feat: AIA cert fetch

Author: adiwajshing

README.md

@@ -12,6 +12,7 @@ As all the cryptography is handled by either "webcrypto" or a "pure-js" implemen
 
 1. The ChaCha20-Poly1305 cipher is not supported via WebCrypto -- so we utilise `@stablelib/chacha20-poly1305` to provide this functionality.
 2. To handle X509 certificate validation we utilise `@peculiar/x509`
+3. Optionally a few other crypto dependencies are used when using the `pure-js` implementation. These can be excluded when using WebCrypto.
 
 ## Supported Crypto Suites & Versions
 
@@ -52,6 +53,7 @@ As all the cryptography is handled by either "webcrypto" or a "pure-js" implemen
 ### Certificates
 - The entire Mozilla CA store is supported
 - A few additional certificates have also been added. See `src/utils/root-ca.ts`
+- We also implement fetching intermediate certificates via AIA fetching. Any fetched certificates are also then verified against the root CA store.
 
 ## Install
 

src/make-tls-client.ts

@@ -31,6 +31,7 @@ export function makeTLSClient({
 	supportedProtocolVersions,
 	signatureAlgorithms,
 	applicationLayerProtocols,
+	fetchCertificateBytes,
 	write,
 	onRead,
 	onApplicationData,
@@ -242,8 +243,10 @@ export function makeTLSClient({
 
 					logger.debug({ len: certificates.length }, 'parsed certificates')
 
-					if(verifyServerCertificate) {
-						await verifyCertificateChain(certificates, host, rootCAs)
+					if(verifyServerCertificate && !certificatesVerified) {
+						await verifyCertificateChain(
+							certificates, host, logger, fetchCertificateBytes, rootCAs
+						)
 						logger.debug('verified certificate chain')
 
 						certificatesVerified = true
@@ -339,8 +342,10 @@ export function makeTLSClient({
 
 					logger.debug('verified server key share signature')
 
-					if(verifyServerCertificate) {
-						await verifyCertificateChain(certificates, host, rootCAs)
+					if(verifyServerCertificate && !certificatesVerified) {
+						await verifyCertificateChain(
+							certificates, host, logger, fetchCertificateBytes, rootCAs
+						)
 						logger.debug('verified certificate chain')
 
 						certificatesVerified = true

src/types/index.ts

@@ -1,8 +1,15 @@
+import type { X509Certificate } from './x509.ts'
+
 export * from './x509.ts'
 export * from './tls.ts'
 export * from './crypto.ts'
 export * from './logger.ts'
 
 declare global {
 	const TLS_ADDITIONAL_ROOT_CA_LIST: string[]
+	/**
+	 * Store fetched intermediate certificates typically fetched via
+	 * the AIA extension here to avoid refetching
+	 */
+	const TLS_INTERMEDIATE_CA_CACHE: { [url: string]: X509Certificate }
 }

src/types/tls.ts

@@ -91,6 +91,12 @@ export type TLSConnectionOptions = TLSHelloBaseOptions & {
 	 * if provided, the server certificate will be verified against these root CAs
 	 */
 	rootCAs?: X509Certificate[]
+	/**
+	 * Fetch certificate bytes from a URL
+	 * Used when the AIA extension is present in a certificate
+	 * to fetch the issuer certificate
+	 */
+	fetchCertificateBytes?(url: string): Promise<Uint8Array>
 }
 
 export type TLSClientOptions = TLSConnectionOptions & TLSEventHandlers & {

src/types/x509.ts

@@ -22,6 +22,11 @@ export type X509Certificate<T = any> = {
 	getAlternativeDNSNames(): string[]
 	isIssuer(ofCert: X509Certificate<T>): boolean
 	getPublicKey(): CertificatePublicKey
+	/**
+	 * Get the Authority Information Access extension value,
+	 * tells us where to get issuer certificate from
+	 */
+	getAIAExtension(): string | undefined
 	/**
 	 * verify this certificate issued the certificate passed
 	 * @param otherCert the supposedly issued certificate to verify

src/utils/additional-root-cas.js

@@ -1,12 +1,16 @@
 /* eslint indent: 0 */
 
 let TLS_ADDITIONAL_ROOT_CA_LIST
+let TLS_INTERMEDIATE_CA_CACHE
 if(typeof globalThis === 'object' && globalThis) {
 	TLS_ADDITIONAL_ROOT_CA_LIST = (globalThis.TLS_ADDITIONAL_ROOT_CA_LIST ||= [])
+	TLS_INTERMEDIATE_CA_CACHE = (globalThis.TLS_INTERMEDIATE_CA_CACHE ||= {})
 } else if(typeof window === 'object' && window) {
 	TLS_ADDITIONAL_ROOT_CA_LIST = (window.TLS_ADDITIONAL_ROOT_CA_LIST ||= [])
+	TLS_INTERMEDIATE_CA_CACHE = (window.TLS_INTERMEDIATE_CA_CACHE ||= {})
 } else {
 	TLS_ADDITIONAL_ROOT_CA_LIST = []
+	TLS_INTERMEDIATE_CA_CACHE = {}
 }
 
 TLS_ADDITIONAL_ROOT_CA_LIST.push(

src/utils/parse-certificate.ts

@@ -1,12 +1,12 @@
 import './additional-root-cas.js'
 import { crypto } from '../crypto/index.ts'
-import type { CertificatePublicKey, CipherSuite, Key, TLSProcessContext, X509Certificate } from '../types/index.ts'
+import type { CertificatePublicKey, CipherSuite, Key, Logger, TLSProcessContext, X509Certificate } from '../types/index.ts'
 import { SUPPORTED_NAMED_CURVE_MAP, SUPPORTED_SIGNATURE_ALGS, SUPPORTED_SIGNATURE_ALGS_MAP } from './constants.ts'
 import { getHash } from './decryption-utils.ts'
 import { areUint8ArraysEqual, asciiToUint8Array, concatenateUint8Arrays } from './generics.ts'
 import { MOZILLA_ROOT_CA_LIST } from './mozilla-root-cas.ts'
 import { expectReadWithLength, packWithLength } from './packets.ts'
-import { loadX509FromDer, loadX509FromPem } from './x509.ts'
+import { defaultFetchCertificateBytes, loadX509FromDer, loadX509FromPem } from './x509.ts'
 
 type VerifySignatureOptions = {
 	signature: Uint8Array
@@ -111,8 +111,7 @@ export async function verifyCertificateSignature({
 }
 
 export async function getSignatureDataTls13(
-	hellos: Uint8Array[] | Uint8Array,
-	cipherSuite: CipherSuite
+	hellos: Uint8Array[] | Uint8Array, cipherSuite: CipherSuite
 ) {
 	const handshakeHash = await getHash(hellos, cipherSuite)
 	return concatenateUint8Arrays([
@@ -155,74 +154,81 @@ export async function getSignatureDataTls12(
 export async function verifyCertificateChain(
 	chain: X509Certificate[],
 	host: string,
+	logger: Logger,
+	fetchCertificateBytes = defaultFetchCertificateBytes,
 	additionalRootCAs?: X509Certificate[]
 ) {
 	const rootCAs = [
 		...loadRootCAs(),
 		...(additionalRootCAs || [])
 	]
 
+	const leaf = chain[0]
 	const commonNames = [
-		...chain[0].getSubjectField('CN'),
-		...chain[0].getAlternativeDNSNames()
+		...leaf.getSubjectField('CN'),
+		...leaf.getAlternativeDNSNames()
 	]
 	if(!commonNames.some(cn => matchHostname(host, cn))) {
 		throw new Error(`Certificate is not for host ${host}`)
 	}
 
+	chain = [...chain] // clone to allow appending fetched certs
+	for(let i = 0; i < chain.length; i++) {
+		const cert = chain[i]
+		const cn = cert.getSubjectField('CN')
+		if(!cert.isWithinValidity()) {
+			throw new Error(`Certificate ${cn} (i: ${i}) is outside validity`)
+		}
 
-	const tmpChain = [...chain]
-	let currentCert = tmpChain.shift()!
-	let rootIssuer: X509Certificate<any> | undefined
-	// look for issuers until we hit the end or find root CA that signed one of them
-	while(!rootIssuer) {
-		const cn = currentCert.getSubjectField('CN')
-
-		if(!currentCert.isWithinValidity()) {
-			throw new Error(`Certificate ${cn} is not within validity period`)
+		// look in our chain for issuer
+		let issuer = findIssuer(chain.slice(i + 1), cert)
+		// if not found, check in our root CAs
+		if(!issuer) {
+			issuer = findIssuer(rootCAs, cert)
 		}
 
-		rootIssuer = rootCAs.find(r => r.isIssuer(currentCert))
+		// if not found, we'll try fetching it via AIA extension
+		if(!issuer) {
+			const aiaExt = cert.getAIAExtension()
+			if(!aiaExt) {
+				throw new Error(`Missing issuer for certificate ${cn} (i: ${i})`)
+			}
 
-		if(!rootIssuer) {
-			const issuer = findIssuer(tmpChain, currentCert)
+			if(TLS_INTERMEDIATE_CA_CACHE?.[aiaExt]) {
+				issuer = TLS_INTERMEDIATE_CA_CACHE[aiaExt]
+			} else {
+				logger.debug(
+					{ aiaExt, cn },
+					'fetching issuer certificate via AIA extension'
+				)
 
-			//in case there are orphan certificates in chain
-			if(!issuer) {
-				break
-			}
+				const bytes = await fetchCertificateBytes(aiaExt)
+				issuer = await loadX509FromPem(bytes)
+				// we'll need to verify this cert below too
+				chain.push(issuer)
 
-			if(!(await issuer.cert.verifyIssued(currentCert))) {
-				throw new Error(`Certificate ${cn} issue verification failed`)
+				TLS_INTERMEDIATE_CA_CACHE[aiaExt] = issuer
 			}
-
-			currentCert = issuer.cert
-			//remove issuer cert from chain
-			tmpChain.splice(issuer.index, 1)
 		}
-	}
-
-	if(!rootIssuer) {
-		throw new Error('Root CA not found. Could not verify certificate')
-	}
 
-	const verified = await rootIssuer.verifyIssued(currentCert)
-	if(!verified) {
-		throw new Error('Root CA did not issue certificate')
-	}
+		if(!issuer.isWithinValidity()) {
+			throw new Error(`Issuer Cert ${cn} is not within validity period`)
+		}
 
-	if(!rootIssuer.isWithinValidity()) {
-		throw new Error('CA certificate is not within validity period')
+		if(!(await issuer.verifyIssued(cert))) {
+			const icn = issuer.getSubjectField('CN')
+			throw new Error(
+				`Verification of ${cn} failed by issuer ${icn} (i: ${i})`
+			)
+		}
 	}
+}
 
-	function findIssuer(chain:X509Certificate[], cert: X509Certificate) {
-		for(const [i, element] of chain.entries()) {
-			if(element.isIssuer(cert)) {
-				return { cert: element, index: i }
-			}
+function findIssuer(chain: X509Certificate[], cert: X509Certificate) {
+	for(const element of chain) {
+		if(element.isIssuer(cert)) {
+			return element
 		}
-
-		return null
 	}
 }
 

src/utils/x509.ts

@@ -4,6 +4,8 @@ import { crypto } from '../crypto/index.ts'
 // not using types/index to avoid circular dependency
 import type { SignatureAlgorithm, X509Certificate } from '../types/index.ts'
 
+const AIA_EXT_TYPE = '1.3.6.1.5.5.7.1.1'
+
 export function loadX509FromPem(
 	pem: string | Uint8Array
 ): X509Certificate<peculiar.X509Certificate> {
@@ -20,6 +22,11 @@ export function loadX509FromPem(
 			const now = new Date()
 			return now > cert.notBefore && now < cert.notAfter
 		},
+		getAIAExtension() {
+			const aiaExt = cert
+				.getExtension(AIA_EXT_TYPE) as peculiar.AuthorityInfoAccessExtension
+			return aiaExt?.caIssuers?.find(obj => obj.type === 'url')?.value
+		},
 		getSubjectField(name) {
 			return cert.subjectName.getField(name)
 		},
@@ -122,4 +129,14 @@ function getSigAlgorithm(
 export function loadX509FromDer(der: Uint8Array) {
 	// peculiar handles both
 	return loadX509FromPem(der)
+}
+
+export async function defaultFetchCertificateBytes(url: string) {
+	const res = await fetch(url)
+	if(!res.ok) {
+		throw new Error(`Failed to fetch certificate from ${url}: ${res.statusText}`)
+	}
+
+	const buffer = await res.arrayBuffer()
+	return new Uint8Array<any>(buffer)
 }