 333 } 334 335 // static 336 X509Certificate::OSCertHandle 337 X509Certificate::ReadOSCertHandleFromPickle(PickleIterator* pickle_iter) { 338 const char* data; 339 int length; 340 if (!pickle_iter->ReadData(&data, &length)) 341 return NULL; 342 343 return CreateOSCertHandleFromBytes(data, length); 344 } 345 346 // static 347 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, 348 Pickle* pickle) { 349 base::StringPiece der; 350 if (!x509_util::GetDER(cert_handle, &der)) 351 return false; 352 353 return pickle->WriteData(der.data(), der.length()); 354 } 355 356 // static 357 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle, 358 size_t* size_bits, 359 PublicKeyType* type) { 360 *type = kPublicKeyTypeUnknown; 361 *size_bits = 0; 362 363 crypto::ScopedEVP_PKEY scoped_key(X509_get_pubkey(cert_handle)); 364 if (!scoped_key.get()) 365 return; 366 367 CHECK(scoped_key.get()); 368 EVP_PKEY* key = scoped_key.get(); 369 370 switch (key->type) { 371 case EVP_PKEY_RSA: 372 *type = kPublicKeyTypeRSA; 373 *size_bits = EVP_PKEY_size(key) * 8; 374 break; 375 case EVP_PKEY_DSA: 376 *type = kPublicKeyTypeDSA; 377 *size_bits = EVP_PKEY_size(key) * 8; 378 break; 379 case EVP_PKEY_EC: 380 *type = kPublicKeyTypeECDSA; 381 *size_bits = EVP_PKEY_bits(key); 382 break; 383 case EVP_PKEY_DH: 384 *type = kPublicKeyTypeDH; 385 *size_bits = EVP_PKEY_size(key) * 8; 386 break; 387 } 388 } 389 390 bool X509Certificate::IsIssuedByEncoded( 391 const std::vector<std::string>& valid_issuers) { 392 if (valid_issuers.empty()) 393 return false; 394 395 // Convert to a temporary list of X509_NAME objects. 396 // It will own the objects it points to. 397 crypto::ScopedOpenSSL<STACK_OF(X509_NAME), sk_X509_NAME_free_all>::Type 398 issuer_names(sk_X509_NAME_new_null()); 399 if (!issuer_names.get()) 400 return false; 401 402 for (std::vector<std::string>::const_iterator it = valid_issuers.begin(); 403 it != valid_issuers.end(); ++it) { 404 const unsigned char* p = 405 reinterpret_cast<const unsigned char*>(it->data()); 406 long len = static_cast<long>(it->length()); 407 X509_NAME* ca_name = d2i_X509_NAME(NULL, &p, len); 408 if (ca_name == NULL) 409 return false; 410 sk_X509_NAME_push(issuer_names.get(), ca_name); 411 } 412 413 // Create a temporary list of X509_NAME objects corresponding 414 // to the certificate chain. It doesn't own the object it points to. 415 std::vector<X509_NAME*> cert_names; 416 X509_NAME* issuer = X509_get_issuer_name(cert_handle_); 417 if (issuer == NULL) 418 return false; 419 420 cert_names.push_back(issuer); 421 for (OSCertHandles::iterator it = intermediate_ca_certs_.begin(); 422 it != intermediate_ca_certs_.end(); ++it) { 423 issuer = X509_get_issuer_name(*it); 424 if (issuer == NULL) 425 return false; 426 cert_names.push_back(issuer); 427 } 428 429 // and 'cert_names'. 430 for (size_t n = 0; n < cert_names.size(); ++n) { 431 for (size_t m = 0; m < sk_X509_NAME_num(issuer_names.get()); ++m) { 432 X509_NAME* issuer = sk_X509_NAME_value(issuer_names.get(), m); 433 if (X509_NAME_cmp(issuer, cert_names[n]) == 0) { 434 return true; 435 } 436 } 437 } 438 439 return false; 440 } 441 442 } // namespace net 443