Source code
Revision control
Copy as Markdown
Other Tools
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
#include "nsIX509CertDB.h"
#include "CryptoTask.h"
#include "QWACTrustDomain.h"
#include "mozilla/dom/Promise.h"
#include "mozpkix/pkix.h"
#include "mozpkix/pkixder.h"
#include "mozpkix/pkixnss.h"
#include "mozpkix/pkixtypes.h"
#include "mozpkix/pkixutil.h"
#include "nsIX509Cert.h"
#include "nsNSSCertificateDB.h"
using namespace mozilla::pkix;
using namespace mozilla::psm;
using mozilla::dom::Promise;
class VerifyQWACTask : public mozilla::CryptoTask {
public:
VerifyQWACTask(nsIX509CertDB::QWACType aType, nsIX509Cert* aCert,
const nsACString& aHostname,
const nsTArray<RefPtr<nsIX509Cert>>& aCollectedCerts,
RefPtr<Promise>& aPromise)
: mType(aType),
mCert(aCert),
mHostname(aHostname),
mCollectedCerts(aCollectedCerts.Clone()),
mPromise(new nsMainThreadPtrHolder<Promise>("VerifyQWACTask::mPromise",
aPromise)),
mVerified(false) {}
private:
virtual nsresult CalculateResult() override;
virtual void CallCallback(nsresult rv) override;
nsIX509CertDB::QWACType mType;
RefPtr<nsIX509Cert> mCert;
nsCString mHostname;
nsTArray<RefPtr<nsIX509Cert>> mCollectedCerts;
nsMainThreadPtrHandle<Promise> mPromise;
bool mVerified;
};
// Does this certificate have the correct qcStatements ("qualified certificate
// statements") to be a QWAC ("qualified website authentication certificate")?
// ETSI EN 319 412-5 Clauses 4.2.1 and 4.2.3 state that a certificate issued in
// compliance with Annex IV of Regulation (EU) No 910/2014 (i.e. a QWAC) has
// 1) a QCStatement with statementId equal to id-etsi-qsc-QcCompliance and
// an omitted statementInfo, and
// 2) a QCStatement with statementId equal to id-etsi-qcs-QcType and a
// statementInfo of length one that contains the id-etsi-qct-web
// identifier.
bool CertHasQWACSQCStatements(Input cert) {
using namespace mozilla::pkix::der;
// python DottedOIDToCode.py id-etsi-qcs-QcCompliance 0.4.0.1862.1.1
static const uint8_t id_etsi_qcs_QcCompliance[] = {0x04, 0x00, 0x8e,
0x46, 0x01, 0x01};
// python DottedOIDToCode.py id-etsi-qcs-QcType 0.4.0.1862.1.6
static const uint8_t id_etsi_qcs_QcType[] = {0x04, 0x00, 0x8e,
0x46, 0x01, 0x06};
// python DottedOIDToCode.py id-etsi-qct-web 0.4.0.1862.1.6.3
static const uint8_t id_etsi_qct_web[] = {0x04, 0x00, 0x8e, 0x46,
0x01, 0x06, 0x03};
BackCert backCert(cert, EndEntityOrCA::MustBeEndEntity, nullptr);
if (backCert.Init() != Success) {
return false;
}
const Input* qcStatementsInput(backCert.GetQCStatements());
if (!qcStatementsInput) {
return false;
}
Reader qcStatements(*qcStatementsInput);
// QCStatements ::= SEQUENCE OF QCStatement
// QCStatement ::= SEQUENCE {
// statementId QC-STATEMENT.&Id({SupportedStatements}),
// statementInfo QC-STATEMENT.&Type
// ({SupportedStatements}{@statementId}) OPTIONAL }
//
// SupportedStatements QC-STATEMENT ::= { qcStatement-1,...}
bool foundQCComplianceStatement = false;
bool foundQCTypeStatementWithWebType = false;
mozilla::pkix::Result rv =
NestedOf(qcStatements, SEQUENCE, SEQUENCE, EmptyAllowed::No,
[&](Reader& qcStatementContents) {
Reader statementId;
mozilla::pkix::Result rv = ExpectTagAndGetValue(
qcStatementContents, OIDTag, statementId);
if (rv != Success) {
return rv;
}
if (statementId.MatchRest(id_etsi_qcs_QcCompliance)) {
foundQCComplianceStatement = true;
return End(qcStatementContents);
}
if (statementId.MatchRest(id_etsi_qcs_QcType)) {
Reader supportedStatementsContents;
rv = ExpectTagAndGetValue(qcStatementContents, SEQUENCE,
supportedStatementsContents);
if (rv != Success) {
return rv;
}
Reader supportedStatementId;
rv = ExpectTagAndGetValue(supportedStatementsContents,
OIDTag, supportedStatementId);
if (supportedStatementId.MatchRest(id_etsi_qct_web)) {
foundQCTypeStatementWithWebType = true;
}
rv = End(supportedStatementsContents);
if (rv != Success) {
return rv;
}
return End(qcStatementContents);
}
// Ignore the contents of unknown qcStatements.
qcStatementContents.SkipToEnd();
return Success;
});
if (rv != Success) {
return false;
}
if (!qcStatements.AtEnd()) {
return false;
}
return foundQCComplianceStatement && foundQCTypeStatementWithWebType;
}
// Helper function to determine if a certificate has a policy from the given
// list of acceptable policies.
bool CertHasPolicyFrom(Input cert, const nsTArray<Input>& policies) {
using namespace mozilla::pkix::der;
BackCert backCert(cert, EndEntityOrCA::MustBeEndEntity, nullptr);
if (backCert.Init() != Success) {
return false;
}
const Input* certificatePoliciesInput(backCert.GetCertificatePolicies());
if (!certificatePoliciesInput) {
return false;
}
Reader certificatePolicies(*certificatePoliciesInput);
// certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
// PolicyInformation ::= SEQUENCE {
// policyIdentifier CertPolicyId,
// ...
// }
// CertPolicyId ::= OBJECT IDENTIFIER
bool foundPolicy = false;
mozilla::pkix::Result rv =
NestedOf(certificatePolicies, SEQUENCE, SEQUENCE, EmptyAllowed::No,
[&](Reader& policyInformationContents) {
Reader policyIdentifier;
mozilla::pkix::Result rv = ExpectTagAndGetValue(
policyInformationContents, OIDTag, policyIdentifier);
if (rv != Success) {
return rv;
}
for (const auto& policy : policies) {
if (policyIdentifier.MatchRest(policy)) {
foundPolicy = true;
}
}
return Success;
});
if (rv != Success) {
return false;
}
if (!certificatePolicies.AtEnd()) {
return false;
}
return foundPolicy;
}
// For 1-QWACs, ETSI TS 119 411-5 V2.1.1 clause 6.1.2 ("Validation of QWACs")
// item 5 references clause 4.1.2, which references clause 4.1.1, which states
// that such certificates must have either the QEVCP-w or QNCP-w policy as
// specified in ETSI EN 319 411-2.
bool CertHas1QWACPolicy(Input cert) {
// QEVCP-w is itu-t(0) identified-organization(4) etsi(0)
// qualified-certificate-policies(194112) policy-identifiers(1) qcp-web (4)
// python DottedOIDToCode.py qevcp-w 0.4.0.194112.1.4
static const uint8_t qevcp_w[] = {0x04, 0x00, 0x8b, 0xec, 0x40, 0x01, 0x04};
// QNCP-w is itu-t(0) identified-organization(4) etsi(0)
// qualified-certificate-policies(194112) policy-identifiers(1) qncp-web (5)
// python DottedOIDToCode.py qncp-w 0.4.0.194112.1.5
static const uint8_t qncp_w[] = {0x04, 0x00, 0x8b, 0xec, 0x40, 0x01, 0x05};
return CertHasPolicyFrom(cert, {Input(qevcp_w), Input(qncp_w)});
}
// For 2-QWACs, ETSI TS 119 411-5 V2.1.1 clause 6.1.2 ("Validation of QWACs")
// item 5 references clause 4.2.2, which references clause 4.2.1, which states
// that such certificates must have the QNCP-w-gen policy as specified in ETSI
// EN 319 411-2.
bool CertHas2QWACPolicy(Input cert) {
// QEVCP-w-gen is itu-t(0) identified-organization(4) etsi(0)
// qualified-certificate-policies(194112) policy-identifiers(1)
// qncp-web-gen (6)
// python DottedOIDToCode.py qevcp-w-gen 0.4.0.194112.1.6
static const uint8_t qevcp_w_gen[] = {0x04, 0x00, 0x8b, 0xec,
0x40, 0x01, 0x06};
return CertHasPolicyFrom(cert, {Input(qevcp_w_gen)});
}
// ETSI TS 119 411-5 V2.1.1 states that "The 2-QWAC certificate shall be issued
// in accordance with ETSI EN 319 412-4 [4] for the relevant certificate policy
// as identified in clause 4.2.1 of the present document, except as described
// below:
// * the extKeyUsage value shall only assert the extendedKeyUsage purpose of
// id-kp-tls-binding as specified in Annex A."
// This is interpreted to mean the 2-QWAC certificate must have an
// extendedKeyUsage extension and it must contain only id-kp-tls-binding, and
// that there are no particular restrictions or requirements of the other
// certificates in the chain with regard to EKU extensions.
bool CertOnlyHasTLSBindingEKU(Input cert) {
using namespace mozilla::pkix::der;
// ETSI TS 119 411-5 V2.1.1 Annex A:
// id-tlsBinding OBJECT IDENTIFIER ::= { itu-t(0) identified-organization(4)
// etsi(0) id-qwacImplementation(194115) tls-binding (1) }
// id-kp-tls-binding OBJECT IDENTIFIER ::= { id-tlsBinding
// id-kp-tls-binding(0) }
// python DottedOIDToCode.py id-kp-tls-binding 0.4.0.194115.1.0
static const uint8_t id_kp_tls_binding[] = {0x04, 0x00, 0x8b, 0xec,
0x43, 0x01, 0x00};
BackCert backCert(cert, EndEntityOrCA::MustBeEndEntity, nullptr);
if (backCert.Init() != Success) {
return false;
}
const Input* ekuInput(backCert.GetExtKeyUsage());
if (!ekuInput) {
return false;
}
Reader eku(*ekuInput);
// Normally, the extended key usage extension is defined like so:
// ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
// KeyPurposeId ::= OBJECT IDENTIFIER
// That is, it consists of a SEQUENCE of OBJECT IDENTIFIERs, where each OID
// identifies a key purpose. However, for 2-QWACs, the EKU must consist of
// exactly one key purpose ID of id-kp-tls-binding.
mozilla::pkix::Result rv = Nested(eku, SEQUENCE, OIDTag, [&](Reader& r) {
if (r.MatchRest(id_kp_tls_binding)) {
return Success;
}
return mozilla::pkix::Result::ERROR_INADEQUATE_CERT_TYPE;
});
if (rv != Success) {
return false;
}
return eku.AtEnd();
}
nsresult VerifyQWACTask::CalculateResult() {
mozilla::psm::QWACTrustDomain trustDomain(mCollectedCerts);
nsTArray<uint8_t> certDER;
nsresult rv = mCert->GetRawDER(certDER);
if (NS_FAILED(rv)) {
return rv;
}
Input cert;
if (cert.Init(certDER.Elements(), certDER.Length()) != Success) {
return NS_ERROR_FAILURE;
}
if (!CertHasQWACSQCStatements(cert)) {
return NS_OK;
}
if (mType == nsIX509CertDB::QWACType::OneQWAC) {
if (!CertHas1QWACPolicy(cert)) {
return NS_OK;
}
} else if (mType == nsIX509CertDB::QWACType::TwoQWAC) {
if (!CertHas2QWACPolicy(cert)) {
return NS_OK;
}
if (!CertOnlyHasTLSBindingEKU(cert)) {
return NS_OK;
}
} else {
MOZ_ASSERT_UNREACHABLE("unhandled QWAC type");
return NS_ERROR_FAILURE;
}
if (BuildCertChain(trustDomain, cert, Now(), EndEntityOrCA::MustBeEndEntity,
KeyUsage::noParticularKeyUsageRequired,
KeyPurposeId::anyExtendedKeyUsage, CertPolicyId::anyPolicy,
nullptr) != Success) {
return NS_OK;
}
// For 1-QWACs, the hostname should have already been validated in the TLS
// handshake. However, this operation is not expensive, and it ensures all
// required checks have been done, in case 1-QWACs are ever re-used in a
// different context.
Input hostname;
if (hostname.Init(mozilla::BitwiseCast<const uint8_t*, const char*>(
mHostname.BeginReading()),
mHostname.Length()) != Success) {
return NS_OK;
}
// According to ETSI EN 319 412-4 V1.4.1 section 4, certificates following
// EVCP or QEVCP-w (which includes 1-QWACs) are subject to the CA/Browser
// Forum's EV Guidelines, which incorporates the Baseline Requirements.
// Certificates following QNCP-w-gen (which includes 2-QWACs) are subject to
// the Baseline Requirements with respect to the subject alternative name
// extension.
if (CheckCertHostname(cert, hostname) != Success) {
return NS_OK;
}
mVerified = true;
return NS_OK;
}
void VerifyQWACTask::CallCallback(nsresult rv) {
if (NS_FAILED(rv)) {
mPromise->MaybeReject(rv);
} else {
mPromise->MaybeResolve(mVerified);
}
}
NS_IMETHODIMP
nsNSSCertificateDB::AsyncVerifyQWAC(
QWACType aType, nsIX509Cert* aCert, const nsACString& aHostname,
const nsTArray<RefPtr<nsIX509Cert>>& aCollectedCerts, JSContext* aCx,
mozilla::dom::Promise** aPromise) {
NS_ENSURE_ARG_POINTER(aCx);
nsIGlobalObject* globalObject = xpc::CurrentNativeGlobal(aCx);
if (!globalObject) {
return NS_ERROR_UNEXPECTED;
}
mozilla::ErrorResult result;
RefPtr<Promise> promise = Promise::Create(globalObject, result);
if (result.Failed()) {
return result.StealNSResult();
}
RefPtr<VerifyQWACTask> task(
new VerifyQWACTask(aType, aCert, aHostname, aCollectedCerts, promise));
nsresult rv = task->Dispatch();
if (NS_FAILED(rv)) {
return rv;
}
promise.forget(aPromise);
return NS_OK;
}