1 // Copyright 2019 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/test/cert_builder.h"
6
7 #include <map>
8 #include <memory>
9 #include <string>
10 #include <utility>
11 #include <vector>
12
13 #include "base/files/file_path.h"
14 #include "base/memory/ptr_util.h"
15 #include "base/memory/scoped_refptr.h"
16 #include "base/notreached.h"
17 #include "base/ranges/algorithm.h"
18 #include "base/strings/string_number_conversions.h"
19 #include "base/strings/string_util.h"
20 #include "base/time/time.h"
21 #include "crypto/ec_private_key.h"
22 #include "crypto/openssl_util.h"
23 #include "crypto/rsa_private_key.h"
24 #include "crypto/sha2.h"
25 #include "net/cert/asn1_util.h"
26 #include "net/cert/ct_objects_extractor.h"
27 #include "net/cert/ct_serialization.h"
28 #include "net/cert/signed_certificate_timestamp.h"
29 #include "net/cert/time_conversions.h"
30 #include "net/cert/x509_util.h"
31 #include "net/test/cert_test_util.h"
32 #include "net/test/key_util.h"
33 #include "net/test/test_data_directory.h"
34 #include "testing/gtest/include/gtest/gtest.h"
35 #include "third_party/abseil-cpp/absl/types/optional.h"
36 #include "third_party/boringssl/src/include/openssl/evp.h"
37 #include "third_party/boringssl/src/include/openssl/mem.h"
38 #include "third_party/boringssl/src/pki/certificate_policies.h"
39 #include "third_party/boringssl/src/pki/extended_key_usage.h"
40 #include "third_party/boringssl/src/pki/input.h"
41 #include "third_party/boringssl/src/pki/parse_certificate.h"
42 #include "third_party/boringssl/src/pki/parse_values.h"
43 #include "third_party/boringssl/src/pki/parser.h"
44 #include "third_party/boringssl/src/pki/verify_signed_data.h"
45 #include "url/gurl.h"
46
47 namespace net {
48
49 namespace {
50
51 constexpr char kSimpleChainHostname[] = "www.example.com";
52
Sha256WithRSAEncryption()53 std::string Sha256WithRSAEncryption() {
54 const uint8_t kSha256WithRSAEncryption[] = {0x30, 0x0D, 0x06, 0x09, 0x2a,
55 0x86, 0x48, 0x86, 0xf7, 0x0d,
56 0x01, 0x01, 0x0b, 0x05, 0x00};
57 return std::string(std::begin(kSha256WithRSAEncryption),
58 std::end(kSha256WithRSAEncryption));
59 }
60
Sha1WithRSAEncryption()61 std::string Sha1WithRSAEncryption() {
62 const uint8_t kSha1WithRSAEncryption[] = {0x30, 0x0D, 0x06, 0x09, 0x2a,
63 0x86, 0x48, 0x86, 0xf7, 0x0d,
64 0x01, 0x01, 0x05, 0x05, 0x00};
65 return std::string(std::begin(kSha1WithRSAEncryption),
66 std::end(kSha1WithRSAEncryption));
67 }
68
EcdsaWithSha256()69 std::string EcdsaWithSha256() {
70 const uint8_t kDer[] = {0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86,
71 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02};
72 return std::string(std::begin(kDer), std::end(kDer));
73 }
74
EcdsaWithSha1()75 std::string EcdsaWithSha1() {
76 const uint8_t kDer[] = {0x30, 0x09, 0x06, 0x07, 0x2a, 0x86,
77 0x48, 0xce, 0x3d, 0x04, 0x01};
78 return std::string(std::begin(kDer), std::end(kDer));
79 }
80
81 // Adds bytes (specified as a StringPiece) to the given CBB.
82 // The argument ordering follows the boringssl CBB_* api style.
CBBAddBytes(CBB * cbb,base::StringPiece bytes)83 bool CBBAddBytes(CBB* cbb, base::StringPiece bytes) {
84 return CBB_add_bytes(cbb, reinterpret_cast<const uint8_t*>(bytes.data()),
85 bytes.size());
86 }
87
88 // Adds bytes (from fixed size array) to the given CBB.
89 // The argument ordering follows the boringssl CBB_* api style.
90 template <size_t N>
CBBAddBytes(CBB * cbb,const uint8_t (& data)[N])91 bool CBBAddBytes(CBB* cbb, const uint8_t (&data)[N]) {
92 return CBB_add_bytes(cbb, data, N);
93 }
94
95 // Finalizes the CBB to a std::string.
FinishCBB(CBB * cbb)96 std::string FinishCBB(CBB* cbb) {
97 size_t cbb_len;
98 uint8_t* cbb_bytes;
99
100 if (!CBB_finish(cbb, &cbb_bytes, &cbb_len)) {
101 ADD_FAILURE() << "CBB_finish() failed";
102 return std::string();
103 }
104
105 bssl::UniquePtr<uint8_t> delete_bytes(cbb_bytes);
106 return std::string(reinterpret_cast<char*>(cbb_bytes), cbb_len);
107 }
108
109 // Finalizes the CBB to a std::vector.
FinishCBBToVector(CBB * cbb)110 std::vector<uint8_t> FinishCBBToVector(CBB* cbb) {
111 size_t cbb_len;
112 uint8_t* cbb_bytes;
113
114 if (!CBB_finish(cbb, &cbb_bytes, &cbb_len)) {
115 ADD_FAILURE() << "CBB_finish() failed";
116 return {};
117 }
118
119 bssl::UniquePtr<uint8_t> delete_bytes(cbb_bytes);
120 return std::vector<uint8_t>(cbb_bytes, cbb_bytes + cbb_len);
121 }
122
123 } // namespace
124
125 CertBuilder::SctConfig::SctConfig() = default;
SctConfig(std::string log_id,bssl::UniquePtr<EVP_PKEY> log_key,base::Time timestamp)126 CertBuilder::SctConfig::SctConfig(std::string log_id,
127 bssl::UniquePtr<EVP_PKEY> log_key,
128 base::Time timestamp)
129 : log_id(std::move(log_id)),
130 log_key(std::move(log_key)),
131 timestamp(timestamp) {}
SctConfig(const SctConfig & other)132 CertBuilder::SctConfig::SctConfig(const SctConfig& other)
133 : SctConfig(other.log_id,
134 bssl::UpRef(other.log_key.get()),
135 other.timestamp) {}
136 CertBuilder::SctConfig::SctConfig(SctConfig&&) = default;
137 CertBuilder::SctConfig::~SctConfig() = default;
operator =(const SctConfig & other)138 CertBuilder::SctConfig& CertBuilder::SctConfig::operator=(
139 const SctConfig& other) {
140 log_id = other.log_id;
141 log_key = bssl::UpRef(other.log_key.get());
142 timestamp = other.timestamp;
143 return *this;
144 }
145 CertBuilder::SctConfig& CertBuilder::SctConfig::operator=(SctConfig&&) =
146 default;
147
CertBuilder(CRYPTO_BUFFER * orig_cert,CertBuilder * issuer)148 CertBuilder::CertBuilder(CRYPTO_BUFFER* orig_cert, CertBuilder* issuer)
149 : CertBuilder(orig_cert, issuer, /*unique_subject_key_identifier=*/true) {}
150
151 // static
FromFile(const base::FilePath & cert_and_key_file,CertBuilder * issuer)152 std::unique_ptr<CertBuilder> CertBuilder::FromFile(
153 const base::FilePath& cert_and_key_file,
154 CertBuilder* issuer) {
155 scoped_refptr<X509Certificate> cert = ImportCertFromFile(cert_and_key_file);
156 if (!cert)
157 return nullptr;
158
159 bssl::UniquePtr<EVP_PKEY> private_key(
160 key_util::LoadEVP_PKEYFromPEM(cert_and_key_file));
161 if (!private_key)
162 return nullptr;
163
164 auto builder = base::WrapUnique(new CertBuilder(cert->cert_buffer(), issuer));
165 builder->key_ = std::move(private_key);
166 return builder;
167 }
168
169 // static
FromStaticCert(CRYPTO_BUFFER * cert,EVP_PKEY * key)170 std::unique_ptr<CertBuilder> CertBuilder::FromStaticCert(CRYPTO_BUFFER* cert,
171 EVP_PKEY* key) {
172 std::unique_ptr<CertBuilder> builder = base::WrapUnique(
173 new CertBuilder(cert, nullptr, /*unique_subject_key_identifier=*/false));
174 // |cert_|, |key_|, and |subject_tlv_| must be initialized for |builder| to
175 // function as the |issuer| of another CertBuilder.
176 builder->cert_ = bssl::UpRef(cert);
177 builder->key_ = bssl::UpRef(key);
178 base::StringPiece subject_tlv;
179 CHECK(asn1::ExtractSubjectFromDERCert(
180 x509_util::CryptoBufferAsStringPiece(cert), &subject_tlv));
181 builder->subject_tlv_ = std::string(subject_tlv);
182 return builder;
183 }
184
185 // static
FromStaticCertFile(const base::FilePath & cert_and_key_file)186 std::unique_ptr<CertBuilder> CertBuilder::FromStaticCertFile(
187 const base::FilePath& cert_and_key_file) {
188 scoped_refptr<X509Certificate> cert = ImportCertFromFile(cert_and_key_file);
189 if (!cert)
190 return nullptr;
191
192 bssl::UniquePtr<EVP_PKEY> private_key(
193 key_util::LoadEVP_PKEYFromPEM(cert_and_key_file));
194 if (!private_key)
195 return nullptr;
196
197 return CertBuilder::FromStaticCert(cert->cert_buffer(), private_key.get());
198 }
199
200 // static
FromSubjectPublicKeyInfo(base::span<const uint8_t> spki_der,CertBuilder * issuer)201 std::unique_ptr<CertBuilder> CertBuilder::FromSubjectPublicKeyInfo(
202 base::span<const uint8_t> spki_der,
203 CertBuilder* issuer) {
204 DCHECK(issuer);
205 auto builder = std::make_unique<CertBuilder>(/*orig_cert=*/nullptr, issuer);
206
207 CBS cbs;
208 CBS_init(&cbs, spki_der.data(), spki_der.size());
209 builder->key_ = bssl::UniquePtr<EVP_PKEY>(EVP_parse_public_key(&cbs));
210 // Check that there was no error in `EVP_parse_public_key` and that it
211 // consumed the entire public key.
212 if (!builder->key_ || (CBS_len(&cbs) != 0))
213 return nullptr;
214
215 return builder;
216 }
217
218 CertBuilder::~CertBuilder() = default;
219
220 // static
CreateSimpleChain(size_t chain_length)221 std::vector<std::unique_ptr<CertBuilder>> CertBuilder::CreateSimpleChain(
222 size_t chain_length) {
223 std::vector<std::unique_ptr<CertBuilder>> chain;
224 base::Time not_before = base::Time::Now() - base::Days(7);
225 base::Time not_after = base::Time::Now() + base::Days(7);
226 CertBuilder* parent_builder = nullptr;
227 for (size_t remaining_chain_length = chain_length; remaining_chain_length;
228 remaining_chain_length--) {
229 auto builder = std::make_unique<CertBuilder>(nullptr, parent_builder);
230 builder->SetValidity(not_before, not_after);
231 if (remaining_chain_length > 1) {
232 // CA properties:
233 builder->SetBasicConstraints(/*is_ca=*/true, /*path_len=*/-1);
234 builder->SetKeyUsages(
235 {bssl::KEY_USAGE_BIT_KEY_CERT_SIGN, bssl::KEY_USAGE_BIT_CRL_SIGN});
236 } else {
237 // Leaf properties:
238 builder->SetBasicConstraints(/*is_ca=*/false, /*path_len=*/-1);
239 builder->SetKeyUsages({bssl::KEY_USAGE_BIT_DIGITAL_SIGNATURE});
240 builder->SetExtendedKeyUsages({bssl::der::Input(bssl::kServerAuth)});
241 builder->SetSubjectAltName(kSimpleChainHostname);
242 }
243 parent_builder = builder.get();
244 chain.push_back(std::move(builder));
245 }
246 base::ranges::reverse(chain);
247 return chain;
248 }
249
250 // static
CreateSimpleChain3()251 std::array<std::unique_ptr<CertBuilder>, 3> CertBuilder::CreateSimpleChain3() {
252 auto chain = CreateSimpleChain(3);
253 return {std::move(chain[0]), std::move(chain[1]), std::move(chain[2])};
254 }
255
256 // static
CreateSimpleChain2()257 std::array<std::unique_ptr<CertBuilder>, 2> CertBuilder::CreateSimpleChain2() {
258 auto chain = CreateSimpleChain(2);
259 return {std::move(chain[0]), std::move(chain[1])};
260 }
261
262 // static
263 absl::optional<bssl::SignatureAlgorithm>
DefaultSignatureAlgorithmForKey(EVP_PKEY * key)264 CertBuilder::DefaultSignatureAlgorithmForKey(EVP_PKEY* key) {
265 if (EVP_PKEY_id(key) == EVP_PKEY_RSA)
266 return bssl::SignatureAlgorithm::kRsaPkcs1Sha256;
267 if (EVP_PKEY_id(key) == EVP_PKEY_EC)
268 return bssl::SignatureAlgorithm::kEcdsaSha256;
269 return absl::nullopt;
270 }
271
272 // static
SignData(bssl::SignatureAlgorithm signature_algorithm,base::StringPiece tbs_data,EVP_PKEY * key,CBB * out_signature)273 bool CertBuilder::SignData(bssl::SignatureAlgorithm signature_algorithm,
274 base::StringPiece tbs_data,
275 EVP_PKEY* key,
276 CBB* out_signature) {
277 if (!key)
278 return false;
279
280 int expected_pkey_id = 1;
281 const EVP_MD* digest;
282 switch (signature_algorithm) {
283 case bssl::SignatureAlgorithm::kRsaPkcs1Sha1:
284 expected_pkey_id = EVP_PKEY_RSA;
285 digest = EVP_sha1();
286 break;
287 case bssl::SignatureAlgorithm::kRsaPkcs1Sha256:
288 expected_pkey_id = EVP_PKEY_RSA;
289 digest = EVP_sha256();
290 break;
291 case bssl::SignatureAlgorithm::kRsaPkcs1Sha384:
292 expected_pkey_id = EVP_PKEY_RSA;
293 digest = EVP_sha384();
294 break;
295 case bssl::SignatureAlgorithm::kRsaPkcs1Sha512:
296 expected_pkey_id = EVP_PKEY_RSA;
297 digest = EVP_sha512();
298 break;
299
300 case bssl::SignatureAlgorithm::kEcdsaSha1:
301 expected_pkey_id = EVP_PKEY_EC;
302 digest = EVP_sha1();
303 break;
304 case bssl::SignatureAlgorithm::kEcdsaSha256:
305 expected_pkey_id = EVP_PKEY_EC;
306 digest = EVP_sha256();
307 break;
308 case bssl::SignatureAlgorithm::kEcdsaSha384:
309 expected_pkey_id = EVP_PKEY_EC;
310 digest = EVP_sha384();
311 break;
312 case bssl::SignatureAlgorithm::kEcdsaSha512:
313 expected_pkey_id = EVP_PKEY_EC;
314 digest = EVP_sha512();
315 break;
316
317 case bssl::SignatureAlgorithm::kRsaPssSha256:
318 case bssl::SignatureAlgorithm::kRsaPssSha384:
319 case bssl::SignatureAlgorithm::kRsaPssSha512:
320 // Unsupported algorithms.
321 return false;
322 }
323
324 return expected_pkey_id == EVP_PKEY_id(key) &&
325 SignDataWithDigest(digest, tbs_data, key, out_signature);
326 }
327
328 // static
SignDataWithDigest(const EVP_MD * digest,base::StringPiece tbs_data,EVP_PKEY * key,CBB * out_signature)329 bool CertBuilder::SignDataWithDigest(const EVP_MD* digest,
330 base::StringPiece tbs_data,
331 EVP_PKEY* key,
332 CBB* out_signature) {
333 const uint8_t* tbs_bytes = reinterpret_cast<const uint8_t*>(tbs_data.data());
334 bssl::ScopedEVP_MD_CTX ctx;
335 uint8_t* sig_out;
336 size_t sig_len;
337
338 return EVP_DigestSignInit(ctx.get(), nullptr, digest, nullptr, key) &&
339 EVP_DigestSign(ctx.get(), nullptr, &sig_len, tbs_bytes,
340 tbs_data.size()) &&
341 CBB_reserve(out_signature, &sig_out, sig_len) &&
342 EVP_DigestSign(ctx.get(), sig_out, &sig_len, tbs_bytes,
343 tbs_data.size()) &&
344 CBB_did_write(out_signature, sig_len);
345 }
346
347 // static
SignatureAlgorithmToDer(bssl::SignatureAlgorithm signature_algorithm)348 std::string CertBuilder::SignatureAlgorithmToDer(
349 bssl::SignatureAlgorithm signature_algorithm) {
350 switch (signature_algorithm) {
351 case bssl::SignatureAlgorithm::kRsaPkcs1Sha1:
352 return Sha1WithRSAEncryption();
353 case bssl::SignatureAlgorithm::kRsaPkcs1Sha256:
354 return Sha256WithRSAEncryption();
355 case bssl::SignatureAlgorithm::kEcdsaSha1:
356 return EcdsaWithSha1();
357 case bssl::SignatureAlgorithm::kEcdsaSha256:
358 return EcdsaWithSha256();
359 default:
360 ADD_FAILURE();
361 return std::string();
362 }
363 }
364
365 // static
MakeRandomHexString(size_t num_bytes)366 std::string CertBuilder::MakeRandomHexString(size_t num_bytes) {
367 std::vector<char> rand_bytes;
368 rand_bytes.resize(num_bytes);
369
370 base::RandBytes(rand_bytes.data(), rand_bytes.size());
371 return base::HexEncode(rand_bytes.data(), rand_bytes.size());
372 }
373
374 // static
BuildNameWithCommonNameOfType(base::StringPiece common_name,unsigned common_name_tag)375 std::vector<uint8_t> CertBuilder::BuildNameWithCommonNameOfType(
376 base::StringPiece common_name,
377 unsigned common_name_tag) {
378 // See RFC 4519.
379 static const uint8_t kCommonName[] = {0x55, 0x04, 0x03};
380
381 // See RFC 5280, section 4.1.2.4.
382 bssl::ScopedCBB cbb;
383 CBB rdns, rdn, attr, type, value;
384 if (!CBB_init(cbb.get(), 64) ||
385 !CBB_add_asn1(cbb.get(), &rdns, CBS_ASN1_SEQUENCE) ||
386 !CBB_add_asn1(&rdns, &rdn, CBS_ASN1_SET) ||
387 !CBB_add_asn1(&rdn, &attr, CBS_ASN1_SEQUENCE) ||
388 !CBB_add_asn1(&attr, &type, CBS_ASN1_OBJECT) ||
389 !CBBAddBytes(&type, kCommonName) ||
390 !CBB_add_asn1(&attr, &value, common_name_tag) ||
391 !CBBAddBytes(&value, common_name)) {
392 ADD_FAILURE();
393 return {};
394 }
395
396 return FinishCBBToVector(cbb.get());
397 }
398
SetCertificateVersion(bssl::CertificateVersion version)399 void CertBuilder::SetCertificateVersion(bssl::CertificateVersion version) {
400 version_ = version;
401 Invalidate();
402 }
403
SetExtension(const bssl::der::Input & oid,std::string value,bool critical)404 void CertBuilder::SetExtension(const bssl::der::Input& oid,
405 std::string value,
406 bool critical) {
407 auto& extension_value = extensions_[oid.AsString()];
408 extension_value.critical = critical;
409 extension_value.value = std::move(value);
410
411 Invalidate();
412 }
413
EraseExtension(const bssl::der::Input & oid)414 void CertBuilder::EraseExtension(const bssl::der::Input& oid) {
415 extensions_.erase(oid.AsString());
416
417 Invalidate();
418 }
419
ClearExtensions()420 void CertBuilder::ClearExtensions() {
421 extensions_.clear();
422 Invalidate();
423 }
424
SetBasicConstraints(bool is_ca,int path_len)425 void CertBuilder::SetBasicConstraints(bool is_ca, int path_len) {
426 // From RFC 5280:
427 //
428 // BasicConstraints ::= SEQUENCE {
429 // cA BOOLEAN DEFAULT FALSE,
430 // pathLenConstraint INTEGER (0..MAX) OPTIONAL }
431 bssl::ScopedCBB cbb;
432 CBB basic_constraints;
433 ASSERT_TRUE(CBB_init(cbb.get(), 64));
434 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &basic_constraints, CBS_ASN1_SEQUENCE));
435 if (is_ca)
436 ASSERT_TRUE(CBB_add_asn1_bool(&basic_constraints, true));
437 if (path_len >= 0)
438 ASSERT_TRUE(CBB_add_asn1_uint64(&basic_constraints, path_len));
439
440 SetExtension(bssl::der::Input(bssl::kBasicConstraintsOid),
441 FinishCBB(cbb.get()),
442 /*critical=*/true);
443 }
444
445 namespace {
AddNameConstraintsSubTrees(CBB * cbb,const std::vector<std::string> & dns_names)446 void AddNameConstraintsSubTrees(CBB* cbb,
447 const std::vector<std::string>& dns_names) {
448 CBB subtrees;
449 ASSERT_TRUE(CBB_add_asn1(
450 cbb, &subtrees, CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0));
451 for (const auto& name : dns_names) {
452 CBB subtree;
453 ASSERT_TRUE(CBB_add_asn1(&subtrees, &subtree, CBS_ASN1_SEQUENCE));
454 CBB general_name;
455 ASSERT_TRUE(
456 CBB_add_asn1(&subtree, &general_name, CBS_ASN1_CONTEXT_SPECIFIC | 2));
457 ASSERT_TRUE(CBBAddBytes(&general_name, name));
458 ASSERT_TRUE(CBB_flush(&subtrees));
459 }
460 ASSERT_TRUE(CBB_flush(cbb));
461 }
462 } // namespace
463
SetNameConstraintsDnsNames(const std::vector<std::string> & permitted_dns_names,const std::vector<std::string> & excluded_dns_names)464 void CertBuilder::SetNameConstraintsDnsNames(
465 const std::vector<std::string>& permitted_dns_names,
466 const std::vector<std::string>& excluded_dns_names) {
467 // From RFC 5280:
468 //
469 // id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }
470 //
471 // NameConstraints ::= SEQUENCE {
472 // permittedSubtrees [0] GeneralSubtrees OPTIONAL,
473 // excludedSubtrees [1] GeneralSubtrees OPTIONAL }
474 //
475 // GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
476 //
477 // GeneralSubtree ::= SEQUENCE {
478 // base GeneralName,
479 // minimum [0] BaseDistance DEFAULT 0,
480 // maximum [1] BaseDistance OPTIONAL }
481 //
482 // BaseDistance ::= INTEGER (0..MAX)
483
484 if (permitted_dns_names.empty() && excluded_dns_names.empty()) {
485 EraseExtension(bssl::der::Input(bssl::kNameConstraintsOid));
486 return;
487 }
488
489 bssl::ScopedCBB cbb;
490 CBB name_constraints;
491 ASSERT_TRUE(CBB_init(cbb.get(), 64));
492 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &name_constraints, CBS_ASN1_SEQUENCE));
493 if (!permitted_dns_names.empty()) {
494 ASSERT_NO_FATAL_FAILURE(
495 AddNameConstraintsSubTrees(&name_constraints, permitted_dns_names));
496 }
497 if (!excluded_dns_names.empty()) {
498 ASSERT_NO_FATAL_FAILURE(
499 AddNameConstraintsSubTrees(&name_constraints, excluded_dns_names));
500 }
501 SetExtension(bssl::der::Input(bssl::kNameConstraintsOid),
502 FinishCBB(cbb.get()),
503 /*critical=*/true);
504 }
505
SetCaIssuersUrl(const GURL & url)506 void CertBuilder::SetCaIssuersUrl(const GURL& url) {
507 SetCaIssuersAndOCSPUrls({url}, {});
508 }
509
SetCaIssuersAndOCSPUrls(const std::vector<GURL> & ca_issuers_urls,const std::vector<GURL> & ocsp_urls)510 void CertBuilder::SetCaIssuersAndOCSPUrls(
511 const std::vector<GURL>& ca_issuers_urls,
512 const std::vector<GURL>& ocsp_urls) {
513 std::vector<std::pair<bssl::der::Input, GURL>> entries;
514 for (const auto& url : ca_issuers_urls)
515 entries.emplace_back(bssl::der::Input(bssl::kAdCaIssuersOid), url);
516 for (const auto& url : ocsp_urls)
517 entries.emplace_back(bssl::der::Input(bssl::kAdOcspOid), url);
518
519 if (entries.empty()) {
520 EraseExtension(bssl::der::Input(bssl::kAuthorityInfoAccessOid));
521 return;
522 }
523
524 // From RFC 5280:
525 //
526 // AuthorityInfoAccessSyntax ::=
527 // SEQUENCE SIZE (1..MAX) OF AccessDescription
528 //
529 // AccessDescription ::= SEQUENCE {
530 // accessMethod OBJECT IDENTIFIER,
531 // accessLocation GeneralName }
532 bssl::ScopedCBB cbb;
533 CBB aia;
534 ASSERT_TRUE(CBB_init(cbb.get(), 64));
535 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &aia, CBS_ASN1_SEQUENCE));
536
537 for (const auto& entry : entries) {
538 CBB access_description, access_method, access_location;
539 ASSERT_TRUE(CBB_add_asn1(&aia, &access_description, CBS_ASN1_SEQUENCE));
540 ASSERT_TRUE(
541 CBB_add_asn1(&access_description, &access_method, CBS_ASN1_OBJECT));
542 ASSERT_TRUE(CBBAddBytes(&access_method, entry.first.AsStringView()));
543 ASSERT_TRUE(CBB_add_asn1(&access_description, &access_location,
544 CBS_ASN1_CONTEXT_SPECIFIC | 6));
545 ASSERT_TRUE(CBBAddBytes(&access_location, entry.second.spec()));
546 ASSERT_TRUE(CBB_flush(&aia));
547 }
548
549 SetExtension(bssl::der::Input(bssl::kAuthorityInfoAccessOid),
550 FinishCBB(cbb.get()));
551 }
552
SetCrlDistributionPointUrl(const GURL & url)553 void CertBuilder::SetCrlDistributionPointUrl(const GURL& url) {
554 SetCrlDistributionPointUrls({url});
555 }
556
SetCrlDistributionPointUrls(const std::vector<GURL> & urls)557 void CertBuilder::SetCrlDistributionPointUrls(const std::vector<GURL>& urls) {
558 bssl::ScopedCBB cbb;
559 ASSERT_TRUE(CBB_init(cbb.get(), 64));
560 CBB dps, dp, dp_name, dp_fullname;
561
562 // CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
563 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &dps, CBS_ASN1_SEQUENCE));
564
565 // DistributionPoint ::= SEQUENCE {
566 // distributionPoint [0] DistributionPointName OPTIONAL,
567 // reasons [1] ReasonFlags OPTIONAL,
568 // cRLIssuer [2] bssl::GeneralNames OPTIONAL }
569 ASSERT_TRUE(CBB_add_asn1(&dps, &dp, CBS_ASN1_SEQUENCE));
570 ASSERT_TRUE(CBB_add_asn1(
571 &dp, &dp_name, CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0));
572
573 // DistributionPointName ::= CHOICE {
574 // fullName [0] bssl::GeneralNames,
575 // nameRelativeToCRLIssuer [1] bssl::RelativeDistinguishedName }
576 ASSERT_TRUE(
577 CBB_add_asn1(&dp_name, &dp_fullname,
578 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0));
579
580 // bssl::GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
581 // GeneralName ::= CHOICE {
582 // uniformResourceIdentifier [6] IA5String,
583 for (const auto& url : urls) {
584 CBB dp_url;
585 ASSERT_TRUE(
586 CBB_add_asn1(&dp_fullname, &dp_url, CBS_ASN1_CONTEXT_SPECIFIC | 6));
587 ASSERT_TRUE(CBBAddBytes(&dp_url, url.spec()));
588 ASSERT_TRUE(CBB_flush(&dp_fullname));
589 }
590
591 SetExtension(bssl::der::Input(bssl::kCrlDistributionPointsOid),
592 FinishCBB(cbb.get()));
593 }
594
SetIssuerTLV(base::span<const uint8_t> issuer_tlv)595 void CertBuilder::SetIssuerTLV(base::span<const uint8_t> issuer_tlv) {
596 if (issuer_tlv.empty())
597 issuer_tlv_ = absl::nullopt;
598 else
599 issuer_tlv_ = std::string(issuer_tlv.begin(), issuer_tlv.end());
600 Invalidate();
601 }
602
SetSubjectCommonName(base::StringPiece common_name)603 void CertBuilder::SetSubjectCommonName(base::StringPiece common_name) {
604 SetSubjectTLV(
605 BuildNameWithCommonNameOfType(common_name, CBS_ASN1_UTF8STRING));
606 Invalidate();
607 }
608
SetSubjectTLV(base::span<const uint8_t> subject_tlv)609 void CertBuilder::SetSubjectTLV(base::span<const uint8_t> subject_tlv) {
610 subject_tlv_.assign(subject_tlv.begin(), subject_tlv.end());
611 Invalidate();
612 }
613
SetSubjectAltName(base::StringPiece dns_name)614 void CertBuilder::SetSubjectAltName(base::StringPiece dns_name) {
615 SetSubjectAltNames({std::string(dns_name)}, {});
616 }
617
SetSubjectAltNames(const std::vector<std::string> & dns_names,const std::vector<IPAddress> & ip_addresses)618 void CertBuilder::SetSubjectAltNames(
619 const std::vector<std::string>& dns_names,
620 const std::vector<IPAddress>& ip_addresses) {
621 // From RFC 5280:
622 //
623 // SubjectAltName ::= bssl::GeneralNames
624 //
625 // bssl::GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
626 //
627 // GeneralName ::= CHOICE {
628 // ...
629 // dNSName [2] IA5String,
630 // ...
631 // iPAddress [7] OCTET STRING,
632 // ... }
633 ASSERT_GT(dns_names.size() + ip_addresses.size(), 0U);
634 bssl::ScopedCBB cbb;
635 CBB general_names;
636 ASSERT_TRUE(CBB_init(cbb.get(), 64));
637 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &general_names, CBS_ASN1_SEQUENCE));
638 if (!dns_names.empty()) {
639 for (const auto& name : dns_names) {
640 CBB general_name;
641 ASSERT_TRUE(CBB_add_asn1(&general_names, &general_name,
642 CBS_ASN1_CONTEXT_SPECIFIC | 2));
643 ASSERT_TRUE(CBBAddBytes(&general_name, name));
644 ASSERT_TRUE(CBB_flush(&general_names));
645 }
646 }
647 if (!ip_addresses.empty()) {
648 for (const auto& addr : ip_addresses) {
649 CBB general_name;
650 ASSERT_TRUE(CBB_add_asn1(&general_names, &general_name,
651 CBS_ASN1_CONTEXT_SPECIFIC | 7));
652 ASSERT_TRUE(
653 CBB_add_bytes(&general_name, addr.bytes().data(), addr.size()));
654 ASSERT_TRUE(CBB_flush(&general_names));
655 }
656 }
657 SetExtension(bssl::der::Input(bssl::kSubjectAltNameOid),
658 FinishCBB(cbb.get()));
659 }
660
SetKeyUsages(const std::vector<bssl::KeyUsageBit> & usages)661 void CertBuilder::SetKeyUsages(const std::vector<bssl::KeyUsageBit>& usages) {
662 ASSERT_GT(usages.size(), 0U);
663 int number_of_unused_bits = 0;
664 std::vector<uint8_t> bytes;
665 for (auto usage : usages) {
666 int bit_index = static_cast<int>(usage);
667
668 // Index of the byte that contains the bit.
669 size_t byte_index = bit_index / 8;
670
671 if (byte_index + 1 > bytes.size()) {
672 bytes.resize(byte_index + 1);
673 number_of_unused_bits = 8;
674 }
675
676 // Within a byte, bits are ordered from most significant to least
677 // significant. Convert |bit_index| to an index within the |byte_index|
678 // byte, measured from its least significant bit.
679 uint8_t bit_index_in_byte = 7 - (bit_index - byte_index * 8);
680
681 if (byte_index + 1 == bytes.size() &&
682 bit_index_in_byte < number_of_unused_bits) {
683 number_of_unused_bits = bit_index_in_byte;
684 }
685
686 bytes[byte_index] |= (1 << bit_index_in_byte);
687 }
688
689 // From RFC 5290:
690 // KeyUsage ::= BIT STRING {...}
691 bssl::ScopedCBB cbb;
692 CBB ku_cbb;
693 ASSERT_TRUE(CBB_init(cbb.get(), bytes.size() + 1));
694 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &ku_cbb, CBS_ASN1_BITSTRING));
695 ASSERT_TRUE(CBB_add_u8(&ku_cbb, number_of_unused_bits));
696 ASSERT_TRUE(CBB_add_bytes(&ku_cbb, bytes.data(), bytes.size()));
697 SetExtension(bssl::der::Input(bssl::kKeyUsageOid), FinishCBB(cbb.get()),
698 /*critical=*/true);
699 }
700
SetExtendedKeyUsages(const std::vector<bssl::der::Input> & purpose_oids)701 void CertBuilder::SetExtendedKeyUsages(
702 const std::vector<bssl::der::Input>& purpose_oids) {
703 // From RFC 5280:
704 // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
705 // KeyPurposeId ::= OBJECT IDENTIFIER
706 ASSERT_GT(purpose_oids.size(), 0U);
707 bssl::ScopedCBB cbb;
708 CBB eku;
709 ASSERT_TRUE(CBB_init(cbb.get(), 64));
710 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &eku, CBS_ASN1_SEQUENCE));
711
712 for (const auto& oid : purpose_oids) {
713 CBB purpose_cbb;
714 ASSERT_TRUE(CBB_add_asn1(&eku, &purpose_cbb, CBS_ASN1_OBJECT));
715 ASSERT_TRUE(CBBAddBytes(&purpose_cbb, oid.AsStringView()));
716 ASSERT_TRUE(CBB_flush(&eku));
717 }
718 SetExtension(bssl::der::Input(bssl::kExtKeyUsageOid), FinishCBB(cbb.get()));
719 }
720
SetCertificatePolicies(const std::vector<std::string> & policy_oids)721 void CertBuilder::SetCertificatePolicies(
722 const std::vector<std::string>& policy_oids) {
723 // From RFC 5280:
724 // certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
725 //
726 // PolicyInformation ::= SEQUENCE {
727 // policyIdentifier CertPolicyId,
728 // policyQualifiers SEQUENCE SIZE (1..MAX) OF
729 // PolicyQualifierInfo OPTIONAL }
730 //
731 // CertPolicyId ::= OBJECT IDENTIFIER
732 if (policy_oids.empty()) {
733 EraseExtension(bssl::der::Input(bssl::kCertificatePoliciesOid));
734 return;
735 }
736
737 bssl::ScopedCBB cbb;
738 CBB certificate_policies;
739 ASSERT_TRUE(CBB_init(cbb.get(), 64));
740 ASSERT_TRUE(
741 CBB_add_asn1(cbb.get(), &certificate_policies, CBS_ASN1_SEQUENCE));
742 for (const auto& oid : policy_oids) {
743 CBB policy_information, policy_identifier;
744 ASSERT_TRUE(CBB_add_asn1(&certificate_policies, &policy_information,
745 CBS_ASN1_SEQUENCE));
746 ASSERT_TRUE(
747 CBB_add_asn1(&policy_information, &policy_identifier, CBS_ASN1_OBJECT));
748 ASSERT_TRUE(
749 CBB_add_asn1_oid_from_text(&policy_identifier, oid.data(), oid.size()));
750 ASSERT_TRUE(CBB_flush(&certificate_policies));
751 }
752
753 SetExtension(bssl::der::Input(bssl::kCertificatePoliciesOid),
754 FinishCBB(cbb.get()));
755 }
756
SetPolicyMappings(const std::vector<std::pair<std::string,std::string>> & policy_mappings)757 void CertBuilder::SetPolicyMappings(
758 const std::vector<std::pair<std::string, std::string>>& policy_mappings) {
759 // From RFC 5280:
760 // PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
761 // issuerDomainPolicy CertPolicyId,
762 // subjectDomainPolicy CertPolicyId }
763 if (policy_mappings.empty()) {
764 EraseExtension(bssl::der::Input(bssl::kPolicyMappingsOid));
765 return;
766 }
767
768 bssl::ScopedCBB cbb;
769 CBB mappings_sequence;
770 ASSERT_TRUE(CBB_init(cbb.get(), 64));
771 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &mappings_sequence, CBS_ASN1_SEQUENCE));
772 for (const auto& [issuer_domain_policy, subject_domain_policy] :
773 policy_mappings) {
774 CBB mapping_sequence;
775 CBB issuer_policy_object;
776 CBB subject_policy_object;
777 ASSERT_TRUE(
778 CBB_add_asn1(&mappings_sequence, &mapping_sequence, CBS_ASN1_SEQUENCE));
779
780 ASSERT_TRUE(CBB_add_asn1(&mapping_sequence, &issuer_policy_object,
781 CBS_ASN1_OBJECT));
782 ASSERT_TRUE(CBB_add_asn1_oid_from_text(&issuer_policy_object,
783 issuer_domain_policy.data(),
784 issuer_domain_policy.size()));
785
786 ASSERT_TRUE(CBB_add_asn1(&mapping_sequence, &subject_policy_object,
787 CBS_ASN1_OBJECT));
788 ASSERT_TRUE(CBB_add_asn1_oid_from_text(&subject_policy_object,
789 subject_domain_policy.data(),
790 subject_domain_policy.size()));
791
792 ASSERT_TRUE(CBB_flush(&mappings_sequence));
793 }
794
795 SetExtension(bssl::der::Input(bssl::kPolicyMappingsOid), FinishCBB(cbb.get()),
796 /*critical=*/true);
797 }
798
SetPolicyConstraints(absl::optional<uint64_t> require_explicit_policy,absl::optional<uint64_t> inhibit_policy_mapping)799 void CertBuilder::SetPolicyConstraints(
800 absl::optional<uint64_t> require_explicit_policy,
801 absl::optional<uint64_t> inhibit_policy_mapping) {
802 if (!require_explicit_policy.has_value() &&
803 !inhibit_policy_mapping.has_value()) {
804 EraseExtension(bssl::der::Input(bssl::kPolicyConstraintsOid));
805 return;
806 }
807
808 // From RFC 5280:
809 // PolicyConstraints ::= SEQUENCE {
810 // requireExplicitPolicy [0] SkipCerts OPTIONAL,
811 // inhibitPolicyMapping [1] SkipCerts OPTIONAL }
812 //
813 // SkipCerts ::= INTEGER (0..MAX)
814 bssl::ScopedCBB cbb;
815 CBB policy_constraints;
816 ASSERT_TRUE(CBB_init(cbb.get(), 64));
817 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &policy_constraints, CBS_ASN1_SEQUENCE));
818 if (require_explicit_policy.has_value()) {
819 ASSERT_TRUE(CBB_add_asn1_uint64_with_tag(
820 &policy_constraints, *require_explicit_policy,
821 bssl::der::ContextSpecificPrimitive(0)));
822 }
823 if (inhibit_policy_mapping.has_value()) {
824 ASSERT_TRUE(CBB_add_asn1_uint64_with_tag(
825 &policy_constraints, *inhibit_policy_mapping,
826 bssl::der::ContextSpecificPrimitive(1)));
827 }
828
829 SetExtension(bssl::der::Input(bssl::kPolicyConstraintsOid),
830 FinishCBB(cbb.get()),
831 /*critical=*/true);
832 }
833
SetInhibitAnyPolicy(uint64_t skip_certs)834 void CertBuilder::SetInhibitAnyPolicy(uint64_t skip_certs) {
835 // From RFC 5280:
836 // id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 }
837 //
838 // InhibitAnyPolicy ::= SkipCerts
839 //
840 // SkipCerts ::= INTEGER (0..MAX)
841 bssl::ScopedCBB cbb;
842 ASSERT_TRUE(CBB_init(cbb.get(), 64));
843 ASSERT_TRUE(CBB_add_asn1_uint64(cbb.get(), skip_certs));
844 SetExtension(bssl::der::Input(bssl::kInhibitAnyPolicyOid),
845 FinishCBB(cbb.get()),
846 /*critical=*/true);
847 }
848
SetValidity(base::Time not_before,base::Time not_after)849 void CertBuilder::SetValidity(base::Time not_before, base::Time not_after) {
850 // From RFC 5280:
851 // Validity ::= SEQUENCE {
852 // notBefore Time,
853 // notAfter Time }
854 bssl::ScopedCBB cbb;
855 CBB validity;
856 ASSERT_TRUE(CBB_init(cbb.get(), 64));
857 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &validity, CBS_ASN1_SEQUENCE));
858 ASSERT_TRUE(x509_util::CBBAddTime(&validity, not_before));
859 ASSERT_TRUE(x509_util::CBBAddTime(&validity, not_after));
860 validity_tlv_ = FinishCBB(cbb.get());
861 Invalidate();
862 }
863
SetSubjectKeyIdentifier(const std::string & subject_key_identifier)864 void CertBuilder::SetSubjectKeyIdentifier(
865 const std::string& subject_key_identifier) {
866 ASSERT_FALSE(subject_key_identifier.empty());
867
868 // From RFC 5280:
869 // KeyIdentifier ::= OCTET STRING
870 // SubjectKeyIdentifier ::= KeyIdentifier
871 bssl::ScopedCBB cbb;
872 ASSERT_TRUE(CBB_init(cbb.get(), 32));
873
874 ASSERT_TRUE(CBB_add_asn1_octet_string(
875 cbb.get(),
876 reinterpret_cast<const uint8_t*>(subject_key_identifier.data()),
877 subject_key_identifier.size()));
878
879 // Replace the existing SKI. Note it MUST be non-critical, per RFC 5280.
880 SetExtension(bssl::der::Input(bssl::kSubjectKeyIdentifierOid),
881 FinishCBB(cbb.get()),
882 /*critical=*/false);
883 }
884
SetAuthorityKeyIdentifier(const std::string & authority_key_identifier)885 void CertBuilder::SetAuthorityKeyIdentifier(
886 const std::string& authority_key_identifier) {
887 // If an empty AKI is presented, simply erase the existing one. Creating
888 // an empty AKI is technically valid, but there's no use case for this.
889 // An empty AKI would an empty (ergo, non-unique) SKI on the issuer,
890 // which would violate RFC 5280, so using the empty value as a placeholder
891 // unless and until a use case emerges is fine.
892 if (authority_key_identifier.empty()) {
893 EraseExtension(bssl::der::Input(bssl::kAuthorityKeyIdentifierOid));
894 return;
895 }
896
897 // From RFC 5280:
898 //
899 // AuthorityKeyIdentifier ::= SEQUENCE {
900 // keyIdentifier [0] KeyIdentifier OPTIONAL,
901 // authorityCertIssuer [1] bssl::GeneralNames OPTIONAL,
902 // authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
903 //
904 // KeyIdentifier ::= OCTET STRING
905 bssl::ScopedCBB cbb;
906 CBB aki, aki_value;
907 ASSERT_TRUE(CBB_init(cbb.get(), 32));
908 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &aki, CBS_ASN1_SEQUENCE));
909 ASSERT_TRUE(CBB_add_asn1(&aki, &aki_value, CBS_ASN1_CONTEXT_SPECIFIC | 0));
910 ASSERT_TRUE(CBBAddBytes(&aki_value, authority_key_identifier));
911 ASSERT_TRUE(CBB_flush(&aki));
912
913 SetExtension(bssl::der::Input(bssl::kAuthorityKeyIdentifierOid),
914 FinishCBB(cbb.get()));
915 }
916
SetSignatureAlgorithm(bssl::SignatureAlgorithm signature_algorithm)917 void CertBuilder::SetSignatureAlgorithm(
918 bssl::SignatureAlgorithm signature_algorithm) {
919 signature_algorithm_ = signature_algorithm;
920 Invalidate();
921 }
922
SetSignatureAlgorithmTLV(base::StringPiece signature_algorithm_tlv)923 void CertBuilder::SetSignatureAlgorithmTLV(
924 base::StringPiece signature_algorithm_tlv) {
925 SetOuterSignatureAlgorithmTLV(signature_algorithm_tlv);
926 SetTBSSignatureAlgorithmTLV(signature_algorithm_tlv);
927 }
928
SetOuterSignatureAlgorithmTLV(base::StringPiece signature_algorithm_tlv)929 void CertBuilder::SetOuterSignatureAlgorithmTLV(
930 base::StringPiece signature_algorithm_tlv) {
931 outer_signature_algorithm_tlv_ = std::string(signature_algorithm_tlv);
932 Invalidate();
933 }
934
SetTBSSignatureAlgorithmTLV(base::StringPiece signature_algorithm_tlv)935 void CertBuilder::SetTBSSignatureAlgorithmTLV(
936 base::StringPiece signature_algorithm_tlv) {
937 tbs_signature_algorithm_tlv_ = std::string(signature_algorithm_tlv);
938 Invalidate();
939 }
940
SetSerialNumber(uint64_t serial_number)941 void CertBuilder::SetSerialNumber(uint64_t serial_number) {
942 serial_number_ = serial_number;
943 Invalidate();
944 }
945
SetRandomSerialNumber()946 void CertBuilder::SetRandomSerialNumber() {
947 serial_number_ = base::RandUint64();
948 Invalidate();
949 }
950
SetSctConfig(std::vector<CertBuilder::SctConfig> sct_configs)951 void CertBuilder::SetSctConfig(
952 std::vector<CertBuilder::SctConfig> sct_configs) {
953 sct_configs_ = std::move(sct_configs);
954 Invalidate();
955 }
956
GetCertBuffer()957 CRYPTO_BUFFER* CertBuilder::GetCertBuffer() {
958 if (!cert_)
959 GenerateCertificate();
960 return cert_.get();
961 }
962
DupCertBuffer()963 bssl::UniquePtr<CRYPTO_BUFFER> CertBuilder::DupCertBuffer() {
964 return bssl::UpRef(GetCertBuffer());
965 }
966
GetSubject()967 const std::string& CertBuilder::GetSubject() {
968 if (subject_tlv_.empty())
969 GenerateSubject();
970 return subject_tlv_;
971 }
972
GetSerialNumber()973 uint64_t CertBuilder::GetSerialNumber() {
974 if (!serial_number_)
975 serial_number_ = base::RandUint64();
976 return serial_number_;
977 }
978
GetSubjectKeyIdentifier()979 std::string CertBuilder::GetSubjectKeyIdentifier() {
980 std::string ski_oid =
981 bssl::der::Input(bssl::kSubjectKeyIdentifierOid).AsString();
982 if (extensions_.find(ski_oid) == extensions_.end()) {
983 // If no SKI is present, this means that the certificate was either
984 // created by FromStaticCert() and lacked one, or it was explicitly
985 // deleted as an extension.
986 return std::string();
987 }
988
989 auto& extension_value = extensions_[ski_oid];
990 bssl::der::Input ski_value;
991 if (!bssl::ParseSubjectKeyIdentifier(bssl::der::Input(extension_value.value),
992 &ski_value)) {
993 return std::string();
994 }
995 return ski_value.AsString();
996 }
997
GetValidity(base::Time * not_before,base::Time * not_after) const998 bool CertBuilder::GetValidity(base::Time* not_before,
999 base::Time* not_after) const {
1000 bssl::der::GeneralizedTime not_before_generalized_time;
1001 bssl::der::GeneralizedTime not_after_generalized_time;
1002 if (!bssl::ParseValidity(bssl::der::Input(validity_tlv_),
1003 ¬_before_generalized_time,
1004 ¬_after_generalized_time) ||
1005 !GeneralizedTimeToTime(not_before_generalized_time, not_before) ||
1006 !GeneralizedTimeToTime(not_after_generalized_time, not_after)) {
1007 return false;
1008 }
1009 return true;
1010 }
1011
GetKey()1012 EVP_PKEY* CertBuilder::GetKey() {
1013 if (!key_) {
1014 switch (default_pkey_id_) {
1015 case EVP_PKEY_RSA:
1016 GenerateRSAKey();
1017 break;
1018 case EVP_PKEY_EC:
1019 GenerateECKey();
1020 break;
1021 }
1022 }
1023 return key_.get();
1024 }
1025
GetX509Certificate()1026 scoped_refptr<X509Certificate> CertBuilder::GetX509Certificate() {
1027 return X509Certificate::CreateFromBuffer(DupCertBuffer(), {});
1028 }
1029
GetX509CertificateChain()1030 scoped_refptr<X509Certificate> CertBuilder::GetX509CertificateChain() {
1031 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates;
1032 // Add intermediates, not including the self-signed root.
1033 for (CertBuilder* cert = issuer_; cert && cert != cert->issuer_;
1034 cert = cert->issuer_) {
1035 intermediates.push_back(cert->DupCertBuffer());
1036 }
1037 return X509Certificate::CreateFromBuffer(DupCertBuffer(),
1038 std::move(intermediates));
1039 }
1040
GetX509CertificateFullChain()1041 scoped_refptr<X509Certificate> CertBuilder::GetX509CertificateFullChain() {
1042 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates;
1043 // Add intermediates and the self-signed root.
1044 for (CertBuilder* cert = issuer_; cert; cert = cert->issuer_) {
1045 intermediates.push_back(cert->DupCertBuffer());
1046 if (cert == cert->issuer_)
1047 break;
1048 }
1049 return X509Certificate::CreateFromBuffer(DupCertBuffer(),
1050 std::move(intermediates));
1051 }
1052
GetDER()1053 std::string CertBuilder::GetDER() {
1054 return std::string(x509_util::CryptoBufferAsStringPiece(GetCertBuffer()));
1055 }
1056
GetPEM()1057 std::string CertBuilder::GetPEM() {
1058 std::string pem_encoded;
1059 EXPECT_TRUE(X509Certificate::GetPEMEncoded(GetCertBuffer(), &pem_encoded));
1060 return pem_encoded;
1061 }
1062
GetPEMFullChain()1063 std::string CertBuilder::GetPEMFullChain() {
1064 std::vector<std::string> pems;
1065 CertBuilder* cert = this;
1066 while (cert) {
1067 pems.push_back(cert->GetPEM());
1068 if (cert == cert->issuer_)
1069 break;
1070 cert = cert->issuer_;
1071 }
1072 return base::JoinString(pems, "\n");
1073 }
1074
GetPrivateKeyPEM()1075 std::string CertBuilder::GetPrivateKeyPEM() {
1076 std::string pem_encoded = key_util::PEMFromPrivateKey(GetKey());
1077 EXPECT_FALSE(pem_encoded.empty());
1078 return pem_encoded;
1079 }
1080
CertBuilder(CRYPTO_BUFFER * orig_cert,CertBuilder * issuer,bool unique_subject_key_identifier)1081 CertBuilder::CertBuilder(CRYPTO_BUFFER* orig_cert,
1082 CertBuilder* issuer,
1083 bool unique_subject_key_identifier)
1084 : issuer_(issuer) {
1085 if (!issuer_)
1086 issuer_ = this;
1087
1088 crypto::EnsureOpenSSLInit();
1089 if (orig_cert)
1090 InitFromCert(
1091 bssl::der::Input(x509_util::CryptoBufferAsStringPiece(orig_cert)));
1092
1093 if (unique_subject_key_identifier) {
1094 GenerateSubjectKeyIdentifier();
1095 SetAuthorityKeyIdentifier(issuer_->GetSubjectKeyIdentifier());
1096 }
1097 }
1098
Invalidate()1099 void CertBuilder::Invalidate() {
1100 cert_.reset();
1101 }
1102
GenerateECKey()1103 void CertBuilder::GenerateECKey() {
1104 auto private_key = crypto::ECPrivateKey::Create();
1105 SetKey(bssl::UpRef(private_key->key()));
1106 }
1107
GenerateRSAKey()1108 void CertBuilder::GenerateRSAKey() {
1109 auto private_key = crypto::RSAPrivateKey::Create(2048);
1110 SetKey(bssl::UpRef(private_key->key()));
1111 }
1112
UseKeyFromFile(const base::FilePath & key_file)1113 bool CertBuilder::UseKeyFromFile(const base::FilePath& key_file) {
1114 bssl::UniquePtr<EVP_PKEY> private_key(
1115 key_util::LoadEVP_PKEYFromPEM(key_file));
1116 if (!private_key)
1117 return false;
1118 SetKey(std::move(private_key));
1119 return true;
1120 }
1121
SetKey(bssl::UniquePtr<EVP_PKEY> key)1122 void CertBuilder::SetKey(bssl::UniquePtr<EVP_PKEY> key) {
1123 key_ = std::move(key);
1124 Invalidate();
1125 }
1126
GenerateSubjectKeyIdentifier()1127 void CertBuilder::GenerateSubjectKeyIdentifier() {
1128 // 20 bytes are chosen here for no other reason than it's compatible with
1129 // systems that assume the SKI is SHA-1(SPKI), which RFC 5280 notes as one
1130 // mechanism for generating an SKI, while also noting that random/unique
1131 // SKIs are also fine.
1132 std::string random_ski = base::RandBytesAsString(20);
1133 SetSubjectKeyIdentifier(random_ski);
1134 }
1135
GenerateSubject()1136 void CertBuilder::GenerateSubject() {
1137 ASSERT_TRUE(subject_tlv_.empty());
1138
1139 // Use a random common name comprised of 12 bytes in hex.
1140 std::string common_name = MakeRandomHexString(12);
1141
1142 SetSubjectCommonName(common_name);
1143 }
1144
InitFromCert(const bssl::der::Input & cert)1145 void CertBuilder::InitFromCert(const bssl::der::Input& cert) {
1146 extensions_.clear();
1147 Invalidate();
1148
1149 // From RFC 5280, section 4.1
1150 // Certificate ::= SEQUENCE {
1151 // tbsCertificate TBSCertificate,
1152 // signatureAlgorithm AlgorithmIdentifier,
1153 // signatureValue BIT STRING }
1154
1155 // TBSCertificate ::= SEQUENCE {
1156 // version [0] EXPLICIT Version DEFAULT v1,
1157 // serialNumber CertificateSerialNumber,
1158 // signature AlgorithmIdentifier,
1159 // issuer Name,
1160 // validity Validity,
1161 // subject Name,
1162 // subjectPublicKeyInfo SubjectPublicKeyInfo,
1163 // issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
1164 // -- If present, version MUST be v2 or v3
1165 // subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
1166 // -- If present, version MUST be v2 or v3
1167 // extensions [3] EXPLICIT Extensions OPTIONAL
1168 // -- If present, version MUST be v3
1169 // }
1170 bssl::der::Parser parser(cert);
1171 bssl::der::Parser certificate;
1172 bssl::der::Parser tbs_certificate;
1173 ASSERT_TRUE(parser.ReadSequence(&certificate));
1174 ASSERT_TRUE(certificate.ReadSequence(&tbs_certificate));
1175
1176 // version
1177 bool has_version;
1178 ASSERT_TRUE(tbs_certificate.SkipOptionalTag(
1179 bssl::der::kTagConstructed | bssl::der::kTagContextSpecific | 0,
1180 &has_version));
1181 if (has_version) {
1182 // TODO(mattm): could actually parse the version here instead of assuming
1183 // V3.
1184 version_ = bssl::CertificateVersion::V3;
1185 } else {
1186 version_ = bssl::CertificateVersion::V1;
1187 }
1188
1189 // serialNumber
1190 ASSERT_TRUE(tbs_certificate.SkipTag(bssl::der::kInteger));
1191
1192 // signature
1193 bssl::der::Input signature_algorithm_tlv;
1194 ASSERT_TRUE(tbs_certificate.ReadRawTLV(&signature_algorithm_tlv));
1195 auto signature_algorithm =
1196 bssl::ParseSignatureAlgorithm(signature_algorithm_tlv);
1197 ASSERT_TRUE(signature_algorithm);
1198 signature_algorithm_ = *signature_algorithm;
1199
1200 // issuer
1201 ASSERT_TRUE(tbs_certificate.SkipTag(bssl::der::kSequence));
1202
1203 // validity
1204 bssl::der::Input validity_tlv;
1205 ASSERT_TRUE(tbs_certificate.ReadRawTLV(&validity_tlv));
1206 validity_tlv_ = validity_tlv.AsString();
1207
1208 // subject
1209 ASSERT_TRUE(tbs_certificate.SkipTag(bssl::der::kSequence));
1210
1211 // subjectPublicKeyInfo
1212 bssl::der::Input spki_tlv;
1213 ASSERT_TRUE(tbs_certificate.ReadRawTLV(&spki_tlv));
1214 bssl::UniquePtr<EVP_PKEY> public_key;
1215 ASSERT_TRUE(bssl::ParsePublicKey(spki_tlv, &public_key));
1216 default_pkey_id_ = EVP_PKEY_id(public_key.get());
1217
1218 // issuerUniqueID
1219 bool unused;
1220 ASSERT_TRUE(tbs_certificate.SkipOptionalTag(
1221 bssl::der::ContextSpecificPrimitive(1), &unused));
1222 // subjectUniqueID
1223 ASSERT_TRUE(tbs_certificate.SkipOptionalTag(
1224 bssl::der::ContextSpecificPrimitive(2), &unused));
1225
1226 // extensions
1227 absl::optional<bssl::der::Input> extensions_tlv;
1228 ASSERT_TRUE(tbs_certificate.ReadOptionalTag(
1229 bssl::der::ContextSpecificConstructed(3), &extensions_tlv));
1230 if (extensions_tlv) {
1231 std::map<bssl::der::Input, bssl::ParsedExtension> parsed_extensions;
1232 ASSERT_TRUE(ParseExtensions(extensions_tlv.value(), &parsed_extensions));
1233
1234 for (const auto& parsed_extension : parsed_extensions) {
1235 SetExtension(parsed_extension.second.oid,
1236 parsed_extension.second.value.AsString(),
1237 parsed_extension.second.critical);
1238 }
1239 }
1240 }
1241
BuildTBSCertificate(base::StringPiece signature_algorithm_tlv,std::string * out)1242 void CertBuilder::BuildTBSCertificate(base::StringPiece signature_algorithm_tlv,
1243 std::string* out) {
1244 bssl::ScopedCBB cbb;
1245 CBB tbs_cert, version, extensions_context, extensions;
1246
1247 ASSERT_TRUE(CBB_init(cbb.get(), 64));
1248 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &tbs_cert, CBS_ASN1_SEQUENCE));
1249 if (version_ != bssl::CertificateVersion::V1) {
1250 ASSERT_TRUE(
1251 CBB_add_asn1(&tbs_cert, &version,
1252 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0));
1253 switch (version_) {
1254 case bssl::CertificateVersion::V2:
1255 ASSERT_TRUE(CBB_add_asn1_uint64(&version, 1));
1256 break;
1257 case bssl::CertificateVersion::V3:
1258 ASSERT_TRUE(CBB_add_asn1_uint64(&version, 2));
1259 break;
1260 case bssl::CertificateVersion::V1:
1261 NOTREACHED_NORETURN();
1262 }
1263 }
1264 ASSERT_TRUE(CBB_add_asn1_uint64(&tbs_cert, GetSerialNumber()));
1265 ASSERT_TRUE(CBBAddBytes(&tbs_cert, signature_algorithm_tlv));
1266 ASSERT_TRUE(CBBAddBytes(&tbs_cert, issuer_tlv_.has_value()
1267 ? *issuer_tlv_
1268 : issuer_->GetSubject()));
1269 ASSERT_TRUE(CBBAddBytes(&tbs_cert, validity_tlv_));
1270 ASSERT_TRUE(CBBAddBytes(&tbs_cert, GetSubject()));
1271 ASSERT_TRUE(GetKey());
1272 ASSERT_TRUE(EVP_marshal_public_key(&tbs_cert, GetKey()));
1273
1274 // Serialize all the extensions.
1275 if (!extensions_.empty()) {
1276 ASSERT_TRUE(
1277 CBB_add_asn1(&tbs_cert, &extensions_context,
1278 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 3));
1279 ASSERT_TRUE(
1280 CBB_add_asn1(&extensions_context, &extensions, CBS_ASN1_SEQUENCE));
1281
1282 // Extension ::= SEQUENCE {
1283 // extnID OBJECT IDENTIFIER,
1284 // critical BOOLEAN DEFAULT FALSE,
1285 // extnValue OCTET STRING
1286 // -- contains the DER encoding of an ASN.1 value
1287 // -- corresponding to the extension type identified
1288 // -- by extnID
1289 // }
1290 for (const auto& extension_it : extensions_) {
1291 CBB extension_seq, oid, extn_value;
1292 ASSERT_TRUE(CBB_add_asn1(&extensions, &extension_seq, CBS_ASN1_SEQUENCE));
1293 ASSERT_TRUE(CBB_add_asn1(&extension_seq, &oid, CBS_ASN1_OBJECT));
1294 ASSERT_TRUE(CBBAddBytes(&oid, extension_it.first));
1295 if (extension_it.second.critical) {
1296 ASSERT_TRUE(CBB_add_asn1_bool(&extension_seq, true));
1297 }
1298
1299 ASSERT_TRUE(
1300 CBB_add_asn1(&extension_seq, &extn_value, CBS_ASN1_OCTETSTRING));
1301 ASSERT_TRUE(CBBAddBytes(&extn_value, extension_it.second.value));
1302 ASSERT_TRUE(CBB_flush(&extensions));
1303 }
1304 }
1305
1306 *out = FinishCBB(cbb.get());
1307 }
1308
BuildSctListExtension(const std::string & pre_tbs_certificate,std::string * out)1309 void CertBuilder::BuildSctListExtension(const std::string& pre_tbs_certificate,
1310 std::string* out) {
1311 std::vector<std::string> encoded_scts;
1312 for (const SctConfig& sct_config : sct_configs_) {
1313 ct::SignedEntryData entry;
1314 entry.type = ct::SignedEntryData::LOG_ENTRY_TYPE_PRECERT;
1315 bssl::ScopedCBB issuer_spki_cbb;
1316 ASSERT_TRUE(CBB_init(issuer_spki_cbb.get(), 32));
1317 ASSERT_TRUE(
1318 EVP_marshal_public_key(issuer_spki_cbb.get(), issuer_->GetKey()));
1319 crypto::SHA256HashString(FinishCBB(issuer_spki_cbb.get()),
1320 entry.issuer_key_hash.data,
1321 sizeof(entry.issuer_key_hash.data));
1322 entry.tbs_certificate = pre_tbs_certificate;
1323
1324 std::string serialized_log_entry;
1325 std::string serialized_data;
1326 ASSERT_TRUE(ct::EncodeSignedEntry(entry, &serialized_log_entry));
1327 ASSERT_TRUE(ct::EncodeV1SCTSignedData(sct_config.timestamp,
1328 serialized_log_entry,
1329 /*extensions=*/"", &serialized_data));
1330
1331 scoped_refptr<ct::SignedCertificateTimestamp> sct =
1332 base::MakeRefCounted<ct::SignedCertificateTimestamp>();
1333 sct->log_id = sct_config.log_id;
1334 sct->timestamp = sct_config.timestamp;
1335 sct->signature.hash_algorithm = ct::DigitallySigned::HASH_ALGO_SHA256;
1336 sct->signature.signature_algorithm = ct::DigitallySigned::SIG_ALGO_ECDSA;
1337
1338 bssl::ScopedCBB sct_signature_cbb;
1339 ASSERT_TRUE(CBB_init(sct_signature_cbb.get(), 0));
1340 ASSERT_TRUE(SignData(bssl::SignatureAlgorithm::kEcdsaSha256,
1341 serialized_data, sct_config.log_key.get(),
1342 sct_signature_cbb.get()));
1343 sct->signature.signature_data = FinishCBB(sct_signature_cbb.get());
1344
1345 sct->origin = ct::SignedCertificateTimestamp::SCT_EMBEDDED;
1346
1347 std::string encoded_sct;
1348 ASSERT_TRUE(ct::EncodeSignedCertificateTimestamp(sct, &encoded_sct));
1349 encoded_scts.push_back(std::move(encoded_sct));
1350 }
1351 std::string encoded_sct_list;
1352 ASSERT_TRUE(ct::EncodeSCTListForTesting(encoded_scts, &encoded_sct_list));
1353
1354 bssl::ScopedCBB sct_extension_cbb;
1355 ASSERT_TRUE(CBB_init(sct_extension_cbb.get(), 32));
1356 ASSERT_TRUE(CBB_add_asn1_octet_string(
1357 sct_extension_cbb.get(),
1358 reinterpret_cast<const uint8_t*>(encoded_sct_list.data()),
1359 encoded_sct_list.size()));
1360
1361 *out = FinishCBB(sct_extension_cbb.get());
1362 }
1363
GenerateCertificate()1364 void CertBuilder::GenerateCertificate() {
1365 ASSERT_FALSE(cert_);
1366
1367 absl::optional<bssl::SignatureAlgorithm> signature_algorithm =
1368 signature_algorithm_;
1369 if (!signature_algorithm)
1370 signature_algorithm = DefaultSignatureAlgorithmForKey(issuer_->GetKey());
1371 ASSERT_TRUE(signature_algorithm.has_value());
1372
1373 std::string signature_algorithm_tlv =
1374 !outer_signature_algorithm_tlv_.empty()
1375 ? outer_signature_algorithm_tlv_
1376 : SignatureAlgorithmToDer(*signature_algorithm);
1377 ASSERT_FALSE(signature_algorithm_tlv.empty());
1378
1379 std::string tbs_signature_algorithm_tlv =
1380 !tbs_signature_algorithm_tlv_.empty()
1381 ? tbs_signature_algorithm_tlv_
1382 : SignatureAlgorithmToDer(*signature_algorithm);
1383 ASSERT_FALSE(tbs_signature_algorithm_tlv.empty());
1384
1385 if (!sct_configs_.empty()) {
1386 EraseExtension(bssl::der::Input(ct::kEmbeddedSCTOid));
1387 std::string pre_tbs_certificate;
1388 BuildTBSCertificate(tbs_signature_algorithm_tlv, &pre_tbs_certificate);
1389 std::string sct_extension;
1390 BuildSctListExtension(pre_tbs_certificate, &sct_extension);
1391 SetExtension(bssl::der::Input(ct::kEmbeddedSCTOid), sct_extension,
1392 /*critical=*/false);
1393 }
1394
1395 std::string tbs_cert;
1396 BuildTBSCertificate(tbs_signature_algorithm_tlv, &tbs_cert);
1397
1398 // Sign the TBSCertificate and write the entire certificate.
1399 bssl::ScopedCBB cbb;
1400 CBB cert, signature;
1401
1402 ASSERT_TRUE(CBB_init(cbb.get(), tbs_cert.size()));
1403 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &cert, CBS_ASN1_SEQUENCE));
1404 ASSERT_TRUE(CBBAddBytes(&cert, tbs_cert));
1405 ASSERT_TRUE(CBBAddBytes(&cert, signature_algorithm_tlv));
1406 ASSERT_TRUE(CBB_add_asn1(&cert, &signature, CBS_ASN1_BITSTRING));
1407 ASSERT_TRUE(CBB_add_u8(&signature, 0 /* no unused bits */));
1408 ASSERT_TRUE(
1409 SignData(*signature_algorithm, tbs_cert, issuer_->GetKey(), &signature));
1410
1411 auto cert_der = FinishCBB(cbb.get());
1412 cert_ =
1413 x509_util::CreateCryptoBuffer(base::as_bytes(base::make_span(cert_der)));
1414 }
1415
1416 } // namespace net
1417