1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
|
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsIX509CertDB.h"
#include "CryptoTask.h"
#include "QWACTrustDomain.h"
#include "mozilla/dom/Promise.h"
#include "mozpkix/pkix.h"
#include "mozpkix/pkixder.h"
#include "mozpkix/pkixnss.h"
#include "mozpkix/pkixtypes.h"
#include "mozpkix/pkixutil.h"
#include "nsIX509Cert.h"
#include "nsNSSCertificateDB.h"
using namespace mozilla::pkix;
using namespace mozilla::psm;
using mozilla::dom::Promise;
class VerifyQWACTask : public mozilla::CryptoTask {
public:
VerifyQWACTask(nsIX509CertDB::QWACType aType, nsIX509Cert* aCert,
const nsACString& aHostname,
const nsTArray<RefPtr<nsIX509Cert>>& aCollectedCerts,
RefPtr<Promise>& aPromise)
: mType(aType),
mCert(aCert),
mHostname(aHostname),
mCollectedCerts(aCollectedCerts.Clone()),
mPromise(new nsMainThreadPtrHolder<Promise>("VerifyQWACTask::mPromise",
aPromise)),
mVerified(false) {}
private:
virtual nsresult CalculateResult() override;
virtual void CallCallback(nsresult rv) override;
nsIX509CertDB::QWACType mType;
RefPtr<nsIX509Cert> mCert;
nsCString mHostname;
nsTArray<RefPtr<nsIX509Cert>> mCollectedCerts;
nsMainThreadPtrHandle<Promise> mPromise;
bool mVerified;
};
// Does this certificate have the correct qcStatements ("qualified certificate
// statements") to be a QWAC ("qualified website authentication certificate")?
// ETSI EN 319 412-5 Clauses 4.2.1 and 4.2.3 state that a certificate issued in
// compliance with Annex IV of Regulation (EU) No 910/2014 (i.e. a QWAC) has
// 1) a QCStatement with statementId equal to id-etsi-qsc-QcCompliance and
// an omitted statementInfo, and
// 2) a QCStatement with statementId equal to id-etsi-qcs-QcType and a
// statementInfo of length one that contains the id-etsi-qct-web
// identifier.
bool CertHasQWACSQCStatements(Input cert) {
using namespace mozilla::pkix::der;
// python DottedOIDToCode.py id-etsi-qcs-QcCompliance 0.4.0.1862.1.1
static const uint8_t id_etsi_qcs_QcCompliance[] = {0x04, 0x00, 0x8e,
0x46, 0x01, 0x01};
// python DottedOIDToCode.py id-etsi-qcs-QcType 0.4.0.1862.1.6
static const uint8_t id_etsi_qcs_QcType[] = {0x04, 0x00, 0x8e,
0x46, 0x01, 0x06};
// python DottedOIDToCode.py id-etsi-qct-web 0.4.0.1862.1.6.3
static const uint8_t id_etsi_qct_web[] = {0x04, 0x00, 0x8e, 0x46,
0x01, 0x06, 0x03};
BackCert backCert(cert, EndEntityOrCA::MustBeEndEntity, nullptr);
if (backCert.Init() != Success) {
return false;
}
const Input* qcStatementsInput(backCert.GetQCStatements());
if (!qcStatementsInput) {
return false;
}
Reader qcStatements(*qcStatementsInput);
// QCStatements ::= SEQUENCE OF QCStatement
// QCStatement ::= SEQUENCE {
// statementId QC-STATEMENT.&Id({SupportedStatements}),
// statementInfo QC-STATEMENT.&Type
// ({SupportedStatements}{@statementId}) OPTIONAL }
//
// SupportedStatements QC-STATEMENT ::= { qcStatement-1,...}
bool foundQCComplianceStatement = false;
bool foundQCTypeStatementWithWebType = false;
mozilla::pkix::Result rv =
NestedOf(qcStatements, SEQUENCE, SEQUENCE, EmptyAllowed::No,
[&](Reader& qcStatementContents) {
Reader statementId;
mozilla::pkix::Result rv = ExpectTagAndGetValue(
qcStatementContents, OIDTag, statementId);
if (rv != Success) {
return rv;
}
if (statementId.MatchRest(id_etsi_qcs_QcCompliance)) {
foundQCComplianceStatement = true;
return End(qcStatementContents);
}
if (statementId.MatchRest(id_etsi_qcs_QcType)) {
Reader supportedStatementsContents;
rv = ExpectTagAndGetValue(qcStatementContents, SEQUENCE,
supportedStatementsContents);
if (rv != Success) {
return rv;
}
Reader supportedStatementId;
rv = ExpectTagAndGetValue(supportedStatementsContents,
OIDTag, supportedStatementId);
if (supportedStatementId.MatchRest(id_etsi_qct_web)) {
foundQCTypeStatementWithWebType = true;
}
rv = End(supportedStatementsContents);
if (rv != Success) {
return rv;
}
return End(qcStatementContents);
}
// Ignore the contents of unknown qcStatements.
qcStatementContents.SkipToEnd();
return Success;
});
if (rv != Success) {
return false;
}
if (!qcStatements.AtEnd()) {
return false;
}
return foundQCComplianceStatement && foundQCTypeStatementWithWebType;
}
// Helper function to determine if a certificate has a policy from the given
// list of acceptable policies.
bool CertHasPolicyFrom(Input cert, const nsTArray<Input>& policies) {
using namespace mozilla::pkix::der;
BackCert backCert(cert, EndEntityOrCA::MustBeEndEntity, nullptr);
if (backCert.Init() != Success) {
return false;
}
const Input* certificatePoliciesInput(backCert.GetCertificatePolicies());
if (!certificatePoliciesInput) {
return false;
}
Reader certificatePolicies(*certificatePoliciesInput);
// certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
// PolicyInformation ::= SEQUENCE {
// policyIdentifier CertPolicyId,
// ...
// }
// CertPolicyId ::= OBJECT IDENTIFIER
bool foundPolicy = false;
mozilla::pkix::Result rv =
NestedOf(certificatePolicies, SEQUENCE, SEQUENCE, EmptyAllowed::No,
[&](Reader& policyInformationContents) {
Reader policyIdentifier;
mozilla::pkix::Result rv = ExpectTagAndGetValue(
policyInformationContents, OIDTag, policyIdentifier);
if (rv != Success) {
return rv;
}
for (const auto& policy : policies) {
if (policyIdentifier.MatchRest(policy)) {
foundPolicy = true;
}
}
return Success;
});
if (rv != Success) {
return false;
}
if (!certificatePolicies.AtEnd()) {
return false;
}
return foundPolicy;
}
// For 1-QWACs, ETSI TS 119 411-5 V2.1.1 clause 6.1.2 ("Validation of QWACs")
// item 5 references clause 4.1.2, which references clause 4.1.1, which states
// that such certificates must have either the QEVCP-w or QNCP-w policy as
// specified in ETSI EN 319 411-2.
bool CertHas1QWACPolicy(Input cert) {
// QEVCP-w is itu-t(0) identified-organization(4) etsi(0)
// qualified-certificate-policies(194112) policy-identifiers(1) qcp-web (4)
// python DottedOIDToCode.py qevcp-w 0.4.0.194112.1.4
static const uint8_t qevcp_w[] = {0x04, 0x00, 0x8b, 0xec, 0x40, 0x01, 0x04};
// QNCP-w is itu-t(0) identified-organization(4) etsi(0)
// qualified-certificate-policies(194112) policy-identifiers(1) qncp-web (5)
// python DottedOIDToCode.py qncp-w 0.4.0.194112.1.5
static const uint8_t qncp_w[] = {0x04, 0x00, 0x8b, 0xec, 0x40, 0x01, 0x05};
return CertHasPolicyFrom(cert, {Input(qevcp_w), Input(qncp_w)});
}
// For 2-QWACs, ETSI TS 119 411-5 V2.1.1 clause 6.1.2 ("Validation of QWACs")
// item 5 references clause 4.2.2, which references clause 4.2.1, which states
// that such certificates must have the QNCP-w-gen policy as specified in ETSI
// EN 319 411-2.
bool CertHas2QWACPolicy(Input cert) {
// QEVCP-w-gen is itu-t(0) identified-organization(4) etsi(0)
// qualified-certificate-policies(194112) policy-identifiers(1)
// qncp-web-gen (6)
// python DottedOIDToCode.py qevcp-w-gen 0.4.0.194112.1.6
static const uint8_t qevcp_w_gen[] = {0x04, 0x00, 0x8b, 0xec,
0x40, 0x01, 0x06};
return CertHasPolicyFrom(cert, {Input(qevcp_w_gen)});
}
// ETSI TS 119 411-5 V2.1.1 states that "The 2-QWAC certificate shall be issued
// in accordance with ETSI EN 319 412-4 [4] for the relevant certificate policy
// as identified in clause 4.2.1 of the present document, except as described
// below:
// * the extKeyUsage value shall only assert the extendedKeyUsage purpose of
// id-kp-tls-binding as specified in Annex A."
// This is interpreted to mean the 2-QWAC certificate must have an
// extendedKeyUsage extension and it must contain only id-kp-tls-binding, and
// that there are no particular restrictions or requirements of the other
// certificates in the chain with regard to EKU extensions.
bool CertOnlyHasTLSBindingEKU(Input cert) {
using namespace mozilla::pkix::der;
// ETSI TS 119 411-5 V2.1.1 Annex A:
// id-tlsBinding OBJECT IDENTIFIER ::= { itu-t(0) identified-organization(4)
// etsi(0) id-qwacImplementation(194115) tls-binding (1) }
// id-kp-tls-binding OBJECT IDENTIFIER ::= { id-tlsBinding
// id-kp-tls-binding(0) }
// python DottedOIDToCode.py id-kp-tls-binding 0.4.0.194115.1.0
static const uint8_t id_kp_tls_binding[] = {0x04, 0x00, 0x8b, 0xec,
0x43, 0x01, 0x00};
BackCert backCert(cert, EndEntityOrCA::MustBeEndEntity, nullptr);
if (backCert.Init() != Success) {
return false;
}
const Input* ekuInput(backCert.GetExtKeyUsage());
if (!ekuInput) {
return false;
}
Reader eku(*ekuInput);
// Normally, the extended key usage extension is defined like so:
// ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
// KeyPurposeId ::= OBJECT IDENTIFIER
// That is, it consists of a SEQUENCE of OBJECT IDENTIFIERs, where each OID
// identifies a key purpose. However, for 2-QWACs, the EKU must consist of
// exactly one key purpose ID of id-kp-tls-binding.
mozilla::pkix::Result rv = Nested(eku, SEQUENCE, OIDTag, [&](Reader& r) {
if (r.MatchRest(id_kp_tls_binding)) {
return Success;
}
return mozilla::pkix::Result::ERROR_INADEQUATE_CERT_TYPE;
});
if (rv != Success) {
return false;
}
return eku.AtEnd();
}
nsresult VerifyQWACTask::CalculateResult() {
mozilla::psm::QWACTrustDomain trustDomain(mCollectedCerts);
nsTArray<uint8_t> certDER;
nsresult rv = mCert->GetRawDER(certDER);
if (NS_FAILED(rv)) {
return rv;
}
Input cert;
if (cert.Init(certDER.Elements(), certDER.Length()) != Success) {
return NS_ERROR_FAILURE;
}
if (!CertHasQWACSQCStatements(cert)) {
return NS_OK;
}
if (mType == nsIX509CertDB::QWACType::OneQWAC) {
if (!CertHas1QWACPolicy(cert)) {
return NS_OK;
}
} else if (mType == nsIX509CertDB::QWACType::TwoQWAC) {
if (!CertHas2QWACPolicy(cert)) {
return NS_OK;
}
if (!CertOnlyHasTLSBindingEKU(cert)) {
return NS_OK;
}
} else {
MOZ_ASSERT_UNREACHABLE("unhandled QWAC type");
return NS_ERROR_FAILURE;
}
if (BuildCertChain(trustDomain, cert, Now(), EndEntityOrCA::MustBeEndEntity,
KeyUsage::noParticularKeyUsageRequired,
KeyPurposeId::anyExtendedKeyUsage, CertPolicyId::anyPolicy,
nullptr) != Success) {
return NS_OK;
}
// For 1-QWACs, the hostname should have already been validated in the TLS
// handshake. However, this operation is not expensive, and it ensures all
// required checks have been done, in case 1-QWACs are ever re-used in a
// different context.
Input hostname;
if (hostname.Init(mozilla::BitwiseCast<const uint8_t*, const char*>(
mHostname.BeginReading()),
mHostname.Length()) != Success) {
return NS_OK;
}
// According to ETSI EN 319 412-4 V1.4.1 section 4, certificates following
// EVCP or QEVCP-w (which includes 1-QWACs) are subject to the CA/Browser
// Forum's EV Guidelines, which incorporates the Baseline Requirements.
// Certificates following QNCP-w-gen (which includes 2-QWACs) are subject to
// the Baseline Requirements with respect to the subject alternative name
// extension.
if (CheckCertHostname(cert, hostname) != Success) {
return NS_OK;
}
mVerified = true;
return NS_OK;
}
void VerifyQWACTask::CallCallback(nsresult rv) {
if (NS_FAILED(rv)) {
mPromise->MaybeReject(rv);
} else {
mPromise->MaybeResolve(mVerified);
}
}
NS_IMETHODIMP
nsNSSCertificateDB::AsyncVerifyQWAC(
QWACType aType, nsIX509Cert* aCert, const nsACString& aHostname,
const nsTArray<RefPtr<nsIX509Cert>>& aCollectedCerts, JSContext* aCx,
mozilla::dom::Promise** aPromise) {
NS_ENSURE_ARG_POINTER(aCx);
nsIGlobalObject* globalObject = xpc::CurrentNativeGlobal(aCx);
if (!globalObject) {
return NS_ERROR_UNEXPECTED;
}
mozilla::ErrorResult result;
RefPtr<Promise> promise = Promise::Create(globalObject, result);
if (result.Failed()) {
return result.StealNSResult();
}
RefPtr<VerifyQWACTask> task(
new VerifyQWACTask(aType, aCert, aHostname, aCollectedCerts, promise));
nsresult rv = task->Dispatch();
if (NS_FAILED(rv)) {
return rv;
}
promise.forget(aPromise);
return NS_OK;
}
|
