xmltooling/security/impl/AbstractPKIXTrustEngine.cpp

   1 /*
   2  *  Copyright 2001-2007 Internet2
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 /**
  18  * AbstractPKIXTrustEngine.cpp
  19  *
  20  * A trust engine that uses X.509 trust anchors and CRLs associated with a KeyInfoSource
  21  * to perform PKIX validation of signatures and certificates.
  22  */
  23
  24 #include "internal.h"
  25 #include "logging.h"
  26 #include "security/AbstractPKIXTrustEngine.h"
  27 #include "signature/KeyInfo.h"
  28
  29 #include <openssl/x509_vfy.h>
  30 #include <openssl/x509v3.h>
  31 #include <xmltooling/security/CredentialCriteria.h>
  32 #include <xmltooling/security/CredentialResolver.h>
  33 #include <xmltooling/security/KeyInfoResolver.h>
  34 #include <xmltooling/security/OpenSSLCryptoX509CRL.h>
  35 #include <xmltooling/security/X509Credential.h>
  36 #include <xmltooling/signature/SignatureValidator.h>
  37 #include <xmltooling/util/NDC.h>
  38 #include <xercesc/util/XMLUniDefs.hpp>
  39 #include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
  40
  41 using namespace xmlsignature;
  42 using namespace xmltooling::logging;
  43 using namespace xmltooling;
  44 using namespace std;
  45
  46
  47 namespace {
  48     static int XMLTOOL_DLLLOCAL error_callback(int ok, X509_STORE_CTX* ctx)
  49     {
  50         if (!ok)
  51             Category::getInstance("OpenSSL").error("path validation failure: %s", X509_verify_cert_error_string(ctx->error));
  52         return ok;
  53     }
  54
  55     static bool XMLTOOL_DLLLOCAL validate(
  56         X509* EE,
  57         STACK_OF(X509)* untrusted,
  58         AbstractPKIXTrustEngine::PKIXValidationInfoIterator* pkixInfo,
  59         bool fullCRLChain,
  60         const vector<XSECCryptoX509CRL*>* inlineCRLs=NULL
  61         )
  62     {
  63         Category& log=Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine");
  64
  65         // First we build a stack of CA certs. These objects are all referenced in place.
  66         log.debug("supplying PKIX Validation information");
  67
  68         // We need this for CRL support.
  69         X509_STORE* store=X509_STORE_new();
  70         if (!store) {
  71             log_openssl();
  72             return false;
  73         }
  74
  75         STACK_OF(X509)* CAstack = sk_X509_new_null();
  76
  77         // This contains the state of the validate operation.
  78         int count=0;
  79         X509_STORE_CTX ctx;
  80
  81         const vector<XSECCryptoX509*>& CAcerts = pkixInfo->getTrustAnchors();
  82         for (vector<XSECCryptoX509*>::const_iterator i=CAcerts.begin(); i!=CAcerts.end(); ++i) {
  83             if ((*i)->getProviderName()==DSIGConstants::s_unicodeStrPROVOpenSSL) {
  84                 sk_X509_push(CAstack,static_cast<OpenSSLCryptoX509*>(*i)->getOpenSSLX509());
  85                 ++count;
  86             }
  87         }
  88
  89         log.debug("supplied (%d) CA certificate(s)", count);
  90
  91 #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
  92         count=0;
  93         if (inlineCRLs) {
  94             for (vector<XSECCryptoX509CRL*>::const_iterator j=inlineCRLs->begin(); j!=inlineCRLs->end(); ++j) {
  95                 if ((*j)->getProviderName()==DSIGConstants::s_unicodeStrPROVOpenSSL) {
  96                     // owned by store
  97                     X509_STORE_add_crl(store, X509_CRL_dup(static_cast<OpenSSLCryptoX509CRL*>(*j)->getOpenSSLX509CRL()));
  98                     ++count;
  99                 }
 100             }
 101         }
 102         const vector<XSECCryptoX509CRL*>& crls = pkixInfo->getCRLs();
 103         for (vector<XSECCryptoX509CRL*>::const_iterator j=crls.begin(); j!=crls.end(); ++j) {
 104             if ((*j)->getProviderName()==DSIGConstants::s_unicodeStrPROVOpenSSL) {
 105                 // owned by store
 106                 X509_STORE_add_crl(store, X509_CRL_dup(static_cast<OpenSSLCryptoX509CRL*>(*j)->getOpenSSLX509CRL()));
 107                 ++count;
 108             }
 109         }
 110         log.debug("supplied (%d) CRL(s)", count);
 111         if (count > 0)
 112             X509_STORE_set_flags(store, fullCRLChain ? (X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL) : (X509_V_FLAG_CRL_CHECK));
 113 #else
 114         if ((inlineCRLs && !inlineCRLs->empty()) || !pkixInfo->getCRLs().empty()) {
 115             log.warn("OpenSSL versions < 0.9.7 do not support CRL checking");
 116         }
 117 #endif
 118
 119         // AFAICT, EE and untrusted are passed in but not owned by the ctx.
 120 #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
 121         if (X509_STORE_CTX_init(&ctx,store,EE,untrusted)!=1) {
 122             log_openssl();
 123             log.error("unable to initialize X509_STORE_CTX");
 124             sk_X509_free(CAstack);
 125             X509_STORE_free(store);
 126             return false;
 127         }
 128 #else
 129         X509_STORE_CTX_init(&ctx,store,EE,untrusted);
 130 #endif
 131
 132         // Seems to be most efficient to just pass in the CA stack.
 133         X509_STORE_CTX_trusted_stack(&ctx,CAstack);
 134         X509_STORE_CTX_set_depth(&ctx,100);    // we check the depth down below
 135         X509_STORE_CTX_set_verify_cb(&ctx,error_callback);
 136
 137         int ret=X509_verify_cert(&ctx);
 138         if (ret==1) {
 139             // Now see if the depth was acceptable by counting the number of intermediates.
 140             int depth=sk_X509_num(ctx.chain)-2;
 141             if (pkixInfo->getVerificationDepth() < depth) {
 142                 log.error(
 143                     "certificate chain was too long (%d intermediates, only %d allowed)",
 144                     (depth==-1) ? 0 : depth,
 145                     pkixInfo->getVerificationDepth()
 146                     );
 147                 ret=0;
 148             }
 149         }
 150
 151         // Clean up...
 152         X509_STORE_CTX_cleanup(&ctx);
 153         X509_STORE_free(store);
 154         sk_X509_free(CAstack);
 155
 156         if (ret==1) {
 157             log.debug("successfully validated certificate chain");
 158             return true;
 159         }
 160
 161         return false;
 162     }
 163 };
 164
 165 AbstractPKIXTrustEngine::AbstractPKIXTrustEngine(const xercesc::DOMElement* e) : TrustEngine(e), m_fullCRLChain(false)
 166 {
 167     static XMLCh fullCRLChain[] = UNICODE_LITERAL_12(f,u,l,l,C,R,L,C,h,a,i,n);
 168     const XMLCh* flag = e ? e->getAttributeNS(NULL, fullCRLChain) : NULL;
 169     m_fullCRLChain = (flag && (*flag == xercesc::chLatin_t || *flag == xercesc::chDigit_1));
 170 }
 171
 172 bool AbstractPKIXTrustEngine::checkEntityNames(
 173     X509* certEE, const CredentialResolver& credResolver, const CredentialCriteria& criteria
 174     ) const
 175 {
 176     Category& log=Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine.PKIX");
 177
 178     // We resolve to a set of trusted credentials.
 179     vector<const Credential*> creds;
 180     credResolver.resolve(creds,&criteria);
 181
 182     // Build a list of acceptable names.
 183     set<string> trustednames;
 184     trustednames.insert(criteria.getPeerName());
 185     for (vector<const Credential*>::const_iterator cred = creds.begin(); cred!=creds.end(); ++cred)
 186         trustednames.insert((*cred)->getKeyNames().begin(), (*cred)->getKeyNames().end());
 187
 188     char buf[256];
 189     X509_NAME* subject=X509_get_subject_name(certEE);
 190     if (subject) {
 191         // One way is a direct match to the subject DN.
 192         // Seems that the way to do the compare is to write the X509_NAME into a BIO.
 193         BIO* b = BIO_new(BIO_s_mem());
 194         BIO* b2 = BIO_new(BIO_s_mem());
 195         BIO_set_mem_eof_return(b, 0);
 196         BIO_set_mem_eof_return(b2, 0);
 197         // The flags give us LDAP order instead of X.500, with a comma separator.
 198         int len=X509_NAME_print_ex(b,subject,0,XN_FLAG_RFC2253);
 199         string subjectstr,subjectstr2;
 200         BIO_flush(b);
 201         while ((len = BIO_read(b, buf, 255)) > 0) {
 202             buf[len] = '\0';
 203             subjectstr+=buf;
 204         }
 205         log.debugStream() << "certificate subject: " << subjectstr << logging::eol;
 206         // The flags give us LDAP order instead of X.500, with a comma plus space separator.
 207         len=X509_NAME_print_ex(b2,subject,0,XN_FLAG_RFC2253 + XN_FLAG_SEP_CPLUS_SPC - XN_FLAG_SEP_COMMA_PLUS);
 208         BIO_flush(b2);
 209         while ((len = BIO_read(b2, buf, 255)) > 0) {
 210             buf[len] = '\0';
 211             subjectstr2+=buf;
 212         }
 213
 214         // Check each keyname.
 215         for (set<string>::const_iterator n=trustednames.begin(); n!=trustednames.end(); n++) {
 216 #ifdef HAVE_STRCASECMP
 217             if (!strcasecmp(n->c_str(),subjectstr.c_str()) || !strcasecmp(n->c_str(),subjectstr2.c_str())) {
 218 #else
 219             if (!stricmp(n->c_str(),subjectstr.c_str()) || !stricmp(n->c_str(),subjectstr2.c_str())) {
 220 #endif
 221                 log.debug("matched full subject DN to a key name (%s)", n->c_str());
 222                 BIO_free(b);
 223                 BIO_free(b2);
 224                 return true;
 225             }
 226         }
 227         BIO_free(b);
 228         BIO_free(b2);
 229
 230         log.debug("unable to match DN, trying TLS subjectAltName match");
 231         STACK_OF(GENERAL_NAME)* altnames=(STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(certEE, NID_subject_alt_name, NULL, NULL);
 232         if (altnames) {
 233             int numalts = sk_GENERAL_NAME_num(altnames);
 234             for (int an=0; an<numalts; an++) {
 235                 const GENERAL_NAME* check = sk_GENERAL_NAME_value(altnames, an);
 236                 if (check->type==GEN_DNS || check->type==GEN_URI) {
 237                     const char* altptr = (char*)ASN1_STRING_data(check->d.ia5);
 238                     const int altlen = ASN1_STRING_length(check->d.ia5);
 239                     for (set<string>::const_iterator n=trustednames.begin(); n!=trustednames.end(); n++) {
 240 #ifdef HAVE_STRCASECMP
 241                         if ((check->type==GEN_DNS && !strncasecmp(altptr,n->c_str(),altlen))
 242 #else
 243                         if ((check->type==GEN_DNS && !strnicmp(altptr,n->c_str(),altlen))
 244 #endif
 245                                 || (check->type==GEN_URI && !strncmp(altptr,n->c_str(),altlen))) {
 246                             log.debug("matched DNS/URI subjectAltName to a key name (%s)", n->c_str());
 247                             GENERAL_NAMES_free(altnames);
 248                             return true;
 249                         }
 250                     }
 251                 }
 252             }
 253         }
 254         GENERAL_NAMES_free(altnames);
 255
 256         log.debug("unable to match subjectAltName, trying TLS CN match");
 257         memset(buf,0,sizeof(buf));
 258         if (X509_NAME_get_text_by_NID(subject,NID_commonName,buf,255)>0) {
 259             for (set<string>::const_iterator n=trustednames.begin(); n!=trustednames.end(); n++) {
 260 #ifdef HAVE_STRCASECMP
 261                 if (!strcasecmp(buf,n->c_str())) {
 262 #else
 263                 if (!stricmp(buf,n->c_str())) {
 264 #endif
 265                     log.debug("matched subject CN to a key name (%s)", n->c_str());
 266                     return true;
 267                 }
 268             }
 269         }
 270         else
 271             log.warn("no common name in certificate subject");
 272     }
 273     else
 274         log.error("certificate has no subject?!");
 275
 276     return false;
 277 }
 278
 279 bool AbstractPKIXTrustEngine::validateWithCRLs(
 280     X509* certEE,
 281     STACK_OF(X509)* certChain,
 282     const CredentialResolver& credResolver,
 283     CredentialCriteria* criteria,
 284     const std::vector<XSECCryptoX509CRL*>* inlineCRLs
 285     ) const
 286 {
 287 #ifdef _DEBUG
 288     NDC ndc("validateWithCRLs");
 289 #endif
 290     Category& log=Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine.PKIX");
 291
 292     if (!certEE) {
 293         log.error("X.509 credential was NULL, unable to perform validation");
 294         return false;
 295     }
 296
 297     if (criteria && criteria->getPeerName() && *(criteria->getPeerName())) {
 298         log.debug("checking that the certificate name is acceptable");
 299         if (criteria->getUsage()==Credential::UNSPECIFIED_CREDENTIAL)
 300             criteria->setUsage(Credential::SIGNING_CREDENTIAL);
 301         if (!checkEntityNames(certEE,credResolver,*criteria)) {
 302             log.error("certificate name was not acceptable");
 303             return false;
 304         }
 305     }
 306
 307     log.debug("performing certificate path validation...");
 308
 309     auto_ptr<PKIXValidationInfoIterator> pkix(getPKIXValidationInfoIterator(credResolver, criteria));
 310     while (pkix->next()) {
 311         if (::validate(certEE,certChain,pkix.get(),m_fullCRLChain,inlineCRLs)) {
 312             return true;
 313         }
 314     }
 315
 316     log.debug("failed to validate certificate chain using supplied PKIX information");
 317     return false;
 318 }
 319
 320 bool AbstractPKIXTrustEngine::validate(
 321     X509* certEE,
 322     STACK_OF(X509)* certChain,
 323     const CredentialResolver& credResolver,
 324     CredentialCriteria* criteria
 325     ) const
 326 {
 327     return validateWithCRLs(certEE,certChain,credResolver,criteria);
 328 }
 329
 330 bool AbstractPKIXTrustEngine::validate(
 331     XSECCryptoX509* certEE,
 332     const vector<XSECCryptoX509*>& certChain,
 333     const CredentialResolver& credResolver,
 334     CredentialCriteria* criteria
 335     ) const
 336 {
 337 #ifdef _DEBUG
 338         NDC ndc("validate");
 339 #endif
 340     if (!certEE) {
 341         Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine.PKIX").error("X.509 credential was NULL, unable to perform validation");
 342         return false;
 343     }
 344     else if (certEE->getProviderName()!=DSIGConstants::s_unicodeStrPROVOpenSSL) {
 345         Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine.PKIX").error("only the OpenSSL XSEC provider is supported");
 346         return false;
 347     }
 348
 349     STACK_OF(X509)* untrusted=sk_X509_new_null();
 350     for (vector<XSECCryptoX509*>::const_iterator i=certChain.begin(); i!=certChain.end(); ++i)
 351         sk_X509_push(untrusted,static_cast<OpenSSLCryptoX509*>(*i)->getOpenSSLX509());
 352
 353     bool ret = validate(static_cast<OpenSSLCryptoX509*>(certEE)->getOpenSSLX509(), untrusted, credResolver, criteria);
 354     sk_X509_free(untrusted);
 355     return ret;
 356 }
 357
 358 bool AbstractPKIXTrustEngine::validate(
 359     Signature& sig,
 360     const CredentialResolver& credResolver,
 361     CredentialCriteria* criteria
 362     ) const
 363 {
 364 #ifdef _DEBUG
 365     NDC ndc("validate");
 366 #endif
 367     Category& log=Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine.PKIX");
 368
 369     const KeyInfoResolver* inlineResolver = m_keyInfoResolver;
 370     if (!inlineResolver)
 371         inlineResolver = XMLToolingConfig::getConfig().getKeyInfoResolver();
 372     if (!inlineResolver) {
 373         log.error("unable to perform PKIX validation, no KeyInfoResolver available");
 374         return false;
 375     }
 376
 377     // Pull the certificate chain out of the signature.
 378     X509Credential* x509cred;
 379     auto_ptr<Credential> cred(inlineResolver->resolve(&sig,X509Credential::RESOLVE_CERTS|X509Credential::RESOLVE_CRLS));
 380     if (!cred.get() || !(x509cred=dynamic_cast<X509Credential*>(cred.get()))) {
 381         log.error("unable to perform PKIX validation, signature does not contain any certificates");
 382         return false;
 383     }
 384     const vector<XSECCryptoX509*>& certs = x509cred->getEntityCertificateChain();
 385     if (certs.empty()) {
 386         log.error("unable to perform PKIX validation, signature does not contain any certificates");
 387         return false;
 388     }
 389
 390     log.debug("validating signature using certificate from within the signature");
 391
 392     // Find and save off a pointer to the certificate that unlocks the object.
 393     // Most of the time, this will be the first one anyway.
 394     XSECCryptoX509* certEE=NULL;
 395     SignatureValidator keyValidator;
 396     for (vector<XSECCryptoX509*>::const_iterator i=certs.begin(); !certEE && i!=certs.end(); ++i) {
 397         try {
 398             auto_ptr<XSECCryptoKey> key((*i)->clonePublicKey());
 399             keyValidator.setKey(key.get());
 400             keyValidator.validate(&sig);
 401             log.debug("signature verified with key inside signature, attempting certificate validation...");
 402             certEE=(*i);
 403         }
 404         catch (ValidationException& ex) {
 405             log.debug(ex.what());
 406         }
 407     }
 408
 409     if (!certEE) {
 410         log.debug("failed to verify signature with embedded certificates");
 411         return false;
 412     }
 413     else if (certEE->getProviderName()!=DSIGConstants::s_unicodeStrPROVOpenSSL) {
 414         log.error("only the OpenSSL XSEC provider is supported");
 415         return false;
 416     }
 417
 418     STACK_OF(X509)* untrusted=sk_X509_new_null();
 419     for (vector<XSECCryptoX509*>::const_iterator i=certs.begin(); i!=certs.end(); ++i)
 420         sk_X509_push(untrusted,static_cast<OpenSSLCryptoX509*>(*i)->getOpenSSLX509());
 421     const vector<XSECCryptoX509CRL*>& crls = x509cred->getCRLs();
 422     bool ret = validateWithCRLs(static_cast<OpenSSLCryptoX509*>(certEE)->getOpenSSLX509(), untrusted, credResolver, criteria, &crls);
 423     sk_X509_free(untrusted);
 424     return ret;
 425 }
 426
 427 bool AbstractPKIXTrustEngine::validate(
 428     const XMLCh* sigAlgorithm,
 429     const char* sig,
 430     KeyInfo* keyInfo,
 431     const char* in,
 432     unsigned int in_len,
 433     const CredentialResolver& credResolver,
 434     CredentialCriteria* criteria
 435     ) const
 436 {
 437 #ifdef _DEBUG
 438     NDC ndc("validate");
 439 #endif
 440     Category& log=Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine.PKIX");
 441
 442     if (!keyInfo) {
 443         log.error("unable to perform PKIX validation, KeyInfo not present");
 444         return false;
 445     }
 446
 447     const KeyInfoResolver* inlineResolver = m_keyInfoResolver;
 448     if (!inlineResolver)
 449         inlineResolver = XMLToolingConfig::getConfig().getKeyInfoResolver();
 450     if (!inlineResolver) {
 451         log.error("unable to perform PKIX validation, no KeyInfoResolver available");
 452         return false;
 453     }
 454
 455     // Pull the certificate chain out of the signature.
 456     X509Credential* x509cred;
 457     auto_ptr<Credential> cred(inlineResolver->resolve(keyInfo,X509Credential::RESOLVE_CERTS));
 458     if (!cred.get() || !(x509cred=dynamic_cast<X509Credential*>(cred.get()))) {
 459         log.error("unable to perform PKIX validation, KeyInfo does not contain any certificates");
 460         return false;
 461     }
 462     const vector<XSECCryptoX509*>& certs = x509cred->getEntityCertificateChain();
 463     if (certs.empty()) {
 464         log.error("unable to perform PKIX validation, KeyInfo does not contain any certificates");
 465         return false;
 466     }
 467
 468     log.debug("validating signature using certificate from within KeyInfo");
 469
 470     // Find and save off a pointer to the certificate that unlocks the object.
 471     // Most of the time, this will be the first one anyway.
 472     XSECCryptoX509* certEE=NULL;
 473     for (vector<XSECCryptoX509*>::const_iterator i=certs.begin(); !certEE && i!=certs.end(); ++i) {
 474         try {
 475             auto_ptr<XSECCryptoKey> key((*i)->clonePublicKey());
 476             if (Signature::verifyRawSignature(key.get(), sigAlgorithm, sig, in, in_len)) {
 477                 log.debug("signature verified with key inside signature, attempting certificate validation...");
 478                 certEE=(*i);
 479             }
 480         }
 481         catch (SignatureException& ex) {
 482             log.debug(ex.what());
 483         }
 484     }
 485
 486     if (certEE)
 487         return validate(certEE,certs,credResolver,criteria);
 488
 489     log.debug("failed to verify signature with embedded certificates");
 490     return false;
 491 }