1
2
3
4 package x509
5
6 import (
7 "bytes"
8 "crypto/dsa"
9 "crypto/ecdsa"
10 "crypto/ed25519"
11 "crypto/elliptic"
12 "crypto/rsa"
13 "crypto/x509/pkix"
14 "encoding/asn1"
15 "errors"
16 "fmt"
17 "math/big"
18 "net"
19 "net/url"
20 "strconv"
21 "strings"
22 "time"
23 "unicode/utf16"
24 "unicode/utf8"
25
26 "golang.org/x/crypto/cryptobyte"
27 cryptobyte_asn1 "golang.org/x/crypto/cryptobyte/asn1"
28 )
29
30
31
32 func isPrintable(b byte) bool {
33 return 'a' <= b && b <= 'z' ||
34 'A' <= b && b <= 'Z' ||
35 '0' <= b && b <= '9' ||
36 '\'' <= b && b <= ')' ||
37 '+' <= b && b <= '/' ||
38 b == ' ' ||
39 b == ':' ||
40 b == '=' ||
41 b == '?' ||
42
43
44
45 b == '*' ||
46
47
48
49
50 b == '&'
51 }
52
53
54
55
56
57 func parseASN1String(tag cryptobyte_asn1.Tag, value []byte) (string, error) {
58 switch tag {
59 case cryptobyte_asn1.T61String:
60 return string(value), nil
61 case cryptobyte_asn1.PrintableString:
62 for _, b := range value {
63 if !isPrintable(b) {
64 return "", errors.New("invalid PrintableString")
65 }
66 }
67 return string(value), nil
68 case cryptobyte_asn1.UTF8String:
69 if !utf8.Valid(value) {
70 return "", errors.New("invalid UTF-8 string")
71 }
72 return string(value), nil
73 case cryptobyte_asn1.Tag(asn1.TagBMPString):
74 if len(value)%2 != 0 {
75 return "", errors.New("invalid BMPString")
76 }
77
78
79 if l := len(value); l >= 2 && value[l-1] == 0 && value[l-2] == 0 {
80 value = value[:l-2]
81 }
82
83 s := make([]uint16, 0, len(value)/2)
84 for len(value) > 0 {
85 s = append(s, uint16(value[0])<<8+uint16(value[1]))
86 value = value[2:]
87 }
88
89 return string(utf16.Decode(s)), nil
90 case cryptobyte_asn1.IA5String:
91 s := string(value)
92 if isIA5String(s) != nil {
93 return "", errors.New("invalid IA5String")
94 }
95 return s, nil
96 }
97 return "", fmt.Errorf("unsupported string type: %v", tag)
98 }
99
100
101
102 func parseName(raw cryptobyte.String) (*pkix.RDNSequence, error) {
103 if !raw.ReadASN1(&raw, cryptobyte_asn1.SEQUENCE) {
104 return nil, errors.New("x509: invalid RDNSequence")
105 }
106
107 var rdnSeq pkix.RDNSequence
108 for !raw.Empty() {
109 var rdnSet pkix.RelativeDistinguishedNameSET
110 var set cryptobyte.String
111 if !raw.ReadASN1(&set, cryptobyte_asn1.SET) {
112 return nil, errors.New("x509: invalid RDNSequence")
113 }
114 for !set.Empty() {
115 var atav cryptobyte.String
116 if !set.ReadASN1(&atav, cryptobyte_asn1.SEQUENCE) {
117 return nil, errors.New("x509: invalid RDNSequence: invalid attribute")
118 }
119 var attr pkix.AttributeTypeAndValue
120 if !atav.ReadASN1ObjectIdentifier(&attr.Type) {
121 return nil, errors.New("x509: invalid RDNSequence: invalid attribute type")
122 }
123 var rawValue cryptobyte.String
124 var valueTag cryptobyte_asn1.Tag
125 if !atav.ReadAnyASN1(&rawValue, &valueTag) {
126 return nil, errors.New("x509: invalid RDNSequence: invalid attribute value")
127 }
128 var err error
129 attr.Value, err = parseASN1String(valueTag, rawValue)
130 if err != nil {
131 return nil, fmt.Errorf("x509: invalid RDNSequence: invalid attribute value: %s", err)
132 }
133 rdnSet = append(rdnSet, attr)
134 }
135
136 rdnSeq = append(rdnSeq, rdnSet)
137 }
138
139 return &rdnSeq, nil
140 }
141
142 func parseAI(der cryptobyte.String) (pkix.AlgorithmIdentifier, error) {
143 ai := pkix.AlgorithmIdentifier{}
144 if !der.ReadASN1ObjectIdentifier(&ai.Algorithm) {
145 return ai, errors.New("x509: malformed OID")
146 }
147 if der.Empty() {
148 return ai, nil
149 }
150 var params cryptobyte.String
151 var tag cryptobyte_asn1.Tag
152 if !der.ReadAnyASN1Element(¶ms, &tag) {
153 return ai, errors.New("x509: malformed parameters")
154 }
155 ai.Parameters.Tag = int(tag)
156 ai.Parameters.FullBytes = params
157 return ai, nil
158 }
159
160 func parseValidity(der cryptobyte.String) (time.Time, time.Time, error) {
161 extract := func() (time.Time, error) {
162 var t time.Time
163 switch {
164 case der.PeekASN1Tag(cryptobyte_asn1.UTCTime):
165
166
167 var utc cryptobyte.String
168 if !der.ReadASN1(&utc, cryptobyte_asn1.UTCTime) {
169 return t, errors.New("x509: malformed UTCTime")
170 }
171 s := string(utc)
172
173 formatStr := "0601021504Z0700"
174 var err error
175 t, err = time.Parse(formatStr, s)
176 if err != nil {
177 formatStr = "060102150405Z0700"
178 t, err = time.Parse(formatStr, s)
179 }
180 if err != nil {
181 return t, err
182 }
183
184 if serialized := t.Format(formatStr); serialized != s {
185 return t, errors.New("x509: malformed UTCTime")
186 }
187
188 if t.Year() >= 2050 {
189
190 t = t.AddDate(-100, 0, 0)
191 }
192 case der.PeekASN1Tag(cryptobyte_asn1.GeneralizedTime):
193 if !der.ReadASN1GeneralizedTime(&t) {
194 return t, errors.New("x509: malformed GeneralizedTime")
195 }
196 default:
197 return t, errors.New("x509: unsupported time format")
198 }
199 return t, nil
200 }
201
202 notBefore, err := extract()
203 if err != nil {
204 return time.Time{}, time.Time{}, err
205 }
206 notAfter, err := extract()
207 if err != nil {
208 return time.Time{}, time.Time{}, err
209 }
210
211 return notBefore, notAfter, nil
212 }
213
214 func parseExtension(der cryptobyte.String) (pkix.Extension, error) {
215 var ext pkix.Extension
216 if !der.ReadASN1ObjectIdentifier(&ext.Id) {
217 return ext, errors.New("x509: malformed extention OID field")
218 }
219 if der.PeekASN1Tag(cryptobyte_asn1.BOOLEAN) {
220 if !der.ReadASN1Boolean(&ext.Critical) {
221 return ext, errors.New("x509: malformed extention critical field")
222 }
223 }
224 var val cryptobyte.String
225 if !der.ReadASN1(&val, cryptobyte_asn1.OCTET_STRING) {
226 return ext, errors.New("x509: malformed extention value field")
227 }
228 ext.Value = val
229 return ext, nil
230 }
231
232 func parsePublicKey(algo PublicKeyAlgorithm, keyData *publicKeyInfo) (interface{}, error) {
233 der := cryptobyte.String(keyData.PublicKey.RightAlign())
234 switch algo {
235 case RSA:
236
237
238 if !bytes.Equal(keyData.Algorithm.Parameters.FullBytes, asn1.NullBytes) {
239 return nil, errors.New("x509: RSA key missing NULL parameters")
240 }
241
242 p := &pkcs1PublicKey{N: new(big.Int)}
243 if !der.ReadASN1(&der, cryptobyte_asn1.SEQUENCE) {
244 return nil, errors.New("x509: invalid RSA public key")
245 }
246 if !der.ReadASN1Integer(p.N) {
247 return nil, errors.New("x509: invalid RSA modulus")
248 }
249 if !der.ReadASN1Integer(&p.E) {
250 return nil, errors.New("x509: invalid RSA public exponent")
251 }
252
253 if p.N.Sign() <= 0 {
254 return nil, errors.New("x509: RSA modulus is not a positive number")
255 }
256 if p.E <= 0 {
257 return nil, errors.New("x509: RSA public exponent is not a positive number")
258 }
259
260 pub := &rsa.PublicKey{
261 E: p.E,
262 N: p.N,
263 }
264 return pub, nil
265 case ECDSA:
266 paramsDer := cryptobyte.String(keyData.Algorithm.Parameters.FullBytes)
267 namedCurveOID := new(asn1.ObjectIdentifier)
268 if !paramsDer.ReadASN1ObjectIdentifier(namedCurveOID) {
269 return nil, errors.New("x509: invalid ECDSA parameters")
270 }
271 namedCurve := namedCurveFromOID(*namedCurveOID)
272 if namedCurve == nil {
273 return nil, errors.New("x509: unsupported elliptic curve")
274 }
275 x, y := elliptic.Unmarshal(namedCurve, der)
276 if x == nil {
277 return nil, errors.New("x509: failed to unmarshal elliptic curve point")
278 }
279 pub := &ecdsa.PublicKey{
280 Curve: namedCurve,
281 X: x,
282 Y: y,
283 }
284 return pub, nil
285 case Ed25519:
286
287
288 if len(keyData.Algorithm.Parameters.FullBytes) != 0 {
289 return nil, errors.New("x509: Ed25519 key encoded with illegal parameters")
290 }
291 if len(der) != ed25519.PublicKeySize {
292 return nil, errors.New("x509: wrong Ed25519 public key size")
293 }
294 return ed25519.PublicKey(der), nil
295 case DSA:
296 y := new(big.Int)
297 if !der.ReadASN1Integer(y) {
298 return nil, errors.New("x509: invalid DSA public key")
299 }
300 pub := &dsa.PublicKey{
301 Y: y,
302 Parameters: dsa.Parameters{
303 P: new(big.Int),
304 Q: new(big.Int),
305 G: new(big.Int),
306 },
307 }
308 paramsDer := cryptobyte.String(keyData.Algorithm.Parameters.FullBytes)
309 if !paramsDer.ReadASN1(¶msDer, cryptobyte_asn1.SEQUENCE) ||
310 !paramsDer.ReadASN1Integer(pub.Parameters.P) ||
311 !paramsDer.ReadASN1Integer(pub.Parameters.Q) ||
312 !paramsDer.ReadASN1Integer(pub.Parameters.G) {
313 return nil, errors.New("x509: invalid DSA parameters")
314 }
315 if pub.Y.Sign() <= 0 || pub.Parameters.P.Sign() <= 0 ||
316 pub.Parameters.Q.Sign() <= 0 || pub.Parameters.G.Sign() <= 0 {
317 return nil, errors.New("x509: zero or negative DSA parameter")
318 }
319 return pub, nil
320 default:
321 return nil, nil
322 }
323 }
324
325 func parseKeyUsageExtension(der cryptobyte.String) (KeyUsage, error) {
326 var usageBits asn1.BitString
327 if !der.ReadASN1BitString(&usageBits) {
328 return 0, errors.New("x509: invalid key usage")
329 }
330
331 var usage int
332 for i := 0; i < 9; i++ {
333 if usageBits.At(i) != 0 {
334 usage |= 1 << uint(i)
335 }
336 }
337 return KeyUsage(usage), nil
338 }
339
340 func parseBasicConstraintsExtension(der cryptobyte.String) (bool, int, error) {
341 var isCA bool
342 if !der.ReadASN1(&der, cryptobyte_asn1.SEQUENCE) {
343 return false, 0, errors.New("x509: invalid basic constraints a")
344 }
345 if der.PeekASN1Tag(cryptobyte_asn1.BOOLEAN) {
346 if !der.ReadASN1Boolean(&isCA) {
347 return false, 0, errors.New("x509: invalid basic constraints b")
348 }
349 }
350 maxPathLen := -1
351 if !der.Empty() && der.PeekASN1Tag(cryptobyte_asn1.INTEGER) {
352 if !der.ReadASN1Integer(&maxPathLen) {
353 return false, 0, errors.New("x509: invalid basic constraints c")
354 }
355 }
356
357
358 return isCA, maxPathLen, nil
359 }
360
361 func forEachSAN(der cryptobyte.String, callback func(tag int, data []byte) error) error {
362 if !der.ReadASN1(&der, cryptobyte_asn1.SEQUENCE) {
363 return errors.New("x509: invalid subject alternative names")
364 }
365 for !der.Empty() {
366 var san cryptobyte.String
367 var tag cryptobyte_asn1.Tag
368 if !der.ReadAnyASN1(&san, &tag) {
369 return errors.New("x509: invalid subject alternative name")
370 }
371 if err := callback(int(tag^0x80), san); err != nil {
372 return err
373 }
374 }
375
376 return nil
377 }
378
379 func parseSANExtension(der cryptobyte.String) (dnsNames, emailAddresses []string, ipAddresses []net.IP, uris []*url.URL, err error) {
380 err = forEachSAN(der, func(tag int, data []byte) error {
381 switch tag {
382 case nameTypeEmail:
383 email := string(data)
384 if err := isIA5String(email); err != nil {
385 return errors.New("x509: SAN rfc822Name is malformed")
386 }
387 emailAddresses = append(emailAddresses, email)
388 case nameTypeDNS:
389 name := string(data)
390 if err := isIA5String(name); err != nil {
391 return errors.New("x509: SAN dNSName is malformed")
392 }
393 dnsNames = append(dnsNames, string(name))
394 case nameTypeURI:
395 uriStr := string(data)
396 if err := isIA5String(uriStr); err != nil {
397 return errors.New("x509: SAN uniformResourceIdentifier is malformed")
398 }
399 uri, err := url.Parse(uriStr)
400 if err != nil {
401 return fmt.Errorf("x509: cannot parse URI %q: %s", uriStr, err)
402 }
403 if len(uri.Host) > 0 {
404 if _, ok := domainToReverseLabels(uri.Host); !ok {
405 return fmt.Errorf("x509: cannot parse URI %q: invalid domain", uriStr)
406 }
407 }
408 uris = append(uris, uri)
409 case nameTypeIP:
410 switch len(data) {
411 case net.IPv4len, net.IPv6len:
412 ipAddresses = append(ipAddresses, data)
413 default:
414 return errors.New("x509: cannot parse IP address of length " + strconv.Itoa(len(data)))
415 }
416 }
417
418 return nil
419 })
420
421 return
422 }
423
424 func parseExtKeyUsageExtension(der cryptobyte.String) ([]ExtKeyUsage, []asn1.ObjectIdentifier, error) {
425 var extKeyUsages []ExtKeyUsage
426 var unknownUsages []asn1.ObjectIdentifier
427 if !der.ReadASN1(&der, cryptobyte_asn1.SEQUENCE) {
428 return nil, nil, errors.New("x509: invalid extended key usages")
429 }
430 for !der.Empty() {
431 var eku asn1.ObjectIdentifier
432 if !der.ReadASN1ObjectIdentifier(&eku) {
433 return nil, nil, errors.New("x509: invalid extended key usages")
434 }
435 if extKeyUsage, ok := extKeyUsageFromOID(eku); ok {
436 extKeyUsages = append(extKeyUsages, extKeyUsage)
437 } else {
438 unknownUsages = append(unknownUsages, eku)
439 }
440 }
441 return extKeyUsages, unknownUsages, nil
442 }
443
444 func parseCertificatePoliciesExtension(der cryptobyte.String) ([]asn1.ObjectIdentifier, error) {
445 var oids []asn1.ObjectIdentifier
446 if !der.ReadASN1(&der, cryptobyte_asn1.SEQUENCE) {
447 return nil, errors.New("x509: invalid certificate policies")
448 }
449 for !der.Empty() {
450 var cp cryptobyte.String
451 if !der.ReadASN1(&cp, cryptobyte_asn1.SEQUENCE) {
452 return nil, errors.New("x509: invalid certificate policies")
453 }
454 var oid asn1.ObjectIdentifier
455 if !cp.ReadASN1ObjectIdentifier(&oid) {
456 return nil, errors.New("x509: invalid certificate policies")
457 }
458 oids = append(oids, oid)
459 }
460
461 return oids, nil
462 }
463
464
465 func isValidIPMask(mask []byte) bool {
466 seenZero := false
467
468 for _, b := range mask {
469 if seenZero {
470 if b != 0 {
471 return false
472 }
473
474 continue
475 }
476
477 switch b {
478 case 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe:
479 seenZero = true
480 case 0xff:
481 default:
482 return false
483 }
484 }
485
486 return true
487 }
488
489 func parseNameConstraintsExtension(out *Certificate, e pkix.Extension) (unhandled bool, err error) {
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505 outer := cryptobyte.String(e.Value)
506 var toplevel, permitted, excluded cryptobyte.String
507 var havePermitted, haveExcluded bool
508 if !outer.ReadASN1(&toplevel, cryptobyte_asn1.SEQUENCE) ||
509 !outer.Empty() ||
510 !toplevel.ReadOptionalASN1(&permitted, &havePermitted, cryptobyte_asn1.Tag(0).ContextSpecific().Constructed()) ||
511 !toplevel.ReadOptionalASN1(&excluded, &haveExcluded, cryptobyte_asn1.Tag(1).ContextSpecific().Constructed()) ||
512 !toplevel.Empty() {
513 return false, errors.New("x509: invalid NameConstraints extension")
514 }
515
516 if !havePermitted && !haveExcluded || len(permitted) == 0 && len(excluded) == 0 {
517
518
519
520
521 return false, errors.New("x509: empty name constraints extension")
522 }
523
524 getValues := func(subtrees cryptobyte.String) (dnsNames []string, ips []*net.IPNet, emails, uriDomains []string, err error) {
525 for !subtrees.Empty() {
526 var seq, value cryptobyte.String
527 var tag cryptobyte_asn1.Tag
528 if !subtrees.ReadASN1(&seq, cryptobyte_asn1.SEQUENCE) ||
529 !seq.ReadAnyASN1(&value, &tag) {
530 return nil, nil, nil, nil, fmt.Errorf("x509: invalid NameConstraints extension")
531 }
532
533 var (
534 dnsTag = cryptobyte_asn1.Tag(2).ContextSpecific()
535 emailTag = cryptobyte_asn1.Tag(1).ContextSpecific()
536 ipTag = cryptobyte_asn1.Tag(7).ContextSpecific()
537 uriTag = cryptobyte_asn1.Tag(6).ContextSpecific()
538 )
539
540 switch tag {
541 case dnsTag:
542 domain := string(value)
543 if err := isIA5String(domain); err != nil {
544 return nil, nil, nil, nil, errors.New("x509: invalid constraint value: " + err.Error())
545 }
546
547 trimmedDomain := domain
548 if len(trimmedDomain) > 0 && trimmedDomain[0] == '.' {
549
550
551
552
553 trimmedDomain = trimmedDomain[1:]
554 }
555 if _, ok := domainToReverseLabels(trimmedDomain); !ok {
556 return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse dnsName constraint %q", domain)
557 }
558 dnsNames = append(dnsNames, domain)
559
560 case ipTag:
561 l := len(value)
562 var ip, mask []byte
563
564 switch l {
565 case 8:
566 ip = value[:4]
567 mask = value[4:]
568
569 case 32:
570 ip = value[:16]
571 mask = value[16:]
572
573 default:
574 return nil, nil, nil, nil, fmt.Errorf("x509: IP constraint contained value of length %d", l)
575 }
576
577 if !isValidIPMask(mask) {
578 return nil, nil, nil, nil, fmt.Errorf("x509: IP constraint contained invalid mask %x", mask)
579 }
580
581 ips = append(ips, &net.IPNet{IP: net.IP(ip), Mask: net.IPMask(mask)})
582
583 case emailTag:
584 constraint := string(value)
585 if err := isIA5String(constraint); err != nil {
586 return nil, nil, nil, nil, errors.New("x509: invalid constraint value: " + err.Error())
587 }
588
589
590
591 if strings.Contains(constraint, "@") {
592 if _, ok := parseRFC2821Mailbox(constraint); !ok {
593 return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse rfc822Name constraint %q", constraint)
594 }
595 } else {
596
597 domain := constraint
598 if len(domain) > 0 && domain[0] == '.' {
599 domain = domain[1:]
600 }
601 if _, ok := domainToReverseLabels(domain); !ok {
602 return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse rfc822Name constraint %q", constraint)
603 }
604 }
605 emails = append(emails, constraint)
606
607 case uriTag:
608 domain := string(value)
609 if err := isIA5String(domain); err != nil {
610 return nil, nil, nil, nil, errors.New("x509: invalid constraint value: " + err.Error())
611 }
612
613 if net.ParseIP(domain) != nil {
614 return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse URI constraint %q: cannot be IP address", domain)
615 }
616
617 trimmedDomain := domain
618 if len(trimmedDomain) > 0 && trimmedDomain[0] == '.' {
619
620
621
622
623 trimmedDomain = trimmedDomain[1:]
624 }
625 if _, ok := domainToReverseLabels(trimmedDomain); !ok {
626 return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse URI constraint %q", domain)
627 }
628 uriDomains = append(uriDomains, domain)
629
630 default:
631 unhandled = true
632 }
633 }
634
635 return dnsNames, ips, emails, uriDomains, nil
636 }
637
638 if out.PermittedDNSDomains, out.PermittedIPRanges, out.PermittedEmailAddresses, out.PermittedURIDomains, err = getValues(permitted); err != nil {
639 return false, err
640 }
641 if out.ExcludedDNSDomains, out.ExcludedIPRanges, out.ExcludedEmailAddresses, out.ExcludedURIDomains, err = getValues(excluded); err != nil {
642 return false, err
643 }
644 out.PermittedDNSDomainsCritical = e.Critical
645
646 return unhandled, nil
647 }
648
649 func processExtensions(out *Certificate) error {
650 var err error
651 for _, e := range out.Extensions {
652 unhandled := false
653
654 if len(e.Id) == 4 && e.Id[0] == 2 && e.Id[1] == 5 && e.Id[2] == 29 {
655 switch e.Id[3] {
656 case 15:
657 out.KeyUsage, err = parseKeyUsageExtension(e.Value)
658 if err != nil {
659 return err
660 }
661 case 19:
662 out.IsCA, out.MaxPathLen, err = parseBasicConstraintsExtension(e.Value)
663 if err != nil {
664 return err
665 }
666 out.BasicConstraintsValid = true
667 out.MaxPathLenZero = out.MaxPathLen == 0
668 case 17:
669 out.DNSNames, out.EmailAddresses, out.IPAddresses, out.URIs, err = parseSANExtension(e.Value)
670 if err != nil {
671 return err
672 }
673
674 if len(out.DNSNames) == 0 && len(out.EmailAddresses) == 0 && len(out.IPAddresses) == 0 && len(out.URIs) == 0 {
675
676 unhandled = true
677 }
678
679 case 30:
680 unhandled, err = parseNameConstraintsExtension(out, e)
681 if err != nil {
682 return err
683 }
684
685 case 31:
686
687
688
689
690
691
692
693
694
695
696
697
698 val := cryptobyte.String(e.Value)
699 if !val.ReadASN1(&val, cryptobyte_asn1.SEQUENCE) {
700 return errors.New("x509: invalid CRL distribution points")
701 }
702 for !val.Empty() {
703 var dpDER cryptobyte.String
704 if !val.ReadASN1(&dpDER, cryptobyte_asn1.SEQUENCE) {
705 return errors.New("x509: invalid CRL distribution point")
706 }
707 var dpNameDER cryptobyte.String
708 var dpNamePresent bool
709 if !dpDER.ReadOptionalASN1(&dpNameDER, &dpNamePresent, cryptobyte_asn1.Tag(0).Constructed().ContextSpecific()) {
710 return errors.New("x509: invalid CRL distribution point")
711 }
712 if !dpNamePresent {
713 continue
714 }
715 if !dpNameDER.ReadASN1(&dpNameDER, cryptobyte_asn1.Tag(0).Constructed().ContextSpecific()) {
716 return errors.New("x509: invalid CRL distribution point")
717 }
718 for !dpNameDER.Empty() {
719 if !dpNameDER.PeekASN1Tag(cryptobyte_asn1.Tag(6).ContextSpecific()) {
720 break
721 }
722 var uri cryptobyte.String
723 if !dpNameDER.ReadASN1(&uri, cryptobyte_asn1.Tag(6).ContextSpecific()) {
724 return errors.New("x509: invalid CRL distribution point")
725 }
726 out.CRLDistributionPoints = append(out.CRLDistributionPoints, string(uri))
727 }
728 }
729
730 case 35:
731
732 val := cryptobyte.String(e.Value)
733 var akid cryptobyte.String
734 if !val.ReadASN1(&akid, cryptobyte_asn1.SEQUENCE) {
735 return errors.New("x509: invalid authority key identifier")
736 }
737 if akid.PeekASN1Tag(cryptobyte_asn1.Tag(0).ContextSpecific()) {
738 if !akid.ReadASN1(&akid, cryptobyte_asn1.Tag(0).ContextSpecific()) {
739 return errors.New("x509: invalid authority key identifier")
740 }
741 out.AuthorityKeyId = akid
742 }
743 case 37:
744 out.ExtKeyUsage, out.UnknownExtKeyUsage, err = parseExtKeyUsageExtension(e.Value)
745 if err != nil {
746 return err
747 }
748 case 14:
749
750 val := cryptobyte.String(e.Value)
751 var skid cryptobyte.String
752 if !val.ReadASN1(&skid, cryptobyte_asn1.OCTET_STRING) {
753 return errors.New("x509: invalid subject key identifier")
754 }
755 out.SubjectKeyId = skid
756 case 32:
757 out.PolicyIdentifiers, err = parseCertificatePoliciesExtension(e.Value)
758 if err != nil {
759 return err
760 }
761 default:
762
763 unhandled = true
764 }
765 } else if e.Id.Equal(oidExtensionAuthorityInfoAccess) {
766
767 val := cryptobyte.String(e.Value)
768 if !val.ReadASN1(&val, cryptobyte_asn1.SEQUENCE) {
769 return errors.New("x509: invalid authority info access")
770 }
771 for !val.Empty() {
772 var aiaDER cryptobyte.String
773 if !val.ReadASN1(&aiaDER, cryptobyte_asn1.SEQUENCE) {
774 return errors.New("x509: invalid authority info access")
775 }
776 var method asn1.ObjectIdentifier
777 if !aiaDER.ReadASN1ObjectIdentifier(&method) {
778 return errors.New("x509: invalid authority info access")
779 }
780 if !aiaDER.PeekASN1Tag(cryptobyte_asn1.Tag(6).ContextSpecific()) {
781 continue
782 }
783 if !aiaDER.ReadASN1(&aiaDER, cryptobyte_asn1.Tag(6).ContextSpecific()) {
784 return errors.New("x509: invalid authority info access")
785 }
786 switch {
787 case method.Equal(oidAuthorityInfoAccessOcsp):
788 out.OCSPServer = append(out.OCSPServer, string(aiaDER))
789 case method.Equal(oidAuthorityInfoAccessIssuers):
790 out.IssuingCertificateURL = append(out.IssuingCertificateURL, string(aiaDER))
791 }
792 }
793 } else {
794
795 unhandled = true
796 }
797
798 if e.Critical && unhandled {
799 out.UnhandledCriticalExtensions = append(out.UnhandledCriticalExtensions, e.Id)
800 }
801 }
802
803 return nil
804 }
805
806 func parseCertificate(der []byte) (*Certificate, error) {
807 cert := &Certificate{}
808
809 input := cryptobyte.String(der)
810
811
812
813 if !input.ReadASN1Element(&input, cryptobyte_asn1.SEQUENCE) {
814 return nil, errors.New("x509: malformed certificate")
815 }
816 cert.Raw = input
817 if !input.ReadASN1(&input, cryptobyte_asn1.SEQUENCE) {
818 return nil, errors.New("x509: malformed certificate")
819 }
820
821 var tbs cryptobyte.String
822
823
824 if !input.ReadASN1Element(&tbs, cryptobyte_asn1.SEQUENCE) {
825 return nil, errors.New("x509: malformed tbs certificate")
826 }
827 cert.RawTBSCertificate = tbs
828 if !tbs.ReadASN1(&tbs, cryptobyte_asn1.SEQUENCE) {
829 return nil, errors.New("x509: malformed tbs certificate")
830 }
831
832 if !tbs.ReadOptionalASN1Integer(&cert.Version, cryptobyte_asn1.Tag(0).Constructed().ContextSpecific(), 0) {
833 return nil, errors.New("x509: malformed version")
834 }
835 if cert.Version < 0 {
836 return nil, errors.New("x509: malformed version")
837 }
838
839
840 cert.Version++
841 if cert.Version > 3 {
842 return nil, errors.New("x509: invalid version")
843 }
844
845 serial := new(big.Int)
846 if !tbs.ReadASN1Integer(serial) {
847 return nil, errors.New("x509: malformed serial number")
848 }
849
850
851
852
853
854 cert.SerialNumber = serial
855
856 var sigAISeq cryptobyte.String
857 if !tbs.ReadASN1(&sigAISeq, cryptobyte_asn1.SEQUENCE) {
858 return nil, errors.New("x509: malformed signature algorithm identifier")
859 }
860
861
862
863 var outerSigAISeq cryptobyte.String
864 if !input.ReadASN1(&outerSigAISeq, cryptobyte_asn1.SEQUENCE) {
865 return nil, errors.New("x509: malformed algorithm identifier")
866 }
867 if !bytes.Equal(outerSigAISeq, sigAISeq) {
868 return nil, errors.New("x509: inner and outer signature algorithm identifiers don't match")
869 }
870 sigAI, err := parseAI(sigAISeq)
871 if err != nil {
872 return nil, err
873 }
874 cert.SignatureAlgorithm = getSignatureAlgorithmFromAI(sigAI)
875
876 var issuerSeq cryptobyte.String
877 if !tbs.ReadASN1Element(&issuerSeq, cryptobyte_asn1.SEQUENCE) {
878 return nil, errors.New("x509: malformed issuer")
879 }
880 cert.RawIssuer = issuerSeq
881 issuerRDNs, err := parseName(issuerSeq)
882 if err != nil {
883 return nil, err
884 }
885 cert.Issuer.FillFromRDNSequence(issuerRDNs)
886
887 var validity cryptobyte.String
888 if !tbs.ReadASN1(&validity, cryptobyte_asn1.SEQUENCE) {
889 return nil, errors.New("x509: malformed validity")
890 }
891 cert.NotBefore, cert.NotAfter, err = parseValidity(validity)
892 if err != nil {
893 return nil, err
894 }
895
896 var subjectSeq cryptobyte.String
897 if !tbs.ReadASN1Element(&subjectSeq, cryptobyte_asn1.SEQUENCE) {
898 return nil, errors.New("x509: malformed issuer")
899 }
900 cert.RawSubject = subjectSeq
901 subjectRDNs, err := parseName(subjectSeq)
902 if err != nil {
903 return nil, err
904 }
905 cert.Subject.FillFromRDNSequence(subjectRDNs)
906
907 var spki cryptobyte.String
908 if !tbs.ReadASN1Element(&spki, cryptobyte_asn1.SEQUENCE) {
909 return nil, errors.New("x509: malformed spki")
910 }
911 cert.RawSubjectPublicKeyInfo = spki
912 if !spki.ReadASN1(&spki, cryptobyte_asn1.SEQUENCE) {
913 return nil, errors.New("x509: malformed spki")
914 }
915 var pkAISeq cryptobyte.String
916 if !spki.ReadASN1(&pkAISeq, cryptobyte_asn1.SEQUENCE) {
917 return nil, errors.New("x509: malformed public key algorithm identifier")
918 }
919 pkAI, err := parseAI(pkAISeq)
920 if err != nil {
921 return nil, err
922 }
923 cert.PublicKeyAlgorithm = getPublicKeyAlgorithmFromOID(pkAI.Algorithm)
924 var spk asn1.BitString
925 if !spki.ReadASN1BitString(&spk) {
926 return nil, errors.New("x509: malformed subjectPublicKey")
927 }
928 cert.PublicKey, err = parsePublicKey(cert.PublicKeyAlgorithm, &publicKeyInfo{
929 Algorithm: pkAI,
930 PublicKey: spk,
931 })
932 if err != nil {
933 return nil, err
934 }
935
936 if cert.Version > 1 {
937 if !tbs.SkipOptionalASN1(cryptobyte_asn1.Tag(1).Constructed().ContextSpecific()) {
938 return nil, errors.New("x509: malformed issuerUniqueID")
939 }
940 if !tbs.SkipOptionalASN1(cryptobyte_asn1.Tag(2).Constructed().ContextSpecific()) {
941 return nil, errors.New("x509: malformed subjectUniqueID")
942 }
943 if cert.Version == 3 {
944 var extensions cryptobyte.String
945 var present bool
946 if !tbs.ReadOptionalASN1(&extensions, &present, cryptobyte_asn1.Tag(3).Constructed().ContextSpecific()) {
947 return nil, errors.New("x509: malformed extensions")
948 }
949 if present {
950 if !extensions.ReadASN1(&extensions, cryptobyte_asn1.SEQUENCE) {
951 return nil, errors.New("x509: malformed extensions")
952 }
953 for !extensions.Empty() {
954 var extension cryptobyte.String
955 if !extensions.ReadASN1(&extension, cryptobyte_asn1.SEQUENCE) {
956 return nil, errors.New("x509: malformed extension")
957 }
958 ext, err := parseExtension(extension)
959 if err != nil {
960 return nil, err
961 }
962 cert.Extensions = append(cert.Extensions, ext)
963 }
964 err = processExtensions(cert)
965 if err != nil {
966 return nil, err
967 }
968 }
969 }
970 }
971
972 var signature asn1.BitString
973 if !input.ReadASN1BitString(&signature) {
974 return nil, errors.New("x509: malformed signature")
975 }
976 cert.Signature = signature.RightAlign()
977
978 return cert, nil
979 }
980
981
982 func ParseCertificate(der []byte) (*Certificate, error) {
983 cert, err := parseCertificate(der)
984 if err != nil {
985 return nil, err
986 }
987 if len(der) != len(cert.Raw) {
988 return nil, errors.New("x509: trailing data")
989 }
990 return cert, err
991 }
992
993
994
995 func ParseCertificates(der []byte) ([]*Certificate, error) {
996 var certs []*Certificate
997 for len(der) > 0 {
998 cert, err := parseCertificate(der)
999 if err != nil {
1000 return nil, err
1001 }
1002 certs = append(certs, cert)
1003 der = der[len(cert.Raw):]
1004 }
1005 return certs, nil
1006 }
1007
View as plain text