search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
agent/
[gnupg.git] / sm / certchain.c
blobe9a1aadfad4601f9686699f24dde75c94c8a050b
1 /* certchain.c - certificate chain validation
2 * Copyright (C) 2001, 2002, 2003, 2004, 2005,
3 * 2006, 2007, 2008 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <errno.h>
26 #include <unistd.h>
27 #include <time.h>
28 #include <stdarg.h>
29 #include <assert.h>
30
31 #define JNLIB_NEED_LOG_LOGV /* We need log_logv. */
32
33 #include "gpgsm.h"
34 #include <gcrypt.h>
35 #include <ksba.h>
36
37 #include "keydb.h"
38 #include "../kbx/keybox.h" /* for KEYBOX_FLAG_* */
39 #include "i18n.h"
40 #include "tlv.h"
41
42
43 /* Object to keep track of certain root certificates. */
44 struct marktrusted_info_s
45 {
46 struct marktrusted_info_s *next;
47 unsigned char fpr[20];
48 };
49 static struct marktrusted_info_s *marktrusted_info;
50
51
52 /* While running the validation function we want to keep track of the
53 certificates in the chain. This type is used for that. */
54 struct chain_item_s
55 {
56 struct chain_item_s *next;
57 ksba_cert_t cert; /* The certificate. */
58 int is_root; /* The certificate is the root certificate. */
59 };
60 typedef struct chain_item_s *chain_item_t;
61
62
63 static int is_root_cert (ksba_cert_t cert,
64 const char *issuerdn, const char *subjectdn);
65 static int get_regtp_ca_info (ctrl_t ctrl, ksba_cert_t cert, int *chainlen);
66
67
68 /* This function returns true if we already asked during this session
69 whether the root certificate CERT shall be marked as trusted. */
70 static int
71 already_asked_marktrusted (ksba_cert_t cert)
72 {
73 unsigned char fpr[20];
74 struct marktrusted_info_s *r;
75
76 gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, fpr, NULL);
77 /* No context switches in the loop! */
78 for (r=marktrusted_info; r; r= r->next)
79 if (!memcmp (r->fpr, fpr, 20))
80 return 1;
81 return 0;
82 }
83
84 /* Flag certificate CERT as already asked whether it shall be marked
85 as trusted. */
86 static void
87 set_already_asked_marktrusted (ksba_cert_t cert)
88 {
89 unsigned char fpr[20];
90 struct marktrusted_info_s *r;
91
92 gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, fpr, NULL);
93 for (r=marktrusted_info; r; r= r->next)
94 if (!memcmp (r->fpr, fpr, 20))
95 return; /* Already marked. */
96 r = xtrycalloc (1, sizeof *r);
97 if (!r)
98 return;
99 memcpy (r->fpr, fpr, 20);
100 r->next = marktrusted_info;
101 marktrusted_info = r;
102 }
103
104 /* If LISTMODE is true, print FORMAT using LISTMODE to FP. If
105 LISTMODE is false, use the string to print an log_info or, if
106 IS_ERROR is true, and log_error. */
107 static void
108 do_list (int is_error, int listmode, estream_t fp, const char *format, ...)
109 {
110 va_list arg_ptr;
111
112 va_start (arg_ptr, format) ;
113 if (listmode)
114 {
115 if (fp)
116 {
117 es_fputs (" [", fp);
118 es_vfprintf (fp, format, arg_ptr);
119 es_fputs ("]\n", fp);
120 }
121 }
122 else
123 {
124 log_logv (is_error? JNLIB_LOG_ERROR: JNLIB_LOG_INFO, format, arg_ptr);
125 log_printf ("\n");
126 }
127 va_end (arg_ptr);
128 }
129
130 /* Return 0 if A and B are equal. */
131 static int
132 compare_certs (ksba_cert_t a, ksba_cert_t b)
133 {
134 const unsigned char *img_a, *img_b;
135 size_t len_a, len_b;
136
137 img_a = ksba_cert_get_image (a, &len_a);
138 if (!img_a)
139 return 1;
140 img_b = ksba_cert_get_image (b, &len_b);
141 if (!img_b)
142 return 1;
143 return !(len_a == len_b && !memcmp (img_a, img_b, len_a));
144 }
145
146
147 /* Return true if CERT has the validityModel extensions and defines
148 the use of the chain model. */
149 static int
150 has_validation_model_chain (ksba_cert_t cert, int listmode, estream_t listfp)
151 {
152 gpg_error_t err;
153 int idx, yes;
154 const char *oid;
155 size_t off, derlen, objlen, hdrlen;
156 const unsigned char *der;
157 int class, tag, constructed, ndef;
158 char *oidbuf;
159
160 for (idx=0; !(err=ksba_cert_get_extension (cert, idx,
161 &oid, NULL, &off, &derlen));idx++)
162 if (!strcmp (oid, "1.3.6.1.4.1.8301.3.5") )
163 break;
164 if (err)
165 return 0; /* Not found. */
166 der = ksba_cert_get_image (cert, NULL);
167 if (!der)
168 {
169 err = gpg_error (GPG_ERR_INV_OBJ); /* Oops */
170 goto leave;
171 }
172 der += off;
173
174 err = parse_ber_header (&der, &derlen, &class, &tag, &constructed,
175 &ndef, &objlen, &hdrlen);
176 if (!err && (objlen > derlen || tag != TAG_SEQUENCE))
177 err = gpg_error (GPG_ERR_INV_OBJ);
178 if (err)
179 goto leave;
180 derlen = objlen;
181 err = parse_ber_header (&der, &derlen, &class, &tag, &constructed,
182 &ndef, &objlen, &hdrlen);
183 if (!err && (objlen > derlen || tag != TAG_OBJECT_ID))
184 err = gpg_error (GPG_ERR_INV_OBJ);
185 if (err)
186 goto leave;
187 oidbuf = ksba_oid_to_str (der, objlen);
188 if (!oidbuf)
189 {
190 err = gpg_error_from_syserror ();
191 goto leave;
192 }
193
194 if (opt.verbose)
195 do_list (0, listmode, listfp,
196 _("validation model requested by certificate: %s"),
197 !strcmp (oidbuf, "1.3.6.1.4.1.8301.3.5.1")? _("chain") :
198 !strcmp (oidbuf, "1.3.6.1.4.1.8301.3.5.2")? _("shell") :
199 /* */ oidbuf);
200 yes = !strcmp (oidbuf, "1.3.6.1.4.1.8301.3.5.1");
201 ksba_free (oidbuf);
202 return yes;
203
204
205 leave:
206 log_error ("error parsing validityModel: %s\n", gpg_strerror (err));
207 return 0;
208 }
209
210
211
212 static int
213 unknown_criticals (ksba_cert_t cert, int listmode, estream_t fp)
214 {
215 static const char *known[] = {
216 "2.5.29.15", /* keyUsage */
217 "2.5.29.17", /* subjectAltName
218 Japanese DoCoMo certs mark them as critical. PKIX
219 only requires them as critical if subjectName is
220 empty. I don't know whether our code gracefully
221 handles such empry subjectNames but that is
222 another story. */
223 "2.5.29.19", /* basic Constraints */
224 "2.5.29.32", /* certificatePolicies */
225 "2.5.29.37", /* extendedKeyUsage - handled by certlist.c */
226 "1.3.6.1.4.1.8301.3.5", /* validityModel - handled here. */
227 NULL
228 };
229 int rc = 0, i, idx, crit;
230 const char *oid;
231 gpg_error_t err;
232
233 for (idx=0; !(err=ksba_cert_get_extension (cert, idx,
234 &oid, &crit, NULL, NULL));idx++)
235 {
236 if (!crit)
237 continue;
238 for (i=0; known[i] && strcmp (known[i],oid); i++)
239 ;
240 if (!known[i])
241 {
242 do_list (1, listmode, fp,
243 _("critical certificate extension %s is not supported"),
244 oid);
245 rc = gpg_error (GPG_ERR_UNSUPPORTED_CERT);
246 }
247 }
248 /* We ignore the error codes EOF as well as no-value. The later will
249 occur for certificates with no extensions at all. */
250 if (err
251 && gpg_err_code (err) != GPG_ERR_EOF
252 && gpg_err_code (err) != GPG_ERR_NO_VALUE)
253 rc = err;
254
255 return rc;
256 }
257
258
259 /* Check whether CERT is an allowed certificate. This requires that
260 CERT matches all requirements for such a CA, i.e. the
261 BasicConstraints extension. The function returns 0 on success and
262 the awlloed length of the chain at CHAINLEN. */
263 static int
264 allowed_ca (ctrl_t ctrl,
265 ksba_cert_t cert, int *chainlen, int listmode, estream_t fp)
266 {
267 gpg_error_t err;
268 int flag;
269
270 err = ksba_cert_is_ca (cert, &flag, chainlen);
271 if (err)
272 return err;
273 if (!flag)
274 {
275 if (get_regtp_ca_info (ctrl, cert, chainlen))
276 {
277 /* Note that dirmngr takes a different way to cope with such
278 certs. */
279 return 0; /* RegTP issued certificate. */
280 }
281
282 do_list (1, listmode, fp,_("issuer certificate is not marked as a CA"));
283 return gpg_error (GPG_ERR_BAD_CA_CERT);
284 }
285 return 0;
286 }
287
288
289 static int
290 check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
291 {
292 gpg_error_t err;
293 char *policies;
294 FILE *fp;
295 int any_critical;
296
297 err = ksba_cert_get_cert_policies (cert, &policies);
298 if (gpg_err_code (err) == GPG_ERR_NO_DATA)
299 return 0; /* No policy given. */
300 if (err)
301 return err;
302
303 /* STRING is a line delimited list of certificate policies as stored
304 in the certificate. The line itself is colon delimited where the
305 first field is the OID of the policy and the second field either
306 N or C for normal or critical extension */
307
308 if (opt.verbose > 1 && !listmode)
309 log_info ("certificate's policy list: %s\n", policies);
310
311 /* The check is very minimal but won't give false positives */
312 any_critical = !!strstr (policies, ":C");
313
314 if (!opt.policy_file)
315 {
316 xfree (policies);
317 if (any_critical)
318 {
319 do_list (1, listmode, fplist,
320 _("critical marked policy without configured policies"));
321 return gpg_error (GPG_ERR_NO_POLICY_MATCH);
322 }
323 return 0;
324 }
325
326 fp = fopen (opt.policy_file, "r");
327 if (!fp)
328 {
329 if (opt.verbose || errno != ENOENT)
330 log_info (_("failed to open `%s': %s\n"),
331 opt.policy_file, strerror (errno));
332 xfree (policies);
333 /* With no critical policies this is only a warning */
334 if (!any_critical)
335 {
336 if (!opt.quiet)
337 do_list (0, listmode, fplist,
338 _("note: non-critical certificate policy not allowed"));
339 return 0;
340 }
341 do_list (1, listmode, fplist,
342 _("certificate policy not allowed"));
343 return gpg_error (GPG_ERR_NO_POLICY_MATCH);
344 }
345
346 for (;;)
347 {
348 int c;
349 char *p, line[256];
350 char *haystack, *allowed;
351
352 /* read line */
353 do
354 {
355 if (!fgets (line, DIM(line)-1, fp) )
356 {
357 gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
358
359 xfree (policies);
360 if (feof (fp))
361 {
362 fclose (fp);
363 /* With no critical policies this is only a warning */
364 if (!any_critical)
365 {
366 do_list (0, listmode, fplist,
367 _("note: non-critical certificate policy not allowed"));
368 return 0;
369 }
370 do_list (1, listmode, fplist,
371 _("certificate policy not allowed"));
372 return gpg_error (GPG_ERR_NO_POLICY_MATCH);
373 }
374 fclose (fp);
375 return tmperr;
376 }
377
378 if (!*line || line[strlen(line)-1] != '\n')
379 {
380 /* eat until end of line */
381 while ( (c=getc (fp)) != EOF && c != '\n')
382 ;
383 fclose (fp);
384 xfree (policies);
385 return gpg_error (*line? GPG_ERR_LINE_TOO_LONG
386 : GPG_ERR_INCOMPLETE_LINE);
387 }
388
389 /* Allow for empty lines and spaces */
390 for (p=line; spacep (p); p++)
391 ;
392 }
393 while (!*p || *p == '\n' || *p == '#');
394
395 /* parse line */
396 for (allowed=line; spacep (allowed); allowed++)
397 ;
398 p = strpbrk (allowed, " :\n");
399 if (!*p || p == allowed)
400 {
401 fclose (fp);
402 xfree (policies);
403 return gpg_error (GPG_ERR_CONFIGURATION);
404 }
405 *p = 0; /* strip the rest of the line */
406 /* See whether we find ALLOWED (which is an OID) in POLICIES */
407 for (haystack=policies; (p=strstr (haystack, allowed)); haystack = p+1)
408 {
409 if ( !(p == policies || p[-1] == '\n') )
410 continue; /* Does not match the begin of a line. */
411 if (p[strlen (allowed)] != ':')
412 continue; /* The length does not match. */
413 /* Yep - it does match so return okay. */
414 fclose (fp);
415 xfree (policies);
416 return 0;
417 }
418 }
419 }
420
421
422 /* Helper function for find_up. This resets the key handle and search
423 for an issuer ISSUER with a subjectKeyIdentifier of KEYID. Returns
424 0 on success or -1 when not found. */
425 static int
426 find_up_search_by_keyid (KEYDB_HANDLE kh,
427 const char *issuer, ksba_sexp_t keyid)
428 {
429 int rc;
430 ksba_cert_t cert = NULL;
431 ksba_sexp_t subj = NULL;
432
433 keydb_search_reset (kh);
434 while (!(rc = keydb_search_subject (kh, issuer)))
435 {
436 ksba_cert_release (cert); cert = NULL;
437 rc = keydb_get_cert (kh, &cert);
438 if (rc)
439 {
440 log_error ("keydb_get_cert() failed: rc=%d\n", rc);
441 rc = -1;
442 break;
443 }
444 xfree (subj);
445 if (!ksba_cert_get_subj_key_id (cert, NULL, &subj))
446 {
447 if (!cmp_simple_canon_sexp (keyid, subj))
448 break; /* Found matching cert. */
449 }
450 }
451
452 ksba_cert_release (cert);
453 xfree (subj);
454 return rc? -1:0;
455 }
456
457
458 static void
459 find_up_store_certs_cb (void *cb_value, ksba_cert_t cert)
460 {
461 if (keydb_store_cert (cert, 1, NULL))
462 log_error ("error storing issuer certificate as ephemeral\n");
463 ++*(int*)cb_value;
464 }
465
466
467 /* Helper for find_up(). Locate the certificate for ISSUER using an
468 external lookup. KH is the keydb context we are currently using.
469 On success 0 is returned and the certificate may be retrieved from
470 the keydb using keydb_get_cert(). KEYID is the keyIdentifier from
471 the AKI or NULL. */
472 static int
473 find_up_external (ctrl_t ctrl, KEYDB_HANDLE kh,
474 const char *issuer, ksba_sexp_t keyid)
475 {
476 int rc;
477 strlist_t names = NULL;
478 int count = 0;
479 char *pattern;
480 const char *s;
481
482 if (opt.verbose)
483 log_info (_("looking up issuer at external location\n"));
484 /* The Dirmngr process is confused about unknown attributes. As a
485 quick and ugly hack we locate the CN and use the issuer string
486 starting at this attribite. Fixme: we should have far better
487 parsing for external lookups in the Dirmngr. */
488 s = strstr (issuer, "CN=");
489 if (!s || s == issuer || s[-1] != ',')
490 s = issuer;
491 pattern = xtrymalloc (strlen (s)+2);
492 if (!pattern)
493 return gpg_error_from_syserror ();
494 strcpy (stpcpy (pattern, "/"), s);
495 add_to_strlist (&names, pattern);
496 xfree (pattern);
497
498 rc = gpgsm_dirmngr_lookup (ctrl, names, 0, find_up_store_certs_cb, &count);
499 free_strlist (names);
500
501 if (opt.verbose)
502 log_info (_("number of issuers matching: %d\n"), count);
503 if (rc)
504 {
505 log_error ("external key lookup failed: %s\n", gpg_strerror (rc));
506 rc = -1;
507 }
508 else if (!count)
509 rc = -1;
510 else
511 {
512 int old;
513 /* The issuers are currently stored in the ephemeral key DB, so
514 we temporary switch to ephemeral mode. */
515 old = keydb_set_ephemeral (kh, 1);
516 if (keyid)
517 rc = find_up_search_by_keyid (kh, issuer, keyid);
518 else
519 {
520 keydb_search_reset (kh);
521 rc = keydb_search_subject (kh, issuer);
522 }
523 keydb_set_ephemeral (kh, old);
524 }
525 return rc;
526 }
527
528
529 /* Helper for find_up(). Ask the dirmngr for the certificate for
530 ISSUER with optional SERIALNO. KH is the keydb context we are
531 currently using. With SUBJECT_MODE set, ISSUER is searched as the
532 subject. On success 0 is returned and the certificate is available
533 in the ephemeral DB. */
534 static int
535 find_up_dirmngr (ctrl_t ctrl, KEYDB_HANDLE kh,
536 ksba_sexp_t serialno, const char *issuer, int subject_mode)
537 {
538 int rc;
539 strlist_t names = NULL;
540 int count = 0;
541 char *pattern;
542
543 (void)kh;
544
545 if (opt.verbose)
546 log_info (_("looking up issuer from the Dirmngr cache\n"));
547 if (subject_mode)
548 {
549 pattern = xtrymalloc (strlen (issuer)+2);
550 if (pattern)
551 strcpy (stpcpy (pattern, "/"), issuer);
552 }
553 else if (serialno)
554 pattern = gpgsm_format_sn_issuer (serialno, issuer);
555 else
556 {
557 pattern = xtrymalloc (strlen (issuer)+3);
558 if (pattern)
559 strcpy (stpcpy (pattern, "#/"), issuer);
560 }
561 if (!pattern)
562 return gpg_error_from_syserror ();
563 add_to_strlist (&names, pattern);
564 xfree (pattern);
565
566 rc = gpgsm_dirmngr_lookup (ctrl, names, 1, find_up_store_certs_cb, &count);
567 free_strlist (names);
568
569 if (opt.verbose)
570 log_info (_("number of matching certificates: %d\n"), count);
571 if (rc && !opt.quiet)
572 log_info (_("dirmngr cache-only key lookup failed: %s\n"),
573 gpg_strerror (rc));
574 return (!rc && count)? 0 : -1;
575 }
576
577
578
579 /* Locate issuing certificate for CERT. ISSUER is the name of the
580 issuer used as a fallback if the other methods don't work. If
581 FIND_NEXT is true, the function shall return the next possible
582 issuer. The certificate itself is not directly returned but a
583 keydb_get_cert on the keyDb context KH will return it. Returns 0
584 on success, -1 if not found or an error code. */
585 static int
586 find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
587 ksba_cert_t cert, const char *issuer, int find_next)
588 {
589 ksba_name_t authid;
590 ksba_sexp_t authidno;
591 ksba_sexp_t keyid;
592 int rc = -1;
593
594 if (!ksba_cert_get_auth_key_id (cert, &keyid, &authid, &authidno))
595 {
596 const char *s = ksba_name_enum (authid, 0);
597 if (s && *authidno)
598 {
599 rc = keydb_search_issuer_sn (kh, s, authidno);
600 if (rc)
601 keydb_search_reset (kh);
602
603 /* In case of an error, try to get the certificate from the
604 dirmngr. That is done by trying to put that certifcate
605 into the ephemeral DB and let the code below do the
606 actual retrieve. Thus there is no error checking.
607 Skipped in find_next mode as usual. */
608 if (rc == -1 && !find_next)
609 find_up_dirmngr (ctrl, kh, authidno, s, 0);
610
611 /* In case of an error try the ephemeral DB. We can't do
612 that in find_next mode because we can't keep the search
613 state then. */
614 if (rc == -1 && !find_next)
615 {
616 int old = keydb_set_ephemeral (kh, 1);
617 if (!old)
618 {
619 rc = keydb_search_issuer_sn (kh, s, authidno);
620 if (rc)
621 keydb_search_reset (kh);
622 }
623 keydb_set_ephemeral (kh, old);
624 }
625 if (rc)
626 rc = -1; /* Need to make sure to have this error code. */
627 }
628
629 if (rc == -1 && keyid && !find_next)
630 {
631 /* Not found by AIK.issuer_sn. Lets try the AIK.ki
632 instead. Loop over all certificates with that issuer as
633 subject and stop for the one with a matching
634 subjectKeyIdentifier. */
635 /* Fixme: Should we also search in the dirmngr? */
636 rc = find_up_search_by_keyid (kh, issuer, keyid);
637 if (rc)
638 {
639 int old = keydb_set_ephemeral (kh, 1);
640 if (!old)
641 rc = find_up_search_by_keyid (kh, issuer, keyid);
642 keydb_set_ephemeral (kh, old);
643 }
644 if (rc)
645 rc = -1; /* Need to make sure to have this error code. */
646 }
647
648 /* If we still didn't found it, try to find it via the subject
649 from the dirmngr-cache. */
650 if (rc == -1 && !find_next)
651 {
652 if (!find_up_dirmngr (ctrl, kh, NULL, issuer, 1))
653 {
654 int old = keydb_set_ephemeral (kh, 1);
655 if (keyid)
656 rc = find_up_search_by_keyid (kh, issuer, keyid);
657 else
658 {
659 keydb_search_reset (kh);
660 rc = keydb_search_subject (kh, issuer);
661 }
662 keydb_set_ephemeral (kh, old);
663 }
664 if (rc)
665 rc = -1; /* Need to make sure to have this error code. */
666 }
667
668 /* If we still didn't found it, try an external lookup. */
669 if (rc == -1 && opt.auto_issuer_key_retrieve && !find_next)
670 rc = find_up_external (ctrl, kh, issuer, keyid);
671
672 /* Print a note so that the user does not feel too helpless when
673 an issuer certificate was found and gpgsm prints BAD
674 signature because it is not the correct one. */
675 if (rc == -1 && opt.quiet)
676 ;
677 else if (rc == -1)
678 {
679 log_info ("%sissuer certificate ", find_next?"next ":"");
680 if (keyid)
681 {
682 log_printf ("{");
683 gpgsm_dump_serial (keyid);
684 log_printf ("} ");
685 }
686 if (authidno)
687 {
688 log_printf ("(#");
689 gpgsm_dump_serial (authidno);
690 log_printf ("/");
691 gpgsm_dump_string (s);
692 log_printf (") ");
693 }
694 log_printf ("not found using authorityKeyIdentifier\n");
695 }
696 else if (rc)
697 log_error ("failed to find authorityKeyIdentifier: rc=%d\n", rc);
698 xfree (keyid);
699 ksba_name_release (authid);
700 xfree (authidno);
701 }
702
703 if (rc) /* Not found via authorithyKeyIdentifier, try regular issuer name. */
704 rc = keydb_search_subject (kh, issuer);
705 if (rc == -1 && !find_next)
706 {
707 int old;
708
709 /* Also try to get it from the Dirmngr cache. The function
710 merely puts it into the ephemeral database. */
711 find_up_dirmngr (ctrl, kh, NULL, issuer, 0);
712
713 /* Not found, let us see whether we have one in the ephemeral key DB. */
714 old = keydb_set_ephemeral (kh, 1);
715 if (!old)
716 {
717 keydb_search_reset (kh);
718 rc = keydb_search_subject (kh, issuer);
719 }
720 keydb_set_ephemeral (kh, old);
721 }
722
723 /* Still not found. If enabled, try an external lookup. */
724 if (rc == -1 && opt.auto_issuer_key_retrieve && !find_next)
725 rc = find_up_external (ctrl, kh, issuer, NULL);
726
727 return rc;
728 }
729
730
731 /* Return the next certificate up in the chain starting at START.
732 Returns -1 when there are no more certificates. */
733 int
734 gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next)
735 {
736 int rc = 0;
737 char *issuer = NULL;
738 char *subject = NULL;
739 KEYDB_HANDLE kh = keydb_new (0);
740
741 *r_next = NULL;
742 if (!kh)
743 {
744 log_error (_("failed to allocated keyDB handle\n"));
745 rc = gpg_error (GPG_ERR_GENERAL);
746 goto leave;
747 }
748
749 issuer = ksba_cert_get_issuer (start, 0);
750 subject = ksba_cert_get_subject (start, 0);
751 if (!issuer)
752 {
753 log_error ("no issuer found in certificate\n");
754 rc = gpg_error (GPG_ERR_BAD_CERT);
755 goto leave;
756 }
757 if (!subject)
758 {
759 log_error ("no subject found in certificate\n");
760 rc = gpg_error (GPG_ERR_BAD_CERT);
761 goto leave;
762 }
763
764 if (is_root_cert (start, issuer, subject))
765 {
766 rc = -1; /* we are at the root */
767 goto leave;
768 }
769
770 rc = find_up (ctrl, kh, start, issuer, 0);
771 if (rc)
772 {
773 /* It is quite common not to have a certificate, so better don't
774 print an error here. */
775 if (rc != -1 && opt.verbose > 1)
776 log_error ("failed to find issuer's certificate: rc=%d\n", rc);
777 rc = gpg_error (GPG_ERR_MISSING_CERT);
778 goto leave;
779 }
780
781 rc = keydb_get_cert (kh, r_next);
782 if (rc)
783 {
784 log_error ("keydb_get_cert() failed: rc=%d\n", rc);
785 rc = gpg_error (GPG_ERR_GENERAL);
786 }
787
788 leave:
789 xfree (issuer);
790 xfree (subject);
791 keydb_release (kh);
792 return rc;
793 }
794
795
796 /* Helper for gpgsm_is_root_cert. This one is used if the subject and
797 issuer DNs are already known. */
798 static int
799 is_root_cert (ksba_cert_t cert, const char *issuerdn, const char *subjectdn)
800 {
801 gpg_error_t err;
802 int result = 0;
803 ksba_sexp_t serialno;
804 ksba_sexp_t ak_keyid;
805 ksba_name_t ak_name;
806 ksba_sexp_t ak_sn;
807 const char *ak_name_str;
808 ksba_sexp_t subj_keyid = NULL;
809
810 if (!issuerdn || !subjectdn)
811 return 0; /* No. */
812
813 if (strcmp (issuerdn, subjectdn))
814 return 0; /* No. */
815
816 err = ksba_cert_get_auth_key_id (cert, &ak_keyid, &ak_name, &ak_sn);
817 if (err)
818 {
819 if (gpg_err_code (err) == GPG_ERR_NO_DATA)
820 return 1; /* Yes. Without a authorityKeyIdentifier this needs
821 to be the Root certifcate (our trust anchor). */
822 log_error ("error getting authorityKeyIdentifier: %s\n",
823 gpg_strerror (err));
824 return 0; /* Well, it is broken anyway. Return No. */
825 }
826
827 serialno = ksba_cert_get_serial (cert);
828 if (!serialno)
829 {
830 log_error ("error getting serialno: %s\n", gpg_strerror (err));
831 goto leave;
832 }
833
834 /* Check whether the auth name's matches the issuer name+sn. If
835 that is the case this is a root certificate. */
836 ak_name_str = ksba_name_enum (ak_name, 0);
837 if (ak_name_str
838 && !strcmp (ak_name_str, issuerdn)
839 && !cmp_simple_canon_sexp (ak_sn, serialno))
840 {
841 result = 1; /* Right, CERT is self-signed. */
842 goto leave;
843 }
844
845 /* Similar for the ak_keyid. */
846 if (ak_keyid && !ksba_cert_get_subj_key_id (cert, NULL, &subj_keyid)
847 && !cmp_simple_canon_sexp (ak_keyid, subj_keyid))
848 {
849 result = 1; /* Right, CERT is self-signed. */
850 goto leave;
851 }
852
853
854 leave:
855 ksba_free (subj_keyid);
856 ksba_free (ak_keyid);
857 ksba_name_release (ak_name);
858 ksba_free (ak_sn);
859 ksba_free (serialno);
860 return result;
861 }
862
863
864
865 /* Check whether the CERT is a root certificate. Returns True if this
866 is the case. */
867 int
868 gpgsm_is_root_cert (ksba_cert_t cert)
869 {
870 char *issuer;
871 char *subject;
872 int yes;
873
874 issuer = ksba_cert_get_issuer (cert, 0);
875 subject = ksba_cert_get_subject (cert, 0);
876 yes = is_root_cert (cert, issuer, subject);
877 xfree (issuer);
878 xfree (subject);
879 return yes;
880 }
881
882
883 /* This is a helper for gpgsm_validate_chain. */
884 static gpg_error_t
885 is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp,
886 ksba_cert_t subject_cert, ksba_cert_t issuer_cert,
887 int *any_revoked, int *any_no_crl, int *any_crl_too_old)
888 {
889 gpg_error_t err;
890
891 if (opt.no_crl_check && !ctrl->use_ocsp)
892 {
893 audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK,
894 gpg_error (GPG_ERR_NOT_ENABLED));
895 return 0;
896 }
897
898 err = gpgsm_dirmngr_isvalid (ctrl,
899 subject_cert, issuer_cert,
900 force_ocsp? 2 : !!ctrl->use_ocsp);
901 audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK, err);
902
903 if (err)
904 {
905 if (!lm)
906 gpgsm_cert_log_name (NULL, subject_cert);
907 switch (gpg_err_code (err))
908 {
909 case GPG_ERR_CERT_REVOKED:
910 do_list (1, lm, fp, _("certificate has been revoked"));
911 *any_revoked = 1;
912 /* Store that in the keybox so that key listings are able to
913 return the revoked flag. We don't care about error,
914 though. */
915 keydb_set_cert_flags (subject_cert, 1, KEYBOX_FLAG_VALIDITY, 0,
916 ~0, VALIDITY_REVOKED);
917 break;
918
919 case GPG_ERR_NO_CRL_KNOWN:
920 do_list (1, lm, fp, _("no CRL found for certificate"));
921 *any_no_crl = 1;
922 break;
923
924 case GPG_ERR_NO_DATA:
925 do_list (1, lm, fp, _("the status of the certificate is unknown"));
926 *any_no_crl = 1;
927 break;
928
929 case GPG_ERR_CRL_TOO_OLD:
930 do_list (1, lm, fp, _("the available CRL is too old"));
931 if (!lm)
932 log_info (_("please make sure that the "
933 "\"dirmngr\" is properly installed\n"));
934 *any_crl_too_old = 1;
935 break;
936
937 default:
938 do_list (1, lm, fp, _("checking the CRL failed: %s"),
939 gpg_strerror (err));
940 return err;
941 }
942 }
943 return 0;
944 }
945
946
947 /* Helper for gpgsm_validate_chain to check the validity period of
948 SUBJECT_CERT. The caller needs to pass EXPTIME which will be
949 updated to the nearest expiration time seen. A DEPTH of 0 indicates
950 the target certifciate, -1 the final root certificate and other
951 values intermediate certificates. */
952 static gpg_error_t
953 check_validity_period (ksba_isotime_t current_time,
954 ksba_cert_t subject_cert,
955 ksba_isotime_t exptime,
956 int listmode, estream_t listfp, int depth)
957 {
958 gpg_error_t err;
959 ksba_isotime_t not_before, not_after;
960
961 err = ksba_cert_get_validity (subject_cert, 0, not_before);
962 if (!err)
963 err = ksba_cert_get_validity (subject_cert, 1, not_after);
964 if (err)
965 {
966 do_list (1, listmode, listfp,
967 _("certificate with invalid validity: %s"), gpg_strerror (err));
968 return gpg_error (GPG_ERR_BAD_CERT);
969 }
970
971 if (*not_after)
972 {
973 if (!*exptime)
974 gnupg_copy_time (exptime, not_after);
975 else if (strcmp (not_after, exptime) < 0 )
976 gnupg_copy_time (exptime, not_after);
977 }
978
979 if (*not_before && strcmp (current_time, not_before) < 0 )
980 {
981 do_list (1, listmode, listfp,
982 depth == 0 ? _("certificate not yet valid") :
983 depth == -1 ? _("root certificate not yet valid") :
984 /* other */ _("intermediate certificate not yet valid"));
985 if (!listmode)
986 {
987 log_info (" (valid from ");
988 dump_isotime (not_before);
989 log_printf (")\n");
990 }
991 return gpg_error (GPG_ERR_CERT_TOO_YOUNG);
992 }
993
994 if (*not_after && strcmp (current_time, not_after) > 0 )
995 {
996 do_list (opt.ignore_expiration?0:1, listmode, listfp,
997 depth == 0 ? _("certificate has expired") :
998 depth == -1 ? _("root certificate has expired") :
999 /* other */ _("intermediate certificate has expired"));
1000 if (!listmode)
1001 {
1002 log_info (" (expired at ");
1003 dump_isotime (not_after);
1004 log_printf (")\n");
1005 }
1006 if (opt.ignore_expiration)
1007 log_info ("WARNING: ignoring expiration\n");
1008 else
1009 return gpg_error (GPG_ERR_CERT_EXPIRED);
1010 }
1011
1012 return 0;
1013 }
1014
1015 /* This is a variant of check_validity_period used with the chain
1016 model. The dextra contraint here is that notBefore and notAfter
1017 must exists and if the additional argument CHECK_TIME is given this
1018 time is used to check the validity period of SUBJECT_CERT. */
1019 static gpg_error_t
1020 check_validity_period_cm (ksba_isotime_t current_time,
1021 ksba_isotime_t check_time,
1022 ksba_cert_t subject_cert,
1023 ksba_isotime_t exptime,
1024 int listmode, estream_t listfp, int depth)
1025 {
1026 gpg_error_t err;
1027 ksba_isotime_t not_before, not_after;
1028
1029 err = ksba_cert_get_validity (subject_cert, 0, not_before);
1030 if (!err)
1031 err = ksba_cert_get_validity (subject_cert, 1, not_after);
1032 if (err)
1033 {
1034 do_list (1, listmode, listfp,
1035 _("certificate with invalid validity: %s"), gpg_strerror (err));
1036 return gpg_error (GPG_ERR_BAD_CERT);
1037 }
1038 if (!*not_before || !*not_after)
1039 {
1040 do_list (1, listmode, listfp,
1041 _("required certificate attributes missing: %s%s%s"),
1042 !*not_before? "notBefore":"",
1043 (!*not_before && !*not_after)? ", ":"",
1044 !*not_before? "notAfter":"");
1045 return gpg_error (GPG_ERR_BAD_CERT);
1046 }
1047 if (strcmp (not_before, not_after) > 0 )
1048 {
1049 do_list (1, listmode, listfp,
1050 _("certificate with invalid validity"));
1051 log_info (" (valid from ");
1052 dump_isotime (not_before);
1053 log_printf (" expired at ");
1054 dump_isotime (not_after);
1055 log_printf (")\n");
1056 return gpg_error (GPG_ERR_BAD_CERT);
1057 }
1058
1059 if (!*exptime)
1060 gnupg_copy_time (exptime, not_after);
1061 else if (strcmp (not_after, exptime) < 0 )
1062 gnupg_copy_time (exptime, not_after);
1063
1064 if (strcmp (current_time, not_before) < 0 )
1065 {
1066 do_list (1, listmode, listfp,
1067 depth == 0 ? _("certificate not yet valid") :
1068 depth == -1 ? _("root certificate not yet valid") :
1069 /* other */ _("intermediate certificate not yet valid"));
1070 if (!listmode)
1071 {
1072 log_info (" (valid from ");
1073 dump_isotime (not_before);
1074 log_printf (")\n");
1075 }
1076 return gpg_error (GPG_ERR_CERT_TOO_YOUNG);
1077 }
1078
1079 if (*check_time
1080 && (strcmp (check_time, not_before) < 0
1081 || strcmp (check_time, not_after) > 0))
1082 {
1083 /* Note that we don't need a case for the root certificate
1084 because its own consitency has already been checked. */
1085 do_list(opt.ignore_expiration?0:1, listmode, listfp,
1086 depth == 0 ?
1087 _("signature not created during lifetime of certificate") :
1088 depth == 1 ?
1089 _("certificate not created during lifetime of issuer") :
1090 _("intermediate certificate not created during lifetime "
1091 "of issuer"));
1092 if (!listmode)
1093 {
1094 log_info (depth== 0? _(" ( signature created at ") :
1095 /* */ _(" (certificate created at ") );
1096 dump_isotime (check_time);
1097 log_printf (")\n");
1098 log_info (depth==0? _(" (certificate valid from ") :
1099 /* */ _(" ( issuer valid from ") );
1100 dump_isotime (not_before);
1101 log_info (" to ");
1102 dump_isotime (not_after);
1103 log_printf (")\n");
1104 }
1105 if (opt.ignore_expiration)
1106 log_info ("WARNING: ignoring expiration\n");
1107 else
1108 return gpg_error (GPG_ERR_CERT_EXPIRED);
1109 }
1110
1111 return 0;
1112 }
1113
1114
1115
1116 /* Ask the user whether he wants to mark the certificate CERT trusted.
1117 Returns true if the CERT is the trusted. We also check whether the
1118 agent is at all enabled to allow marktrusted and don't call it in
1119 this session again if it is not. */
1120 static int
1121 ask_marktrusted (ctrl_t ctrl, ksba_cert_t cert, int listmode)
1122 {
1123 static int no_more_questions;
1124 int rc;
1125 char *fpr;
1126 int success = 0;
1127
1128 fpr = gpgsm_get_fingerprint_string (cert, GCRY_MD_SHA1);
1129 log_info (_("fingerprint=%s\n"), fpr? fpr : "?");
1130 xfree (fpr);
1131
1132 if (no_more_questions)
1133 rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
1134 else
1135 rc = gpgsm_agent_marktrusted (ctrl, cert);
1136 if (!rc)
1137 {
1138 log_info (_("root certificate has now been marked as trusted\n"));
1139 success = 1;
1140 }
1141 else if (!listmode)
1142 {
1143 gpgsm_dump_cert ("issuer", cert);
1144 log_info ("after checking the fingerprint, you may want "
1145 "to add it manually to the list of trusted certificates.\n");
1146 }
1147
1148 if (gpg_err_code (rc) == GPG_ERR_NOT_SUPPORTED)
1149 {
1150 if (!no_more_questions)
1151 log_info (_("interactive marking as trusted "
1152 "not enabled in gpg-agent\n"));
1153 no_more_questions = 1;
1154 }
1155 else if (gpg_err_code (rc) == GPG_ERR_CANCELED)
1156 {
1157 log_info (_("interactive marking as trusted "
1158 "disabled for this session\n"));
1159 no_more_questions = 1;
1160 }
1161 else
1162 set_already_asked_marktrusted (cert);
1163
1164 return success;
1165 }
1166
1167
1168
1169 \f
1170 /* Validate a chain and optionally return the nearest expiration time
1171 in R_EXPTIME. With LISTMODE set to 1 a special listmode is
1172 activated where only information about the certificate is printed
1173 to LISTFP and no output is send to the usual log stream. If
1174 CHECKTIME_ARG is set, it is used only in the chain model instead of the
1175 current time.
1176
1177 Defined flag bits
1178
1179 VALIDATE_FLAG_NO_DIRMNGR - Do not do any dirmngr isvalid checks.
1180 VALIDATE_FLAG_CHAIN_MODEL - Check according to chain model.
1181 */
1182 static int
1183 do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
1184 ksba_isotime_t r_exptime,
1185 int listmode, estream_t listfp, unsigned int flags,
1186 struct rootca_flags_s *rootca_flags)
1187 {
1188 int rc = 0, depth, maxdepth;
1189 char *issuer = NULL;
1190 char *subject = NULL;
1191 KEYDB_HANDLE kh = NULL;
1192 ksba_cert_t subject_cert = NULL, issuer_cert = NULL;
1193 ksba_isotime_t current_time;
1194 ksba_isotime_t check_time;
1195 ksba_isotime_t exptime;
1196 int any_expired = 0;
1197 int any_revoked = 0;
1198 int any_no_crl = 0;
1199 int any_crl_too_old = 0;
1200 int any_no_policy_match = 0;
1201 int is_qualified = -1; /* Indicates whether the certificate stems
1202 from a qualified root certificate.
1203 -1 = unknown, 0 = no, 1 = yes. */
1204 chain_item_t chain = NULL; /* A list of all certificates in the chain. */
1205
1206
1207 gnupg_get_isotime (current_time);
1208
1209 if ( (flags & VALIDATE_FLAG_CHAIN_MODEL) )
1210 {
1211 if (!strcmp (checktime_arg, "19700101T000000"))
1212 {
1213 do_list (1, listmode, listfp,
1214 _("WARNING: creation time of signature not known - "
1215 "assuming current time"));
1216 gnupg_copy_time (check_time, current_time);
1217 }
1218 else
1219 gnupg_copy_time (check_time, checktime_arg);
1220 }
1221 else
1222 *check_time = 0;
1223
1224 if (r_exptime)
1225 *r_exptime = 0;
1226 *exptime = 0;
1227
1228 if (opt.no_chain_validation && !listmode)
1229 {
1230 log_info ("WARNING: bypassing certificate chain validation\n");
1231 return 0;
1232 }
1233
1234 kh = keydb_new (0);
1235 if (!kh)
1236 {
1237 log_error (_("failed to allocated keyDB handle\n"));
1238 rc = gpg_error (GPG_ERR_GENERAL);
1239 goto leave;
1240 }
1241
1242 if (DBG_X509 && !listmode)
1243 gpgsm_dump_cert ("target", cert);
1244
1245 subject_cert = cert;
1246 ksba_cert_ref (subject_cert);
1247 maxdepth = 50;
1248 depth = 0;
1249
1250 for (;;)
1251 {
1252 int is_root;
1253 gpg_error_t istrusted_rc = -1;
1254
1255 /* Put the certificate on our list. */
1256 {
1257 chain_item_t ci;
1258
1259 ci = xtrycalloc (1, sizeof *ci);
1260 if (!ci)
1261 {
1262 rc = gpg_error_from_syserror ();
1263 goto leave;
1264 }
1265 ksba_cert_ref (subject_cert);
1266 ci->cert = subject_cert;
1267 ci->next = chain;
1268 chain = ci;
1269 }
1270
1271 xfree (issuer);
1272 xfree (subject);
1273 issuer = ksba_cert_get_issuer (subject_cert, 0);
1274 subject = ksba_cert_get_subject (subject_cert, 0);
1275
1276 if (!issuer)
1277 {
1278 do_list (1, listmode, listfp, _("no issuer found in certificate"));
1279 rc = gpg_error (GPG_ERR_BAD_CERT);
1280 goto leave;
1281 }
1282
1283
1284 /* Is this a self-issued certificate (i.e. the root certificate)? */
1285 is_root = is_root_cert (subject_cert, issuer, subject);
1286 if (is_root)
1287 {
1288 chain->is_root = 1;
1289 /* Check early whether the certificate is listed as trusted.
1290 We used to do this only later but changed it to call the
1291 check right here so that we can access special flags
1292 associated with that specific root certificate. */
1293 istrusted_rc = gpgsm_agent_istrusted (ctrl, subject_cert, NULL,
1294 rootca_flags);
1295 audit_log_cert (ctrl->audit, AUDIT_ROOT_TRUSTED,
1296 subject_cert, istrusted_rc);
1297 /* If the chain model extended attribute is used, make sure
1298 that our chain model flag is set. */
1299 if (has_validation_model_chain (subject_cert, listmode, listfp))
1300 rootca_flags->chain_model = 1;
1301 }
1302
1303
1304 /* Check the validity period. */
1305 if ( (flags & VALIDATE_FLAG_CHAIN_MODEL) )
1306 rc = check_validity_period_cm (current_time, check_time, subject_cert,
1307 exptime, listmode, listfp,
1308 (depth && is_root)? -1: depth);
1309 else
1310 rc = check_validity_period (current_time, subject_cert,
1311 exptime, listmode, listfp,
1312 (depth && is_root)? -1: depth);
1313 if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED)
1314 {
1315 any_expired = 1;
1316 rc = 0;
1317 }
1318 else if (rc)
1319 goto leave;
1320
1321
1322 /* Assert that we understand all critical extensions. */
1323 rc = unknown_criticals (subject_cert, listmode, listfp);
1324 if (rc)
1325 goto leave;
1326
1327 /* Do a policy check. */
1328 if (!opt.no_policy_check)
1329 {
1330 rc = check_cert_policy (subject_cert, listmode, listfp);
1331 if (gpg_err_code (rc) == GPG_ERR_NO_POLICY_MATCH)
1332 {
1333 any_no_policy_match = 1;
1334 rc = 1;
1335 }
1336 else if (rc)
1337 goto leave;
1338 }
1339
1340
1341 /* If this is the root certificate we are at the end of the chain. */
1342 if (is_root)
1343 {
1344 if (!istrusted_rc)
1345 ; /* No need to check the certificate for a trusted one. */
1346 else if (gpgsm_check_cert_sig (subject_cert, subject_cert) )
1347 {
1348 /* We only check the signature if the certificate is not
1349 trusted for better diagnostics. */
1350 do_list (1, listmode, listfp,
1351 _("self-signed certificate has a BAD signature"));
1352 if (DBG_X509)
1353 {
1354 gpgsm_dump_cert ("self-signing cert", subject_cert);
1355 }
1356 rc = gpg_error (depth? GPG_ERR_BAD_CERT_CHAIN
1357 : GPG_ERR_BAD_CERT);
1358 goto leave;
1359 }
1360 if (!rootca_flags->relax)
1361 {
1362 rc = allowed_ca (ctrl, subject_cert, NULL, listmode, listfp);
1363 if (rc)
1364 goto leave;
1365 }
1366
1367
1368 /* Set the flag for qualified signatures. This flag is
1369 deduced from a list of root certificates allowed for
1370 qualified signatures. */
1371 if (is_qualified == -1)
1372 {
1373 gpg_error_t err;
1374 size_t buflen;
1375 char buf[1];
1376
1377 if (!ksba_cert_get_user_data (cert, "is_qualified",
1378 &buf, sizeof (buf),
1379 &buflen) && buflen)
1380 {
1381 /* We already checked this for this certificate,
1382 thus we simply take it from the user data. */
1383 is_qualified = !!*buf;
1384 }
1385 else
1386 {
1387 /* Need to consult the list of root certificates for
1388 qualified signatures. */
1389 err = gpgsm_is_in_qualified_list (ctrl, subject_cert, NULL);
1390 if (!err)
1391 is_qualified = 1;
1392 else if ( gpg_err_code (err) == GPG_ERR_NOT_FOUND)
1393 is_qualified = 0;
1394 else
1395 log_error ("checking the list of qualified "
1396 "root certificates failed: %s\n",
1397 gpg_strerror (err));
1398 if ( is_qualified != -1 )
1399 {
1400 /* Cache the result but don't care too much
1401 about an error. */
1402 buf[0] = !!is_qualified;
1403 err = ksba_cert_set_user_data (subject_cert,
1404 "is_qualified", buf, 1);
1405 if (err)
1406 log_error ("set_user_data(is_qualified) failed: %s\n",
1407 gpg_strerror (err));
1408 }
1409 }
1410 }
1411
1412
1413 /* Act on the check for a trusted root certificates. */
1414 rc = istrusted_rc;
1415 if (!rc)
1416 ;
1417 else if (gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED)
1418 {
1419 do_list (0, listmode, listfp,
1420 _("root certificate is not marked trusted"));
1421 /* If we already figured out that the certificate is
1422 expired it does not make much sense to ask the user
1423 whether we wants to trust the root certificate. We
1424 should do this only if the certificate under question
1425 will then be usable. */
1426 if ( !any_expired
1427 && (!listmode || !already_asked_marktrusted (subject_cert))
1428 && ask_marktrusted (ctrl, subject_cert, listmode) )
1429 rc = 0;
1430 }
1431 else
1432 {
1433 log_error (_("checking the trust list failed: %s\n"),
1434 gpg_strerror (rc));
1435 }
1436
1437 if (rc)
1438 goto leave;
1439
1440 /* Check for revocations etc. */
1441 if ((flags & VALIDATE_FLAG_NO_DIRMNGR))
1442 ;
1443 else if (opt.no_trusted_cert_crl_check || rootca_flags->relax)
1444 ;
1445 else
1446 rc = is_cert_still_valid (ctrl,
1447 (flags & VALIDATE_FLAG_CHAIN_MODEL),
1448 listmode, listfp,
1449 subject_cert, subject_cert,
1450 &any_revoked, &any_no_crl,
1451 &any_crl_too_old);
1452 if (rc)
1453 goto leave;
1454
1455 break; /* Okay: a self-signed certicate is an end-point. */
1456 } /* End is_root. */
1457
1458
1459 /* Take care that the chain does not get too long. */
1460 if ((depth+1) > maxdepth)
1461 {
1462 do_list (1, listmode, listfp, _("certificate chain too long\n"));
1463 rc = gpg_error (GPG_ERR_BAD_CERT_CHAIN);
1464 goto leave;
1465 }
1466
1467 /* Find the next cert up the tree. */
1468 keydb_search_reset (kh);
1469 rc = find_up (ctrl, kh, subject_cert, issuer, 0);
1470 if (rc)
1471 {
1472 if (rc == -1)
1473 {
1474 do_list (0, listmode, listfp, _("issuer certificate not found"));
1475 if (!listmode)
1476 {
1477 log_info ("issuer certificate: #/");
1478 gpgsm_dump_string (issuer);
1479 log_printf ("\n");
1480 }
1481 }
1482 else
1483 log_error ("failed to find issuer's certificate: rc=%d\n", rc);
1484 rc = gpg_error (GPG_ERR_MISSING_CERT);
1485 goto leave;
1486 }
1487
1488 ksba_cert_release (issuer_cert); issuer_cert = NULL;
1489 rc = keydb_get_cert (kh, &issuer_cert);
1490 if (rc)
1491 {
1492 log_error ("keydb_get_cert() failed: rc=%d\n", rc);
1493 rc = gpg_error (GPG_ERR_GENERAL);
1494 goto leave;
1495 }
1496
1497 try_another_cert:
1498 if (DBG_X509)
1499 {
1500 log_debug ("got issuer's certificate:\n");
1501 gpgsm_dump_cert ("issuer", issuer_cert);
1502 }
1503
1504 rc = gpgsm_check_cert_sig (issuer_cert, subject_cert);
1505 if (rc)
1506 {
1507 do_list (0, listmode, listfp, _("certificate has a BAD signature"));
1508 if (DBG_X509)
1509 {
1510 gpgsm_dump_cert ("signing issuer", issuer_cert);
1511 gpgsm_dump_cert ("signed subject", subject_cert);
1512 }
1513 if (gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE)
1514 {
1515 /* We now try to find other issuer certificates which
1516 might have been used. This is required because some
1517 CAs are reusing the issuer and subject DN for new
1518 root certificates. */
1519 /* FIXME: Do this only if we don't have an
1520 AKI.keyIdentifier */
1521 rc = find_up (ctrl, kh, subject_cert, issuer, 1);
1522 if (!rc)
1523 {
1524 ksba_cert_t tmp_cert;
1525
1526 rc = keydb_get_cert (kh, &tmp_cert);
1527 if (rc || !compare_certs (issuer_cert, tmp_cert))
1528 {
1529 /* The find next did not work or returned an
1530 identical certificate. We better stop here
1531 to avoid infinite checks. */
1532 rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
1533 ksba_cert_release (tmp_cert);
1534 }
1535 else
1536 {
1537 do_list (0, listmode, listfp,
1538 _("found another possible matching "
1539 "CA certificate - trying again"));
1540 ksba_cert_release (issuer_cert);
1541 issuer_cert = tmp_cert;
1542 goto try_another_cert;
1543 }
1544 }
1545 }
1546
1547 /* We give a more descriptive error code than the one
1548 returned from the signature checking. */
1549 rc = gpg_error (GPG_ERR_BAD_CERT_CHAIN);
1550 goto leave;
1551 }
1552
1553 is_root = gpgsm_is_root_cert (issuer_cert);
1554 istrusted_rc = -1;
1555
1556
1557 /* Check that a CA is allowed to issue certificates. */
1558 {
1559 int chainlen;
1560
1561 rc = allowed_ca (ctrl, issuer_cert, &chainlen, listmode, listfp);
1562 if (rc)
1563 {
1564 /* Not allowed. Check whether this is a trusted root
1565 certificate and whether we allow special exceptions.
1566 We could carry the result of the test over to the
1567 regular root check at the top of the loop but for
1568 clarity we won't do that. Given that the majority of
1569 certificates carry proper BasicContraints our way of
1570 overriding an error in the way is justified for
1571 performance reasons. */
1572 if (is_root)
1573 {
1574 istrusted_rc = gpgsm_agent_istrusted (ctrl, issuer_cert, NULL,
1575 rootca_flags);
1576 if (!istrusted_rc && rootca_flags->relax)
1577 {
1578 /* Ignore the error due to the relax flag. */
1579 rc = 0;
1580 chainlen = -1;
1581 }
1582 }
1583 }
1584 if (rc)
1585 goto leave;
1586 if (chainlen >= 0 && depth > chainlen)
1587 {
1588 do_list (1, listmode, listfp,
1589 _("certificate chain longer than allowed by CA (%d)"),
1590 chainlen);
1591 rc = gpg_error (GPG_ERR_BAD_CERT_CHAIN);
1592 goto leave;
1593 }
1594 }
1595
1596 /* Is the certificate allowed to sign other certificates. */
1597 if (!listmode)
1598 {
1599 rc = gpgsm_cert_use_cert_p (issuer_cert);
1600 if (rc)
1601 {
1602 char numbuf[50];
1603 sprintf (numbuf, "%d", rc);
1604 gpgsm_status2 (ctrl, STATUS_ERROR, "certcert.issuer.keyusage",
1605 numbuf, NULL);
1606 goto leave;
1607 }
1608 }
1609
1610 /* Check for revocations etc. Note that for a root certificate
1611 this test is done a second time later. This should eventually
1612 be fixed. */
1613 if ((flags & VALIDATE_FLAG_NO_DIRMNGR))
1614 rc = 0;
1615 else if (is_root && (opt.no_trusted_cert_crl_check
1616 || (!istrusted_rc && rootca_flags->relax)))
1617 rc = 0;
1618 else
1619 rc = is_cert_still_valid (ctrl,
1620 (flags & VALIDATE_FLAG_CHAIN_MODEL),
1621 listmode, listfp,
1622 subject_cert, issuer_cert,
1623 &any_revoked, &any_no_crl, &any_crl_too_old);
1624 if (rc)
1625 goto leave;
1626
1627
1628 if (opt.verbose && !listmode)
1629 log_info (depth == 0 ? _("certificate is good\n") :
1630 !is_root ? _("intermediate certificate is good\n") :
1631 /* other */ _("root certificate is good\n"));
1632
1633 /* Under the chain model the next check time is the creation
1634 time of the subject certificate. */
1635 if ( (flags & VALIDATE_FLAG_CHAIN_MODEL) )
1636 {
1637 rc = ksba_cert_get_validity (subject_cert, 0, check_time);
1638 if (rc)
1639 {
1640 /* That will never happen as we have already checked
1641 this above. */
1642 BUG ();
1643 }
1644 }
1645
1646 /* For the next round the current issuer becomes the new subject. */
1647 keydb_search_reset (kh);
1648 ksba_cert_release (subject_cert);
1649 subject_cert = issuer_cert;
1650 issuer_cert = NULL;
1651 depth++;
1652 } /* End chain traversal. */
1653
1654 if (!listmode && !opt.quiet)
1655 {
1656 if (opt.no_policy_check)
1657 log_info ("policies not checked due to %s option\n",
1658 "--disable-policy-checks");
1659 if (opt.no_crl_check && !ctrl->use_ocsp)
1660 log_info ("CRLs not checked due to %s option\n",
1661 "--disable-crl-checks");
1662 }
1663
1664 if (!rc)
1665 { /* If we encountered an error somewhere during the checks, set
1666 the error code to the most critical one */
1667 if (any_revoked)
1668 rc = gpg_error (GPG_ERR_CERT_REVOKED);
1669 else if (any_expired)
1670 rc = gpg_error (GPG_ERR_CERT_EXPIRED);
1671 else if (any_no_crl)
1672 rc = gpg_error (GPG_ERR_NO_CRL_KNOWN);
1673 else if (any_crl_too_old)
1674 rc = gpg_error (GPG_ERR_CRL_TOO_OLD);
1675 else if (any_no_policy_match)
1676 rc = gpg_error (GPG_ERR_NO_POLICY_MATCH);
1677 }
1678
1679 leave:
1680 /* If we have traversed a complete chain up to the root we will
1681 reset the ephemeral flag for all these certificates. This is done
1682 regardless of any error because those errors may only be
1683 transient. */
1684 if (chain && chain->is_root)
1685 {
1686 gpg_error_t err;
1687 chain_item_t ci;
1688
1689 for (ci = chain; ci; ci = ci->next)
1690 {
1691 /* Note that it is possible for the last certificate in the
1692 chain (i.e. our target certificate) that it has not yet
1693 been stored in the keybox and thus the flag can't be set.
1694 We ignore this error becuase it will later be stored
1695 anyway. */
1696 err = keydb_set_cert_flags (ci->cert, 1, KEYBOX_FLAG_BLOB, 0,
1697 KEYBOX_FLAG_BLOB_EPHEMERAL, 0);
1698 if (!ci->next && gpg_err_code (err) == GPG_ERR_NOT_FOUND)
1699 ;
1700 else if (err)
1701 log_error ("clearing ephemeral flag failed: %s\n",
1702 gpg_strerror (err));
1703 }
1704 }
1705
1706 /* If we have figured something about the qualified signature
1707 capability of the certificate under question, store the result as
1708 user data in all certificates of the chain. We do this even if the
1709 validation itself failed. */
1710 if (is_qualified != -1)
1711 {
1712 gpg_error_t err;
1713 chain_item_t ci;
1714 char buf[1];
1715
1716 buf[0] = !!is_qualified;
1717
1718 for (ci = chain; ci; ci = ci->next)
1719 {
1720 err = ksba_cert_set_user_data (ci->cert, "is_qualified", buf, 1);
1721 if (err)
1722 {
1723 log_error ("set_user_data(is_qualified) failed: %s\n",
1724 gpg_strerror (err));
1725 if (!rc)
1726 rc = err;
1727 }
1728 }
1729 }
1730
1731 /* If auditing has been enabled, record what is in the chain. */
1732 if (ctrl->audit)
1733 {
1734 chain_item_t ci;
1735
1736 audit_log (ctrl->audit, AUDIT_CHAIN_BEGIN);
1737 for (ci = chain; ci; ci = ci->next)
1738 {
1739 audit_log_cert (ctrl->audit,
1740 ci->is_root? AUDIT_CHAIN_ROOTCERT : AUDIT_CHAIN_CERT,
1741 ci->cert, 0);
1742 }
1743 audit_log (ctrl->audit, AUDIT_CHAIN_END);
1744 }
1745
1746 if (r_exptime)
1747 gnupg_copy_time (r_exptime, exptime);
1748 xfree (issuer);
1749 xfree (subject);
1750 keydb_release (kh);
1751 while (chain)
1752 {
1753 chain_item_t ci_next = chain->next;
1754 ksba_cert_release (chain->cert);
1755 xfree (chain);
1756 chain = ci_next;
1757 }
1758 ksba_cert_release (issuer_cert);
1759 ksba_cert_release (subject_cert);
1760 return rc;
1761 }
1762
1763
1764 /* Validate a certificate chain. For a description see
1765 do_validate_chain. This function is a wrapper to handle a root
1766 certificate with the chain_model flag set. If RETFLAGS is not
1767 NULL, flags indicating now the verification was done are stored
1768 there. The only defined flag for RETFLAGS is
1769 VALIDATE_FLAG_CHAIN_MODEL.
1770
1771 If you are verifying a signature you should set CHECKTIME to the
1772 creation time of the signature. If your are verifying a
1773 certificate, set it nil (i.e. the empty string). If the creation
1774 date of the signature is not known use the special date
1775 "19700101T000000" which is treated in a special way here. */
1776 int
1777 gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime,
1778 ksba_isotime_t r_exptime,
1779 int listmode, estream_t listfp, unsigned int flags,
1780 unsigned int *retflags)
1781 {
1782 int rc;
1783 struct rootca_flags_s rootca_flags;
1784 unsigned int dummy_retflags;
1785
1786 if (!retflags)
1787 retflags = &dummy_retflags;
1788
1789 if (ctrl->validation_model == 1)
1790 flags |= VALIDATE_FLAG_CHAIN_MODEL;
1791
1792 *retflags = (flags & VALIDATE_FLAG_CHAIN_MODEL);
1793 memset (&rootca_flags, 0, sizeof rootca_flags);
1794
1795 rc = do_validate_chain (ctrl, cert, checktime,
1796 r_exptime, listmode, listfp, flags,
1797 &rootca_flags);
1798 if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED
1799 && !(flags & VALIDATE_FLAG_CHAIN_MODEL)
1800 && (rootca_flags.valid && rootca_flags.chain_model))
1801 {
1802 do_list (0, listmode, listfp, _("switching to chain model"));
1803 rc = do_validate_chain (ctrl, cert, checktime,
1804 r_exptime, listmode, listfp,
1805 (flags |= VALIDATE_FLAG_CHAIN_MODEL),
1806 &rootca_flags);
1807 *retflags |= VALIDATE_FLAG_CHAIN_MODEL;
1808 }
1809
1810 if (opt.verbose)
1811 do_list (0, listmode, listfp, _("validation model used: %s"),
1812 (*retflags & VALIDATE_FLAG_CHAIN_MODEL)?
1813 _("chain"):_("shell"));
1814
1815 return rc;
1816 }
1817
1818
1819 /* Check that the given certificate is valid but DO NOT check any
1820 constraints. We assume that the issuers certificate is already in
1821 the DB and that this one is valid; which it should be because it
1822 has been checked using this function. */
1823 int
1824 gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert)
1825 {
1826 int rc = 0;
1827 char *issuer = NULL;
1828 char *subject = NULL;
1829 KEYDB_HANDLE kh;
1830 ksba_cert_t issuer_cert = NULL;
1831
1832 if (opt.no_chain_validation)
1833 {
1834 log_info ("WARNING: bypassing basic certificate checks\n");
1835 return 0;
1836 }
1837
1838 kh = keydb_new (0);
1839 if (!kh)
1840 {
1841 log_error (_("failed to allocated keyDB handle\n"));
1842 rc = gpg_error (GPG_ERR_GENERAL);
1843 goto leave;
1844 }
1845
1846 issuer = ksba_cert_get_issuer (cert, 0);
1847 subject = ksba_cert_get_subject (cert, 0);
1848 if (!issuer)
1849 {
1850 log_error ("no issuer found in certificate\n");
1851 rc = gpg_error (GPG_ERR_BAD_CERT);
1852 goto leave;
1853 }
1854
1855 if (is_root_cert (cert, issuer, subject))
1856 {
1857 rc = gpgsm_check_cert_sig (cert, cert);
1858 if (rc)
1859 {
1860 log_error ("self-signed certificate has a BAD signature: %s\n",
1861 gpg_strerror (rc));
1862 if (DBG_X509)
1863 {
1864 gpgsm_dump_cert ("self-signing cert", cert);
1865 }
1866 rc = gpg_error (GPG_ERR_BAD_CERT);
1867 goto leave;
1868 }
1869 }
1870 else
1871 {
1872 /* Find the next cert up the tree. */
1873 keydb_search_reset (kh);
1874 rc = find_up (ctrl, kh, cert, issuer, 0);
1875 if (rc)
1876 {
1877 if (rc == -1)
1878 {
1879 log_info ("issuer certificate (#/");
1880 gpgsm_dump_string (issuer);
1881 log_printf (") not found\n");
1882 }
1883 else
1884 log_error ("failed to find issuer's certificate: rc=%d\n", rc);
1885 rc = gpg_error (GPG_ERR_MISSING_CERT);
1886 goto leave;
1887 }
1888
1889 ksba_cert_release (issuer_cert); issuer_cert = NULL;
1890 rc = keydb_get_cert (kh, &issuer_cert);
1891 if (rc)
1892 {
1893 log_error ("keydb_get_cert() failed: rc=%d\n", rc);
1894 rc = gpg_error (GPG_ERR_GENERAL);
1895 goto leave;
1896 }
1897
1898 rc = gpgsm_check_cert_sig (issuer_cert, cert);
1899 if (rc)
1900 {
1901 log_error ("certificate has a BAD signature: %s\n",
1902 gpg_strerror (rc));
1903 if (DBG_X509)
1904 {
1905 gpgsm_dump_cert ("signing issuer", issuer_cert);
1906 gpgsm_dump_cert ("signed subject", cert);
1907 }
1908 rc = gpg_error (GPG_ERR_BAD_CERT);
1909 goto leave;
1910 }
1911 if (opt.verbose)
1912 log_info (_("certificate is good\n"));
1913 }
1914
1915 leave:
1916 xfree (issuer);
1917 xfree (subject);
1918 keydb_release (kh);
1919 ksba_cert_release (issuer_cert);
1920 return rc;
1921 }
1922
1923
1924
1925 /* Check whether the certificate CERT has been issued by the German
1926 authority for qualified signature. They do not set the
1927 basicConstraints and thus we need this workaround. It works by
1928 looking up the root certificate and checking whether that one is
1929 listed as a qualified certificate for Germany.
1930
1931 We also try to cache this data but as long as don't keep a
1932 reference to the certificate this won't be used.
1933
1934 Returns: True if CERT is a RegTP issued CA cert (i.e. the root
1935 certificate itself or one of the CAs). In that case CHAINLEN will
1936 receive the length of the chain which is either 0 or 1.
1937 */
1938 static int
1939 get_regtp_ca_info (ctrl_t ctrl, ksba_cert_t cert, int *chainlen)
1940 {
1941 gpg_error_t err;
1942 ksba_cert_t next;
1943 int rc = 0;
1944 int i, depth;
1945 char country[3];
1946 ksba_cert_t array[4];
1947 char buf[2];
1948 size_t buflen;
1949 int dummy_chainlen;
1950
1951 if (!chainlen)
1952 chainlen = &dummy_chainlen;
1953
1954 *chainlen = 0;
1955 err = ksba_cert_get_user_data (cert, "regtp_ca_chainlen",
1956 &buf, sizeof (buf), &buflen);
1957 if (!err)
1958 {
1959 /* Got info. */
1960 if (buflen < 2 || !*buf)
1961 return 0; /* Nothing found. */
1962 *chainlen = buf[1];
1963 return 1; /* This is a regtp CA. */
1964 }
1965 else if (gpg_err_code (err) != GPG_ERR_NOT_FOUND)
1966 {
1967 log_error ("ksba_cert_get_user_data(%s) failed: %s\n",
1968 "regtp_ca_chainlen", gpg_strerror (err));
1969 return 0; /* Nothing found. */
1970 }
1971
1972 /* Need to gather the info. This requires to walk up the chain
1973 until we have found the root. Because we are only interested in
1974 German Bundesnetzagentur (former RegTP) derived certificates 3
1975 levels are enough. (The German signature law demands a 3 tier
1976 hierachy; thus there is only one CA between the EE and the Root
1977 CA.) */
1978 memset (&array, 0, sizeof array);
1979
1980 depth = 0;
1981 ksba_cert_ref (cert);
1982 array[depth++] = cert;
1983 ksba_cert_ref (cert);
1984 while (depth < DIM(array) && !(rc=gpgsm_walk_cert_chain (ctrl, cert, &next)))
1985 {
1986 ksba_cert_release (cert);
1987 ksba_cert_ref (next);
1988 array[depth++] = next;
1989 cert = next;
1990 }
1991 ksba_cert_release (cert);
1992 if (rc != -1 || !depth || depth == DIM(array) )
1993 {
1994 /* We did not reached the root. */
1995 goto leave;
1996 }
1997
1998 /* If this is a German signature law issued certificate, we store
1999 additional additional information. */
2000 if (!gpgsm_is_in_qualified_list (NULL, array[depth-1], country)
2001 && !strcmp (country, "de"))
2002 {
2003 /* Setting the pathlen for the root CA and the CA flag for the
2004 next one is all what we need to do. */
2005 err = ksba_cert_set_user_data (array[depth-1], "regtp_ca_chainlen",
2006 "\x01\x01", 2);
2007 if (!err && depth > 1)
2008 err = ksba_cert_set_user_data (array[depth-2], "regtp_ca_chainlen",
2009 "\x01\x00", 2);
2010 if (err)
2011 log_error ("ksba_set_user_data(%s) failed: %s\n",
2012 "regtp_ca_chainlen", gpg_strerror (err));
2013 for (i=0; i < depth; i++)
2014 ksba_cert_release (array[i]);
2015 *chainlen = (depth>1? 0:1);
2016 return 1;
2017 }
2018
2019 leave:
2020 /* Nothing special with this certificate. Mark the target
2021 certificate anyway to avoid duplicate lookups. */
2022 err = ksba_cert_set_user_data (cert, "regtp_ca_chainlen", "", 1);
2023 if (err)
2024 log_error ("ksba_set_user_data(%s) failed: %s\n",
2025 "regtp_ca_chainlen", gpg_strerror (err));
2026 for (i=0; i < depth; i++)
2027 ksba_cert_release (array[i]);
2028 return 0;
2029 }
gnupg svn clone