1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/x509_certificate.h"
6
7 #include <limits.h>
8 #include <stdlib.h>
9
10 #include <memory>
11 #include <string>
12 #include <string_view>
13 #include <vector>
14
15 #include "base/containers/contains.h"
16 #include "base/containers/span.h"
17 #include "base/logging.h"
18 #include "base/notreached.h"
19 #include "base/numerics/safe_conversions.h"
20 #include "base/pickle.h"
21 #include "base/strings/strcat.h"
22 #include "base/strings/string_util.h"
23 #include "base/time/time.h"
24 #include "crypto/openssl_util.h"
25 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
26 #include "net/base/tracing.h"
27 #include "net/base/url_util.h"
28 #include "net/cert/asn1_util.h"
29 #include "net/cert/time_conversions.h"
30 #include "net/cert/x509_util.h"
31 #include "third_party/boringssl/src/include/openssl/evp.h"
32 #include "third_party/boringssl/src/include/openssl/pool.h"
33 #include "third_party/boringssl/src/include/openssl/sha.h"
34 #include "third_party/boringssl/src/pki/cert_errors.h"
35 #include "third_party/boringssl/src/pki/name_constraints.h"
36 #include "third_party/boringssl/src/pki/parsed_certificate.h"
37 #include "third_party/boringssl/src/pki/parser.h"
38 #include "third_party/boringssl/src/pki/pem.h"
39 #include "third_party/boringssl/src/pki/signature_algorithm.h"
40 #include "third_party/boringssl/src/pki/verify_certificate_chain.h"
41 #include "third_party/boringssl/src/pki/verify_name_match.h"
42 #include "third_party/boringssl/src/pki/verify_signed_data.h"
43 #include "url/url_canon.h"
44
45 namespace net {
46
47 namespace {
48
49 // Indicates the order to use when trying to decode binary data, which is
50 // based on (speculation) as to what will be most common -> least common
51 const X509Certificate::Format kFormatDecodePriority[] = {
52 X509Certificate::FORMAT_SINGLE_CERTIFICATE,
53 X509Certificate::FORMAT_PKCS7
54 };
55
56 // The PEM block header used for DER certificates
57 const char kCertificateHeader[] = "CERTIFICATE";
58 // The PEM block header used for PKCS#7 data
59 const char kPKCS7Header[] = "PKCS7";
60
61 // Utility to split |src| on the first occurrence of |c|, if any. |right| will
62 // either be empty if |c| was not found, or will contain the remainder of the
63 // string including the split character itself.
SplitOnChar(std::string_view src,char c,std::string_view * left,std::string_view * right)64 void SplitOnChar(std::string_view src,
65 char c,
66 std::string_view* left,
67 std::string_view* right) {
68 size_t pos = src.find(c);
69 if (pos == std::string_view::npos) {
70 *left = src;
71 *right = std::string_view();
72 } else {
73 *left = src.substr(0, pos);
74 *right = src.substr(pos);
75 }
76 }
77
78 // Sets |value| to the Value from a DER Sequence Tag-Length-Value and return
79 // true, or return false if the TLV was not a valid DER Sequence.
ParseSequenceValue(const bssl::der::Input & tlv,bssl::der::Input * value)80 [[nodiscard]] bool ParseSequenceValue(const bssl::der::Input& tlv,
81 bssl::der::Input* value) {
82 bssl::der::Parser parser(tlv);
83 return parser.ReadTag(CBS_ASN1_SEQUENCE, value) && !parser.HasMore();
84 }
85
86 // Normalize |cert|'s Issuer and store it in |out_normalized_issuer|, returning
87 // true on success or false if there was a parsing error.
GetNormalizedCertIssuer(CRYPTO_BUFFER * cert,std::string * out_normalized_issuer)88 bool GetNormalizedCertIssuer(CRYPTO_BUFFER* cert,
89 std::string* out_normalized_issuer) {
90 bssl::der::Input tbs_certificate_tlv;
91 bssl::der::Input signature_algorithm_tlv;
92 bssl::der::BitString signature_value;
93 if (!bssl::ParseCertificate(
94 bssl::der::Input(CRYPTO_BUFFER_data(cert), CRYPTO_BUFFER_len(cert)),
95 &tbs_certificate_tlv, &signature_algorithm_tlv, &signature_value,
96 nullptr)) {
97 return false;
98 }
99 bssl::ParsedTbsCertificate tbs;
100 if (!ParseTbsCertificate(tbs_certificate_tlv,
101 x509_util::DefaultParseCertificateOptions(), &tbs,
102 nullptr))
103 return false;
104
105 bssl::der::Input issuer_value;
106 if (!ParseSequenceValue(tbs.issuer_tlv, &issuer_value))
107 return false;
108
109 bssl::CertErrors errors;
110 return NormalizeName(issuer_value, out_normalized_issuer, &errors);
111 }
112
CreateCertBufferFromBytesWithSanityCheck(base::span<const uint8_t> data)113 bssl::UniquePtr<CRYPTO_BUFFER> CreateCertBufferFromBytesWithSanityCheck(
114 base::span<const uint8_t> data) {
115 bssl::der::Input tbs_certificate_tlv;
116 bssl::der::Input signature_algorithm_tlv;
117 bssl::der::BitString signature_value;
118 // Do a bare minimum of DER parsing here to see if the input looks
119 // certificate-ish.
120 if (!bssl::ParseCertificate(bssl::der::Input(data), &tbs_certificate_tlv,
121 &signature_algorithm_tlv, &signature_value,
122 nullptr)) {
123 return nullptr;
124 }
125 return x509_util::CreateCryptoBuffer(data);
126 }
127
128 } // namespace
129
130 // static
CreateFromBuffer(bssl::UniquePtr<CRYPTO_BUFFER> cert_buffer,std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates)131 scoped_refptr<X509Certificate> X509Certificate::CreateFromBuffer(
132 bssl::UniquePtr<CRYPTO_BUFFER> cert_buffer,
133 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates) {
134 return CreateFromBufferUnsafeOptions(std::move(cert_buffer),
135 std::move(intermediates), {});
136 }
137
138 // static
CreateFromBufferUnsafeOptions(bssl::UniquePtr<CRYPTO_BUFFER> cert_buffer,std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates,UnsafeCreateOptions options)139 scoped_refptr<X509Certificate> X509Certificate::CreateFromBufferUnsafeOptions(
140 bssl::UniquePtr<CRYPTO_BUFFER> cert_buffer,
141 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates,
142 UnsafeCreateOptions options) {
143 DCHECK(cert_buffer);
144 ParsedFields parsed;
145 if (!parsed.Initialize(cert_buffer.get(), options)) {
146 return nullptr;
147 }
148 return base::WrapRefCounted(new X509Certificate(
149 std::move(parsed), std::move(cert_buffer), std::move(intermediates)));
150 }
151
152 // static
CreateFromDERCertChain(const std::vector<std::string_view> & der_certs)153 scoped_refptr<X509Certificate> X509Certificate::CreateFromDERCertChain(
154 const std::vector<std::string_view>& der_certs) {
155 return CreateFromDERCertChainUnsafeOptions(der_certs, {});
156 }
157
158 // static
159 scoped_refptr<X509Certificate>
CreateFromDERCertChainUnsafeOptions(const std::vector<std::string_view> & der_certs,UnsafeCreateOptions options)160 X509Certificate::CreateFromDERCertChainUnsafeOptions(
161 const std::vector<std::string_view>& der_certs,
162 UnsafeCreateOptions options) {
163 TRACE_EVENT0("io", "X509Certificate::CreateFromDERCertChain");
164 if (der_certs.empty())
165 return nullptr;
166
167 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediate_ca_certs;
168 intermediate_ca_certs.reserve(der_certs.size() - 1);
169 for (size_t i = 1; i < der_certs.size(); i++) {
170 intermediate_ca_certs.push_back(
171 x509_util::CreateCryptoBuffer(der_certs[i]));
172 }
173
174 return CreateFromBufferUnsafeOptions(
175 x509_util::CreateCryptoBuffer(der_certs[0]),
176 std::move(intermediate_ca_certs), options);
177 }
178
179 // static
CreateFromBytes(base::span<const uint8_t> data)180 scoped_refptr<X509Certificate> X509Certificate::CreateFromBytes(
181 base::span<const uint8_t> data) {
182 return CreateFromBytesUnsafeOptions(data, {});
183 }
184
185 // static
CreateFromBytesUnsafeOptions(base::span<const uint8_t> data,UnsafeCreateOptions options)186 scoped_refptr<X509Certificate> X509Certificate::CreateFromBytesUnsafeOptions(
187 base::span<const uint8_t> data,
188 UnsafeCreateOptions options) {
189 scoped_refptr<X509Certificate> cert = CreateFromBufferUnsafeOptions(
190 x509_util::CreateCryptoBuffer(data), {}, options);
191 return cert;
192 }
193
194 // static
CreateFromPickle(base::PickleIterator * pickle_iter)195 scoped_refptr<X509Certificate> X509Certificate::CreateFromPickle(
196 base::PickleIterator* pickle_iter) {
197 return CreateFromPickleUnsafeOptions(pickle_iter, {});
198 }
199
200 // static
CreateFromPickleUnsafeOptions(base::PickleIterator * pickle_iter,UnsafeCreateOptions options)201 scoped_refptr<X509Certificate> X509Certificate::CreateFromPickleUnsafeOptions(
202 base::PickleIterator* pickle_iter,
203 UnsafeCreateOptions options) {
204 size_t chain_length = 0;
205 if (!pickle_iter->ReadLength(&chain_length))
206 return nullptr;
207
208 std::vector<std::string_view> cert_chain;
209 const char* data = nullptr;
210 size_t data_length = 0;
211 for (size_t i = 0; i < chain_length; ++i) {
212 if (!pickle_iter->ReadData(&data, &data_length))
213 return nullptr;
214 cert_chain.emplace_back(data, data_length);
215 }
216 return CreateFromDERCertChainUnsafeOptions(cert_chain, options);
217 }
218
219 // static
CreateCertificateListFromBytes(base::span<const uint8_t> data,int format)220 CertificateList X509Certificate::CreateCertificateListFromBytes(
221 base::span<const uint8_t> data,
222 int format) {
223 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> certificates;
224
225 // Check to see if it is in a PEM-encoded form. This check is performed
226 // first, as both OS X and NSS will both try to convert if they detect
227 // PEM encoding, except they don't do it consistently between the two.
228 std::string_view data_string(reinterpret_cast<const char*>(data.data()),
229 data.size());
230 std::vector<std::string> pem_headers;
231
232 // To maintain compatibility with NSS/Firefox, CERTIFICATE is a universally
233 // valid PEM block header for any format.
234 pem_headers.push_back(kCertificateHeader);
235 if (format & FORMAT_PKCS7)
236 pem_headers.push_back(kPKCS7Header);
237
238 bssl::PEMTokenizer pem_tokenizer(data_string, pem_headers);
239 while (pem_tokenizer.GetNext()) {
240 std::string decoded(pem_tokenizer.data());
241
242 bssl::UniquePtr<CRYPTO_BUFFER> handle;
243 if (format & FORMAT_PEM_CERT_SEQUENCE) {
244 handle =
245 CreateCertBufferFromBytesWithSanityCheck(base::as_byte_span(decoded));
246 }
247 if (handle) {
248 // Parsed a DER encoded certificate. All PEM blocks that follow must
249 // also be DER encoded certificates wrapped inside of PEM blocks.
250 format = FORMAT_PEM_CERT_SEQUENCE;
251 certificates.push_back(std::move(handle));
252 continue;
253 }
254
255 // If the first block failed to parse as a DER certificate, and
256 // formats other than PEM are acceptable, check to see if the decoded
257 // data is one of the accepted formats.
258 if (format & ~FORMAT_PEM_CERT_SEQUENCE) {
259 for (size_t i = 0;
260 certificates.empty() && i < std::size(kFormatDecodePriority); ++i) {
261 if (format & kFormatDecodePriority[i]) {
262 certificates = CreateCertBuffersFromBytes(base::as_byte_span(decoded),
263 kFormatDecodePriority[i]);
264 }
265 }
266 }
267
268 // Stop parsing after the first block for any format but a sequence of
269 // PEM-encoded DER certificates. The case of FORMAT_PEM_CERT_SEQUENCE
270 // is handled above, and continues processing until a certificate fails
271 // to parse.
272 break;
273 }
274
275 // Try each of the formats, in order of parse preference, to see if |data|
276 // contains the binary representation of a Format, if it failed to parse
277 // as a PEM certificate/chain.
278 for (size_t i = 0;
279 certificates.empty() && i < std::size(kFormatDecodePriority); ++i) {
280 if (format & kFormatDecodePriority[i])
281 certificates = CreateCertBuffersFromBytes(data, kFormatDecodePriority[i]);
282 }
283
284 CertificateList results;
285 // No certificates parsed.
286 if (certificates.empty())
287 return results;
288
289 for (auto& it : certificates) {
290 scoped_refptr<X509Certificate> cert = CreateFromBuffer(std::move(it), {});
291 if (cert)
292 results.push_back(std::move(cert));
293 }
294
295 return results;
296 }
297
CloneWithDifferentIntermediates(std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates)298 scoped_refptr<X509Certificate> X509Certificate::CloneWithDifferentIntermediates(
299 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates) {
300 // If intermediates are the same, return another reference to the same
301 // object. Note that this only does a pointer equality comparison on the
302 // CRYPTO_BUFFERs, which is generally sufficient, but in some edge cases
303 // buffers have equal contents but with different addresses. This is
304 // acceptable as this is just an optimization.
305 if (intermediates == intermediate_ca_certs_) {
306 return this;
307 }
308
309 return base::WrapRefCounted(
310 new X509Certificate(*this, std::move(intermediates)));
311 }
312
Persist(base::Pickle * pickle) const313 void X509Certificate::Persist(base::Pickle* pickle) const {
314 DCHECK(cert_buffer_);
315 // This would be an absolutely insane number of intermediates.
316 if (intermediate_ca_certs_.size() > static_cast<size_t>(INT_MAX) - 1) {
317 NOTREACHED();
318 return;
319 }
320 pickle->WriteInt(static_cast<int>(intermediate_ca_certs_.size() + 1));
321 pickle->WriteString(x509_util::CryptoBufferAsStringPiece(cert_buffer_.get()));
322 for (const auto& intermediate : intermediate_ca_certs_) {
323 pickle->WriteString(
324 x509_util::CryptoBufferAsStringPiece(intermediate.get()));
325 }
326 }
327
GetSubjectAltName(std::vector<std::string> * dns_names,std::vector<std::string> * ip_addrs) const328 bool X509Certificate::GetSubjectAltName(
329 std::vector<std::string>* dns_names,
330 std::vector<std::string>* ip_addrs) const {
331 if (dns_names)
332 dns_names->clear();
333 if (ip_addrs)
334 ip_addrs->clear();
335
336 bssl::der::Input tbs_certificate_tlv;
337 bssl::der::Input signature_algorithm_tlv;
338 bssl::der::BitString signature_value;
339 if (!bssl::ParseCertificate(
340 bssl::der::Input(CRYPTO_BUFFER_data(cert_buffer_.get()),
341 CRYPTO_BUFFER_len(cert_buffer_.get())),
342 &tbs_certificate_tlv, &signature_algorithm_tlv, &signature_value,
343 nullptr)) {
344 return false;
345 }
346
347 bssl::ParsedTbsCertificate tbs;
348 if (!ParseTbsCertificate(tbs_certificate_tlv,
349 x509_util::DefaultParseCertificateOptions(), &tbs,
350 nullptr))
351 return false;
352 if (!tbs.extensions_tlv)
353 return false;
354
355 std::map<bssl::der::Input, bssl::ParsedExtension> extensions;
356 if (!ParseExtensions(tbs.extensions_tlv.value(), &extensions))
357 return false;
358
359 bssl::ParsedExtension subject_alt_names_extension;
360 if (!ConsumeExtension(bssl::der::Input(bssl::kSubjectAltNameOid), &extensions,
361 &subject_alt_names_extension)) {
362 return false;
363 }
364
365 bssl::CertErrors errors;
366 std::unique_ptr<bssl::GeneralNames> subject_alt_names =
367 bssl::GeneralNames::Create(subject_alt_names_extension.value, &errors);
368 if (!subject_alt_names)
369 return false;
370
371 if (dns_names) {
372 for (const auto& dns_name : subject_alt_names->dns_names)
373 dns_names->push_back(std::string(dns_name));
374 }
375 if (ip_addrs) {
376 for (const auto& addr : subject_alt_names->ip_addresses) {
377 ip_addrs->push_back(std::string(addr.AsStringView()));
378 }
379 }
380
381 return !subject_alt_names->dns_names.empty() ||
382 !subject_alt_names->ip_addresses.empty();
383 }
384
HasExpired() const385 bool X509Certificate::HasExpired() const {
386 return base::Time::Now() > valid_expiry();
387 }
388
EqualsExcludingChain(const X509Certificate * other) const389 bool X509Certificate::EqualsExcludingChain(const X509Certificate* other) const {
390 return x509_util::CryptoBufferEqual(cert_buffer_.get(),
391 other->cert_buffer_.get());
392 }
393
EqualsIncludingChain(const X509Certificate * other) const394 bool X509Certificate::EqualsIncludingChain(const X509Certificate* other) const {
395 if (intermediate_ca_certs_.size() != other->intermediate_ca_certs_.size() ||
396 !EqualsExcludingChain(other)) {
397 return false;
398 }
399 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {
400 if (!x509_util::CryptoBufferEqual(intermediate_ca_certs_[i].get(),
401 other->intermediate_ca_certs_[i].get())) {
402 return false;
403 }
404 }
405 return true;
406 }
407
IsIssuedByEncoded(const std::vector<std::string> & valid_issuers) const408 bool X509Certificate::IsIssuedByEncoded(
409 const std::vector<std::string>& valid_issuers) const {
410 std::vector<std::string> normalized_issuers;
411 bssl::CertErrors errors;
412 for (const auto& raw_issuer : valid_issuers) {
413 bssl::der::Input issuer_value;
414 std::string normalized_issuer;
415 if (!ParseSequenceValue(bssl::der::Input(raw_issuer), &issuer_value) ||
416 !NormalizeName(issuer_value, &normalized_issuer, &errors)) {
417 continue;
418 }
419 normalized_issuers.push_back(std::move(normalized_issuer));
420 }
421
422 std::string normalized_cert_issuer;
423 if (!GetNormalizedCertIssuer(cert_buffer_.get(), &normalized_cert_issuer))
424 return false;
425 if (base::Contains(normalized_issuers, normalized_cert_issuer))
426 return true;
427
428 for (const auto& intermediate : intermediate_ca_certs_) {
429 if (!GetNormalizedCertIssuer(intermediate.get(), &normalized_cert_issuer))
430 return false;
431 if (base::Contains(normalized_issuers, normalized_cert_issuer))
432 return true;
433 }
434 return false;
435 }
436
437 // static
VerifyHostname(std::string_view hostname,const std::vector<std::string> & cert_san_dns_names,const std::vector<std::string> & cert_san_ip_addrs)438 bool X509Certificate::VerifyHostname(
439 std::string_view hostname,
440 const std::vector<std::string>& cert_san_dns_names,
441 const std::vector<std::string>& cert_san_ip_addrs) {
442 DCHECK(!hostname.empty());
443
444 if (cert_san_dns_names.empty() && cert_san_ip_addrs.empty()) {
445 // Either a dNSName or iPAddress subjectAltName MUST be present in order
446 // to match, so fail quickly if not.
447 return false;
448 }
449
450 // Perform name verification following http://tools.ietf.org/html/rfc6125.
451 // The terminology used in this method is as per that RFC:-
452 // Reference identifier == the host the local user/agent is intending to
453 // access, i.e. the thing displayed in the URL bar.
454 // Presented identifier(s) == name(s) the server knows itself as, in its cert.
455
456 // CanonicalizeHost requires surrounding brackets to parse an IPv6 address.
457 const std::string host_or_ip = hostname.find(':') != std::string::npos
458 ? base::StrCat({"[", hostname, "]"})
459 : std::string(hostname);
460 url::CanonHostInfo host_info;
461 std::string reference_name = CanonicalizeHost(host_or_ip, &host_info);
462
463 // If the host cannot be canonicalized, fail fast.
464 if (reference_name.empty())
465 return false;
466
467 // Fully handle all cases where |hostname| contains an IP address.
468 if (host_info.IsIPAddress()) {
469 std::string_view ip_addr_string(
470 reinterpret_cast<const char*>(host_info.address),
471 host_info.AddressLength());
472 return base::Contains(cert_san_ip_addrs, ip_addr_string);
473 }
474
475 // The host portion of a URL may support a variety of name resolution formats
476 // and services. However, the only supported name types in this code are IP
477 // addresses, which have been handled above via iPAddress subjectAltNames,
478 // and DNS names, via dNSName subjectAltNames.
479 // Validate that the host conforms to the DNS preferred name syntax, in
480 // either relative or absolute form, and exclude the "root" label for DNS.
481 if (reference_name == "." || !IsCanonicalizedHostCompliant(reference_name))
482 return false;
483
484 // CanonicalizeHost does not normalize absolute vs relative DNS names. If
485 // the input name was absolute (included trailing .), normalize it as if it
486 // was relative.
487 if (reference_name.back() == '.')
488 reference_name.pop_back();
489
490 // |reference_domain| is the remainder of |host| after the leading host
491 // component is stripped off, but includes the leading dot e.g.
492 // "www.f.com" -> ".f.com".
493 // If there is no meaningful domain part to |host| (e.g. it contains no dots)
494 // then |reference_domain| will be empty.
495 std::string_view reference_host, reference_domain;
496 SplitOnChar(reference_name, '.', &reference_host, &reference_domain);
497 bool allow_wildcards = false;
498 if (!reference_domain.empty()) {
499 DCHECK(reference_domain.starts_with("."));
500
501 // Do not allow wildcards for public/ICANN registry controlled domains -
502 // that is, prevent *.com or *.co.uk as valid presented names, but do not
503 // prevent *.appspot.com (a private registry controlled domain).
504 // In addition, unknown top-level domains (such as 'intranet' domains or
505 // new TLDs/gTLDs not yet added to the registry controlled domain dataset)
506 // are also implicitly prevented.
507 // Because |reference_domain| must contain at least one name component that
508 // is not registry controlled, this ensures that all reference domains
509 // contain at least three domain components when using wildcards.
510 size_t registry_length =
511 registry_controlled_domains::GetCanonicalHostRegistryLength(
512 reference_name,
513 registry_controlled_domains::INCLUDE_UNKNOWN_REGISTRIES,
514 registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES);
515
516 // Because |reference_name| was already canonicalized, the following
517 // should never happen.
518 CHECK_NE(std::string::npos, registry_length);
519
520 // Account for the leading dot in |reference_domain|.
521 bool is_registry_controlled =
522 registry_length != 0 &&
523 registry_length == (reference_domain.size() - 1);
524
525 // Additionally, do not attempt wildcard matching for purely numeric
526 // hostnames.
527 allow_wildcards =
528 !is_registry_controlled &&
529 reference_name.find_first_not_of("0123456789.") != std::string::npos;
530 }
531
532 // Now step through the DNS names doing wild card comparison (if necessary)
533 // on each against the reference name.
534 for (const auto& cert_san_dns_name : cert_san_dns_names) {
535 // Catch badly corrupt cert names up front.
536 if (cert_san_dns_name.empty() ||
537 cert_san_dns_name.find('\0') != std::string::npos) {
538 continue;
539 }
540 std::string presented_name(base::ToLowerASCII(cert_san_dns_name));
541
542 // Remove trailing dot, if any.
543 if (*presented_name.rbegin() == '.')
544 presented_name.resize(presented_name.length() - 1);
545
546 // The hostname must be at least as long as the cert name it is matching,
547 // as we require the wildcard (if present) to match at least one character.
548 if (presented_name.length() > reference_name.length())
549 continue;
550
551 std::string_view presented_host, presented_domain;
552 SplitOnChar(presented_name, '.', &presented_host, &presented_domain);
553
554 if (presented_domain != reference_domain)
555 continue;
556
557 if (presented_host != "*") {
558 if (presented_host == reference_host)
559 return true;
560 continue;
561 }
562
563 if (!allow_wildcards)
564 continue;
565
566 return true;
567 }
568 return false;
569 }
570
VerifyNameMatch(std::string_view hostname) const571 bool X509Certificate::VerifyNameMatch(std::string_view hostname) const {
572 std::vector<std::string> dns_names, ip_addrs;
573 GetSubjectAltName(&dns_names, &ip_addrs);
574 return VerifyHostname(hostname, dns_names, ip_addrs);
575 }
576
577 // static
GetPEMEncodedFromDER(std::string_view der_encoded,std::string * pem_encoded)578 bool X509Certificate::GetPEMEncodedFromDER(std::string_view der_encoded,
579 std::string* pem_encoded) {
580 if (der_encoded.empty())
581 return false;
582
583 *pem_encoded = bssl::PEMEncode(der_encoded, "CERTIFICATE");
584 return true;
585 }
586
587 // static
GetPEMEncoded(const CRYPTO_BUFFER * cert_buffer,std::string * pem_encoded)588 bool X509Certificate::GetPEMEncoded(const CRYPTO_BUFFER* cert_buffer,
589 std::string* pem_encoded) {
590 return GetPEMEncodedFromDER(x509_util::CryptoBufferAsStringPiece(cert_buffer),
591 pem_encoded);
592 }
593
GetPEMEncodedChain(std::vector<std::string> * pem_encoded) const594 bool X509Certificate::GetPEMEncodedChain(
595 std::vector<std::string>* pem_encoded) const {
596 std::vector<std::string> encoded_chain;
597 std::string pem_data;
598 if (!GetPEMEncoded(cert_buffer(), &pem_data))
599 return false;
600 encoded_chain.push_back(pem_data);
601 for (const auto& intermediate_ca_cert : intermediate_ca_certs_) {
602 if (!GetPEMEncoded(intermediate_ca_cert.get(), &pem_data))
603 return false;
604 encoded_chain.push_back(pem_data);
605 }
606 pem_encoded->swap(encoded_chain);
607 return true;
608 }
609
610 // static
GetPublicKeyInfo(const CRYPTO_BUFFER * cert_buffer,size_t * size_bits,PublicKeyType * type)611 void X509Certificate::GetPublicKeyInfo(const CRYPTO_BUFFER* cert_buffer,
612 size_t* size_bits,
613 PublicKeyType* type) {
614 *type = kPublicKeyTypeUnknown;
615 *size_bits = 0;
616
617 std::string_view spki;
618 if (!asn1::ExtractSPKIFromDERCert(
619 std::string_view(
620 reinterpret_cast<const char*>(CRYPTO_BUFFER_data(cert_buffer)),
621 CRYPTO_BUFFER_len(cert_buffer)),
622 &spki)) {
623 return;
624 }
625
626 bssl::UniquePtr<EVP_PKEY> pkey;
627 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
628 CBS cbs;
629 CBS_init(&cbs, reinterpret_cast<const uint8_t*>(spki.data()), spki.size());
630 pkey.reset(EVP_parse_public_key(&cbs));
631 if (!pkey)
632 return;
633
634 switch (EVP_PKEY_id(pkey.get())) {
635 case EVP_PKEY_RSA:
636 *type = kPublicKeyTypeRSA;
637 break;
638 case EVP_PKEY_DSA:
639 *type = kPublicKeyTypeDSA;
640 break;
641 case EVP_PKEY_EC:
642 *type = kPublicKeyTypeECDSA;
643 break;
644 case EVP_PKEY_DH:
645 *type = kPublicKeyTypeDH;
646 break;
647 }
648 *size_bits = base::saturated_cast<size_t>(EVP_PKEY_bits(pkey.get()));
649 }
650
651 // static
652 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>>
CreateCertBuffersFromBytes(base::span<const uint8_t> data,Format format)653 X509Certificate::CreateCertBuffersFromBytes(base::span<const uint8_t> data,
654 Format format) {
655 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> results;
656
657 switch (format) {
658 case FORMAT_SINGLE_CERTIFICATE: {
659 bssl::UniquePtr<CRYPTO_BUFFER> handle =
660 CreateCertBufferFromBytesWithSanityCheck(data);
661 if (handle)
662 results.push_back(std::move(handle));
663 break;
664 }
665 case FORMAT_PKCS7: {
666 x509_util::CreateCertBuffersFromPKCS7Bytes(data, &results);
667 break;
668 }
669 default: {
670 NOTREACHED() << "Certificate format " << format << " unimplemented";
671 break;
672 }
673 }
674
675 return results;
676 }
677
678 // static
CalculateFingerprint256(const CRYPTO_BUFFER * cert)679 SHA256HashValue X509Certificate::CalculateFingerprint256(
680 const CRYPTO_BUFFER* cert) {
681 SHA256HashValue sha256;
682
683 SHA256(CRYPTO_BUFFER_data(cert), CRYPTO_BUFFER_len(cert), sha256.data);
684 return sha256;
685 }
686
CalculateChainFingerprint256() const687 SHA256HashValue X509Certificate::CalculateChainFingerprint256() const {
688 SHA256HashValue sha256;
689 memset(sha256.data, 0, sizeof(sha256.data));
690
691 SHA256_CTX sha256_ctx;
692 SHA256_Init(&sha256_ctx);
693 SHA256_Update(&sha256_ctx, CRYPTO_BUFFER_data(cert_buffer_.get()),
694 CRYPTO_BUFFER_len(cert_buffer_.get()));
695 for (const auto& cert : intermediate_ca_certs_) {
696 SHA256_Update(&sha256_ctx, CRYPTO_BUFFER_data(cert.get()),
697 CRYPTO_BUFFER_len(cert.get()));
698 }
699 SHA256_Final(sha256.data, &sha256_ctx);
700
701 return sha256;
702 }
703
704 // static
IsSelfSigned(CRYPTO_BUFFER * cert_buffer)705 bool X509Certificate::IsSelfSigned(CRYPTO_BUFFER* cert_buffer) {
706 std::shared_ptr<const bssl::ParsedCertificate> parsed_cert =
707 bssl::ParsedCertificate::Create(
708 bssl::UpRef(cert_buffer), x509_util::DefaultParseCertificateOptions(),
709 /*errors=*/nullptr);
710 if (!parsed_cert) {
711 return false;
712 }
713 return VerifyCertificateIsSelfSigned(*parsed_cert, /*cache=*/nullptr,
714 /*errors=*/nullptr);
715 }
716
X509Certificate(ParsedFields parsed,bssl::UniquePtr<CRYPTO_BUFFER> cert_buffer,std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates)717 X509Certificate::X509Certificate(
718 ParsedFields parsed,
719 bssl::UniquePtr<CRYPTO_BUFFER> cert_buffer,
720 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates)
721 : parsed_(std::move(parsed)),
722 cert_buffer_(std::move(cert_buffer)),
723 intermediate_ca_certs_(std::move(intermediates)) {}
724
X509Certificate(const X509Certificate & other,std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates)725 X509Certificate::X509Certificate(
726 const X509Certificate& other,
727 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates)
728 : parsed_(other.parsed_),
729 cert_buffer_(bssl::UpRef(other.cert_buffer_)),
730 intermediate_ca_certs_(std::move(intermediates)) {}
731
732 X509Certificate::~X509Certificate() = default;
733
734 X509Certificate::ParsedFields::ParsedFields() = default;
735 X509Certificate::ParsedFields::ParsedFields(const ParsedFields&) = default;
736 X509Certificate::ParsedFields::ParsedFields(ParsedFields&&) = default;
737 X509Certificate::ParsedFields::~ParsedFields() = default;
738
Initialize(const CRYPTO_BUFFER * cert_buffer,X509Certificate::UnsafeCreateOptions options)739 bool X509Certificate::ParsedFields::Initialize(
740 const CRYPTO_BUFFER* cert_buffer,
741 X509Certificate::UnsafeCreateOptions options) {
742 bssl::der::Input tbs_certificate_tlv;
743 bssl::der::Input signature_algorithm_tlv;
744 bssl::der::BitString signature_value;
745
746 if (!bssl::ParseCertificate(bssl::der::Input(CRYPTO_BUFFER_data(cert_buffer),
747 CRYPTO_BUFFER_len(cert_buffer)),
748 &tbs_certificate_tlv, &signature_algorithm_tlv,
749 &signature_value, nullptr)) {
750 return false;
751 }
752
753 bssl::ParsedTbsCertificate tbs;
754 if (!ParseTbsCertificate(tbs_certificate_tlv,
755 x509_util::DefaultParseCertificateOptions(), &tbs,
756 nullptr))
757 return false;
758
759 CertPrincipal::PrintableStringHandling printable_string_handling =
760 options.printable_string_is_utf8
761 ? CertPrincipal::PrintableStringHandling::kAsUTF8Hack
762 : CertPrincipal::PrintableStringHandling::kDefault;
763 if (!subject_.ParseDistinguishedName(tbs.subject_tlv,
764 printable_string_handling) ||
765 !issuer_.ParseDistinguishedName(tbs.issuer_tlv,
766 printable_string_handling)) {
767 return false;
768 }
769
770 if (!GeneralizedTimeToTime(tbs.validity_not_before, &valid_start_) ||
771 !GeneralizedTimeToTime(tbs.validity_not_after, &valid_expiry_)) {
772 return false;
773 }
774 serial_number_ = tbs.serial_number.AsString();
775 return true;
776 }
777
778 } // namespace net
779