2014-01-21 10:10:33 +04:00
|
|
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
|
|
|
#include "NSSCertDBTrustDomain.h"
|
|
|
|
|
|
|
|
#include <stdint.h>
|
|
|
|
|
2014-02-24 10:15:53 +04:00
|
|
|
#include "ExtendedValidation.h"
|
2016-05-10 04:02:40 +03:00
|
|
|
#include "NSSErrorsService.h"
|
2015-07-17 19:07:48 +03:00
|
|
|
#include "OCSPVerificationTrustDomain.h"
|
2016-05-10 04:02:40 +03:00
|
|
|
#include "PublicKeyPinningService.h"
|
2015-04-24 03:26:29 +03:00
|
|
|
#include "cert.h"
|
2016-05-10 04:02:40 +03:00
|
|
|
#include "certdb.h"
|
2019-05-03 02:02:13 +03:00
|
|
|
#ifdef MOZ_NEW_CERT_STORAGE
|
|
|
|
# include "cert_storage/src/cert_storage.h"
|
|
|
|
#endif
|
2016-08-11 13:41:50 +03:00
|
|
|
#include "mozilla/Assertions.h"
|
2016-05-19 07:20:56 +03:00
|
|
|
#include "mozilla/Casting.h"
|
2016-12-14 15:10:25 +03:00
|
|
|
#include "mozilla/Move.h"
|
2016-10-13 03:02:33 +03:00
|
|
|
#include "mozilla/PodOperations.h"
|
2019-03-26 18:56:32 +03:00
|
|
|
#include "mozilla/Services.h"
|
2017-01-14 08:12:43 +03:00
|
|
|
#include "mozilla/TimeStamp.h"
|
2016-08-23 07:09:32 +03:00
|
|
|
#include "mozilla/Unused.h"
|
2017-06-09 02:10:00 +03:00
|
|
|
#include "nsCRTGlue.h"
|
2019-03-26 18:56:32 +03:00
|
|
|
#include "nsIObserverService.h"
|
2018-05-25 21:22:48 +03:00
|
|
|
#include "nsNSSCertHelper.h"
|
2018-02-21 22:08:18 +03:00
|
|
|
#include "nsNSSCertValidity.h"
|
2018-05-25 21:22:48 +03:00
|
|
|
#include "nsNSSCertificate.h"
|
2019-11-01 02:56:32 +03:00
|
|
|
#include "nsNSSCertificateDB.h"
|
2015-01-07 08:08:00 +03:00
|
|
|
#include "nsServiceManagerUtils.h"
|
2017-09-07 00:31:27 +03:00
|
|
|
#include "nsThreadUtils.h"
|
2016-05-10 04:02:40 +03:00
|
|
|
#include "nss.h"
|
2013-07-09 03:30:59 +04:00
|
|
|
#include "pk11pub.h"
|
2018-10-02 15:59:34 +03:00
|
|
|
#include "mozpkix/Result.h"
|
|
|
|
#include "mozpkix/pkix.h"
|
|
|
|
#include "mozpkix/pkixnss.h"
|
2019-05-18 03:15:54 +03:00
|
|
|
#include "mozpkix/pkixutil.h"
|
2014-01-21 10:10:33 +04:00
|
|
|
#include "prerror.h"
|
|
|
|
#include "secerr.h"
|
|
|
|
|
2017-10-17 09:17:52 +03:00
|
|
|
#include "TrustOverrideUtils.h"
|
|
|
|
#include "TrustOverride-StartComAndWoSignData.inc"
|
2018-02-21 22:08:18 +03:00
|
|
|
#include "TrustOverride-SymantecData.inc"
|
2018-02-21 22:08:59 +03:00
|
|
|
#include "TrustOverride-AppleGoogleDigiCertData.inc"
|
2015-04-08 03:29:05 +03:00
|
|
|
|
2014-07-04 08:49:56 +04:00
|
|
|
using namespace mozilla;
|
2014-03-21 01:29:21 +04:00
|
|
|
using namespace mozilla::pkix;
|
2014-01-21 10:10:33 +04:00
|
|
|
|
2016-01-28 21:36:00 +03:00
|
|
|
extern LazyLogModule gCertVerifierLog;
|
2014-02-10 23:41:12 +04:00
|
|
|
|
2014-08-02 19:49:12 +04:00
|
|
|
static const uint64_t ServerFailureDelaySeconds = 5 * 60;
|
|
|
|
|
2014-01-21 10:10:33 +04:00
|
|
|
namespace mozilla {
|
|
|
|
namespace psm {
|
2018-11-30 13:46:48 +03:00
|
|
|
|
2014-02-10 23:41:12 +04:00
|
|
|
NSSCertDBTrustDomain::NSSCertDBTrustDomain(
|
|
|
|
SECTrustType certDBTrustType, OCSPFetching ocspFetching,
|
2014-03-13 00:08:48 +04:00
|
|
|
OCSPCache& ocspCache,
|
2014-07-07 02:55:38 +04:00
|
|
|
/*optional but shouldn't be*/ void* pinArg, TimeDuration ocspTimeoutSoft,
|
2015-04-07 02:10:28 +03:00
|
|
|
TimeDuration ocspTimeoutHard, uint32_t certShortLifetimeInDays,
|
2014-09-25 22:18:56 +04:00
|
|
|
CertVerifier::PinningMode pinningMode, unsigned int minRSABits,
|
2015-06-29 23:19:00 +03:00
|
|
|
ValidityCheckingMode validityCheckingMode, CertVerifier::SHA1Mode sha1Mode,
|
2016-05-06 02:11:11 +03:00
|
|
|
NetscapeStepUpPolicy netscapeStepUpPolicy,
|
2019-12-06 01:41:53 +03:00
|
|
|
DistrustedCAPolicy distrustedCAPolicy, CRLiteMode crliteMode,
|
2019-02-02 01:01:00 +03:00
|
|
|
const OriginAttributes& originAttributes,
|
|
|
|
const Vector<Input>& thirdPartyRootInputs,
|
2019-02-12 21:23:25 +03:00
|
|
|
const Vector<Input>& thirdPartyIntermediateInputs,
|
2019-10-25 01:48:40 +03:00
|
|
|
const Maybe<nsTArray<nsTArray<uint8_t>>>& extraCertificates,
|
2019-02-02 01:01:00 +03:00
|
|
|
/*out*/ UniqueCERTCertList& builtChain,
|
2015-08-21 17:14:08 +03:00
|
|
|
/*optional*/ PinningTelemetryInfo* pinningTelemetryInfo,
|
2019-12-06 01:41:53 +03:00
|
|
|
/*optional*/ CRLiteTelemetryInfo* crliteTelemetryInfo,
|
2016-01-13 23:50:42 +03:00
|
|
|
/*optional*/ const char* hostname)
|
2014-02-10 23:41:12 +04:00
|
|
|
: mCertDBTrustType(certDBTrustType),
|
2014-02-24 10:15:53 +04:00
|
|
|
mOCSPFetching(ocspFetching),
|
2014-03-13 00:08:48 +04:00
|
|
|
mOCSPCache(ocspCache),
|
2014-02-10 23:41:12 +04:00
|
|
|
mPinArg(pinArg),
|
2017-04-01 01:21:40 +03:00
|
|
|
mOCSPTimeoutSoft(ocspTimeoutSoft),
|
|
|
|
mOCSPTimeoutHard(ocspTimeoutHard),
|
2015-04-07 02:10:28 +03:00
|
|
|
mCertShortLifetimeInDays(certShortLifetimeInDays),
|
2014-09-25 22:18:56 +04:00
|
|
|
mPinningMode(pinningMode),
|
2015-03-05 18:41:00 +03:00
|
|
|
mMinRSABits(minRSABits),
|
2015-06-29 23:19:00 +03:00
|
|
|
mValidityCheckingMode(validityCheckingMode),
|
2015-09-11 21:52:30 +03:00
|
|
|
mSHA1Mode(sha1Mode),
|
2016-05-06 02:11:11 +03:00
|
|
|
mNetscapeStepUpPolicy(netscapeStepUpPolicy),
|
2018-02-28 02:04:51 +03:00
|
|
|
mDistrustedCAPolicy(distrustedCAPolicy),
|
2019-12-06 01:41:53 +03:00
|
|
|
mCRLiteMode(crliteMode),
|
2018-03-15 00:01:35 +03:00
|
|
|
mSawDistrustedCAByPolicyError(false),
|
2016-11-14 13:26:15 +03:00
|
|
|
mOriginAttributes(originAttributes),
|
2019-02-02 01:01:00 +03:00
|
|
|
mThirdPartyRootInputs(thirdPartyRootInputs),
|
2019-02-12 21:23:25 +03:00
|
|
|
mThirdPartyIntermediateInputs(thirdPartyIntermediateInputs),
|
2019-10-25 01:48:40 +03:00
|
|
|
mExtraCertificates(extraCertificates),
|
2016-01-13 23:50:42 +03:00
|
|
|
mBuiltChain(builtChain),
|
2015-08-21 17:14:08 +03:00
|
|
|
mPinningTelemetryInfo(pinningTelemetryInfo),
|
2019-12-06 01:41:53 +03:00
|
|
|
mCRLiteTelemetryInfo(crliteTelemetryInfo),
|
2014-09-25 22:18:56 +04:00
|
|
|
mHostname(hostname),
|
2019-05-03 02:02:13 +03:00
|
|
|
#ifdef MOZ_NEW_CERT_STORAGE
|
2019-04-30 03:00:48 +03:00
|
|
|
mCertStorage(do_GetService(NS_CERT_STORAGE_CID)),
|
2019-05-03 02:02:13 +03:00
|
|
|
#else
|
|
|
|
mCertBlocklist(do_GetService(NS_CERTBLOCKLIST_CONTRACTID)),
|
|
|
|
#endif
|
2014-12-12 10:22:35 +03:00
|
|
|
mOCSPStaplingStatus(CertVerifier::OCSP_STAPLING_NEVER_CHECKED),
|
2016-08-11 13:41:50 +03:00
|
|
|
mSCTListFromCertificate(),
|
2019-06-12 01:45:26 +03:00
|
|
|
mSCTListFromOCSPStapling(),
|
|
|
|
mBuiltInRootsModule(SECMOD_FindModule(kRootModuleName)) {
|
|
|
|
}
|
|
|
|
|
|
|
|
static Result FindRootsWithSubject(UniqueSECMODModule& rootsModule,
|
|
|
|
SECItem subject,
|
|
|
|
/*out*/ Vector<Vector<uint8_t>>& roots) {
|
|
|
|
MOZ_ASSERT(rootsModule);
|
|
|
|
for (int slotIndex = 0; slotIndex < rootsModule->slotCount; slotIndex++) {
|
|
|
|
CERTCertificateList* rawResults = nullptr;
|
|
|
|
if (PK11_FindRawCertsWithSubject(rootsModule->slots[slotIndex], &subject,
|
|
|
|
&rawResults) != SECSuccess) {
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
|
|
|
}
|
|
|
|
// rawResults == nullptr means we didn't find any matching certificates
|
|
|
|
if (!rawResults) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
UniqueCERTCertificateList results(rawResults);
|
|
|
|
for (int certIndex = 0; certIndex < results->len; certIndex++) {
|
|
|
|
Vector<uint8_t> root;
|
|
|
|
if (!root.append(results->certs[certIndex].data,
|
|
|
|
results->certs[certIndex].len)) {
|
|
|
|
return Result::FATAL_ERROR_NO_MEMORY;
|
|
|
|
}
|
|
|
|
if (!roots.append(std::move(root))) {
|
|
|
|
return Result::FATAL_ERROR_NO_MEMORY;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return Success;
|
2019-05-18 03:15:54 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
// A self-signed issuer certificate should never be necessary in order to build
|
|
|
|
// a trusted certificate chain unless it is a trust anchor. This is because if
|
|
|
|
// it were necessary, there would exist another certificate with the same
|
|
|
|
// subject and public key that is also a valid issing certificate. Given this
|
|
|
|
// certificate, it is possible to build another chain using just it instead of
|
|
|
|
// it and the self-signed certificate. This is only true as long as the
|
|
|
|
// certificate extensions we support are restrictive rather than additive in
|
|
|
|
// terms of the rest of the chain (for example, we don't support policy mapping
|
|
|
|
// and we ignore any SCT information in intermediates).
|
2019-06-12 01:45:26 +03:00
|
|
|
static bool ShouldSkipSelfSignedNonTrustAnchor(TrustDomain& trustDomain,
|
|
|
|
Input certDER) {
|
2019-05-18 03:15:54 +03:00
|
|
|
BackCert cert(certDER, EndEntityOrCA::MustBeCA, nullptr);
|
|
|
|
if (cert.Init() != Success) {
|
|
|
|
return false; // turn any failures into "don't skip trying this cert"
|
|
|
|
}
|
|
|
|
// If subject != issuer, this isn't a self-signed cert.
|
|
|
|
if (!InputsAreEqual(cert.GetSubject(), cert.GetIssuer())) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
TrustLevel trust;
|
2019-06-12 01:45:26 +03:00
|
|
|
if (trustDomain.GetCertTrust(EndEntityOrCA::MustBeCA, CertPolicyId::anyPolicy,
|
|
|
|
certDER, trust) != Success) {
|
2019-05-18 03:15:54 +03:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
// If the trust for this certificate is anything other than "inherit", we want
|
|
|
|
// to process it like normal.
|
|
|
|
if (trust != TrustLevel::InheritsTrust) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
uint8_t digestBuf[MAX_DIGEST_SIZE_IN_BYTES];
|
|
|
|
pkix::der::PublicKeyAlgorithm publicKeyAlg;
|
|
|
|
SignedDigest signature;
|
2019-06-12 01:45:26 +03:00
|
|
|
if (DigestSignedData(trustDomain, cert.GetSignedData(), digestBuf,
|
|
|
|
publicKeyAlg, signature) != Success) {
|
2019-05-18 03:15:54 +03:00
|
|
|
return false;
|
|
|
|
}
|
2019-06-12 01:45:26 +03:00
|
|
|
if (VerifySignedDigest(trustDomain, publicKeyAlg, signature,
|
2019-05-18 03:15:54 +03:00
|
|
|
cert.GetSubjectPublicKeyInfo()) != Success) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
// This is a self-signed, non-trust-anchor certificate, so we shouldn't use it
|
|
|
|
// for path building. See bug 1056341.
|
|
|
|
return true;
|
|
|
|
}
|
2014-02-10 23:41:12 +04:00
|
|
|
|
2019-06-12 01:45:26 +03:00
|
|
|
static Result CheckCandidates(TrustDomain& trustDomain,
|
|
|
|
TrustDomain::IssuerChecker& checker,
|
|
|
|
Vector<Input>& candidates,
|
|
|
|
Input* nameConstraintsInputPtr, bool& keepGoing) {
|
|
|
|
for (Input candidate : candidates) {
|
|
|
|
if (ShouldSkipSelfSignedNonTrustAnchor(trustDomain, candidate)) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
Result rv = checker.Check(candidate, nameConstraintsInputPtr, keepGoing);
|
|
|
|
if (rv != Success) {
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
if (!keepGoing) {
|
|
|
|
return Success;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return Success;
|
|
|
|
}
|
|
|
|
|
2019-01-16 02:34:44 +03:00
|
|
|
Result NSSCertDBTrustDomain::FindIssuer(Input encodedIssuerName,
|
|
|
|
IssuerChecker& checker, Time) {
|
2019-06-12 01:45:26 +03:00
|
|
|
SECItem encodedIssuerNameItem = UnsafeMapInputToSECItem(encodedIssuerName);
|
|
|
|
// Handle imposed name constraints, if any.
|
|
|
|
ScopedAutoSECItem nameConstraints;
|
|
|
|
Input nameConstraintsInput;
|
|
|
|
Input* nameConstraintsInputPtr = nullptr;
|
|
|
|
SECStatus srv =
|
|
|
|
CERT_GetImposedNameConstraints(&encodedIssuerNameItem, &nameConstraints);
|
|
|
|
if (srv == SECSuccess) {
|
|
|
|
if (nameConstraintsInput.Init(nameConstraints.data, nameConstraints.len) !=
|
|
|
|
Success) {
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
|
|
|
}
|
|
|
|
nameConstraintsInputPtr = &nameConstraintsInput;
|
|
|
|
} else if (PR_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND) {
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
|
|
|
}
|
|
|
|
|
|
|
|
// First try all relevant certificates known to Gecko, which avoids calling
|
|
|
|
// CERT_CreateSubjectCertList, because that can be expensive.
|
|
|
|
Vector<Input> geckoRootCandidates;
|
|
|
|
Vector<Input> geckoIntermediateCandidates;
|
2019-02-08 00:52:18 +03:00
|
|
|
|
2019-05-03 02:02:13 +03:00
|
|
|
#ifdef MOZ_NEW_CERT_STORAGE
|
2019-04-30 03:00:48 +03:00
|
|
|
if (!mCertStorage) {
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
|
|
|
}
|
|
|
|
nsTArray<uint8_t> subject;
|
|
|
|
if (!subject.AppendElements(encodedIssuerName.UnsafeGetData(),
|
|
|
|
encodedIssuerName.GetLength())) {
|
|
|
|
return Result::FATAL_ERROR_NO_MEMORY;
|
|
|
|
}
|
|
|
|
nsTArray<nsTArray<uint8_t>> certs;
|
|
|
|
nsresult rv = mCertStorage->FindCertsBySubject(subject, certs);
|
|
|
|
if (NS_FAILED(rv)) {
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
|
|
|
}
|
|
|
|
for (auto& cert : certs) {
|
|
|
|
Input certDER;
|
|
|
|
Result rv = certDER.Init(cert.Elements(), cert.Length());
|
|
|
|
if (rv != Success) {
|
|
|
|
continue; // probably too big
|
|
|
|
}
|
|
|
|
// Currently we're only expecting intermediate certificates in cert storage.
|
2019-06-12 01:45:26 +03:00
|
|
|
if (!geckoIntermediateCandidates.append(certDER)) {
|
2019-04-30 03:00:48 +03:00
|
|
|
return Result::FATAL_ERROR_NO_MEMORY;
|
|
|
|
}
|
|
|
|
}
|
2019-05-03 02:02:13 +03:00
|
|
|
#endif
|
2019-04-30 03:00:48 +03:00
|
|
|
|
2019-06-12 01:45:26 +03:00
|
|
|
// We might not have this module if e.g. we're on a Linux distribution that
|
|
|
|
// does something unexpected.
|
|
|
|
Vector<Vector<uint8_t>> builtInRoots;
|
|
|
|
if (mBuiltInRootsModule) {
|
|
|
|
Result rv = FindRootsWithSubject(mBuiltInRootsModule, encodedIssuerNameItem,
|
|
|
|
builtInRoots);
|
|
|
|
if (rv != Success) {
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
for (const auto& root : builtInRoots) {
|
|
|
|
Input rootInput;
|
|
|
|
rv = rootInput.Init(root.begin(), root.length());
|
|
|
|
if (rv != Success) {
|
|
|
|
continue; // probably too big
|
|
|
|
}
|
|
|
|
if (!geckoRootCandidates.append(rootInput)) {
|
|
|
|
return Result::FATAL_ERROR_NO_MEMORY;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
|
|
|
("NSSCertDBTrustDomain::FindIssuer: no built-in roots module"));
|
|
|
|
}
|
|
|
|
|
|
|
|
for (const auto& thirdPartyRootInput : mThirdPartyRootInputs) {
|
2019-10-04 19:46:08 +03:00
|
|
|
BackCert root(thirdPartyRootInput, EndEntityOrCA::MustBeCA, nullptr);
|
|
|
|
Result rv = root.Init();
|
|
|
|
if (rv != Success) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
// Filter out 3rd party roots that can't be issuers we're looking for
|
|
|
|
// because the subject distinguished name doesn't match. This prevents
|
|
|
|
// mozilla::pkix from accumulating spurious errors during path building.
|
|
|
|
if (!InputsAreEqual(encodedIssuerName, root.GetSubject())) {
|
|
|
|
continue;
|
|
|
|
}
|
2019-06-12 01:45:26 +03:00
|
|
|
if (!geckoRootCandidates.append(thirdPartyRootInput)) {
|
|
|
|
return Result::FATAL_ERROR_NO_MEMORY;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
for (const auto& thirdPartyIntermediateInput :
|
|
|
|
mThirdPartyIntermediateInputs) {
|
2019-10-04 19:46:08 +03:00
|
|
|
BackCert intermediate(thirdPartyIntermediateInput, EndEntityOrCA::MustBeCA,
|
|
|
|
nullptr);
|
|
|
|
Result rv = intermediate.Init();
|
|
|
|
if (rv != Success) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
// Filter out 3rd party intermediates that can't be issuers we're looking
|
|
|
|
// for because the subject distinguished name doesn't match. This prevents
|
|
|
|
// mozilla::pkix from accumulating spurious errors during path building.
|
|
|
|
if (!InputsAreEqual(encodedIssuerName, intermediate.GetSubject())) {
|
|
|
|
continue;
|
|
|
|
}
|
2019-06-12 01:45:26 +03:00
|
|
|
if (!geckoIntermediateCandidates.append(thirdPartyIntermediateInput)) {
|
|
|
|
return Result::FATAL_ERROR_NO_MEMORY;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-10-25 01:48:40 +03:00
|
|
|
if (mExtraCertificates.isSome()) {
|
|
|
|
for (const auto& extraCert : *mExtraCertificates) {
|
|
|
|
Input certInput;
|
|
|
|
Result rv = certInput.Init(extraCert.Elements(), extraCert.Length());
|
|
|
|
if (rv != Success) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
BackCert cert(certInput, EndEntityOrCA::MustBeCA, nullptr);
|
|
|
|
rv = cert.Init();
|
|
|
|
if (rv != Success) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
// Filter out certificates that can't be issuers we're looking for because
|
|
|
|
// the subject distinguished name doesn't match. This prevents
|
|
|
|
// mozilla::pkix from accumulating spurious errors during path building.
|
|
|
|
if (!InputsAreEqual(encodedIssuerName, cert.GetSubject())) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
// We assume that extra certificates (presumably from the TLS handshake)
|
|
|
|
// are intermediates, since sending trust anchors would be superfluous.
|
|
|
|
if (!geckoIntermediateCandidates.append(certInput)) {
|
|
|
|
return Result::FATAL_ERROR_NO_MEMORY;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-06-12 01:45:26 +03:00
|
|
|
// Try all root certs first and then all (presumably) intermediates.
|
|
|
|
if (!geckoRootCandidates.appendAll(geckoIntermediateCandidates)) {
|
|
|
|
return Result::FATAL_ERROR_NO_MEMORY;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool keepGoing = true;
|
|
|
|
Result result = CheckCandidates(*this, checker, geckoRootCandidates,
|
|
|
|
nameConstraintsInputPtr, keepGoing);
|
|
|
|
if (result != Success) {
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
if (!keepGoing) {
|
|
|
|
return Success;
|
|
|
|
}
|
2019-02-08 00:52:18 +03:00
|
|
|
|
2019-01-16 02:34:44 +03:00
|
|
|
// NSS seems not to differentiate between "no potential issuers found" and
|
|
|
|
// "there was an error trying to retrieve the potential issuers." We assume
|
2019-02-08 00:52:18 +03:00
|
|
|
// there was no error if CERT_CreateSubjectCertList returns nullptr.
|
2019-01-16 02:34:44 +03:00
|
|
|
UniqueCERTCertList candidates(CERT_CreateSubjectCertList(
|
|
|
|
nullptr, CERT_GetDefaultCertDB(), &encodedIssuerNameItem, 0, false));
|
2019-10-25 01:48:40 +03:00
|
|
|
Vector<Input> nssRootCandidates;
|
|
|
|
Vector<Input> nssIntermediateCandidates;
|
2019-02-08 00:52:18 +03:00
|
|
|
if (candidates) {
|
|
|
|
for (CERTCertListNode* n = CERT_LIST_HEAD(candidates);
|
|
|
|
!CERT_LIST_END(n, candidates); n = CERT_LIST_NEXT(n)) {
|
|
|
|
Input certDER;
|
|
|
|
Result rv = certDER.Init(n->cert->derCert.data, n->cert->derCert.len);
|
|
|
|
if (rv != Success) {
|
|
|
|
continue; // probably too big
|
2014-12-05 00:37:01 +03:00
|
|
|
}
|
2019-02-08 00:52:18 +03:00
|
|
|
if (n->cert->isRoot) {
|
2019-06-12 01:45:26 +03:00
|
|
|
if (!nssRootCandidates.append(certDER)) {
|
2019-02-08 00:52:18 +03:00
|
|
|
return Result::FATAL_ERROR_NO_MEMORY;
|
|
|
|
}
|
|
|
|
} else {
|
2019-06-12 01:45:26 +03:00
|
|
|
if (!nssIntermediateCandidates.append(certDER)) {
|
2019-02-08 00:52:18 +03:00
|
|
|
return Result::FATAL_ERROR_NO_MEMORY;
|
|
|
|
}
|
2015-04-24 03:26:29 +03:00
|
|
|
}
|
2014-12-05 00:37:01 +03:00
|
|
|
}
|
2019-01-16 02:34:44 +03:00
|
|
|
}
|
2019-06-12 01:45:26 +03:00
|
|
|
if (!nssRootCandidates.appendAll(nssIntermediateCandidates)) {
|
2019-01-16 02:34:44 +03:00
|
|
|
return Result::FATAL_ERROR_NO_MEMORY;
|
|
|
|
}
|
2014-12-05 00:37:01 +03:00
|
|
|
|
2019-06-12 01:45:26 +03:00
|
|
|
return CheckCandidates(*this, checker, nssRootCandidates,
|
|
|
|
nameConstraintsInputPtr, keepGoing);
|
2014-02-10 23:41:12 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
Result NSSCertDBTrustDomain::GetCertTrust(EndEntityOrCA endEntityOrCA,
|
2014-05-16 05:59:52 +04:00
|
|
|
const CertPolicyId& policy,
|
2014-07-31 23:17:31 +04:00
|
|
|
Input candidateCertDER,
|
2014-07-20 22:06:26 +04:00
|
|
|
/*out*/ TrustLevel& trustLevel) {
|
2015-02-26 06:38:00 +03:00
|
|
|
// Check the certificate against the OneCRL cert blocklist
|
2019-05-03 02:02:13 +03:00
|
|
|
#ifdef MOZ_NEW_CERT_STORAGE
|
2019-04-30 03:00:48 +03:00
|
|
|
if (!mCertStorage) {
|
2019-05-03 02:02:13 +03:00
|
|
|
#else
|
|
|
|
if (!mCertBlocklist) {
|
|
|
|
#endif
|
2015-02-26 06:38:00 +03:00
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
|
|
|
}
|
|
|
|
|
2016-12-23 03:57:20 +03:00
|
|
|
// The certificate blocklist currently only applies to TLS server
|
|
|
|
// certificates.
|
|
|
|
if (mCertDBTrustType == trustSSL) {
|
2019-05-03 02:02:13 +03:00
|
|
|
#ifdef MOZ_NEW_CERT_STORAGE
|
2019-03-20 20:00:47 +03:00
|
|
|
int16_t revocationState;
|
2018-09-21 16:10:40 +03:00
|
|
|
|
2019-04-06 00:19:21 +03:00
|
|
|
nsTArray<uint8_t> issuerBytes;
|
|
|
|
nsTArray<uint8_t> serialBytes;
|
|
|
|
nsTArray<uint8_t> subjectBytes;
|
|
|
|
nsTArray<uint8_t> pubKeyBytes;
|
2018-09-21 16:10:40 +03:00
|
|
|
|
2019-09-17 23:30:15 +03:00
|
|
|
Result result =
|
|
|
|
BuildRevocationCheckArrays(candidateCertDER, endEntityOrCA, issuerBytes,
|
|
|
|
serialBytes, subjectBytes, pubKeyBytes);
|
2019-05-03 02:02:13 +03:00
|
|
|
#else
|
|
|
|
bool isCertRevoked;
|
|
|
|
|
|
|
|
nsAutoCString encIssuer;
|
|
|
|
nsAutoCString encSerial;
|
|
|
|
nsAutoCString encSubject;
|
|
|
|
nsAutoCString encPubKey;
|
|
|
|
|
2019-09-17 23:30:15 +03:00
|
|
|
Result result =
|
|
|
|
BuildRevocationCheckStrings(candidateCertDER, endEntityOrCA, encIssuer,
|
|
|
|
encSerial, encSubject, encPubKey);
|
2019-05-03 02:02:13 +03:00
|
|
|
#endif
|
2018-09-21 16:10:40 +03:00
|
|
|
|
2019-09-17 23:30:15 +03:00
|
|
|
if (result != Success) {
|
|
|
|
return result;
|
2018-09-21 16:10:40 +03:00
|
|
|
}
|
|
|
|
|
2019-05-03 02:02:13 +03:00
|
|
|
#ifdef MOZ_NEW_CERT_STORAGE
|
2019-09-17 23:30:15 +03:00
|
|
|
nsresult nsrv = mCertStorage->GetRevocationState(
|
2019-04-06 00:19:21 +03:00
|
|
|
issuerBytes, serialBytes, subjectBytes, pubKeyBytes, &revocationState);
|
2019-05-03 02:02:13 +03:00
|
|
|
#else
|
2019-09-17 23:30:15 +03:00
|
|
|
nsresult nsrv = mCertBlocklist->IsCertRevoked(
|
|
|
|
encIssuer, encSerial, encSubject, encPubKey, &isCertRevoked);
|
2019-05-03 02:02:13 +03:00
|
|
|
#endif
|
2016-12-23 03:57:20 +03:00
|
|
|
if (NS_FAILED(nsrv)) {
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
|
|
|
}
|
2015-02-26 06:38:00 +03:00
|
|
|
|
2019-05-03 02:02:13 +03:00
|
|
|
#ifdef MOZ_NEW_CERT_STORAGE
|
2019-03-20 20:00:47 +03:00
|
|
|
if (revocationState == nsICertStorage::STATE_ENFORCE) {
|
2019-05-03 02:02:13 +03:00
|
|
|
#else
|
|
|
|
if (isCertRevoked) {
|
|
|
|
#endif
|
2016-12-23 03:57:20 +03:00
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
|
|
|
("NSSCertDBTrustDomain: certificate is in blocklist"));
|
|
|
|
return Result::ERROR_REVOKED_CERTIFICATE;
|
|
|
|
}
|
2015-02-26 06:38:00 +03:00
|
|
|
}
|
|
|
|
|
2019-02-02 01:01:00 +03:00
|
|
|
// This may be a third-party root.
|
|
|
|
for (const auto& thirdPartyRootInput : mThirdPartyRootInputs) {
|
|
|
|
if (InputsAreEqual(candidateCertDER, thirdPartyRootInput)) {
|
|
|
|
trustLevel = TrustLevel::TrustAnchor;
|
|
|
|
return Success;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-09-17 23:30:15 +03:00
|
|
|
// This may be a third-party intermediate.
|
|
|
|
for (const auto& thirdPartyIntermediateInput :
|
|
|
|
mThirdPartyIntermediateInputs) {
|
|
|
|
if (InputsAreEqual(candidateCertDER, thirdPartyIntermediateInput)) {
|
|
|
|
trustLevel = TrustLevel::InheritsTrust;
|
|
|
|
return Success;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// XXX: This would be cleaner and more efficient if we could get the trust
|
|
|
|
// information without constructing a CERTCertificate here, but NSS doesn't
|
|
|
|
// expose it in any other easy-to-use fashion. The use of
|
|
|
|
// CERT_NewTempCertificate to get a CERTCertificate shouldn't be a
|
|
|
|
// performance problem for certificates already known to NSS because NSS will
|
|
|
|
// just find the existing CERTCertificate in its in-memory cache and return
|
|
|
|
// it. For certificates not already in NSS (namely third-party roots and
|
|
|
|
// intermediates), we want to avoid calling CERT_NewTempCertificate
|
|
|
|
// repeatedly, so we've already checked if the candidate certificate is a
|
|
|
|
// third-party certificate, above.
|
|
|
|
SECItem candidateCertDERSECItem = UnsafeMapInputToSECItem(candidateCertDER);
|
|
|
|
UniqueCERTCertificate candidateCert(CERT_NewTempCertificate(
|
|
|
|
CERT_GetDefaultCertDB(), &candidateCertDERSECItem, nullptr, false, true));
|
|
|
|
if (!candidateCert) {
|
|
|
|
return MapPRErrorCodeToResult(PR_GetError());
|
|
|
|
}
|
2014-02-10 23:41:12 +04:00
|
|
|
// XXX: CERT_GetCertTrust seems to be abusing SECStatus as a boolean, where
|
|
|
|
// SECSuccess means that there is a trust record and SECFailure means there
|
|
|
|
// is not a trust record. I looked at NSS's internal uses of
|
|
|
|
// CERT_GetCertTrust, and all that code uses the result as a boolean meaning
|
|
|
|
// "We have a trust record."
|
|
|
|
CERTCertTrust trust;
|
2014-06-03 21:47:25 +04:00
|
|
|
if (CERT_GetCertTrust(candidateCert.get(), &trust) == SECSuccess) {
|
2014-08-08 16:39:07 +04:00
|
|
|
uint32_t flags = SEC_GET_TRUST_FLAGS(&trust, mCertDBTrustType);
|
2014-02-10 23:41:12 +04:00
|
|
|
|
|
|
|
// For DISTRUST, we use the CERTDB_TRUSTED or CERTDB_TRUSTED_CA bit,
|
|
|
|
// because we can have active distrust for either type of cert. Note that
|
|
|
|
// CERTDB_TERMINAL_RECORD means "stop trying to inherit trust" so if the
|
|
|
|
// relevant trust bit isn't set then that means the cert must be considered
|
|
|
|
// distrusted.
|
2014-04-26 03:29:26 +04:00
|
|
|
uint32_t relevantTrustBit = endEntityOrCA == EndEntityOrCA::MustBeCA
|
|
|
|
? CERTDB_TRUSTED_CA
|
|
|
|
: CERTDB_TRUSTED;
|
2014-02-10 23:41:12 +04:00
|
|
|
if (((flags & (relevantTrustBit | CERTDB_TERMINAL_RECORD))) ==
|
|
|
|
CERTDB_TERMINAL_RECORD) {
|
2014-07-20 22:06:26 +04:00
|
|
|
trustLevel = TrustLevel::ActivelyDistrusted;
|
2014-07-18 22:48:49 +04:00
|
|
|
return Success;
|
2014-02-10 23:41:12 +04:00
|
|
|
}
|
|
|
|
|
2019-03-18 23:01:02 +03:00
|
|
|
// For TRUST, we use the CERTDB_TRUSTED_CA bit.
|
|
|
|
if (flags & CERTDB_TRUSTED_CA) {
|
2014-05-16 05:59:52 +04:00
|
|
|
if (policy.IsAnyPolicy()) {
|
2014-07-20 22:06:26 +04:00
|
|
|
trustLevel = TrustLevel::TrustAnchor;
|
2014-07-18 22:48:49 +04:00
|
|
|
return Success;
|
2014-02-24 10:15:53 +04:00
|
|
|
}
|
2016-08-05 18:57:44 +03:00
|
|
|
if (CertIsAuthoritativeForEVPolicy(candidateCert, policy)) {
|
2014-07-20 22:06:26 +04:00
|
|
|
trustLevel = TrustLevel::TrustAnchor;
|
2014-07-18 22:48:49 +04:00
|
|
|
return Success;
|
2014-02-24 10:15:53 +04:00
|
|
|
}
|
2014-02-10 23:41:12 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-07-20 22:06:26 +04:00
|
|
|
trustLevel = TrustLevel::InheritsTrust;
|
2014-07-18 22:48:49 +04:00
|
|
|
return Success;
|
2014-02-10 23:41:12 +04:00
|
|
|
}
|
|
|
|
|
2015-02-07 23:14:31 +03:00
|
|
|
Result NSSCertDBTrustDomain::DigestBuf(Input item, DigestAlgorithm digestAlg,
|
2014-07-07 06:36:05 +04:00
|
|
|
/*out*/ uint8_t* digestBuf,
|
|
|
|
size_t digestBufLen) {
|
2015-02-07 23:14:31 +03:00
|
|
|
return DigestBufNSS(item, digestAlg, digestBuf, digestBufLen);
|
2014-07-07 06:36:05 +04:00
|
|
|
}
|
|
|
|
|
2017-04-01 01:21:40 +03:00
|
|
|
TimeDuration NSSCertDBTrustDomain::GetOCSPTimeout() const {
|
|
|
|
switch (mOCSPFetching) {
|
2014-05-02 02:07:55 +04:00
|
|
|
case NSSCertDBTrustDomain::FetchOCSPForDVSoftFail:
|
2017-04-01 01:21:40 +03:00
|
|
|
return mOCSPTimeoutSoft;
|
2014-05-02 02:07:55 +04:00
|
|
|
case NSSCertDBTrustDomain::FetchOCSPForEV:
|
|
|
|
case NSSCertDBTrustDomain::FetchOCSPForDVHardFail:
|
2017-04-01 01:21:40 +03:00
|
|
|
return mOCSPTimeoutHard;
|
2014-05-02 02:07:55 +04:00
|
|
|
// The rest of these are error cases. Assert in debug builds, but return
|
2017-04-01 01:21:40 +03:00
|
|
|
// the soft timeout value in release builds.
|
2014-05-02 02:07:55 +04:00
|
|
|
case NSSCertDBTrustDomain::NeverFetchOCSP:
|
|
|
|
case NSSCertDBTrustDomain::LocalOnlyOCSPForEV:
|
2017-01-14 08:12:43 +03:00
|
|
|
MOZ_ASSERT_UNREACHABLE("we should never see this OCSPFetching type here");
|
2015-12-25 10:03:35 +03:00
|
|
|
break;
|
2014-05-02 02:07:55 +04:00
|
|
|
}
|
2015-12-25 10:03:35 +03:00
|
|
|
|
2017-01-14 08:12:43 +03:00
|
|
|
MOZ_ASSERT_UNREACHABLE("we're not handling every OCSPFetching type");
|
2017-04-01 01:21:40 +03:00
|
|
|
return mOCSPTimeoutSoft;
|
2014-05-02 02:07:55 +04:00
|
|
|
}
|
|
|
|
|
2014-06-20 21:10:51 +04:00
|
|
|
// Copied and modified from CERT_GetOCSPAuthorityInfoAccessLocation and
|
2016-04-05 03:35:24 +03:00
|
|
|
// CERT_GetGeneralNameByType. Returns a non-Result::Success result on error,
|
bug 1456489 - prevent making OCSP requests on the main thread r=fkiefer,jcj
OCSP requests cannot be performed on the main thread. If we were to wait for a
response from the network, we would be blocking the main thread for an
unnaceptably long time. If we were to spin the event loop while waiting (which
is what we do currently), other parts of the code that assume this will never
happen (which is essentially all of them) can break.
As of bug 867473, no certificate verification happens on the main thread, so no
OCSP requests happen on the main thread. Given this, we can go ahead and
prohibit such requests.
Incidentally, this gives us an opportunity to improve the current OCSP
implementation, which has a few drawbacks (the largest of which is that it's
unclear that its ownership model is implemented correctly).
This also removes OCSP GET support. Due to recent OCSP server implementations
(namely, the ability to cache OCSP POST request responses), OCSP GET is not a
compelling technology to pursue. Furthermore, continued support presents a
maintenance burden.
MozReview-Commit-ID: 4ACDY09nCBA
--HG--
extra : rebase_source : 072564adf1836720e147b8250afca7cebe4dbf62
2018-04-23 19:09:35 +03:00
|
|
|
// Success with result.IsVoid() == true when an OCSP URI was not found, and
|
|
|
|
// Success with result.IsVoid() == false when an OCSP URI was found.
|
2016-04-05 03:35:24 +03:00
|
|
|
static Result GetOCSPAuthorityInfoAccessLocation(const UniquePLArenaPool& arena,
|
2014-07-31 23:17:31 +04:00
|
|
|
Input aiaExtension,
|
bug 1456489 - prevent making OCSP requests on the main thread r=fkiefer,jcj
OCSP requests cannot be performed on the main thread. If we were to wait for a
response from the network, we would be blocking the main thread for an
unnaceptably long time. If we were to spin the event loop while waiting (which
is what we do currently), other parts of the code that assume this will never
happen (which is essentially all of them) can break.
As of bug 867473, no certificate verification happens on the main thread, so no
OCSP requests happen on the main thread. Given this, we can go ahead and
prohibit such requests.
Incidentally, this gives us an opportunity to improve the current OCSP
implementation, which has a few drawbacks (the largest of which is that it's
unclear that its ownership model is implemented correctly).
This also removes OCSP GET support. Due to recent OCSP server implementations
(namely, the ability to cache OCSP POST request responses), OCSP GET is not a
compelling technology to pursue. Furthermore, continued support presents a
maintenance burden.
MozReview-Commit-ID: 4ACDY09nCBA
--HG--
extra : rebase_source : 072564adf1836720e147b8250afca7cebe4dbf62
2018-04-23 19:09:35 +03:00
|
|
|
/*out*/ nsCString& result) {
|
2016-04-05 03:35:24 +03:00
|
|
|
MOZ_ASSERT(arena.get());
|
|
|
|
if (!arena.get()) {
|
|
|
|
return Result::FATAL_ERROR_INVALID_ARGS;
|
|
|
|
}
|
|
|
|
|
bug 1456489 - prevent making OCSP requests on the main thread r=fkiefer,jcj
OCSP requests cannot be performed on the main thread. If we were to wait for a
response from the network, we would be blocking the main thread for an
unnaceptably long time. If we were to spin the event loop while waiting (which
is what we do currently), other parts of the code that assume this will never
happen (which is essentially all of them) can break.
As of bug 867473, no certificate verification happens on the main thread, so no
OCSP requests happen on the main thread. Given this, we can go ahead and
prohibit such requests.
Incidentally, this gives us an opportunity to improve the current OCSP
implementation, which has a few drawbacks (the largest of which is that it's
unclear that its ownership model is implemented correctly).
This also removes OCSP GET support. Due to recent OCSP server implementations
(namely, the ability to cache OCSP POST request responses), OCSP GET is not a
compelling technology to pursue. Furthermore, continued support presents a
maintenance burden.
MozReview-Commit-ID: 4ACDY09nCBA
--HG--
extra : rebase_source : 072564adf1836720e147b8250afca7cebe4dbf62
2018-04-23 19:09:35 +03:00
|
|
|
result.Assign(VoidCString());
|
2014-07-31 23:17:31 +04:00
|
|
|
SECItem aiaExtensionSECItem = UnsafeMapInputToSECItem(aiaExtension);
|
2014-07-19 09:30:51 +04:00
|
|
|
CERTAuthInfoAccess** aia =
|
2016-04-05 03:35:24 +03:00
|
|
|
CERT_DecodeAuthInfoAccessExtension(arena.get(), &aiaExtensionSECItem);
|
2014-06-20 21:10:51 +04:00
|
|
|
if (!aia) {
|
2014-07-18 22:48:49 +04:00
|
|
|
return Result::ERROR_CERT_BAD_ACCESS_LOCATION;
|
2014-06-20 21:10:51 +04:00
|
|
|
}
|
|
|
|
for (size_t i = 0; aia[i]; ++i) {
|
|
|
|
if (SECOID_FindOIDTag(&aia[i]->method) == SEC_OID_PKIX_OCSP) {
|
|
|
|
// NSS chooses the **last** OCSP URL; we choose the **first**
|
|
|
|
CERTGeneralName* current = aia[i]->location;
|
|
|
|
if (!current) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
do {
|
|
|
|
if (current->type == certURI) {
|
|
|
|
const SECItem& location = current->name.other;
|
|
|
|
// (location.len + 1) must be small enough to fit into a uint32_t,
|
|
|
|
// but we limit it to a smaller bound to reduce OOM risk.
|
|
|
|
if (location.len > 1024 || memchr(location.data, 0, location.len)) {
|
|
|
|
// Reject embedded nulls. (NSS doesn't do this)
|
2014-07-18 22:48:49 +04:00
|
|
|
return Result::ERROR_CERT_BAD_ACCESS_LOCATION;
|
2014-06-20 21:10:51 +04:00
|
|
|
}
|
bug 1456489 - prevent making OCSP requests on the main thread r=fkiefer,jcj
OCSP requests cannot be performed on the main thread. If we were to wait for a
response from the network, we would be blocking the main thread for an
unnaceptably long time. If we were to spin the event loop while waiting (which
is what we do currently), other parts of the code that assume this will never
happen (which is essentially all of them) can break.
As of bug 867473, no certificate verification happens on the main thread, so no
OCSP requests happen on the main thread. Given this, we can go ahead and
prohibit such requests.
Incidentally, this gives us an opportunity to improve the current OCSP
implementation, which has a few drawbacks (the largest of which is that it's
unclear that its ownership model is implemented correctly).
This also removes OCSP GET support. Due to recent OCSP server implementations
(namely, the ability to cache OCSP POST request responses), OCSP GET is not a
compelling technology to pursue. Furthermore, continued support presents a
maintenance burden.
MozReview-Commit-ID: 4ACDY09nCBA
--HG--
extra : rebase_source : 072564adf1836720e147b8250afca7cebe4dbf62
2018-04-23 19:09:35 +03:00
|
|
|
result.Assign(nsDependentCSubstring(
|
|
|
|
reinterpret_cast<const char*>(location.data), location.len));
|
2014-07-18 22:48:49 +04:00
|
|
|
return Success;
|
2014-06-20 21:10:51 +04:00
|
|
|
}
|
|
|
|
current = CERT_GetNextGeneralName(current);
|
|
|
|
} while (current != aia[i]->location);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-07-18 22:48:49 +04:00
|
|
|
return Success;
|
2014-06-20 21:10:51 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
Result NSSCertDBTrustDomain::CheckRevocation(
|
2014-08-02 19:49:12 +04:00
|
|
|
EndEntityOrCA endEntityOrCA, const CertID& certID, Time time,
|
2019-12-06 01:41:53 +03:00
|
|
|
Time certValidityPeriodBeginning, Duration validityDuration,
|
2014-07-31 23:17:31 +04:00
|
|
|
/*optional*/ const Input* stapledOCSPResponse,
|
|
|
|
/*optional*/ const Input* aiaExtension) {
|
2014-02-17 05:35:40 +04:00
|
|
|
// Actively distrusted certificates will have already been blocked by
|
|
|
|
// GetCertTrust.
|
|
|
|
|
|
|
|
// TODO: need to verify that IsRevoked isn't called for trust anchors AND
|
2014-03-21 01:29:21 +04:00
|
|
|
// that that fact is documented in mozillapkix.
|
2014-02-17 05:35:40 +04:00
|
|
|
|
2015-06-04 01:25:57 +03:00
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
2014-02-17 05:35:40 +04:00
|
|
|
("NSSCertDBTrustDomain: Top of CheckRevocation\n"));
|
|
|
|
|
2019-12-11 02:32:51 +03:00
|
|
|
Maybe<TimeDuration> crliteLookupDuration;
|
2019-12-06 01:41:53 +03:00
|
|
|
#ifdef MOZ_NEW_CERT_STORAGE
|
|
|
|
if (endEntityOrCA == EndEntityOrCA::MustBeEndEntity &&
|
|
|
|
mCRLiteMode != CRLiteMode::Disabled) {
|
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
|
|
|
("NSSCertDBTrustDomain::CheckRevocation: checking CRLite"));
|
|
|
|
nsTArray<uint8_t> issuerBytes;
|
|
|
|
issuerBytes.AppendElements(certID.issuer.UnsafeGetData(),
|
|
|
|
certID.issuer.GetLength());
|
|
|
|
nsTArray<uint8_t> issuerSubjectPublicKeyInfoBytes;
|
|
|
|
issuerSubjectPublicKeyInfoBytes.AppendElements(
|
|
|
|
certID.issuerSubjectPublicKeyInfo.UnsafeGetData(),
|
|
|
|
certID.issuerSubjectPublicKeyInfo.GetLength());
|
|
|
|
nsTArray<uint8_t> serialNumberBytes;
|
|
|
|
serialNumberBytes.AppendElements(certID.serialNumber.UnsafeGetData(),
|
|
|
|
certID.serialNumber.GetLength());
|
|
|
|
uint64_t filterTimestamp;
|
|
|
|
int16_t crliteRevocationState;
|
2019-12-11 02:32:51 +03:00
|
|
|
TimeStamp crliteLookupBefore = TimeStamp::Now();
|
2019-12-06 01:41:53 +03:00
|
|
|
nsresult rv = mCertStorage->GetCRLiteRevocationState(
|
|
|
|
issuerBytes, issuerSubjectPublicKeyInfoBytes, serialNumberBytes,
|
|
|
|
&filterTimestamp, &crliteRevocationState);
|
2019-12-11 02:32:51 +03:00
|
|
|
TimeStamp crliteLookupAfter = TimeStamp::Now();
|
2019-12-06 01:41:53 +03:00
|
|
|
if (NS_FAILED(rv)) {
|
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
|
|
|
("NSSCertDBTrustDomain::CheckRevocation: CRLite call failed"));
|
|
|
|
if (mCRLiteTelemetryInfo) {
|
2019-12-11 02:32:51 +03:00
|
|
|
mCRLiteTelemetryInfo->mLookupResult =
|
|
|
|
CRLiteLookupResult::LibraryFailure;
|
2019-12-06 01:41:53 +03:00
|
|
|
}
|
|
|
|
if (mCRLiteMode == CRLiteMode::Enforce) {
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
|
|
|
("NSSCertDBTrustDomain::CheckRevocation: CRLite check returned "
|
|
|
|
"state=%hd filter timestamp=%llu",
|
|
|
|
crliteRevocationState,
|
|
|
|
// The cast is to silence warnings on compilers where uint64_t is
|
|
|
|
// an unsigned long as opposed to an unsigned long long.
|
|
|
|
static_cast<unsigned long long>(filterTimestamp)));
|
2019-12-11 02:32:51 +03:00
|
|
|
// If and only if the filter timestamp is non-zero and we didn't get a
|
|
|
|
// "not enrolled" result, we performed a full CRLite lookup.
|
|
|
|
// We only want to note the lookup duration when we actually did a lookup.
|
|
|
|
if (filterTimestamp != 0 &&
|
|
|
|
crliteRevocationState != nsICertStorage::STATE_NOT_ENROLLED) {
|
|
|
|
crliteLookupDuration.emplace(crliteLookupAfter - crliteLookupBefore);
|
|
|
|
}
|
2019-12-06 01:41:53 +03:00
|
|
|
Time filterTimestampTime(TimeFromEpochInSeconds(filterTimestamp));
|
|
|
|
// We can only use this result if this certificate's `notBefore` time
|
|
|
|
// (i.e. the beginning of its validity period) is older than what cert
|
|
|
|
// storage returned for its CRLite timestamp. Otherwise, the CRLite filter
|
|
|
|
// cascade may have been created before this certificate existed, and if
|
|
|
|
// it would create a false positive, it hasn't been accounted for.
|
|
|
|
if (certValidityPeriodBeginning <= filterTimestampTime &&
|
|
|
|
crliteRevocationState == nsICertStorage::STATE_ENFORCE) {
|
|
|
|
if (mCRLiteTelemetryInfo) {
|
2019-12-11 02:32:51 +03:00
|
|
|
mCRLiteTelemetryInfo->mLookupResult =
|
|
|
|
CRLiteLookupResult::CertificateRevoked;
|
2019-12-06 01:41:53 +03:00
|
|
|
}
|
|
|
|
if (mCRLiteMode == CRLiteMode::Enforce) {
|
|
|
|
MOZ_LOG(
|
|
|
|
gCertVerifierLog, LogLevel::Debug,
|
|
|
|
("NSSCertDBTrustDomain::CheckRevocation: certificate revoked via "
|
|
|
|
"CRLite"));
|
|
|
|
return Result::ERROR_REVOKED_CERTIFICATE;
|
|
|
|
}
|
|
|
|
MOZ_LOG(
|
|
|
|
gCertVerifierLog, LogLevel::Debug,
|
|
|
|
("NSSCertDBTrustDomain::CheckRevocation: certificate revoked via "
|
|
|
|
"CRLite (not enforced - telemetry only)"));
|
|
|
|
}
|
|
|
|
|
|
|
|
if (crliteRevocationState == nsICertStorage::STATE_NOT_ENROLLED) {
|
|
|
|
if (mCRLiteTelemetryInfo) {
|
2019-12-11 02:32:51 +03:00
|
|
|
mCRLiteTelemetryInfo->mLookupResult =
|
|
|
|
CRLiteLookupResult::IssuerNotEnrolled;
|
2019-12-06 01:41:53 +03:00
|
|
|
}
|
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
|
|
|
("NSSCertDBTrustDomain::CheckRevocation: issuer not enrolled"));
|
|
|
|
}
|
|
|
|
if (filterTimestamp == 0) {
|
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
|
|
|
("NSSCertDBTrustDomain::CheckRevocation: no timestamp"));
|
|
|
|
if (mCRLiteTelemetryInfo) {
|
2019-12-11 02:32:51 +03:00
|
|
|
mCRLiteTelemetryInfo->mLookupResult =
|
|
|
|
CRLiteLookupResult::FilterNotAvailable;
|
2019-12-06 01:41:53 +03:00
|
|
|
}
|
|
|
|
} else if (certValidityPeriodBeginning > filterTimestampTime) {
|
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
|
|
|
("NSSCertDBTrustDomain::CheckRevocation: cert too new"));
|
|
|
|
if (mCRLiteTelemetryInfo) {
|
2019-12-11 02:32:51 +03:00
|
|
|
mCRLiteTelemetryInfo->mLookupResult =
|
|
|
|
CRLiteLookupResult::CertificateTooNew;
|
2019-12-06 01:41:53 +03:00
|
|
|
}
|
|
|
|
} else if (crliteRevocationState == nsICertStorage::STATE_UNSET &&
|
|
|
|
mCRLiteTelemetryInfo) {
|
2019-12-11 02:32:51 +03:00
|
|
|
mCRLiteTelemetryInfo->mLookupResult =
|
|
|
|
CRLiteLookupResult::CertificateValid;
|
2019-12-06 01:41:53 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2019-12-09 18:22:29 +03:00
|
|
|
#else
|
|
|
|
// "use" these fields to stop the compiler from complaining when
|
|
|
|
// MOZ_NEW_CERT_STORAGE is disabled.
|
|
|
|
Unused << mCRLiteMode;
|
|
|
|
Unused << mCRLiteTelemetryInfo;
|
2019-12-06 01:41:53 +03:00
|
|
|
#endif
|
|
|
|
|
2014-05-31 03:12:36 +04:00
|
|
|
// Bug 991815: The BR allow OCSP for intermediates to be up to one year old.
|
|
|
|
// Since this affects EV there is no reason why DV should be more strict
|
2019-10-15 20:11:35 +03:00
|
|
|
// so all intermediates are allowed to have OCSP responses up to one year
|
2014-05-31 03:12:36 +04:00
|
|
|
// old.
|
|
|
|
uint16_t maxOCSPLifetimeInDays = 10;
|
|
|
|
if (endEntityOrCA == EndEntityOrCA::MustBeCA) {
|
|
|
|
maxOCSPLifetimeInDays = 365;
|
|
|
|
}
|
|
|
|
|
2014-02-17 05:35:40 +04:00
|
|
|
// If we have a stapled OCSP response then the verification of that response
|
|
|
|
// determines the result unless the OCSP response is expired. We make an
|
|
|
|
// exception for expired responses because some servers, nginx in particular,
|
|
|
|
// are known to serve expired responses due to bugs.
|
2014-06-20 20:01:57 +04:00
|
|
|
// We keep track of the result of verifying the stapled response but don't
|
|
|
|
// immediately return failure if the response has expired.
|
2014-12-20 18:03:57 +03:00
|
|
|
//
|
|
|
|
// We only set the OCSP stapling status if we're validating the end-entity
|
|
|
|
// certificate. Non-end-entity certificates would always be
|
|
|
|
// OCSP_STAPLING_NONE unless/until we implement multi-stapling.
|
2014-07-18 22:48:49 +04:00
|
|
|
Result stapledOCSPResponseResult = Success;
|
2014-02-17 05:35:40 +04:00
|
|
|
if (stapledOCSPResponse) {
|
2017-01-02 09:11:30 +03:00
|
|
|
MOZ_ASSERT(endEntityOrCA == EndEntityOrCA::MustBeEndEntity);
|
2014-06-20 20:01:57 +04:00
|
|
|
bool expired;
|
2014-07-18 22:48:49 +04:00
|
|
|
stapledOCSPResponseResult = VerifyAndMaybeCacheEncodedOCSPResponse(
|
|
|
|
certID, time, maxOCSPLifetimeInDays, *stapledOCSPResponse,
|
|
|
|
ResponseWasStapled, expired);
|
|
|
|
if (stapledOCSPResponseResult == Success) {
|
2014-03-13 20:41:03 +04:00
|
|
|
// stapled OCSP response present and good
|
2014-12-12 10:22:35 +03:00
|
|
|
mOCSPStaplingStatus = CertVerifier::OCSP_STAPLING_GOOD;
|
2015-06-04 01:25:57 +03:00
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
2014-03-13 00:08:48 +04:00
|
|
|
("NSSCertDBTrustDomain: stapled OCSP response: good"));
|
2014-07-18 22:48:49 +04:00
|
|
|
return Success;
|
2014-02-17 05:35:40 +04:00
|
|
|
}
|
2014-07-18 22:48:49 +04:00
|
|
|
if (stapledOCSPResponseResult == Result::ERROR_OCSP_OLD_RESPONSE ||
|
2014-06-20 20:01:57 +04:00
|
|
|
expired) {
|
|
|
|
// stapled OCSP response present but expired
|
2014-12-12 10:22:35 +03:00
|
|
|
mOCSPStaplingStatus = CertVerifier::OCSP_STAPLING_EXPIRED;
|
2015-06-04 01:25:57 +03:00
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
2014-06-20 20:01:57 +04:00
|
|
|
("NSSCertDBTrustDomain: expired stapled OCSP response"));
|
2017-11-09 02:50:26 +03:00
|
|
|
} else if (stapledOCSPResponseResult ==
|
|
|
|
Result::ERROR_OCSP_TRY_SERVER_LATER ||
|
|
|
|
stapledOCSPResponseResult ==
|
|
|
|
Result::ERROR_OCSP_INVALID_SIGNING_CERT) {
|
|
|
|
// Stapled OCSP response present but invalid for a small number of reasons
|
|
|
|
// CAs/servers commonly get wrong. This will be treated similarly to an
|
|
|
|
// expired stapled response.
|
|
|
|
mOCSPStaplingStatus = CertVerifier::OCSP_STAPLING_INVALID;
|
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
|
|
|
("NSSCertDBTrustDomain: stapled OCSP response: "
|
|
|
|
"failure (whitelisted for compatibility)"));
|
2014-06-20 20:01:57 +04:00
|
|
|
} else {
|
2014-03-13 20:41:03 +04:00
|
|
|
// stapled OCSP response present but invalid for some reason
|
2014-12-12 10:22:35 +03:00
|
|
|
mOCSPStaplingStatus = CertVerifier::OCSP_STAPLING_INVALID;
|
2015-06-04 01:25:57 +03:00
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
2014-03-13 00:08:48 +04:00
|
|
|
("NSSCertDBTrustDomain: stapled OCSP response: failure"));
|
2014-07-18 22:48:49 +04:00
|
|
|
return stapledOCSPResponseResult;
|
2014-02-17 05:35:40 +04:00
|
|
|
}
|
2014-12-20 18:03:57 +03:00
|
|
|
} else if (endEntityOrCA == EndEntityOrCA::MustBeEndEntity) {
|
2014-03-13 20:41:03 +04:00
|
|
|
// no stapled OCSP response
|
2014-12-12 10:22:35 +03:00
|
|
|
mOCSPStaplingStatus = CertVerifier::OCSP_STAPLING_NONE;
|
2015-06-04 01:25:57 +03:00
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
2014-03-13 00:08:48 +04:00
|
|
|
("NSSCertDBTrustDomain: no stapled OCSP response"));
|
2014-02-17 05:35:40 +04:00
|
|
|
}
|
|
|
|
|
2014-07-18 22:48:49 +04:00
|
|
|
Result cachedResponseResult = Success;
|
2014-08-02 19:49:12 +04:00
|
|
|
Time cachedResponseValidThrough(Time::uninitialized);
|
2016-11-14 13:26:15 +03:00
|
|
|
bool cachedResponsePresent =
|
|
|
|
mOCSPCache.Get(certID, mOriginAttributes, cachedResponseResult,
|
2014-03-13 00:08:48 +04:00
|
|
|
cachedResponseValidThrough);
|
|
|
|
if (cachedResponsePresent) {
|
2014-07-18 22:48:49 +04:00
|
|
|
if (cachedResponseResult == Success && cachedResponseValidThrough >= time) {
|
2015-06-04 01:25:57 +03:00
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
2014-03-13 00:08:48 +04:00
|
|
|
("NSSCertDBTrustDomain: cached OCSP response: good"));
|
2014-07-18 22:48:49 +04:00
|
|
|
return Success;
|
2014-03-13 00:08:48 +04:00
|
|
|
}
|
|
|
|
// If we have a cached revoked response, use it.
|
2014-07-18 22:48:49 +04:00
|
|
|
if (cachedResponseResult == Result::ERROR_REVOKED_CERTIFICATE) {
|
2015-06-04 01:25:57 +03:00
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
2014-03-13 00:08:48 +04:00
|
|
|
("NSSCertDBTrustDomain: cached OCSP response: revoked"));
|
2014-07-18 22:48:49 +04:00
|
|
|
return Result::ERROR_REVOKED_CERTIFICATE;
|
2014-03-13 00:08:48 +04:00
|
|
|
}
|
|
|
|
// The cached response may indicate an unknown certificate or it may be
|
|
|
|
// expired. Don't return with either of these statuses yet - we may be
|
|
|
|
// able to fetch a more recent one.
|
2015-06-04 01:25:57 +03:00
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
2015-12-29 04:41:54 +03:00
|
|
|
("NSSCertDBTrustDomain: cached OCSP response: error %d",
|
2016-12-16 06:16:31 +03:00
|
|
|
static_cast<int>(cachedResponseResult)));
|
2014-03-13 00:08:48 +04:00
|
|
|
// When a good cached response has expired, it is more convenient
|
|
|
|
// to convert that to an error code and just deal with
|
2014-07-18 22:48:49 +04:00
|
|
|
// cachedResponseResult from here on out.
|
|
|
|
if (cachedResponseResult == Success && cachedResponseValidThrough < time) {
|
|
|
|
cachedResponseResult = Result::ERROR_OCSP_OLD_RESPONSE;
|
2014-03-13 00:08:48 +04:00
|
|
|
}
|
2014-04-29 03:38:15 +04:00
|
|
|
// We may have a cached indication of server failure. Ignore it if
|
|
|
|
// it has expired.
|
2014-07-18 22:48:49 +04:00
|
|
|
if (cachedResponseResult != Success &&
|
|
|
|
cachedResponseResult != Result::ERROR_OCSP_UNKNOWN_CERT &&
|
|
|
|
cachedResponseResult != Result::ERROR_OCSP_OLD_RESPONSE &&
|
2014-04-29 03:38:15 +04:00
|
|
|
cachedResponseValidThrough < time) {
|
2014-07-18 22:48:49 +04:00
|
|
|
cachedResponseResult = Success;
|
2014-04-29 03:38:15 +04:00
|
|
|
cachedResponsePresent = false;
|
|
|
|
}
|
2014-03-13 00:08:48 +04:00
|
|
|
} else {
|
2015-06-04 01:25:57 +03:00
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
2014-03-13 00:08:48 +04:00
|
|
|
("NSSCertDBTrustDomain: no cached OCSP response"));
|
|
|
|
}
|
2014-07-18 22:48:49 +04:00
|
|
|
// At this point, if and only if cachedErrorResult is Success, there was no
|
2014-03-13 00:08:48 +04:00
|
|
|
// cached response.
|
2017-01-02 09:11:30 +03:00
|
|
|
MOZ_ASSERT((!cachedResponsePresent && cachedResponseResult == Success) ||
|
|
|
|
(cachedResponsePresent && cachedResponseResult != Success));
|
2014-02-17 05:35:40 +04:00
|
|
|
|
2015-05-07 20:54:05 +03:00
|
|
|
// If we have a fresh OneCRL Blocklist we can skip OCSP for CA certs
|
|
|
|
bool blocklistIsFresh;
|
2019-05-03 02:02:13 +03:00
|
|
|
#ifdef MOZ_NEW_CERT_STORAGE
|
2019-04-30 03:00:48 +03:00
|
|
|
nsresult nsrv = mCertStorage->IsBlocklistFresh(&blocklistIsFresh);
|
2019-05-03 02:02:13 +03:00
|
|
|
#else
|
|
|
|
nsresult nsrv = mCertBlocklist->IsBlocklistFresh(&blocklistIsFresh);
|
|
|
|
#endif
|
2015-05-07 20:54:05 +03:00
|
|
|
if (NS_FAILED(nsrv)) {
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
|
|
|
}
|
|
|
|
|
2017-11-09 02:50:26 +03:00
|
|
|
// TODO: We still need to handle the fallback for invalid stapled responses.
|
|
|
|
// But, if/when we disable OCSP fetching by default, it would be ambiguous
|
|
|
|
// whether security.OCSP.enable==0 means "I want the default" or "I really
|
|
|
|
// never want you to ever fetch OCSP."
|
|
|
|
// Additionally, this doesn't properly handle OCSP-must-staple when OCSP
|
|
|
|
// fetching is disabled.
|
2015-04-07 02:10:28 +03:00
|
|
|
Duration shortLifetime(mCertShortLifetimeInDays * Time::ONE_DAY_IN_SECONDS);
|
2015-05-16 23:38:34 +03:00
|
|
|
if ((mOCSPFetching == NeverFetchOCSP) || (validityDuration < shortLifetime) ||
|
|
|
|
(endEntityOrCA == EndEntityOrCA::MustBeCA &&
|
|
|
|
(mOCSPFetching == FetchOCSPForDVHardFail ||
|
|
|
|
mOCSPFetching == FetchOCSPForDVSoftFail || blocklistIsFresh))) {
|
2014-03-13 00:08:48 +04:00
|
|
|
// We're not going to be doing any fetching, so if there was a cached
|
|
|
|
// "unknown" response, say so.
|
2014-07-18 22:48:49 +04:00
|
|
|
if (cachedResponseResult == Result::ERROR_OCSP_UNKNOWN_CERT) {
|
|
|
|
return Result::ERROR_OCSP_UNKNOWN_CERT;
|
2014-03-13 00:08:48 +04:00
|
|
|
}
|
|
|
|
// If we're doing hard-fail, we want to know if we have a cached response
|
|
|
|
// that has expired.
|
|
|
|
if (mOCSPFetching == FetchOCSPForDVHardFail &&
|
2014-07-18 22:48:49 +04:00
|
|
|
cachedResponseResult == Result::ERROR_OCSP_OLD_RESPONSE) {
|
|
|
|
return Result::ERROR_OCSP_OLD_RESPONSE;
|
2014-03-13 00:08:48 +04:00
|
|
|
}
|
|
|
|
|
2014-07-18 22:48:49 +04:00
|
|
|
return Success;
|
2014-02-24 10:15:53 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
if (mOCSPFetching == LocalOnlyOCSPForEV) {
|
2014-07-18 22:48:49 +04:00
|
|
|
if (cachedResponseResult != Success) {
|
|
|
|
return cachedResponseResult;
|
|
|
|
}
|
|
|
|
return Result::ERROR_OCSP_UNKNOWN_CERT;
|
2014-02-24 10:15:53 +04:00
|
|
|
}
|
|
|
|
|
2016-04-05 03:35:24 +03:00
|
|
|
UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
|
2014-06-20 21:10:51 +04:00
|
|
|
if (!arena) {
|
2014-07-18 22:48:49 +04:00
|
|
|
return Result::FATAL_ERROR_NO_MEMORY;
|
2014-06-20 21:10:51 +04:00
|
|
|
}
|
|
|
|
|
2014-07-18 22:48:49 +04:00
|
|
|
Result rv;
|
bug 1456489 - prevent making OCSP requests on the main thread r=fkiefer,jcj
OCSP requests cannot be performed on the main thread. If we were to wait for a
response from the network, we would be blocking the main thread for an
unnaceptably long time. If we were to spin the event loop while waiting (which
is what we do currently), other parts of the code that assume this will never
happen (which is essentially all of them) can break.
As of bug 867473, no certificate verification happens on the main thread, so no
OCSP requests happen on the main thread. Given this, we can go ahead and
prohibit such requests.
Incidentally, this gives us an opportunity to improve the current OCSP
implementation, which has a few drawbacks (the largest of which is that it's
unclear that its ownership model is implemented correctly).
This also removes OCSP GET support. Due to recent OCSP server implementations
(namely, the ability to cache OCSP POST request responses), OCSP GET is not a
compelling technology to pursue. Furthermore, continued support presents a
maintenance burden.
MozReview-Commit-ID: 4ACDY09nCBA
--HG--
extra : rebase_source : 072564adf1836720e147b8250afca7cebe4dbf62
2018-04-23 19:09:35 +03:00
|
|
|
nsCString aiaLocation(VoidCString());
|
2014-06-20 21:10:51 +04:00
|
|
|
|
|
|
|
if (aiaExtension) {
|
bug 1456489 - prevent making OCSP requests on the main thread r=fkiefer,jcj
OCSP requests cannot be performed on the main thread. If we were to wait for a
response from the network, we would be blocking the main thread for an
unnaceptably long time. If we were to spin the event loop while waiting (which
is what we do currently), other parts of the code that assume this will never
happen (which is essentially all of them) can break.
As of bug 867473, no certificate verification happens on the main thread, so no
OCSP requests happen on the main thread. Given this, we can go ahead and
prohibit such requests.
Incidentally, this gives us an opportunity to improve the current OCSP
implementation, which has a few drawbacks (the largest of which is that it's
unclear that its ownership model is implemented correctly).
This also removes OCSP GET support. Due to recent OCSP server implementations
(namely, the ability to cache OCSP POST request responses), OCSP GET is not a
compelling technology to pursue. Furthermore, continued support presents a
maintenance burden.
MozReview-Commit-ID: 4ACDY09nCBA
--HG--
extra : rebase_source : 072564adf1836720e147b8250afca7cebe4dbf62
2018-04-23 19:09:35 +03:00
|
|
|
rv = GetOCSPAuthorityInfoAccessLocation(arena, *aiaExtension, aiaLocation);
|
2014-07-18 22:48:49 +04:00
|
|
|
if (rv != Success) {
|
|
|
|
return rv;
|
2014-06-20 21:10:51 +04:00
|
|
|
}
|
|
|
|
}
|
2014-02-24 10:15:53 +04:00
|
|
|
|
bug 1456489 - prevent making OCSP requests on the main thread r=fkiefer,jcj
OCSP requests cannot be performed on the main thread. If we were to wait for a
response from the network, we would be blocking the main thread for an
unnaceptably long time. If we were to spin the event loop while waiting (which
is what we do currently), other parts of the code that assume this will never
happen (which is essentially all of them) can break.
As of bug 867473, no certificate verification happens on the main thread, so no
OCSP requests happen on the main thread. Given this, we can go ahead and
prohibit such requests.
Incidentally, this gives us an opportunity to improve the current OCSP
implementation, which has a few drawbacks (the largest of which is that it's
unclear that its ownership model is implemented correctly).
This also removes OCSP GET support. Due to recent OCSP server implementations
(namely, the ability to cache OCSP POST request responses), OCSP GET is not a
compelling technology to pursue. Furthermore, continued support presents a
maintenance burden.
MozReview-Commit-ID: 4ACDY09nCBA
--HG--
extra : rebase_source : 072564adf1836720e147b8250afca7cebe4dbf62
2018-04-23 19:09:35 +03:00
|
|
|
if (aiaLocation.IsVoid()) {
|
2014-03-13 00:08:48 +04:00
|
|
|
if (mOCSPFetching == FetchOCSPForEV ||
|
2014-07-18 22:48:49 +04:00
|
|
|
cachedResponseResult == Result::ERROR_OCSP_UNKNOWN_CERT) {
|
|
|
|
return Result::ERROR_OCSP_UNKNOWN_CERT;
|
2014-02-24 10:15:53 +04:00
|
|
|
}
|
2014-07-18 22:48:49 +04:00
|
|
|
if (cachedResponseResult == Result::ERROR_OCSP_OLD_RESPONSE) {
|
|
|
|
return Result::ERROR_OCSP_OLD_RESPONSE;
|
2014-02-24 10:15:53 +04:00
|
|
|
}
|
2014-07-18 22:48:49 +04:00
|
|
|
if (stapledOCSPResponseResult != Success) {
|
|
|
|
return stapledOCSPResponseResult;
|
2014-06-20 20:01:57 +04:00
|
|
|
}
|
2014-02-17 05:35:40 +04:00
|
|
|
|
|
|
|
// Nothing to do if we don't have an OCSP responder URI for the cert; just
|
|
|
|
// assume it is good. Note that this is the confusing, but intended,
|
|
|
|
// interpretation of "strict" revocation checking in the face of a
|
|
|
|
// certificate that lacks an OCSP responder URI.
|
2014-07-18 22:48:49 +04:00
|
|
|
return Success;
|
2014-02-24 10:15:53 +04:00
|
|
|
}
|
2014-02-17 05:35:40 +04:00
|
|
|
|
2014-07-18 22:48:49 +04:00
|
|
|
if (cachedResponseResult == Success ||
|
|
|
|
cachedResponseResult == Result::ERROR_OCSP_UNKNOWN_CERT ||
|
|
|
|
cachedResponseResult == Result::ERROR_OCSP_OLD_RESPONSE) {
|
2019-03-08 02:28:00 +03:00
|
|
|
// Only send a request to, and process a response from, the server if we
|
2019-10-15 20:11:35 +03:00
|
|
|
// didn't have a cached indication of failure. Also, don't keep requesting
|
2019-03-08 02:28:00 +03:00
|
|
|
// responses from a failing server.
|
|
|
|
return SynchronousCheckRevocationWithServer(
|
|
|
|
certID, aiaLocation, time, maxOCSPLifetimeInDays, cachedResponseResult,
|
2019-12-11 02:32:51 +03:00
|
|
|
stapledOCSPResponseResult, crliteLookupDuration);
|
2014-02-24 10:15:53 +04:00
|
|
|
}
|
2014-02-17 05:35:40 +04:00
|
|
|
|
2019-03-08 02:28:00 +03:00
|
|
|
return HandleOCSPFailure(cachedResponseResult, stapledOCSPResponseResult,
|
|
|
|
cachedResponseResult);
|
|
|
|
}
|
|
|
|
|
|
|
|
Result NSSCertDBTrustDomain::SynchronousCheckRevocationWithServer(
|
|
|
|
const CertID& certID, const nsCString& aiaLocation, Time time,
|
|
|
|
uint16_t maxOCSPLifetimeInDays, const Result cachedResponseResult,
|
2019-12-11 02:32:51 +03:00
|
|
|
const Result stapledOCSPResponseResult,
|
|
|
|
const Maybe<TimeDuration>& crliteLookupDuration) {
|
2019-03-08 02:28:00 +03:00
|
|
|
uint8_t ocspRequestBytes[OCSP_REQUEST_MAX_LENGTH];
|
|
|
|
size_t ocspRequestLength;
|
|
|
|
|
|
|
|
Result rv = CreateEncodedOCSPRequest(*this, certID, ocspRequestBytes,
|
|
|
|
ocspRequestLength);
|
|
|
|
if (rv != Success) {
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
|
|
|
Vector<uint8_t> ocspResponse;
|
|
|
|
Input response;
|
2019-12-11 02:32:51 +03:00
|
|
|
TimeStamp ocspRequestBefore = TimeStamp::Now();
|
2019-03-08 02:28:00 +03:00
|
|
|
rv = DoOCSPRequest(aiaLocation, mOriginAttributes, ocspRequestBytes,
|
|
|
|
ocspRequestLength, GetOCSPTimeout(), ocspResponse);
|
2019-12-11 02:32:51 +03:00
|
|
|
TimeDuration ocspRequestDuration = TimeStamp::Now() - ocspRequestBefore;
|
|
|
|
if (mCRLiteMode != CRLiteMode::Disabled && crliteLookupDuration.isSome() &&
|
|
|
|
mCRLiteTelemetryInfo) {
|
|
|
|
if (*crliteLookupDuration < ocspRequestDuration) {
|
|
|
|
mCRLiteTelemetryInfo->mCRLiteFasterThanOCSPMillis.emplace(
|
|
|
|
(ocspRequestDuration - *crliteLookupDuration).ToMilliseconds());
|
|
|
|
} else {
|
|
|
|
mCRLiteTelemetryInfo->mOCSPFasterThanCRLiteMillis.emplace(
|
|
|
|
(*crliteLookupDuration - ocspRequestDuration).ToMilliseconds());
|
|
|
|
}
|
|
|
|
}
|
2019-03-08 02:28:00 +03:00
|
|
|
if (rv == Success &&
|
|
|
|
response.Init(ocspResponse.begin(), ocspResponse.length()) != Success) {
|
|
|
|
rv = Result::ERROR_OCSP_MALFORMED_RESPONSE; // too big
|
|
|
|
}
|
|
|
|
|
|
|
|
if (rv != Success) {
|
|
|
|
Time timeout(time);
|
|
|
|
if (timeout.AddSeconds(ServerFailureDelaySeconds) != Success) {
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE; // integer overflow
|
2014-03-13 00:08:48 +04:00
|
|
|
}
|
2019-03-08 02:28:00 +03:00
|
|
|
|
|
|
|
Result cacheRV =
|
|
|
|
mOCSPCache.Put(certID, mOriginAttributes, rv, time, timeout);
|
|
|
|
if (cacheRV != Success) {
|
|
|
|
return cacheRV;
|
2014-06-06 20:20:50 +04:00
|
|
|
}
|
2014-02-17 05:35:40 +04:00
|
|
|
|
2019-03-08 02:28:00 +03:00
|
|
|
return HandleOCSPFailure(cachedResponseResult, stapledOCSPResponseResult,
|
|
|
|
rv);
|
2014-02-24 10:15:53 +04:00
|
|
|
}
|
|
|
|
|
2014-06-20 20:01:57 +04:00
|
|
|
// If the response from the network has expired but indicates a revoked
|
|
|
|
// or unknown certificate, PR_GetError() will return the appropriate error.
|
|
|
|
// We actually ignore expired here.
|
|
|
|
bool expired;
|
2014-07-18 22:48:49 +04:00
|
|
|
rv = VerifyAndMaybeCacheEncodedOCSPResponse(certID, time,
|
|
|
|
maxOCSPLifetimeInDays, response,
|
2014-07-19 09:30:51 +04:00
|
|
|
ResponseIsFromNetwork, expired);
|
2014-07-18 22:48:49 +04:00
|
|
|
if (rv == Success || mOCSPFetching != FetchOCSPForDVSoftFail) {
|
2019-03-08 02:28:00 +03:00
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
|
|
|
("NSSCertDBTrustDomain: returning after "
|
|
|
|
"VerifyEncodedOCSPResponse"));
|
2014-02-24 10:15:53 +04:00
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
2014-07-18 22:48:49 +04:00
|
|
|
if (rv == Result::ERROR_OCSP_UNKNOWN_CERT ||
|
|
|
|
rv == Result::ERROR_REVOKED_CERTIFICATE) {
|
2014-02-24 10:15:53 +04:00
|
|
|
return rv;
|
2014-02-17 05:35:40 +04:00
|
|
|
}
|
2019-03-08 02:28:00 +03:00
|
|
|
|
2014-07-18 22:48:49 +04:00
|
|
|
if (stapledOCSPResponseResult != Success) {
|
2015-06-04 01:25:57 +03:00
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
2017-11-09 02:50:26 +03:00
|
|
|
("NSSCertDBTrustDomain: returning SECFailure from expired/invalid "
|
|
|
|
"stapled response after OCSP request verification failure"));
|
2014-07-18 22:48:49 +04:00
|
|
|
return stapledOCSPResponseResult;
|
2014-06-06 20:20:50 +04:00
|
|
|
}
|
|
|
|
|
2015-06-04 01:25:57 +03:00
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
2014-02-17 05:35:40 +04:00
|
|
|
("NSSCertDBTrustDomain: end of CheckRevocation"));
|
|
|
|
|
2014-07-18 22:48:49 +04:00
|
|
|
return Success; // Soft fail -> success :(
|
2014-02-17 05:35:40 +04:00
|
|
|
}
|
|
|
|
|
2019-03-08 02:28:00 +03:00
|
|
|
Result NSSCertDBTrustDomain::HandleOCSPFailure(
|
|
|
|
const Result cachedResponseResult, const Result stapledOCSPResponseResult,
|
|
|
|
const Result error) {
|
|
|
|
if (mOCSPFetching != FetchOCSPForDVSoftFail) {
|
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
|
|
|
("NSSCertDBTrustDomain: returning SECFailure after OCSP request "
|
|
|
|
"failure"));
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (cachedResponseResult == Result::ERROR_OCSP_UNKNOWN_CERT) {
|
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
|
|
|
("NSSCertDBTrustDomain: returning SECFailure from cached response "
|
|
|
|
"after OCSP request failure"));
|
|
|
|
return cachedResponseResult;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (stapledOCSPResponseResult != Success) {
|
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
|
|
|
("NSSCertDBTrustDomain: returning SECFailure from expired/invalid "
|
|
|
|
"stapled response after OCSP request failure"));
|
|
|
|
return stapledOCSPResponseResult;
|
|
|
|
}
|
|
|
|
|
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
|
|
|
("NSSCertDBTrustDomain: returning SECSuccess after OCSP request "
|
|
|
|
"failure"));
|
|
|
|
return Success; // Soft fail -> success :(
|
|
|
|
}
|
|
|
|
|
2014-03-13 00:08:48 +04:00
|
|
|
Result NSSCertDBTrustDomain::VerifyAndMaybeCacheEncodedOCSPResponse(
|
2014-08-02 19:49:12 +04:00
|
|
|
const CertID& certID, Time time, uint16_t maxLifetimeInDays,
|
2014-07-31 23:17:31 +04:00
|
|
|
Input encodedResponse, EncodedResponseSource responseSource,
|
2014-06-20 21:10:51 +04:00
|
|
|
/*out*/ bool& expired) {
|
2014-08-02 19:49:12 +04:00
|
|
|
Time thisUpdate(Time::uninitialized);
|
|
|
|
Time validThrough(Time::uninitialized);
|
2015-07-17 19:07:48 +03:00
|
|
|
|
|
|
|
// We use a try and fallback approach which first mandates good signature
|
|
|
|
// digest algorithms, then falls back to SHA-1 if this fails. If a delegated
|
|
|
|
// OCSP response signing certificate was issued with a SHA-1 signature,
|
|
|
|
// verification initially fails. We cache the failure and then re-use that
|
|
|
|
// result even when doing fallback (i.e. when weak signature digest algorithms
|
|
|
|
// should succeed). To address this we use an OCSPVerificationTrustDomain
|
|
|
|
// here, rather than using *this, to ensure verification succeeds for all
|
|
|
|
// allowed signature digest algorithms.
|
|
|
|
OCSPVerificationTrustDomain trustDomain(*this);
|
|
|
|
Result rv = VerifyEncodedOCSPResponse(trustDomain, certID, time,
|
2014-07-18 22:48:49 +04:00
|
|
|
maxLifetimeInDays, encodedResponse,
|
|
|
|
expired, &thisUpdate, &validThrough);
|
2014-06-20 20:01:57 +04:00
|
|
|
// If a response was stapled and expired, we don't want to cache it. Return
|
|
|
|
// early to simplify the logic here.
|
|
|
|
if (responseSource == ResponseWasStapled && expired) {
|
2017-01-02 09:11:30 +03:00
|
|
|
MOZ_ASSERT(rv != Success);
|
2014-06-20 20:01:57 +04:00
|
|
|
return rv;
|
|
|
|
}
|
2014-04-29 03:38:15 +04:00
|
|
|
// validThrough is only trustworthy if the response successfully verifies
|
|
|
|
// or it indicates a revoked or unknown certificate.
|
|
|
|
// If this isn't the case, store an indication of failure (to prevent
|
|
|
|
// repeatedly requesting a response from a failing server).
|
2014-07-18 22:48:49 +04:00
|
|
|
if (rv != Success && rv != Result::ERROR_REVOKED_CERTIFICATE &&
|
|
|
|
rv != Result::ERROR_OCSP_UNKNOWN_CERT) {
|
2014-08-02 19:49:12 +04:00
|
|
|
validThrough = time;
|
|
|
|
if (validThrough.AddSeconds(ServerFailureDelaySeconds) != Success) {
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE; // integer overflow
|
|
|
|
}
|
2014-04-29 03:38:15 +04:00
|
|
|
}
|
|
|
|
if (responseSource == ResponseIsFromNetwork || rv == Success ||
|
2014-07-18 22:48:49 +04:00
|
|
|
rv == Result::ERROR_REVOKED_CERTIFICATE ||
|
|
|
|
rv == Result::ERROR_OCSP_UNKNOWN_CERT) {
|
2015-06-04 01:25:57 +03:00
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
2014-03-13 00:08:48 +04:00
|
|
|
("NSSCertDBTrustDomain: caching OCSP response"));
|
2016-11-14 13:26:15 +03:00
|
|
|
Result putRV =
|
|
|
|
mOCSPCache.Put(certID, mOriginAttributes, rv, thisUpdate, validThrough);
|
2014-07-18 22:48:49 +04:00
|
|
|
if (putRV != Success) {
|
|
|
|
return putRV;
|
2014-03-13 00:08:48 +04:00
|
|
|
}
|
2014-04-29 03:38:15 +04:00
|
|
|
}
|
|
|
|
|
2014-03-13 00:08:48 +04:00
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
2016-10-13 03:02:33 +03:00
|
|
|
// If a certificate in the given chain appears to have been issued by one of
|
|
|
|
// seven roots operated by StartCom and WoSign that are not trusted to issue new
|
|
|
|
// certificates, verify that the end-entity has a notBefore date before 21
|
|
|
|
// October 2016. If the value of notBefore is after this time, the chain is not
|
|
|
|
// valid.
|
|
|
|
// (NB: While there are seven distinct roots being checked for, two of them
|
|
|
|
// share distinguished names, resulting in six distinct distinguished names to
|
|
|
|
// actually look for.)
|
|
|
|
static Result CheckForStartComOrWoSign(const UniqueCERTCertList& certChain) {
|
|
|
|
if (CERT_LIST_EMPTY(certChain)) {
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
|
|
|
}
|
|
|
|
const CERTCertListNode* endEntityNode = CERT_LIST_HEAD(certChain);
|
|
|
|
if (!endEntityNode || !endEntityNode->cert) {
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
|
|
|
}
|
|
|
|
PRTime notBefore;
|
|
|
|
PRTime notAfter;
|
|
|
|
if (CERT_GetCertTimes(endEntityNode->cert, ¬Before, ¬After) !=
|
|
|
|
SECSuccess) {
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
|
|
|
}
|
|
|
|
// PRTime is microseconds since the epoch, whereas JS time is milliseconds.
|
|
|
|
// (new Date("2016-10-21T00:00:00Z")).getTime() * 1000
|
|
|
|
static const PRTime OCTOBER_21_2016 = 1477008000000000;
|
|
|
|
if (notBefore <= OCTOBER_21_2016) {
|
|
|
|
return Success;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (const CERTCertListNode* node = CERT_LIST_HEAD(certChain);
|
|
|
|
!CERT_LIST_END(node, certChain); node = CERT_LIST_NEXT(node)) {
|
|
|
|
if (!node || !node->cert) {
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
|
|
|
}
|
2017-10-17 09:17:52 +03:00
|
|
|
if (CertDNIsInList(node->cert, StartComAndWoSignDNs)) {
|
2016-10-13 03:02:33 +03:00
|
|
|
return Result::ERROR_REVOKED_CERTIFICATE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return Success;
|
|
|
|
}
|
|
|
|
|
2017-04-04 03:17:38 +03:00
|
|
|
Result NSSCertDBTrustDomain::IsChainValid(const DERArray& certArray, Time time,
|
|
|
|
const CertPolicyId& requiredPolicy) {
|
2015-06-04 01:25:57 +03:00
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
2014-09-25 22:18:56 +04:00
|
|
|
("NSSCertDBTrustDomain: IsChainValid"));
|
2014-07-07 02:55:38 +04:00
|
|
|
|
2016-05-06 00:56:36 +03:00
|
|
|
UniqueCERTCertList certList;
|
2014-07-18 22:48:49 +04:00
|
|
|
SECStatus srv =
|
|
|
|
ConstructCERTCertListFromReversedDERArray(certArray, certList);
|
|
|
|
if (srv != SECSuccess) {
|
|
|
|
return MapPRErrorCodeToResult(PR_GetError());
|
2014-02-06 02:49:10 +04:00
|
|
|
}
|
2015-05-07 21:06:07 +03:00
|
|
|
if (CERT_LIST_EMPTY(certList)) {
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
|
|
|
}
|
2014-07-07 02:55:38 +04:00
|
|
|
|
2016-10-13 03:02:33 +03:00
|
|
|
Result rv = CheckForStartComOrWoSign(certList);
|
|
|
|
if (rv != Success) {
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
2018-02-01 02:02:00 +03:00
|
|
|
// Modernization in-progress: Keep certList as a CERTCertList for storage into
|
2019-11-01 02:56:32 +03:00
|
|
|
// the mBuiltChain variable at the end.
|
|
|
|
nsTArray<RefPtr<nsIX509Cert>> nssCertList;
|
|
|
|
nsresult nsrv = nsNSSCertificateDB::ConstructCertArrayFromUniqueCertList(
|
|
|
|
certList, nssCertList);
|
|
|
|
|
|
|
|
if (NS_FAILED(nsrv)) {
|
2015-04-08 03:29:05 +03:00
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
|
|
|
}
|
2018-02-01 02:02:00 +03:00
|
|
|
nsCOMPtr<nsIX509Cert> rootCert;
|
2019-11-01 02:56:32 +03:00
|
|
|
nsrv = nsNSSCertificate::GetRootCertificate(nssCertList, rootCert);
|
2018-02-01 02:02:00 +03:00
|
|
|
if (NS_FAILED(nsrv)) {
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
|
|
|
}
|
|
|
|
UniqueCERTCertificate root(rootCert->GetCert());
|
2015-04-08 03:29:05 +03:00
|
|
|
if (!root) {
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
|
|
|
}
|
2015-05-07 21:06:07 +03:00
|
|
|
bool isBuiltInRoot = false;
|
2018-02-01 02:02:00 +03:00
|
|
|
nsrv = rootCert->GetIsBuiltInRoot(&isBuiltInRoot);
|
|
|
|
if (NS_FAILED(nsrv)) {
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
2015-05-07 21:06:07 +03:00
|
|
|
}
|
|
|
|
bool skipPinningChecksBecauseOfMITMMode =
|
|
|
|
(!isBuiltInRoot && mPinningMode == CertVerifier::pinningAllowUserCAMITM);
|
|
|
|
// If mHostname isn't set, we're not verifying in the context of a TLS
|
|
|
|
// handshake, so don't verify HPKP in those cases.
|
|
|
|
if (mHostname && (mPinningMode != CertVerifier::pinningDisabled) &&
|
|
|
|
!skipPinningChecksBecauseOfMITMMode) {
|
|
|
|
bool enforceTestMode =
|
|
|
|
(mPinningMode == CertVerifier::pinningEnforceTestMode);
|
|
|
|
bool chainHasValidPins;
|
2018-02-01 02:02:00 +03:00
|
|
|
nsrv = PublicKeyPinningService::ChainHasValidPins(
|
2018-02-01 04:50:29 +03:00
|
|
|
nssCertList, mHostname, time, enforceTestMode, mOriginAttributes,
|
2017-02-14 05:29:10 +03:00
|
|
|
chainHasValidPins, mPinningTelemetryInfo);
|
2015-05-07 21:06:07 +03:00
|
|
|
if (NS_FAILED(nsrv)) {
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
|
|
|
}
|
|
|
|
if (!chainHasValidPins) {
|
|
|
|
return Result::ERROR_KEY_PINNING_FAILURE;
|
|
|
|
}
|
2014-02-06 02:49:10 +04:00
|
|
|
}
|
2014-07-07 02:55:38 +04:00
|
|
|
|
2018-02-21 22:08:18 +03:00
|
|
|
// See bug 1434300. If the root is a Symantec root, see if we distrust this
|
|
|
|
// path. Since we already have the root available, we can check that cheaply
|
|
|
|
// here before proceeding with the rest of the algorithm.
|
|
|
|
|
|
|
|
// This algorithm only applies if we are verifying in the context of a TLS
|
|
|
|
// handshake. To determine this, we check mHostname: If it isn't set, this is
|
|
|
|
// not TLS, so don't run the algorithm.
|
2018-02-28 02:04:51 +03:00
|
|
|
if (mHostname && CertDNIsInList(root.get(), RootSymantecDNs) &&
|
2018-05-08 01:46:22 +03:00
|
|
|
((mDistrustedCAPolicy & DistrustedCAPolicy::DistrustSymantecRoots) ||
|
|
|
|
(mDistrustedCAPolicy &
|
|
|
|
DistrustedCAPolicy::DistrustSymantecRootsRegardlessOfDate))) {
|
2018-02-21 22:08:18 +03:00
|
|
|
rootCert = nullptr; // Clear the state for Segment...
|
2019-11-01 02:56:32 +03:00
|
|
|
nsTArray<RefPtr<nsIX509Cert>> intCerts;
|
2018-02-21 22:08:18 +03:00
|
|
|
nsCOMPtr<nsIX509Cert> eeCert;
|
|
|
|
|
2019-11-01 02:56:32 +03:00
|
|
|
nsrv = nsNSSCertificate::SegmentCertificateChain(nssCertList, rootCert,
|
|
|
|
intCerts, eeCert);
|
2018-02-21 22:08:18 +03:00
|
|
|
if (NS_FAILED(nsrv)) {
|
|
|
|
// This chain is supposed to be complete, so this is an error.
|
2019-03-18 23:01:02 +03:00
|
|
|
return Result::ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED;
|
2018-02-21 22:08:18 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
// PRTime is microseconds since the epoch, whereas JS time is milliseconds.
|
|
|
|
// (new Date("2016-06-01T00:00:00Z")).getTime() * 1000
|
|
|
|
static const PRTime JUNE_1_2016 = 1464739200000000;
|
|
|
|
|
2018-05-08 01:46:22 +03:00
|
|
|
PRTime permitAfterDate = JUNE_1_2016;
|
|
|
|
if (mDistrustedCAPolicy &
|
|
|
|
DistrustedCAPolicy::DistrustSymantecRootsRegardlessOfDate) {
|
|
|
|
permitAfterDate = 0; // 0 indicates there is no permitAfterDate
|
2018-05-04 19:34:45 +03:00
|
|
|
}
|
|
|
|
|
2018-02-21 22:08:18 +03:00
|
|
|
bool isDistrusted = false;
|
2018-05-04 19:34:45 +03:00
|
|
|
nsrv = CheckForSymantecDistrust(intCerts, eeCert, permitAfterDate,
|
2018-02-21 22:08:47 +03:00
|
|
|
RootAppleAndGoogleSPKIs, isDistrusted);
|
2018-02-21 22:08:18 +03:00
|
|
|
if (NS_FAILED(nsrv)) {
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
|
|
|
}
|
|
|
|
if (isDistrusted) {
|
2018-03-15 00:01:35 +03:00
|
|
|
mSawDistrustedCAByPolicyError = true;
|
2018-02-27 22:21:51 +03:00
|
|
|
return Result::ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED;
|
2018-02-21 22:08:18 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-05-30 22:15:35 +03:00
|
|
|
mBuiltChain = std::move(certList);
|
2014-07-07 02:55:38 +04:00
|
|
|
|
2014-07-18 22:48:49 +04:00
|
|
|
return Success;
|
2014-02-06 02:49:10 +04:00
|
|
|
}
|
|
|
|
|
2015-07-09 09:22:29 +03:00
|
|
|
Result NSSCertDBTrustDomain::CheckSignatureDigestAlgorithm(
|
2015-09-11 21:52:30 +03:00
|
|
|
DigestAlgorithm aAlg, EndEntityOrCA endEntityOrCA, Time notBefore) {
|
|
|
|
// (new Date("2016-01-01T00:00:00Z")).getTime() / 1000
|
|
|
|
static const Time JANUARY_FIRST_2016 = TimeFromEpochInSeconds(1451606400);
|
|
|
|
|
2015-07-09 09:22:29 +03:00
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
|
|
|
("NSSCertDBTrustDomain: CheckSignatureDigestAlgorithm"));
|
|
|
|
if (aAlg == DigestAlgorithm::sha1) {
|
2015-09-11 21:52:30 +03:00
|
|
|
switch (mSHA1Mode) {
|
|
|
|
case CertVerifier::SHA1Mode::Forbidden:
|
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
|
|
|
("SHA-1 certificate rejected"));
|
|
|
|
return Result::ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED;
|
2016-09-15 01:11:15 +03:00
|
|
|
case CertVerifier::SHA1Mode::ImportedRootOrBefore2016:
|
2015-09-11 21:52:30 +03:00
|
|
|
if (JANUARY_FIRST_2016 <= notBefore) {
|
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
|
|
|
("Post-2015 SHA-1 certificate rejected"));
|
|
|
|
return Result::ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case CertVerifier::SHA1Mode::Allowed:
|
2016-01-13 23:50:42 +03:00
|
|
|
// Enforcing that the resulting chain uses an imported root is only
|
|
|
|
// possible at a higher level. This is done in CertVerifier::VerifyCert.
|
|
|
|
case CertVerifier::SHA1Mode::ImportedRoot:
|
2015-09-11 21:52:30 +03:00
|
|
|
default:
|
|
|
|
break;
|
2016-09-15 01:11:15 +03:00
|
|
|
// MSVC warns unless we explicitly handle this now-unused option.
|
|
|
|
case CertVerifier::SHA1Mode::UsedToBeBefore2016ButNowIsForbidden:
|
|
|
|
MOZ_ASSERT_UNREACHABLE("unexpected SHA1Mode type");
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
2015-09-11 21:52:30 +03:00
|
|
|
}
|
2015-07-09 09:22:29 +03:00
|
|
|
}
|
2016-01-13 23:50:42 +03:00
|
|
|
|
2015-02-15 03:59:02 +03:00
|
|
|
return Success;
|
|
|
|
}
|
|
|
|
|
2015-02-03 03:17:08 +03:00
|
|
|
Result NSSCertDBTrustDomain::CheckRSAPublicKeyModulusSizeInBits(
|
|
|
|
EndEntityOrCA /*endEntityOrCA*/, unsigned int modulusSizeInBits) {
|
2015-03-05 18:41:00 +03:00
|
|
|
if (modulusSizeInBits < mMinRSABits) {
|
2015-02-03 03:17:08 +03:00
|
|
|
return Result::ERROR_INADEQUATE_KEY_SIZE;
|
|
|
|
}
|
|
|
|
return Success;
|
|
|
|
}
|
|
|
|
|
2015-02-07 23:14:31 +03:00
|
|
|
Result NSSCertDBTrustDomain::VerifyRSAPKCS1SignedDigest(
|
|
|
|
const SignedDigest& signedDigest, Input subjectPublicKeyInfo) {
|
|
|
|
return VerifyRSAPKCS1SignedDigestNSS(signedDigest, subjectPublicKeyInfo,
|
|
|
|
mPinArg);
|
|
|
|
}
|
|
|
|
|
2015-02-03 03:17:08 +03:00
|
|
|
Result NSSCertDBTrustDomain::CheckECDSACurveIsAcceptable(
|
|
|
|
EndEntityOrCA /*endEntityOrCA*/, NamedCurve curve) {
|
|
|
|
switch (curve) {
|
|
|
|
case NamedCurve::secp256r1: // fall through
|
|
|
|
case NamedCurve::secp384r1: // fall through
|
|
|
|
case NamedCurve::secp521r1:
|
|
|
|
return Success;
|
|
|
|
}
|
|
|
|
|
|
|
|
return Result::ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
|
2014-07-16 03:49:00 +04:00
|
|
|
}
|
|
|
|
|
2015-02-07 23:14:31 +03:00
|
|
|
Result NSSCertDBTrustDomain::VerifyECDSASignedDigest(
|
|
|
|
const SignedDigest& signedDigest, Input subjectPublicKeyInfo) {
|
|
|
|
return VerifyECDSASignedDigestNSS(signedDigest, subjectPublicKeyInfo,
|
|
|
|
mPinArg);
|
|
|
|
}
|
|
|
|
|
2015-06-29 23:19:00 +03:00
|
|
|
Result NSSCertDBTrustDomain::CheckValidityIsAcceptable(
|
|
|
|
Time notBefore, Time notAfter, EndEntityOrCA endEntityOrCA,
|
|
|
|
KeyPurposeId keyPurpose) {
|
|
|
|
if (endEntityOrCA != EndEntityOrCA::MustBeEndEntity) {
|
|
|
|
return Success;
|
|
|
|
}
|
|
|
|
if (keyPurpose == KeyPurposeId::id_kp_OCSPSigning) {
|
|
|
|
return Success;
|
|
|
|
}
|
|
|
|
|
2015-11-13 09:42:00 +03:00
|
|
|
Duration DURATION_27_MONTHS_PLUS_SLOP((2 * 365 + 3 * 31 + 7) *
|
|
|
|
Time::ONE_DAY_IN_SECONDS);
|
2015-06-29 23:19:00 +03:00
|
|
|
Duration maxValidityDuration(UINT64_MAX);
|
|
|
|
Duration validityDuration(notBefore, notAfter);
|
|
|
|
|
|
|
|
switch (mValidityCheckingMode) {
|
|
|
|
case ValidityCheckingMode::CheckingOff:
|
|
|
|
return Success;
|
|
|
|
case ValidityCheckingMode::CheckForEV:
|
2015-11-13 09:42:00 +03:00
|
|
|
// The EV Guidelines say the maximum is 27 months, but we use a slightly
|
|
|
|
// higher limit here to (hopefully) minimize compatibility breakage.
|
|
|
|
maxValidityDuration = DURATION_27_MONTHS_PLUS_SLOP;
|
2015-06-29 23:19:00 +03:00
|
|
|
break;
|
|
|
|
default:
|
2017-01-14 08:12:43 +03:00
|
|
|
MOZ_ASSERT_UNREACHABLE(
|
|
|
|
"We're not handling every ValidityCheckingMode type");
|
2015-06-29 23:19:00 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
if (validityDuration > maxValidityDuration) {
|
|
|
|
return Result::ERROR_VALIDITY_TOO_LONG;
|
|
|
|
}
|
|
|
|
|
|
|
|
return Success;
|
|
|
|
}
|
|
|
|
|
2016-05-06 02:11:11 +03:00
|
|
|
Result NSSCertDBTrustDomain::NetscapeStepUpMatchesServerAuth(
|
|
|
|
Time notBefore,
|
|
|
|
/*out*/ bool& matches) {
|
|
|
|
// (new Date("2015-08-23T00:00:00Z")).getTime() / 1000
|
|
|
|
static const Time AUGUST_23_2015 = TimeFromEpochInSeconds(1440288000);
|
|
|
|
// (new Date("2016-08-23T00:00:00Z")).getTime() / 1000
|
|
|
|
static const Time AUGUST_23_2016 = TimeFromEpochInSeconds(1471910400);
|
|
|
|
|
|
|
|
switch (mNetscapeStepUpPolicy) {
|
|
|
|
case NetscapeStepUpPolicy::AlwaysMatch:
|
|
|
|
matches = true;
|
|
|
|
return Success;
|
|
|
|
case NetscapeStepUpPolicy::MatchBefore23August2016:
|
|
|
|
matches = notBefore < AUGUST_23_2016;
|
|
|
|
return Success;
|
|
|
|
case NetscapeStepUpPolicy::MatchBefore23August2015:
|
|
|
|
matches = notBefore < AUGUST_23_2015;
|
|
|
|
return Success;
|
|
|
|
case NetscapeStepUpPolicy::NeverMatch:
|
|
|
|
matches = false;
|
|
|
|
return Success;
|
|
|
|
default:
|
|
|
|
MOZ_ASSERT_UNREACHABLE("unhandled NetscapeStepUpPolicy type");
|
|
|
|
}
|
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
|
|
|
}
|
|
|
|
|
2016-08-11 13:41:50 +03:00
|
|
|
void NSSCertDBTrustDomain::ResetAccumulatedState() {
|
|
|
|
mOCSPStaplingStatus = CertVerifier::OCSP_STAPLING_NEVER_CHECKED;
|
|
|
|
mSCTListFromOCSPStapling = nullptr;
|
|
|
|
mSCTListFromCertificate = nullptr;
|
2018-03-15 00:01:35 +03:00
|
|
|
mSawDistrustedCAByPolicyError = false;
|
2016-08-11 13:41:50 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
static Input SECItemToInput(const UniqueSECItem& item) {
|
|
|
|
Input result;
|
|
|
|
if (item) {
|
|
|
|
MOZ_ASSERT(item->type == siBuffer);
|
|
|
|
Result rv = result.Init(item->data, item->len);
|
|
|
|
// As used here, |item| originally comes from an Input,
|
|
|
|
// so there should be no issues converting it back.
|
|
|
|
MOZ_ASSERT(rv == Success);
|
|
|
|
Unused << rv; // suppresses warnings in release builds
|
|
|
|
}
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
|
|
|
Input NSSCertDBTrustDomain::GetSCTListFromCertificate() const {
|
|
|
|
return SECItemToInput(mSCTListFromCertificate);
|
|
|
|
}
|
|
|
|
|
|
|
|
Input NSSCertDBTrustDomain::GetSCTListFromOCSPStapling() const {
|
|
|
|
return SECItemToInput(mSCTListFromOCSPStapling);
|
|
|
|
}
|
|
|
|
|
2018-03-15 00:01:35 +03:00
|
|
|
bool NSSCertDBTrustDomain::GetIsErrorDueToDistrustedCAPolicy() const {
|
|
|
|
return mSawDistrustedCAByPolicyError;
|
|
|
|
}
|
|
|
|
|
2016-08-11 13:41:50 +03:00
|
|
|
void NSSCertDBTrustDomain::NoteAuxiliaryExtension(AuxiliaryExtension extension,
|
|
|
|
Input extensionData) {
|
|
|
|
UniqueSECItem* out = nullptr;
|
|
|
|
switch (extension) {
|
|
|
|
case AuxiliaryExtension::EmbeddedSCTList:
|
|
|
|
out = &mSCTListFromCertificate;
|
|
|
|
break;
|
|
|
|
case AuxiliaryExtension::SCTListFromOCSPResponse:
|
|
|
|
out = &mSCTListFromOCSPStapling;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
MOZ_ASSERT_UNREACHABLE("unhandled AuxiliaryExtension");
|
|
|
|
}
|
|
|
|
if (out) {
|
|
|
|
SECItem extensionDataItem = UnsafeMapInputToSECItem(extensionData);
|
|
|
|
out->reset(SECITEM_DupItem(&extensionDataItem));
|
|
|
|
}
|
2016-06-15 11:11:00 +03:00
|
|
|
}
|
|
|
|
|
2019-08-02 20:51:22 +03:00
|
|
|
SECStatus InitializeNSS(const nsACString& dir, NSSDBConfig nssDbConfig,
|
|
|
|
PKCS11DBConfig pkcs11DbConfig) {
|
2017-09-07 00:31:27 +03:00
|
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
|
|
|
2014-01-21 10:10:33 +04:00
|
|
|
// The NSS_INIT_NOROOTINIT flag turns off the loading of the root certs
|
2019-11-14 00:19:57 +03:00
|
|
|
// module by NSS_Initialize because we will load it in LoadLoadableRoots
|
2014-01-21 10:10:33 +04:00
|
|
|
// later. It also allows us to work around a bug in the system NSS in
|
|
|
|
// Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as
|
|
|
|
// "/usr/lib/nss/libnssckbi.so".
|
|
|
|
uint32_t flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE;
|
2019-08-02 20:51:22 +03:00
|
|
|
if (nssDbConfig == NSSDBConfig::ReadOnly) {
|
2014-01-21 10:10:33 +04:00
|
|
|
flags |= NSS_INIT_READONLY;
|
|
|
|
}
|
2019-08-02 20:51:22 +03:00
|
|
|
if (pkcs11DbConfig == PKCS11DBConfig::DoNotLoadModules) {
|
2015-10-30 20:37:22 +03:00
|
|
|
flags |= NSS_INIT_NOMODDB;
|
|
|
|
}
|
2017-11-16 02:24:58 +03:00
|
|
|
nsAutoCString dbTypeAndDirectory("sql:");
|
2017-09-07 00:31:27 +03:00
|
|
|
dbTypeAndDirectory.Append(dir);
|
2017-04-20 20:31:22 +03:00
|
|
|
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
2019-08-02 20:51:22 +03:00
|
|
|
("InitializeNSS(%s, %d, %d)", dbTypeAndDirectory.get(),
|
|
|
|
(int)nssDbConfig, (int)pkcs11DbConfig));
|
2017-09-07 00:31:27 +03:00
|
|
|
SECStatus srv =
|
|
|
|
NSS_Initialize(dbTypeAndDirectory.get(), "", "", SECMOD_DB, flags);
|
2017-07-19 01:05:58 +03:00
|
|
|
if (srv != SECSuccess) {
|
|
|
|
return srv;
|
|
|
|
}
|
|
|
|
|
2019-08-02 20:51:22 +03:00
|
|
|
if (nssDbConfig == NSSDBConfig::ReadWrite) {
|
2017-07-19 01:05:58 +03:00
|
|
|
UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
|
|
|
|
if (!slot) {
|
|
|
|
return SECFailure;
|
|
|
|
}
|
|
|
|
// If the key DB doesn't have a password set, PK11_NeedUserInit will return
|
|
|
|
// true. For the SQL DB, we need to set a password or we won't be able to
|
|
|
|
// import any certificates or change trust settings.
|
|
|
|
if (PK11_NeedUserInit(slot.get())) {
|
|
|
|
srv = PK11_InitPin(slot.get(), nullptr, nullptr);
|
|
|
|
MOZ_ASSERT(srv == SECSuccess);
|
|
|
|
Unused << srv;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return SECSuccess;
|
2014-01-21 10:10:33 +04:00
|
|
|
}
|
|
|
|
|
2014-01-20 13:30:25 +04:00
|
|
|
void DisableMD5() {
|
|
|
|
NSS_SetAlgorithmPolicy(
|
|
|
|
SEC_OID_MD5, 0,
|
|
|
|
NSS_USE_ALG_IN_CERT_SIGNATURE | NSS_USE_ALG_IN_CMS_SIGNATURE);
|
|
|
|
NSS_SetAlgorithmPolicy(
|
|
|
|
SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, 0,
|
|
|
|
NSS_USE_ALG_IN_CERT_SIGNATURE | NSS_USE_ALG_IN_CMS_SIGNATURE);
|
|
|
|
NSS_SetAlgorithmPolicy(
|
|
|
|
SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC, 0,
|
|
|
|
NSS_USE_ALG_IN_CERT_SIGNATURE | NSS_USE_ALG_IN_CMS_SIGNATURE);
|
|
|
|
}
|
|
|
|
|
2019-11-14 00:19:57 +03:00
|
|
|
bool LoadUserModuleAt(const char* moduleName, const char* libraryName,
|
|
|
|
const nsCString& dir) {
|
2016-12-14 15:10:25 +03:00
|
|
|
// If a module exists with the same name, make a best effort attempt to delete
|
|
|
|
// it. Note that it isn't possible to delete the internal module, so checking
|
|
|
|
// the return value would be detrimental in that case.
|
|
|
|
int unusedModType;
|
2019-11-14 00:19:57 +03:00
|
|
|
Unused << SECMOD_DeleteModule(moduleName, &unusedModType);
|
2014-01-21 10:10:33 +04:00
|
|
|
|
2017-06-09 02:10:00 +03:00
|
|
|
nsAutoCString fullLibraryPath;
|
|
|
|
if (!dir.IsEmpty()) {
|
|
|
|
fullLibraryPath.Assign(dir);
|
|
|
|
fullLibraryPath.AppendLiteral(FILE_PATH_SEPARATOR);
|
2014-01-21 10:10:33 +04:00
|
|
|
}
|
2019-11-14 00:19:57 +03:00
|
|
|
fullLibraryPath.Append(MOZ_DLL_PREFIX);
|
|
|
|
fullLibraryPath.Append(libraryName);
|
|
|
|
fullLibraryPath.Append(MOZ_DLL_SUFFIX);
|
2017-06-09 02:10:00 +03:00
|
|
|
// Escape the \ and " characters.
|
|
|
|
fullLibraryPath.ReplaceSubstring("\\", "\\\\");
|
|
|
|
fullLibraryPath.ReplaceSubstring("\"", "\\\"");
|
|
|
|
|
|
|
|
nsAutoCString pkcs11ModuleSpec("name=\"");
|
2019-11-14 00:19:57 +03:00
|
|
|
pkcs11ModuleSpec.Append(moduleName);
|
2017-06-09 02:10:00 +03:00
|
|
|
pkcs11ModuleSpec.AppendLiteral("\" library=\"");
|
|
|
|
pkcs11ModuleSpec.Append(fullLibraryPath);
|
|
|
|
pkcs11ModuleSpec.AppendLiteral("\"");
|
2014-01-21 10:10:33 +04:00
|
|
|
|
2019-11-14 00:19:57 +03:00
|
|
|
UniqueSECMODModule userModule(SECMOD_LoadUserModule(
|
2016-05-11 09:38:55 +03:00
|
|
|
const_cast<char*>(pkcs11ModuleSpec.get()), nullptr, false));
|
2019-11-14 00:19:57 +03:00
|
|
|
if (!userModule) {
|
2016-12-14 15:10:25 +03:00
|
|
|
return false;
|
2014-01-21 10:10:33 +04:00
|
|
|
}
|
|
|
|
|
2019-11-14 00:19:57 +03:00
|
|
|
if (!userModule->loaded) {
|
2016-12-14 15:10:25 +03:00
|
|
|
return false;
|
2014-01-21 10:10:33 +04:00
|
|
|
}
|
|
|
|
|
2016-12-14 15:10:25 +03:00
|
|
|
return true;
|
2014-01-21 10:10:33 +04:00
|
|
|
}
|
|
|
|
|
2019-11-14 00:19:57 +03:00
|
|
|
const char* kOSClientCertsModuleName = "OS Client Cert Module";
|
|
|
|
|
|
|
|
bool LoadOSClientCertsModule(const nsCString& dir) {
|
|
|
|
return LoadUserModuleAt(kOSClientCertsModuleName, "osclientcerts", dir);
|
|
|
|
}
|
|
|
|
|
|
|
|
bool LoadLoadableRoots(const nsCString& dir) {
|
|
|
|
// Some NSS command-line utilities will load a roots module under the name
|
|
|
|
// "Root Certs" if there happens to be a `MOZ_DLL_PREFIX "nssckbi"
|
|
|
|
// MOZ_DLL_SUFFIX` file in the directory being operated on. In some cases this
|
|
|
|
// can cause us to fail to load our roots module. In these cases, deleting the
|
|
|
|
// "Root Certs" module allows us to load the correct one. See bug 1406396.
|
|
|
|
int unusedModType;
|
|
|
|
Unused << SECMOD_DeleteModule("Root Certs", &unusedModType);
|
|
|
|
return LoadUserModuleAt(kRootModuleName, "nssckbi", dir);
|
|
|
|
}
|
2014-01-21 10:10:33 +04:00
|
|
|
|
2019-11-14 00:19:57 +03:00
|
|
|
void UnloadUserModules() {
|
|
|
|
UniqueSECMODModule rootsModule(SECMOD_FindModule(kRootModuleName));
|
2014-01-21 10:10:33 +04:00
|
|
|
if (rootsModule) {
|
|
|
|
SECMOD_UnloadUserModule(rootsModule.get());
|
|
|
|
}
|
2019-11-14 00:19:57 +03:00
|
|
|
UniqueSECMODModule osClientCertsModule(
|
|
|
|
SECMOD_FindModule(kOSClientCertsModuleName));
|
|
|
|
if (osClientCertsModule) {
|
|
|
|
SECMOD_UnloadUserModule(osClientCertsModule.get());
|
|
|
|
}
|
2014-01-21 10:10:33 +04:00
|
|
|
}
|
|
|
|
|
2016-05-11 09:38:55 +03:00
|
|
|
nsresult DefaultServerNicknameForCert(const CERTCertificate* cert,
|
|
|
|
/*out*/ nsCString& nickname) {
|
|
|
|
MOZ_ASSERT(cert);
|
|
|
|
NS_ENSURE_ARG_POINTER(cert);
|
|
|
|
|
|
|
|
UniquePORTString baseName(CERT_GetCommonName(&cert->subject));
|
|
|
|
if (!baseName) {
|
|
|
|
baseName = UniquePORTString(CERT_GetOrgUnitName(&cert->subject));
|
|
|
|
}
|
|
|
|
if (!baseName) {
|
|
|
|
baseName = UniquePORTString(CERT_GetOrgName(&cert->subject));
|
|
|
|
}
|
|
|
|
if (!baseName) {
|
|
|
|
baseName = UniquePORTString(CERT_GetLocalityName(&cert->subject));
|
|
|
|
}
|
|
|
|
if (!baseName) {
|
|
|
|
baseName = UniquePORTString(CERT_GetStateName(&cert->subject));
|
|
|
|
}
|
|
|
|
if (!baseName) {
|
|
|
|
baseName = UniquePORTString(CERT_GetCountryName(&cert->subject));
|
|
|
|
}
|
|
|
|
if (!baseName) {
|
|
|
|
return NS_ERROR_FAILURE;
|
2013-07-09 03:30:59 +04:00
|
|
|
}
|
|
|
|
|
2016-05-11 09:38:55 +03:00
|
|
|
// This function is only used in contexts where a failure to find a suitable
|
|
|
|
// nickname does not block the overall task from succeeding.
|
|
|
|
// As such, we use an arbitrary limit to prevent this nickname searching
|
|
|
|
// process from taking forever.
|
|
|
|
static const uint32_t ARBITRARY_LIMIT = 500;
|
|
|
|
for (uint32_t count = 1; count < ARBITRARY_LIMIT; count++) {
|
|
|
|
nickname = baseName.get();
|
|
|
|
if (count != 1) {
|
|
|
|
nickname.AppendPrintf(" #%u", count);
|
2013-07-09 03:30:59 +04:00
|
|
|
}
|
2016-05-11 09:38:55 +03:00
|
|
|
if (nickname.IsEmpty()) {
|
|
|
|
return NS_ERROR_FAILURE;
|
2013-07-09 03:30:59 +04:00
|
|
|
}
|
|
|
|
|
2016-05-11 09:38:55 +03:00
|
|
|
bool conflict = SEC_CertNicknameConflict(nickname.get(), &cert->derSubject,
|
|
|
|
cert->dbhandle);
|
2013-07-09 03:30:59 +04:00
|
|
|
if (!conflict) {
|
2016-05-11 09:38:55 +03:00
|
|
|
return NS_OK;
|
2013-07-09 03:30:59 +04:00
|
|
|
}
|
|
|
|
}
|
2016-05-11 09:38:55 +03:00
|
|
|
|
|
|
|
return NS_ERROR_FAILURE;
|
2013-07-09 03:30:59 +04:00
|
|
|
}
|
|
|
|
|
2019-05-03 02:02:13 +03:00
|
|
|
#ifdef MOZ_NEW_CERT_STORAGE
|
2019-09-17 23:30:15 +03:00
|
|
|
Result BuildRevocationCheckArrays(Input certDER, EndEntityOrCA endEntityOrCA,
|
|
|
|
/*out*/ nsTArray<uint8_t>& issuerBytes,
|
|
|
|
/*out*/ nsTArray<uint8_t>& serialBytes,
|
|
|
|
/*out*/ nsTArray<uint8_t>& subjectBytes,
|
|
|
|
/*out*/ nsTArray<uint8_t>& pubKeyBytes) {
|
|
|
|
BackCert cert(certDER, endEntityOrCA, nullptr);
|
|
|
|
Result rv = cert.Init();
|
|
|
|
if (rv != Success) {
|
|
|
|
return rv;
|
2019-04-06 00:19:21 +03:00
|
|
|
}
|
2019-09-17 23:30:15 +03:00
|
|
|
issuerBytes.Clear();
|
|
|
|
Input issuer(cert.GetIssuer());
|
|
|
|
issuerBytes.AppendElements(issuer.UnsafeGetData(), issuer.GetLength());
|
2019-04-06 00:19:21 +03:00
|
|
|
serialBytes.Clear();
|
2019-09-17 23:30:15 +03:00
|
|
|
Input serial(cert.GetSerialNumber());
|
|
|
|
serialBytes.AppendElements(serial.UnsafeGetData(), serial.GetLength());
|
2019-04-06 00:19:21 +03:00
|
|
|
subjectBytes.Clear();
|
2019-09-17 23:30:15 +03:00
|
|
|
Input subject(cert.GetSubject());
|
|
|
|
subjectBytes.AppendElements(subject.UnsafeGetData(), subject.GetLength());
|
2019-04-06 00:19:21 +03:00
|
|
|
pubKeyBytes.Clear();
|
2019-09-17 23:30:15 +03:00
|
|
|
Input pubKey(cert.GetSubjectPublicKeyInfo());
|
|
|
|
pubKeyBytes.AppendElements(pubKey.UnsafeGetData(), pubKey.GetLength());
|
|
|
|
|
|
|
|
return Success;
|
2018-09-21 16:10:40 +03:00
|
|
|
}
|
2019-05-03 02:02:13 +03:00
|
|
|
#else
|
2019-09-17 23:30:15 +03:00
|
|
|
Result BuildRevocationCheckStrings(Input certDER, EndEntityOrCA endEntityOrCA,
|
|
|
|
/*out*/ nsCString& encIssuer,
|
|
|
|
/*out*/ nsCString& encSerial,
|
|
|
|
/*out*/ nsCString& encSubject,
|
|
|
|
/*out*/ nsCString& encPubKey) {
|
2019-05-03 02:02:13 +03:00
|
|
|
// Convert issuer, serial, subject and pubKey data to Base64 encoded DER
|
2019-09-17 23:30:15 +03:00
|
|
|
BackCert cert(certDER, endEntityOrCA, nullptr);
|
|
|
|
Result result = cert.Init();
|
|
|
|
if (result != Success) {
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
Input issuer(cert.GetIssuer());
|
2019-05-03 02:02:13 +03:00
|
|
|
nsDependentCSubstring issuerString(
|
2019-09-17 23:30:15 +03:00
|
|
|
reinterpret_cast<const char*>(issuer.UnsafeGetData()),
|
|
|
|
issuer.GetLength());
|
|
|
|
Input serial(cert.GetSerialNumber());
|
2019-05-03 02:02:13 +03:00
|
|
|
nsDependentCSubstring serialString(
|
2019-09-17 23:30:15 +03:00
|
|
|
reinterpret_cast<const char*>(serial.UnsafeGetData()),
|
|
|
|
serial.GetLength());
|
|
|
|
Input subject(cert.GetSubject());
|
2019-05-03 02:02:13 +03:00
|
|
|
nsDependentCSubstring subjectString(
|
2019-09-17 23:30:15 +03:00
|
|
|
reinterpret_cast<const char*>(subject.UnsafeGetData()),
|
|
|
|
subject.GetLength());
|
|
|
|
Input pubKey(cert.GetSubjectPublicKeyInfo());
|
2019-05-03 02:02:13 +03:00
|
|
|
nsDependentCSubstring pubKeyString(
|
2019-09-17 23:30:15 +03:00
|
|
|
reinterpret_cast<const char*>(pubKey.UnsafeGetData()),
|
|
|
|
pubKey.GetLength());
|
2019-05-03 02:02:13 +03:00
|
|
|
|
|
|
|
nsresult rv = Base64Encode(issuerString, encIssuer);
|
|
|
|
if (NS_FAILED(rv)) {
|
2019-09-17 23:30:15 +03:00
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
2019-05-03 02:02:13 +03:00
|
|
|
}
|
|
|
|
rv = Base64Encode(serialString, encSerial);
|
|
|
|
if (NS_FAILED(rv)) {
|
2019-09-17 23:30:15 +03:00
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
2019-05-03 02:02:13 +03:00
|
|
|
}
|
|
|
|
rv = Base64Encode(subjectString, encSubject);
|
|
|
|
if (NS_FAILED(rv)) {
|
2019-09-17 23:30:15 +03:00
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
2019-05-03 02:02:13 +03:00
|
|
|
}
|
|
|
|
rv = Base64Encode(pubKeyString, encPubKey);
|
|
|
|
if (NS_FAILED(rv)) {
|
2019-09-17 23:30:15 +03:00
|
|
|
return Result::FATAL_ERROR_LIBRARY_FAILURE;
|
2019-05-03 02:02:13 +03:00
|
|
|
}
|
2019-09-17 23:30:15 +03:00
|
|
|
return Success;
|
2019-05-03 02:02:13 +03:00
|
|
|
}
|
|
|
|
#endif
|
2018-09-21 16:10:40 +03:00
|
|
|
|
2016-06-02 23:17:14 +03:00
|
|
|
/**
|
|
|
|
* Given a list of certificates representing a verified certificate path from an
|
|
|
|
* end-entity certificate to a trust anchor, imports the intermediate
|
|
|
|
* certificates into the permanent certificate database. This is an attempt to
|
|
|
|
* cope with misconfigured servers that don't include the appropriate
|
|
|
|
* intermediate certificates in the TLS handshake.
|
|
|
|
*
|
|
|
|
* @param certList the verified certificate list
|
|
|
|
*/
|
2016-05-06 00:56:36 +03:00
|
|
|
void SaveIntermediateCerts(const UniqueCERTCertList& certList) {
|
2013-07-09 03:30:59 +04:00
|
|
|
if (!certList) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2019-03-26 18:56:32 +03:00
|
|
|
UniqueCERTCertList intermediates(CERT_NewCertList());
|
|
|
|
if (!intermediates) {
|
2016-05-11 09:38:55 +03:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2013-07-09 03:30:59 +04:00
|
|
|
bool isEndEntity = true;
|
2019-03-26 18:56:32 +03:00
|
|
|
size_t numIntermediates = 0;
|
2013-07-09 03:30:59 +04:00
|
|
|
for (CERTCertListNode* node = CERT_LIST_HEAD(certList);
|
|
|
|
!CERT_LIST_END(node, certList); node = CERT_LIST_NEXT(node)) {
|
|
|
|
if (isEndEntity) {
|
|
|
|
// Skip the end-entity; we only want to store intermediates
|
|
|
|
isEndEntity = false;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (node->cert->slot) {
|
2016-10-11 20:39:00 +03:00
|
|
|
// This cert was found on a token; no need to remember it in the permanent
|
|
|
|
// database.
|
2013-07-09 03:30:59 +04:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (node->cert->isperm) {
|
|
|
|
// We don't need to remember certs already stored in perm db.
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2016-06-02 23:17:14 +03:00
|
|
|
// No need to save the trust anchor - it's either already a permanent
|
|
|
|
// certificate or it's the Microsoft Family Safety root or an enterprise
|
|
|
|
// root temporarily imported via the child mode or enterprise root features.
|
|
|
|
// We don't want to import these because they're intended to be temporary
|
|
|
|
// (and because importing them happens to reset their trust settings, which
|
|
|
|
// breaks these features).
|
|
|
|
if (node == CERT_LIST_TAIL(certList)) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2019-03-26 18:56:32 +03:00
|
|
|
UniqueCERTCertificate certHandle(CERT_DupCertificate(node->cert));
|
|
|
|
if (CERT_AddCertToListTail(intermediates.get(), certHandle.get()) !=
|
|
|
|
SECSuccess) {
|
|
|
|
// If this fails, we're probably out of memory. Just return.
|
|
|
|
return;
|
2013-07-09 03:30:59 +04:00
|
|
|
}
|
2019-03-26 18:56:32 +03:00
|
|
|
certHandle.release(); // intermediates now owns the reference
|
|
|
|
numIntermediates++;
|
|
|
|
}
|
2016-05-11 09:38:55 +03:00
|
|
|
|
2019-03-26 18:56:32 +03:00
|
|
|
if (numIntermediates > 0) {
|
2019-04-11 00:44:16 +03:00
|
|
|
nsCOMPtr<nsIRunnable> importCertsRunnable(NS_NewRunnableFunction(
|
|
|
|
"IdleSaveIntermediateCerts",
|
|
|
|
[intermediates = std::move(intermediates)]() -> void {
|
|
|
|
UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
|
|
|
|
if (!slot) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
for (CERTCertListNode* node = CERT_LIST_HEAD(intermediates);
|
|
|
|
!CERT_LIST_END(node, intermediates);
|
|
|
|
node = CERT_LIST_NEXT(node)) {
|
|
|
|
// This is a best-effort attempt at avoiding unknown issuer errors
|
|
|
|
// in the future, so ignore failures here.
|
|
|
|
nsAutoCString nickname;
|
|
|
|
if (NS_FAILED(DefaultServerNicknameForCert(node->cert, nickname))) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
Unused << PK11_ImportCert(slot.get(), node->cert, CK_INVALID_HANDLE,
|
|
|
|
nickname.get(), false);
|
|
|
|
}
|
|
|
|
|
|
|
|
nsCOMPtr<nsIRunnable> runnable(NS_NewRunnableFunction(
|
|
|
|
"IdleSaveIntermediateCertsDone", []() -> void {
|
|
|
|
nsCOMPtr<nsIObserverService> observerService =
|
|
|
|
mozilla::services::GetObserverService();
|
|
|
|
if (observerService) {
|
|
|
|
observerService->NotifyObservers(
|
|
|
|
nullptr, "psm:intermediate-certs-cached", nullptr);
|
|
|
|
}
|
|
|
|
}));
|
|
|
|
Unused << NS_DispatchToMainThread(runnable.forget());
|
|
|
|
}));
|
|
|
|
Unused << NS_DispatchToCurrentThreadQueue(importCertsRunnable.forget(),
|
|
|
|
EventQueuePriority::Idle);
|
2013-07-09 03:30:59 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-01-21 10:10:33 +04:00
|
|
|
} // namespace psm
|
|
|
|
} // namespace mozilla
|