// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
package org.chromium.net;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.net.http.X509TrustManagerExtensions;
import android.os.Build;
import android.security.KeyChain;
import android.util.Pair;
import org.jni_zero.JNINamespace;
import org.jni_zero.NativeMethods;
import org.chromium.base.ContextUtils;
import org.chromium.base.Log;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
/** Utility functions for interacting with Android's X.509 certificates. */
@JNINamespace("net")
public class X509Util {
private static final String TAG = "X509Util";
private static final class TrustStorageListener extends BroadcastReceiver {
@Override
public void onReceive(Context context, Intent intent) {
boolean shouldReloadTrustManager = false;
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
if (KeyChain.ACTION_TRUST_STORE_CHANGED.equals(intent.getAction())) {
shouldReloadTrustManager = true;
} else if (KeyChain.ACTION_KEYCHAIN_CHANGED.equals(intent.getAction())) {
X509UtilJni.get().notifyClientCertStoreChanged();
} else if (KeyChain.ACTION_KEY_ACCESS_CHANGED.equals(intent.getAction())
&& !intent.getBooleanExtra(KeyChain.EXTRA_KEY_ACCESSIBLE, false)) {
// We lost access to a client certificate key. Reload all client certificate
// state as we are not currently able to forget an individual identity.
X509UtilJni.get().notifyClientCertStoreChanged();
}
} else {
@SuppressWarnings("deprecation")
String action = KeyChain.ACTION_STORAGE_CHANGED;
// Before Android O, KeyChain only emitted a coarse-grained intent. This fires much
// more often than it should (https://crbug.com/381912), but there are no APIs to
// distinguish the various cases.
if (action.equals(intent.getAction())) {
shouldReloadTrustManager = true;
X509UtilJni.get().notifyClientCertStoreChanged();
}
}
if (shouldReloadTrustManager) {
try {
reloadDefaultTrustManager();
} catch (CertificateException e) {
Log.e(TAG, "Unable to reload the default TrustManager", e);
} catch (KeyStoreException e) {
Log.e(TAG, "Unable to reload the default TrustManager", e);
} catch (NoSuchAlgorithmException e) {
Log.e(TAG, "Unable to reload the default TrustManager", e);
}
}
}
}
private static List<X509Certificate> checkServerTrustedIgnoringRuntimeException(
X509TrustManagerExtensions tm, X509Certificate[] chain, String authType, String host)
throws CertificateException {
try {
return tm.checkServerTrusted(chain, authType, host);
} catch (RuntimeException e) {
// https://crbug.com/937354: checkServerTrusted() can unexpectedly throw runtime
// exceptions, most often within conscrypt while parsing certificates.
Log.e(TAG, "checkServerTrusted() unexpectedly threw: %s", e);
throw new CertificateException(e);
}
}
private static CertificateFactory sCertificateFactory;
private static final String OID_TLS_SERVER_AUTH = "1.3.6.1.5.5.7.3.1";
private static final String OID_ANY_EKU = "2.5.29.37.0";
// Server-Gated Cryptography (necessary to support a few legacy issuers):
// Netscape:
private static final String OID_SERVER_GATED_NETSCAPE = "2.16.840.1.113730.4.1";
// Microsoft:
private static final String OID_SERVER_GATED_MICROSOFT = "1.3.6.1.4.1.311.10.3.3";
/** Trust manager backed up by the read-only system certificate store. */
private static X509TrustManagerExtensions sDefaultTrustManager;
/**
* BroadcastReceiver that listens to change in the system keystore to invalidate certificate
* caches.
*/
private static TrustStorageListener sTrustStorageListener;
/**
* Trust manager backed up by a custom certificate store. We need such manager to plant test
* root CA to the trust store in testing.
*/
private static X509TrustManagerExtensions sTestTrustManager;
private static KeyStore sTestKeyStore;
/**
* The system key store. This is used to determine whether a trust anchor is a system trust
* anchor or user-installed.
*/
private static KeyStore sSystemKeyStore;
/**
* The directory where system certificates are stored. This is used to determine whether a
* trust anchor is a system trust anchor or user-installed. The KeyStore API alone is not
* sufficient to efficiently query whether a given X500Principal, PublicKey pair is a trust
* anchor.
*/
private static File sSystemCertificateDirectory;
/**
* An in-memory cache of which trust anchors are system trust roots. This avoids reading and
* decoding the root from disk on every verification. Mirrors a similar in-memory cache in
* Conscrypt's X509TrustManager implementation.
*/
private static Set<Pair<X500Principal, PublicKey>> sSystemTrustAnchorCache;
/**
* True if the system key store has been loaded. If the "AndroidCAStore" KeyStore instance
* was not found, sSystemKeyStore may be null while sLoadedSystemKeyStore is true.
*/
private static boolean sLoadedSystemKeyStore;
/** A root that will be installed as a user-trusted root for testing purposes. */
private static X509Certificate sTestRoot;
/** Lock object used to synchronize all calls that modify or depend on the trust managers. */
private static final Object sLock = new Object();
/** Ensures that the trust managers and certificate factory are initialized. */
private static void ensureInitialized()
throws CertificateException, KeyStoreException, NoSuchAlgorithmException {
synchronized (sLock) {
ensureInitializedLocked();
}
}
/**
* Ensures that the trust managers and certificate factory are initialized. Must be called with
* |sLock| held. Does not initialize test infrastructure.
*/
// FindBugs' static field initialization warnings do not handle methods that are expected to be
// called locked.
private static void ensureInitializedLocked()
throws CertificateException, KeyStoreException, NoSuchAlgorithmException {
assert Thread.holdsLock(sLock);
if (sCertificateFactory == null) {
sCertificateFactory = CertificateFactory.getInstance("X.509");
}
if (sDefaultTrustManager == null) {
sDefaultTrustManager = X509Util.createTrustManager(null);
}
if (!sLoadedSystemKeyStore) {
try {
sSystemKeyStore = KeyStore.getInstance("AndroidCAStore");
try {
sSystemKeyStore.load(null);
} catch (IOException e) {
// No IO operation is attempted.
}
sSystemCertificateDirectory =
new File(System.getenv("ANDROID_ROOT") + "/etc/security/cacerts");
} catch (KeyStoreException e) {
// Could not load AndroidCAStore. Continue anyway; isKnownRoot will always
// return false.
}
sLoadedSystemKeyStore = true;
}
if (sSystemTrustAnchorCache == null) {
sSystemTrustAnchorCache = new HashSet<Pair<X500Principal, PublicKey>>();
}
if (sTrustStorageListener == null) {
sTrustStorageListener = new TrustStorageListener();
IntentFilter filter = new IntentFilter();
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
filter.addAction(KeyChain.ACTION_KEYCHAIN_CHANGED);
filter.addAction(KeyChain.ACTION_KEY_ACCESS_CHANGED);
filter.addAction(KeyChain.ACTION_TRUST_STORE_CHANGED);
} else {
@SuppressWarnings("deprecation")
String action = KeyChain.ACTION_STORAGE_CHANGED;
filter.addAction(action);
}
ContextUtils.registerProtectedBroadcastReceiver(
ContextUtils.getApplicationContext(), sTrustStorageListener, filter);
}
}
/**
* Ensures that test trust managers and certificate factory are initialized. Must be called
* with |sLock| held.
*/
private static void ensureTestInitializedLocked()
throws CertificateException, KeyStoreException, NoSuchAlgorithmException {
assert Thread.holdsLock(sLock);
if (sTestKeyStore == null) {
sTestKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
try {
sTestKeyStore.load(null);
} catch (IOException e) {
// No IO operation is attempted.
}
}
if (sTestTrustManager == null) {
sTestTrustManager = X509Util.createTrustManager(sTestKeyStore);
}
}
/**
* Creates a X509TrustManagerExtensions backed up by the given key
* store. When null is passed as a key store, system default trust store is
* used. Returns null if no created TrustManager was suitable.
* @throws KeyStoreException, NoSuchAlgorithmException on error initializing the TrustManager.
*/
private static X509TrustManagerExtensions createTrustManager(KeyStore keyStore)
throws KeyStoreException, NoSuchAlgorithmException {
String algorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
tmf.init(keyStore);
TrustManager[] trustManagers = null;
try {
trustManagers = tmf.getTrustManagers();
} catch (RuntimeException e) {
// https://crbug.com/937354: getTrustManagers() can unexpectedly throw runtime
// exceptions, most often while processing the network security config XML file.
Log.e(TAG, "TrustManagerFactory.getTrustManagers() unexpectedly threw: %s", e);
throw new KeyStoreException(e);
}
for (TrustManager tm : trustManagers) {
if (tm instanceof X509TrustManager) {
try {
return new X509TrustManagerExtensions((X509TrustManager) tm);
} catch (IllegalArgumentException e) {
String className = tm.getClass().getName();
Log.e(TAG, "Error creating trust manager (" + className + "): " + e);
}
}
}
Log.e(TAG, "Could not find suitable trust manager");
return null;
}
/** After each modification of test key store, trust manager has to be generated again. */
private static void reloadTestTrustManager()
throws KeyStoreException, NoSuchAlgorithmException, CertificateException {
assert Thread.holdsLock(sLock);
ensureTestInitializedLocked();
sTestTrustManager = X509Util.createTrustManager(sTestKeyStore);
}
/**
* After each modification by the system of the key store, trust manager has to be regenerated.
*/
private static void reloadDefaultTrustManager()
throws KeyStoreException, NoSuchAlgorithmException, CertificateException {
synchronized (sLock) {
sDefaultTrustManager = null;
sSystemTrustAnchorCache = null;
ensureInitializedLocked();
}
X509UtilJni.get().notifyTrustStoreChanged();
}
/** Convert a DER encoded certificate to an X509Certificate. */
public static X509Certificate createCertificateFromBytes(byte[] derBytes)
throws CertificateException, KeyStoreException, NoSuchAlgorithmException {
ensureInitialized();
return (X509Certificate)
sCertificateFactory.generateCertificate(new ByteArrayInputStream(derBytes));
}
/** Add a test root certificate for use by the Android Platform verifier. */
public static void addTestRootCertificate(byte[] rootCertBytes)
throws CertificateException, KeyStoreException, NoSuchAlgorithmException {
X509Certificate rootCert = createCertificateFromBytes(rootCertBytes);
synchronized (sLock) {
ensureTestInitializedLocked();
// Add the cert to be used by the Android Platform Verifier.
sTestKeyStore.setCertificateEntry(
"root_cert_" + Integer.toString(sTestKeyStore.size()), rootCert);
reloadTestTrustManager();
}
}
/** Clear test root certificates in use by the Android Platform verifier. */
public static void clearTestRootCertificates()
throws NoSuchAlgorithmException, CertificateException, KeyStoreException {
synchronized (sLock) {
ensureTestInitializedLocked();
try {
sTestKeyStore.load(null);
reloadTestTrustManager();
} catch (IOException e) {
// No IO operation is attempted.
}
}
}
/** Set a test root certificate for use by CertVerifierBuiltin. */
public static void setTestRootCertificateForBuiltin(byte[] rootCertBytes)
throws NoSuchAlgorithmException, CertificateException, KeyStoreException {
X509Certificate rootCert = createCertificateFromBytes(rootCertBytes);
synchronized (sLock) {
// Add the cert to be used by CertVerifierBuiltin.
//
// This saves the root so it is returned from getUserAddedRoots, for TrustStoreAndroid.
// This is done for the Java EmbeddedTestServer implementation and must run before
// native code is loaded, when getUserAddedRoots is first run.
sTestRoot = rootCert;
}
}
private static final char[] HEX_DIGITS = {
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f',
};
private static String hashPrincipal(X500Principal principal) throws NoSuchAlgorithmException {
// Android hashes a principal as the first four bytes of its MD5 digest, encoded in
// lowercase hex and reversed. Verified in 4.2, 4.3, and 4.4.
byte[] digest = MessageDigest.getInstance("MD5").digest(principal.getEncoded());
char[] hexChars = new char[8];
for (int i = 0; i < 4; i++) {
hexChars[2 * i] = HEX_DIGITS[(digest[3 - i] >> 4) & 0xf];
hexChars[2 * i + 1] = HEX_DIGITS[digest[3 - i] & 0xf];
}
return new String(hexChars);
}
private static boolean isKnownRoot(X509Certificate root)
throws NoSuchAlgorithmException, KeyStoreException {
assert Thread.holdsLock(sLock);
// Could not find the system key store. Conservatively report false.
if (sSystemKeyStore == null) return false;
// Check the in-memory cache first; avoid decoding the anchor from disk
// if it has been seen before.
Pair<X500Principal, PublicKey> key =
new Pair<X500Principal, PublicKey>(
root.getSubjectX500Principal(), root.getPublicKey());
if (sSystemTrustAnchorCache.contains(key)) return true;
// Note: It is not sufficient to call sSystemKeyStore.getCertificiateAlias. If the server
// supplies a copy of a trust anchor, X509TrustManagerExtensions returns the server's
// version rather than the system one. getCertificiateAlias will then fail to find an anchor
// name. This is fixed upstream in https://android-review.googlesource.com/#/c/91605/
//
// TODO(davidben): When the change trickles into an Android release, query sSystemKeyStore
// directly.
// System trust anchors are stored under a hash of the principal. In case of collisions,
// a number is appended.
String hash = hashPrincipal(root.getSubjectX500Principal());
for (int i = 0; true; i++) {
String alias = hash + '.' + i;
if (!new File(sSystemCertificateDirectory, alias).exists()) break;
Certificate anchor = sSystemKeyStore.getCertificate("system:" + alias);
// It is possible for this to return null if the user deleted a trust anchor. In
// that case, the certificate remains in the system directory but is also added to
// another file. Continue iterating as there may be further collisions after the
// deleted anchor.
if (anchor == null) continue;
if (!(anchor instanceof X509Certificate)) {
// This should never happen.
String className = anchor.getClass().getName();
Log.e(TAG, "Anchor " + alias + " not an X509Certificate: " + className);
continue;
}
// If the subject and public key match, this is a system root.
X509Certificate anchorX509 = (X509Certificate) anchor;
if (root.getSubjectX500Principal().equals(anchorX509.getSubjectX500Principal())
&& root.getPublicKey().equals(anchorX509.getPublicKey())) {
sSystemTrustAnchorCache.add(key);
return true;
}
}
return false;
}
/**
* If an EKU extension is present in the end-entity certificate, it MUST contain either the
* anyEKU or serverAuth or netscapeSGC or Microsoft SGC EKUs.
*
* @return true if there is no EKU extension or if any of the EKU extensions is one of the valid
* OIDs for web server certificates.
*
* TODO(palmer): This can be removed after the equivalent change is made to the Android default
* TrustManager and that change is shipped to a large majority of Android users.
*/
static boolean verifyKeyUsage(X509Certificate certificate) throws CertificateException {
List<String> ekuOids;
try {
ekuOids = certificate.getExtendedKeyUsage();
} catch (NullPointerException e) {
// getExtendedKeyUsage() can crash due to an Android platform bug. This probably
// happens when the EKU extension data is malformed so return false here.
// See http://crbug.com/233610
return false;
}
if (ekuOids == null) return true;
for (String ekuOid : ekuOids) {
if (ekuOid.equals(OID_TLS_SERVER_AUTH)
|| ekuOid.equals(OID_ANY_EKU)
|| ekuOid.equals(OID_SERVER_GATED_NETSCAPE)
|| ekuOid.equals(OID_SERVER_GATED_MICROSOFT)) {
return true;
}
}
return false;
}
/**
* Get the list of user-added roots.
*
* @return DER-encoded list of user-added roots.
*/
public static byte[][] getUserAddedRoots() {
List<byte[]> userRootBytes = new ArrayList<byte[]>();
synchronized (sLock) {
try {
ensureInitialized();
} catch (NoSuchAlgorithmException | KeyStoreException | CertificateException e) {
return new byte[0][];
}
if (sSystemKeyStore == null) {
return new byte[0][];
}
try {
for (Enumeration<String> aliases = sSystemKeyStore.aliases();
aliases.hasMoreElements(); ) {
String alias = aliases.nextElement();
// We check if its a user added root by looking at the alias; user roots should
// start with 'user:'. Another way of checking this would be to fetch the
// certificate and call X509TrustManagerExtensions.isUserAddedCertificate(), but
// that is imperfect as well because Keystore and X509TrustManagerExtensions
// are actually implemented by two separate systems, and mixing them probably
// works but might not in all cases.
//
// Also, to call X509TrustManagerExtensions.isUserAddedCertificate() we'd need
// to call Keystore.getCertificate on all of the roots, even the system ones.
//
// Since there's no perfect way of doing this we go with the simpler and more
// performant one.
if (alias.startsWith("user:")) {
try {
Certificate anchor = sSystemKeyStore.getCertificate(alias);
if (!(anchor instanceof X509Certificate)) {
Log.w(TAG, "alias: " + alias + " is not a X509 Cert, skipping");
continue;
}
X509Certificate anchorX509 = (X509Certificate) anchor;
userRootBytes.add(anchorX509.getEncoded());
} catch (KeyStoreException e) {
Log.e(TAG, "Error reading cert with alias %s, error: %s", alias, e);
} catch (CertificateEncodingException e) {
Log.e(TAG, "Error encoding cert with alias %s, error: %s", alias, e);
}
}
}
} catch (KeyStoreException e) {
Log.e(TAG, "Error reading cert aliases: %s", e);
return new byte[0][];
}
if (sTestRoot != null) {
try {
userRootBytes.add(sTestRoot.getEncoded());
} catch (CertificateEncodingException e) {
Log.e(TAG, "Error encoding test root cert, error %s", e);
}
}
}
return userRootBytes.toArray(new byte[0][]);
}
public static AndroidCertVerifyResult verifyServerCertificates(
byte[][] certChain, String authType, String host)
throws KeyStoreException, NoSuchAlgorithmException {
if (certChain == null || certChain.length == 0 || certChain[0] == null) {
throw new IllegalArgumentException(
"Expected non-null and non-empty certificate "
+ "chain passed as |certChain|. |certChain|="
+ Arrays.deepToString(certChain));
}
try {
ensureInitialized();
} catch (CertificateException e) {
return new AndroidCertVerifyResult(CertVerifyStatusAndroid.FAILED);
}
List<X509Certificate> serverCertificatesList = new ArrayList<X509Certificate>();
try {
serverCertificatesList.add(createCertificateFromBytes(certChain[0]));
} catch (CertificateException e) {
return new AndroidCertVerifyResult(CertVerifyStatusAndroid.UNABLE_TO_PARSE);
}
for (int i = 1; i < certChain.length; ++i) {
try {
serverCertificatesList.add(createCertificateFromBytes(certChain[i]));
} catch (CertificateException e) {
Log.w(TAG, "intermediate " + i + " failed parsing");
}
}
X509Certificate[] serverCertificates =
serverCertificatesList.toArray(new X509Certificate[serverCertificatesList.size()]);
// Expired and not yet valid certificates would be rejected by the trust managers, but the
// trust managers report all certificate errors using the general CertificateException. In
// order to get more granular error information, cert validity time range is being checked
// separately.
try {
serverCertificates[0].checkValidity();
if (!verifyKeyUsage(serverCertificates[0])) {
return new AndroidCertVerifyResult(CertVerifyStatusAndroid.INCORRECT_KEY_USAGE);
}
} catch (CertificateExpiredException e) {
return new AndroidCertVerifyResult(CertVerifyStatusAndroid.EXPIRED);
} catch (CertificateNotYetValidException e) {
return new AndroidCertVerifyResult(CertVerifyStatusAndroid.NOT_YET_VALID);
} catch (CertificateException e) {
return new AndroidCertVerifyResult(CertVerifyStatusAndroid.FAILED);
}
synchronized (sLock) {
// If no trust manager was found, fail without crashing on the null pointer.
if (sDefaultTrustManager == null) {
return new AndroidCertVerifyResult(CertVerifyStatusAndroid.FAILED);
}
List<X509Certificate> verifiedChain = null;
try {
verifiedChain =
checkServerTrustedIgnoringRuntimeException(
sDefaultTrustManager, serverCertificates, authType, host);
} catch (CertificateException eDefaultManager) {
if (sTestTrustManager != null) {
try {
verifiedChain =
checkServerTrustedIgnoringRuntimeException(
sTestTrustManager, serverCertificates, authType, host);
} catch (CertificateException eTestManager) {
// See following if block.
}
}
if (verifiedChain == null) {
// Neither of the trust managers confirms the validity of the certificate chain,
// log the error message returned by the system trust manager.
Log.i(
TAG,
"Failed to validate the certificate chain, error: "
+ eDefaultManager.getMessage());
return new AndroidCertVerifyResult(CertVerifyStatusAndroid.NO_TRUSTED_ROOT);
}
}
boolean isIssuedByKnownRoot = false;
if (verifiedChain.size() > 0) {
X509Certificate root = verifiedChain.get(verifiedChain.size() - 1);
isIssuedByKnownRoot = isKnownRoot(root);
}
return new AndroidCertVerifyResult(
CertVerifyStatusAndroid.OK, isIssuedByKnownRoot, verifiedChain);
}
}
@NativeMethods
interface Natives {
/**
* Notify the native net::CertDatabase instance that the system database has been updated.
*/
void notifyTrustStoreChanged();
void notifyClientCertStoreChanged();
}
}
Codebase Browser
chromium