fixed certificate verification bug!
[strongswan.git] / src / libstrongswan / crypto / x509.c
1 /**
2 * @file x509.c
3 *
4 * @brief Implementation of x509_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include <gmp.h>
24 #include <sys/stat.h>
25 #include <unistd.h>
26 #include <string.h>
27
28 #include "x509.h"
29
30 #include <types.h>
31 #include <definitions.h>
32 #include <asn1/oid.h>
33 #include <asn1/asn1.h>
34 #include <asn1/pem.h>
35 #include <utils/logger_manager.h>
36 #include <utils/linked_list.h>
37 #include <utils/identification.h>
38
39 #define CERT_WARNING_INTERVAL 30 /* days */
40
41 static logger_t *logger;
42
43 /**
44 * Different kinds of generalNames
45 */
46 typedef enum generalNames_t generalNames_t;
47
48 enum generalNames_t {
49 GN_OTHER_NAME = 0,
50 GN_RFC822_NAME = 1,
51 GN_DNS_NAME = 2,
52 GN_X400_ADDRESS = 3,
53 GN_DIRECTORY_NAME = 4,
54 GN_EDI_PARTY_NAME = 5,
55 GN_URI = 6,
56 GN_IP_ADDRESS = 7,
57 GN_REGISTERED_ID = 8,
58 };
59
60 typedef struct private_x509_t private_x509_t;
61
62 /**
63 * Private data of a x509_t object.
64 */
65 struct private_x509_t {
66 /**
67 * Public interface for this certificate.
68 */
69 x509_t public;
70
71 /**
72 * Time when certificate was installed
73 */
74 time_t installed;
75
76 /**
77 * Time until certificate can be trusted
78 */
79 time_t until;
80
81 /**
82 * Certificate status
83 */
84 cert_status_t status;
85
86 /**
87 * X.509 Certificate in DER format
88 */
89 chunk_t certificate;
90
91 /**
92 * X.509 certificate body over which signature is computed
93 */
94 chunk_t tbsCertificate;
95
96 /**
97 * Version of the X.509 certificate
98 */
99 u_int version;
100
101 /**
102 * Serial number of the X.509 certificate
103 */
104 chunk_t serialNumber;
105
106 /**
107 * Signature algorithm
108 */
109 int sigAlg;
110
111 /**
112 * ID representing the certificate issuer
113 */
114 identification_t *issuer;
115
116 /**
117 * Start time of certificate validity
118 */
119 time_t notBefore;
120
121 /**
122 * End time of certificate validity
123 */
124 time_t notAfter;
125
126 /**
127 * ID representing the certificate subject
128 */
129 identification_t *subject;
130
131 /**
132 * List of identification_t's representing subjectAltNames
133 */
134 linked_list_t *subjectAltNames;
135
136 /**
137 * List of identification_t's representing crlDistributionPoints
138 */
139 linked_list_t *crlDistributionPoints;
140
141 /**
142 * Subject RSA public key, if subjectPublicKeyAlgorithm == RSA
143 */
144 rsa_public_key_t *public_key;
145
146 /**
147 * Subject Key Identifier
148 */
149 chunk_t subjectKeyID;
150
151 /**
152 * Authority Key Identifier
153 */
154 chunk_t authKeyID;
155
156 /**
157 * Authority Key Serial Number
158 */
159 chunk_t authKeySerialNumber;
160
161 /**
162 * CA basic constraints flag
163 */
164 bool isCA;
165
166 /**
167 * Signature algorithm (must be identical to sigAlg)
168 */
169 int algorithm;
170
171 /**
172 * Signature
173 */
174 chunk_t signature;
175
176 u_char authority_flags;
177 chunk_t subjectPublicKey;
178 bool isOcspSigner; /* ocsp */
179 chunk_t accessLocation; /* ocsp */
180 };
181
182 /**
183 * ASN.1 definition of generalName
184 */
185 static const asn1Object_t generalNameObjects[] = {
186 { 0, "otherName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_BODY }, /* 0 */
187 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 1 */
188 { 0, "rfc822Name", ASN1_CONTEXT_S_1, ASN1_OPT|ASN1_BODY }, /* 2 */
189 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 3 */
190 { 0, "dnsName", ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 4 */
191 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 5 */
192 { 0, "x400Address", ASN1_CONTEXT_S_3, ASN1_OPT|ASN1_BODY }, /* 6 */
193 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 7 */
194 { 0, "directoryName", ASN1_CONTEXT_C_4, ASN1_OPT|ASN1_BODY }, /* 8 */
195 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 9 */
196 { 0, "ediPartyName", ASN1_CONTEXT_C_5, ASN1_OPT|ASN1_BODY }, /* 10 */
197 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 11 */
198 { 0, "URI", ASN1_CONTEXT_S_6, ASN1_OPT|ASN1_BODY }, /* 12 */
199 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 13 */
200 { 0, "ipAddress", ASN1_CONTEXT_S_7, ASN1_OPT|ASN1_BODY }, /* 14 */
201 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 15 */
202 { 0, "registeredID", ASN1_CONTEXT_S_8, ASN1_OPT|ASN1_BODY }, /* 16 */
203 { 0, "end choice", ASN1_EOC, ASN1_END } /* 17 */
204 };
205 #define GN_OBJ_OTHER_NAME 0
206 #define GN_OBJ_RFC822_NAME 2
207 #define GN_OBJ_DNS_NAME 4
208 #define GN_OBJ_X400_ADDRESS 6
209 #define GN_OBJ_DIRECTORY_NAME 8
210 #define GN_OBJ_EDI_PARTY_NAME 10
211 #define GN_OBJ_URI 12
212 #define GN_OBJ_IP_ADDRESS 14
213 #define GN_OBJ_REGISTERED_ID 16
214 #define GN_OBJ_ROOF 18
215
216 /**
217 * ASN.1 definition of otherName
218 */
219 static const asn1Object_t otherNameObjects[] = {
220 {0, "type-id", ASN1_OID, ASN1_BODY }, /* 0 */
221 {0, "value", ASN1_CONTEXT_C_0, ASN1_BODY } /* 1 */
222 };
223 #define ON_OBJ_ID_TYPE 0
224 #define ON_OBJ_VALUE 1
225 #define ON_OBJ_ROOF 2
226 /**
227 * ASN.1 definition of a basicConstraints extension
228 */
229 static const asn1Object_t basicConstraintsObjects[] = {
230 { 0, "basicConstraints", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
231 { 1, "CA", ASN1_BOOLEAN, ASN1_DEF|ASN1_BODY }, /* 1 */
232 { 1, "pathLenConstraint", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 2 */
233 { 1, "end opt", ASN1_EOC, ASN1_END } /* 3 */
234 };
235 #define BASIC_CONSTRAINTS_CA 1
236 #define BASIC_CONSTRAINTS_ROOF 4
237
238 /**
239 * ASN.1 definition of time
240 */
241 static const asn1Object_t timeObjects[] = {
242 { 0, "utcTime", ASN1_UTCTIME, ASN1_OPT|ASN1_BODY }, /* 0 */
243 { 0, "end opt", ASN1_EOC, ASN1_END }, /* 1 */
244 { 0, "generalizeTime",ASN1_GENERALIZEDTIME, ASN1_OPT|ASN1_BODY }, /* 2 */
245 { 0, "end opt", ASN1_EOC, ASN1_END } /* 3 */
246 };
247 #define TIME_UTC 0
248 #define TIME_GENERALIZED 2
249 #define TIME_ROOF 4
250
251 /**
252 * ASN.1 definition of a keyIdentifier
253 */
254 static const asn1Object_t keyIdentifierObjects[] = {
255 { 0, "keyIdentifier", ASN1_OCTET_STRING, ASN1_BODY } /* 0 */
256 };
257
258 /**
259 * ASN.1 definition of a authorityKeyIdentifier extension
260 */
261 static const asn1Object_t authorityKeyIdentifierObjects[] = {
262 { 0, "authorityKeyIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
263 { 1, "keyIdentifier", ASN1_CONTEXT_S_0, ASN1_OPT|ASN1_OBJ }, /* 1 */
264 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */
265 { 1, "authorityCertIssuer", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_OBJ }, /* 3 */
266 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */
267 { 1, "authorityCertSerialNumber",ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 5 */
268 { 1, "end opt", ASN1_EOC, ASN1_END } /* 6 */
269 };
270 #define AUTH_KEY_ID_KEY_ID 1
271 #define AUTH_KEY_ID_CERT_ISSUER 3
272 #define AUTH_KEY_ID_CERT_SERIAL 5
273 #define AUTH_KEY_ID_ROOF 7
274
275 /**
276 * ASN.1 definition of a authorityInfoAccess extension
277 */
278 static const asn1Object_t authorityInfoAccessObjects[] = {
279 { 0, "authorityInfoAccess", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
280 { 1, "accessDescription", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */
281 { 2, "accessMethod", ASN1_OID, ASN1_BODY }, /* 2 */
282 { 2, "accessLocation", ASN1_EOC, ASN1_RAW }, /* 3 */
283 { 0, "end loop", ASN1_EOC, ASN1_END } /* 4 */
284 };
285 #define AUTH_INFO_ACCESS_METHOD 2
286 #define AUTH_INFO_ACCESS_LOCATION 3
287 #define AUTH_INFO_ACCESS_ROOF 5
288
289 /**
290 * ASN.1 definition of a extendedKeyUsage extension
291 */
292 static const asn1Object_t extendedKeyUsageObjects[] = {
293 { 0, "extendedKeyUsage", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
294 { 1, "keyPurposeID", ASN1_OID, ASN1_BODY }, /* 1 */
295 { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */
296 };
297
298 #define EXT_KEY_USAGE_PURPOSE_ID 1
299 #define EXT_KEY_USAGE_ROOF 3
300
301 /**
302 * ASN.1 definition of generalNames
303 */
304 static const asn1Object_t generalNamesObjects[] = {
305 { 0, "generalNames", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
306 { 1, "generalName", ASN1_EOC, ASN1_RAW }, /* 1 */
307 { 0, "end loop", ASN1_EOC, ASN1_END } /* 2 */
308 };
309 #define GENERAL_NAMES_GN 1
310 #define GENERAL_NAMES_ROOF 3
311
312
313 /**
314 * ASN.1 definition of crlDistributionPoints
315 */
316 static const asn1Object_t crlDistributionPointsObjects[] = {
317 { 0, "crlDistributionPoints", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
318 { 1, "DistributionPoint", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */
319 { 2, "distributionPoint", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_LOOP }, /* 2 */
320 { 3, "fullName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_OBJ }, /* 3 */
321 { 3, "end choice", ASN1_EOC, ASN1_END }, /* 4 */
322 { 3, "nameRelToCRLIssuer",ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 5 */
323 { 3, "end choice", ASN1_EOC, ASN1_END }, /* 6 */
324 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 7 */
325 { 2, "reasons", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 8 */
326 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 9 */
327 { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_BODY }, /* 10 */
328 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 11 */
329 { 0, "end loop", ASN1_EOC, ASN1_END }, /* 12 */
330 };
331 #define CRL_DIST_POINTS_FULLNAME 3
332 #define CRL_DIST_POINTS_ROOF 13
333
334 /**
335 * ASN.1 definition of an X.509v3 x509
336 */
337 static const asn1Object_t certObjects[] = {
338 { 0, "x509", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
339 { 1, "tbsCertificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 1 */
340 { 2, "DEFAULT v1", ASN1_CONTEXT_C_0, ASN1_DEF }, /* 2 */
341 { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 3 */
342 { 2, "serialNumber", ASN1_INTEGER, ASN1_BODY }, /* 4 */
343 { 2, "signature", ASN1_EOC, ASN1_RAW }, /* 5 */
344 { 2, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 6 */
345 { 2, "validity", ASN1_SEQUENCE, ASN1_NONE }, /* 7 */
346 { 3, "notBefore", ASN1_EOC, ASN1_RAW }, /* 8 */
347 { 3, "notAfter", ASN1_EOC, ASN1_RAW }, /* 9 */
348 { 2, "subject", ASN1_SEQUENCE, ASN1_OBJ }, /* 10 */
349 { 2, "subjectPublicKeyInfo",ASN1_SEQUENCE, ASN1_NONE }, /* 11 */
350 { 3, "algorithm", ASN1_EOC, ASN1_RAW }, /* 12 */
351 { 3, "subjectPublicKey", ASN1_BIT_STRING, ASN1_NONE }, /* 13 */
352 { 4, "RSAPublicKey", ASN1_SEQUENCE, ASN1_RAW }, /* 14 */
353 { 2, "issuerUniqueID", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 15 */
354 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 16 */
355 { 2, "subjectUniqueID", ASN1_CONTEXT_C_2, ASN1_OPT }, /* 17 */
356 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 18 */
357 { 2, "optional extensions", ASN1_CONTEXT_C_3, ASN1_OPT }, /* 19 */
358 { 3, "extensions", ASN1_SEQUENCE, ASN1_LOOP }, /* 20 */
359 { 4, "extension", ASN1_SEQUENCE, ASN1_NONE }, /* 21 */
360 { 5, "extnID", ASN1_OID, ASN1_BODY }, /* 22 */
361 { 5, "critical", ASN1_BOOLEAN, ASN1_DEF|ASN1_BODY }, /* 23 */
362 { 5, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 24 */
363 { 3, "end loop", ASN1_EOC, ASN1_END }, /* 25 */
364 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 26 */
365 { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 27 */
366 { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY } /* 28 */
367 };
368 #define X509_OBJ_CERTIFICATE 0
369 #define X509_OBJ_TBS_CERTIFICATE 1
370 #define X509_OBJ_VERSION 3
371 #define X509_OBJ_SERIAL_NUMBER 4
372 #define X509_OBJ_SIG_ALG 5
373 #define X509_OBJ_ISSUER 6
374 #define X509_OBJ_NOT_BEFORE 8
375 #define X509_OBJ_NOT_AFTER 9
376 #define X509_OBJ_SUBJECT 10
377 #define X509_OBJ_SUBJECT_PUBLIC_KEY_ALGORITHM 12
378 #define X509_OBJ_SUBJECT_PUBLIC_KEY 13
379 #define X509_OBJ_RSA_PUBLIC_KEY 14
380 #define X509_OBJ_EXTN_ID 22
381 #define X509_OBJ_CRITICAL 23
382 #define X509_OBJ_EXTN_VALUE 24
383 #define X509_OBJ_ALGORITHM 27
384 #define X509_OBJ_SIGNATURE 28
385 #define X509_OBJ_ROOF 29
386
387
388 static u_char ASN1_subjectAltName_oid_str[] = {
389 0x06, 0x03, 0x55, 0x1D, 0x11
390 };
391
392 static const chunk_t ASN1_subjectAltName_oid = chunk_from_buf(ASN1_subjectAltName_oid_str);
393
394
395 /**
396 * compare two X.509 x509s by comparing their signatures
397 */
398 static bool equals(const private_x509_t *this, const private_x509_t *other)
399 {
400 return chunk_equals(this->signature, other->signature);
401 }
402
403 /**
404 * extracts the basicConstraints extension
405 */
406 static bool parse_basicConstraints(chunk_t blob, int level0)
407 {
408 asn1_ctx_t ctx;
409 chunk_t object;
410 u_int level;
411 int objectID = 0;
412 bool isCA = FALSE;
413
414 asn1_init(&ctx, blob, level0, FALSE);
415
416 while (objectID < BASIC_CONSTRAINTS_ROOF) {
417
418 if (!extract_object(basicConstraintsObjects, &objectID, &object,&level, &ctx))
419 {
420 break;
421 }
422 if (objectID == BASIC_CONSTRAINTS_CA)
423 {
424 isCA = object.len && *object.ptr;
425 logger->log(logger, CONTROL|LEVEL2, " %s", isCA ? "TRUE" : "FALSE");
426 }
427 objectID++;
428 }
429 return isCA;
430 }
431
432 /*
433 * extracts an otherName
434 */
435 static bool
436 parse_otherName(chunk_t blob, int level0)
437 {
438 asn1_ctx_t ctx;
439 chunk_t object;
440 int objectID = 0;
441 u_int level;
442 int oid = OID_UNKNOWN;
443
444 asn1_init(&ctx, blob, level0, FALSE);
445
446 while (objectID < ON_OBJ_ROOF)
447 {
448 if (!extract_object(otherNameObjects, &objectID, &object, &level, &ctx))
449 return FALSE;
450
451 switch (objectID)
452 {
453 case ON_OBJ_ID_TYPE:
454 oid = known_oid(object);
455 break;
456 case ON_OBJ_VALUE:
457 if (oid == OID_XMPP_ADDR)
458 {
459 if (!parse_asn1_simple_object(&object, ASN1_UTF8STRING, level + 1, "xmppAddr"))
460 return FALSE;
461 }
462 break;
463 default:
464 break;
465 }
466 objectID++;
467 }
468 return TRUE;
469 }
470
471 /*
472 * extracts a generalName
473 */
474 static identification_t *parse_generalName(chunk_t blob, int level0)
475 {
476 asn1_ctx_t ctx;
477 chunk_t object;
478 int objectID = 0;
479 u_int level;
480
481 asn1_init(&ctx, blob, level0, FALSE);
482
483 while (objectID < GN_OBJ_ROOF)
484 {
485 id_type_t id_type = ID_ANY;
486
487 if (!extract_object(generalNameObjects, &objectID, &object, &level, &ctx))
488 return NULL;
489
490 switch (objectID)
491 {
492 case GN_OBJ_RFC822_NAME:
493 id_type = ID_RFC822_ADDR;
494 break;
495 case GN_OBJ_DNS_NAME:
496 id_type = ID_FQDN;
497 break;
498 case GN_OBJ_URI:
499 id_type = ID_DER_ASN1_GN_URI;
500 break;
501 case GN_OBJ_DIRECTORY_NAME:
502 id_type = ID_DER_ASN1_DN;
503 break;
504 case GN_OBJ_IP_ADDRESS:
505 id_type = ID_IPV4_ADDR;
506 break;
507 case GN_OBJ_OTHER_NAME:
508 if (!parse_otherName(object, level + 1))
509 return NULL;
510 break;
511 case GN_OBJ_X400_ADDRESS:
512 case GN_OBJ_EDI_PARTY_NAME:
513 case GN_OBJ_REGISTERED_ID:
514 break;
515 default:
516 break;
517 }
518
519 if (id_type != ID_ANY)
520 {
521 identification_t *gn = identification_create_from_encoding(id_type, object);
522 logger->log(logger, CONTROL|LEVEL2, " '%s'", gn->get_string(gn));
523 return gn;
524 }
525 objectID++;
526 }
527 return NULL;
528 }
529
530
531 /**
532 * extracts one or several GNs and puts them into a chained list
533 */
534 static void parse_generalNames(chunk_t blob, int level0, bool implicit, linked_list_t *list)
535 {
536 asn1_ctx_t ctx;
537 chunk_t object;
538 u_int level;
539 int objectID = 0;
540
541 asn1_init(&ctx, blob, level0, implicit);
542
543 while (objectID < GENERAL_NAMES_ROOF)
544 {
545 if (!extract_object(generalNamesObjects, &objectID, &object, &level, &ctx))
546 return;
547
548 if (objectID == GENERAL_NAMES_GN)
549 {
550 identification_t *gn = parse_generalName(object, level+1);
551
552 if (gn != NULL)
553 list->insert_last(list, (void *)gn);
554 }
555 objectID++;
556 }
557 return;
558 }
559
560 /**
561 * extracts and converts a UTCTIME or GENERALIZEDTIME object
562 */
563 time_t parse_time(chunk_t blob, int level0)
564 {
565 asn1_ctx_t ctx;
566 chunk_t object;
567 u_int level;
568 int objectID = 0;
569
570 asn1_init(&ctx, blob, level0, FALSE);
571
572 while (objectID < TIME_ROOF)
573 {
574 if (!extract_object(timeObjects, &objectID, &object, &level, &ctx))
575 return 0;
576
577 if (objectID == TIME_UTC || objectID == TIME_GENERALIZED)
578 {
579 return asn1totime(&object, (objectID == TIME_UTC)
580 ? ASN1_UTCTIME : ASN1_GENERALIZEDTIME);
581 }
582 objectID++;
583 }
584 return 0;
585 }
586
587 /**
588 * extracts a keyIdentifier
589 */
590 static chunk_t parse_keyIdentifier(chunk_t blob, int level0, bool implicit)
591 {
592 asn1_ctx_t ctx;
593 chunk_t object;
594 u_int level;
595 int objectID = 0;
596
597 asn1_init(&ctx, blob, level0, implicit);
598
599 extract_object(keyIdentifierObjects, &objectID, &object, &level, &ctx);
600 return object;
601 }
602
603 /**
604 * extracts an authoritykeyIdentifier
605 */
606 void parse_authorityKeyIdentifier(chunk_t blob, int level0 , chunk_t *authKeyID, chunk_t *authKeySerialNumber)
607 {
608 asn1_ctx_t ctx;
609 chunk_t object;
610 u_int level;
611 int objectID = 0;
612
613 asn1_init(&ctx, blob, level0, FALSE);
614 while (objectID < AUTH_KEY_ID_ROOF)
615 {
616 if (!extract_object(authorityKeyIdentifierObjects, &objectID, &object, &level, &ctx))
617 {
618 return;
619 }
620 switch (objectID)
621 {
622 case AUTH_KEY_ID_KEY_ID:
623 *authKeyID = parse_keyIdentifier(object, level+1, TRUE);
624 break;
625 case AUTH_KEY_ID_CERT_ISSUER:
626 {
627 /* TODO: parse_generalNames(object, level+1, TRUE); */
628 break;
629 }
630 case AUTH_KEY_ID_CERT_SERIAL:
631 *authKeySerialNumber = object;
632 break;
633 default:
634 break;
635 }
636 objectID++;
637 }
638 }
639
640 /**
641 * extracts an authorityInfoAcess location
642 */
643 static void parse_authorityInfoAccess(chunk_t blob, int level0, chunk_t *accessLocation)
644 {
645 asn1_ctx_t ctx;
646 chunk_t object;
647 u_int level;
648 int objectID = 0;
649
650 u_int accessMethod = OID_UNKNOWN;
651
652 asn1_init(&ctx, blob, level0, FALSE);
653 while (objectID < AUTH_INFO_ACCESS_ROOF)
654 {
655 if (!extract_object(authorityInfoAccessObjects, &objectID, &object, &level, &ctx))
656 {
657 return;
658 }
659 switch (objectID)
660 {
661 case AUTH_INFO_ACCESS_METHOD:
662 accessMethod = known_oid(object);
663 break;
664 case AUTH_INFO_ACCESS_LOCATION:
665 {
666 switch (accessMethod)
667 {
668 case OID_OCSP:
669 if (*object.ptr == ASN1_CONTEXT_S_6)
670 {
671 if (asn1_length(&object) == ASN1_INVALID_LENGTH)
672 return;
673 logger->log(logger, CONTROL|LEVEL2, " '%.*s'",(int)object.len, object.ptr);
674 /* only HTTP(S) URIs accepted */
675 if (strncasecmp(object.ptr, "http", 4) == 0)
676 {
677 *accessLocation = object;
678 return;
679 }
680 }
681 logger->log(logger, ERROR|LEVEL2, "ignoring OCSP InfoAccessLocation with unkown protocol");
682 break;
683 default:
684 /* unkown accessMethod, ignoring */
685 break;
686 }
687 break;
688 }
689 default:
690 break;
691 }
692 objectID++;
693 }
694 }
695
696 /**
697 * extracts extendedKeyUsage OIDs
698 */
699 static bool parse_extendedKeyUsage(chunk_t blob, int level0)
700 {
701 asn1_ctx_t ctx;
702 chunk_t object;
703 u_int level;
704 int objectID = 0;
705
706 asn1_init(&ctx, blob, level0, FALSE);
707 while (objectID < EXT_KEY_USAGE_ROOF)
708 {
709 if (!extract_object(extendedKeyUsageObjects, &objectID, &object, &level, &ctx))
710 {
711 return FALSE;
712 }
713 if (objectID == EXT_KEY_USAGE_PURPOSE_ID &&
714 known_oid(object) == OID_OCSP_SIGNING)
715 {
716 return TRUE;
717 }
718 objectID++;
719 }
720 return FALSE;
721 }
722
723 /**
724 * extracts one or several crlDistributionPoints and puts them into
725 * a chained list
726 */
727 static void parse_crlDistributionPoints(chunk_t blob, int level0, linked_list_t *list)
728 {
729 asn1_ctx_t ctx;
730 chunk_t object;
731 u_int level;
732 int objectID = 0;
733
734 asn1_init(&ctx, blob, level0, FALSE);
735 while (objectID < CRL_DIST_POINTS_ROOF)
736 {
737 if (!extract_object(crlDistributionPointsObjects, &objectID, &object, &level, &ctx))
738 {
739 return;
740 }
741 if (objectID == CRL_DIST_POINTS_FULLNAME)
742 {
743 /* append extracted generalNames to existing chained list */
744 parse_generalNames(object, level+1, TRUE, list);
745
746 }
747 objectID++;
748 }
749 }
750
751
752 /**
753 * Parses an X.509v3 certificate
754 */
755 bool parse_x509cert(chunk_t blob, u_int level0, private_x509_t *cert)
756 {
757 asn1_ctx_t ctx;
758 bool critical;
759 chunk_t object;
760 u_int level;
761 u_int extn_oid = OID_UNKNOWN;
762 int objectID = 0;
763
764 asn1_init(&ctx, blob, level0, FALSE);
765 while (objectID < X509_OBJ_ROOF)
766 {
767 if (!extract_object(certObjects, &objectID, &object, &level, &ctx))
768 {
769 return FALSE;
770 }
771 /* those objects which will parsed further need the next higher level */
772 level++;
773 switch (objectID) {
774 case X509_OBJ_CERTIFICATE:
775 cert->certificate = object;
776 break;
777 case X509_OBJ_TBS_CERTIFICATE:
778 cert->tbsCertificate = object;
779 break;
780 case X509_OBJ_VERSION:
781 cert->version = (object.len) ? (1+(u_int)*object.ptr) : 1;
782 logger->log(logger, CONTROL|LEVEL2, " v%d", cert->version);
783 break;
784 case X509_OBJ_SERIAL_NUMBER:
785 cert->serialNumber = object;
786 break;
787 case X509_OBJ_SIG_ALG:
788 cert->sigAlg = parse_algorithmIdentifier(object, level, NULL);
789 break;
790 case X509_OBJ_ISSUER:
791 cert->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
792 logger->log(logger, CONTROL|LEVEL1, " '%s'", cert->issuer->get_string(cert->issuer));
793 break;
794 case X509_OBJ_NOT_BEFORE:
795 cert->notBefore = parse_time(object, level);
796 break;
797 case X509_OBJ_NOT_AFTER:
798 cert->notAfter = parse_time(object, level);
799 break;
800 case X509_OBJ_SUBJECT:
801 cert->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object);
802 logger->log(logger, CONTROL|LEVEL1, " '%s'", cert->subject->get_string(cert->subject));
803 break;
804 case X509_OBJ_SUBJECT_PUBLIC_KEY_ALGORITHM:
805 if (parse_algorithmIdentifier(object, level, NULL) != OID_RSA_ENCRYPTION)
806 {
807 logger->log(logger, ERROR|LEVEL1, " unsupported public key algorithm");
808 return FALSE;
809 }
810 break;
811 case X509_OBJ_SUBJECT_PUBLIC_KEY:
812 if (ctx.blobs[4].len > 0 && *ctx.blobs[4].ptr == 0x00)
813 {
814 /* skip initial bit string octet defining 0 unused bits */
815 ctx.blobs[4].ptr++; ctx.blobs[4].len--;
816 }
817 else
818 {
819 logger->log(logger, ERROR|LEVEL1, " invalid RSA public key format");
820 return FALSE;
821 }
822 break;
823 case X509_OBJ_RSA_PUBLIC_KEY:
824 cert->subjectPublicKey = object;
825 break;
826 case X509_OBJ_EXTN_ID:
827 extn_oid = known_oid(object);
828 break;
829 case X509_OBJ_CRITICAL:
830 critical = object.len && *object.ptr;
831 logger->log(logger, ERROR|LEVEL2, " %s", critical ? "TRUE" : "FALSE");
832 break;
833 case X509_OBJ_EXTN_VALUE:
834 {
835 switch (extn_oid) {
836 case OID_SUBJECT_KEY_ID:
837 cert->subjectKeyID = parse_keyIdentifier(object, level, FALSE);
838 break;
839 case OID_SUBJECT_ALT_NAME:
840 parse_generalNames(object, level, FALSE, cert->subjectAltNames);
841 break;
842 case OID_BASIC_CONSTRAINTS:
843 cert->isCA = parse_basicConstraints(object, level);
844 break;
845 case OID_CRL_DISTRIBUTION_POINTS:
846 parse_crlDistributionPoints(object, level, cert->crlDistributionPoints);
847 break;
848 case OID_AUTHORITY_KEY_ID:
849 parse_authorityKeyIdentifier(object, level , &cert->authKeyID, &cert->authKeySerialNumber);
850 break;
851 case OID_AUTHORITY_INFO_ACCESS:
852 parse_authorityInfoAccess(object, level, &cert->accessLocation);
853 break;
854 case OID_EXTENDED_KEY_USAGE:
855 cert->isOcspSigner = parse_extendedKeyUsage(object, level);
856 break;
857 case OID_NS_REVOCATION_URL:
858 case OID_NS_CA_REVOCATION_URL:
859 case OID_NS_CA_POLICY_URL:
860 case OID_NS_COMMENT:
861 if (!parse_asn1_simple_object(&object, ASN1_IA5STRING , level, oid_names[extn_oid].name))
862 return FALSE;
863 break;
864 default:
865 break;
866 }
867 break;
868 }
869 case X509_OBJ_ALGORITHM:
870 cert->algorithm = parse_algorithmIdentifier(object, level, NULL);
871 break;
872 case X509_OBJ_SIGNATURE:
873 cert->signature = object;
874 break;
875 default:
876 break;
877 }
878 objectID++;
879 }
880 time(&cert->installed);
881 return TRUE;
882 }
883
884 /**
885 * Implements x509_t.is_valid
886 */
887 static err_t is_valid(const private_x509_t *this, time_t *until)
888 {
889 char buf[TIMETOA_BUF];
890
891 time_t current_time = time(NULL);
892
893 timetoa(buf, BUF_LEN, &this->notBefore, TRUE);
894 logger->log(logger, CONTROL|LEVEL1, " not before : %s", buf);
895 timetoa(buf, BUF_LEN, &current_time, TRUE);
896 logger->log(logger, CONTROL|LEVEL1, " current time: %s", buf);
897 timetoa(buf, BUF_LEN, &this->notAfter, TRUE);
898 logger->log(logger, CONTROL|LEVEL1, " not after : %s", buf);
899
900 if (until != NULL
901 && (*until == UNDEFINED_TIME || this->notAfter < *until))
902 {
903 *until = this->notAfter;
904 }
905 if (current_time < this->notBefore)
906 return "is not valid yet";
907 if (current_time > this->notAfter)
908 return "has expired";
909 logger->log(logger, CONTROL|LEVEL1, " certificate is valid", buf);
910 return NULL;
911 }
912
913 /**
914 * Implements x509_t.is_ca
915 */
916 static bool is_ca(const private_x509_t *this)
917 {
918 return this->isCA;
919 }
920
921 /**
922 * Implements x509_t.is_self_signed
923 */
924 static bool is_self_signed(const private_x509_t *this)
925 {
926 return this->subject->equals(this->subject, this->issuer);
927 }
928
929 /**
930 * Implements x509_t.equals_subjectAltName
931 */
932 static bool equals_subjectAltName(const private_x509_t *this, identification_t *id)
933 {
934 bool found = FALSE;
935 iterator_t *iterator = this->subjectAltNames->create_iterator(this->subjectAltNames, TRUE);
936
937 while (iterator->has_next(iterator))
938 {
939 identification_t *subjectAltName;
940
941 iterator->current(iterator, (void**)&subjectAltName);
942 if (id->equals(id, subjectAltName))
943 {
944 found = TRUE;
945 break;
946 }
947 }
948 iterator->destroy(iterator);
949 return found;
950 }
951
952 /**
953 * Implements x509_t.is_issuer
954 */
955 static bool is_issuer(const private_x509_t *this, const private_x509_t *issuer)
956 {
957 return (this->authKeyID.ptr)
958 ? chunk_equals(this->authKeyID, issuer->subjectKeyID)
959 : (this->issuer->equals(this->issuer, issuer->subject)
960 && chunk_equals_or_null(this->authKeySerialNumber, issuer->serialNumber));
961 }
962
963 /**
964 * Implements x509_t.get_certificate
965 */
966 static chunk_t get_certificate(const private_x509_t *this)
967 {
968 return this->certificate;
969 }
970
971 /**
972 * Implements x509_t.get_public_key
973 */
974 static rsa_public_key_t *get_public_key(const private_x509_t *this)
975 {
976 return this->public_key;
977 }
978
979 /**
980 * Implements x509_t.get_serialNumber
981 */
982 static chunk_t get_serialNumber(const private_x509_t *this)
983 {
984 return this->serialNumber;
985 }
986
987 /**
988 * Implements x509_t.get_subjectKeyID
989 */
990 static chunk_t get_subjectKeyID(const private_x509_t *this)
991 {
992 return this->subjectKeyID;
993 }
994
995 /**
996 * Implements x509_t.get_issuer
997 */
998 static identification_t *get_issuer(const private_x509_t *this)
999 {
1000 return this->issuer;
1001 }
1002
1003 /**
1004 * Implements x509_t.get_subject
1005 */
1006 static identification_t *get_subject(const private_x509_t *this)
1007 {
1008 return this->subject;
1009 }
1010
1011 /**
1012 * Implements x509_t.set_until
1013 */
1014 static void set_until(private_x509_t *this, time_t until)
1015 {
1016 this->until = until;
1017 }
1018
1019 /**
1020 * Implements x509_t.get_until
1021 */
1022 static time_t get_until(const private_x509_t *this)
1023 {
1024 return this->until;
1025 }
1026
1027 /**
1028 * Implements x509_t.set_status
1029 */
1030 static void set_status(private_x509_t *this, cert_status_t status)
1031 {
1032 this->status = status;
1033 }
1034
1035 /**
1036 * Implements x509_t.get_status
1037 */
1038 static cert_status_t get_status(const private_x509_t *this)
1039 {
1040 return this->status;
1041 }
1042
1043 /**
1044 * Implements x509_t.verify
1045 */
1046 static bool verify(const private_x509_t *this, const rsa_public_key_t *signer)
1047 {
1048 return (signer->verify_emsa_pkcs1_signature(signer, this->tbsCertificate,
1049 this->signature) == SUCCESS);
1050 }
1051
1052 /**
1053 * destroy
1054 */
1055 static void destroy(private_x509_t *this)
1056 {
1057 identification_t *id;
1058 while (this->subjectAltNames->remove_last(this->subjectAltNames, (void**)&id) == SUCCESS)
1059 {
1060 id->destroy(id);
1061 }
1062 this->subjectAltNames->destroy(this->subjectAltNames);
1063
1064 while (this->crlDistributionPoints->remove_last(this->crlDistributionPoints, (void**)&id) == SUCCESS)
1065 {
1066 id->destroy(id);
1067 }
1068 this->crlDistributionPoints->destroy(this->crlDistributionPoints);
1069
1070 if (this->issuer)
1071 this->issuer->destroy(this->issuer);
1072
1073 if (this->subject)
1074 this->subject->destroy(this->subject);
1075
1076 if (this->public_key)
1077 this->public_key->destroy(this->public_key);
1078
1079 free(this->certificate.ptr);
1080 free(this);
1081 }
1082
1083 /**
1084 * checks if the expiration date has been reached and warns during the
1085 * warning_interval of the imminent expiration.
1086 * strict=TRUE declares a fatal error, strict=FALSE issues a warning upon expiry.
1087 */
1088 char* check_expiry(time_t expiration_date, int warning_interval, bool strict)
1089 {
1090 int time_left;
1091
1092 if (expiration_date == UNDEFINED_TIME)
1093 {
1094 return "ok (expires never)";
1095 }
1096 time_left = (expiration_date - time(NULL));
1097 if (time_left < 0)
1098 {
1099 return strict? "fatal (expired)" : "warning (expired)";
1100 }
1101
1102 {
1103 static char buf[35];
1104 const char* unit = "second";
1105
1106 if (time_left > 86400*warning_interval)
1107 return "ok";
1108
1109 if (time_left > 172800)
1110 {
1111 time_left /= 86400;
1112 unit = "day";
1113 }
1114 else if (time_left > 7200)
1115 {
1116 time_left /= 3600;
1117 unit = "hour";
1118 }
1119 else if (time_left > 120)
1120 {
1121 time_left /= 60;
1122 unit = "minute";
1123 }
1124 snprintf(buf, sizeof(buf), "warning (expires in %d %s%s)", time_left, unit, (time_left == 1)?"":"s");
1125
1126 /* TODO: This is not thread save and may result in corrupted strings. Rewrite this! */
1127 return buf;
1128 }
1129 }
1130
1131 /**
1132 * log certificate
1133 */
1134 static void log_certificate(const private_x509_t *this, logger_t *logger, bool utc, bool has_key)
1135 {
1136 identification_t *subject = this->subject;
1137 identification_t *issuer = this->issuer;
1138 rsa_public_key_t *pubkey = this->public_key;
1139
1140 char buf[BUF_LEN];
1141 char time_buf[TIMETOA_BUF];
1142
1143 /* determine the current time */
1144 time_t now = time(NULL);
1145
1146 timetoa(time_buf, TIMETOA_BUF, &this->installed, utc);
1147 logger->log(logger, CONTROL, "%s", time_buf);
1148 logger->log(logger, CONTROL, " subject: '%s'", subject->get_string(subject));
1149 logger->log(logger, CONTROL, " issuer: '%s'", issuer->get_string(issuer));
1150
1151 chunk_to_hex(buf, BUF_LEN, this->serialNumber);
1152 logger->log(logger, CONTROL, " serial: %s", buf);
1153
1154 timetoa(time_buf, TIMETOA_BUF, &this->notBefore, utc);
1155 logger->log(logger, CONTROL, " validity: not before %s %s", time_buf,
1156 (this->notBefore < now)? "ok":"fatal (not valid yet)");
1157
1158 timetoa(time_buf, TIMETOA_BUF, &this->notAfter, utc);
1159 logger->log(logger, CONTROL, " not after %s %s", time_buf,
1160 check_expiry(this->notAfter, CERT_WARNING_INTERVAL, TRUE));
1161
1162 timetoa(time_buf, TIMETOA_BUF, &this->until, utc);
1163 switch (this->status)
1164 {
1165 case CERT_GOOD:
1166 snprintf(buf, BUF_LEN, " until %s", time_buf);
1167 break;
1168 case CERT_REVOKED:
1169 snprintf(buf, BUF_LEN, " on %s", time_buf);
1170 break;
1171 case CERT_UNKNOWN:
1172 case CERT_UNDEFINED:
1173 case CERT_UNTRUSTED:
1174 default:
1175 *buf = '\0';
1176 }
1177 logger->log(logger, CONTROL, " pubkey: RSA %d bits%s, status %s%s",
1178 BITS_PER_BYTE * pubkey->get_keysize(pubkey),
1179 has_key? ", has private key":"",
1180 enum_name(&cert_status_names, this->status), buf);
1181
1182 chunk_to_hex(buf, BUF_LEN, pubkey->get_keyid(pubkey));
1183 logger->log(logger, CONTROL, " keyid: %s", buf);
1184
1185 if (this->subjectKeyID.ptr != NULL)
1186 {
1187 chunk_to_hex(buf, BUF_LEN, this->subjectKeyID);
1188 logger->log(logger, CONTROL, " subjkey: %s", buf);
1189 }
1190 if (this->authKeyID.ptr != NULL)
1191 {
1192 chunk_to_hex(buf, BUF_LEN, this->authKeyID);
1193 logger->log(logger, CONTROL, " authkey: %s", buf);
1194 }
1195 if (this->authKeySerialNumber.ptr != NULL)
1196 {
1197 chunk_to_hex(buf, BUF_LEN, this->authKeySerialNumber);
1198 logger->log(logger, CONTROL, " aserial: %s", buf);
1199 }
1200 }
1201
1202 /*
1203 * Described in header.
1204 */
1205 x509_t *x509_create_from_chunk(chunk_t chunk)
1206 {
1207 private_x509_t *this = malloc_thing(private_x509_t);
1208
1209 /* initialize */
1210 this->subjectPublicKey = CHUNK_INITIALIZER;
1211 this->public_key = NULL;
1212 this->subject = NULL;
1213 this->issuer = NULL;
1214 this->subjectAltNames = linked_list_create();
1215 this->crlDistributionPoints = linked_list_create();
1216 this->subjectKeyID = CHUNK_INITIALIZER;
1217 this->authKeyID = CHUNK_INITIALIZER;
1218 this->authKeySerialNumber = CHUNK_INITIALIZER;
1219
1220 /* public functions */
1221 this->public.equals = (bool (*) (const x509_t*,const x509_t*))equals;
1222 this->public.equals_subjectAltName = (bool (*) (const x509_t*,identification_t*))equals_subjectAltName;
1223 this->public.is_issuer = (bool (*) (const x509_t*,const x509_t*))is_issuer;
1224 this->public.is_valid = (err_t (*) (const x509_t*,time_t*))is_valid;
1225 this->public.is_ca = (bool (*) (const x509_t*))is_ca;
1226 this->public.is_self_signed = (bool (*) (const x509_t*))is_self_signed;
1227 this->public.get_certificate = (chunk_t (*) (const x509_t*))get_certificate;
1228 this->public.get_public_key = (rsa_public_key_t* (*) (const x509_t*))get_public_key;
1229 this->public.get_serialNumber = (chunk_t (*) (const x509_t*))get_serialNumber;
1230 this->public.get_subjectKeyID = (chunk_t (*) (const x509_t*))get_subjectKeyID;
1231 this->public.get_issuer = (identification_t* (*) (const x509_t*))get_issuer;
1232 this->public.get_subject = (identification_t* (*) (const x509_t*))get_subject;
1233 this->public.set_until = (void (*) (x509_t*,time_t))set_until;
1234 this->public.get_until = (time_t (*) (const x509_t*))get_until;
1235 this->public.set_status = (void (*) (x509_t*,cert_status_t))set_status;
1236 this->public.get_status = (cert_status_t (*) (const x509_t*))get_status;
1237 this->public.verify = (bool (*) (const x509_t*,const rsa_public_key_t*))verify;
1238 this->public.destroy = (void (*) (x509_t*))destroy;
1239 this->public.log_certificate = (void (*) (const x509_t*,logger_t*,bool,bool))log_certificate;
1240
1241 /* we do not use a per-instance logger right now, since its not always accessible */
1242 logger = logger_manager->get_logger(logger_manager, ASN1);
1243
1244 if (!parse_x509cert(chunk, 0, this))
1245 {
1246 destroy(this);
1247 return NULL;
1248 }
1249
1250 /* extract public key from certificate */
1251 this->public_key = rsa_public_key_create_from_chunk(this->subjectPublicKey);
1252 if (this->public_key == NULL)
1253 {
1254 destroy(this);
1255 return NULL;
1256 }
1257 /* set trusted lifetime of public key to notAfter */
1258 this->status = is_self_signed(this)? CERT_GOOD:CERT_UNDEFINED;
1259 this->until = this->notAfter;
1260 return &this->public;
1261 }
1262
1263 /*
1264 * Described in header.
1265 */
1266 x509_t *x509_create_from_file(const char *filename, const char *label)
1267 {
1268 bool pgp = FALSE;
1269 chunk_t chunk = CHUNK_INITIALIZER;
1270 x509_t *cert = NULL;
1271
1272 if (!pem_asn1_load_file(filename, "", label, &chunk, &pgp))
1273 return NULL;
1274
1275 cert = x509_create_from_chunk(chunk);
1276
1277 if (cert == NULL)
1278 free(chunk.ptr);
1279 return cert;
1280 }