1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/x509_certificate.h"
6
7 #include <limits.h>
8 #include <stdlib.h>
9
10 #include <memory>
11 #include <string>
12 #include <string_view>
13 #include <vector>
14
15 #include "base/containers/contains.h"
16 #include "base/containers/span.h"
17 #include "base/logging.h"
18 #include "base/notreached.h"
19 #include "base/numerics/safe_conversions.h"
20 #include "base/pickle.h"
21 #include "base/strings/strcat.h"
22 #include "base/strings/string_util.h"
23 #include "base/time/time.h"
24 #include "crypto/openssl_util.h"
25 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
26 #include "net/base/tracing.h"
27 #include "net/base/url_util.h"
28 #include "net/cert/asn1_util.h"
29 #include "net/cert/time_conversions.h"
30 #include "net/cert/x509_util.h"
31 #include "third_party/boringssl/src/include/openssl/evp.h"
32 #include "third_party/boringssl/src/include/openssl/pool.h"
33 #include "third_party/boringssl/src/include/openssl/sha.h"
34 #include "third_party/boringssl/src/pki/cert_errors.h"
35 #include "third_party/boringssl/src/pki/name_constraints.h"
36 #include "third_party/boringssl/src/pki/parsed_certificate.h"
37 #include "third_party/boringssl/src/pki/parser.h"
38 #include "third_party/boringssl/src/pki/pem.h"
39 #include "third_party/boringssl/src/pki/signature_algorithm.h"
40 #include "third_party/boringssl/src/pki/verify_certificate_chain.h"
41 #include "third_party/boringssl/src/pki/verify_name_match.h"
42 #include "third_party/boringssl/src/pki/verify_signed_data.h"
43 #include "url/url_canon.h"
44
45 namespace net {
46
47 namespace {
48
49 // Indicates the order to use when trying to decode binary data, which is
50 // based on (speculation) as to what will be most common -> least common
51 constexpr auto kFormatDecodePriority = std::to_array<X509Certificate::Format>(
52 {X509Certificate::FORMAT_SINGLE_CERTIFICATE,
53 X509Certificate::FORMAT_PKCS7});
54
55 // The PEM block header used for DER certificates
56 const char kCertificateHeader[] = "CERTIFICATE";
57 // The PEM block header used for PKCS#7 data
58 const char kPKCS7Header[] = "PKCS7";
59
60 // Utility to split |src| on the first occurrence of |c|, if any. |right| will
61 // either be empty if |c| was not found, or will contain the remainder of the
62 // string including the split character itself.
SplitOnChar(std::string_view src,char c,std::string_view * left,std::string_view * right)63 void SplitOnChar(std::string_view src,
64 char c,
65 std::string_view* left,
66 std::string_view* right) {
67 size_t pos = src.find(c);
68 if (pos == std::string_view::npos) {
69 *left = src;
70 *right = std::string_view();
71 } else {
72 *left = src.substr(0, pos);
73 *right = src.substr(pos);
74 }
75 }
76
77 // Sets |value| to the Value from a DER Sequence Tag-Length-Value and return
78 // true, or return false if the TLV was not a valid DER Sequence.
ParseSequenceValue(const bssl::der::Input & tlv,bssl::der::Input * value)79 [[nodiscard]] bool ParseSequenceValue(const bssl::der::Input& tlv,
80 bssl::der::Input* value) {
81 bssl::der::Parser parser(tlv);
82 return parser.ReadTag(CBS_ASN1_SEQUENCE, value) && !parser.HasMore();
83 }
84
85 // Normalize |cert|'s Issuer and store it in |out_normalized_issuer|, returning
86 // true on success or false if there was a parsing error.
GetNormalizedCertIssuer(CRYPTO_BUFFER * cert,std::string * out_normalized_issuer)87 bool GetNormalizedCertIssuer(CRYPTO_BUFFER* cert,
88 std::string* out_normalized_issuer) {
89 bssl::der::Input tbs_certificate_tlv;
90 bssl::der::Input signature_algorithm_tlv;
91 bssl::der::BitString signature_value;
92 if (!bssl::ParseCertificate(
93 bssl::der::Input(x509_util::CryptoBufferAsSpan(cert)),
94 &tbs_certificate_tlv, &signature_algorithm_tlv, &signature_value,
95 nullptr)) {
96 return false;
97 }
98 bssl::ParsedTbsCertificate tbs;
99 if (!ParseTbsCertificate(tbs_certificate_tlv,
100 x509_util::DefaultParseCertificateOptions(), &tbs,
101 nullptr))
102 return false;
103
104 bssl::der::Input issuer_value;
105 if (!ParseSequenceValue(tbs.issuer_tlv, &issuer_value))
106 return false;
107
108 bssl::CertErrors errors;
109 return NormalizeName(issuer_value, out_normalized_issuer, &errors);
110 }
111
CreateCertBufferFromBytesWithSanityCheck(base::span<const uint8_t> data)112 bssl::UniquePtr<CRYPTO_BUFFER> CreateCertBufferFromBytesWithSanityCheck(
113 base::span<const uint8_t> data) {
114 bssl::der::Input tbs_certificate_tlv;
115 bssl::der::Input signature_algorithm_tlv;
116 bssl::der::BitString signature_value;
117 // Do a bare minimum of DER parsing here to see if the input looks
118 // certificate-ish.
119 if (!bssl::ParseCertificate(bssl::der::Input(data), &tbs_certificate_tlv,
120 &signature_algorithm_tlv, &signature_value,
121 nullptr)) {
122 return nullptr;
123 }
124 return x509_util::CreateCryptoBuffer(data);
125 }
126
127 } // namespace
128
129 // static
CreateFromBuffer(bssl::UniquePtr<CRYPTO_BUFFER> cert_buffer,std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates)130 scoped_refptr<X509Certificate> X509Certificate::CreateFromBuffer(
131 bssl::UniquePtr<CRYPTO_BUFFER> cert_buffer,
132 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates) {
133 return CreateFromBufferUnsafeOptions(std::move(cert_buffer),
134 std::move(intermediates), {});
135 }
136
137 // static
CreateFromBufferUnsafeOptions(bssl::UniquePtr<CRYPTO_BUFFER> cert_buffer,std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates,UnsafeCreateOptions options)138 scoped_refptr<X509Certificate> X509Certificate::CreateFromBufferUnsafeOptions(
139 bssl::UniquePtr<CRYPTO_BUFFER> cert_buffer,
140 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates,
141 UnsafeCreateOptions options) {
142 DCHECK(cert_buffer);
143 ParsedFields parsed;
144 if (!parsed.Initialize(cert_buffer.get(), options)) {
145 return nullptr;
146 }
147 return base::WrapRefCounted(new X509Certificate(
148 std::move(parsed), std::move(cert_buffer), std::move(intermediates)));
149 }
150
151 // static
CreateFromDERCertChain(const std::vector<std::string_view> & der_certs)152 scoped_refptr<X509Certificate> X509Certificate::CreateFromDERCertChain(
153 const std::vector<std::string_view>& der_certs) {
154 return CreateFromDERCertChainUnsafeOptions(der_certs, {});
155 }
156
157 // static
158 scoped_refptr<X509Certificate>
CreateFromDERCertChainUnsafeOptions(const std::vector<std::string_view> & der_certs,UnsafeCreateOptions options)159 X509Certificate::CreateFromDERCertChainUnsafeOptions(
160 const std::vector<std::string_view>& der_certs,
161 UnsafeCreateOptions options) {
162 TRACE_EVENT0("io", "X509Certificate::CreateFromDERCertChain");
163 if (der_certs.empty())
164 return nullptr;
165
166 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediate_ca_certs;
167 intermediate_ca_certs.reserve(der_certs.size() - 1);
168 for (size_t i = 1; i < der_certs.size(); i++) {
169 intermediate_ca_certs.push_back(
170 x509_util::CreateCryptoBuffer(der_certs[i]));
171 }
172
173 return CreateFromBufferUnsafeOptions(
174 x509_util::CreateCryptoBuffer(der_certs[0]),
175 std::move(intermediate_ca_certs), options);
176 }
177
178 // static
CreateFromBytes(base::span<const uint8_t> data)179 scoped_refptr<X509Certificate> X509Certificate::CreateFromBytes(
180 base::span<const uint8_t> data) {
181 return CreateFromBytesUnsafeOptions(data, {});
182 }
183
184 // static
CreateFromBytesUnsafeOptions(base::span<const uint8_t> data,UnsafeCreateOptions options)185 scoped_refptr<X509Certificate> X509Certificate::CreateFromBytesUnsafeOptions(
186 base::span<const uint8_t> data,
187 UnsafeCreateOptions options) {
188 scoped_refptr<X509Certificate> cert = CreateFromBufferUnsafeOptions(
189 x509_util::CreateCryptoBuffer(data), {}, options);
190 return cert;
191 }
192
193 // static
CreateFromPickle(base::PickleIterator * pickle_iter)194 scoped_refptr<X509Certificate> X509Certificate::CreateFromPickle(
195 base::PickleIterator* pickle_iter) {
196 return CreateFromPickleUnsafeOptions(pickle_iter, {});
197 }
198
199 // static
CreateFromPickleUnsafeOptions(base::PickleIterator * pickle_iter,UnsafeCreateOptions options)200 scoped_refptr<X509Certificate> X509Certificate::CreateFromPickleUnsafeOptions(
201 base::PickleIterator* pickle_iter,
202 UnsafeCreateOptions options) {
203 size_t chain_length = 0;
204 if (!pickle_iter->ReadLength(&chain_length))
205 return nullptr;
206
207 std::vector<std::string_view> cert_chain;
208 const char* data = nullptr;
209 size_t data_length = 0;
210 for (size_t i = 0; i < chain_length; ++i) {
211 if (!pickle_iter->ReadData(&data, &data_length))
212 return nullptr;
213 cert_chain.emplace_back(data, data_length);
214 }
215 return CreateFromDERCertChainUnsafeOptions(cert_chain, options);
216 }
217
218 // static
CreateCertificateListFromBytes(base::span<const uint8_t> data,int format)219 CertificateList X509Certificate::CreateCertificateListFromBytes(
220 base::span<const uint8_t> data,
221 int format) {
222 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> certificates;
223
224 // Check to see if it is in a PEM-encoded form. This check is performed
225 // first, as both OS X and NSS will both try to convert if they detect
226 // PEM encoding, except they don't do it consistently between the two.
227 std::vector<std::string> pem_headers;
228
229 // To maintain compatibility with NSS/Firefox, CERTIFICATE is a universally
230 // valid PEM block header for any format.
231 pem_headers.push_back(kCertificateHeader);
232 if (format & FORMAT_PKCS7)
233 pem_headers.push_back(kPKCS7Header);
234
235 bssl::PEMTokenizer pem_tokenizer(base::as_string_view(data), pem_headers);
236 while (pem_tokenizer.GetNext()) {
237 std::string decoded(pem_tokenizer.data());
238
239 bssl::UniquePtr<CRYPTO_BUFFER> handle;
240 if (format & FORMAT_PEM_CERT_SEQUENCE) {
241 handle =
242 CreateCertBufferFromBytesWithSanityCheck(base::as_byte_span(decoded));
243 }
244 if (handle) {
245 // Parsed a DER encoded certificate. All PEM blocks that follow must
246 // also be DER encoded certificates wrapped inside of PEM blocks.
247 format = FORMAT_PEM_CERT_SEQUENCE;
248 certificates.push_back(std::move(handle));
249 continue;
250 }
251
252 // If the first block failed to parse as a DER certificate, and
253 // formats other than PEM are acceptable, check to see if the decoded
254 // data is one of the accepted formats.
255 if (format & ~FORMAT_PEM_CERT_SEQUENCE) {
256 for (size_t i = 0;
257 certificates.empty() && i < std::size(kFormatDecodePriority); ++i) {
258 if (format & kFormatDecodePriority[i]) {
259 certificates = CreateCertBuffersFromBytes(base::as_byte_span(decoded),
260 kFormatDecodePriority[i]);
261 }
262 }
263 }
264
265 // Stop parsing after the first block for any format but a sequence of
266 // PEM-encoded DER certificates. The case of FORMAT_PEM_CERT_SEQUENCE
267 // is handled above, and continues processing until a certificate fails
268 // to parse.
269 break;
270 }
271
272 // Try each of the formats, in order of parse preference, to see if |data|
273 // contains the binary representation of a Format, if it failed to parse
274 // as a PEM certificate/chain.
275 for (size_t i = 0;
276 certificates.empty() && i < std::size(kFormatDecodePriority); ++i) {
277 if (format & kFormatDecodePriority[i])
278 certificates = CreateCertBuffersFromBytes(data, kFormatDecodePriority[i]);
279 }
280
281 CertificateList results;
282 // No certificates parsed.
283 if (certificates.empty())
284 return results;
285
286 for (auto& it : certificates) {
287 scoped_refptr<X509Certificate> cert = CreateFromBuffer(std::move(it), {});
288 if (cert)
289 results.push_back(std::move(cert));
290 }
291
292 return results;
293 }
294
CloneWithDifferentIntermediates(std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates)295 scoped_refptr<X509Certificate> X509Certificate::CloneWithDifferentIntermediates(
296 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates) {
297 // If intermediates are the same, return another reference to the same
298 // object. Note that this only does a pointer equality comparison on the
299 // CRYPTO_BUFFERs, which is generally sufficient, but in some edge cases
300 // buffers have equal contents but with different addresses. This is
301 // acceptable as this is just an optimization.
302 if (intermediates == intermediate_ca_certs_) {
303 return this;
304 }
305
306 return base::WrapRefCounted(
307 new X509Certificate(*this, std::move(intermediates)));
308 }
309
Persist(base::Pickle * pickle) const310 void X509Certificate::Persist(base::Pickle* pickle) const {
311 DCHECK(cert_buffer_);
312 // This would be an absolutely insane number of intermediates.
313 if (intermediate_ca_certs_.size() > static_cast<size_t>(INT_MAX) - 1) {
314 NOTREACHED();
315 }
316 pickle->WriteInt(static_cast<int>(intermediate_ca_certs_.size() + 1));
317 pickle->WriteString(x509_util::CryptoBufferAsStringPiece(cert_buffer_.get()));
318 for (const auto& intermediate : intermediate_ca_certs_) {
319 pickle->WriteString(
320 x509_util::CryptoBufferAsStringPiece(intermediate.get()));
321 }
322 }
323
GetSubjectAltName(std::vector<std::string> * dns_names,std::vector<std::string> * ip_addrs) const324 bool X509Certificate::GetSubjectAltName(
325 std::vector<std::string>* dns_names,
326 std::vector<std::string>* ip_addrs) const {
327 if (dns_names)
328 dns_names->clear();
329 if (ip_addrs)
330 ip_addrs->clear();
331
332 bssl::der::Input tbs_certificate_tlv;
333 bssl::der::Input signature_algorithm_tlv;
334 bssl::der::BitString signature_value;
335 if (!bssl::ParseCertificate(bssl::der::Input(cert_span()),
336 &tbs_certificate_tlv, &signature_algorithm_tlv,
337 &signature_value, nullptr)) {
338 return false;
339 }
340
341 bssl::ParsedTbsCertificate tbs;
342 if (!ParseTbsCertificate(tbs_certificate_tlv,
343 x509_util::DefaultParseCertificateOptions(), &tbs,
344 nullptr))
345 return false;
346 if (!tbs.extensions_tlv)
347 return false;
348
349 std::map<bssl::der::Input, bssl::ParsedExtension> extensions;
350 if (!ParseExtensions(tbs.extensions_tlv.value(), &extensions))
351 return false;
352
353 bssl::ParsedExtension subject_alt_names_extension;
354 if (!ConsumeExtension(bssl::der::Input(bssl::kSubjectAltNameOid), &extensions,
355 &subject_alt_names_extension)) {
356 return false;
357 }
358
359 bssl::CertErrors errors;
360 std::unique_ptr<bssl::GeneralNames> subject_alt_names =
361 bssl::GeneralNames::Create(subject_alt_names_extension.value, &errors);
362 if (!subject_alt_names)
363 return false;
364
365 if (dns_names) {
366 for (const auto& dns_name : subject_alt_names->dns_names)
367 dns_names->push_back(std::string(dns_name));
368 }
369 if (ip_addrs) {
370 for (const auto& addr : subject_alt_names->ip_addresses) {
371 ip_addrs->push_back(std::string(addr.AsStringView()));
372 }
373 }
374
375 return !subject_alt_names->dns_names.empty() ||
376 !subject_alt_names->ip_addresses.empty();
377 }
378
HasExpired() const379 bool X509Certificate::HasExpired() const {
380 return base::Time::Now() > valid_expiry();
381 }
382
EqualsExcludingChain(const X509Certificate * other) const383 bool X509Certificate::EqualsExcludingChain(const X509Certificate* other) const {
384 return x509_util::CryptoBufferEqual(cert_buffer_.get(),
385 other->cert_buffer_.get());
386 }
387
EqualsIncludingChain(const X509Certificate * other) const388 bool X509Certificate::EqualsIncludingChain(const X509Certificate* other) const {
389 if (intermediate_ca_certs_.size() != other->intermediate_ca_certs_.size() ||
390 !EqualsExcludingChain(other)) {
391 return false;
392 }
393 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {
394 if (!x509_util::CryptoBufferEqual(intermediate_ca_certs_[i].get(),
395 other->intermediate_ca_certs_[i].get())) {
396 return false;
397 }
398 }
399 return true;
400 }
401
IsIssuedByEncoded(const std::vector<std::string> & valid_issuers) const402 bool X509Certificate::IsIssuedByEncoded(
403 const std::vector<std::string>& valid_issuers) const {
404 std::vector<std::string> normalized_issuers;
405 bssl::CertErrors errors;
406 for (const auto& raw_issuer : valid_issuers) {
407 bssl::der::Input issuer_value;
408 std::string normalized_issuer;
409 if (!ParseSequenceValue(bssl::der::Input(raw_issuer), &issuer_value) ||
410 !NormalizeName(issuer_value, &normalized_issuer, &errors)) {
411 continue;
412 }
413 normalized_issuers.push_back(std::move(normalized_issuer));
414 }
415
416 std::string normalized_cert_issuer;
417 if (!GetNormalizedCertIssuer(cert_buffer_.get(), &normalized_cert_issuer))
418 return false;
419 if (base::Contains(normalized_issuers, normalized_cert_issuer))
420 return true;
421
422 for (const auto& intermediate : intermediate_ca_certs_) {
423 if (!GetNormalizedCertIssuer(intermediate.get(), &normalized_cert_issuer))
424 return false;
425 if (base::Contains(normalized_issuers, normalized_cert_issuer))
426 return true;
427 }
428 return false;
429 }
430
431 // static
VerifyHostname(std::string_view hostname,const std::vector<std::string> & cert_san_dns_names,const std::vector<std::string> & cert_san_ip_addrs)432 bool X509Certificate::VerifyHostname(
433 std::string_view hostname,
434 const std::vector<std::string>& cert_san_dns_names,
435 const std::vector<std::string>& cert_san_ip_addrs) {
436 DCHECK(!hostname.empty());
437
438 if (cert_san_dns_names.empty() && cert_san_ip_addrs.empty()) {
439 // Either a dNSName or iPAddress subjectAltName MUST be present in order
440 // to match, so fail quickly if not.
441 return false;
442 }
443
444 // Perform name verification following http://tools.ietf.org/html/rfc6125.
445 // The terminology used in this method is as per that RFC:-
446 // Reference identifier == the host the local user/agent is intending to
447 // access, i.e. the thing displayed in the URL bar.
448 // Presented identifier(s) == name(s) the server knows itself as, in its cert.
449
450 // CanonicalizeHost requires surrounding brackets to parse an IPv6 address.
451 const std::string host_or_ip = hostname.find(':') != std::string::npos
452 ? base::StrCat({"[", hostname, "]"})
453 : std::string(hostname);
454 url::CanonHostInfo host_info;
455 std::string reference_name = CanonicalizeHost(host_or_ip, &host_info);
456
457 // If the host cannot be canonicalized, fail fast.
458 if (reference_name.empty())
459 return false;
460
461 // Fully handle all cases where |hostname| contains an IP address.
462 if (host_info.IsIPAddress()) {
463 std::string_view ip_addr_string(
464 reinterpret_cast<const char*>(host_info.address),
465 host_info.AddressLength());
466 return base::Contains(cert_san_ip_addrs, ip_addr_string);
467 }
468
469 // The host portion of a URL may support a variety of name resolution formats
470 // and services. However, the only supported name types in this code are IP
471 // addresses, which have been handled above via iPAddress subjectAltNames,
472 // and DNS names, via dNSName subjectAltNames.
473 // Validate that the host conforms to the DNS preferred name syntax, in
474 // either relative or absolute form, and exclude the "root" label for DNS.
475 if (reference_name == "." || !IsCanonicalizedHostCompliant(reference_name))
476 return false;
477
478 // CanonicalizeHost does not normalize absolute vs relative DNS names. If
479 // the input name was absolute (included trailing .), normalize it as if it
480 // was relative.
481 if (reference_name.back() == '.')
482 reference_name.pop_back();
483
484 // |reference_domain| is the remainder of |host| after the leading host
485 // component is stripped off, but includes the leading dot e.g.
486 // "www.f.com" -> ".f.com".
487 // If there is no meaningful domain part to |host| (e.g. it contains no dots)
488 // then |reference_domain| will be empty.
489 std::string_view reference_host, reference_domain;
490 SplitOnChar(reference_name, '.', &reference_host, &reference_domain);
491 bool allow_wildcards = false;
492 if (!reference_domain.empty()) {
493 DCHECK(reference_domain.starts_with("."));
494
495 // Do not allow wildcards for public/ICANN registry controlled domains -
496 // that is, prevent *.com or *.co.uk as valid presented names, but do not
497 // prevent *.appspot.com (a private registry controlled domain).
498 // In addition, unknown top-level domains (such as 'intranet' domains or
499 // new TLDs/gTLDs not yet added to the registry controlled domain dataset)
500 // are also implicitly prevented.
501 // Because |reference_domain| must contain at least one name component that
502 // is not registry controlled, this ensures that all reference domains
503 // contain at least three domain components when using wildcards.
504 size_t registry_length =
505 registry_controlled_domains::GetCanonicalHostRegistryLength(
506 reference_name,
507 registry_controlled_domains::INCLUDE_UNKNOWN_REGISTRIES,
508 registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES);
509
510 // Because |reference_name| was already canonicalized, the following
511 // should never happen.
512 CHECK_NE(std::string::npos, registry_length);
513
514 // Account for the leading dot in |reference_domain|.
515 bool is_registry_controlled =
516 registry_length != 0 &&
517 registry_length == (reference_domain.size() - 1);
518
519 // Additionally, do not attempt wildcard matching for purely numeric
520 // hostnames.
521 allow_wildcards =
522 !is_registry_controlled &&
523 reference_name.find_first_not_of("0123456789.") != std::string::npos;
524 }
525
526 // Now step through the DNS names doing wild card comparison (if necessary)
527 // on each against the reference name.
528 for (const auto& cert_san_dns_name : cert_san_dns_names) {
529 // Catch badly corrupt cert names up front.
530 if (cert_san_dns_name.empty() ||
531 cert_san_dns_name.find('\0') != std::string::npos) {
532 continue;
533 }
534 std::string presented_name(base::ToLowerASCII(cert_san_dns_name));
535
536 // Remove trailing dot, if any.
537 if (*presented_name.rbegin() == '.')
538 presented_name.resize(presented_name.length() - 1);
539
540 // The hostname must be at least as long as the cert name it is matching,
541 // as we require the wildcard (if present) to match at least one character.
542 if (presented_name.length() > reference_name.length())
543 continue;
544
545 std::string_view presented_host, presented_domain;
546 SplitOnChar(presented_name, '.', &presented_host, &presented_domain);
547
548 if (presented_domain != reference_domain)
549 continue;
550
551 if (presented_host != "*") {
552 if (presented_host == reference_host)
553 return true;
554 continue;
555 }
556
557 if (!allow_wildcards)
558 continue;
559
560 return true;
561 }
562 return false;
563 }
564
VerifyNameMatch(std::string_view hostname) const565 bool X509Certificate::VerifyNameMatch(std::string_view hostname) const {
566 std::vector<std::string> dns_names, ip_addrs;
567 GetSubjectAltName(&dns_names, &ip_addrs);
568 return VerifyHostname(hostname, dns_names, ip_addrs);
569 }
570
571 // static
GetPEMEncodedFromDER(std::string_view der_encoded,std::string * pem_encoded)572 bool X509Certificate::GetPEMEncodedFromDER(std::string_view der_encoded,
573 std::string* pem_encoded) {
574 if (der_encoded.empty())
575 return false;
576
577 *pem_encoded = bssl::PEMEncode(der_encoded, "CERTIFICATE");
578 return true;
579 }
580
581 // static
GetPEMEncoded(const CRYPTO_BUFFER * cert_buffer,std::string * pem_encoded)582 bool X509Certificate::GetPEMEncoded(const CRYPTO_BUFFER* cert_buffer,
583 std::string* pem_encoded) {
584 return GetPEMEncodedFromDER(x509_util::CryptoBufferAsStringPiece(cert_buffer),
585 pem_encoded);
586 }
587
GetPEMEncodedChain(std::vector<std::string> * pem_encoded) const588 bool X509Certificate::GetPEMEncodedChain(
589 std::vector<std::string>* pem_encoded) const {
590 std::vector<std::string> encoded_chain;
591 std::string pem_data;
592 if (!GetPEMEncoded(cert_buffer(), &pem_data))
593 return false;
594 encoded_chain.push_back(pem_data);
595 for (const auto& intermediate_ca_cert : intermediate_ca_certs_) {
596 if (!GetPEMEncoded(intermediate_ca_cert.get(), &pem_data))
597 return false;
598 encoded_chain.push_back(pem_data);
599 }
600 pem_encoded->swap(encoded_chain);
601 return true;
602 }
603
604 // static
GetPublicKeyInfo(const CRYPTO_BUFFER * cert_buffer,size_t * size_bits,PublicKeyType * type)605 void X509Certificate::GetPublicKeyInfo(const CRYPTO_BUFFER* cert_buffer,
606 size_t* size_bits,
607 PublicKeyType* type) {
608 *type = kPublicKeyTypeUnknown;
609 *size_bits = 0;
610
611 std::string_view spki;
612 if (!asn1::ExtractSPKIFromDERCert(
613 x509_util::CryptoBufferAsStringPiece(cert_buffer), &spki)) {
614 return;
615 }
616
617 bssl::UniquePtr<EVP_PKEY> pkey;
618 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
619 CBS cbs;
620 CBS_init(&cbs, reinterpret_cast<const uint8_t*>(spki.data()), spki.size());
621 pkey.reset(EVP_parse_public_key(&cbs));
622 if (!pkey)
623 return;
624
625 switch (EVP_PKEY_id(pkey.get())) {
626 case EVP_PKEY_RSA:
627 *type = kPublicKeyTypeRSA;
628 break;
629 case EVP_PKEY_EC:
630 *type = kPublicKeyTypeECDSA;
631 break;
632 }
633 *size_bits = base::saturated_cast<size_t>(EVP_PKEY_bits(pkey.get()));
634 }
635
636 // static
637 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>>
CreateCertBuffersFromBytes(base::span<const uint8_t> data,Format format)638 X509Certificate::CreateCertBuffersFromBytes(base::span<const uint8_t> data,
639 Format format) {
640 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> results;
641
642 switch (format) {
643 case FORMAT_SINGLE_CERTIFICATE: {
644 bssl::UniquePtr<CRYPTO_BUFFER> handle =
645 CreateCertBufferFromBytesWithSanityCheck(data);
646 if (handle)
647 results.push_back(std::move(handle));
648 break;
649 }
650 case FORMAT_PKCS7: {
651 x509_util::CreateCertBuffersFromPKCS7Bytes(data, &results);
652 break;
653 }
654 default: {
655 NOTREACHED() << "Certificate format " << format << " unimplemented";
656 }
657 }
658
659 return results;
660 }
661
662 // static
CalculateFingerprint256(const CRYPTO_BUFFER * cert)663 SHA256HashValue X509Certificate::CalculateFingerprint256(
664 const CRYPTO_BUFFER* cert) {
665 SHA256HashValue sha256;
666
667 SHA256(CRYPTO_BUFFER_data(cert), CRYPTO_BUFFER_len(cert), sha256.data);
668 return sha256;
669 }
670
CalculateChainFingerprint256() const671 SHA256HashValue X509Certificate::CalculateChainFingerprint256() const {
672 SHA256HashValue sha256;
673 memset(sha256.data, 0, sizeof(sha256.data));
674
675 SHA256_CTX sha256_ctx;
676 SHA256_Init(&sha256_ctx);
677 SHA256_Update(&sha256_ctx, CRYPTO_BUFFER_data(cert_buffer_.get()),
678 CRYPTO_BUFFER_len(cert_buffer_.get()));
679 for (const auto& cert : intermediate_ca_certs_) {
680 SHA256_Update(&sha256_ctx, CRYPTO_BUFFER_data(cert.get()),
681 CRYPTO_BUFFER_len(cert.get()));
682 }
683 SHA256_Final(sha256.data, &sha256_ctx);
684
685 return sha256;
686 }
687
688 // static
IsSelfSigned(CRYPTO_BUFFER * cert_buffer)689 bool X509Certificate::IsSelfSigned(CRYPTO_BUFFER* cert_buffer) {
690 std::shared_ptr<const bssl::ParsedCertificate> parsed_cert =
691 bssl::ParsedCertificate::Create(
692 bssl::UpRef(cert_buffer), x509_util::DefaultParseCertificateOptions(),
693 /*errors=*/nullptr);
694 if (!parsed_cert) {
695 return false;
696 }
697 return VerifyCertificateIsSelfSigned(*parsed_cert, /*cache=*/nullptr,
698 /*errors=*/nullptr);
699 }
700
X509Certificate(ParsedFields parsed,bssl::UniquePtr<CRYPTO_BUFFER> cert_buffer,std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates)701 X509Certificate::X509Certificate(
702 ParsedFields parsed,
703 bssl::UniquePtr<CRYPTO_BUFFER> cert_buffer,
704 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates)
705 : parsed_(std::move(parsed)),
706 cert_buffer_(std::move(cert_buffer)),
707 intermediate_ca_certs_(std::move(intermediates)) {}
708
X509Certificate(const X509Certificate & other,std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates)709 X509Certificate::X509Certificate(
710 const X509Certificate& other,
711 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates)
712 : parsed_(other.parsed_),
713 cert_buffer_(bssl::UpRef(other.cert_buffer_)),
714 intermediate_ca_certs_(std::move(intermediates)) {}
715
716 X509Certificate::~X509Certificate() = default;
717
cert_span() const718 base::span<const uint8_t> X509Certificate::cert_span() const {
719 return x509_util::CryptoBufferAsSpan(cert_buffer_.get());
720 }
721
722 X509Certificate::ParsedFields::ParsedFields() = default;
723 X509Certificate::ParsedFields::ParsedFields(const ParsedFields&) = default;
724 X509Certificate::ParsedFields::ParsedFields(ParsedFields&&) = default;
725 X509Certificate::ParsedFields::~ParsedFields() = default;
726
Initialize(const CRYPTO_BUFFER * cert_buffer,X509Certificate::UnsafeCreateOptions options)727 bool X509Certificate::ParsedFields::Initialize(
728 const CRYPTO_BUFFER* cert_buffer,
729 X509Certificate::UnsafeCreateOptions options) {
730 bssl::der::Input tbs_certificate_tlv;
731 bssl::der::Input signature_algorithm_tlv;
732 bssl::der::BitString signature_value;
733
734 if (!bssl::ParseCertificate(
735 bssl::der::Input(x509_util::CryptoBufferAsSpan(cert_buffer)),
736 &tbs_certificate_tlv, &signature_algorithm_tlv, &signature_value,
737 nullptr)) {
738 return false;
739 }
740
741 bssl::ParsedTbsCertificate tbs;
742 if (!ParseTbsCertificate(tbs_certificate_tlv,
743 x509_util::DefaultParseCertificateOptions(), &tbs,
744 nullptr))
745 return false;
746
747 CertPrincipal::PrintableStringHandling printable_string_handling =
748 options.printable_string_is_utf8
749 ? CertPrincipal::PrintableStringHandling::kAsUTF8Hack
750 : CertPrincipal::PrintableStringHandling::kDefault;
751 if (!subject_.ParseDistinguishedName(tbs.subject_tlv,
752 printable_string_handling) ||
753 !issuer_.ParseDistinguishedName(tbs.issuer_tlv,
754 printable_string_handling)) {
755 return false;
756 }
757
758 if (!GeneralizedTimeToTime(tbs.validity_not_before, &valid_start_) ||
759 !GeneralizedTimeToTime(tbs.validity_not_after, &valid_expiry_)) {
760 return false;
761 }
762 serial_number_ = tbs.serial_number.AsString();
763 return true;
764 }
765
766 } // namespace net
767