// Copyright 2015 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "verify_certificate_chain.h" #include <algorithm> #include <cassert> #include <openssl/base.h> #include "cert_error_params.h" #include "cert_errors.h" #include "common_cert_errors.h" #include "extended_key_usage.h" #include "input.h" #include "name_constraints.h" #include "parse_certificate.h" #include "signature_algorithm.h" #include "trust_store.h" #include "verify_signed_data.h" BSSL_NAMESPACE_BEGIN namespace { bool IsHandledCriticalExtension(const ParsedExtension &extension, const ParsedCertificate &cert) { … } // Adds errors to |errors| if the certificate contains unconsumed _critical_ // extensions. void VerifyNoUnconsumedCriticalExtensions(const ParsedCertificate &cert, CertErrors *errors, bool allow_precertificate) { … } // Returns true if |cert| was self-issued. The definition of self-issuance // comes from RFC 5280 section 6.1: // // A certificate is self-issued if the same DN appears in the subject // and issuer fields (the two DNs are the same if they match according // to the rules specified in Section 7.1). In general, the issuer and // subject of the certificates that make up a path are different for // each certificate. However, a CA may issue a certificate to itself to // support key rollover or changes in certificate policies. These // self-issued certificates are not counted when evaluating path length // or name constraints. [[nodiscard]] bool IsSelfIssued(const ParsedCertificate &cert) { … } // Adds errors to |errors| if |cert| is not valid at time |time|. // // The certificate's validity requirements are described by RFC 5280 section // 4.1.2.5: // // The validity period for a certificate is the period of time from // notBefore through notAfter, inclusive. void VerifyTimeValidity(const ParsedCertificate &cert, const der::GeneralizedTime &time, CertErrors *errors) { … } // Adds errors to |errors| if |cert| has internally inconsistent signature // algorithms. // // X.509 certificates contain two different signature algorithms: // (1) The signatureAlgorithm field of Certificate // (2) The signature field of TBSCertificate // // According to RFC 5280 section 4.1.1.2 and 4.1.2.3 these two fields must be // equal: // // This field MUST contain the same algorithm identifier as the // signature field in the sequence tbsCertificate (Section 4.1.2.3). // // The spec is not explicit about what "the same algorithm identifier" means. // Our interpretation is that the two DER-encoded fields must be byte-for-byte // identical. // // In practice however there are certificates which use different encodings for // specifying RSA with SHA1 (different OIDs). This is special-cased for // compatibility sake. bool VerifySignatureAlgorithmsMatch(const ParsedCertificate &cert, CertErrors *errors) { … } // Verify that |cert| can be used for |required_key_purpose|. void VerifyExtendedKeyUsage(const ParsedCertificate &cert, KeyPurpose required_key_purpose, CertErrors *errors, bool is_target_cert, bool is_target_cert_issuer) { … } // Representation of RFC 5280's "valid_policy_tree", used to keep track of the // valid policies and policy re-mappings. This structure is defined in // section 6.1.2. // // ValidPolicyGraph differs from RFC 5280's description in that: // // (1) It does not track "qualifier_set". This is not needed as it is not // output by this implementation. // // (2) It builds a directed acyclic graph, rather than a tree. When a given // policy matches multiple parents, RFC 5280 makes a separate node for // each parent. This representation condenses them into one node with // multiple parents. // // (3) It does not track "expected_policy_set" or anyPolicy nodes directly. // Rather it maintains, only for the most recent level, whether there is an // anyPolicy node and an inverted map of all "expected_policy_set" values. // // (4) Some pruning steps are deferred to when policies are evaluated, as a // reachability pass. class ValidPolicyGraph { … }; // Class that encapsulates the state variables used by certificate path // validation. class PathVerifier { … }; void PathVerifier::VerifyPolicies(const ParsedCertificate &cert, bool is_target_cert, CertErrors *errors) { … } void PathVerifier::VerifyPolicyMappings(const ParsedCertificate &cert, CertErrors *errors) { … } void PathVerifier::ApplyPolicyConstraints(const ParsedCertificate &cert) { … } void PathVerifier::BasicCertificateProcessing( const ParsedCertificate &cert, bool is_target_cert, bool is_target_cert_issuer, const der::GeneralizedTime &time, KeyPurpose required_key_purpose, CertErrors *errors, bool *shortcircuit_chain_validation) { … } void PathVerifier::PrepareForNextCertificate(const ParsedCertificate &cert, CertErrors *errors) { … } // Checks if the target certificate has the CA bit set. If it does, add // the appropriate error or warning to |errors|. void VerifyTargetCertIsNotCA(const ParsedCertificate &cert, KeyPurpose required_key_purpose, CertErrors *errors) { … } void PathVerifier::WrapUp(const ParsedCertificate &cert, KeyPurpose required_key_purpose, const std::set<der::Input> &user_initial_policy_set, bool allow_precertificate, CertErrors * errors) { … } void PathVerifier::ApplyTrustAnchorConstraints(const ParsedCertificate &cert, KeyPurpose required_key_purpose, CertErrors *errors) { … } void PathVerifier::ProcessRootCertificate(const ParsedCertificate &cert, const CertificateTrust &trust, const der::GeneralizedTime &time, KeyPurpose required_key_purpose, CertErrors *errors, bool *shortcircuit_chain_validation) { … } void PathVerifier::ProcessSingleCertChain(const ParsedCertificate &cert, const CertificateTrust &trust, const der::GeneralizedTime &time, KeyPurpose required_key_purpose, CertErrors *errors) { … } bssl::UniquePtr<EVP_PKEY> PathVerifier::ParseAndCheckPublicKey( der::Input spki, CertErrors *errors) { … } void PathVerifier::Run( const ParsedCertificateList &certs, const CertificateTrust &last_cert_trust, VerifyCertificateChainDelegate *delegate, const der::GeneralizedTime &time, KeyPurpose required_key_purpose, InitialExplicitPolicy initial_explicit_policy, const std::set<der::Input> &user_initial_policy_set, InitialPolicyMappingInhibit initial_policy_mapping_inhibit, InitialAnyPolicyInhibit initial_any_policy_inhibit, std::set<der::Input> *user_constrained_policy_set, CertPathErrors *errors) { … } } // namespace VerifyCertificateChainDelegate::~VerifyCertificateChainDelegate() = default; void VerifyCertificateChain( const ParsedCertificateList &certs, const CertificateTrust &last_cert_trust, VerifyCertificateChainDelegate *delegate, const der::GeneralizedTime &time, KeyPurpose required_key_purpose, InitialExplicitPolicy initial_explicit_policy, const std::set<der::Input> &user_initial_policy_set, InitialPolicyMappingInhibit initial_policy_mapping_inhibit, InitialAnyPolicyInhibit initial_any_policy_inhibit, std::set<der::Input> *user_constrained_policy_set, CertPathErrors *errors) { … } bool VerifyCertificateIsSelfSigned(const ParsedCertificate &cert, SignatureVerifyCache *cache, CertErrors *errors) { … } BSSL_NAMESPACE_END
Codebase Browser
chromium