1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/cert/cert_verify_proc_android.h" 6 7 #include <openssl/x509v3.h> 8 9 #include <string> 10 #include <vector> 11 12 #include "base/logging.h" 13 #include "base/sha1.h" 14 #include "base/strings/string_piece.h" 15 #include "crypto/sha2.h" 16 #include "net/android/cert_verify_result_android.h" 17 #include "net/android/network_library.h" 18 #include "net/base/net_errors.h" 19 #include "net/cert/asn1_util.h" 20 #include "net/cert/cert_status_flags.h" 21 #include "net/cert/cert_verify_result.h" 22 #include "net/cert/x509_certificate.h" 23 24 namespace net { 25 26 namespace { 27 28 // Returns true if the certificate verification call was successful (regardless 29 // of its result), i.e. if |verify_result| was set. Otherwise returns false. 30 bool VerifyFromAndroidTrustManager(const std::vector<std::string>& cert_bytes, 31 const std::string& hostname, 32 CertVerifyResult* verify_result) { 33 android::CertVerifyStatusAndroid status; 34 std::vector<std::string> verified_chain; 35 36 // TODO(joth): Fetch the authentication type from SSL rather than hardcode. 37 android::VerifyX509CertChain(cert_bytes, "RSA", hostname, 38 &status, &verify_result->is_issued_by_known_root, 39 &verified_chain); 40 switch (status) { 41 case android::VERIFY_FAILED: 42 return false; 43 case android::VERIFY_OK: 44 break; 45 case android::VERIFY_NO_TRUSTED_ROOT: 46 verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID; 47 break; 48 case android::VERIFY_EXPIRED: 49 case android::VERIFY_NOT_YET_VALID: 50 verify_result->cert_status |= CERT_STATUS_DATE_INVALID; 51 break; 52 case android::VERIFY_UNABLE_TO_PARSE: 53 verify_result->cert_status |= CERT_STATUS_INVALID; 54 break; 55 case android::VERIFY_INCORRECT_KEY_USAGE: 56 verify_result->cert_status |= CERT_STATUS_INVALID; 57 break; 58 default: 59 NOTREACHED(); 60 verify_result->cert_status |= CERT_STATUS_INVALID; 61 break; 62 } 63 64 // Save the verified chain. 65 if (!verified_chain.empty()) { 66 std::vector<base::StringPiece> verified_chain_pieces(verified_chain.size()); 67 for (size_t i = 0; i < verified_chain.size(); i++) { 68 verified_chain_pieces[i] = base::StringPiece(verified_chain[i]); 69 } 70 scoped_refptr<X509Certificate> verified_cert = 71 X509Certificate::CreateFromDERCertChain(verified_chain_pieces); 72 if (verified_cert) 73 verify_result->verified_cert = verified_cert; 74 } 75 76 // Extract the algorithm information from the certs 77 X509Certificate::OSCertHandles chain; 78 const X509Certificate::OSCertHandles& intermediates = 79 verify_result->verified_cert->GetIntermediateCertificates(); 80 chain.push_back(verify_result->verified_cert->os_cert_handle()); 81 chain.insert(chain.end(), intermediates.begin(), intermediates.end()); 82 83 // If the chain successfully verified, ignore the trust anchor (the last 84 // certificate). Otherwise, assume the chain is partial. This is not entirely 85 // correct, as a full chain may have been constructed and then failed to 86 // validate. However, if that is the case, the more serious error will 87 // override any SHA-1 considerations. 88 size_t correction_for_root = (status == android::VERIFY_OK) ? 1 : 0; 89 for (size_t i = 0; i < chain.size() - correction_for_root; ++i) { 90 int sig_alg = OBJ_obj2nid(chain[i]->sig_alg->algorithm); 91 if (sig_alg == NID_md2WithRSAEncryption) { 92 verify_result->has_md2 = true; 93 } else if (sig_alg == NID_md4WithRSAEncryption) { 94 verify_result->has_md4 = true; 95 } else if (sig_alg == NID_md5WithRSAEncryption || 96 sig_alg == NID_md5WithRSA) { 97 verify_result->has_md5 = true; 98 } else if (sig_alg == NID_sha1WithRSAEncryption || 99 sig_alg == NID_dsaWithSHA || sig_alg == NID_dsaWithSHA1 || 100 sig_alg == NID_dsaWithSHA1_2 || sig_alg == NID_sha1WithRSA || 101 sig_alg == NID_ecdsa_with_SHA1) { 102 verify_result->has_sha1 = true; 103 } 104 } 105 106 // Extract the public key hashes. 107 for (size_t i = 0; i < verified_chain.size(); i++) { 108 base::StringPiece spki_bytes; 109 if (!asn1::ExtractSPKIFromDERCert(verified_chain[i], &spki_bytes)) 110 continue; 111 112 HashValue sha1(HASH_VALUE_SHA1); 113 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spki_bytes.data()), 114 spki_bytes.size(), sha1.data()); 115 verify_result->public_key_hashes.push_back(sha1); 116 117 HashValue sha256(HASH_VALUE_SHA256); 118 crypto::SHA256HashString(spki_bytes, sha256.data(), crypto::kSHA256Length); 119 verify_result->public_key_hashes.push_back(sha256); 120 } 121 122 return true; 123 } 124 125 bool GetChainDEREncodedBytes(X509Certificate* cert, 126 std::vector<std::string>* chain_bytes) { 127 X509Certificate::OSCertHandle cert_handle = cert->os_cert_handle(); 128 X509Certificate::OSCertHandles cert_handles = 129 cert->GetIntermediateCertificates(); 130 131 // Make sure the peer's own cert is the first in the chain, if it's not 132 // already there. 133 if (cert_handles.empty() || cert_handles[0] != cert_handle) 134 cert_handles.insert(cert_handles.begin(), cert_handle); 135 136 chain_bytes->reserve(cert_handles.size()); 137 for (X509Certificate::OSCertHandles::const_iterator it = 138 cert_handles.begin(); it != cert_handles.end(); ++it) { 139 std::string cert_bytes; 140 if(!X509Certificate::GetDEREncoded(*it, &cert_bytes)) 141 return false; 142 chain_bytes->push_back(cert_bytes); 143 } 144 return true; 145 } 146 147 } // namespace 148 149 CertVerifyProcAndroid::CertVerifyProcAndroid() {} 150 151 CertVerifyProcAndroid::~CertVerifyProcAndroid() {} 152 153 bool CertVerifyProcAndroid::SupportsAdditionalTrustAnchors() const { 154 return false; 155 } 156 157 int CertVerifyProcAndroid::VerifyInternal( 158 X509Certificate* cert, 159 const std::string& hostname, 160 int flags, 161 CRLSet* crl_set, 162 const CertificateList& additional_trust_anchors, 163 CertVerifyResult* verify_result) { 164 if (!cert->VerifyNameMatch(hostname, 165 &verify_result->common_name_fallback_used)) { 166 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; 167 } 168 169 std::vector<std::string> cert_bytes; 170 if (!GetChainDEREncodedBytes(cert, &cert_bytes)) 171 return ERR_CERT_INVALID; 172 if (!VerifyFromAndroidTrustManager(cert_bytes, hostname, verify_result)) { 173 NOTREACHED(); 174 return ERR_FAILED; 175 } 176 if (IsCertStatusError(verify_result->cert_status)) 177 return MapCertStatusToNetError(verify_result->cert_status); 178 179 return OK; 180 } 181 182 } // namespace net 183