97aa8bb0ba48cd5651ab491070f9c030220028ee
[strongswan.git] / src / libstrongswan / crypto / x509.c
1 /**
2 * @file x509.c
3 *
4 * @brief Implementation of x509_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2000 Andreas Hess, Patric Lichtsteiner, Roger Wegmann
10 * Copyright (C) 2001 Marco Bertossa, Andreas Schleiss
11 * Copyright (C) 2002 Mario Strasser
12 * Copyright (C) 2000-2004 Andreas Steffen, Zuercher Hochschule Winterthur
13 * Copyright (C) 2006 Martin Willi, Andreas Steffen
14 *
15 * Hochschule fuer Technik Rapperswil
16 *
17 * This program is free software; you can redistribute it and/or modify it
18 * under the terms of the GNU General Public License as published by the
19 * Free Software Foundation; either version 2 of the License, or (at your
20 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
21 *
22 * This program is distributed in the hope that it will be useful, but
23 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
24 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
25 * for more details.
26 */
27
28 #include <gmp.h>
29 #include <sys/stat.h>
30 #include <unistd.h>
31 #include <string.h>
32 #include <stdio.h>
33
34 #include "x509.h"
35 #include "hashers/hasher.h"
36 #include <library.h>
37 #include <debug.h>
38 #include <asn1/oid.h>
39 #include <asn1/asn1.h>
40 #include <asn1/pem.h>
41 #include <utils/linked_list.h>
42 #include <utils/identification.h>
43
44 #define CERT_WARNING_INTERVAL 30 /* days */
45
46 /**
47 * Different kinds of generalNames
48 */
49 typedef enum generalNames_t generalNames_t;
50
51 enum generalNames_t {
52 GN_OTHER_NAME = 0,
53 GN_RFC822_NAME = 1,
54 GN_DNS_NAME = 2,
55 GN_X400_ADDRESS = 3,
56 GN_DIRECTORY_NAME = 4,
57 GN_EDI_PARTY_NAME = 5,
58 GN_URI = 6,
59 GN_IP_ADDRESS = 7,
60 GN_REGISTERED_ID = 8,
61 };
62
63 typedef struct private_x509_t private_x509_t;
64
65 /**
66 * Private data of a x509_t object.
67 */
68 struct private_x509_t {
69 /**
70 * Public interface for this certificate.
71 */
72 x509_t public;
73
74 /**
75 * Time when certificate was installed
76 */
77 time_t installed;
78
79 /**
80 * Time until certificate can be trusted
81 */
82 time_t until;
83
84 /**
85 * Certificate status
86 */
87 cert_status_t status;
88
89 /**
90 * Authority flags
91 */
92 u_int authority_flags;
93
94 /**
95 * X.509 Certificate in DER format
96 */
97 chunk_t certificate;
98
99 /**
100 * X.509 certificate body over which signature is computed
101 */
102 chunk_t tbsCertificate;
103
104 /**
105 * Version of the X.509 certificate
106 */
107 u_int version;
108
109 /**
110 * Serial number of the X.509 certificate
111 */
112 chunk_t serialNumber;
113
114 /**
115 * Signature algorithm
116 */
117 int sigAlg;
118
119 /**
120 * ID representing the certificate issuer
121 */
122 identification_t *issuer;
123
124 /**
125 * Start time of certificate validity
126 */
127 time_t notBefore;
128
129 /**
130 * End time of certificate validity
131 */
132 time_t notAfter;
133
134 /**
135 * ID representing the certificate subject
136 */
137 identification_t *subject;
138
139 /**
140 * List of identification_t's representing subjectAltNames
141 */
142 linked_list_t *subjectAltNames;
143
144 /**
145 * List of identification_t's representing crlDistributionPoints
146 */
147 linked_list_t *crlDistributionPoints;
148
149 /**
150 * List of identification_t's representing ocspAccessLocations
151 */
152 linked_list_t *ocspAccessLocations;
153
154 /**
155 * Subject public key
156 */
157 chunk_t subjectPublicKey;
158
159 /**
160 * Subject RSA public key, if subjectPublicKeyAlgorithm == RSA
161 */
162 rsa_public_key_t *public_key;
163
164 /**
165 * Subject Key Identifier
166 */
167 chunk_t subjectKeyID;
168
169 /**
170 * Authority Key Identifier
171 */
172 chunk_t authKeyID;
173
174 /**
175 * Authority Key Serial Number
176 */
177 chunk_t authKeySerialNumber;
178
179 /**
180 * Indicates if the certificate is self-signed
181 */
182 bool isSelfSigned;
183
184 /**
185 * CA basic constraints flag
186 */
187 bool isCA;
188
189 /**
190 * OCSPSigner extended key usage flag
191 */
192 bool isOcspSigner;
193
194 /**
195 * Signature algorithm (must be identical to sigAlg)
196 */
197 int algorithm;
198
199 /**
200 * Signature
201 */
202 chunk_t signature;
203
204 };
205
206 /**
207 * ASN.1 definition of generalName
208 */
209 static const asn1Object_t generalNameObjects[] = {
210 { 0, "otherName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_BODY }, /* 0 */
211 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 1 */
212 { 0, "rfc822Name", ASN1_CONTEXT_S_1, ASN1_OPT|ASN1_BODY }, /* 2 */
213 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 3 */
214 { 0, "dnsName", ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 4 */
215 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 5 */
216 { 0, "x400Address", ASN1_CONTEXT_S_3, ASN1_OPT|ASN1_BODY }, /* 6 */
217 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 7 */
218 { 0, "directoryName", ASN1_CONTEXT_C_4, ASN1_OPT|ASN1_BODY }, /* 8 */
219 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 9 */
220 { 0, "ediPartyName", ASN1_CONTEXT_C_5, ASN1_OPT|ASN1_BODY }, /* 10 */
221 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 11 */
222 { 0, "URI", ASN1_CONTEXT_S_6, ASN1_OPT|ASN1_BODY }, /* 12 */
223 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 13 */
224 { 0, "ipAddress", ASN1_CONTEXT_S_7, ASN1_OPT|ASN1_BODY }, /* 14 */
225 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 15 */
226 { 0, "registeredID", ASN1_CONTEXT_S_8, ASN1_OPT|ASN1_BODY }, /* 16 */
227 { 0, "end choice", ASN1_EOC, ASN1_END } /* 17 */
228 };
229 #define GN_OBJ_OTHER_NAME 0
230 #define GN_OBJ_RFC822_NAME 2
231 #define GN_OBJ_DNS_NAME 4
232 #define GN_OBJ_X400_ADDRESS 6
233 #define GN_OBJ_DIRECTORY_NAME 8
234 #define GN_OBJ_EDI_PARTY_NAME 10
235 #define GN_OBJ_URI 12
236 #define GN_OBJ_IP_ADDRESS 14
237 #define GN_OBJ_REGISTERED_ID 16
238 #define GN_OBJ_ROOF 18
239
240 /**
241 * ASN.1 definition of otherName
242 */
243 static const asn1Object_t otherNameObjects[] = {
244 {0, "type-id", ASN1_OID, ASN1_BODY }, /* 0 */
245 {0, "value", ASN1_CONTEXT_C_0, ASN1_BODY } /* 1 */
246 };
247 #define ON_OBJ_ID_TYPE 0
248 #define ON_OBJ_VALUE 1
249 #define ON_OBJ_ROOF 2
250 /**
251 * ASN.1 definition of a basicConstraints extension
252 */
253 static const asn1Object_t basicConstraintsObjects[] = {
254 { 0, "basicConstraints", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
255 { 1, "CA", ASN1_BOOLEAN, ASN1_DEF|ASN1_BODY }, /* 1 */
256 { 1, "pathLenConstraint", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 2 */
257 { 1, "end opt", ASN1_EOC, ASN1_END } /* 3 */
258 };
259 #define BASIC_CONSTRAINTS_CA 1
260 #define BASIC_CONSTRAINTS_ROOF 4
261
262 /**
263 * ASN.1 definition of a keyIdentifier
264 */
265 static const asn1Object_t keyIdentifierObjects[] = {
266 { 0, "keyIdentifier", ASN1_OCTET_STRING, ASN1_BODY } /* 0 */
267 };
268
269 /**
270 * ASN.1 definition of a authorityKeyIdentifier extension
271 */
272 static const asn1Object_t authorityKeyIdentifierObjects[] = {
273 { 0, "authorityKeyIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
274 { 1, "keyIdentifier", ASN1_CONTEXT_S_0, ASN1_OPT|ASN1_OBJ }, /* 1 */
275 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */
276 { 1, "authorityCertIssuer", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_OBJ }, /* 3 */
277 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */
278 { 1, "authorityCertSerialNumber",ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 5 */
279 { 1, "end opt", ASN1_EOC, ASN1_END } /* 6 */
280 };
281 #define AUTH_KEY_ID_KEY_ID 1
282 #define AUTH_KEY_ID_CERT_ISSUER 3
283 #define AUTH_KEY_ID_CERT_SERIAL 5
284 #define AUTH_KEY_ID_ROOF 7
285
286 /**
287 * ASN.1 definition of a authorityInfoAccess extension
288 */
289 static const asn1Object_t authorityInfoAccessObjects[] = {
290 { 0, "authorityInfoAccess", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
291 { 1, "accessDescription", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */
292 { 2, "accessMethod", ASN1_OID, ASN1_BODY }, /* 2 */
293 { 2, "accessLocation", ASN1_EOC, ASN1_RAW }, /* 3 */
294 { 0, "end loop", ASN1_EOC, ASN1_END } /* 4 */
295 };
296 #define AUTH_INFO_ACCESS_METHOD 2
297 #define AUTH_INFO_ACCESS_LOCATION 3
298 #define AUTH_INFO_ACCESS_ROOF 5
299
300 /**
301 * ASN.1 definition of a extendedKeyUsage extension
302 */
303 static const asn1Object_t extendedKeyUsageObjects[] = {
304 { 0, "extendedKeyUsage", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
305 { 1, "keyPurposeID", ASN1_OID, ASN1_BODY }, /* 1 */
306 { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */
307 };
308
309 #define EXT_KEY_USAGE_PURPOSE_ID 1
310 #define EXT_KEY_USAGE_ROOF 3
311
312 /**
313 * ASN.1 definition of generalNames
314 */
315 static const asn1Object_t generalNamesObjects[] = {
316 { 0, "generalNames", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
317 { 1, "generalName", ASN1_EOC, ASN1_RAW }, /* 1 */
318 { 0, "end loop", ASN1_EOC, ASN1_END } /* 2 */
319 };
320 #define GENERAL_NAMES_GN 1
321 #define GENERAL_NAMES_ROOF 3
322
323
324 /**
325 * ASN.1 definition of crlDistributionPoints
326 */
327 static const asn1Object_t crlDistributionPointsObjects[] = {
328 { 0, "crlDistributionPoints", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
329 { 1, "DistributionPoint", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */
330 { 2, "distributionPoint", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_LOOP }, /* 2 */
331 { 3, "fullName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_OBJ }, /* 3 */
332 { 3, "end choice", ASN1_EOC, ASN1_END }, /* 4 */
333 { 3, "nameRelToCRLIssuer",ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 5 */
334 { 3, "end choice", ASN1_EOC, ASN1_END }, /* 6 */
335 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 7 */
336 { 2, "reasons", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 8 */
337 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 9 */
338 { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_BODY }, /* 10 */
339 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 11 */
340 { 0, "end loop", ASN1_EOC, ASN1_END }, /* 12 */
341 };
342 #define CRL_DIST_POINTS_FULLNAME 3
343 #define CRL_DIST_POINTS_ROOF 13
344
345 /**
346 * ASN.1 definition of an X.509v3 x509
347 */
348 static const asn1Object_t certObjects[] = {
349 { 0, "x509", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
350 { 1, "tbsCertificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 1 */
351 { 2, "DEFAULT v1", ASN1_CONTEXT_C_0, ASN1_DEF }, /* 2 */
352 { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 3 */
353 { 2, "serialNumber", ASN1_INTEGER, ASN1_BODY }, /* 4 */
354 { 2, "signature", ASN1_EOC, ASN1_RAW }, /* 5 */
355 { 2, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 6 */
356 { 2, "validity", ASN1_SEQUENCE, ASN1_NONE }, /* 7 */
357 { 3, "notBefore", ASN1_EOC, ASN1_RAW }, /* 8 */
358 { 3, "notAfter", ASN1_EOC, ASN1_RAW }, /* 9 */
359 { 2, "subject", ASN1_SEQUENCE, ASN1_OBJ }, /* 10 */
360 { 2, "subjectPublicKeyInfo",ASN1_SEQUENCE, ASN1_NONE }, /* 11 */
361 { 3, "algorithm", ASN1_EOC, ASN1_RAW }, /* 12 */
362 { 3, "subjectPublicKey", ASN1_BIT_STRING, ASN1_NONE }, /* 13 */
363 { 4, "RSAPublicKey", ASN1_SEQUENCE, ASN1_RAW }, /* 14 */
364 { 2, "issuerUniqueID", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 15 */
365 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 16 */
366 { 2, "subjectUniqueID", ASN1_CONTEXT_C_2, ASN1_OPT }, /* 17 */
367 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 18 */
368 { 2, "optional extensions", ASN1_CONTEXT_C_3, ASN1_OPT }, /* 19 */
369 { 3, "extensions", ASN1_SEQUENCE, ASN1_LOOP }, /* 20 */
370 { 4, "extension", ASN1_SEQUENCE, ASN1_NONE }, /* 21 */
371 { 5, "extnID", ASN1_OID, ASN1_BODY }, /* 22 */
372 { 5, "critical", ASN1_BOOLEAN, ASN1_DEF|ASN1_BODY }, /* 23 */
373 { 5, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 24 */
374 { 3, "end loop", ASN1_EOC, ASN1_END }, /* 25 */
375 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 26 */
376 { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 27 */
377 { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY } /* 28 */
378 };
379 #define X509_OBJ_CERTIFICATE 0
380 #define X509_OBJ_TBS_CERTIFICATE 1
381 #define X509_OBJ_VERSION 3
382 #define X509_OBJ_SERIAL_NUMBER 4
383 #define X509_OBJ_SIG_ALG 5
384 #define X509_OBJ_ISSUER 6
385 #define X509_OBJ_NOT_BEFORE 8
386 #define X509_OBJ_NOT_AFTER 9
387 #define X509_OBJ_SUBJECT 10
388 #define X509_OBJ_SUBJECT_PUBLIC_KEY_ALGORITHM 12
389 #define X509_OBJ_SUBJECT_PUBLIC_KEY 13
390 #define X509_OBJ_RSA_PUBLIC_KEY 14
391 #define X509_OBJ_EXTN_ID 22
392 #define X509_OBJ_CRITICAL 23
393 #define X509_OBJ_EXTN_VALUE 24
394 #define X509_OBJ_ALGORITHM 27
395 #define X509_OBJ_SIGNATURE 28
396 #define X509_OBJ_ROOF 29
397
398
399 static u_char ASN1_subjectAltName_oid_str[] = {
400 0x06, 0x03, 0x55, 0x1D, 0x11
401 };
402
403 static const chunk_t ASN1_subjectAltName_oid = chunk_from_buf(ASN1_subjectAltName_oid_str);
404
405
406 /**
407 * compare two X.509 x509s by comparing their signatures
408 */
409 static bool equals(const private_x509_t *this, const private_x509_t *other)
410 {
411 return chunk_equals(this->signature, other->signature);
412 }
413
414 /**
415 * extracts the basicConstraints extension
416 */
417 static bool parse_basicConstraints(chunk_t blob, int level0)
418 {
419 asn1_ctx_t ctx;
420 chunk_t object;
421 u_int level;
422 int objectID = 0;
423 bool isCA = FALSE;
424
425 asn1_init(&ctx, blob, level0, FALSE, FALSE);
426
427 while (objectID < BASIC_CONSTRAINTS_ROOF) {
428
429 if (!extract_object(basicConstraintsObjects, &objectID, &object,&level, &ctx))
430 {
431 break;
432 }
433 if (objectID == BASIC_CONSTRAINTS_CA)
434 {
435 isCA = object.len && *object.ptr;
436 DBG2(" %s", isCA ? "TRUE" : "FALSE");
437 }
438 objectID++;
439 }
440 return isCA;
441 }
442
443 /*
444 * extracts an otherName
445 */
446 static bool
447 parse_otherName(chunk_t blob, int level0)
448 {
449 asn1_ctx_t ctx;
450 chunk_t object;
451 int objectID = 0;
452 u_int level;
453 int oid = OID_UNKNOWN;
454
455 asn1_init(&ctx, blob, level0, FALSE, FALSE);
456
457 while (objectID < ON_OBJ_ROOF)
458 {
459 if (!extract_object(otherNameObjects, &objectID, &object, &level, &ctx))
460 return FALSE;
461
462 switch (objectID)
463 {
464 case ON_OBJ_ID_TYPE:
465 oid = known_oid(object);
466 break;
467 case ON_OBJ_VALUE:
468 if (oid == OID_XMPP_ADDR)
469 {
470 if (!parse_asn1_simple_object(&object, ASN1_UTF8STRING, level + 1, "xmppAddr"))
471 return FALSE;
472 }
473 break;
474 default:
475 break;
476 }
477 objectID++;
478 }
479 return TRUE;
480 }
481
482 /*
483 * extracts a generalName
484 */
485 static identification_t *parse_generalName(chunk_t blob, int level0)
486 {
487 asn1_ctx_t ctx;
488 chunk_t object;
489 int objectID = 0;
490 u_int level;
491
492 asn1_init(&ctx, blob, level0, FALSE, FALSE);
493
494 while (objectID < GN_OBJ_ROOF)
495 {
496 id_type_t id_type = ID_ANY;
497
498 if (!extract_object(generalNameObjects, &objectID, &object, &level, &ctx))
499 return NULL;
500
501 switch (objectID)
502 {
503 case GN_OBJ_RFC822_NAME:
504 id_type = ID_RFC822_ADDR;
505 break;
506 case GN_OBJ_DNS_NAME:
507 id_type = ID_FQDN;
508 break;
509 case GN_OBJ_URI:
510 id_type = ID_DER_ASN1_GN_URI;
511 break;
512 case GN_OBJ_DIRECTORY_NAME:
513 id_type = ID_DER_ASN1_DN;
514 break;
515 case GN_OBJ_IP_ADDRESS:
516 id_type = ID_IPV4_ADDR;
517 break;
518 case GN_OBJ_OTHER_NAME:
519 if (!parse_otherName(object, level + 1))
520 return NULL;
521 break;
522 case GN_OBJ_X400_ADDRESS:
523 case GN_OBJ_EDI_PARTY_NAME:
524 case GN_OBJ_REGISTERED_ID:
525 break;
526 default:
527 break;
528 }
529
530 if (id_type != ID_ANY)
531 {
532 identification_t *gn = identification_create_from_encoding(id_type, object);
533 DBG2(" '%D'", gn);
534 return gn;
535 }
536 objectID++;
537 }
538 return NULL;
539 }
540
541
542 /**
543 * extracts one or several GNs and puts them into a chained list
544 */
545 void parse_generalNames(chunk_t blob, int level0, bool implicit, linked_list_t *list)
546 {
547 asn1_ctx_t ctx;
548 chunk_t object;
549 u_int level;
550 int objectID = 0;
551
552 asn1_init(&ctx, blob, level0, implicit, FALSE);
553
554 while (objectID < GENERAL_NAMES_ROOF)
555 {
556 if (!extract_object(generalNamesObjects, &objectID, &object, &level, &ctx))
557 return;
558
559 if (objectID == GENERAL_NAMES_GN)
560 {
561 identification_t *gn = parse_generalName(object, level+1);
562
563 if (gn != NULL)
564 list->insert_last(list, (void *)gn);
565 }
566 objectID++;
567 }
568 return;
569 }
570
571 /**
572 * extracts a keyIdentifier
573 */
574 static chunk_t parse_keyIdentifier(chunk_t blob, int level0, bool implicit)
575 {
576 asn1_ctx_t ctx;
577 chunk_t object;
578 u_int level;
579 int objectID = 0;
580
581 asn1_init(&ctx, blob, level0, implicit, FALSE);
582
583 extract_object(keyIdentifierObjects, &objectID, &object, &level, &ctx);
584 return object;
585 }
586
587 /**
588 * extracts an authoritykeyIdentifier
589 */
590 void parse_authorityKeyIdentifier(chunk_t blob, int level0 , chunk_t *authKeyID, chunk_t *authKeySerialNumber)
591 {
592 asn1_ctx_t ctx;
593 chunk_t object;
594 u_int level;
595 int objectID = 0;
596
597 *authKeyID = chunk_empty;
598 *authKeySerialNumber = chunk_empty;
599
600 asn1_init(&ctx, blob, level0, FALSE, FALSE);
601
602 while (objectID < AUTH_KEY_ID_ROOF)
603 {
604 if (!extract_object(authorityKeyIdentifierObjects, &objectID, &object, &level, &ctx))
605 {
606 return;
607 }
608 switch (objectID)
609 {
610 case AUTH_KEY_ID_KEY_ID:
611 *authKeyID = parse_keyIdentifier(object, level+1, TRUE);
612 break;
613 case AUTH_KEY_ID_CERT_ISSUER:
614 {
615 /* TODO: parse_generalNames(object, level+1, TRUE); */
616 break;
617 }
618 case AUTH_KEY_ID_CERT_SERIAL:
619 *authKeySerialNumber = object;
620 break;
621 default:
622 break;
623 }
624 objectID++;
625 }
626 }
627
628 /**
629 * extracts an authorityInfoAcess location
630 */
631 static void parse_authorityInfoAccess(chunk_t blob, int level0, linked_list_t *list)
632 {
633 asn1_ctx_t ctx;
634 chunk_t object;
635 u_int level;
636 int objectID = 0;
637
638 u_int accessMethod = OID_UNKNOWN;
639
640 asn1_init(&ctx, blob, level0, FALSE, FALSE);
641 while (objectID < AUTH_INFO_ACCESS_ROOF)
642 {
643 if (!extract_object(authorityInfoAccessObjects, &objectID, &object, &level, &ctx))
644 {
645 return;
646 }
647 switch (objectID)
648 {
649 case AUTH_INFO_ACCESS_METHOD:
650 accessMethod = known_oid(object);
651 break;
652 case AUTH_INFO_ACCESS_LOCATION:
653 {
654 switch (accessMethod)
655 {
656 case OID_OCSP:
657 if (*object.ptr == ASN1_CONTEXT_S_6)
658 {
659 identification_t *accessLocation;
660
661 if (asn1_length(&object) == ASN1_INVALID_LENGTH)
662 return;
663 DBG2(" '%.*s'",(int)object.len, object.ptr);
664 accessLocation = identification_create_from_encoding(ID_DER_ASN1_GN_URI, object);
665 list->insert_last(list, (void *)accessLocation);
666 }
667 break;
668 default:
669 /* unkown accessMethod, ignoring */
670 break;
671 }
672 break;
673 }
674 default:
675 break;
676 }
677 objectID++;
678 }
679 }
680
681 /**
682 * extracts extendedKeyUsage OIDs
683 */
684 static bool parse_extendedKeyUsage(chunk_t blob, int level0)
685 {
686 asn1_ctx_t ctx;
687 chunk_t object;
688 u_int level;
689 int objectID = 0;
690
691 asn1_init(&ctx, blob, level0, FALSE, FALSE);
692 while (objectID < EXT_KEY_USAGE_ROOF)
693 {
694 if (!extract_object(extendedKeyUsageObjects, &objectID, &object, &level, &ctx))
695 {
696 return FALSE;
697 }
698 if (objectID == EXT_KEY_USAGE_PURPOSE_ID &&
699 known_oid(object) == OID_OCSP_SIGNING)
700 {
701 return TRUE;
702 }
703 objectID++;
704 }
705 return FALSE;
706 }
707
708 /**
709 * extracts one or several crlDistributionPoints and puts them into
710 * a chained list
711 */
712 static void parse_crlDistributionPoints(chunk_t blob, int level0, linked_list_t *list)
713 {
714 asn1_ctx_t ctx;
715 chunk_t object;
716 u_int level;
717 int objectID = 0;
718
719 asn1_init(&ctx, blob, level0, FALSE, FALSE);
720 while (objectID < CRL_DIST_POINTS_ROOF)
721 {
722 if (!extract_object(crlDistributionPointsObjects, &objectID, &object, &level, &ctx))
723 {
724 return;
725 }
726 if (objectID == CRL_DIST_POINTS_FULLNAME)
727 {
728 /* append extracted generalNames to existing chained list */
729 parse_generalNames(object, level+1, TRUE, list);
730
731 }
732 objectID++;
733 }
734 }
735
736
737 /**
738 * Parses an X.509v3 certificate
739 */
740 static bool parse_certificate(chunk_t blob, u_int level0, private_x509_t *this)
741 {
742 asn1_ctx_t ctx;
743 bool critical;
744 chunk_t object;
745 u_int level;
746 u_int extn_oid = OID_UNKNOWN;
747 int objectID = 0;
748
749 asn1_init(&ctx, blob, level0, FALSE, FALSE);
750 while (objectID < X509_OBJ_ROOF)
751 {
752 if (!extract_object(certObjects, &objectID, &object, &level, &ctx))
753 {
754 return FALSE;
755 }
756
757 /* those objects which will parsed further need the next higher level */
758 level++;
759
760 switch (objectID)
761 {
762 case X509_OBJ_CERTIFICATE:
763 this->certificate = object;
764 break;
765 case X509_OBJ_TBS_CERTIFICATE:
766 this->tbsCertificate = object;
767 break;
768 case X509_OBJ_VERSION:
769 this->version = (object.len) ? (1+(u_int)*object.ptr) : 1;
770 DBG2(" v%d", this->version);
771 break;
772 case X509_OBJ_SERIAL_NUMBER:
773 this->serialNumber = object;
774 break;
775 case X509_OBJ_SIG_ALG:
776 this->sigAlg = parse_algorithmIdentifier(object, level, NULL);
777 break;
778 case X509_OBJ_ISSUER:
779 this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
780 DBG2(" '%D'", this->issuer);
781 break;
782 case X509_OBJ_NOT_BEFORE:
783 this->notBefore = parse_time(object, level);
784 break;
785 case X509_OBJ_NOT_AFTER:
786 this->notAfter = parse_time(object, level);
787 break;
788 case X509_OBJ_SUBJECT:
789 this->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object);
790 DBG2(" '%D'", this->subject);
791 break;
792 case X509_OBJ_SUBJECT_PUBLIC_KEY_ALGORITHM:
793 if (parse_algorithmIdentifier(object, level, NULL) != OID_RSA_ENCRYPTION)
794 {
795 DBG2(" unsupported public key algorithm");
796 return FALSE;
797 }
798 break;
799 case X509_OBJ_SUBJECT_PUBLIC_KEY:
800 if (ctx.blobs[4].len > 0 && *ctx.blobs[4].ptr == 0x00)
801 {
802 /* skip initial bit string octet defining 0 unused bits */
803 ctx.blobs[4].ptr++; ctx.blobs[4].len--;
804 }
805 else
806 {
807 DBG2(" invalid RSA public key format");
808 return FALSE;
809 }
810 break;
811 case X509_OBJ_RSA_PUBLIC_KEY:
812 this->subjectPublicKey = object;
813 break;
814 case X509_OBJ_EXTN_ID:
815 extn_oid = known_oid(object);
816 break;
817 case X509_OBJ_CRITICAL:
818 critical = object.len && *object.ptr;
819 DBG2(" %s", critical ? "TRUE" : "FALSE");
820 break;
821 case X509_OBJ_EXTN_VALUE:
822 {
823 switch (extn_oid)
824 {
825 case OID_SUBJECT_KEY_ID:
826 this->subjectKeyID = chunk_clone(parse_keyIdentifier(object, level, FALSE));
827 break;
828 case OID_SUBJECT_ALT_NAME:
829 parse_generalNames(object, level, FALSE, this->subjectAltNames);
830 break;
831 case OID_BASIC_CONSTRAINTS:
832 this->isCA = parse_basicConstraints(object, level);
833 break;
834 case OID_CRL_DISTRIBUTION_POINTS:
835 parse_crlDistributionPoints(object, level, this->crlDistributionPoints);
836 break;
837 case OID_AUTHORITY_KEY_ID:
838 parse_authorityKeyIdentifier(object, level , &this->authKeyID, &this->authKeySerialNumber);
839 break;
840 case OID_AUTHORITY_INFO_ACCESS:
841 parse_authorityInfoAccess(object, level, this->ocspAccessLocations);
842 break;
843 case OID_EXTENDED_KEY_USAGE:
844 this->isOcspSigner = parse_extendedKeyUsage(object, level);
845 break;
846 case OID_NS_REVOCATION_URL:
847 case OID_NS_CA_REVOCATION_URL:
848 case OID_NS_CA_POLICY_URL:
849 case OID_NS_COMMENT:
850 if (!parse_asn1_simple_object(&object, ASN1_IA5STRING , level, oid_names[extn_oid].name))
851 return FALSE;
852 break;
853 default:
854 break;
855 }
856 break;
857 }
858 case X509_OBJ_ALGORITHM:
859 this->algorithm = parse_algorithmIdentifier(object, level, NULL);
860 break;
861 case X509_OBJ_SIGNATURE:
862 this->signature = object;
863 break;
864 default:
865 break;
866 }
867 objectID++;
868 }
869
870 /* generate the subjectKeyID if it is missing in the certificate */
871 if (this->subjectKeyID.ptr == NULL)
872 {
873 hasher_t *hasher = hasher_create(HASH_SHA1);
874
875 hasher->allocate_hash(hasher, this->subjectPublicKey, &this->subjectKeyID);
876 hasher->destroy(hasher);
877 }
878
879 this->installed = time(NULL);
880 return TRUE;
881 }
882
883 /**
884 * Implements x509_t.is_valid
885 */
886 static err_t is_valid(const private_x509_t *this, time_t *until)
887 {
888 time_t current_time = time(NULL);
889
890 DBG2(" not before : %T", &this->notBefore);
891 DBG2(" current time: %T", &current_time);
892 DBG2(" not after : %T", &this->notAfter);
893
894 if (until != NULL &&
895 (*until == UNDEFINED_TIME || this->notAfter < *until))
896 {
897 *until = this->notAfter;
898 }
899 if (current_time < this->notBefore)
900 {
901 return "is not valid yet";
902 }
903 if (current_time > this->notAfter)
904 {
905 return "has expired";
906 }
907 DBG2(" certificate is valid");
908 return NULL;
909 }
910
911 /**
912 * Implements x509_t.is_ca
913 */
914 static bool is_ca(const private_x509_t *this)
915 {
916 return this->isCA;
917 }
918
919 /**
920 * Implements x509_t.is_ocsp_signer
921 */
922 static bool is_ocsp_signer(const private_x509_t *this)
923 {
924 return this->isOcspSigner;
925 }
926
927 /**
928 * Implements x509_t.is_self_signed
929 */
930 static bool is_self_signed(const private_x509_t *this)
931 {
932 return this->isSelfSigned;
933 }
934
935 /**
936 * Implements x509_t.equals_subjectAltName
937 */
938 static bool equals_subjectAltName(const private_x509_t *this, identification_t *id)
939 {
940 bool found = FALSE;
941 identification_t *subjectAltName;
942 iterator_t *iterator;
943
944 iterator = this->subjectAltNames->create_iterator(this->subjectAltNames, TRUE);
945 while (iterator->iterate(iterator, (void**)&subjectAltName))
946 {
947 if (id->equals(id, subjectAltName))
948 {
949 found = TRUE;
950 break;
951 }
952 }
953 iterator->destroy(iterator);
954 return found;
955 }
956
957 /**
958 * Implements x509_t.is_issuer
959 */
960 static bool is_issuer(const private_x509_t *this, const private_x509_t *issuer)
961 {
962 return (this->authKeyID.ptr)
963 ? chunk_equals(this->authKeyID, issuer->subjectKeyID)
964 : (this->issuer->equals(this->issuer, issuer->subject)
965 && chunk_equals_or_null(this->authKeySerialNumber, issuer->serialNumber));
966 }
967
968 /**
969 * Implements x509_t.get_certificate
970 */
971 static chunk_t get_certificate(const private_x509_t *this)
972 {
973 return this->certificate;
974 }
975
976 /**
977 * Implements x509_t.get_public_key
978 */
979 static rsa_public_key_t *get_public_key(const private_x509_t *this)
980 {
981 return this->public_key;
982 }
983
984 /**
985 * Implements x509_t.get_serialNumber
986 */
987 static chunk_t get_serialNumber(const private_x509_t *this)
988 {
989 return this->serialNumber;
990 }
991
992 /**
993 * Implements x509_t.get_subjectKeyID
994 */
995 static chunk_t get_subjectKeyID(const private_x509_t *this)
996 {
997 return this->subjectKeyID;
998 }
999
1000 /**
1001 * Implements x509_t.get_keyid
1002 */
1003 static chunk_t get_keyid(const private_x509_t *this)
1004 {
1005 return this->public_key->get_keyid(this->public_key);
1006 }
1007
1008 /**
1009 * Implements x509_t.get_issuer
1010 */
1011 static identification_t *get_issuer(const private_x509_t *this)
1012 {
1013 return this->issuer;
1014 }
1015
1016 /**
1017 * Implements x509_t.get_subject
1018 */
1019 static identification_t *get_subject(const private_x509_t *this)
1020 {
1021 return this->subject;
1022 }
1023
1024 /**
1025 * Implements x509_t.set_until
1026 */
1027 static void set_until(private_x509_t *this, time_t until)
1028 {
1029 this->until = until;
1030 }
1031
1032 /**
1033 * Implements x509_t.get_until
1034 */
1035 static time_t get_until(const private_x509_t *this)
1036 {
1037 return this->until;
1038 }
1039
1040 /**
1041 * Implements x509_t.set_status
1042 */
1043 static void set_status(private_x509_t *this, cert_status_t status)
1044 {
1045 this->status = status;
1046 }
1047
1048 /**
1049 * Implements x509_t.get_status
1050 */
1051 static cert_status_t get_status(const private_x509_t *this)
1052 {
1053 return this->status;
1054 }
1055
1056 /**
1057 * Implements x509_t.add_authority_flags
1058 */
1059 static void add_authority_flags(private_x509_t *this, u_int flags)
1060 {
1061 this->authority_flags |= flags;
1062 }
1063
1064 /**
1065 * Implements x509_t.add_authority_flags
1066 */
1067 static u_int get_authority_flags(private_x509_t *this)
1068 {
1069 return this->authority_flags;
1070 }
1071
1072 /**
1073 * Implements x509_t.has_authority_flag
1074 */
1075 static bool has_authority_flag(private_x509_t *this, u_int flags)
1076 {
1077 return (this->authority_flags & flags) != AUTH_NONE;
1078 }
1079
1080 /**
1081 * Implements x509_t.create_crluri_iterator
1082 */
1083 static iterator_t *create_crluri_iterator(const private_x509_t *this)
1084 {
1085 return this->crlDistributionPoints->create_iterator(this->crlDistributionPoints, TRUE);
1086 }
1087
1088 /**
1089 * Implements x509_t.create_crluri_iterator
1090 */
1091 static iterator_t *create_ocspuri_iterator(const private_x509_t *this)
1092 {
1093 return this->ocspAccessLocations->create_iterator(this->ocspAccessLocations, TRUE);
1094 }
1095
1096 /**
1097 * Implements x509_t.verify
1098 */
1099 static bool verify(const private_x509_t *this, const rsa_public_key_t *signer)
1100 {
1101 return signer->verify_emsa_pkcs1_signature(signer, this->tbsCertificate, this->signature) == SUCCESS;
1102 }
1103
1104 /**
1105 * Implementation of x509_t.list.
1106 */
1107 static void list(private_x509_t *this, FILE *out, bool utc)
1108 {
1109 iterator_t *iterator;
1110 time_t now = time(NULL);
1111
1112 fprintf(out, "%#T\n", &this->installed, utc);
1113
1114 if (this->subjectAltNames->get_count(this->subjectAltNames))
1115 {
1116 identification_t *subjectAltName;
1117 bool first = TRUE;
1118
1119 fprintf(out, " altNames: ");
1120 iterator = this->subjectAltNames->create_iterator(this->subjectAltNames, TRUE);
1121 while (iterator->iterate(iterator, (void**)&subjectAltName))
1122 {
1123 if (first)
1124 {
1125 first = FALSE;
1126 }
1127 else
1128 {
1129 fprintf(out, ", ");
1130 }
1131 fprintf(out, "'%D'", subjectAltName);
1132 }
1133 iterator->destroy(iterator);
1134 fprintf(out, "\n");
1135 }
1136 fprintf(out, " subject: '%D'\n", this->subject);
1137 fprintf(out, " issuer: '%D'\n", this->issuer);
1138 fprintf(out, " serial: %#B\n", &this->serialNumber);
1139 fprintf(out, " validity: not before %#T, ", &this->notBefore, utc);
1140 if (now < this->notBefore)
1141 {
1142 fprintf(out, "not valid yet (valid in %V)\n", &now, &this->notBefore);
1143 }
1144 else
1145 {
1146 fprintf(out, "ok\n");
1147 }
1148
1149 fprintf(out, " not after %#T, ", &this->notAfter, utc);
1150 if (now > this->notAfter)
1151 {
1152 fprintf(out, "expired (%V ago)\n", &now, &this->notAfter);
1153 }
1154 else
1155 {
1156 fprintf(out, "ok");
1157 if (now > this->notAfter - CERT_WARNING_INTERVAL * 60 * 60 * 24)
1158 {
1159 fprintf(out, " (expires in %V)", &now, &this->notAfter);
1160 }
1161 fprintf(out, " \n");
1162 }
1163
1164 {
1165 chunk_t keyid = this->public_key->get_keyid(this->public_key);
1166 fprintf(out, " keyid: %#B\n", &keyid);
1167 }
1168
1169 if (this->subjectKeyID.ptr)
1170 {
1171 fprintf(out, " subjkey: %#B\n", &this->subjectKeyID);
1172 }
1173 if (this->authKeyID.ptr)
1174 {
1175 fprintf(out, " authkey: %#B\n", &this->authKeyID);
1176 }
1177 if (this->authKeySerialNumber.ptr)
1178 {
1179 fprintf(out, " aserial: %#B\n", &this->authKeySerialNumber);
1180 }
1181
1182 fprintf(out, " pubkey: RSA %d bits", BITS_PER_BYTE *
1183 this->public_key->get_keysize(this->public_key));
1184 fprintf(out, ", status %N",
1185 cert_status_names, this->status);
1186
1187 switch (this->status)
1188 {
1189 case CERT_GOOD:
1190 fprintf(out, " until %#T", &this->until, utc);
1191 break;
1192 case CERT_REVOKED:
1193 fprintf(out, " on %#T", &this->until, utc);
1194 break;
1195 case CERT_UNKNOWN:
1196 case CERT_UNDEFINED:
1197 case CERT_UNTRUSTED:
1198 default:
1199 break;
1200 }
1201 }
1202
1203 /**
1204 * Implements x509_t.destroy
1205 */
1206 static void destroy(private_x509_t *this)
1207 {
1208 this->subjectAltNames->destroy_offset(this->subjectAltNames,
1209 offsetof(identification_t, destroy));
1210 this->crlDistributionPoints->destroy_offset(this->crlDistributionPoints,
1211 offsetof(identification_t, destroy));
1212 this->ocspAccessLocations->destroy_offset(this->ocspAccessLocations,
1213 offsetof(identification_t, destroy));
1214 DESTROY_IF(this->issuer);
1215 DESTROY_IF(this->subject);
1216 DESTROY_IF(this->public_key);
1217 free(this->subjectKeyID.ptr);
1218 free(this->certificate.ptr);
1219 free(this);
1220 }
1221
1222 /*
1223 * Described in header.
1224 */
1225 x509_t *x509_create_from_chunk(chunk_t chunk, u_int level)
1226 {
1227 private_x509_t *this = malloc_thing(private_x509_t);
1228
1229 /* initialize */
1230 this->subjectPublicKey = chunk_empty;
1231 this->public_key = NULL;
1232 this->subject = NULL;
1233 this->issuer = NULL;
1234 this->subjectAltNames = linked_list_create();
1235 this->crlDistributionPoints = linked_list_create();
1236 this->ocspAccessLocations = linked_list_create();
1237 this->subjectKeyID = chunk_empty;
1238 this->authKeyID = chunk_empty;
1239 this->authKeySerialNumber = chunk_empty;
1240 this->authority_flags = AUTH_NONE;
1241 this->isCA = FALSE;
1242 this->isOcspSigner = FALSE;
1243
1244 /* public functions */
1245 this->public.equals = (bool (*) (const x509_t*,const x509_t*))equals;
1246 this->public.equals_subjectAltName = (bool (*) (const x509_t*,identification_t*))equals_subjectAltName;
1247 this->public.is_issuer = (bool (*) (const x509_t*,const x509_t*))is_issuer;
1248 this->public.is_valid = (err_t (*) (const x509_t*,time_t*))is_valid;
1249 this->public.is_ca = (bool (*) (const x509_t*))is_ca;
1250 this->public.is_self_signed = (bool (*) (const x509_t*))is_self_signed;
1251 this->public.is_ocsp_signer = (bool (*) (const x509_t*))is_ocsp_signer;
1252 this->public.get_certificate = (chunk_t (*) (const x509_t*))get_certificate;
1253 this->public.get_public_key = (rsa_public_key_t* (*) (const x509_t*))get_public_key;
1254 this->public.get_serialNumber = (chunk_t (*) (const x509_t*))get_serialNumber;
1255 this->public.get_subjectKeyID = (chunk_t (*) (const x509_t*))get_subjectKeyID;
1256 this->public.get_keyid = (chunk_t (*) (const x509_t*))get_keyid;
1257 this->public.get_issuer = (identification_t* (*) (const x509_t*))get_issuer;
1258 this->public.get_subject = (identification_t* (*) (const x509_t*))get_subject;
1259 this->public.set_until = (void (*) (x509_t*,time_t))set_until;
1260 this->public.get_until = (time_t (*) (const x509_t*))get_until;
1261 this->public.set_status = (void (*) (x509_t*,cert_status_t))set_status;
1262 this->public.get_status = (cert_status_t (*) (const x509_t*))get_status;
1263 this->public.add_authority_flags = (void (*) (x509_t*,u_int))add_authority_flags;
1264 this->public.get_authority_flags = (u_int (*) (x509_t*))get_authority_flags;
1265 this->public.has_authority_flag = (bool (*) (x509_t*,u_int))has_authority_flag;
1266 this->public.create_crluri_iterator = (iterator_t* (*) (const x509_t*))create_crluri_iterator;
1267 this->public.create_ocspuri_iterator = (iterator_t* (*) (const x509_t*))create_ocspuri_iterator;
1268 this->public.verify = (bool (*) (const x509_t*,const rsa_public_key_t*))verify;
1269 this->public.list = (void(*)(x509_t*, FILE *out, bool utc))list;
1270 this->public.destroy = (void (*) (x509_t*))destroy;
1271
1272 if (!parse_certificate(chunk, level, this))
1273 {
1274 destroy(this);
1275 return NULL;
1276 }
1277
1278 /* extract public key from certificate */
1279 this->public_key = rsa_public_key_create_from_chunk(this->subjectPublicKey);
1280 if (this->public_key == NULL)
1281 {
1282 destroy(this);
1283 return NULL;
1284 }
1285
1286 /* set trusted lifetime of public key to notAfter */
1287 this->until = this->notAfter;
1288
1289 /* check if the certificate is self-signed */
1290 this->isSelfSigned = FALSE;
1291 if (this->subject->equals(this->subject, this->issuer))
1292 {
1293 this->isSelfSigned = this->public_key->verify_emsa_pkcs1_signature(this->public_key,
1294 this->tbsCertificate, this->signature) == SUCCESS;
1295 }
1296 if (this->isSelfSigned)
1297 {
1298 DBG2(" certificate is self-signed");
1299 this->status = CERT_GOOD;
1300 }
1301 else
1302 {
1303 this->status = CERT_UNDEFINED;
1304 }
1305
1306 return &this->public;
1307 }
1308
1309 /*
1310 * Described in header.
1311 */
1312 x509_t *x509_create_from_file(const char *filename, const char *label)
1313 {
1314 bool pgp = FALSE;
1315 chunk_t chunk = chunk_empty;
1316 char cert_label[BUF_LEN];
1317
1318 snprintf(cert_label, BUF_LEN, "%s certificate", label);
1319
1320 if (!pem_asn1_load_file(filename, NULL, cert_label, &chunk, &pgp))
1321 {
1322 return NULL;
1323 }
1324 return x509_create_from_chunk(chunk, 0);
1325 }