1 // Copyright 2019 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/test/cert_builder.h"
6
7 #include <map>
8 #include <memory>
9 #include <optional>
10 #include <string>
11 #include <string_view>
12 #include <utility>
13 #include <vector>
14
15 #include "base/files/file_path.h"
16 #include "base/memory/ptr_util.h"
17 #include "base/memory/scoped_refptr.h"
18 #include "base/notreached.h"
19 #include "base/ranges/algorithm.h"
20 #include "base/strings/string_number_conversions.h"
21 #include "base/strings/string_util.h"
22 #include "base/time/time.h"
23 #include "crypto/ec_private_key.h"
24 #include "crypto/openssl_util.h"
25 #include "crypto/rsa_private_key.h"
26 #include "crypto/sha2.h"
27 #include "net/cert/asn1_util.h"
28 #include "net/cert/ct_objects_extractor.h"
29 #include "net/cert/ct_serialization.h"
30 #include "net/cert/signed_certificate_timestamp.h"
31 #include "net/cert/time_conversions.h"
32 #include "net/cert/x509_util.h"
33 #include "net/test/cert_test_util.h"
34 #include "net/test/key_util.h"
35 #include "net/test/test_data_directory.h"
36 #include "testing/gtest/include/gtest/gtest.h"
37 #include "third_party/boringssl/src/include/openssl/evp.h"
38 #include "third_party/boringssl/src/include/openssl/mem.h"
39 #include "third_party/boringssl/src/pki/certificate_policies.h"
40 #include "third_party/boringssl/src/pki/extended_key_usage.h"
41 #include "third_party/boringssl/src/pki/input.h"
42 #include "third_party/boringssl/src/pki/parse_certificate.h"
43 #include "third_party/boringssl/src/pki/parse_values.h"
44 #include "third_party/boringssl/src/pki/parser.h"
45 #include "third_party/boringssl/src/pki/verify_signed_data.h"
46 #include "url/gurl.h"
47
48 namespace net {
49
50 namespace {
51
52 constexpr char kSimpleChainHostname[] = "www.example.com";
53
Sha256WithRSAEncryption()54 std::string Sha256WithRSAEncryption() {
55 const uint8_t kSha256WithRSAEncryption[] = {0x30, 0x0D, 0x06, 0x09, 0x2a,
56 0x86, 0x48, 0x86, 0xf7, 0x0d,
57 0x01, 0x01, 0x0b, 0x05, 0x00};
58 return std::string(std::begin(kSha256WithRSAEncryption),
59 std::end(kSha256WithRSAEncryption));
60 }
61
Sha1WithRSAEncryption()62 std::string Sha1WithRSAEncryption() {
63 const uint8_t kSha1WithRSAEncryption[] = {0x30, 0x0D, 0x06, 0x09, 0x2a,
64 0x86, 0x48, 0x86, 0xf7, 0x0d,
65 0x01, 0x01, 0x05, 0x05, 0x00};
66 return std::string(std::begin(kSha1WithRSAEncryption),
67 std::end(kSha1WithRSAEncryption));
68 }
69
EcdsaWithSha256()70 std::string EcdsaWithSha256() {
71 const uint8_t kDer[] = {0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86,
72 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02};
73 return std::string(std::begin(kDer), std::end(kDer));
74 }
75
EcdsaWithSha1()76 std::string EcdsaWithSha1() {
77 const uint8_t kDer[] = {0x30, 0x09, 0x06, 0x07, 0x2a, 0x86,
78 0x48, 0xce, 0x3d, 0x04, 0x01};
79 return std::string(std::begin(kDer), std::end(kDer));
80 }
81
82 // Adds bytes (specified as a StringPiece) to the given CBB.
83 // The argument ordering follows the boringssl CBB_* api style.
CBBAddBytes(CBB * cbb,std::string_view bytes)84 bool CBBAddBytes(CBB* cbb, std::string_view bytes) {
85 return CBB_add_bytes(cbb, reinterpret_cast<const uint8_t*>(bytes.data()),
86 bytes.size());
87 }
88
89 // Adds bytes (from fixed size array) to the given CBB.
90 // The argument ordering follows the boringssl CBB_* api style.
91 template <size_t N>
CBBAddBytes(CBB * cbb,const uint8_t (& data)[N])92 bool CBBAddBytes(CBB* cbb, const uint8_t (&data)[N]) {
93 return CBB_add_bytes(cbb, data, N);
94 }
95
96 // Finalizes the CBB to a std::string.
FinishCBB(CBB * cbb)97 std::string FinishCBB(CBB* cbb) {
98 size_t cbb_len;
99 uint8_t* cbb_bytes;
100
101 if (!CBB_finish(cbb, &cbb_bytes, &cbb_len)) {
102 ADD_FAILURE() << "CBB_finish() failed";
103 return std::string();
104 }
105
106 bssl::UniquePtr<uint8_t> delete_bytes(cbb_bytes);
107 return std::string(reinterpret_cast<char*>(cbb_bytes), cbb_len);
108 }
109
110 // Finalizes the CBB to a std::vector.
FinishCBBToVector(CBB * cbb)111 std::vector<uint8_t> FinishCBBToVector(CBB* cbb) {
112 size_t cbb_len;
113 uint8_t* cbb_bytes;
114
115 if (!CBB_finish(cbb, &cbb_bytes, &cbb_len)) {
116 ADD_FAILURE() << "CBB_finish() failed";
117 return {};
118 }
119
120 bssl::UniquePtr<uint8_t> delete_bytes(cbb_bytes);
121 return std::vector<uint8_t>(cbb_bytes, cbb_bytes + cbb_len);
122 }
123
124 } // namespace
125
126 CertBuilder::SctConfig::SctConfig() = default;
SctConfig(std::string log_id,bssl::UniquePtr<EVP_PKEY> log_key,base::Time timestamp)127 CertBuilder::SctConfig::SctConfig(std::string log_id,
128 bssl::UniquePtr<EVP_PKEY> log_key,
129 base::Time timestamp)
130 : log_id(std::move(log_id)),
131 log_key(std::move(log_key)),
132 timestamp(timestamp) {}
SctConfig(const SctConfig & other)133 CertBuilder::SctConfig::SctConfig(const SctConfig& other)
134 : SctConfig(other.log_id,
135 bssl::UpRef(other.log_key.get()),
136 other.timestamp) {}
137 CertBuilder::SctConfig::SctConfig(SctConfig&&) = default;
138 CertBuilder::SctConfig::~SctConfig() = default;
operator =(const SctConfig & other)139 CertBuilder::SctConfig& CertBuilder::SctConfig::operator=(
140 const SctConfig& other) {
141 log_id = other.log_id;
142 log_key = bssl::UpRef(other.log_key.get());
143 timestamp = other.timestamp;
144 return *this;
145 }
146 CertBuilder::SctConfig& CertBuilder::SctConfig::operator=(SctConfig&&) =
147 default;
148
CertBuilder(CRYPTO_BUFFER * orig_cert,CertBuilder * issuer)149 CertBuilder::CertBuilder(CRYPTO_BUFFER* orig_cert, CertBuilder* issuer)
150 : CertBuilder(orig_cert, issuer, /*unique_subject_key_identifier=*/true) {}
151
152 // static
FromFile(const base::FilePath & cert_and_key_file,CertBuilder * issuer)153 std::unique_ptr<CertBuilder> CertBuilder::FromFile(
154 const base::FilePath& cert_and_key_file,
155 CertBuilder* issuer) {
156 scoped_refptr<X509Certificate> cert = ImportCertFromFile(cert_and_key_file);
157 if (!cert)
158 return nullptr;
159
160 bssl::UniquePtr<EVP_PKEY> private_key(
161 key_util::LoadEVP_PKEYFromPEM(cert_and_key_file));
162 if (!private_key)
163 return nullptr;
164
165 auto builder = base::WrapUnique(new CertBuilder(cert->cert_buffer(), issuer));
166 builder->key_ = std::move(private_key);
167 return builder;
168 }
169
170 // static
FromStaticCert(CRYPTO_BUFFER * cert,EVP_PKEY * key)171 std::unique_ptr<CertBuilder> CertBuilder::FromStaticCert(CRYPTO_BUFFER* cert,
172 EVP_PKEY* key) {
173 std::unique_ptr<CertBuilder> builder = base::WrapUnique(
174 new CertBuilder(cert, nullptr, /*unique_subject_key_identifier=*/false));
175 // |cert_|, |key_|, and |subject_tlv_| must be initialized for |builder| to
176 // function as the |issuer| of another CertBuilder.
177 builder->cert_ = bssl::UpRef(cert);
178 builder->key_ = bssl::UpRef(key);
179 std::string_view subject_tlv;
180 CHECK(asn1::ExtractSubjectFromDERCert(
181 x509_util::CryptoBufferAsStringPiece(cert), &subject_tlv));
182 builder->subject_tlv_ = std::string(subject_tlv);
183 return builder;
184 }
185
186 // static
FromStaticCertFile(const base::FilePath & cert_and_key_file)187 std::unique_ptr<CertBuilder> CertBuilder::FromStaticCertFile(
188 const base::FilePath& cert_and_key_file) {
189 scoped_refptr<X509Certificate> cert = ImportCertFromFile(cert_and_key_file);
190 if (!cert)
191 return nullptr;
192
193 bssl::UniquePtr<EVP_PKEY> private_key(
194 key_util::LoadEVP_PKEYFromPEM(cert_and_key_file));
195 if (!private_key)
196 return nullptr;
197
198 return CertBuilder::FromStaticCert(cert->cert_buffer(), private_key.get());
199 }
200
201 // static
FromSubjectPublicKeyInfo(base::span<const uint8_t> spki_der,CertBuilder * issuer)202 std::unique_ptr<CertBuilder> CertBuilder::FromSubjectPublicKeyInfo(
203 base::span<const uint8_t> spki_der,
204 CertBuilder* issuer) {
205 DCHECK(issuer);
206 auto builder = std::make_unique<CertBuilder>(/*orig_cert=*/nullptr, issuer);
207
208 CBS cbs;
209 CBS_init(&cbs, spki_der.data(), spki_der.size());
210 builder->key_ = bssl::UniquePtr<EVP_PKEY>(EVP_parse_public_key(&cbs));
211 // Check that there was no error in `EVP_parse_public_key` and that it
212 // consumed the entire public key.
213 if (!builder->key_ || (CBS_len(&cbs) != 0))
214 return nullptr;
215
216 return builder;
217 }
218
219 CertBuilder::~CertBuilder() = default;
220
221 // static
CreateSimpleChain(size_t chain_length)222 std::vector<std::unique_ptr<CertBuilder>> CertBuilder::CreateSimpleChain(
223 size_t chain_length) {
224 std::vector<std::unique_ptr<CertBuilder>> chain;
225 base::Time not_before = base::Time::Now() - base::Days(7);
226 base::Time not_after = base::Time::Now() + base::Days(7);
227 CertBuilder* parent_builder = nullptr;
228 for (size_t remaining_chain_length = chain_length; remaining_chain_length;
229 remaining_chain_length--) {
230 auto builder = std::make_unique<CertBuilder>(nullptr, parent_builder);
231 builder->SetValidity(not_before, not_after);
232 if (remaining_chain_length > 1) {
233 // CA properties:
234 builder->SetBasicConstraints(/*is_ca=*/true, /*path_len=*/-1);
235 builder->SetKeyUsages(
236 {bssl::KEY_USAGE_BIT_KEY_CERT_SIGN, bssl::KEY_USAGE_BIT_CRL_SIGN});
237 } else {
238 // Leaf properties:
239 builder->SetBasicConstraints(/*is_ca=*/false, /*path_len=*/-1);
240 builder->SetKeyUsages({bssl::KEY_USAGE_BIT_DIGITAL_SIGNATURE});
241 builder->SetExtendedKeyUsages({bssl::der::Input(bssl::kServerAuth)});
242 builder->SetSubjectAltName(kSimpleChainHostname);
243 }
244 parent_builder = builder.get();
245 chain.push_back(std::move(builder));
246 }
247 base::ranges::reverse(chain);
248 return chain;
249 }
250
251 // static
CreateSimpleChain3()252 std::array<std::unique_ptr<CertBuilder>, 3> CertBuilder::CreateSimpleChain3() {
253 auto chain = CreateSimpleChain(3);
254 return {std::move(chain[0]), std::move(chain[1]), std::move(chain[2])};
255 }
256
257 // static
CreateSimpleChain2()258 std::array<std::unique_ptr<CertBuilder>, 2> CertBuilder::CreateSimpleChain2() {
259 auto chain = CreateSimpleChain(2);
260 return {std::move(chain[0]), std::move(chain[1])};
261 }
262
263 // static
264 std::optional<bssl::SignatureAlgorithm>
DefaultSignatureAlgorithmForKey(EVP_PKEY * key)265 CertBuilder::DefaultSignatureAlgorithmForKey(EVP_PKEY* key) {
266 if (EVP_PKEY_id(key) == EVP_PKEY_RSA)
267 return bssl::SignatureAlgorithm::kRsaPkcs1Sha256;
268 if (EVP_PKEY_id(key) == EVP_PKEY_EC)
269 return bssl::SignatureAlgorithm::kEcdsaSha256;
270 return std::nullopt;
271 }
272
273 // static
SignData(bssl::SignatureAlgorithm signature_algorithm,std::string_view tbs_data,EVP_PKEY * key,CBB * out_signature)274 bool CertBuilder::SignData(bssl::SignatureAlgorithm signature_algorithm,
275 std::string_view tbs_data,
276 EVP_PKEY* key,
277 CBB* out_signature) {
278 if (!key)
279 return false;
280
281 int expected_pkey_id = 1;
282 const EVP_MD* digest;
283 switch (signature_algorithm) {
284 case bssl::SignatureAlgorithm::kRsaPkcs1Sha1:
285 expected_pkey_id = EVP_PKEY_RSA;
286 digest = EVP_sha1();
287 break;
288 case bssl::SignatureAlgorithm::kRsaPkcs1Sha256:
289 expected_pkey_id = EVP_PKEY_RSA;
290 digest = EVP_sha256();
291 break;
292 case bssl::SignatureAlgorithm::kRsaPkcs1Sha384:
293 expected_pkey_id = EVP_PKEY_RSA;
294 digest = EVP_sha384();
295 break;
296 case bssl::SignatureAlgorithm::kRsaPkcs1Sha512:
297 expected_pkey_id = EVP_PKEY_RSA;
298 digest = EVP_sha512();
299 break;
300
301 case bssl::SignatureAlgorithm::kEcdsaSha1:
302 expected_pkey_id = EVP_PKEY_EC;
303 digest = EVP_sha1();
304 break;
305 case bssl::SignatureAlgorithm::kEcdsaSha256:
306 expected_pkey_id = EVP_PKEY_EC;
307 digest = EVP_sha256();
308 break;
309 case bssl::SignatureAlgorithm::kEcdsaSha384:
310 expected_pkey_id = EVP_PKEY_EC;
311 digest = EVP_sha384();
312 break;
313 case bssl::SignatureAlgorithm::kEcdsaSha512:
314 expected_pkey_id = EVP_PKEY_EC;
315 digest = EVP_sha512();
316 break;
317
318 case bssl::SignatureAlgorithm::kRsaPssSha256:
319 case bssl::SignatureAlgorithm::kRsaPssSha384:
320 case bssl::SignatureAlgorithm::kRsaPssSha512:
321 // Unsupported algorithms.
322 return false;
323 }
324
325 return expected_pkey_id == EVP_PKEY_id(key) &&
326 SignDataWithDigest(digest, tbs_data, key, out_signature);
327 }
328
329 // static
SignDataWithDigest(const EVP_MD * digest,std::string_view tbs_data,EVP_PKEY * key,CBB * out_signature)330 bool CertBuilder::SignDataWithDigest(const EVP_MD* digest,
331 std::string_view tbs_data,
332 EVP_PKEY* key,
333 CBB* out_signature) {
334 const uint8_t* tbs_bytes = reinterpret_cast<const uint8_t*>(tbs_data.data());
335 bssl::ScopedEVP_MD_CTX ctx;
336 uint8_t* sig_out;
337 size_t sig_len;
338
339 return EVP_DigestSignInit(ctx.get(), nullptr, digest, nullptr, key) &&
340 EVP_DigestSign(ctx.get(), nullptr, &sig_len, tbs_bytes,
341 tbs_data.size()) &&
342 CBB_reserve(out_signature, &sig_out, sig_len) &&
343 EVP_DigestSign(ctx.get(), sig_out, &sig_len, tbs_bytes,
344 tbs_data.size()) &&
345 CBB_did_write(out_signature, sig_len);
346 }
347
348 // static
SignatureAlgorithmToDer(bssl::SignatureAlgorithm signature_algorithm)349 std::string CertBuilder::SignatureAlgorithmToDer(
350 bssl::SignatureAlgorithm signature_algorithm) {
351 switch (signature_algorithm) {
352 case bssl::SignatureAlgorithm::kRsaPkcs1Sha1:
353 return Sha1WithRSAEncryption();
354 case bssl::SignatureAlgorithm::kRsaPkcs1Sha256:
355 return Sha256WithRSAEncryption();
356 case bssl::SignatureAlgorithm::kEcdsaSha1:
357 return EcdsaWithSha1();
358 case bssl::SignatureAlgorithm::kEcdsaSha256:
359 return EcdsaWithSha256();
360 default:
361 ADD_FAILURE();
362 return std::string();
363 }
364 }
365
366 // static
MakeRandomHexString(size_t num_bytes)367 std::string CertBuilder::MakeRandomHexString(size_t num_bytes) {
368 std::vector<uint8_t> rand_bytes(num_bytes);
369 base::RandBytes(rand_bytes);
370 return base::HexEncode(rand_bytes);
371 }
372
373 // static
BuildNameWithCommonNameOfType(std::string_view common_name,unsigned common_name_tag)374 std::vector<uint8_t> CertBuilder::BuildNameWithCommonNameOfType(
375 std::string_view common_name,
376 unsigned common_name_tag) {
377 // See RFC 4519.
378 static const uint8_t kCommonName[] = {0x55, 0x04, 0x03};
379
380 // See RFC 5280, section 4.1.2.4.
381 bssl::ScopedCBB cbb;
382 CBB rdns, rdn, attr, type, value;
383 if (!CBB_init(cbb.get(), 64) ||
384 !CBB_add_asn1(cbb.get(), &rdns, CBS_ASN1_SEQUENCE) ||
385 !CBB_add_asn1(&rdns, &rdn, CBS_ASN1_SET) ||
386 !CBB_add_asn1(&rdn, &attr, CBS_ASN1_SEQUENCE) ||
387 !CBB_add_asn1(&attr, &type, CBS_ASN1_OBJECT) ||
388 !CBBAddBytes(&type, kCommonName) ||
389 !CBB_add_asn1(&attr, &value, common_name_tag) ||
390 !CBBAddBytes(&value, common_name)) {
391 ADD_FAILURE();
392 return {};
393 }
394
395 return FinishCBBToVector(cbb.get());
396 }
397
SetCertificateVersion(bssl::CertificateVersion version)398 void CertBuilder::SetCertificateVersion(bssl::CertificateVersion version) {
399 version_ = version;
400 Invalidate();
401 }
402
SetExtension(const bssl::der::Input & oid,std::string value,bool critical)403 void CertBuilder::SetExtension(const bssl::der::Input& oid,
404 std::string value,
405 bool critical) {
406 auto& extension_value = extensions_[oid.AsString()];
407 extension_value.critical = critical;
408 extension_value.value = std::move(value);
409
410 Invalidate();
411 }
412
EraseExtension(const bssl::der::Input & oid)413 void CertBuilder::EraseExtension(const bssl::der::Input& oid) {
414 extensions_.erase(oid.AsString());
415
416 Invalidate();
417 }
418
ClearExtensions()419 void CertBuilder::ClearExtensions() {
420 extensions_.clear();
421 Invalidate();
422 }
423
SetBasicConstraints(bool is_ca,int path_len)424 void CertBuilder::SetBasicConstraints(bool is_ca, int path_len) {
425 // From RFC 5280:
426 //
427 // BasicConstraints ::= SEQUENCE {
428 // cA BOOLEAN DEFAULT FALSE,
429 // pathLenConstraint INTEGER (0..MAX) OPTIONAL }
430 bssl::ScopedCBB cbb;
431 CBB basic_constraints;
432 ASSERT_TRUE(CBB_init(cbb.get(), 64));
433 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &basic_constraints, CBS_ASN1_SEQUENCE));
434 if (is_ca)
435 ASSERT_TRUE(CBB_add_asn1_bool(&basic_constraints, true));
436 if (path_len >= 0)
437 ASSERT_TRUE(CBB_add_asn1_uint64(&basic_constraints, path_len));
438
439 SetExtension(bssl::der::Input(bssl::kBasicConstraintsOid),
440 FinishCBB(cbb.get()),
441 /*critical=*/true);
442 }
443
444 namespace {
AddNameConstraintsSubTrees(CBB * cbb,const std::vector<std::string> & dns_names)445 void AddNameConstraintsSubTrees(CBB* cbb,
446 const std::vector<std::string>& dns_names) {
447 CBB subtrees;
448 ASSERT_TRUE(CBB_add_asn1(
449 cbb, &subtrees, CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0));
450 for (const auto& name : dns_names) {
451 CBB subtree;
452 ASSERT_TRUE(CBB_add_asn1(&subtrees, &subtree, CBS_ASN1_SEQUENCE));
453 CBB general_name;
454 ASSERT_TRUE(
455 CBB_add_asn1(&subtree, &general_name, CBS_ASN1_CONTEXT_SPECIFIC | 2));
456 ASSERT_TRUE(CBBAddBytes(&general_name, name));
457 ASSERT_TRUE(CBB_flush(&subtrees));
458 }
459 ASSERT_TRUE(CBB_flush(cbb));
460 }
461 } // namespace
462
SetNameConstraintsDnsNames(const std::vector<std::string> & permitted_dns_names,const std::vector<std::string> & excluded_dns_names)463 void CertBuilder::SetNameConstraintsDnsNames(
464 const std::vector<std::string>& permitted_dns_names,
465 const std::vector<std::string>& excluded_dns_names) {
466 // From RFC 5280:
467 //
468 // id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }
469 //
470 // NameConstraints ::= SEQUENCE {
471 // permittedSubtrees [0] GeneralSubtrees OPTIONAL,
472 // excludedSubtrees [1] GeneralSubtrees OPTIONAL }
473 //
474 // GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
475 //
476 // GeneralSubtree ::= SEQUENCE {
477 // base GeneralName,
478 // minimum [0] BaseDistance DEFAULT 0,
479 // maximum [1] BaseDistance OPTIONAL }
480 //
481 // BaseDistance ::= INTEGER (0..MAX)
482
483 if (permitted_dns_names.empty() && excluded_dns_names.empty()) {
484 EraseExtension(bssl::der::Input(bssl::kNameConstraintsOid));
485 return;
486 }
487
488 bssl::ScopedCBB cbb;
489 CBB name_constraints;
490 ASSERT_TRUE(CBB_init(cbb.get(), 64));
491 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &name_constraints, CBS_ASN1_SEQUENCE));
492 if (!permitted_dns_names.empty()) {
493 ASSERT_NO_FATAL_FAILURE(
494 AddNameConstraintsSubTrees(&name_constraints, permitted_dns_names));
495 }
496 if (!excluded_dns_names.empty()) {
497 ASSERT_NO_FATAL_FAILURE(
498 AddNameConstraintsSubTrees(&name_constraints, excluded_dns_names));
499 }
500 SetExtension(bssl::der::Input(bssl::kNameConstraintsOid),
501 FinishCBB(cbb.get()),
502 /*critical=*/true);
503 }
504
SetCaIssuersUrl(const GURL & url)505 void CertBuilder::SetCaIssuersUrl(const GURL& url) {
506 SetCaIssuersAndOCSPUrls({url}, {});
507 }
508
SetCaIssuersAndOCSPUrls(const std::vector<GURL> & ca_issuers_urls,const std::vector<GURL> & ocsp_urls)509 void CertBuilder::SetCaIssuersAndOCSPUrls(
510 const std::vector<GURL>& ca_issuers_urls,
511 const std::vector<GURL>& ocsp_urls) {
512 std::vector<std::pair<bssl::der::Input, GURL>> entries;
513 for (const auto& url : ca_issuers_urls)
514 entries.emplace_back(bssl::der::Input(bssl::kAdCaIssuersOid), url);
515 for (const auto& url : ocsp_urls)
516 entries.emplace_back(bssl::der::Input(bssl::kAdOcspOid), url);
517
518 if (entries.empty()) {
519 EraseExtension(bssl::der::Input(bssl::kAuthorityInfoAccessOid));
520 return;
521 }
522
523 // From RFC 5280:
524 //
525 // AuthorityInfoAccessSyntax ::=
526 // SEQUENCE SIZE (1..MAX) OF AccessDescription
527 //
528 // AccessDescription ::= SEQUENCE {
529 // accessMethod OBJECT IDENTIFIER,
530 // accessLocation GeneralName }
531 bssl::ScopedCBB cbb;
532 CBB aia;
533 ASSERT_TRUE(CBB_init(cbb.get(), 64));
534 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &aia, CBS_ASN1_SEQUENCE));
535
536 for (const auto& entry : entries) {
537 CBB access_description, access_method, access_location;
538 ASSERT_TRUE(CBB_add_asn1(&aia, &access_description, CBS_ASN1_SEQUENCE));
539 ASSERT_TRUE(
540 CBB_add_asn1(&access_description, &access_method, CBS_ASN1_OBJECT));
541 ASSERT_TRUE(CBBAddBytes(&access_method, entry.first.AsStringView()));
542 ASSERT_TRUE(CBB_add_asn1(&access_description, &access_location,
543 CBS_ASN1_CONTEXT_SPECIFIC | 6));
544 ASSERT_TRUE(CBBAddBytes(&access_location, entry.second.spec()));
545 ASSERT_TRUE(CBB_flush(&aia));
546 }
547
548 SetExtension(bssl::der::Input(bssl::kAuthorityInfoAccessOid),
549 FinishCBB(cbb.get()));
550 }
551
SetCrlDistributionPointUrl(const GURL & url)552 void CertBuilder::SetCrlDistributionPointUrl(const GURL& url) {
553 SetCrlDistributionPointUrls({url});
554 }
555
SetCrlDistributionPointUrls(const std::vector<GURL> & urls)556 void CertBuilder::SetCrlDistributionPointUrls(const std::vector<GURL>& urls) {
557 bssl::ScopedCBB cbb;
558 ASSERT_TRUE(CBB_init(cbb.get(), 64));
559 CBB dps, dp, dp_name, dp_fullname;
560
561 // CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
562 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &dps, CBS_ASN1_SEQUENCE));
563
564 // DistributionPoint ::= SEQUENCE {
565 // distributionPoint [0] DistributionPointName OPTIONAL,
566 // reasons [1] ReasonFlags OPTIONAL,
567 // cRLIssuer [2] bssl::GeneralNames OPTIONAL }
568 ASSERT_TRUE(CBB_add_asn1(&dps, &dp, CBS_ASN1_SEQUENCE));
569 ASSERT_TRUE(CBB_add_asn1(
570 &dp, &dp_name, CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0));
571
572 // DistributionPointName ::= CHOICE {
573 // fullName [0] bssl::GeneralNames,
574 // nameRelativeToCRLIssuer [1] bssl::RelativeDistinguishedName }
575 ASSERT_TRUE(
576 CBB_add_asn1(&dp_name, &dp_fullname,
577 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0));
578
579 // bssl::GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
580 // GeneralName ::= CHOICE {
581 // uniformResourceIdentifier [6] IA5String,
582 for (const auto& url : urls) {
583 CBB dp_url;
584 ASSERT_TRUE(
585 CBB_add_asn1(&dp_fullname, &dp_url, CBS_ASN1_CONTEXT_SPECIFIC | 6));
586 ASSERT_TRUE(CBBAddBytes(&dp_url, url.spec()));
587 ASSERT_TRUE(CBB_flush(&dp_fullname));
588 }
589
590 SetExtension(bssl::der::Input(bssl::kCrlDistributionPointsOid),
591 FinishCBB(cbb.get()));
592 }
593
SetIssuerTLV(base::span<const uint8_t> issuer_tlv)594 void CertBuilder::SetIssuerTLV(base::span<const uint8_t> issuer_tlv) {
595 if (issuer_tlv.empty())
596 issuer_tlv_ = std::nullopt;
597 else
598 issuer_tlv_ = std::string(issuer_tlv.begin(), issuer_tlv.end());
599 Invalidate();
600 }
601
SetSubjectCommonName(std::string_view common_name)602 void CertBuilder::SetSubjectCommonName(std::string_view common_name) {
603 SetSubjectTLV(
604 BuildNameWithCommonNameOfType(common_name, CBS_ASN1_UTF8STRING));
605 Invalidate();
606 }
607
SetSubjectTLV(base::span<const uint8_t> subject_tlv)608 void CertBuilder::SetSubjectTLV(base::span<const uint8_t> subject_tlv) {
609 subject_tlv_.assign(subject_tlv.begin(), subject_tlv.end());
610 Invalidate();
611 }
612
SetSubjectAltName(std::string_view dns_name)613 void CertBuilder::SetSubjectAltName(std::string_view dns_name) {
614 SetSubjectAltNames({std::string(dns_name)}, {});
615 }
616
SetSubjectAltNames(const std::vector<std::string> & dns_names,const std::vector<IPAddress> & ip_addresses)617 void CertBuilder::SetSubjectAltNames(
618 const std::vector<std::string>& dns_names,
619 const std::vector<IPAddress>& ip_addresses) {
620 // From RFC 5280:
621 //
622 // SubjectAltName ::= bssl::GeneralNames
623 //
624 // bssl::GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
625 //
626 // GeneralName ::= CHOICE {
627 // ...
628 // dNSName [2] IA5String,
629 // ...
630 // iPAddress [7] OCTET STRING,
631 // ... }
632 ASSERT_GT(dns_names.size() + ip_addresses.size(), 0U);
633 bssl::ScopedCBB cbb;
634 CBB general_names;
635 ASSERT_TRUE(CBB_init(cbb.get(), 64));
636 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &general_names, CBS_ASN1_SEQUENCE));
637 if (!dns_names.empty()) {
638 for (const auto& name : dns_names) {
639 CBB general_name;
640 ASSERT_TRUE(CBB_add_asn1(&general_names, &general_name,
641 CBS_ASN1_CONTEXT_SPECIFIC | 2));
642 ASSERT_TRUE(CBBAddBytes(&general_name, name));
643 ASSERT_TRUE(CBB_flush(&general_names));
644 }
645 }
646 if (!ip_addresses.empty()) {
647 for (const auto& addr : ip_addresses) {
648 CBB general_name;
649 ASSERT_TRUE(CBB_add_asn1(&general_names, &general_name,
650 CBS_ASN1_CONTEXT_SPECIFIC | 7));
651 ASSERT_TRUE(
652 CBB_add_bytes(&general_name, addr.bytes().data(), addr.size()));
653 ASSERT_TRUE(CBB_flush(&general_names));
654 }
655 }
656 SetExtension(bssl::der::Input(bssl::kSubjectAltNameOid),
657 FinishCBB(cbb.get()));
658 }
659
SetKeyUsages(const std::vector<bssl::KeyUsageBit> & usages)660 void CertBuilder::SetKeyUsages(const std::vector<bssl::KeyUsageBit>& usages) {
661 ASSERT_GT(usages.size(), 0U);
662 int number_of_unused_bits = 0;
663 std::vector<uint8_t> bytes;
664 for (auto usage : usages) {
665 int bit_index = static_cast<int>(usage);
666
667 // Index of the byte that contains the bit.
668 size_t byte_index = bit_index / 8;
669
670 if (byte_index + 1 > bytes.size()) {
671 bytes.resize(byte_index + 1);
672 number_of_unused_bits = 8;
673 }
674
675 // Within a byte, bits are ordered from most significant to least
676 // significant. Convert |bit_index| to an index within the |byte_index|
677 // byte, measured from its least significant bit.
678 uint8_t bit_index_in_byte = 7 - (bit_index - byte_index * 8);
679
680 if (byte_index + 1 == bytes.size() &&
681 bit_index_in_byte < number_of_unused_bits) {
682 number_of_unused_bits = bit_index_in_byte;
683 }
684
685 bytes[byte_index] |= (1 << bit_index_in_byte);
686 }
687
688 // From RFC 5290:
689 // KeyUsage ::= BIT STRING {...}
690 bssl::ScopedCBB cbb;
691 CBB ku_cbb;
692 ASSERT_TRUE(CBB_init(cbb.get(), bytes.size() + 1));
693 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &ku_cbb, CBS_ASN1_BITSTRING));
694 ASSERT_TRUE(CBB_add_u8(&ku_cbb, number_of_unused_bits));
695 ASSERT_TRUE(CBB_add_bytes(&ku_cbb, bytes.data(), bytes.size()));
696 SetExtension(bssl::der::Input(bssl::kKeyUsageOid), FinishCBB(cbb.get()),
697 /*critical=*/true);
698 }
699
SetExtendedKeyUsages(const std::vector<bssl::der::Input> & purpose_oids)700 void CertBuilder::SetExtendedKeyUsages(
701 const std::vector<bssl::der::Input>& purpose_oids) {
702 // From RFC 5280:
703 // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
704 // KeyPurposeId ::= OBJECT IDENTIFIER
705 ASSERT_GT(purpose_oids.size(), 0U);
706 bssl::ScopedCBB cbb;
707 CBB eku;
708 ASSERT_TRUE(CBB_init(cbb.get(), 64));
709 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &eku, CBS_ASN1_SEQUENCE));
710
711 for (const auto& oid : purpose_oids) {
712 CBB purpose_cbb;
713 ASSERT_TRUE(CBB_add_asn1(&eku, &purpose_cbb, CBS_ASN1_OBJECT));
714 ASSERT_TRUE(CBBAddBytes(&purpose_cbb, oid.AsStringView()));
715 ASSERT_TRUE(CBB_flush(&eku));
716 }
717 SetExtension(bssl::der::Input(bssl::kExtKeyUsageOid), FinishCBB(cbb.get()));
718 }
719
SetCertificatePolicies(const std::vector<std::string> & policy_oids)720 void CertBuilder::SetCertificatePolicies(
721 const std::vector<std::string>& policy_oids) {
722 // From RFC 5280:
723 // certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
724 //
725 // PolicyInformation ::= SEQUENCE {
726 // policyIdentifier CertPolicyId,
727 // policyQualifiers SEQUENCE SIZE (1..MAX) OF
728 // PolicyQualifierInfo OPTIONAL }
729 //
730 // CertPolicyId ::= OBJECT IDENTIFIER
731 if (policy_oids.empty()) {
732 EraseExtension(bssl::der::Input(bssl::kCertificatePoliciesOid));
733 return;
734 }
735
736 bssl::ScopedCBB cbb;
737 CBB certificate_policies;
738 ASSERT_TRUE(CBB_init(cbb.get(), 64));
739 ASSERT_TRUE(
740 CBB_add_asn1(cbb.get(), &certificate_policies, CBS_ASN1_SEQUENCE));
741 for (const auto& oid : policy_oids) {
742 CBB policy_information, policy_identifier;
743 ASSERT_TRUE(CBB_add_asn1(&certificate_policies, &policy_information,
744 CBS_ASN1_SEQUENCE));
745 ASSERT_TRUE(
746 CBB_add_asn1(&policy_information, &policy_identifier, CBS_ASN1_OBJECT));
747 ASSERT_TRUE(
748 CBB_add_asn1_oid_from_text(&policy_identifier, oid.data(), oid.size()));
749 ASSERT_TRUE(CBB_flush(&certificate_policies));
750 }
751
752 SetExtension(bssl::der::Input(bssl::kCertificatePoliciesOid),
753 FinishCBB(cbb.get()));
754 }
755
SetPolicyMappings(const std::vector<std::pair<std::string,std::string>> & policy_mappings)756 void CertBuilder::SetPolicyMappings(
757 const std::vector<std::pair<std::string, std::string>>& policy_mappings) {
758 // From RFC 5280:
759 // PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
760 // issuerDomainPolicy CertPolicyId,
761 // subjectDomainPolicy CertPolicyId }
762 if (policy_mappings.empty()) {
763 EraseExtension(bssl::der::Input(bssl::kPolicyMappingsOid));
764 return;
765 }
766
767 bssl::ScopedCBB cbb;
768 CBB mappings_sequence;
769 ASSERT_TRUE(CBB_init(cbb.get(), 64));
770 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &mappings_sequence, CBS_ASN1_SEQUENCE));
771 for (const auto& [issuer_domain_policy, subject_domain_policy] :
772 policy_mappings) {
773 CBB mapping_sequence;
774 CBB issuer_policy_object;
775 CBB subject_policy_object;
776 ASSERT_TRUE(
777 CBB_add_asn1(&mappings_sequence, &mapping_sequence, CBS_ASN1_SEQUENCE));
778
779 ASSERT_TRUE(CBB_add_asn1(&mapping_sequence, &issuer_policy_object,
780 CBS_ASN1_OBJECT));
781 ASSERT_TRUE(CBB_add_asn1_oid_from_text(&issuer_policy_object,
782 issuer_domain_policy.data(),
783 issuer_domain_policy.size()));
784
785 ASSERT_TRUE(CBB_add_asn1(&mapping_sequence, &subject_policy_object,
786 CBS_ASN1_OBJECT));
787 ASSERT_TRUE(CBB_add_asn1_oid_from_text(&subject_policy_object,
788 subject_domain_policy.data(),
789 subject_domain_policy.size()));
790
791 ASSERT_TRUE(CBB_flush(&mappings_sequence));
792 }
793
794 SetExtension(bssl::der::Input(bssl::kPolicyMappingsOid), FinishCBB(cbb.get()),
795 /*critical=*/true);
796 }
797
SetPolicyConstraints(std::optional<uint64_t> require_explicit_policy,std::optional<uint64_t> inhibit_policy_mapping)798 void CertBuilder::SetPolicyConstraints(
799 std::optional<uint64_t> require_explicit_policy,
800 std::optional<uint64_t> inhibit_policy_mapping) {
801 if (!require_explicit_policy.has_value() &&
802 !inhibit_policy_mapping.has_value()) {
803 EraseExtension(bssl::der::Input(bssl::kPolicyConstraintsOid));
804 return;
805 }
806
807 // From RFC 5280:
808 // PolicyConstraints ::= SEQUENCE {
809 // requireExplicitPolicy [0] SkipCerts OPTIONAL,
810 // inhibitPolicyMapping [1] SkipCerts OPTIONAL }
811 //
812 // SkipCerts ::= INTEGER (0..MAX)
813 bssl::ScopedCBB cbb;
814 CBB policy_constraints;
815 ASSERT_TRUE(CBB_init(cbb.get(), 64));
816 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &policy_constraints, CBS_ASN1_SEQUENCE));
817 if (require_explicit_policy.has_value()) {
818 ASSERT_TRUE(CBB_add_asn1_uint64_with_tag(&policy_constraints,
819 *require_explicit_policy,
820 CBS_ASN1_CONTEXT_SPECIFIC | 0));
821 }
822 if (inhibit_policy_mapping.has_value()) {
823 ASSERT_TRUE(CBB_add_asn1_uint64_with_tag(&policy_constraints,
824 *inhibit_policy_mapping,
825 CBS_ASN1_CONTEXT_SPECIFIC | 1));
826 }
827
828 SetExtension(bssl::der::Input(bssl::kPolicyConstraintsOid),
829 FinishCBB(cbb.get()),
830 /*critical=*/true);
831 }
832
SetInhibitAnyPolicy(uint64_t skip_certs)833 void CertBuilder::SetInhibitAnyPolicy(uint64_t skip_certs) {
834 // From RFC 5280:
835 // id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 }
836 //
837 // InhibitAnyPolicy ::= SkipCerts
838 //
839 // SkipCerts ::= INTEGER (0..MAX)
840 bssl::ScopedCBB cbb;
841 ASSERT_TRUE(CBB_init(cbb.get(), 64));
842 ASSERT_TRUE(CBB_add_asn1_uint64(cbb.get(), skip_certs));
843 SetExtension(bssl::der::Input(bssl::kInhibitAnyPolicyOid),
844 FinishCBB(cbb.get()),
845 /*critical=*/true);
846 }
847
SetValidity(base::Time not_before,base::Time not_after)848 void CertBuilder::SetValidity(base::Time not_before, base::Time not_after) {
849 // From RFC 5280:
850 // Validity ::= SEQUENCE {
851 // notBefore Time,
852 // notAfter Time }
853 bssl::ScopedCBB cbb;
854 CBB validity;
855 ASSERT_TRUE(CBB_init(cbb.get(), 64));
856 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &validity, CBS_ASN1_SEQUENCE));
857 ASSERT_TRUE(x509_util::CBBAddTime(&validity, not_before));
858 ASSERT_TRUE(x509_util::CBBAddTime(&validity, not_after));
859 validity_tlv_ = FinishCBB(cbb.get());
860 Invalidate();
861 }
862
SetSubjectKeyIdentifier(const std::string & subject_key_identifier)863 void CertBuilder::SetSubjectKeyIdentifier(
864 const std::string& subject_key_identifier) {
865 ASSERT_FALSE(subject_key_identifier.empty());
866
867 // From RFC 5280:
868 // KeyIdentifier ::= OCTET STRING
869 // SubjectKeyIdentifier ::= KeyIdentifier
870 bssl::ScopedCBB cbb;
871 ASSERT_TRUE(CBB_init(cbb.get(), 32));
872
873 ASSERT_TRUE(CBB_add_asn1_octet_string(
874 cbb.get(),
875 reinterpret_cast<const uint8_t*>(subject_key_identifier.data()),
876 subject_key_identifier.size()));
877
878 // Replace the existing SKI. Note it MUST be non-critical, per RFC 5280.
879 SetExtension(bssl::der::Input(bssl::kSubjectKeyIdentifierOid),
880 FinishCBB(cbb.get()),
881 /*critical=*/false);
882 }
883
SetAuthorityKeyIdentifier(const std::string & authority_key_identifier)884 void CertBuilder::SetAuthorityKeyIdentifier(
885 const std::string& authority_key_identifier) {
886 // If an empty AKI is presented, simply erase the existing one. Creating
887 // an empty AKI is technically valid, but there's no use case for this.
888 // An empty AKI would an empty (ergo, non-unique) SKI on the issuer,
889 // which would violate RFC 5280, so using the empty value as a placeholder
890 // unless and until a use case emerges is fine.
891 if (authority_key_identifier.empty()) {
892 EraseExtension(bssl::der::Input(bssl::kAuthorityKeyIdentifierOid));
893 return;
894 }
895
896 // From RFC 5280:
897 //
898 // AuthorityKeyIdentifier ::= SEQUENCE {
899 // keyIdentifier [0] KeyIdentifier OPTIONAL,
900 // authorityCertIssuer [1] bssl::GeneralNames OPTIONAL,
901 // authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
902 //
903 // KeyIdentifier ::= OCTET STRING
904 bssl::ScopedCBB cbb;
905 CBB aki, aki_value;
906 ASSERT_TRUE(CBB_init(cbb.get(), 32));
907 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &aki, CBS_ASN1_SEQUENCE));
908 ASSERT_TRUE(CBB_add_asn1(&aki, &aki_value, CBS_ASN1_CONTEXT_SPECIFIC | 0));
909 ASSERT_TRUE(CBBAddBytes(&aki_value, authority_key_identifier));
910 ASSERT_TRUE(CBB_flush(&aki));
911
912 SetExtension(bssl::der::Input(bssl::kAuthorityKeyIdentifierOid),
913 FinishCBB(cbb.get()));
914 }
915
SetSignatureAlgorithm(bssl::SignatureAlgorithm signature_algorithm)916 void CertBuilder::SetSignatureAlgorithm(
917 bssl::SignatureAlgorithm signature_algorithm) {
918 signature_algorithm_ = signature_algorithm;
919 Invalidate();
920 }
921
SetSignatureAlgorithmTLV(std::string_view signature_algorithm_tlv)922 void CertBuilder::SetSignatureAlgorithmTLV(
923 std::string_view signature_algorithm_tlv) {
924 SetOuterSignatureAlgorithmTLV(signature_algorithm_tlv);
925 SetTBSSignatureAlgorithmTLV(signature_algorithm_tlv);
926 }
927
SetOuterSignatureAlgorithmTLV(std::string_view signature_algorithm_tlv)928 void CertBuilder::SetOuterSignatureAlgorithmTLV(
929 std::string_view signature_algorithm_tlv) {
930 outer_signature_algorithm_tlv_ = std::string(signature_algorithm_tlv);
931 Invalidate();
932 }
933
SetTBSSignatureAlgorithmTLV(std::string_view signature_algorithm_tlv)934 void CertBuilder::SetTBSSignatureAlgorithmTLV(
935 std::string_view signature_algorithm_tlv) {
936 tbs_signature_algorithm_tlv_ = std::string(signature_algorithm_tlv);
937 Invalidate();
938 }
939
SetSerialNumber(uint64_t serial_number)940 void CertBuilder::SetSerialNumber(uint64_t serial_number) {
941 serial_number_ = serial_number;
942 Invalidate();
943 }
944
SetRandomSerialNumber()945 void CertBuilder::SetRandomSerialNumber() {
946 serial_number_ = base::RandUint64();
947 Invalidate();
948 }
949
SetSctConfig(std::vector<CertBuilder::SctConfig> sct_configs)950 void CertBuilder::SetSctConfig(
951 std::vector<CertBuilder::SctConfig> sct_configs) {
952 sct_configs_ = std::move(sct_configs);
953 Invalidate();
954 }
955
GetCertBuffer()956 CRYPTO_BUFFER* CertBuilder::GetCertBuffer() {
957 if (!cert_)
958 GenerateCertificate();
959 return cert_.get();
960 }
961
DupCertBuffer()962 bssl::UniquePtr<CRYPTO_BUFFER> CertBuilder::DupCertBuffer() {
963 return bssl::UpRef(GetCertBuffer());
964 }
965
GetSubject()966 const std::string& CertBuilder::GetSubject() {
967 if (subject_tlv_.empty())
968 GenerateSubject();
969 return subject_tlv_;
970 }
971
GetSerialNumber()972 uint64_t CertBuilder::GetSerialNumber() {
973 if (!serial_number_)
974 serial_number_ = base::RandUint64();
975 return serial_number_;
976 }
977
GetSubjectKeyIdentifier()978 std::string CertBuilder::GetSubjectKeyIdentifier() {
979 std::string ski_oid =
980 bssl::der::Input(bssl::kSubjectKeyIdentifierOid).AsString();
981 if (extensions_.find(ski_oid) == extensions_.end()) {
982 // If no SKI is present, this means that the certificate was either
983 // created by FromStaticCert() and lacked one, or it was explicitly
984 // deleted as an extension.
985 return std::string();
986 }
987
988 auto& extension_value = extensions_[ski_oid];
989 bssl::der::Input ski_value;
990 if (!bssl::ParseSubjectKeyIdentifier(bssl::der::Input(extension_value.value),
991 &ski_value)) {
992 return std::string();
993 }
994 return ski_value.AsString();
995 }
996
GetValidity(base::Time * not_before,base::Time * not_after) const997 bool CertBuilder::GetValidity(base::Time* not_before,
998 base::Time* not_after) const {
999 bssl::der::GeneralizedTime not_before_generalized_time;
1000 bssl::der::GeneralizedTime not_after_generalized_time;
1001 if (!bssl::ParseValidity(bssl::der::Input(validity_tlv_),
1002 ¬_before_generalized_time,
1003 ¬_after_generalized_time) ||
1004 !GeneralizedTimeToTime(not_before_generalized_time, not_before) ||
1005 !GeneralizedTimeToTime(not_after_generalized_time, not_after)) {
1006 return false;
1007 }
1008 return true;
1009 }
1010
GetKey()1011 EVP_PKEY* CertBuilder::GetKey() {
1012 if (!key_) {
1013 switch (default_pkey_id_) {
1014 case EVP_PKEY_RSA:
1015 GenerateRSAKey();
1016 break;
1017 case EVP_PKEY_EC:
1018 GenerateECKey();
1019 break;
1020 }
1021 }
1022 return key_.get();
1023 }
1024
GetX509Certificate()1025 scoped_refptr<X509Certificate> CertBuilder::GetX509Certificate() {
1026 return X509Certificate::CreateFromBuffer(DupCertBuffer(), {});
1027 }
1028
GetX509CertificateChain()1029 scoped_refptr<X509Certificate> CertBuilder::GetX509CertificateChain() {
1030 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates;
1031 // Add intermediates, not including the self-signed root.
1032 for (CertBuilder* cert = issuer_; cert && cert != cert->issuer_;
1033 cert = cert->issuer_) {
1034 intermediates.push_back(cert->DupCertBuffer());
1035 }
1036 return X509Certificate::CreateFromBuffer(DupCertBuffer(),
1037 std::move(intermediates));
1038 }
1039
GetX509CertificateFullChain()1040 scoped_refptr<X509Certificate> CertBuilder::GetX509CertificateFullChain() {
1041 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates;
1042 // Add intermediates and the self-signed root.
1043 for (CertBuilder* cert = issuer_; cert; cert = cert->issuer_) {
1044 intermediates.push_back(cert->DupCertBuffer());
1045 if (cert == cert->issuer_)
1046 break;
1047 }
1048 return X509Certificate::CreateFromBuffer(DupCertBuffer(),
1049 std::move(intermediates));
1050 }
1051
GetDER()1052 std::string CertBuilder::GetDER() {
1053 return std::string(x509_util::CryptoBufferAsStringPiece(GetCertBuffer()));
1054 }
1055
GetPEM()1056 std::string CertBuilder::GetPEM() {
1057 std::string pem_encoded;
1058 EXPECT_TRUE(X509Certificate::GetPEMEncoded(GetCertBuffer(), &pem_encoded));
1059 return pem_encoded;
1060 }
1061
GetPEMFullChain()1062 std::string CertBuilder::GetPEMFullChain() {
1063 std::vector<std::string> pems;
1064 CertBuilder* cert = this;
1065 while (cert) {
1066 pems.push_back(cert->GetPEM());
1067 if (cert == cert->issuer_)
1068 break;
1069 cert = cert->issuer_;
1070 }
1071 return base::JoinString(pems, "\n");
1072 }
1073
GetPrivateKeyPEM()1074 std::string CertBuilder::GetPrivateKeyPEM() {
1075 std::string pem_encoded = key_util::PEMFromPrivateKey(GetKey());
1076 EXPECT_FALSE(pem_encoded.empty());
1077 return pem_encoded;
1078 }
1079
CertBuilder(CRYPTO_BUFFER * orig_cert,CertBuilder * issuer,bool unique_subject_key_identifier)1080 CertBuilder::CertBuilder(CRYPTO_BUFFER* orig_cert,
1081 CertBuilder* issuer,
1082 bool unique_subject_key_identifier)
1083 : issuer_(issuer) {
1084 if (!issuer_)
1085 issuer_ = this;
1086
1087 crypto::EnsureOpenSSLInit();
1088 if (orig_cert)
1089 InitFromCert(
1090 bssl::der::Input(x509_util::CryptoBufferAsStringPiece(orig_cert)));
1091
1092 if (unique_subject_key_identifier) {
1093 GenerateSubjectKeyIdentifier();
1094 SetAuthorityKeyIdentifier(issuer_->GetSubjectKeyIdentifier());
1095 }
1096 }
1097
Invalidate()1098 void CertBuilder::Invalidate() {
1099 cert_.reset();
1100 }
1101
GenerateECKey()1102 void CertBuilder::GenerateECKey() {
1103 auto private_key = crypto::ECPrivateKey::Create();
1104 SetKey(bssl::UpRef(private_key->key()));
1105 }
1106
GenerateRSAKey()1107 void CertBuilder::GenerateRSAKey() {
1108 auto private_key = crypto::RSAPrivateKey::Create(2048);
1109 SetKey(bssl::UpRef(private_key->key()));
1110 }
1111
UseKeyFromFile(const base::FilePath & key_file)1112 bool CertBuilder::UseKeyFromFile(const base::FilePath& key_file) {
1113 bssl::UniquePtr<EVP_PKEY> private_key(
1114 key_util::LoadEVP_PKEYFromPEM(key_file));
1115 if (!private_key)
1116 return false;
1117 SetKey(std::move(private_key));
1118 return true;
1119 }
1120
SetKey(bssl::UniquePtr<EVP_PKEY> key)1121 void CertBuilder::SetKey(bssl::UniquePtr<EVP_PKEY> key) {
1122 key_ = std::move(key);
1123 Invalidate();
1124 }
1125
GenerateSubjectKeyIdentifier()1126 void CertBuilder::GenerateSubjectKeyIdentifier() {
1127 // 20 bytes are chosen here for no other reason than it's compatible with
1128 // systems that assume the SKI is SHA-1(SPKI), which RFC 5280 notes as one
1129 // mechanism for generating an SKI, while also noting that random/unique
1130 // SKIs are also fine.
1131 std::string random_ski = base::RandBytesAsString(20);
1132 SetSubjectKeyIdentifier(random_ski);
1133 }
1134
GenerateSubject()1135 void CertBuilder::GenerateSubject() {
1136 ASSERT_TRUE(subject_tlv_.empty());
1137
1138 // Use a random common name comprised of 12 bytes in hex.
1139 std::string common_name = MakeRandomHexString(12);
1140
1141 SetSubjectCommonName(common_name);
1142 }
1143
InitFromCert(const bssl::der::Input & cert)1144 void CertBuilder::InitFromCert(const bssl::der::Input& cert) {
1145 extensions_.clear();
1146 Invalidate();
1147
1148 // From RFC 5280, section 4.1
1149 // Certificate ::= SEQUENCE {
1150 // tbsCertificate TBSCertificate,
1151 // signatureAlgorithm AlgorithmIdentifier,
1152 // signatureValue BIT STRING }
1153
1154 // TBSCertificate ::= SEQUENCE {
1155 // version [0] EXPLICIT Version DEFAULT v1,
1156 // serialNumber CertificateSerialNumber,
1157 // signature AlgorithmIdentifier,
1158 // issuer Name,
1159 // validity Validity,
1160 // subject Name,
1161 // subjectPublicKeyInfo SubjectPublicKeyInfo,
1162 // issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
1163 // -- If present, version MUST be v2 or v3
1164 // subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
1165 // -- If present, version MUST be v2 or v3
1166 // extensions [3] EXPLICIT Extensions OPTIONAL
1167 // -- If present, version MUST be v3
1168 // }
1169 bssl::der::Parser parser(cert);
1170 bssl::der::Parser certificate;
1171 bssl::der::Parser tbs_certificate;
1172 ASSERT_TRUE(parser.ReadSequence(&certificate));
1173 ASSERT_TRUE(certificate.ReadSequence(&tbs_certificate));
1174
1175 // version
1176 bool has_version;
1177 ASSERT_TRUE(tbs_certificate.SkipOptionalTag(
1178 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 0, &has_version));
1179 if (has_version) {
1180 // TODO(mattm): could actually parse the version here instead of assuming
1181 // V3.
1182 version_ = bssl::CertificateVersion::V3;
1183 } else {
1184 version_ = bssl::CertificateVersion::V1;
1185 }
1186
1187 // serialNumber
1188 ASSERT_TRUE(tbs_certificate.SkipTag(CBS_ASN1_INTEGER));
1189
1190 // signature
1191 bssl::der::Input signature_algorithm_tlv;
1192 ASSERT_TRUE(tbs_certificate.ReadRawTLV(&signature_algorithm_tlv));
1193 auto signature_algorithm =
1194 bssl::ParseSignatureAlgorithm(signature_algorithm_tlv);
1195 ASSERT_TRUE(signature_algorithm);
1196 signature_algorithm_ = *signature_algorithm;
1197
1198 // issuer
1199 ASSERT_TRUE(tbs_certificate.SkipTag(CBS_ASN1_SEQUENCE));
1200
1201 // validity
1202 bssl::der::Input validity_tlv;
1203 ASSERT_TRUE(tbs_certificate.ReadRawTLV(&validity_tlv));
1204 validity_tlv_ = validity_tlv.AsString();
1205
1206 // subject
1207 ASSERT_TRUE(tbs_certificate.SkipTag(CBS_ASN1_SEQUENCE));
1208
1209 // subjectPublicKeyInfo
1210 bssl::der::Input spki_tlv;
1211 ASSERT_TRUE(tbs_certificate.ReadRawTLV(&spki_tlv));
1212 bssl::UniquePtr<EVP_PKEY> public_key;
1213 ASSERT_TRUE(bssl::ParsePublicKey(spki_tlv, &public_key));
1214 default_pkey_id_ = EVP_PKEY_id(public_key.get());
1215
1216 // issuerUniqueID
1217 bool unused;
1218 ASSERT_TRUE(
1219 tbs_certificate.SkipOptionalTag(CBS_ASN1_CONTEXT_SPECIFIC | 1, &unused));
1220 // subjectUniqueID
1221 ASSERT_TRUE(
1222 tbs_certificate.SkipOptionalTag(CBS_ASN1_CONTEXT_SPECIFIC | 2, &unused));
1223
1224 // extensions
1225 std::optional<bssl::der::Input> extensions_tlv;
1226 ASSERT_TRUE(tbs_certificate.ReadOptionalTag(
1227 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 3, &extensions_tlv));
1228 if (extensions_tlv) {
1229 std::map<bssl::der::Input, bssl::ParsedExtension> parsed_extensions;
1230 ASSERT_TRUE(ParseExtensions(extensions_tlv.value(), &parsed_extensions));
1231
1232 for (const auto& parsed_extension : parsed_extensions) {
1233 SetExtension(parsed_extension.second.oid,
1234 parsed_extension.second.value.AsString(),
1235 parsed_extension.second.critical);
1236 }
1237 }
1238 }
1239
BuildTBSCertificate(std::string_view signature_algorithm_tlv,std::string * out)1240 void CertBuilder::BuildTBSCertificate(std::string_view signature_algorithm_tlv,
1241 std::string* out) {
1242 bssl::ScopedCBB cbb;
1243 CBB tbs_cert, version, extensions_context, extensions;
1244
1245 ASSERT_TRUE(CBB_init(cbb.get(), 64));
1246 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &tbs_cert, CBS_ASN1_SEQUENCE));
1247 if (version_ != bssl::CertificateVersion::V1) {
1248 ASSERT_TRUE(
1249 CBB_add_asn1(&tbs_cert, &version,
1250 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0));
1251 switch (version_) {
1252 case bssl::CertificateVersion::V2:
1253 ASSERT_TRUE(CBB_add_asn1_uint64(&version, 1));
1254 break;
1255 case bssl::CertificateVersion::V3:
1256 ASSERT_TRUE(CBB_add_asn1_uint64(&version, 2));
1257 break;
1258 case bssl::CertificateVersion::V1:
1259 NOTREACHED_NORETURN();
1260 }
1261 }
1262 ASSERT_TRUE(CBB_add_asn1_uint64(&tbs_cert, GetSerialNumber()));
1263 ASSERT_TRUE(CBBAddBytes(&tbs_cert, signature_algorithm_tlv));
1264 ASSERT_TRUE(CBBAddBytes(&tbs_cert, issuer_tlv_.has_value()
1265 ? *issuer_tlv_
1266 : issuer_->GetSubject()));
1267 ASSERT_TRUE(CBBAddBytes(&tbs_cert, validity_tlv_));
1268 ASSERT_TRUE(CBBAddBytes(&tbs_cert, GetSubject()));
1269 ASSERT_TRUE(GetKey());
1270 ASSERT_TRUE(EVP_marshal_public_key(&tbs_cert, GetKey()));
1271
1272 // Serialize all the extensions.
1273 if (!extensions_.empty()) {
1274 ASSERT_TRUE(
1275 CBB_add_asn1(&tbs_cert, &extensions_context,
1276 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 3));
1277 ASSERT_TRUE(
1278 CBB_add_asn1(&extensions_context, &extensions, CBS_ASN1_SEQUENCE));
1279
1280 // Extension ::= SEQUENCE {
1281 // extnID OBJECT IDENTIFIER,
1282 // critical BOOLEAN DEFAULT FALSE,
1283 // extnValue OCTET STRING
1284 // -- contains the DER encoding of an ASN.1 value
1285 // -- corresponding to the extension type identified
1286 // -- by extnID
1287 // }
1288 for (const auto& extension_it : extensions_) {
1289 CBB extension_seq, oid, extn_value;
1290 ASSERT_TRUE(CBB_add_asn1(&extensions, &extension_seq, CBS_ASN1_SEQUENCE));
1291 ASSERT_TRUE(CBB_add_asn1(&extension_seq, &oid, CBS_ASN1_OBJECT));
1292 ASSERT_TRUE(CBBAddBytes(&oid, extension_it.first));
1293 if (extension_it.second.critical) {
1294 ASSERT_TRUE(CBB_add_asn1_bool(&extension_seq, true));
1295 }
1296
1297 ASSERT_TRUE(
1298 CBB_add_asn1(&extension_seq, &extn_value, CBS_ASN1_OCTETSTRING));
1299 ASSERT_TRUE(CBBAddBytes(&extn_value, extension_it.second.value));
1300 ASSERT_TRUE(CBB_flush(&extensions));
1301 }
1302 }
1303
1304 *out = FinishCBB(cbb.get());
1305 }
1306
BuildSctListExtension(const std::string & pre_tbs_certificate,std::string * out)1307 void CertBuilder::BuildSctListExtension(const std::string& pre_tbs_certificate,
1308 std::string* out) {
1309 std::vector<std::string> encoded_scts;
1310 for (const SctConfig& sct_config : sct_configs_) {
1311 ct::SignedEntryData entry;
1312 entry.type = ct::SignedEntryData::LOG_ENTRY_TYPE_PRECERT;
1313 bssl::ScopedCBB issuer_spki_cbb;
1314 ASSERT_TRUE(CBB_init(issuer_spki_cbb.get(), 32));
1315 ASSERT_TRUE(
1316 EVP_marshal_public_key(issuer_spki_cbb.get(), issuer_->GetKey()));
1317 crypto::SHA256HashString(FinishCBB(issuer_spki_cbb.get()),
1318 entry.issuer_key_hash.data,
1319 sizeof(entry.issuer_key_hash.data));
1320 entry.tbs_certificate = pre_tbs_certificate;
1321
1322 std::string serialized_log_entry;
1323 std::string serialized_data;
1324 ASSERT_TRUE(ct::EncodeSignedEntry(entry, &serialized_log_entry));
1325 ASSERT_TRUE(ct::EncodeV1SCTSignedData(sct_config.timestamp,
1326 serialized_log_entry,
1327 /*extensions=*/"", &serialized_data));
1328
1329 scoped_refptr<ct::SignedCertificateTimestamp> sct =
1330 base::MakeRefCounted<ct::SignedCertificateTimestamp>();
1331 sct->log_id = sct_config.log_id;
1332 sct->timestamp = sct_config.timestamp;
1333 sct->signature.hash_algorithm = ct::DigitallySigned::HASH_ALGO_SHA256;
1334 sct->signature.signature_algorithm = ct::DigitallySigned::SIG_ALGO_ECDSA;
1335
1336 bssl::ScopedCBB sct_signature_cbb;
1337 ASSERT_TRUE(CBB_init(sct_signature_cbb.get(), 0));
1338 ASSERT_TRUE(SignData(bssl::SignatureAlgorithm::kEcdsaSha256,
1339 serialized_data, sct_config.log_key.get(),
1340 sct_signature_cbb.get()));
1341 sct->signature.signature_data = FinishCBB(sct_signature_cbb.get());
1342
1343 sct->origin = ct::SignedCertificateTimestamp::SCT_EMBEDDED;
1344
1345 std::string encoded_sct;
1346 ASSERT_TRUE(ct::EncodeSignedCertificateTimestamp(sct, &encoded_sct));
1347 encoded_scts.push_back(std::move(encoded_sct));
1348 }
1349 std::string encoded_sct_list;
1350 ASSERT_TRUE(ct::EncodeSCTListForTesting(encoded_scts, &encoded_sct_list));
1351
1352 bssl::ScopedCBB sct_extension_cbb;
1353 ASSERT_TRUE(CBB_init(sct_extension_cbb.get(), 32));
1354 ASSERT_TRUE(CBB_add_asn1_octet_string(
1355 sct_extension_cbb.get(),
1356 reinterpret_cast<const uint8_t*>(encoded_sct_list.data()),
1357 encoded_sct_list.size()));
1358
1359 *out = FinishCBB(sct_extension_cbb.get());
1360 }
1361
GenerateCertificate()1362 void CertBuilder::GenerateCertificate() {
1363 ASSERT_FALSE(cert_);
1364
1365 std::optional<bssl::SignatureAlgorithm> signature_algorithm =
1366 signature_algorithm_;
1367 if (!signature_algorithm)
1368 signature_algorithm = DefaultSignatureAlgorithmForKey(issuer_->GetKey());
1369 ASSERT_TRUE(signature_algorithm.has_value());
1370
1371 std::string signature_algorithm_tlv =
1372 !outer_signature_algorithm_tlv_.empty()
1373 ? outer_signature_algorithm_tlv_
1374 : SignatureAlgorithmToDer(*signature_algorithm);
1375 ASSERT_FALSE(signature_algorithm_tlv.empty());
1376
1377 std::string tbs_signature_algorithm_tlv =
1378 !tbs_signature_algorithm_tlv_.empty()
1379 ? tbs_signature_algorithm_tlv_
1380 : SignatureAlgorithmToDer(*signature_algorithm);
1381 ASSERT_FALSE(tbs_signature_algorithm_tlv.empty());
1382
1383 if (!sct_configs_.empty()) {
1384 EraseExtension(bssl::der::Input(ct::kEmbeddedSCTOid));
1385 std::string pre_tbs_certificate;
1386 BuildTBSCertificate(tbs_signature_algorithm_tlv, &pre_tbs_certificate);
1387 std::string sct_extension;
1388 BuildSctListExtension(pre_tbs_certificate, &sct_extension);
1389 SetExtension(bssl::der::Input(ct::kEmbeddedSCTOid), sct_extension,
1390 /*critical=*/false);
1391 }
1392
1393 std::string tbs_cert;
1394 BuildTBSCertificate(tbs_signature_algorithm_tlv, &tbs_cert);
1395
1396 // Sign the TBSCertificate and write the entire certificate.
1397 bssl::ScopedCBB cbb;
1398 CBB cert, signature;
1399
1400 ASSERT_TRUE(CBB_init(cbb.get(), tbs_cert.size()));
1401 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &cert, CBS_ASN1_SEQUENCE));
1402 ASSERT_TRUE(CBBAddBytes(&cert, tbs_cert));
1403 ASSERT_TRUE(CBBAddBytes(&cert, signature_algorithm_tlv));
1404 ASSERT_TRUE(CBB_add_asn1(&cert, &signature, CBS_ASN1_BITSTRING));
1405 ASSERT_TRUE(CBB_add_u8(&signature, 0 /* no unused bits */));
1406 ASSERT_TRUE(
1407 SignData(*signature_algorithm, tbs_cert, issuer_->GetKey(), &signature));
1408
1409 auto cert_der = FinishCBB(cbb.get());
1410 cert_ = x509_util::CreateCryptoBuffer(base::as_byte_span(cert_der));
1411 }
1412
1413 } // namespace net
1414