1 // Copyright 2019 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifdef UNSAFE_BUFFERS_BUILD
6 // TODO(crbug.com/40284755): Remove this and spanify to fix the errors.
7 #pragma allow_unsafe_buffers
8 #endif
9
10 #include "net/test/cert_builder.h"
11
12 #include <map>
13 #include <memory>
14 #include <optional>
15 #include <string>
16 #include <string_view>
17 #include <utility>
18 #include <vector>
19
20 #include "base/files/file_path.h"
21 #include "base/memory/ptr_util.h"
22 #include "base/memory/scoped_refptr.h"
23 #include "base/notreached.h"
24 #include "base/ranges/algorithm.h"
25 #include "base/strings/string_number_conversions.h"
26 #include "base/strings/string_util.h"
27 #include "base/time/time.h"
28 #include "crypto/ec_private_key.h"
29 #include "crypto/rsa_private_key.h"
30 #include "crypto/sha2.h"
31 #include "net/cert/asn1_util.h"
32 #include "net/cert/ct_objects_extractor.h"
33 #include "net/cert/ct_serialization.h"
34 #include "net/cert/signed_certificate_timestamp.h"
35 #include "net/cert/time_conversions.h"
36 #include "net/cert/x509_util.h"
37 #include "net/test/cert_test_util.h"
38 #include "net/test/key_util.h"
39 #include "net/test/test_data_directory.h"
40 #include "testing/gtest/include/gtest/gtest.h"
41 #include "third_party/boringssl/src/include/openssl/evp.h"
42 #include "third_party/boringssl/src/include/openssl/mem.h"
43 #include "third_party/boringssl/src/pki/certificate_policies.h"
44 #include "third_party/boringssl/src/pki/extended_key_usage.h"
45 #include "third_party/boringssl/src/pki/input.h"
46 #include "third_party/boringssl/src/pki/parse_certificate.h"
47 #include "third_party/boringssl/src/pki/parse_values.h"
48 #include "third_party/boringssl/src/pki/parser.h"
49 #include "third_party/boringssl/src/pki/verify_signed_data.h"
50 #include "url/gurl.h"
51
52 namespace net {
53
54 namespace {
55
56 constexpr char kSimpleChainHostname[] = "www.example.com";
57
Sha256WithRSAEncryption()58 std::string Sha256WithRSAEncryption() {
59 const uint8_t kSha256WithRSAEncryption[] = {0x30, 0x0D, 0x06, 0x09, 0x2a,
60 0x86, 0x48, 0x86, 0xf7, 0x0d,
61 0x01, 0x01, 0x0b, 0x05, 0x00};
62 return std::string(std::begin(kSha256WithRSAEncryption),
63 std::end(kSha256WithRSAEncryption));
64 }
65
Sha1WithRSAEncryption()66 std::string Sha1WithRSAEncryption() {
67 const uint8_t kSha1WithRSAEncryption[] = {0x30, 0x0D, 0x06, 0x09, 0x2a,
68 0x86, 0x48, 0x86, 0xf7, 0x0d,
69 0x01, 0x01, 0x05, 0x05, 0x00};
70 return std::string(std::begin(kSha1WithRSAEncryption),
71 std::end(kSha1WithRSAEncryption));
72 }
73
EcdsaWithSha256()74 std::string EcdsaWithSha256() {
75 const uint8_t kDer[] = {0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86,
76 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02};
77 return std::string(std::begin(kDer), std::end(kDer));
78 }
79
EcdsaWithSha1()80 std::string EcdsaWithSha1() {
81 const uint8_t kDer[] = {0x30, 0x09, 0x06, 0x07, 0x2a, 0x86,
82 0x48, 0xce, 0x3d, 0x04, 0x01};
83 return std::string(std::begin(kDer), std::end(kDer));
84 }
85
86 // Adds bytes (specified as a std::string_view) to the given CBB.
87 // The argument ordering follows the boringssl CBB_* api style.
CBBAddBytes(CBB * cbb,std::string_view bytes)88 bool CBBAddBytes(CBB* cbb, std::string_view bytes) {
89 return CBB_add_bytes(cbb, reinterpret_cast<const uint8_t*>(bytes.data()),
90 bytes.size());
91 }
92
93 // Adds bytes (from fixed size array) to the given CBB.
94 // The argument ordering follows the boringssl CBB_* api style.
95 template <size_t N>
CBBAddBytes(CBB * cbb,const uint8_t (& data)[N])96 bool CBBAddBytes(CBB* cbb, const uint8_t (&data)[N]) {
97 return CBB_add_bytes(cbb, data, N);
98 }
99
100 // Finalizes the CBB to a std::string.
FinishCBB(CBB * cbb)101 std::string FinishCBB(CBB* cbb) {
102 size_t cbb_len;
103 uint8_t* cbb_bytes;
104
105 if (!CBB_finish(cbb, &cbb_bytes, &cbb_len)) {
106 ADD_FAILURE() << "CBB_finish() failed";
107 return std::string();
108 }
109
110 bssl::UniquePtr<uint8_t> delete_bytes(cbb_bytes);
111 return std::string(reinterpret_cast<char*>(cbb_bytes), cbb_len);
112 }
113
114 // Finalizes the CBB to a std::vector.
FinishCBBToVector(CBB * cbb)115 std::vector<uint8_t> FinishCBBToVector(CBB* cbb) {
116 size_t cbb_len;
117 uint8_t* cbb_bytes;
118
119 if (!CBB_finish(cbb, &cbb_bytes, &cbb_len)) {
120 ADD_FAILURE() << "CBB_finish() failed";
121 return {};
122 }
123
124 bssl::UniquePtr<uint8_t> delete_bytes(cbb_bytes);
125 return std::vector<uint8_t>(cbb_bytes, cbb_bytes + cbb_len);
126 }
127
128 } // namespace
129
130 CertBuilder::SctConfig::SctConfig() = default;
SctConfig(std::string log_id,bssl::UniquePtr<EVP_PKEY> log_key,base::Time timestamp)131 CertBuilder::SctConfig::SctConfig(std::string log_id,
132 bssl::UniquePtr<EVP_PKEY> log_key,
133 base::Time timestamp)
134 : log_id(std::move(log_id)),
135 log_key(std::move(log_key)),
136 timestamp(timestamp) {}
SctConfig(const SctConfig & other)137 CertBuilder::SctConfig::SctConfig(const SctConfig& other)
138 : SctConfig(other.log_id,
139 bssl::UpRef(other.log_key.get()),
140 other.timestamp) {}
141 CertBuilder::SctConfig::SctConfig(SctConfig&&) = default;
142 CertBuilder::SctConfig::~SctConfig() = default;
operator =(const SctConfig & other)143 CertBuilder::SctConfig& CertBuilder::SctConfig::operator=(
144 const SctConfig& other) {
145 log_id = other.log_id;
146 log_key = bssl::UpRef(other.log_key.get());
147 timestamp = other.timestamp;
148 return *this;
149 }
150 CertBuilder::SctConfig& CertBuilder::SctConfig::operator=(SctConfig&&) =
151 default;
152
CertBuilder(CRYPTO_BUFFER * orig_cert,CertBuilder * issuer)153 CertBuilder::CertBuilder(CRYPTO_BUFFER* orig_cert, CertBuilder* issuer)
154 : CertBuilder(orig_cert, issuer, /*unique_subject_key_identifier=*/true) {}
155
156 // static
FromFile(const base::FilePath & cert_and_key_file,CertBuilder * issuer)157 std::unique_ptr<CertBuilder> CertBuilder::FromFile(
158 const base::FilePath& cert_and_key_file,
159 CertBuilder* issuer) {
160 scoped_refptr<X509Certificate> cert = ImportCertFromFile(cert_and_key_file);
161 if (!cert)
162 return nullptr;
163
164 bssl::UniquePtr<EVP_PKEY> private_key(
165 key_util::LoadEVP_PKEYFromPEM(cert_and_key_file));
166 if (!private_key)
167 return nullptr;
168
169 auto builder = base::WrapUnique(new CertBuilder(cert->cert_buffer(), issuer));
170 builder->key_ = std::move(private_key);
171 return builder;
172 }
173
174 // static
FromStaticCert(CRYPTO_BUFFER * cert,EVP_PKEY * key)175 std::unique_ptr<CertBuilder> CertBuilder::FromStaticCert(CRYPTO_BUFFER* cert,
176 EVP_PKEY* key) {
177 std::unique_ptr<CertBuilder> builder = base::WrapUnique(
178 new CertBuilder(cert, nullptr, /*unique_subject_key_identifier=*/false));
179 // |cert_|, |key_|, and |subject_tlv_| must be initialized for |builder| to
180 // function as the |issuer| of another CertBuilder.
181 builder->cert_ = bssl::UpRef(cert);
182 builder->key_ = bssl::UpRef(key);
183 std::string_view subject_tlv;
184 CHECK(asn1::ExtractSubjectFromDERCert(
185 x509_util::CryptoBufferAsStringPiece(cert), &subject_tlv));
186 builder->subject_tlv_ = std::string(subject_tlv);
187 return builder;
188 }
189
190 // static
FromStaticCertFile(const base::FilePath & cert_and_key_file)191 std::unique_ptr<CertBuilder> CertBuilder::FromStaticCertFile(
192 const base::FilePath& cert_and_key_file) {
193 scoped_refptr<X509Certificate> cert = ImportCertFromFile(cert_and_key_file);
194 if (!cert)
195 return nullptr;
196
197 bssl::UniquePtr<EVP_PKEY> private_key(
198 key_util::LoadEVP_PKEYFromPEM(cert_and_key_file));
199 if (!private_key)
200 return nullptr;
201
202 return CertBuilder::FromStaticCert(cert->cert_buffer(), private_key.get());
203 }
204
205 // static
FromSubjectPublicKeyInfo(base::span<const uint8_t> spki_der,CertBuilder * issuer)206 std::unique_ptr<CertBuilder> CertBuilder::FromSubjectPublicKeyInfo(
207 base::span<const uint8_t> spki_der,
208 CertBuilder* issuer) {
209 DCHECK(issuer);
210 auto builder = std::make_unique<CertBuilder>(/*orig_cert=*/nullptr, issuer);
211
212 CBS cbs;
213 CBS_init(&cbs, spki_der.data(), spki_der.size());
214 builder->key_ = bssl::UniquePtr<EVP_PKEY>(EVP_parse_public_key(&cbs));
215 // Check that there was no error in `EVP_parse_public_key` and that it
216 // consumed the entire public key.
217 if (!builder->key_ || (CBS_len(&cbs) != 0))
218 return nullptr;
219
220 return builder;
221 }
222
223 CertBuilder::~CertBuilder() = default;
224
225 // static
CreateSimpleChain(size_t chain_length)226 std::vector<std::unique_ptr<CertBuilder>> CertBuilder::CreateSimpleChain(
227 size_t chain_length) {
228 std::vector<std::unique_ptr<CertBuilder>> chain;
229 base::Time not_before = base::Time::Now() - base::Days(7);
230 base::Time not_after = base::Time::Now() + base::Days(7);
231 CertBuilder* parent_builder = nullptr;
232 for (size_t remaining_chain_length = chain_length; remaining_chain_length;
233 remaining_chain_length--) {
234 auto builder = std::make_unique<CertBuilder>(nullptr, parent_builder);
235 builder->SetValidity(not_before, not_after);
236 if (remaining_chain_length > 1) {
237 // CA properties:
238 builder->SetBasicConstraints(/*is_ca=*/true, /*path_len=*/-1);
239 builder->SetKeyUsages(
240 {bssl::KEY_USAGE_BIT_KEY_CERT_SIGN, bssl::KEY_USAGE_BIT_CRL_SIGN});
241 } else {
242 // Leaf properties:
243 builder->SetBasicConstraints(/*is_ca=*/false, /*path_len=*/-1);
244 builder->SetKeyUsages({bssl::KEY_USAGE_BIT_DIGITAL_SIGNATURE});
245 builder->SetExtendedKeyUsages({bssl::der::Input(bssl::kServerAuth)});
246 builder->SetSubjectAltName(kSimpleChainHostname);
247 }
248 parent_builder = builder.get();
249 chain.push_back(std::move(builder));
250 }
251 base::ranges::reverse(chain);
252 return chain;
253 }
254
255 // static
CreateSimpleChain3()256 std::array<std::unique_ptr<CertBuilder>, 3> CertBuilder::CreateSimpleChain3() {
257 auto chain = CreateSimpleChain(3);
258 return {std::move(chain[0]), std::move(chain[1]), std::move(chain[2])};
259 }
260
261 // static
CreateSimpleChain2()262 std::array<std::unique_ptr<CertBuilder>, 2> CertBuilder::CreateSimpleChain2() {
263 auto chain = CreateSimpleChain(2);
264 return {std::move(chain[0]), std::move(chain[1])};
265 }
266
267 // static
268 std::optional<bssl::SignatureAlgorithm>
DefaultSignatureAlgorithmForKey(EVP_PKEY * key)269 CertBuilder::DefaultSignatureAlgorithmForKey(EVP_PKEY* key) {
270 if (EVP_PKEY_id(key) == EVP_PKEY_RSA)
271 return bssl::SignatureAlgorithm::kRsaPkcs1Sha256;
272 if (EVP_PKEY_id(key) == EVP_PKEY_EC)
273 return bssl::SignatureAlgorithm::kEcdsaSha256;
274 return std::nullopt;
275 }
276
277 // static
SignData(bssl::SignatureAlgorithm signature_algorithm,std::string_view tbs_data,EVP_PKEY * key,CBB * out_signature)278 bool CertBuilder::SignData(bssl::SignatureAlgorithm signature_algorithm,
279 std::string_view tbs_data,
280 EVP_PKEY* key,
281 CBB* out_signature) {
282 if (!key)
283 return false;
284
285 int expected_pkey_id = 1;
286 const EVP_MD* digest;
287 switch (signature_algorithm) {
288 case bssl::SignatureAlgorithm::kRsaPkcs1Sha1:
289 expected_pkey_id = EVP_PKEY_RSA;
290 digest = EVP_sha1();
291 break;
292 case bssl::SignatureAlgorithm::kRsaPkcs1Sha256:
293 expected_pkey_id = EVP_PKEY_RSA;
294 digest = EVP_sha256();
295 break;
296 case bssl::SignatureAlgorithm::kRsaPkcs1Sha384:
297 expected_pkey_id = EVP_PKEY_RSA;
298 digest = EVP_sha384();
299 break;
300 case bssl::SignatureAlgorithm::kRsaPkcs1Sha512:
301 expected_pkey_id = EVP_PKEY_RSA;
302 digest = EVP_sha512();
303 break;
304
305 case bssl::SignatureAlgorithm::kEcdsaSha1:
306 expected_pkey_id = EVP_PKEY_EC;
307 digest = EVP_sha1();
308 break;
309 case bssl::SignatureAlgorithm::kEcdsaSha256:
310 expected_pkey_id = EVP_PKEY_EC;
311 digest = EVP_sha256();
312 break;
313 case bssl::SignatureAlgorithm::kEcdsaSha384:
314 expected_pkey_id = EVP_PKEY_EC;
315 digest = EVP_sha384();
316 break;
317 case bssl::SignatureAlgorithm::kEcdsaSha512:
318 expected_pkey_id = EVP_PKEY_EC;
319 digest = EVP_sha512();
320 break;
321
322 case bssl::SignatureAlgorithm::kRsaPssSha256:
323 case bssl::SignatureAlgorithm::kRsaPssSha384:
324 case bssl::SignatureAlgorithm::kRsaPssSha512:
325 // Unsupported algorithms.
326 return false;
327 }
328
329 return expected_pkey_id == EVP_PKEY_id(key) &&
330 SignDataWithDigest(digest, tbs_data, key, out_signature);
331 }
332
333 // static
SignDataWithDigest(const EVP_MD * digest,std::string_view tbs_data,EVP_PKEY * key,CBB * out_signature)334 bool CertBuilder::SignDataWithDigest(const EVP_MD* digest,
335 std::string_view tbs_data,
336 EVP_PKEY* key,
337 CBB* out_signature) {
338 const uint8_t* tbs_bytes = reinterpret_cast<const uint8_t*>(tbs_data.data());
339 bssl::ScopedEVP_MD_CTX ctx;
340 uint8_t* sig_out;
341 size_t sig_len;
342
343 return EVP_DigestSignInit(ctx.get(), nullptr, digest, nullptr, key) &&
344 EVP_DigestSign(ctx.get(), nullptr, &sig_len, tbs_bytes,
345 tbs_data.size()) &&
346 CBB_reserve(out_signature, &sig_out, sig_len) &&
347 EVP_DigestSign(ctx.get(), sig_out, &sig_len, tbs_bytes,
348 tbs_data.size()) &&
349 CBB_did_write(out_signature, sig_len);
350 }
351
352 // static
SignatureAlgorithmToDer(bssl::SignatureAlgorithm signature_algorithm)353 std::string CertBuilder::SignatureAlgorithmToDer(
354 bssl::SignatureAlgorithm signature_algorithm) {
355 switch (signature_algorithm) {
356 case bssl::SignatureAlgorithm::kRsaPkcs1Sha1:
357 return Sha1WithRSAEncryption();
358 case bssl::SignatureAlgorithm::kRsaPkcs1Sha256:
359 return Sha256WithRSAEncryption();
360 case bssl::SignatureAlgorithm::kEcdsaSha1:
361 return EcdsaWithSha1();
362 case bssl::SignatureAlgorithm::kEcdsaSha256:
363 return EcdsaWithSha256();
364 default:
365 ADD_FAILURE();
366 return std::string();
367 }
368 }
369
370 // static
MakeRandomHexString(size_t num_bytes)371 std::string CertBuilder::MakeRandomHexString(size_t num_bytes) {
372 std::vector<uint8_t> rand_bytes(num_bytes);
373 base::RandBytes(rand_bytes);
374 return base::HexEncode(rand_bytes);
375 }
376
377 // static
BuildNameWithCommonNameOfType(std::string_view common_name,unsigned common_name_tag)378 std::vector<uint8_t> CertBuilder::BuildNameWithCommonNameOfType(
379 std::string_view common_name,
380 unsigned common_name_tag) {
381 // See RFC 4519.
382 static const uint8_t kCommonName[] = {0x55, 0x04, 0x03};
383
384 // See RFC 5280, section 4.1.2.4.
385 bssl::ScopedCBB cbb;
386 CBB rdns, rdn, attr, type, value;
387 if (!CBB_init(cbb.get(), 64) ||
388 !CBB_add_asn1(cbb.get(), &rdns, CBS_ASN1_SEQUENCE) ||
389 !CBB_add_asn1(&rdns, &rdn, CBS_ASN1_SET) ||
390 !CBB_add_asn1(&rdn, &attr, CBS_ASN1_SEQUENCE) ||
391 !CBB_add_asn1(&attr, &type, CBS_ASN1_OBJECT) ||
392 !CBBAddBytes(&type, kCommonName) ||
393 !CBB_add_asn1(&attr, &value, common_name_tag) ||
394 !CBBAddBytes(&value, common_name)) {
395 ADD_FAILURE();
396 return {};
397 }
398
399 return FinishCBBToVector(cbb.get());
400 }
401
SetCertificateVersion(bssl::CertificateVersion version)402 void CertBuilder::SetCertificateVersion(bssl::CertificateVersion version) {
403 version_ = version;
404 Invalidate();
405 }
406
SetExtension(const bssl::der::Input & oid,std::string value,bool critical)407 void CertBuilder::SetExtension(const bssl::der::Input& oid,
408 std::string value,
409 bool critical) {
410 auto& extension_value = extensions_[oid.AsString()];
411 extension_value.critical = critical;
412 extension_value.value = std::move(value);
413
414 Invalidate();
415 }
416
EraseExtension(const bssl::der::Input & oid)417 void CertBuilder::EraseExtension(const bssl::der::Input& oid) {
418 extensions_.erase(oid.AsString());
419
420 Invalidate();
421 }
422
ClearExtensions()423 void CertBuilder::ClearExtensions() {
424 extensions_.clear();
425 Invalidate();
426 }
427
SetBasicConstraints(bool is_ca,int path_len)428 void CertBuilder::SetBasicConstraints(bool is_ca, int path_len) {
429 // From RFC 5280:
430 //
431 // BasicConstraints ::= SEQUENCE {
432 // cA BOOLEAN DEFAULT FALSE,
433 // pathLenConstraint INTEGER (0..MAX) OPTIONAL }
434 bssl::ScopedCBB cbb;
435 CBB basic_constraints;
436 ASSERT_TRUE(CBB_init(cbb.get(), 64));
437 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &basic_constraints, CBS_ASN1_SEQUENCE));
438 if (is_ca)
439 ASSERT_TRUE(CBB_add_asn1_bool(&basic_constraints, true));
440 if (path_len >= 0)
441 ASSERT_TRUE(CBB_add_asn1_uint64(&basic_constraints, path_len));
442
443 SetExtension(bssl::der::Input(bssl::kBasicConstraintsOid),
444 FinishCBB(cbb.get()),
445 /*critical=*/true);
446 }
447
448 namespace {
AddNameConstraintsSubTrees(CBB * cbb,const std::vector<std::string> & dns_names)449 void AddNameConstraintsSubTrees(CBB* cbb,
450 const std::vector<std::string>& dns_names) {
451 CBB subtrees;
452 ASSERT_TRUE(CBB_add_asn1(
453 cbb, &subtrees, CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0));
454 for (const auto& name : dns_names) {
455 CBB subtree;
456 ASSERT_TRUE(CBB_add_asn1(&subtrees, &subtree, CBS_ASN1_SEQUENCE));
457 CBB general_name;
458 ASSERT_TRUE(
459 CBB_add_asn1(&subtree, &general_name, CBS_ASN1_CONTEXT_SPECIFIC | 2));
460 ASSERT_TRUE(CBBAddBytes(&general_name, name));
461 ASSERT_TRUE(CBB_flush(&subtrees));
462 }
463 ASSERT_TRUE(CBB_flush(cbb));
464 }
465 } // namespace
466
SetNameConstraintsDnsNames(const std::vector<std::string> & permitted_dns_names,const std::vector<std::string> & excluded_dns_names)467 void CertBuilder::SetNameConstraintsDnsNames(
468 const std::vector<std::string>& permitted_dns_names,
469 const std::vector<std::string>& excluded_dns_names) {
470 // From RFC 5280:
471 //
472 // id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }
473 //
474 // NameConstraints ::= SEQUENCE {
475 // permittedSubtrees [0] GeneralSubtrees OPTIONAL,
476 // excludedSubtrees [1] GeneralSubtrees OPTIONAL }
477 //
478 // GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
479 //
480 // GeneralSubtree ::= SEQUENCE {
481 // base GeneralName,
482 // minimum [0] BaseDistance DEFAULT 0,
483 // maximum [1] BaseDistance OPTIONAL }
484 //
485 // BaseDistance ::= INTEGER (0..MAX)
486
487 if (permitted_dns_names.empty() && excluded_dns_names.empty()) {
488 EraseExtension(bssl::der::Input(bssl::kNameConstraintsOid));
489 return;
490 }
491
492 bssl::ScopedCBB cbb;
493 CBB name_constraints;
494 ASSERT_TRUE(CBB_init(cbb.get(), 64));
495 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &name_constraints, CBS_ASN1_SEQUENCE));
496 if (!permitted_dns_names.empty()) {
497 ASSERT_NO_FATAL_FAILURE(
498 AddNameConstraintsSubTrees(&name_constraints, permitted_dns_names));
499 }
500 if (!excluded_dns_names.empty()) {
501 ASSERT_NO_FATAL_FAILURE(
502 AddNameConstraintsSubTrees(&name_constraints, excluded_dns_names));
503 }
504 SetExtension(bssl::der::Input(bssl::kNameConstraintsOid),
505 FinishCBB(cbb.get()),
506 /*critical=*/true);
507 }
508
SetCaIssuersUrl(const GURL & url)509 void CertBuilder::SetCaIssuersUrl(const GURL& url) {
510 SetCaIssuersAndOCSPUrls({url}, {});
511 }
512
SetCaIssuersAndOCSPUrls(const std::vector<GURL> & ca_issuers_urls,const std::vector<GURL> & ocsp_urls)513 void CertBuilder::SetCaIssuersAndOCSPUrls(
514 const std::vector<GURL>& ca_issuers_urls,
515 const std::vector<GURL>& ocsp_urls) {
516 std::vector<std::pair<bssl::der::Input, GURL>> entries;
517 for (const auto& url : ca_issuers_urls)
518 entries.emplace_back(bssl::der::Input(bssl::kAdCaIssuersOid), url);
519 for (const auto& url : ocsp_urls)
520 entries.emplace_back(bssl::der::Input(bssl::kAdOcspOid), url);
521
522 if (entries.empty()) {
523 EraseExtension(bssl::der::Input(bssl::kAuthorityInfoAccessOid));
524 return;
525 }
526
527 // From RFC 5280:
528 //
529 // AuthorityInfoAccessSyntax ::=
530 // SEQUENCE SIZE (1..MAX) OF AccessDescription
531 //
532 // AccessDescription ::= SEQUENCE {
533 // accessMethod OBJECT IDENTIFIER,
534 // accessLocation GeneralName }
535 bssl::ScopedCBB cbb;
536 CBB aia;
537 ASSERT_TRUE(CBB_init(cbb.get(), 64));
538 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &aia, CBS_ASN1_SEQUENCE));
539
540 for (const auto& entry : entries) {
541 CBB access_description, access_method, access_location;
542 ASSERT_TRUE(CBB_add_asn1(&aia, &access_description, CBS_ASN1_SEQUENCE));
543 ASSERT_TRUE(
544 CBB_add_asn1(&access_description, &access_method, CBS_ASN1_OBJECT));
545 ASSERT_TRUE(CBBAddBytes(&access_method, entry.first.AsStringView()));
546 ASSERT_TRUE(CBB_add_asn1(&access_description, &access_location,
547 CBS_ASN1_CONTEXT_SPECIFIC | 6));
548 ASSERT_TRUE(CBBAddBytes(&access_location, entry.second.spec()));
549 ASSERT_TRUE(CBB_flush(&aia));
550 }
551
552 SetExtension(bssl::der::Input(bssl::kAuthorityInfoAccessOid),
553 FinishCBB(cbb.get()));
554 }
555
SetCrlDistributionPointUrl(const GURL & url)556 void CertBuilder::SetCrlDistributionPointUrl(const GURL& url) {
557 SetCrlDistributionPointUrls({url});
558 }
559
SetCrlDistributionPointUrls(const std::vector<GURL> & urls)560 void CertBuilder::SetCrlDistributionPointUrls(const std::vector<GURL>& urls) {
561 bssl::ScopedCBB cbb;
562 ASSERT_TRUE(CBB_init(cbb.get(), 64));
563 CBB dps, dp, dp_name, dp_fullname;
564
565 // CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
566 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &dps, CBS_ASN1_SEQUENCE));
567
568 // DistributionPoint ::= SEQUENCE {
569 // distributionPoint [0] DistributionPointName OPTIONAL,
570 // reasons [1] ReasonFlags OPTIONAL,
571 // cRLIssuer [2] bssl::GeneralNames OPTIONAL }
572 ASSERT_TRUE(CBB_add_asn1(&dps, &dp, CBS_ASN1_SEQUENCE));
573 ASSERT_TRUE(CBB_add_asn1(
574 &dp, &dp_name, CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0));
575
576 // DistributionPointName ::= CHOICE {
577 // fullName [0] bssl::GeneralNames,
578 // nameRelativeToCRLIssuer [1] bssl::RelativeDistinguishedName }
579 ASSERT_TRUE(
580 CBB_add_asn1(&dp_name, &dp_fullname,
581 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0));
582
583 // bssl::GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
584 // GeneralName ::= CHOICE {
585 // uniformResourceIdentifier [6] IA5String,
586 for (const auto& url : urls) {
587 CBB dp_url;
588 ASSERT_TRUE(
589 CBB_add_asn1(&dp_fullname, &dp_url, CBS_ASN1_CONTEXT_SPECIFIC | 6));
590 ASSERT_TRUE(CBBAddBytes(&dp_url, url.spec()));
591 ASSERT_TRUE(CBB_flush(&dp_fullname));
592 }
593
594 SetExtension(bssl::der::Input(bssl::kCrlDistributionPointsOid),
595 FinishCBB(cbb.get()));
596 }
597
SetIssuerTLV(base::span<const uint8_t> issuer_tlv)598 void CertBuilder::SetIssuerTLV(base::span<const uint8_t> issuer_tlv) {
599 if (issuer_tlv.empty())
600 issuer_tlv_ = std::nullopt;
601 else
602 issuer_tlv_ = std::string(issuer_tlv.begin(), issuer_tlv.end());
603 Invalidate();
604 }
605
SetSubjectCommonName(std::string_view common_name)606 void CertBuilder::SetSubjectCommonName(std::string_view common_name) {
607 SetSubjectTLV(
608 BuildNameWithCommonNameOfType(common_name, CBS_ASN1_UTF8STRING));
609 Invalidate();
610 }
611
SetSubjectTLV(base::span<const uint8_t> subject_tlv)612 void CertBuilder::SetSubjectTLV(base::span<const uint8_t> subject_tlv) {
613 subject_tlv_.assign(subject_tlv.begin(), subject_tlv.end());
614 Invalidate();
615 }
616
SetSubjectAltName(std::string_view dns_name)617 void CertBuilder::SetSubjectAltName(std::string_view dns_name) {
618 SetSubjectAltNames({std::string(dns_name)}, {});
619 }
620
SetSubjectAltNames(const std::vector<std::string> & dns_names,const std::vector<IPAddress> & ip_addresses)621 void CertBuilder::SetSubjectAltNames(
622 const std::vector<std::string>& dns_names,
623 const std::vector<IPAddress>& ip_addresses) {
624 // From RFC 5280:
625 //
626 // SubjectAltName ::= bssl::GeneralNames
627 //
628 // bssl::GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
629 //
630 // GeneralName ::= CHOICE {
631 // ...
632 // dNSName [2] IA5String,
633 // ...
634 // iPAddress [7] OCTET STRING,
635 // ... }
636 ASSERT_GT(dns_names.size() + ip_addresses.size(), 0U);
637 bssl::ScopedCBB cbb;
638 CBB general_names;
639 ASSERT_TRUE(CBB_init(cbb.get(), 64));
640 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &general_names, CBS_ASN1_SEQUENCE));
641 if (!dns_names.empty()) {
642 for (const auto& name : dns_names) {
643 CBB general_name;
644 ASSERT_TRUE(CBB_add_asn1(&general_names, &general_name,
645 CBS_ASN1_CONTEXT_SPECIFIC | 2));
646 ASSERT_TRUE(CBBAddBytes(&general_name, name));
647 ASSERT_TRUE(CBB_flush(&general_names));
648 }
649 }
650 if (!ip_addresses.empty()) {
651 for (const auto& addr : ip_addresses) {
652 CBB general_name;
653 ASSERT_TRUE(CBB_add_asn1(&general_names, &general_name,
654 CBS_ASN1_CONTEXT_SPECIFIC | 7));
655 ASSERT_TRUE(
656 CBB_add_bytes(&general_name, addr.bytes().data(), addr.size()));
657 ASSERT_TRUE(CBB_flush(&general_names));
658 }
659 }
660 SetExtension(bssl::der::Input(bssl::kSubjectAltNameOid),
661 FinishCBB(cbb.get()));
662 }
663
SetKeyUsages(const std::vector<bssl::KeyUsageBit> & usages)664 void CertBuilder::SetKeyUsages(const std::vector<bssl::KeyUsageBit>& usages) {
665 ASSERT_GT(usages.size(), 0U);
666 int number_of_unused_bits = 0;
667 std::vector<uint8_t> bytes;
668 for (auto usage : usages) {
669 int bit_index = static_cast<int>(usage);
670
671 // Index of the byte that contains the bit.
672 size_t byte_index = bit_index / 8;
673
674 if (byte_index + 1 > bytes.size()) {
675 bytes.resize(byte_index + 1);
676 number_of_unused_bits = 8;
677 }
678
679 // Within a byte, bits are ordered from most significant to least
680 // significant. Convert |bit_index| to an index within the |byte_index|
681 // byte, measured from its least significant bit.
682 uint8_t bit_index_in_byte = 7 - (bit_index - byte_index * 8);
683
684 if (byte_index + 1 == bytes.size() &&
685 bit_index_in_byte < number_of_unused_bits) {
686 number_of_unused_bits = bit_index_in_byte;
687 }
688
689 bytes[byte_index] |= (1 << bit_index_in_byte);
690 }
691
692 // From RFC 5290:
693 // KeyUsage ::= BIT STRING {...}
694 bssl::ScopedCBB cbb;
695 CBB ku_cbb;
696 ASSERT_TRUE(CBB_init(cbb.get(), bytes.size() + 1));
697 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &ku_cbb, CBS_ASN1_BITSTRING));
698 ASSERT_TRUE(CBB_add_u8(&ku_cbb, number_of_unused_bits));
699 ASSERT_TRUE(CBB_add_bytes(&ku_cbb, bytes.data(), bytes.size()));
700 SetExtension(bssl::der::Input(bssl::kKeyUsageOid), FinishCBB(cbb.get()),
701 /*critical=*/true);
702 }
703
SetExtendedKeyUsages(const std::vector<bssl::der::Input> & purpose_oids)704 void CertBuilder::SetExtendedKeyUsages(
705 const std::vector<bssl::der::Input>& purpose_oids) {
706 // From RFC 5280:
707 // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
708 // KeyPurposeId ::= OBJECT IDENTIFIER
709 ASSERT_GT(purpose_oids.size(), 0U);
710 bssl::ScopedCBB cbb;
711 CBB eku;
712 ASSERT_TRUE(CBB_init(cbb.get(), 64));
713 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &eku, CBS_ASN1_SEQUENCE));
714
715 for (const auto& oid : purpose_oids) {
716 CBB purpose_cbb;
717 ASSERT_TRUE(CBB_add_asn1(&eku, &purpose_cbb, CBS_ASN1_OBJECT));
718 ASSERT_TRUE(CBBAddBytes(&purpose_cbb, oid.AsStringView()));
719 ASSERT_TRUE(CBB_flush(&eku));
720 }
721 SetExtension(bssl::der::Input(bssl::kExtKeyUsageOid), FinishCBB(cbb.get()));
722 }
723
SetCertificatePolicies(const std::vector<std::string> & policy_oids)724 void CertBuilder::SetCertificatePolicies(
725 const std::vector<std::string>& policy_oids) {
726 // From RFC 5280:
727 // certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
728 //
729 // PolicyInformation ::= SEQUENCE {
730 // policyIdentifier CertPolicyId,
731 // policyQualifiers SEQUENCE SIZE (1..MAX) OF
732 // PolicyQualifierInfo OPTIONAL }
733 //
734 // CertPolicyId ::= OBJECT IDENTIFIER
735 if (policy_oids.empty()) {
736 EraseExtension(bssl::der::Input(bssl::kCertificatePoliciesOid));
737 return;
738 }
739
740 bssl::ScopedCBB cbb;
741 CBB certificate_policies;
742 ASSERT_TRUE(CBB_init(cbb.get(), 64));
743 ASSERT_TRUE(
744 CBB_add_asn1(cbb.get(), &certificate_policies, CBS_ASN1_SEQUENCE));
745 for (const auto& oid : policy_oids) {
746 CBB policy_information, policy_identifier;
747 ASSERT_TRUE(CBB_add_asn1(&certificate_policies, &policy_information,
748 CBS_ASN1_SEQUENCE));
749 ASSERT_TRUE(
750 CBB_add_asn1(&policy_information, &policy_identifier, CBS_ASN1_OBJECT));
751 ASSERT_TRUE(
752 CBB_add_asn1_oid_from_text(&policy_identifier, oid.data(), oid.size()));
753 ASSERT_TRUE(CBB_flush(&certificate_policies));
754 }
755
756 SetExtension(bssl::der::Input(bssl::kCertificatePoliciesOid),
757 FinishCBB(cbb.get()));
758 }
759
SetPolicyMappings(const std::vector<std::pair<std::string,std::string>> & policy_mappings)760 void CertBuilder::SetPolicyMappings(
761 const std::vector<std::pair<std::string, std::string>>& policy_mappings) {
762 // From RFC 5280:
763 // PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
764 // issuerDomainPolicy CertPolicyId,
765 // subjectDomainPolicy CertPolicyId }
766 if (policy_mappings.empty()) {
767 EraseExtension(bssl::der::Input(bssl::kPolicyMappingsOid));
768 return;
769 }
770
771 bssl::ScopedCBB cbb;
772 CBB mappings_sequence;
773 ASSERT_TRUE(CBB_init(cbb.get(), 64));
774 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &mappings_sequence, CBS_ASN1_SEQUENCE));
775 for (const auto& [issuer_domain_policy, subject_domain_policy] :
776 policy_mappings) {
777 CBB mapping_sequence;
778 CBB issuer_policy_object;
779 CBB subject_policy_object;
780 ASSERT_TRUE(
781 CBB_add_asn1(&mappings_sequence, &mapping_sequence, CBS_ASN1_SEQUENCE));
782
783 ASSERT_TRUE(CBB_add_asn1(&mapping_sequence, &issuer_policy_object,
784 CBS_ASN1_OBJECT));
785 ASSERT_TRUE(CBB_add_asn1_oid_from_text(&issuer_policy_object,
786 issuer_domain_policy.data(),
787 issuer_domain_policy.size()));
788
789 ASSERT_TRUE(CBB_add_asn1(&mapping_sequence, &subject_policy_object,
790 CBS_ASN1_OBJECT));
791 ASSERT_TRUE(CBB_add_asn1_oid_from_text(&subject_policy_object,
792 subject_domain_policy.data(),
793 subject_domain_policy.size()));
794
795 ASSERT_TRUE(CBB_flush(&mappings_sequence));
796 }
797
798 SetExtension(bssl::der::Input(bssl::kPolicyMappingsOid), FinishCBB(cbb.get()),
799 /*critical=*/true);
800 }
801
SetPolicyConstraints(std::optional<uint64_t> require_explicit_policy,std::optional<uint64_t> inhibit_policy_mapping)802 void CertBuilder::SetPolicyConstraints(
803 std::optional<uint64_t> require_explicit_policy,
804 std::optional<uint64_t> inhibit_policy_mapping) {
805 if (!require_explicit_policy.has_value() &&
806 !inhibit_policy_mapping.has_value()) {
807 EraseExtension(bssl::der::Input(bssl::kPolicyConstraintsOid));
808 return;
809 }
810
811 // From RFC 5280:
812 // PolicyConstraints ::= SEQUENCE {
813 // requireExplicitPolicy [0] SkipCerts OPTIONAL,
814 // inhibitPolicyMapping [1] SkipCerts OPTIONAL }
815 //
816 // SkipCerts ::= INTEGER (0..MAX)
817 bssl::ScopedCBB cbb;
818 CBB policy_constraints;
819 ASSERT_TRUE(CBB_init(cbb.get(), 64));
820 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &policy_constraints, CBS_ASN1_SEQUENCE));
821 if (require_explicit_policy.has_value()) {
822 ASSERT_TRUE(CBB_add_asn1_uint64_with_tag(&policy_constraints,
823 *require_explicit_policy,
824 CBS_ASN1_CONTEXT_SPECIFIC | 0));
825 }
826 if (inhibit_policy_mapping.has_value()) {
827 ASSERT_TRUE(CBB_add_asn1_uint64_with_tag(&policy_constraints,
828 *inhibit_policy_mapping,
829 CBS_ASN1_CONTEXT_SPECIFIC | 1));
830 }
831
832 SetExtension(bssl::der::Input(bssl::kPolicyConstraintsOid),
833 FinishCBB(cbb.get()),
834 /*critical=*/true);
835 }
836
SetInhibitAnyPolicy(uint64_t skip_certs)837 void CertBuilder::SetInhibitAnyPolicy(uint64_t skip_certs) {
838 // From RFC 5280:
839 // id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 }
840 //
841 // InhibitAnyPolicy ::= SkipCerts
842 //
843 // SkipCerts ::= INTEGER (0..MAX)
844 bssl::ScopedCBB cbb;
845 ASSERT_TRUE(CBB_init(cbb.get(), 64));
846 ASSERT_TRUE(CBB_add_asn1_uint64(cbb.get(), skip_certs));
847 SetExtension(bssl::der::Input(bssl::kInhibitAnyPolicyOid),
848 FinishCBB(cbb.get()),
849 /*critical=*/true);
850 }
851
SetValidity(base::Time not_before,base::Time not_after)852 void CertBuilder::SetValidity(base::Time not_before, base::Time not_after) {
853 // From RFC 5280:
854 // Validity ::= SEQUENCE {
855 // notBefore Time,
856 // notAfter Time }
857 bssl::ScopedCBB cbb;
858 CBB validity;
859 ASSERT_TRUE(CBB_init(cbb.get(), 64));
860 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &validity, CBS_ASN1_SEQUENCE));
861 ASSERT_TRUE(x509_util::CBBAddTime(&validity, not_before));
862 ASSERT_TRUE(x509_util::CBBAddTime(&validity, not_after));
863 validity_tlv_ = FinishCBB(cbb.get());
864 Invalidate();
865 }
866
SetSubjectKeyIdentifier(const std::string & subject_key_identifier)867 void CertBuilder::SetSubjectKeyIdentifier(
868 const std::string& subject_key_identifier) {
869 ASSERT_FALSE(subject_key_identifier.empty());
870
871 // From RFC 5280:
872 // KeyIdentifier ::= OCTET STRING
873 // SubjectKeyIdentifier ::= KeyIdentifier
874 bssl::ScopedCBB cbb;
875 ASSERT_TRUE(CBB_init(cbb.get(), 32));
876
877 ASSERT_TRUE(CBB_add_asn1_octet_string(
878 cbb.get(),
879 reinterpret_cast<const uint8_t*>(subject_key_identifier.data()),
880 subject_key_identifier.size()));
881
882 // Replace the existing SKI. Note it MUST be non-critical, per RFC 5280.
883 SetExtension(bssl::der::Input(bssl::kSubjectKeyIdentifierOid),
884 FinishCBB(cbb.get()),
885 /*critical=*/false);
886 }
887
SetAuthorityKeyIdentifier(const std::string & authority_key_identifier)888 void CertBuilder::SetAuthorityKeyIdentifier(
889 const std::string& authority_key_identifier) {
890 // If an empty AKI is presented, simply erase the existing one. Creating
891 // an empty AKI is technically valid, but there's no use case for this.
892 // An empty AKI would an empty (ergo, non-unique) SKI on the issuer,
893 // which would violate RFC 5280, so using the empty value as a placeholder
894 // unless and until a use case emerges is fine.
895 if (authority_key_identifier.empty()) {
896 EraseExtension(bssl::der::Input(bssl::kAuthorityKeyIdentifierOid));
897 return;
898 }
899
900 // From RFC 5280:
901 //
902 // AuthorityKeyIdentifier ::= SEQUENCE {
903 // keyIdentifier [0] KeyIdentifier OPTIONAL,
904 // authorityCertIssuer [1] bssl::GeneralNames OPTIONAL,
905 // authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
906 //
907 // KeyIdentifier ::= OCTET STRING
908 bssl::ScopedCBB cbb;
909 CBB aki, aki_value;
910 ASSERT_TRUE(CBB_init(cbb.get(), 32));
911 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &aki, CBS_ASN1_SEQUENCE));
912 ASSERT_TRUE(CBB_add_asn1(&aki, &aki_value, CBS_ASN1_CONTEXT_SPECIFIC | 0));
913 ASSERT_TRUE(CBBAddBytes(&aki_value, authority_key_identifier));
914 ASSERT_TRUE(CBB_flush(&aki));
915
916 SetExtension(bssl::der::Input(bssl::kAuthorityKeyIdentifierOid),
917 FinishCBB(cbb.get()));
918 }
919
SetSignatureAlgorithm(bssl::SignatureAlgorithm signature_algorithm)920 void CertBuilder::SetSignatureAlgorithm(
921 bssl::SignatureAlgorithm signature_algorithm) {
922 signature_algorithm_ = signature_algorithm;
923 Invalidate();
924 }
925
SetSignatureAlgorithmTLV(std::string_view signature_algorithm_tlv)926 void CertBuilder::SetSignatureAlgorithmTLV(
927 std::string_view signature_algorithm_tlv) {
928 SetOuterSignatureAlgorithmTLV(signature_algorithm_tlv);
929 SetTBSSignatureAlgorithmTLV(signature_algorithm_tlv);
930 }
931
SetOuterSignatureAlgorithmTLV(std::string_view signature_algorithm_tlv)932 void CertBuilder::SetOuterSignatureAlgorithmTLV(
933 std::string_view signature_algorithm_tlv) {
934 outer_signature_algorithm_tlv_ = std::string(signature_algorithm_tlv);
935 Invalidate();
936 }
937
SetTBSSignatureAlgorithmTLV(std::string_view signature_algorithm_tlv)938 void CertBuilder::SetTBSSignatureAlgorithmTLV(
939 std::string_view signature_algorithm_tlv) {
940 tbs_signature_algorithm_tlv_ = std::string(signature_algorithm_tlv);
941 Invalidate();
942 }
943
SetSerialNumber(uint64_t serial_number)944 void CertBuilder::SetSerialNumber(uint64_t serial_number) {
945 serial_number_ = serial_number;
946 Invalidate();
947 }
948
SetRandomSerialNumber()949 void CertBuilder::SetRandomSerialNumber() {
950 serial_number_ = base::RandUint64();
951 Invalidate();
952 }
953
SetSctConfig(std::vector<CertBuilder::SctConfig> sct_configs)954 void CertBuilder::SetSctConfig(
955 std::vector<CertBuilder::SctConfig> sct_configs) {
956 sct_configs_ = std::move(sct_configs);
957 Invalidate();
958 }
959
GetCertBuffer()960 CRYPTO_BUFFER* CertBuilder::GetCertBuffer() {
961 if (!cert_)
962 GenerateCertificate();
963 return cert_.get();
964 }
965
DupCertBuffer()966 bssl::UniquePtr<CRYPTO_BUFFER> CertBuilder::DupCertBuffer() {
967 return bssl::UpRef(GetCertBuffer());
968 }
969
GetSubject()970 const std::string& CertBuilder::GetSubject() {
971 if (subject_tlv_.empty())
972 GenerateSubject();
973 return subject_tlv_;
974 }
975
GetSerialNumber()976 uint64_t CertBuilder::GetSerialNumber() {
977 if (!serial_number_)
978 serial_number_ = base::RandUint64();
979 return serial_number_;
980 }
981
GetSubjectKeyIdentifier()982 std::string CertBuilder::GetSubjectKeyIdentifier() {
983 std::string ski_oid =
984 bssl::der::Input(bssl::kSubjectKeyIdentifierOid).AsString();
985 if (extensions_.find(ski_oid) == extensions_.end()) {
986 // If no SKI is present, this means that the certificate was either
987 // created by FromStaticCert() and lacked one, or it was explicitly
988 // deleted as an extension.
989 return std::string();
990 }
991
992 auto& extension_value = extensions_[ski_oid];
993 bssl::der::Input ski_value;
994 if (!bssl::ParseSubjectKeyIdentifier(bssl::der::Input(extension_value.value),
995 &ski_value)) {
996 return std::string();
997 }
998 return ski_value.AsString();
999 }
1000
GetValidity(base::Time * not_before,base::Time * not_after) const1001 bool CertBuilder::GetValidity(base::Time* not_before,
1002 base::Time* not_after) const {
1003 bssl::der::GeneralizedTime not_before_generalized_time;
1004 bssl::der::GeneralizedTime not_after_generalized_time;
1005 if (!bssl::ParseValidity(bssl::der::Input(validity_tlv_),
1006 ¬_before_generalized_time,
1007 ¬_after_generalized_time) ||
1008 !GeneralizedTimeToTime(not_before_generalized_time, not_before) ||
1009 !GeneralizedTimeToTime(not_after_generalized_time, not_after)) {
1010 return false;
1011 }
1012 return true;
1013 }
1014
GetKey()1015 EVP_PKEY* CertBuilder::GetKey() {
1016 if (!key_) {
1017 switch (default_pkey_id_) {
1018 case EVP_PKEY_RSA:
1019 GenerateRSAKey();
1020 break;
1021 case EVP_PKEY_EC:
1022 GenerateECKey();
1023 break;
1024 }
1025 }
1026 return key_.get();
1027 }
1028
GetX509Certificate()1029 scoped_refptr<X509Certificate> CertBuilder::GetX509Certificate() {
1030 return X509Certificate::CreateFromBuffer(DupCertBuffer(), {});
1031 }
1032
GetX509CertificateChain()1033 scoped_refptr<X509Certificate> CertBuilder::GetX509CertificateChain() {
1034 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates;
1035 // Add intermediates, not including the self-signed root.
1036 for (CertBuilder* cert = issuer_; cert && cert != cert->issuer_;
1037 cert = cert->issuer_) {
1038 intermediates.push_back(cert->DupCertBuffer());
1039 }
1040 return X509Certificate::CreateFromBuffer(DupCertBuffer(),
1041 std::move(intermediates));
1042 }
1043
GetX509CertificateFullChain()1044 scoped_refptr<X509Certificate> CertBuilder::GetX509CertificateFullChain() {
1045 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates;
1046 // Add intermediates and the self-signed root.
1047 for (CertBuilder* cert = issuer_; cert; cert = cert->issuer_) {
1048 intermediates.push_back(cert->DupCertBuffer());
1049 if (cert == cert->issuer_)
1050 break;
1051 }
1052 return X509Certificate::CreateFromBuffer(DupCertBuffer(),
1053 std::move(intermediates));
1054 }
1055
GetDER()1056 std::string CertBuilder::GetDER() {
1057 return std::string(x509_util::CryptoBufferAsStringPiece(GetCertBuffer()));
1058 }
1059
GetPEM()1060 std::string CertBuilder::GetPEM() {
1061 std::string pem_encoded;
1062 EXPECT_TRUE(X509Certificate::GetPEMEncoded(GetCertBuffer(), &pem_encoded));
1063 return pem_encoded;
1064 }
1065
GetPEMFullChain()1066 std::string CertBuilder::GetPEMFullChain() {
1067 std::vector<std::string> pems;
1068 CertBuilder* cert = this;
1069 while (cert) {
1070 pems.push_back(cert->GetPEM());
1071 if (cert == cert->issuer_)
1072 break;
1073 cert = cert->issuer_;
1074 }
1075 return base::JoinString(pems, "\n");
1076 }
1077
GetPrivateKeyPEM()1078 std::string CertBuilder::GetPrivateKeyPEM() {
1079 std::string pem_encoded = key_util::PEMFromPrivateKey(GetKey());
1080 EXPECT_FALSE(pem_encoded.empty());
1081 return pem_encoded;
1082 }
1083
CertBuilder(CRYPTO_BUFFER * orig_cert,CertBuilder * issuer,bool unique_subject_key_identifier)1084 CertBuilder::CertBuilder(CRYPTO_BUFFER* orig_cert,
1085 CertBuilder* issuer,
1086 bool unique_subject_key_identifier)
1087 : issuer_(issuer) {
1088 if (!issuer_)
1089 issuer_ = this;
1090
1091 if (orig_cert)
1092 InitFromCert(
1093 bssl::der::Input(x509_util::CryptoBufferAsStringPiece(orig_cert)));
1094
1095 if (unique_subject_key_identifier) {
1096 GenerateSubjectKeyIdentifier();
1097 SetAuthorityKeyIdentifier(issuer_->GetSubjectKeyIdentifier());
1098 }
1099 }
1100
Invalidate()1101 void CertBuilder::Invalidate() {
1102 cert_.reset();
1103 }
1104
GenerateECKey()1105 void CertBuilder::GenerateECKey() {
1106 auto private_key = crypto::ECPrivateKey::Create();
1107 SetKey(bssl::UpRef(private_key->key()));
1108 }
1109
GenerateRSAKey()1110 void CertBuilder::GenerateRSAKey() {
1111 auto private_key = crypto::RSAPrivateKey::Create(2048);
1112 SetKey(bssl::UpRef(private_key->key()));
1113 }
1114
UseKeyFromFile(const base::FilePath & key_file)1115 bool CertBuilder::UseKeyFromFile(const base::FilePath& key_file) {
1116 bssl::UniquePtr<EVP_PKEY> private_key(
1117 key_util::LoadEVP_PKEYFromPEM(key_file));
1118 if (!private_key)
1119 return false;
1120 SetKey(std::move(private_key));
1121 return true;
1122 }
1123
SetKey(bssl::UniquePtr<EVP_PKEY> key)1124 void CertBuilder::SetKey(bssl::UniquePtr<EVP_PKEY> key) {
1125 key_ = std::move(key);
1126 Invalidate();
1127 }
1128
GenerateSubjectKeyIdentifier()1129 void CertBuilder::GenerateSubjectKeyIdentifier() {
1130 // 20 bytes are chosen here for no other reason than it's compatible with
1131 // systems that assume the SKI is SHA-1(SPKI), which RFC 5280 notes as one
1132 // mechanism for generating an SKI, while also noting that random/unique
1133 // SKIs are also fine.
1134 std::string random_ski = base::RandBytesAsString(20);
1135 SetSubjectKeyIdentifier(random_ski);
1136 }
1137
GenerateSubject()1138 void CertBuilder::GenerateSubject() {
1139 ASSERT_TRUE(subject_tlv_.empty());
1140
1141 // Use a random common name comprised of 12 bytes in hex.
1142 std::string common_name = MakeRandomHexString(12);
1143
1144 SetSubjectCommonName(common_name);
1145 }
1146
InitFromCert(const bssl::der::Input & cert)1147 void CertBuilder::InitFromCert(const bssl::der::Input& cert) {
1148 extensions_.clear();
1149 Invalidate();
1150
1151 // From RFC 5280, section 4.1
1152 // Certificate ::= SEQUENCE {
1153 // tbsCertificate TBSCertificate,
1154 // signatureAlgorithm AlgorithmIdentifier,
1155 // signatureValue BIT STRING }
1156
1157 // TBSCertificate ::= SEQUENCE {
1158 // version [0] EXPLICIT Version DEFAULT v1,
1159 // serialNumber CertificateSerialNumber,
1160 // signature AlgorithmIdentifier,
1161 // issuer Name,
1162 // validity Validity,
1163 // subject Name,
1164 // subjectPublicKeyInfo SubjectPublicKeyInfo,
1165 // issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
1166 // -- If present, version MUST be v2 or v3
1167 // subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
1168 // -- If present, version MUST be v2 or v3
1169 // extensions [3] EXPLICIT Extensions OPTIONAL
1170 // -- If present, version MUST be v3
1171 // }
1172 bssl::der::Parser parser(cert);
1173 bssl::der::Parser certificate;
1174 bssl::der::Parser tbs_certificate;
1175 ASSERT_TRUE(parser.ReadSequence(&certificate));
1176 ASSERT_TRUE(certificate.ReadSequence(&tbs_certificate));
1177
1178 // version
1179 bool has_version;
1180 ASSERT_TRUE(tbs_certificate.SkipOptionalTag(
1181 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 0, &has_version));
1182 if (has_version) {
1183 // TODO(mattm): could actually parse the version here instead of assuming
1184 // V3.
1185 version_ = bssl::CertificateVersion::V3;
1186 } else {
1187 version_ = bssl::CertificateVersion::V1;
1188 }
1189
1190 // serialNumber
1191 ASSERT_TRUE(tbs_certificate.SkipTag(CBS_ASN1_INTEGER));
1192
1193 // signature
1194 bssl::der::Input signature_algorithm_tlv;
1195 ASSERT_TRUE(tbs_certificate.ReadRawTLV(&signature_algorithm_tlv));
1196 auto signature_algorithm =
1197 bssl::ParseSignatureAlgorithm(signature_algorithm_tlv);
1198 ASSERT_TRUE(signature_algorithm);
1199 signature_algorithm_ = *signature_algorithm;
1200
1201 // issuer
1202 ASSERT_TRUE(tbs_certificate.SkipTag(CBS_ASN1_SEQUENCE));
1203
1204 // validity
1205 bssl::der::Input validity_tlv;
1206 ASSERT_TRUE(tbs_certificate.ReadRawTLV(&validity_tlv));
1207 validity_tlv_ = validity_tlv.AsString();
1208
1209 // subject
1210 ASSERT_TRUE(tbs_certificate.SkipTag(CBS_ASN1_SEQUENCE));
1211
1212 // subjectPublicKeyInfo
1213 bssl::der::Input spki_tlv;
1214 ASSERT_TRUE(tbs_certificate.ReadRawTLV(&spki_tlv));
1215 bssl::UniquePtr<EVP_PKEY> public_key;
1216 ASSERT_TRUE(bssl::ParsePublicKey(spki_tlv, &public_key));
1217 default_pkey_id_ = EVP_PKEY_id(public_key.get());
1218
1219 // issuerUniqueID
1220 bool unused;
1221 ASSERT_TRUE(
1222 tbs_certificate.SkipOptionalTag(CBS_ASN1_CONTEXT_SPECIFIC | 1, &unused));
1223 // subjectUniqueID
1224 ASSERT_TRUE(
1225 tbs_certificate.SkipOptionalTag(CBS_ASN1_CONTEXT_SPECIFIC | 2, &unused));
1226
1227 // extensions
1228 std::optional<bssl::der::Input> extensions_tlv;
1229 ASSERT_TRUE(tbs_certificate.ReadOptionalTag(
1230 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 3, &extensions_tlv));
1231 if (extensions_tlv) {
1232 std::map<bssl::der::Input, bssl::ParsedExtension> parsed_extensions;
1233 ASSERT_TRUE(ParseExtensions(extensions_tlv.value(), &parsed_extensions));
1234
1235 for (const auto& parsed_extension : parsed_extensions) {
1236 SetExtension(parsed_extension.second.oid,
1237 parsed_extension.second.value.AsString(),
1238 parsed_extension.second.critical);
1239 }
1240 }
1241 }
1242
BuildTBSCertificate(std::string_view signature_algorithm_tlv,std::string * out)1243 void CertBuilder::BuildTBSCertificate(std::string_view signature_algorithm_tlv,
1244 std::string* out) {
1245 bssl::ScopedCBB cbb;
1246 CBB tbs_cert, version, extensions_context, extensions;
1247
1248 ASSERT_TRUE(CBB_init(cbb.get(), 64));
1249 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &tbs_cert, CBS_ASN1_SEQUENCE));
1250 if (version_ != bssl::CertificateVersion::V1) {
1251 ASSERT_TRUE(
1252 CBB_add_asn1(&tbs_cert, &version,
1253 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0));
1254 switch (version_) {
1255 case bssl::CertificateVersion::V2:
1256 ASSERT_TRUE(CBB_add_asn1_uint64(&version, 1));
1257 break;
1258 case bssl::CertificateVersion::V3:
1259 ASSERT_TRUE(CBB_add_asn1_uint64(&version, 2));
1260 break;
1261 case bssl::CertificateVersion::V1:
1262 NOTREACHED();
1263 }
1264 }
1265 ASSERT_TRUE(CBB_add_asn1_uint64(&tbs_cert, GetSerialNumber()));
1266 ASSERT_TRUE(CBBAddBytes(&tbs_cert, signature_algorithm_tlv));
1267 ASSERT_TRUE(CBBAddBytes(&tbs_cert, issuer_tlv_.has_value()
1268 ? *issuer_tlv_
1269 : issuer_->GetSubject()));
1270 ASSERT_TRUE(CBBAddBytes(&tbs_cert, validity_tlv_));
1271 ASSERT_TRUE(CBBAddBytes(&tbs_cert, GetSubject()));
1272 ASSERT_TRUE(GetKey());
1273 ASSERT_TRUE(EVP_marshal_public_key(&tbs_cert, GetKey()));
1274
1275 // Serialize all the extensions.
1276 if (!extensions_.empty()) {
1277 ASSERT_TRUE(
1278 CBB_add_asn1(&tbs_cert, &extensions_context,
1279 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 3));
1280 ASSERT_TRUE(
1281 CBB_add_asn1(&extensions_context, &extensions, CBS_ASN1_SEQUENCE));
1282
1283 // Extension ::= SEQUENCE {
1284 // extnID OBJECT IDENTIFIER,
1285 // critical BOOLEAN DEFAULT FALSE,
1286 // extnValue OCTET STRING
1287 // -- contains the DER encoding of an ASN.1 value
1288 // -- corresponding to the extension type identified
1289 // -- by extnID
1290 // }
1291 for (const auto& extension_it : extensions_) {
1292 CBB extension_seq, oid, extn_value;
1293 ASSERT_TRUE(CBB_add_asn1(&extensions, &extension_seq, CBS_ASN1_SEQUENCE));
1294 ASSERT_TRUE(CBB_add_asn1(&extension_seq, &oid, CBS_ASN1_OBJECT));
1295 ASSERT_TRUE(CBBAddBytes(&oid, extension_it.first));
1296 if (extension_it.second.critical) {
1297 ASSERT_TRUE(CBB_add_asn1_bool(&extension_seq, true));
1298 }
1299
1300 ASSERT_TRUE(
1301 CBB_add_asn1(&extension_seq, &extn_value, CBS_ASN1_OCTETSTRING));
1302 ASSERT_TRUE(CBBAddBytes(&extn_value, extension_it.second.value));
1303 ASSERT_TRUE(CBB_flush(&extensions));
1304 }
1305 }
1306
1307 *out = FinishCBB(cbb.get());
1308 }
1309
BuildSctListExtension(const std::string & pre_tbs_certificate,std::string * out)1310 void CertBuilder::BuildSctListExtension(const std::string& pre_tbs_certificate,
1311 std::string* out) {
1312 std::vector<std::string> encoded_scts;
1313 for (const SctConfig& sct_config : sct_configs_) {
1314 ct::SignedEntryData entry;
1315 entry.type = ct::SignedEntryData::LOG_ENTRY_TYPE_PRECERT;
1316 bssl::ScopedCBB issuer_spki_cbb;
1317 ASSERT_TRUE(CBB_init(issuer_spki_cbb.get(), 32));
1318 ASSERT_TRUE(
1319 EVP_marshal_public_key(issuer_spki_cbb.get(), issuer_->GetKey()));
1320 crypto::SHA256HashString(FinishCBB(issuer_spki_cbb.get()),
1321 entry.issuer_key_hash.data,
1322 sizeof(entry.issuer_key_hash.data));
1323 entry.tbs_certificate = pre_tbs_certificate;
1324
1325 std::string serialized_log_entry;
1326 std::string serialized_data;
1327 ASSERT_TRUE(ct::EncodeSignedEntry(entry, &serialized_log_entry));
1328 ASSERT_TRUE(ct::EncodeV1SCTSignedData(sct_config.timestamp,
1329 serialized_log_entry,
1330 /*extensions=*/"", &serialized_data));
1331
1332 scoped_refptr<ct::SignedCertificateTimestamp> sct =
1333 base::MakeRefCounted<ct::SignedCertificateTimestamp>();
1334 sct->log_id = sct_config.log_id;
1335 sct->timestamp = sct_config.timestamp;
1336 sct->signature.hash_algorithm = ct::DigitallySigned::HASH_ALGO_SHA256;
1337 sct->signature.signature_algorithm = ct::DigitallySigned::SIG_ALGO_ECDSA;
1338
1339 bssl::ScopedCBB sct_signature_cbb;
1340 ASSERT_TRUE(CBB_init(sct_signature_cbb.get(), 0));
1341 ASSERT_TRUE(SignData(bssl::SignatureAlgorithm::kEcdsaSha256,
1342 serialized_data, sct_config.log_key.get(),
1343 sct_signature_cbb.get()));
1344 sct->signature.signature_data = FinishCBB(sct_signature_cbb.get());
1345
1346 sct->origin = ct::SignedCertificateTimestamp::SCT_EMBEDDED;
1347
1348 std::string encoded_sct;
1349 ASSERT_TRUE(ct::EncodeSignedCertificateTimestamp(sct, &encoded_sct));
1350 encoded_scts.push_back(std::move(encoded_sct));
1351 }
1352 std::string encoded_sct_list;
1353 ASSERT_TRUE(ct::EncodeSCTListForTesting(encoded_scts, &encoded_sct_list));
1354
1355 bssl::ScopedCBB sct_extension_cbb;
1356 ASSERT_TRUE(CBB_init(sct_extension_cbb.get(), 32));
1357 ASSERT_TRUE(CBB_add_asn1_octet_string(
1358 sct_extension_cbb.get(),
1359 reinterpret_cast<const uint8_t*>(encoded_sct_list.data()),
1360 encoded_sct_list.size()));
1361
1362 *out = FinishCBB(sct_extension_cbb.get());
1363 }
1364
GenerateCertificate()1365 void CertBuilder::GenerateCertificate() {
1366 ASSERT_FALSE(cert_);
1367
1368 std::optional<bssl::SignatureAlgorithm> signature_algorithm =
1369 signature_algorithm_;
1370 if (!signature_algorithm)
1371 signature_algorithm = DefaultSignatureAlgorithmForKey(issuer_->GetKey());
1372 ASSERT_TRUE(signature_algorithm.has_value());
1373
1374 std::string signature_algorithm_tlv =
1375 !outer_signature_algorithm_tlv_.empty()
1376 ? outer_signature_algorithm_tlv_
1377 : SignatureAlgorithmToDer(*signature_algorithm);
1378 ASSERT_FALSE(signature_algorithm_tlv.empty());
1379
1380 std::string tbs_signature_algorithm_tlv =
1381 !tbs_signature_algorithm_tlv_.empty()
1382 ? tbs_signature_algorithm_tlv_
1383 : SignatureAlgorithmToDer(*signature_algorithm);
1384 ASSERT_FALSE(tbs_signature_algorithm_tlv.empty());
1385
1386 if (!sct_configs_.empty()) {
1387 EraseExtension(bssl::der::Input(ct::kEmbeddedSCTOid));
1388 std::string pre_tbs_certificate;
1389 BuildTBSCertificate(tbs_signature_algorithm_tlv, &pre_tbs_certificate);
1390 std::string sct_extension;
1391 BuildSctListExtension(pre_tbs_certificate, &sct_extension);
1392 SetExtension(bssl::der::Input(ct::kEmbeddedSCTOid), sct_extension,
1393 /*critical=*/false);
1394 }
1395
1396 std::string tbs_cert;
1397 BuildTBSCertificate(tbs_signature_algorithm_tlv, &tbs_cert);
1398
1399 // Sign the TBSCertificate and write the entire certificate.
1400 bssl::ScopedCBB cbb;
1401 CBB cert, signature;
1402
1403 ASSERT_TRUE(CBB_init(cbb.get(), tbs_cert.size()));
1404 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &cert, CBS_ASN1_SEQUENCE));
1405 ASSERT_TRUE(CBBAddBytes(&cert, tbs_cert));
1406 ASSERT_TRUE(CBBAddBytes(&cert, signature_algorithm_tlv));
1407 ASSERT_TRUE(CBB_add_asn1(&cert, &signature, CBS_ASN1_BITSTRING));
1408 ASSERT_TRUE(CBB_add_u8(&signature, 0 /* no unused bits */));
1409 ASSERT_TRUE(
1410 SignData(*signature_algorithm, tbs_cert, issuer_->GetKey(), &signature));
1411
1412 auto cert_der = FinishCBB(cbb.get());
1413 cert_ = x509_util::CreateCryptoBuffer(base::as_byte_span(cert_der));
1414 }
1415
1416 } // namespace net
1417