04f330ff88f969e4f1cb3ee4c62c18cb62fd73cd
[platform/framework/web/crosswalk.git] / src / net / cert / cert_verify_proc.cc
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/cert_verify_proc.h"
6
7 #include "base/metrics/histogram.h"
8 #include "base/sha1.h"
9 #include "base/strings/stringprintf.h"
10 #include "build/build_config.h"
11 #include "net/base/net_errors.h"
12 #include "net/base/net_util.h"
13 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
14 #include "net/cert/cert_status_flags.h"
15 #include "net/cert/cert_verifier.h"
16 #include "net/cert/cert_verify_result.h"
17 #include "net/cert/crl_set.h"
18 #include "net/cert/x509_certificate.h"
19 #include "url/url_canon.h"
20
21 #if defined(USE_NSS) || defined(OS_IOS)
22 #include "net/cert/cert_verify_proc_nss.h"
23 #elif defined(USE_OPENSSL) && !defined(OS_ANDROID)
24 #include "net/cert/cert_verify_proc_openssl.h"
25 #elif defined(OS_ANDROID)
26 #include "net/cert/cert_verify_proc_android.h"
27 #elif defined(OS_MACOSX)
28 #include "net/cert/cert_verify_proc_mac.h"
29 #elif defined(OS_WIN)
30 #include "net/cert/cert_verify_proc_win.h"
31 #else
32 #error Implement certificate verification.
33 #endif
34
35
36 namespace net {
37
38 namespace {
39
40 // Constants used to build histogram names
41 const char kLeafCert[] = "Leaf";
42 const char kIntermediateCert[] = "Intermediate";
43 const char kRootCert[] = "Root";
44 // Matches the order of X509Certificate::PublicKeyType
45 const char* const kCertTypeStrings[] = {
46     "Unknown",
47     "RSA",
48     "DSA",
49     "ECDSA",
50     "DH",
51     "ECDH"
52 };
53 // Histogram buckets for RSA/DSA/DH key sizes.
54 const int kRsaDsaKeySizes[] = {512, 768, 1024, 1536, 2048, 3072, 4096, 8192,
55                                16384};
56 // Histogram buckets for ECDSA/ECDH key sizes. The list is based upon the FIPS
57 // 186-4 approved curves.
58 const int kEccKeySizes[] = {163, 192, 224, 233, 256, 283, 384, 409, 521, 571};
59
60 const char* CertTypeToString(int cert_type) {
61   if (cert_type < 0 ||
62       static_cast<size_t>(cert_type) >= arraysize(kCertTypeStrings)) {
63     return "Unsupported";
64   }
65   return kCertTypeStrings[cert_type];
66 }
67
68 void RecordPublicKeyHistogram(const char* chain_position,
69                               bool baseline_keysize_applies,
70                               size_t size_bits,
71                               X509Certificate::PublicKeyType cert_type) {
72   std::string histogram_name =
73       base::StringPrintf("CertificateType2.%s.%s.%s",
74                          baseline_keysize_applies ? "BR" : "NonBR",
75                          chain_position,
76                          CertTypeToString(cert_type));
77   // Do not use UMA_HISTOGRAM_... macros here, as it caches the Histogram
78   // instance and thus only works if |histogram_name| is constant.
79   base::HistogramBase* counter = NULL;
80
81   // Histogram buckets are contingent upon the underlying algorithm being used.
82   if (cert_type == X509Certificate::kPublicKeyTypeECDH ||
83       cert_type == X509Certificate::kPublicKeyTypeECDSA) {
84     // Typical key sizes match SECP/FIPS 186-3 recommendations for prime and
85     // binary curves - which range from 163 bits to 571 bits.
86     counter = base::CustomHistogram::FactoryGet(
87         histogram_name,
88         base::CustomHistogram::ArrayToCustomRanges(kEccKeySizes,
89                                                    arraysize(kEccKeySizes)),
90         base::HistogramBase::kUmaTargetedHistogramFlag);
91   } else {
92     // Key sizes < 1024 bits should cause errors, while key sizes > 16K are not
93     // uniformly supported by the underlying cryptographic libraries.
94     counter = base::CustomHistogram::FactoryGet(
95         histogram_name,
96         base::CustomHistogram::ArrayToCustomRanges(kRsaDsaKeySizes,
97                                                    arraysize(kRsaDsaKeySizes)),
98         base::HistogramBase::kUmaTargetedHistogramFlag);
99   }
100   counter->Add(size_bits);
101 }
102
103 // Returns true if |type| is |kPublicKeyTypeRSA| or |kPublicKeyTypeDSA|, and
104 // if |size_bits| is < 1024. Note that this means there may be false
105 // negatives: keys for other algorithms and which are weak will pass this
106 // test.
107 bool IsWeakKey(X509Certificate::PublicKeyType type, size_t size_bits) {
108   switch (type) {
109     case X509Certificate::kPublicKeyTypeRSA:
110     case X509Certificate::kPublicKeyTypeDSA:
111       return size_bits < 1024;
112     default:
113       return false;
114   }
115 }
116
117 // Returns true if |cert| contains a known-weak key. Additionally, histograms
118 // the observed keys for future tightening of the definition of what
119 // constitutes a weak key.
120 bool ExaminePublicKeys(const scoped_refptr<X509Certificate>& cert,
121                        bool should_histogram) {
122   // The effective date of the CA/Browser Forum's Baseline Requirements -
123   // 2012-07-01 00:00:00 UTC.
124   const base::Time kBaselineEffectiveDate =
125       base::Time::FromInternalValue(GG_INT64_C(12985574400000000));
126   // The effective date of the key size requirements from Appendix A, v1.1.5
127   // 2014-01-01 00:00:00 UTC.
128   const base::Time kBaselineKeysizeEffectiveDate =
129       base::Time::FromInternalValue(GG_INT64_C(13033008000000000));
130
131   size_t size_bits = 0;
132   X509Certificate::PublicKeyType type = X509Certificate::kPublicKeyTypeUnknown;
133   bool weak_key = false;
134   bool baseline_keysize_applies =
135       cert->valid_start() >= kBaselineEffectiveDate &&
136       cert->valid_expiry() >= kBaselineKeysizeEffectiveDate;
137
138   X509Certificate::GetPublicKeyInfo(cert->os_cert_handle(), &size_bits, &type);
139   if (should_histogram) {
140     RecordPublicKeyHistogram(kLeafCert, baseline_keysize_applies, size_bits,
141                              type);
142   }
143   if (IsWeakKey(type, size_bits))
144     weak_key = true;
145
146   const X509Certificate::OSCertHandles& intermediates =
147       cert->GetIntermediateCertificates();
148   for (size_t i = 0; i < intermediates.size(); ++i) {
149     X509Certificate::GetPublicKeyInfo(intermediates[i], &size_bits, &type);
150     if (should_histogram) {
151       RecordPublicKeyHistogram(
152           (i < intermediates.size() - 1) ? kIntermediateCert : kRootCert,
153           baseline_keysize_applies,
154           size_bits,
155           type);
156     }
157     if (!weak_key && IsWeakKey(type, size_bits))
158       weak_key = true;
159   }
160
161   return weak_key;
162 }
163
164 }  // namespace
165
166 // static
167 CertVerifyProc* CertVerifyProc::CreateDefault() {
168 #if defined(USE_NSS) || defined(OS_IOS)
169   return new CertVerifyProcNSS();
170 #elif defined(USE_OPENSSL) && !defined(OS_ANDROID)
171   return new CertVerifyProcOpenSSL();
172 #elif defined(OS_ANDROID)
173   return new CertVerifyProcAndroid();
174 #elif defined(OS_MACOSX)
175   return new CertVerifyProcMac();
176 #elif defined(OS_WIN)
177   return new CertVerifyProcWin();
178 #else
179   return NULL;
180 #endif
181 }
182
183 CertVerifyProc::CertVerifyProc() {}
184
185 CertVerifyProc::~CertVerifyProc() {}
186
187 int CertVerifyProc::Verify(X509Certificate* cert,
188                            const std::string& hostname,
189                            int flags,
190                            CRLSet* crl_set,
191                            const CertificateList& additional_trust_anchors,
192                            CertVerifyResult* verify_result) {
193   verify_result->Reset();
194   verify_result->verified_cert = cert;
195
196   if (IsBlacklisted(cert)) {
197     verify_result->cert_status |= CERT_STATUS_REVOKED;
198     return ERR_CERT_REVOKED;
199   }
200
201   // We do online revocation checking for EV certificates that aren't covered
202   // by a fresh CRLSet.
203   // TODO(rsleevi): http://crbug.com/142974 - Allow preferences to fully
204   // disable revocation checking.
205   if (flags & CertVerifier::VERIFY_EV_CERT)
206     flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY;
207
208   int rv = VerifyInternal(cert, hostname, flags, crl_set,
209                           additional_trust_anchors, verify_result);
210
211   UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallback",
212                         verify_result->common_name_fallback_used);
213   if (!verify_result->is_issued_by_known_root) {
214     UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallbackPrivateCA",
215                           verify_result->common_name_fallback_used);
216   }
217
218   // This check is done after VerifyInternal so that VerifyInternal can fill
219   // in the list of public key hashes.
220   if (IsPublicKeyBlacklisted(verify_result->public_key_hashes)) {
221     verify_result->cert_status |= CERT_STATUS_REVOKED;
222     rv = MapCertStatusToNetError(verify_result->cert_status);
223   }
224
225   std::vector<std::string> dns_names, ip_addrs;
226   cert->GetSubjectAltName(&dns_names, &ip_addrs);
227   if (HasNameConstraintsViolation(verify_result->public_key_hashes,
228                                   cert->subject().common_name,
229                                   dns_names,
230                                   ip_addrs)) {
231     verify_result->cert_status |= CERT_STATUS_NAME_CONSTRAINT_VIOLATION;
232     rv = MapCertStatusToNetError(verify_result->cert_status);
233   }
234
235   // Check for weak keys in the entire verified chain.
236   bool weak_key = ExaminePublicKeys(verify_result->verified_cert,
237                                     verify_result->is_issued_by_known_root);
238
239   if (weak_key) {
240     verify_result->cert_status |= CERT_STATUS_WEAK_KEY;
241     // Avoid replacing a more serious error, such as an OS/library failure,
242     // by ensuring that if verification failed, it failed with a certificate
243     // error.
244     if (rv == OK || IsCertificateError(rv))
245       rv = MapCertStatusToNetError(verify_result->cert_status);
246   }
247
248   // Treat certificates signed using broken signature algorithms as invalid.
249   if (verify_result->has_md2 || verify_result->has_md4) {
250     verify_result->cert_status |= CERT_STATUS_INVALID;
251     rv = MapCertStatusToNetError(verify_result->cert_status);
252   }
253
254   // Flag certificates using weak signature algorithms.
255   if (verify_result->has_md5) {
256     verify_result->cert_status |= CERT_STATUS_WEAK_SIGNATURE_ALGORITHM;
257     // Avoid replacing a more serious error, such as an OS/library failure,
258     // by ensuring that if verification failed, it failed with a certificate
259     // error.
260     if (rv == OK || IsCertificateError(rv))
261       rv = MapCertStatusToNetError(verify_result->cert_status);
262   }
263
264   // Flag certificates from publicly-trusted CAs that are issued to intranet
265   // hosts. While the CA/Browser Forum Baseline Requirements (v1.1) permit
266   // these to be issued until 1 November 2015, they represent a real risk for
267   // the deployment of gTLDs and are being phased out ahead of the hard
268   // deadline.
269   if (verify_result->is_issued_by_known_root && IsHostnameNonUnique(hostname)) {
270     verify_result->cert_status |= CERT_STATUS_NON_UNIQUE_NAME;
271     // CERT_STATUS_NON_UNIQUE_NAME will eventually become a hard error. For
272     // now treat it as a warning and do not map it to an error return value.
273   }
274
275   return rv;
276 }
277
278 // static
279 bool CertVerifyProc::IsBlacklisted(X509Certificate* cert) {
280   static const unsigned kComodoSerialBytes = 16;
281   static const uint8 kComodoSerials[][kComodoSerialBytes] = {
282     // Not a real certificate. For testing only.
283     {0x07,0x7a,0x59,0xbc,0xd5,0x34,0x59,0x60,0x1c,0xa6,0x90,0x72,0x67,0xa6,0xdd,0x1c},
284
285     // The next nine certificates all expire on Fri Mar 14 23:59:59 2014.
286     // Some serial numbers actually have a leading 0x00 byte required to
287     // encode a positive integer in DER if the most significant bit is 0.
288     // We omit the leading 0x00 bytes to make all serial numbers 16 bytes.
289
290     // Subject: CN=mail.google.com
291     // subjectAltName dNSName: mail.google.com, www.mail.google.com
292     {0x04,0x7e,0xcb,0xe9,0xfc,0xa5,0x5f,0x7b,0xd0,0x9e,0xae,0x36,0xe1,0x0c,0xae,0x1e},
293     // Subject: CN=global trustee
294     // subjectAltName dNSName: global trustee
295     // Note: not a CA certificate.
296     {0xd8,0xf3,0x5f,0x4e,0xb7,0x87,0x2b,0x2d,0xab,0x06,0x92,0xe3,0x15,0x38,0x2f,0xb0},
297     // Subject: CN=login.live.com
298     // subjectAltName dNSName: login.live.com, www.login.live.com
299     {0xb0,0xb7,0x13,0x3e,0xd0,0x96,0xf9,0xb5,0x6f,0xae,0x91,0xc8,0x74,0xbd,0x3a,0xc0},
300     // Subject: CN=addons.mozilla.org
301     // subjectAltName dNSName: addons.mozilla.org, www.addons.mozilla.org
302     {0x92,0x39,0xd5,0x34,0x8f,0x40,0xd1,0x69,0x5a,0x74,0x54,0x70,0xe1,0xf2,0x3f,0x43},
303     // Subject: CN=login.skype.com
304     // subjectAltName dNSName: login.skype.com, www.login.skype.com
305     {0xe9,0x02,0x8b,0x95,0x78,0xe4,0x15,0xdc,0x1a,0x71,0x0a,0x2b,0x88,0x15,0x44,0x47},
306     // Subject: CN=login.yahoo.com
307     // subjectAltName dNSName: login.yahoo.com, www.login.yahoo.com
308     {0xd7,0x55,0x8f,0xda,0xf5,0xf1,0x10,0x5b,0xb2,0x13,0x28,0x2b,0x70,0x77,0x29,0xa3},
309     // Subject: CN=www.google.com
310     // subjectAltName dNSName: www.google.com, google.com
311     {0xf5,0xc8,0x6a,0xf3,0x61,0x62,0xf1,0x3a,0x64,0xf5,0x4f,0x6d,0xc9,0x58,0x7c,0x06},
312     // Subject: CN=login.yahoo.com
313     // subjectAltName dNSName: login.yahoo.com
314     {0x39,0x2a,0x43,0x4f,0x0e,0x07,0xdf,0x1f,0x8a,0xa3,0x05,0xde,0x34,0xe0,0xc2,0x29},
315     // Subject: CN=login.yahoo.com
316     // subjectAltName dNSName: login.yahoo.com
317     {0x3e,0x75,0xce,0xd4,0x6b,0x69,0x30,0x21,0x21,0x88,0x30,0xae,0x86,0xa8,0x2a,0x71},
318   };
319
320   const std::string& serial_number = cert->serial_number();
321   if (!serial_number.empty() && (serial_number[0] & 0x80) != 0) {
322     // This is a negative serial number, which isn't technically allowed but
323     // which probably happens. In order to avoid confusing a negative serial
324     // number with a positive one once the leading zeros have been removed, we
325     // disregard it.
326     return false;
327   }
328
329   base::StringPiece serial(serial_number);
330   // Remove leading zeros.
331   while (serial.size() > 1 && serial[0] == 0)
332     serial.remove_prefix(1);
333
334   if (serial.size() == kComodoSerialBytes) {
335     for (unsigned i = 0; i < arraysize(kComodoSerials); i++) {
336       if (memcmp(kComodoSerials[i], serial.data(), kComodoSerialBytes) == 0) {
337         UMA_HISTOGRAM_ENUMERATION("Net.SSLCertBlacklisted", i,
338                                   arraysize(kComodoSerials) + 1);
339         return true;
340       }
341     }
342   }
343
344   return false;
345 }
346
347 // static
348 // NOTE: This implementation assumes and enforces that the hashes are SHA1.
349 bool CertVerifyProc::IsPublicKeyBlacklisted(
350     const HashValueVector& public_key_hashes) {
351   static const unsigned kNumHashes = 14;
352   static const uint8 kHashes[kNumHashes][base::kSHA1Length] = {
353     // Subject: CN=DigiNotar Root CA
354     // Issuer: CN=Entrust.net x2 and self-signed
355     {0x41, 0x0f, 0x36, 0x36, 0x32, 0x58, 0xf3, 0x0b, 0x34, 0x7d,
356      0x12, 0xce, 0x48, 0x63, 0xe4, 0x33, 0x43, 0x78, 0x06, 0xa8},
357     // Subject: CN=DigiNotar Cyber CA
358     // Issuer: CN=GTE CyberTrust Global Root
359     {0xc4, 0xf9, 0x66, 0x37, 0x16, 0xcd, 0x5e, 0x71, 0xd6, 0x95,
360      0x0b, 0x5f, 0x33, 0xce, 0x04, 0x1c, 0x95, 0xb4, 0x35, 0xd1},
361     // Subject: CN=DigiNotar Services 1024 CA
362     // Issuer: CN=Entrust.net
363     {0xe2, 0x3b, 0x8d, 0x10, 0x5f, 0x87, 0x71, 0x0a, 0x68, 0xd9,
364      0x24, 0x80, 0x50, 0xeb, 0xef, 0xc6, 0x27, 0xbe, 0x4c, 0xa6},
365     // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2
366     // Issuer: CN=Staat der Nederlanden Organisatie CA - G2
367     {0x7b, 0x2e, 0x16, 0xbc, 0x39, 0xbc, 0xd7, 0x2b, 0x45, 0x6e,
368      0x9f, 0x05, 0x5d, 0x1d, 0xe6, 0x15, 0xb7, 0x49, 0x45, 0xdb},
369     // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven
370     // Issuer: CN=Staat der Nederlanden Overheid CA
371     {0xe8, 0xf9, 0x12, 0x00, 0xc6, 0x5c, 0xee, 0x16, 0xe0, 0x39,
372      0xb9, 0xf8, 0x83, 0x84, 0x16, 0x61, 0x63, 0x5f, 0x81, 0xc5},
373     // Subject: O=Digicert Sdn. Bhd.
374     // Issuer: CN=GTE CyberTrust Global Root
375     // Expires: Jul 17 15:16:54 2012 GMT
376     {0x01, 0x29, 0xbc, 0xd5, 0xb4, 0x48, 0xae, 0x8d, 0x24, 0x96,
377      0xd1, 0xc3, 0xe1, 0x97, 0x23, 0x91, 0x90, 0x88, 0xe1, 0x52},
378     // Subject: O=Digicert Sdn. Bhd.
379     // Issuer: CN=Entrust.net Certification Authority (2048)
380     // Expires: Jul 16 17:53:37 2015 GMT
381     {0xd3, 0x3c, 0x5b, 0x41, 0xe4, 0x5c, 0xc4, 0xb3, 0xbe, 0x9a,
382      0xd6, 0x95, 0x2c, 0x4e, 0xcc, 0x25, 0x28, 0x03, 0x29, 0x81},
383     // Issuer: CN=Trustwave Organization Issuing CA, Level 2
384     // Covers two certificates, the latter of which expires Apr 15 21:09:30
385     // 2021 GMT.
386     {0xe1, 0x2d, 0x89, 0xf5, 0x6d, 0x22, 0x76, 0xf8, 0x30, 0xe6,
387      0xce, 0xaf, 0xa6, 0x6c, 0x72, 0x5c, 0x0b, 0x41, 0xa9, 0x32},
388     // Cyberoam CA certificate. Private key leaked, but this certificate would
389     // only have been installed by Cyberoam customers. The certificate expires
390     // in 2036, but we can probably remove in a couple of years (2014).
391     {0xd9, 0xf5, 0xc6, 0xce, 0x57, 0xff, 0xaa, 0x39, 0xcc, 0x7e,
392      0xd1, 0x72, 0xbd, 0x53, 0xe0, 0xd3, 0x07, 0x83, 0x4b, 0xd1},
393     // Win32/Sirefef.gen!C generates fake certificates with this public key.
394     {0xa4, 0xf5, 0x6e, 0x9e, 0x1d, 0x9a, 0x3b, 0x7b, 0x1a, 0xc3,
395      0x31, 0xcf, 0x64, 0xfc, 0x76, 0x2c, 0xd0, 0x51, 0xfb, 0xa4},
396     // ANSSI certificate under which a MITM proxy was mistakenly operated.
397     // Expires: Jul 18 10:05:28 2014 GMT
398     {0x3e, 0xcf, 0x4b, 0xbb, 0xe4, 0x60, 0x96, 0xd5, 0x14, 0xbb,
399      0x53, 0x9b, 0xb9, 0x13, 0xd7, 0x7a, 0xa4, 0xef, 0x31, 0xbf},
400     // Three retired intermediate certificates from Symantec. No compromise;
401     // just for robustness. All expire May 17 23:59:59 2018.
402     // See https://bugzilla.mozilla.org/show_bug.cgi?id=966060
403     {0x68, 0x5e, 0xec, 0x0a, 0x39, 0xf6, 0x68, 0xae, 0x8f, 0xd8,
404      0x96, 0x4f, 0x98, 0x74, 0x76, 0xb4, 0x50, 0x4f, 0xd2, 0xbe},
405     {0x0e, 0x50, 0x2d, 0x4d, 0xd1, 0xe1, 0x60, 0x36, 0x8a, 0x31,
406      0xf0, 0x6a, 0x81, 0x04, 0x31, 0xba, 0x6f, 0x72, 0xc0, 0x41},
407     {0x93, 0xd1, 0x53, 0x22, 0x29, 0xcc, 0x2a, 0xbd, 0x21, 0xdf,
408      0xf5, 0x97, 0xee, 0x32, 0x0f, 0xe4, 0x24, 0x6f, 0x3d, 0x0c},
409   };
410
411   for (unsigned i = 0; i < kNumHashes; i++) {
412     for (HashValueVector::const_iterator j = public_key_hashes.begin();
413          j != public_key_hashes.end(); ++j) {
414       if (j->tag == HASH_VALUE_SHA1 &&
415           memcmp(j->data(), kHashes[i], base::kSHA1Length) == 0) {
416         return true;
417       }
418     }
419   }
420
421   return false;
422 }
423
424 static const size_t kMaxTLDLength = 4;
425
426 // CheckNameConstraints verifies that every name in |dns_names| is in one of
427 // the domains specified by |tlds|. The |tlds| array is terminated by an empty
428 // string.
429 static bool CheckNameConstraints(const std::vector<std::string>& dns_names,
430                                  const char tlds[][kMaxTLDLength]) {
431   for (std::vector<std::string>::const_iterator i = dns_names.begin();
432        i != dns_names.end(); ++i) {
433     bool ok = false;
434     url_canon::CanonHostInfo host_info;
435     const std::string dns_name = CanonicalizeHost(*i, &host_info);
436     if (host_info.IsIPAddress())
437       continue;
438
439     const size_t registry_len = registry_controlled_domains::GetRegistryLength(
440         dns_name,
441         registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES,
442         registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES);
443     // If the name is not in a known TLD, ignore it. This permits internal
444     // names.
445     if (registry_len == 0)
446       continue;
447
448     for (size_t j = 0; tlds[j][0]; ++j) {
449       const size_t tld_length = strlen(tlds[j]);
450       // The DNS name must have "." + tlds[j] as a suffix.
451       if (i->size() <= (1 /* period before TLD */ + tld_length))
452         continue;
453
454       const char* suffix = &dns_name[i->size() - tld_length - 1];
455       if (suffix[0] != '.')
456         continue;
457       if (memcmp(&suffix[1], tlds[j], tld_length) != 0)
458         continue;
459       ok = true;
460       break;
461     }
462
463     if (!ok)
464       return false;
465   }
466
467   return true;
468 }
469
470 // PublicKeyTLDLimitation contains a SHA1, SPKI hash and a pointer to an array
471 // of fixed-length strings that contain the TLDs that the SPKI is allowed to
472 // issue for.
473 struct PublicKeyTLDLimitation {
474   uint8 public_key[base::kSHA1Length];
475   const char (*tlds)[kMaxTLDLength];
476 };
477
478 // static
479 bool CertVerifyProc::HasNameConstraintsViolation(
480     const HashValueVector& public_key_hashes,
481     const std::string& common_name,
482     const std::vector<std::string>& dns_names,
483     const std::vector<std::string>& ip_addrs) {
484   static const char kTLDsANSSI[][kMaxTLDLength] = {
485     "fr",  // France
486     "gp",  // Guadeloupe
487     "gf",  // Guyane
488     "mq",  // Martinique
489     "re",  // Réunion
490     "yt",  // Mayotte
491     "pm",  // Saint-Pierre et Miquelon
492     "bl",  // Saint Barthélemy
493     "mf",  // Saint Martin
494     "wf",  // Wallis et Futuna
495     "pf",  // Polynésie française
496     "nc",  // Nouvelle Calédonie
497     "tf",  // Terres australes et antarctiques françaises
498     "",
499   };
500
501   static const char kTLDsTest[][kMaxTLDLength] = {
502     "com",
503     "",
504   };
505
506   static const PublicKeyTLDLimitation kLimits[] = {
507     // C=FR, ST=France, L=Paris, O=PM/SGDN, OU=DCSSI,
508     // CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
509     {
510       {0x79, 0x23, 0xd5, 0x8d, 0x0f, 0xe0, 0x3c, 0xe6, 0xab, 0xad,
511        0xae, 0x27, 0x1a, 0x6d, 0x94, 0xf4, 0x14, 0xd1, 0xa8, 0x73},
512       kTLDsANSSI,
513     },
514     // Not a real certificate - just for testing. This is the SPKI hash of
515     // the keys used in net/data/ssl/certificates/name_constraint_*.crt.
516     {
517       {0x15, 0x45, 0xd7, 0x3b, 0x58, 0x6b, 0x47, 0xcf, 0xc1, 0x44,
518        0xa2, 0xc9, 0xaa, 0xab, 0x98, 0x3d, 0x21, 0xcc, 0x42, 0xde},
519       kTLDsTest,
520     },
521   };
522
523   for (unsigned i = 0; i < arraysize(kLimits); ++i) {
524     for (HashValueVector::const_iterator j = public_key_hashes.begin();
525          j != public_key_hashes.end(); ++j) {
526       if (j->tag == HASH_VALUE_SHA1 &&
527           memcmp(j->data(), kLimits[i].public_key, base::kSHA1Length) == 0) {
528         if (dns_names.empty() && ip_addrs.empty()) {
529           std::vector<std::string> dns_names;
530           dns_names.push_back(common_name);
531           if (!CheckNameConstraints(dns_names, kLimits[i].tlds))
532             return true;
533         } else {
534           if (!CheckNameConstraints(dns_names, kLimits[i].tlds))
535             return true;
536         }
537       }
538     }
539   }
540
541   return false;
542 }
543
544 }  // namespace net