c874c66e2c15abcf221fabc265b705dd2592d68f
[strongswan.git] / src / libstrongswan / crypto / x509.c
1 /**
2 * @file x509.c
3 *
4 * @brief Implementation of x509_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2000 Andreas Hess, Patric Lichtsteiner, Roger Wegmann
10 * Copyright (C) 2001 Marco Bertossa, Andreas Schleiss
11 * Copyright (C) 2002 Mario Strasser
12 * Copyright (C) 2000-2004 Andreas Steffen, Zuercher Hochschule Winterthur
13 * Copyright (C) 2006 Martin Willi, Andreas Steffen
14 *
15 * Hochschule fuer Technik Rapperswil
16 *
17 * This program is free software; you can redistribute it and/or modify it
18 * under the terms of the GNU General Public License as published by the
19 * Free Software Foundation; either version 2 of the License, or (at your
20 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
21 *
22 * This program is distributed in the hope that it will be useful, but
23 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
24 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
25 * for more details.
26 */
27
28 #include <gmp.h>
29 #include <sys/stat.h>
30 #include <unistd.h>
31 #include <string.h>
32 #include <stdio.h>
33
34 #include "x509.h"
35 #include "hashers/hasher.h"
36 #include <library.h>
37 #include <debug.h>
38 #include <asn1/oid.h>
39 #include <asn1/asn1.h>
40 #include <asn1/pem.h>
41 #include <utils/linked_list.h>
42 #include <utils/identification.h>
43
44 #define CERT_WARNING_INTERVAL 30 /* days */
45
46 /**
47 * Different kinds of generalNames
48 */
49 typedef enum generalNames_t generalNames_t;
50
51 enum generalNames_t {
52 GN_OTHER_NAME = 0,
53 GN_RFC822_NAME = 1,
54 GN_DNS_NAME = 2,
55 GN_X400_ADDRESS = 3,
56 GN_DIRECTORY_NAME = 4,
57 GN_EDI_PARTY_NAME = 5,
58 GN_URI = 6,
59 GN_IP_ADDRESS = 7,
60 GN_REGISTERED_ID = 8,
61 };
62
63 typedef struct private_x509_t private_x509_t;
64
65 /**
66 * Private data of a x509_t object.
67 */
68 struct private_x509_t {
69 /**
70 * Public interface for this certificate.
71 */
72 x509_t public;
73
74 /**
75 * Time when certificate was installed
76 */
77 time_t installed;
78
79 /**
80 * Time until certificate can be trusted
81 */
82 time_t until;
83
84 /**
85 * Certificate status
86 */
87 cert_status_t status;
88
89 /**
90 * Authority flags
91 */
92 u_int authority_flags;
93
94 /**
95 * X.509 Certificate in DER format
96 */
97 chunk_t certificate;
98
99 /**
100 * X.509 certificate body over which signature is computed
101 */
102 chunk_t tbsCertificate;
103
104 /**
105 * Version of the X.509 certificate
106 */
107 u_int version;
108
109 /**
110 * Serial number of the X.509 certificate
111 */
112 chunk_t serialNumber;
113
114 /**
115 * Signature algorithm
116 */
117 int sigAlg;
118
119 /**
120 * ID representing the certificate issuer
121 */
122 identification_t *issuer;
123
124 /**
125 * Start time of certificate validity
126 */
127 time_t notBefore;
128
129 /**
130 * End time of certificate validity
131 */
132 time_t notAfter;
133
134 /**
135 * ID representing the certificate subject
136 */
137 identification_t *subject;
138
139 /**
140 * List of identification_t's representing subjectAltNames
141 */
142 linked_list_t *subjectAltNames;
143
144 /**
145 * List of identification_t's representing crlDistributionPoints
146 */
147 linked_list_t *crlDistributionPoints;
148
149 /**
150 * List of identification_t's representing ocspAccessLocations
151 */
152 linked_list_t *ocspAccessLocations;
153
154 /**
155 * Subject public key
156 */
157 chunk_t subjectPublicKey;
158
159 /**
160 * Subject RSA public key, if subjectPublicKeyAlgorithm == RSA
161 */
162 rsa_public_key_t *public_key;
163
164 /**
165 * Subject Key Identifier
166 */
167 chunk_t subjectKeyID;
168
169 /**
170 * Authority Key Identifier
171 */
172 chunk_t authKeyID;
173
174 /**
175 * Authority Key Serial Number
176 */
177 chunk_t authKeySerialNumber;
178
179 /**
180 * CA basic constraints flag
181 */
182 bool isCA;
183
184 /**
185 * OCSPSigner extended key usage flag
186 */
187 bool isOcspSigner;
188
189 /**
190 * Signature algorithm (must be identical to sigAlg)
191 */
192 int algorithm;
193
194 /**
195 * Signature
196 */
197 chunk_t signature;
198
199 };
200
201 /**
202 * ASN.1 definition of generalName
203 */
204 static const asn1Object_t generalNameObjects[] = {
205 { 0, "otherName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_BODY }, /* 0 */
206 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 1 */
207 { 0, "rfc822Name", ASN1_CONTEXT_S_1, ASN1_OPT|ASN1_BODY }, /* 2 */
208 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 3 */
209 { 0, "dnsName", ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 4 */
210 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 5 */
211 { 0, "x400Address", ASN1_CONTEXT_S_3, ASN1_OPT|ASN1_BODY }, /* 6 */
212 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 7 */
213 { 0, "directoryName", ASN1_CONTEXT_C_4, ASN1_OPT|ASN1_BODY }, /* 8 */
214 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 9 */
215 { 0, "ediPartyName", ASN1_CONTEXT_C_5, ASN1_OPT|ASN1_BODY }, /* 10 */
216 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 11 */
217 { 0, "URI", ASN1_CONTEXT_S_6, ASN1_OPT|ASN1_BODY }, /* 12 */
218 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 13 */
219 { 0, "ipAddress", ASN1_CONTEXT_S_7, ASN1_OPT|ASN1_BODY }, /* 14 */
220 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 15 */
221 { 0, "registeredID", ASN1_CONTEXT_S_8, ASN1_OPT|ASN1_BODY }, /* 16 */
222 { 0, "end choice", ASN1_EOC, ASN1_END } /* 17 */
223 };
224 #define GN_OBJ_OTHER_NAME 0
225 #define GN_OBJ_RFC822_NAME 2
226 #define GN_OBJ_DNS_NAME 4
227 #define GN_OBJ_X400_ADDRESS 6
228 #define GN_OBJ_DIRECTORY_NAME 8
229 #define GN_OBJ_EDI_PARTY_NAME 10
230 #define GN_OBJ_URI 12
231 #define GN_OBJ_IP_ADDRESS 14
232 #define GN_OBJ_REGISTERED_ID 16
233 #define GN_OBJ_ROOF 18
234
235 /**
236 * ASN.1 definition of otherName
237 */
238 static const asn1Object_t otherNameObjects[] = {
239 {0, "type-id", ASN1_OID, ASN1_BODY }, /* 0 */
240 {0, "value", ASN1_CONTEXT_C_0, ASN1_BODY } /* 1 */
241 };
242 #define ON_OBJ_ID_TYPE 0
243 #define ON_OBJ_VALUE 1
244 #define ON_OBJ_ROOF 2
245 /**
246 * ASN.1 definition of a basicConstraints extension
247 */
248 static const asn1Object_t basicConstraintsObjects[] = {
249 { 0, "basicConstraints", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
250 { 1, "CA", ASN1_BOOLEAN, ASN1_DEF|ASN1_BODY }, /* 1 */
251 { 1, "pathLenConstraint", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 2 */
252 { 1, "end opt", ASN1_EOC, ASN1_END } /* 3 */
253 };
254 #define BASIC_CONSTRAINTS_CA 1
255 #define BASIC_CONSTRAINTS_ROOF 4
256
257 /**
258 * ASN.1 definition of time
259 */
260 static const asn1Object_t timeObjects[] = {
261 { 0, "utcTime", ASN1_UTCTIME, ASN1_OPT|ASN1_BODY }, /* 0 */
262 { 0, "end opt", ASN1_EOC, ASN1_END }, /* 1 */
263 { 0, "generalizeTime",ASN1_GENERALIZEDTIME, ASN1_OPT|ASN1_BODY }, /* 2 */
264 { 0, "end opt", ASN1_EOC, ASN1_END } /* 3 */
265 };
266 #define TIME_UTC 0
267 #define TIME_GENERALIZED 2
268 #define TIME_ROOF 4
269
270 /**
271 * ASN.1 definition of a keyIdentifier
272 */
273 static const asn1Object_t keyIdentifierObjects[] = {
274 { 0, "keyIdentifier", ASN1_OCTET_STRING, ASN1_BODY } /* 0 */
275 };
276
277 /**
278 * ASN.1 definition of a authorityKeyIdentifier extension
279 */
280 static const asn1Object_t authorityKeyIdentifierObjects[] = {
281 { 0, "authorityKeyIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
282 { 1, "keyIdentifier", ASN1_CONTEXT_S_0, ASN1_OPT|ASN1_OBJ }, /* 1 */
283 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */
284 { 1, "authorityCertIssuer", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_OBJ }, /* 3 */
285 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */
286 { 1, "authorityCertSerialNumber",ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 5 */
287 { 1, "end opt", ASN1_EOC, ASN1_END } /* 6 */
288 };
289 #define AUTH_KEY_ID_KEY_ID 1
290 #define AUTH_KEY_ID_CERT_ISSUER 3
291 #define AUTH_KEY_ID_CERT_SERIAL 5
292 #define AUTH_KEY_ID_ROOF 7
293
294 /**
295 * ASN.1 definition of a authorityInfoAccess extension
296 */
297 static const asn1Object_t authorityInfoAccessObjects[] = {
298 { 0, "authorityInfoAccess", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
299 { 1, "accessDescription", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */
300 { 2, "accessMethod", ASN1_OID, ASN1_BODY }, /* 2 */
301 { 2, "accessLocation", ASN1_EOC, ASN1_RAW }, /* 3 */
302 { 0, "end loop", ASN1_EOC, ASN1_END } /* 4 */
303 };
304 #define AUTH_INFO_ACCESS_METHOD 2
305 #define AUTH_INFO_ACCESS_LOCATION 3
306 #define AUTH_INFO_ACCESS_ROOF 5
307
308 /**
309 * ASN.1 definition of a extendedKeyUsage extension
310 */
311 static const asn1Object_t extendedKeyUsageObjects[] = {
312 { 0, "extendedKeyUsage", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
313 { 1, "keyPurposeID", ASN1_OID, ASN1_BODY }, /* 1 */
314 { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */
315 };
316
317 #define EXT_KEY_USAGE_PURPOSE_ID 1
318 #define EXT_KEY_USAGE_ROOF 3
319
320 /**
321 * ASN.1 definition of generalNames
322 */
323 static const asn1Object_t generalNamesObjects[] = {
324 { 0, "generalNames", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
325 { 1, "generalName", ASN1_EOC, ASN1_RAW }, /* 1 */
326 { 0, "end loop", ASN1_EOC, ASN1_END } /* 2 */
327 };
328 #define GENERAL_NAMES_GN 1
329 #define GENERAL_NAMES_ROOF 3
330
331
332 /**
333 * ASN.1 definition of crlDistributionPoints
334 */
335 static const asn1Object_t crlDistributionPointsObjects[] = {
336 { 0, "crlDistributionPoints", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
337 { 1, "DistributionPoint", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */
338 { 2, "distributionPoint", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_LOOP }, /* 2 */
339 { 3, "fullName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_OBJ }, /* 3 */
340 { 3, "end choice", ASN1_EOC, ASN1_END }, /* 4 */
341 { 3, "nameRelToCRLIssuer",ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 5 */
342 { 3, "end choice", ASN1_EOC, ASN1_END }, /* 6 */
343 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 7 */
344 { 2, "reasons", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 8 */
345 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 9 */
346 { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_BODY }, /* 10 */
347 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 11 */
348 { 0, "end loop", ASN1_EOC, ASN1_END }, /* 12 */
349 };
350 #define CRL_DIST_POINTS_FULLNAME 3
351 #define CRL_DIST_POINTS_ROOF 13
352
353 /**
354 * ASN.1 definition of an X.509v3 x509
355 */
356 static const asn1Object_t certObjects[] = {
357 { 0, "x509", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
358 { 1, "tbsCertificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 1 */
359 { 2, "DEFAULT v1", ASN1_CONTEXT_C_0, ASN1_DEF }, /* 2 */
360 { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 3 */
361 { 2, "serialNumber", ASN1_INTEGER, ASN1_BODY }, /* 4 */
362 { 2, "signature", ASN1_EOC, ASN1_RAW }, /* 5 */
363 { 2, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 6 */
364 { 2, "validity", ASN1_SEQUENCE, ASN1_NONE }, /* 7 */
365 { 3, "notBefore", ASN1_EOC, ASN1_RAW }, /* 8 */
366 { 3, "notAfter", ASN1_EOC, ASN1_RAW }, /* 9 */
367 { 2, "subject", ASN1_SEQUENCE, ASN1_OBJ }, /* 10 */
368 { 2, "subjectPublicKeyInfo",ASN1_SEQUENCE, ASN1_NONE }, /* 11 */
369 { 3, "algorithm", ASN1_EOC, ASN1_RAW }, /* 12 */
370 { 3, "subjectPublicKey", ASN1_BIT_STRING, ASN1_NONE }, /* 13 */
371 { 4, "RSAPublicKey", ASN1_SEQUENCE, ASN1_RAW }, /* 14 */
372 { 2, "issuerUniqueID", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 15 */
373 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 16 */
374 { 2, "subjectUniqueID", ASN1_CONTEXT_C_2, ASN1_OPT }, /* 17 */
375 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 18 */
376 { 2, "optional extensions", ASN1_CONTEXT_C_3, ASN1_OPT }, /* 19 */
377 { 3, "extensions", ASN1_SEQUENCE, ASN1_LOOP }, /* 20 */
378 { 4, "extension", ASN1_SEQUENCE, ASN1_NONE }, /* 21 */
379 { 5, "extnID", ASN1_OID, ASN1_BODY }, /* 22 */
380 { 5, "critical", ASN1_BOOLEAN, ASN1_DEF|ASN1_BODY }, /* 23 */
381 { 5, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 24 */
382 { 3, "end loop", ASN1_EOC, ASN1_END }, /* 25 */
383 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 26 */
384 { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 27 */
385 { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY } /* 28 */
386 };
387 #define X509_OBJ_CERTIFICATE 0
388 #define X509_OBJ_TBS_CERTIFICATE 1
389 #define X509_OBJ_VERSION 3
390 #define X509_OBJ_SERIAL_NUMBER 4
391 #define X509_OBJ_SIG_ALG 5
392 #define X509_OBJ_ISSUER 6
393 #define X509_OBJ_NOT_BEFORE 8
394 #define X509_OBJ_NOT_AFTER 9
395 #define X509_OBJ_SUBJECT 10
396 #define X509_OBJ_SUBJECT_PUBLIC_KEY_ALGORITHM 12
397 #define X509_OBJ_SUBJECT_PUBLIC_KEY 13
398 #define X509_OBJ_RSA_PUBLIC_KEY 14
399 #define X509_OBJ_EXTN_ID 22
400 #define X509_OBJ_CRITICAL 23
401 #define X509_OBJ_EXTN_VALUE 24
402 #define X509_OBJ_ALGORITHM 27
403 #define X509_OBJ_SIGNATURE 28
404 #define X509_OBJ_ROOF 29
405
406
407 static u_char ASN1_subjectAltName_oid_str[] = {
408 0x06, 0x03, 0x55, 0x1D, 0x11
409 };
410
411 static const chunk_t ASN1_subjectAltName_oid = chunk_from_buf(ASN1_subjectAltName_oid_str);
412
413
414 /**
415 * compare two X.509 x509s by comparing their signatures
416 */
417 static bool equals(const private_x509_t *this, const private_x509_t *other)
418 {
419 return chunk_equals(this->signature, other->signature);
420 }
421
422 /**
423 * extracts the basicConstraints extension
424 */
425 static bool parse_basicConstraints(chunk_t blob, int level0)
426 {
427 asn1_ctx_t ctx;
428 chunk_t object;
429 u_int level;
430 int objectID = 0;
431 bool isCA = FALSE;
432
433 asn1_init(&ctx, blob, level0, FALSE, FALSE);
434
435 while (objectID < BASIC_CONSTRAINTS_ROOF) {
436
437 if (!extract_object(basicConstraintsObjects, &objectID, &object,&level, &ctx))
438 {
439 break;
440 }
441 if (objectID == BASIC_CONSTRAINTS_CA)
442 {
443 isCA = object.len && *object.ptr;
444 DBG2(" %s", isCA ? "TRUE" : "FALSE");
445 }
446 objectID++;
447 }
448 return isCA;
449 }
450
451 /*
452 * extracts an otherName
453 */
454 static bool
455 parse_otherName(chunk_t blob, int level0)
456 {
457 asn1_ctx_t ctx;
458 chunk_t object;
459 int objectID = 0;
460 u_int level;
461 int oid = OID_UNKNOWN;
462
463 asn1_init(&ctx, blob, level0, FALSE, FALSE);
464
465 while (objectID < ON_OBJ_ROOF)
466 {
467 if (!extract_object(otherNameObjects, &objectID, &object, &level, &ctx))
468 return FALSE;
469
470 switch (objectID)
471 {
472 case ON_OBJ_ID_TYPE:
473 oid = known_oid(object);
474 break;
475 case ON_OBJ_VALUE:
476 if (oid == OID_XMPP_ADDR)
477 {
478 if (!parse_asn1_simple_object(&object, ASN1_UTF8STRING, level + 1, "xmppAddr"))
479 return FALSE;
480 }
481 break;
482 default:
483 break;
484 }
485 objectID++;
486 }
487 return TRUE;
488 }
489
490 /*
491 * extracts a generalName
492 */
493 static identification_t *parse_generalName(chunk_t blob, int level0)
494 {
495 asn1_ctx_t ctx;
496 chunk_t object;
497 int objectID = 0;
498 u_int level;
499
500 asn1_init(&ctx, blob, level0, FALSE, FALSE);
501
502 while (objectID < GN_OBJ_ROOF)
503 {
504 id_type_t id_type = ID_ANY;
505
506 if (!extract_object(generalNameObjects, &objectID, &object, &level, &ctx))
507 return NULL;
508
509 switch (objectID)
510 {
511 case GN_OBJ_RFC822_NAME:
512 id_type = ID_RFC822_ADDR;
513 break;
514 case GN_OBJ_DNS_NAME:
515 id_type = ID_FQDN;
516 break;
517 case GN_OBJ_URI:
518 id_type = ID_DER_ASN1_GN_URI;
519 break;
520 case GN_OBJ_DIRECTORY_NAME:
521 id_type = ID_DER_ASN1_DN;
522 break;
523 case GN_OBJ_IP_ADDRESS:
524 id_type = ID_IPV4_ADDR;
525 break;
526 case GN_OBJ_OTHER_NAME:
527 if (!parse_otherName(object, level + 1))
528 return NULL;
529 break;
530 case GN_OBJ_X400_ADDRESS:
531 case GN_OBJ_EDI_PARTY_NAME:
532 case GN_OBJ_REGISTERED_ID:
533 break;
534 default:
535 break;
536 }
537
538 if (id_type != ID_ANY)
539 {
540 identification_t *gn = identification_create_from_encoding(id_type, object);
541 DBG2(" '%D'", gn);
542 return gn;
543 }
544 objectID++;
545 }
546 return NULL;
547 }
548
549
550 /**
551 * extracts one or several GNs and puts them into a chained list
552 */
553 static void parse_generalNames(chunk_t blob, int level0, bool implicit, linked_list_t *list)
554 {
555 asn1_ctx_t ctx;
556 chunk_t object;
557 u_int level;
558 int objectID = 0;
559
560 asn1_init(&ctx, blob, level0, implicit, FALSE);
561
562 while (objectID < GENERAL_NAMES_ROOF)
563 {
564 if (!extract_object(generalNamesObjects, &objectID, &object, &level, &ctx))
565 return;
566
567 if (objectID == GENERAL_NAMES_GN)
568 {
569 identification_t *gn = parse_generalName(object, level+1);
570
571 if (gn != NULL)
572 list->insert_last(list, (void *)gn);
573 }
574 objectID++;
575 }
576 return;
577 }
578
579 /**
580 * extracts and converts a UTCTIME or GENERALIZEDTIME object
581 */
582 time_t parse_time(chunk_t blob, int level0)
583 {
584 asn1_ctx_t ctx;
585 chunk_t object;
586 u_int level;
587 int objectID = 0;
588
589 asn1_init(&ctx, blob, level0, FALSE, FALSE);
590
591 while (objectID < TIME_ROOF)
592 {
593 if (!extract_object(timeObjects, &objectID, &object, &level, &ctx))
594 return 0;
595
596 if (objectID == TIME_UTC || objectID == TIME_GENERALIZED)
597 {
598 return asn1totime(&object, (objectID == TIME_UTC)
599 ? ASN1_UTCTIME : ASN1_GENERALIZEDTIME);
600 }
601 objectID++;
602 }
603 return 0;
604 }
605
606 /**
607 * extracts a keyIdentifier
608 */
609 static chunk_t parse_keyIdentifier(chunk_t blob, int level0, bool implicit)
610 {
611 asn1_ctx_t ctx;
612 chunk_t object;
613 u_int level;
614 int objectID = 0;
615
616 asn1_init(&ctx, blob, level0, implicit, FALSE);
617
618 extract_object(keyIdentifierObjects, &objectID, &object, &level, &ctx);
619 return object;
620 }
621
622 /**
623 * extracts an authoritykeyIdentifier
624 */
625 void parse_authorityKeyIdentifier(chunk_t blob, int level0 , chunk_t *authKeyID, chunk_t *authKeySerialNumber)
626 {
627 asn1_ctx_t ctx;
628 chunk_t object;
629 u_int level;
630 int objectID = 0;
631
632 asn1_init(&ctx, blob, level0, FALSE, FALSE);
633 while (objectID < AUTH_KEY_ID_ROOF)
634 {
635 if (!extract_object(authorityKeyIdentifierObjects, &objectID, &object, &level, &ctx))
636 {
637 return;
638 }
639 switch (objectID)
640 {
641 case AUTH_KEY_ID_KEY_ID:
642 *authKeyID = parse_keyIdentifier(object, level+1, TRUE);
643 break;
644 case AUTH_KEY_ID_CERT_ISSUER:
645 {
646 /* TODO: parse_generalNames(object, level+1, TRUE); */
647 break;
648 }
649 case AUTH_KEY_ID_CERT_SERIAL:
650 *authKeySerialNumber = object;
651 break;
652 default:
653 break;
654 }
655 objectID++;
656 }
657 }
658
659 /**
660 * extracts an authorityInfoAcess location
661 */
662 static void parse_authorityInfoAccess(chunk_t blob, int level0, linked_list_t *list)
663 {
664 asn1_ctx_t ctx;
665 chunk_t object;
666 u_int level;
667 int objectID = 0;
668
669 u_int accessMethod = OID_UNKNOWN;
670
671 asn1_init(&ctx, blob, level0, FALSE, FALSE);
672 while (objectID < AUTH_INFO_ACCESS_ROOF)
673 {
674 if (!extract_object(authorityInfoAccessObjects, &objectID, &object, &level, &ctx))
675 {
676 return;
677 }
678 switch (objectID)
679 {
680 case AUTH_INFO_ACCESS_METHOD:
681 accessMethod = known_oid(object);
682 break;
683 case AUTH_INFO_ACCESS_LOCATION:
684 {
685 switch (accessMethod)
686 {
687 case OID_OCSP:
688 if (*object.ptr == ASN1_CONTEXT_S_6)
689 {
690 identification_t *accessLocation;
691
692 if (asn1_length(&object) == ASN1_INVALID_LENGTH)
693 return;
694 DBG2(" '%.*s'",(int)object.len, object.ptr);
695 accessLocation = identification_create_from_encoding(ID_DER_ASN1_GN_URI, object);
696 list->insert_last(list, (void *)accessLocation);
697 }
698 break;
699 default:
700 /* unkown accessMethod, ignoring */
701 break;
702 }
703 break;
704 }
705 default:
706 break;
707 }
708 objectID++;
709 }
710 }
711
712 /**
713 * extracts extendedKeyUsage OIDs
714 */
715 static bool parse_extendedKeyUsage(chunk_t blob, int level0)
716 {
717 asn1_ctx_t ctx;
718 chunk_t object;
719 u_int level;
720 int objectID = 0;
721
722 asn1_init(&ctx, blob, level0, FALSE, FALSE);
723 while (objectID < EXT_KEY_USAGE_ROOF)
724 {
725 if (!extract_object(extendedKeyUsageObjects, &objectID, &object, &level, &ctx))
726 {
727 return FALSE;
728 }
729 if (objectID == EXT_KEY_USAGE_PURPOSE_ID &&
730 known_oid(object) == OID_OCSP_SIGNING)
731 {
732 return TRUE;
733 }
734 objectID++;
735 }
736 return FALSE;
737 }
738
739 /**
740 * extracts one or several crlDistributionPoints and puts them into
741 * a chained list
742 */
743 static void parse_crlDistributionPoints(chunk_t blob, int level0, linked_list_t *list)
744 {
745 asn1_ctx_t ctx;
746 chunk_t object;
747 u_int level;
748 int objectID = 0;
749
750 asn1_init(&ctx, blob, level0, FALSE, FALSE);
751 while (objectID < CRL_DIST_POINTS_ROOF)
752 {
753 if (!extract_object(crlDistributionPointsObjects, &objectID, &object, &level, &ctx))
754 {
755 return;
756 }
757 if (objectID == CRL_DIST_POINTS_FULLNAME)
758 {
759 /* append extracted generalNames to existing chained list */
760 parse_generalNames(object, level+1, TRUE, list);
761
762 }
763 objectID++;
764 }
765 }
766
767
768 /**
769 * Parses an X.509v3 certificate
770 */
771 static bool parse_certificate(chunk_t blob, u_int level0, private_x509_t *cert)
772 {
773 asn1_ctx_t ctx;
774 bool critical;
775 chunk_t object;
776 u_int level;
777 u_int extn_oid = OID_UNKNOWN;
778 int objectID = 0;
779
780 asn1_init(&ctx, blob, level0, FALSE, FALSE);
781 while (objectID < X509_OBJ_ROOF)
782 {
783 if (!extract_object(certObjects, &objectID, &object, &level, &ctx))
784 {
785 return FALSE;
786 }
787 /* those objects which will parsed further need the next higher level */
788 level++;
789 switch (objectID) {
790 case X509_OBJ_CERTIFICATE:
791 cert->certificate = object;
792 break;
793 case X509_OBJ_TBS_CERTIFICATE:
794 cert->tbsCertificate = object;
795 break;
796 case X509_OBJ_VERSION:
797 cert->version = (object.len) ? (1+(u_int)*object.ptr) : 1;
798 DBG2(" v%d", cert->version);
799 break;
800 case X509_OBJ_SERIAL_NUMBER:
801 cert->serialNumber = object;
802 break;
803 case X509_OBJ_SIG_ALG:
804 cert->sigAlg = parse_algorithmIdentifier(object, level, NULL);
805 break;
806 case X509_OBJ_ISSUER:
807 cert->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
808 DBG2(" '%D'", cert->issuer);
809 break;
810 case X509_OBJ_NOT_BEFORE:
811 cert->notBefore = parse_time(object, level);
812 break;
813 case X509_OBJ_NOT_AFTER:
814 cert->notAfter = parse_time(object, level);
815 break;
816 case X509_OBJ_SUBJECT:
817 cert->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object);
818 DBG2(" '%D'", cert->subject);
819 break;
820 case X509_OBJ_SUBJECT_PUBLIC_KEY_ALGORITHM:
821 if (parse_algorithmIdentifier(object, level, NULL) != OID_RSA_ENCRYPTION)
822 {
823 DBG2(" unsupported public key algorithm");
824 return FALSE;
825 }
826 break;
827 case X509_OBJ_SUBJECT_PUBLIC_KEY:
828 if (ctx.blobs[4].len > 0 && *ctx.blobs[4].ptr == 0x00)
829 {
830 /* skip initial bit string octet defining 0 unused bits */
831 ctx.blobs[4].ptr++; ctx.blobs[4].len--;
832 }
833 else
834 {
835 DBG2(" invalid RSA public key format");
836 return FALSE;
837 }
838 break;
839 case X509_OBJ_RSA_PUBLIC_KEY:
840 cert->subjectPublicKey = object;
841 break;
842 case X509_OBJ_EXTN_ID:
843 extn_oid = known_oid(object);
844 break;
845 case X509_OBJ_CRITICAL:
846 critical = object.len && *object.ptr;
847 DBG2(" %s", critical ? "TRUE" : "FALSE");
848 break;
849 case X509_OBJ_EXTN_VALUE:
850 {
851 switch (extn_oid) {
852 case OID_SUBJECT_KEY_ID:
853 cert->subjectKeyID = chunk_clone(parse_keyIdentifier(object, level, FALSE));
854 break;
855 case OID_SUBJECT_ALT_NAME:
856 parse_generalNames(object, level, FALSE, cert->subjectAltNames);
857 break;
858 case OID_BASIC_CONSTRAINTS:
859 cert->isCA = parse_basicConstraints(object, level);
860 break;
861 case OID_CRL_DISTRIBUTION_POINTS:
862 parse_crlDistributionPoints(object, level, cert->crlDistributionPoints);
863 break;
864 case OID_AUTHORITY_KEY_ID:
865 parse_authorityKeyIdentifier(object, level , &cert->authKeyID, &cert->authKeySerialNumber);
866 break;
867 case OID_AUTHORITY_INFO_ACCESS:
868 parse_authorityInfoAccess(object, level, cert->ocspAccessLocations);
869 break;
870 case OID_EXTENDED_KEY_USAGE:
871 cert->isOcspSigner = parse_extendedKeyUsage(object, level);
872 break;
873 case OID_NS_REVOCATION_URL:
874 case OID_NS_CA_REVOCATION_URL:
875 case OID_NS_CA_POLICY_URL:
876 case OID_NS_COMMENT:
877 if (!parse_asn1_simple_object(&object, ASN1_IA5STRING , level, oid_names[extn_oid].name))
878 return FALSE;
879 break;
880 default:
881 break;
882 }
883 break;
884 }
885 case X509_OBJ_ALGORITHM:
886 cert->algorithm = parse_algorithmIdentifier(object, level, NULL);
887 break;
888 case X509_OBJ_SIGNATURE:
889 cert->signature = object;
890 break;
891 default:
892 break;
893 }
894 objectID++;
895 }
896
897 if (cert->subjectKeyID.ptr == NULL)
898 {
899 hasher_t *hasher = hasher_create(HASH_SHA1);
900
901 hasher->allocate_hash(hasher, cert->subjectPublicKey, &cert->subjectKeyID);
902 hasher->destroy(hasher);
903 }
904
905 time(&cert->installed);
906 return TRUE;
907 }
908
909 /**
910 * Implements x509_t.is_valid
911 */
912 static err_t is_valid(const private_x509_t *this, time_t *until)
913 {
914 time_t current_time = time(NULL);
915
916 DBG2(" not before : %T", &this->notBefore);
917 DBG2(" current time: %T", &current_time);
918 DBG2(" not after : %T", &this->notAfter);
919
920 if (until != NULL &&
921 (*until == UNDEFINED_TIME || this->notAfter < *until))
922 {
923 *until = this->notAfter;
924 }
925 if (current_time < this->notBefore)
926 {
927 return "is not valid yet";
928 }
929 if (current_time > this->notAfter)
930 {
931 return "has expired";
932 }
933 DBG2(" certificate is valid");
934 return NULL;
935 }
936
937 /**
938 * Implements x509_t.is_ca
939 */
940 static bool is_ca(const private_x509_t *this)
941 {
942 return this->isCA;
943 }
944
945 /**
946 * Implements x509_t.is_ocsp_signer
947 */
948 static bool is_ocsp_signer(const private_x509_t *this)
949 {
950 return this->isOcspSigner;
951 }
952
953 /**
954 * Implements x509_t.is_self_signed
955 */
956 static bool is_self_signed(const private_x509_t *this)
957 {
958 return this->subject->equals(this->subject, this->issuer);
959 }
960
961 /**
962 * Implements x509_t.equals_subjectAltName
963 */
964 static bool equals_subjectAltName(const private_x509_t *this, identification_t *id)
965 {
966 bool found = FALSE;
967 identification_t *subjectAltName;
968 iterator_t *iterator;
969
970 iterator = this->subjectAltNames->create_iterator(this->subjectAltNames, TRUE);
971 while (iterator->iterate(iterator, (void**)&subjectAltName))
972 {
973 if (id->equals(id, subjectAltName))
974 {
975 found = TRUE;
976 break;
977 }
978 }
979 iterator->destroy(iterator);
980 return found;
981 }
982
983 /**
984 * Implements x509_t.is_issuer
985 */
986 static bool is_issuer(const private_x509_t *this, const private_x509_t *issuer)
987 {
988 return (this->authKeyID.ptr)
989 ? chunk_equals(this->authKeyID, issuer->subjectKeyID)
990 : (this->issuer->equals(this->issuer, issuer->subject)
991 && chunk_equals_or_null(this->authKeySerialNumber, issuer->serialNumber));
992 }
993
994 /**
995 * Implements x509_t.get_certificate
996 */
997 static chunk_t get_certificate(const private_x509_t *this)
998 {
999 return this->certificate;
1000 }
1001
1002 /**
1003 * Implements x509_t.get_public_key
1004 */
1005 static rsa_public_key_t *get_public_key(const private_x509_t *this)
1006 {
1007 return this->public_key;
1008 }
1009
1010 /**
1011 * Implements x509_t.get_serialNumber
1012 */
1013 static chunk_t get_serialNumber(const private_x509_t *this)
1014 {
1015 return this->serialNumber;
1016 }
1017
1018 /**
1019 * Implements x509_t.get_subjectKeyID
1020 */
1021 static chunk_t get_subjectKeyID(const private_x509_t *this)
1022 {
1023 return this->subjectKeyID;
1024 }
1025
1026 /**
1027 * Implements x509_t.get_keyid
1028 */
1029 static chunk_t get_keyid(const private_x509_t *this)
1030 {
1031 return this->public_key->get_keyid(this->public_key);
1032 }
1033
1034 /**
1035 * Implements x509_t.get_issuer
1036 */
1037 static identification_t *get_issuer(const private_x509_t *this)
1038 {
1039 return this->issuer;
1040 }
1041
1042 /**
1043 * Implements x509_t.get_subject
1044 */
1045 static identification_t *get_subject(const private_x509_t *this)
1046 {
1047 return this->subject;
1048 }
1049
1050 /**
1051 * Implements x509_t.set_until
1052 */
1053 static void set_until(private_x509_t *this, time_t until)
1054 {
1055 this->until = until;
1056 }
1057
1058 /**
1059 * Implements x509_t.get_until
1060 */
1061 static time_t get_until(const private_x509_t *this)
1062 {
1063 return this->until;
1064 }
1065
1066 /**
1067 * Implements x509_t.set_status
1068 */
1069 static void set_status(private_x509_t *this, cert_status_t status)
1070 {
1071 this->status = status;
1072 }
1073
1074 /**
1075 * Implements x509_t.get_status
1076 */
1077 static cert_status_t get_status(const private_x509_t *this)
1078 {
1079 return this->status;
1080 }
1081
1082 /**
1083 * Implements x509_t.add_authority_flags
1084 */
1085 static void add_authority_flags(private_x509_t *this, u_int flags)
1086 {
1087 this->authority_flags |= flags;
1088 }
1089
1090 /**
1091 * Implements x509_t.add_authority_flags
1092 */
1093 static u_int get_authority_flags(private_x509_t *this)
1094 {
1095 return this->authority_flags;
1096 }
1097
1098 /**
1099 * Implements x509_t.has_authority_flag
1100 */
1101 static bool has_authority_flag(private_x509_t *this, u_int flags)
1102 {
1103 return (this->authority_flags & flags) != AUTH_NONE;
1104 }
1105
1106 /**
1107 * Implements x509_t.create_crluri_iterator
1108 */
1109 static iterator_t *create_crluri_iterator(const private_x509_t *this)
1110 {
1111 return this->crlDistributionPoints->create_iterator(this->crlDistributionPoints, TRUE);
1112 }
1113
1114 /**
1115 * Implements x509_t.create_crluri_iterator
1116 */
1117 static iterator_t *create_ocspuri_iterator(const private_x509_t *this)
1118 {
1119 return this->ocspAccessLocations->create_iterator(this->ocspAccessLocations, TRUE);
1120 }
1121
1122 /**
1123 * Implements x509_t.verify
1124 */
1125 static bool verify(const private_x509_t *this, const rsa_public_key_t *signer)
1126 {
1127 return signer->verify_emsa_pkcs1_signature(signer, this->tbsCertificate, this->signature) == SUCCESS;
1128 }
1129
1130 /**
1131 * Implementation of x509_t.list.
1132 */
1133 static void list(private_x509_t *this, FILE *out, bool utc)
1134 {
1135 iterator_t *iterator;
1136 time_t now = time(NULL);
1137
1138 fprintf(out, "%#T\n", &this->installed, utc);
1139
1140 if (this->subjectAltNames->get_count(this->subjectAltNames))
1141 {
1142 identification_t *subjectAltName;
1143 bool first = TRUE;
1144
1145 fprintf(out, " altNames: ");
1146 iterator = this->subjectAltNames->create_iterator(this->subjectAltNames, TRUE);
1147 while (iterator->iterate(iterator, (void**)&subjectAltName))
1148 {
1149 if (first)
1150 {
1151 first = FALSE;
1152 }
1153 else
1154 {
1155 fprintf(out, ", ");
1156 }
1157 fprintf(out, "'%D'", subjectAltName);
1158 }
1159 iterator->destroy(iterator);
1160 fprintf(out, "\n");
1161 }
1162 fprintf(out, " subject: '%D'\n", this->subject);
1163 fprintf(out, " issuer: '%D'\n", this->issuer);
1164 fprintf(out, " serial: %#B\n", &this->serialNumber);
1165 fprintf(out, " validity: not before %#T, ", &this->notBefore, utc);
1166 if (now < this->notBefore)
1167 {
1168 fprintf(out, "not valid yet (valid in %V)\n", &now, &this->notBefore);
1169 }
1170 else
1171 {
1172 fprintf(out, "ok\n");
1173 }
1174
1175 fprintf(out, " not after %#T, ", &this->notAfter, utc);
1176 if (now > this->notAfter)
1177 {
1178 fprintf(out, "expired (%V ago)\n", &now, &this->notAfter);
1179 }
1180 else
1181 {
1182 fprintf(out, "ok");
1183 if (now > this->notAfter - CERT_WARNING_INTERVAL * 60 * 60 * 24)
1184 {
1185 fprintf(out, " (expires in %V)", &now, &this->notAfter);
1186 }
1187 fprintf(out, " \n");
1188 }
1189
1190 {
1191 chunk_t keyid = this->public_key->get_keyid(this->public_key);
1192 fprintf(out, " keyid: %#B\n", &keyid);
1193 }
1194
1195 if (this->subjectKeyID.ptr)
1196 {
1197 fprintf(out, " subjkey: %#B\n", &this->subjectKeyID);
1198 }
1199 if (this->authKeyID.ptr)
1200 {
1201 fprintf(out, " authkey: %#B\n", &this->authKeyID);
1202 }
1203 if (this->authKeySerialNumber.ptr)
1204 {
1205 fprintf(out, " aserial: %#B\n", &this->authKeySerialNumber);
1206 }
1207
1208 fprintf(out, " pubkey: RSA %d bits", BITS_PER_BYTE *
1209 this->public_key->get_keysize(this->public_key));
1210 fprintf(out, ", status %N",
1211 cert_status_names, this->status);
1212
1213 switch (this->status)
1214 {
1215 case CERT_GOOD:
1216 fprintf(out, " until %#T", &this->until, utc);
1217 break;
1218 case CERT_REVOKED:
1219 fprintf(out, " on %#T", &this->until, utc);
1220 break;
1221 case CERT_UNKNOWN:
1222 case CERT_UNDEFINED:
1223 case CERT_UNTRUSTED:
1224 default:
1225 break;
1226 }
1227 }
1228
1229 /**
1230 * Implements x509_t.destroy
1231 */
1232 static void destroy(private_x509_t *this)
1233 {
1234 this->subjectAltNames->destroy_offset(this->subjectAltNames,
1235 offsetof(identification_t, destroy));
1236 this->crlDistributionPoints->destroy_offset(this->crlDistributionPoints,
1237 offsetof(identification_t, destroy));
1238 this->ocspAccessLocations->destroy_offset(this->ocspAccessLocations,
1239 offsetof(identification_t, destroy));
1240 DESTROY_IF(this->issuer);
1241 DESTROY_IF(this->subject);
1242 DESTROY_IF(this->public_key);
1243 free(this->subjectKeyID.ptr);
1244 free(this->certificate.ptr);
1245 free(this);
1246 }
1247
1248 /*
1249 * Described in header.
1250 */
1251 x509_t *x509_create_from_chunk(chunk_t chunk, u_int level)
1252 {
1253 private_x509_t *this = malloc_thing(private_x509_t);
1254
1255 /* initialize */
1256 this->subjectPublicKey = chunk_empty;
1257 this->public_key = NULL;
1258 this->subject = NULL;
1259 this->issuer = NULL;
1260 this->subjectAltNames = linked_list_create();
1261 this->crlDistributionPoints = linked_list_create();
1262 this->ocspAccessLocations = linked_list_create();
1263 this->subjectKeyID = chunk_empty;
1264 this->authKeyID = chunk_empty;
1265 this->authKeySerialNumber = chunk_empty;
1266 this->authority_flags = AUTH_NONE;
1267
1268 /* public functions */
1269 this->public.equals = (bool (*) (const x509_t*,const x509_t*))equals;
1270 this->public.equals_subjectAltName = (bool (*) (const x509_t*,identification_t*))equals_subjectAltName;
1271 this->public.is_issuer = (bool (*) (const x509_t*,const x509_t*))is_issuer;
1272 this->public.is_valid = (err_t (*) (const x509_t*,time_t*))is_valid;
1273 this->public.is_ca = (bool (*) (const x509_t*))is_ca;
1274 this->public.is_self_signed = (bool (*) (const x509_t*))is_self_signed;
1275 this->public.is_ocsp_signer = (bool (*) (const x509_t*))is_ocsp_signer;
1276 this->public.get_certificate = (chunk_t (*) (const x509_t*))get_certificate;
1277 this->public.get_public_key = (rsa_public_key_t* (*) (const x509_t*))get_public_key;
1278 this->public.get_serialNumber = (chunk_t (*) (const x509_t*))get_serialNumber;
1279 this->public.get_subjectKeyID = (chunk_t (*) (const x509_t*))get_subjectKeyID;
1280 this->public.get_keyid = (chunk_t (*) (const x509_t*))get_keyid;
1281 this->public.get_issuer = (identification_t* (*) (const x509_t*))get_issuer;
1282 this->public.get_subject = (identification_t* (*) (const x509_t*))get_subject;
1283 this->public.set_until = (void (*) (x509_t*,time_t))set_until;
1284 this->public.get_until = (time_t (*) (const x509_t*))get_until;
1285 this->public.set_status = (void (*) (x509_t*,cert_status_t))set_status;
1286 this->public.get_status = (cert_status_t (*) (const x509_t*))get_status;
1287 this->public.add_authority_flags = (void (*) (x509_t*,u_int))add_authority_flags;
1288 this->public.get_authority_flags = (u_int (*) (x509_t*))get_authority_flags;
1289 this->public.has_authority_flag = (bool (*) (x509_t*,u_int))has_authority_flag;
1290 this->public.create_crluri_iterator = (iterator_t* (*) (const x509_t*))create_crluri_iterator;
1291 this->public.create_ocspuri_iterator = (iterator_t* (*) (const x509_t*))create_ocspuri_iterator;
1292 this->public.verify = (bool (*) (const x509_t*,const rsa_public_key_t*))verify;
1293 this->public.list = (void(*)(x509_t*, FILE *out, bool utc))list;
1294 this->public.destroy = (void (*) (x509_t*))destroy;
1295
1296 if (!parse_certificate(chunk, level, this))
1297 {
1298 destroy(this);
1299 return NULL;
1300 }
1301
1302 /* extract public key from certificate */
1303 this->public_key = rsa_public_key_create_from_chunk(this->subjectPublicKey);
1304 if (this->public_key == NULL)
1305 {
1306 destroy(this);
1307 return NULL;
1308 }
1309 /* set trusted lifetime of public key to notAfter */
1310 this->status = is_self_signed(this)? CERT_GOOD:CERT_UNDEFINED;
1311 this->until = this->notAfter;
1312 return &this->public;
1313 }
1314
1315 /*
1316 * Described in header.
1317 */
1318 x509_t *x509_create_from_file(const char *filename, const char *label)
1319 {
1320 bool pgp = FALSE;
1321 chunk_t chunk = chunk_empty;
1322 x509_t *cert = NULL;
1323 char cert_label[BUF_LEN];
1324
1325 snprintf(cert_label, BUF_LEN, "%s certificate", label);
1326
1327 if (!pem_asn1_load_file(filename, NULL, cert_label, &chunk, &pgp))
1328 return NULL;
1329
1330 cert = x509_create_from_chunk(chunk, 0);
1331
1332 if (cert == NULL)
1333 free(chunk.ptr);
1334 return cert;
1335 }