Add PPAPI interface for secure sockets in flash

ppapi/api/private/ppb_flash_x509_certificate.idl

+/* Copyright (c) 2012 The Chromium Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/**
+ * This file defines the <code>PPB_Flash_X509Certificate</code> interface for
+ * an X509 certificate.
+ */
+
+label Chrome {
+  M19 = 0.1
+};
+
+/**
+ * Struct for storing information about a certificate issuer or subject.
+ * All members are <code>PP_Var</code> strings.
+ */
+struct PP_Flash_X509Certificate_Principal {

[Ryan Sleevi, 2012/02/16 21:29:23]

An actual principal name is:

an ordered array of
  unordered arrays of
    tuples of
      identifier, opaque type

For a certain list of pre-specified |identifiers|, |opaque type| is defined as a
string type, is stored as

  encoded type, length, value


The behaviour of Chrome's X509Certificate only including a very limited subset
(of which this list seems to reflect) was done to fit certain display needs, but
in no way reflects what an application developer would expect/use, and can
easily present the wrong information or lead to spoofing the user.

[raymes, 2012/02/16 22:31:29]

These are the only fields required by flash.

On 2012/02/16 21:29:23, Ryan Sleevi wrote:

[Ryan Sleevi, 2012/02/16 23:06:33]

For a Flash-specific API: This is OK. It's Adobe's fault for writing a crappy
API.
For a general purpose API: something equivalent to vector<vector<tuple>> would
make more sense, and then let the Pepper Flash code grab the values it needs.

+  PP_Var common_name;
+  PP_Var locality_name;
+  PP_Var state_or_province_name;
+  PP_Var country_name;
+  PP_Var organization_name;
+  PP_Var organization_unit_name;
+};
+
+[assert_size(4)]
+enum PPB_Flash_X509Certificate_Version {

[Ryan Sleevi, 2012/02/16 21:29:23]

Is there a reason you need to expose version?

[raymes, 2012/02/16 22:31:29]

AFAICT it's exposed in actionscript (although not documented) through the class:
http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/secu...

[Ryan Sleevi, 2012/02/16 23:06:33]

Adobe's API sucks.

That said, use either X509_CERTIFICATE or X509CERTIFICATE - don't mix both.

[raymes, 2012/02/21 19:07:40]

Done.

+  PP_FLASH_X509_CERTIFICATE_V1 = 0,
+  PP_FLASH_X509CERTIFICATE_V2 = 1,
+  PP_FLASH_X509CERTIFICATE_V3 = 2
+};
+
+/**
+ * The <code>PPB_Flash_X509Certificate</code> interface provides access to
+ * the fields of an X509 certificate.
+ */
+interface PPB_Flash_X509Certificate {
+  /**
+   * Create a <code>PPB_Flash_X509Certificate</code> from the DER-encoded
+   * representation. Returns a null resource if the byte array is not a valid
+   * X509 certificate.
+   */
+  PP_Resource Create([in] PP_Instance instance,
+                     [in] mem_t bytes,
+                     [in] int32_t length);

[Ryan Sleevi, 2012/02/16 21:29:23]

Create takes (in) int32_t, but other APIs (GetSerialNumber,
GetAlgorithmParameters) give (out) uint32_t.

Suggest this be a uint32_t.

What happens if there is more than one X509Certificate?
What happens if there is extra data after the end of a valid X509Certificate?

[raymes, 2012/02/16 22:31:29]

Done. Thanks for the catch.
I'm not sure what behavior makes sense here. I would assume that it should take
only 1 certificate and nothing else. Suggestions?

+
+  /**
+   * Returns <code>PP_TRUE</code> if a given resource is a
+   * <code>PPB_Flash_X509Certificate</code>.
+   */
+  PP_Bool IsFlashX509Certificate([in] PP_Resource resource);
+
+  /**
+   * Get the certificate version.
+   */
+  PPB_Flash_X509Certificate_Version GetVersion([in] PP_Resource certificate);
+
+  /**
+   * Get the certificate serial number as a byte array.
+   */
+  mem_t GetSerialNumber([in] PP_Resource certificate,

[Ryan Sleevi, 2012/02/16 21:29:23]

There's some unfortunate subtlety here re: X.509

Is the SerialNumber an actual numeric value?
Is it a byte string with the leading zero (an encoding artifact) or without (the
'logical' value)

[raymes, 2012/02/16 22:31:29]

A byte string I guess, with the leading 0 removed as per
SerialNumber->http://msdn.microsoft.com/en-us/library/windows/desktop/aa377200(v=vs.85).aspx

[Ryan Sleevi, 2012/02/16 23:06:33]

(Adobe rant).

This unfortunately can create ambiguities for certificates - it's generally
better to /not/ strip the data.

General purpose: Return the full bytes, make the Flash code strip it.

[raymes, 2012/02/21 19:07:40]

Done.

+                        [out] uint32_t length);
+
+  /**
+   * Get the certificate algorithm ID as a <code>PP_Var</code> string.
+   */
+  PP_Var GetAlgorithmID([in] PP_Resource certificate);

[Ryan Sleevi, 2012/02/16 21:29:23]

This is the signature algorithm, not the SPKI algorithm.

What is the form? A string ("rsaWithSha1")? An OID string?

[raymes, 2012/02/16 22:31:29]

Yes, the signature OID string. I will update the name/documentation.

[raymes, 2012/02/21 19:07:40]

Done.

+
+  /**
+   * Get the certificate algorithm paramaters as a byte array.
+   */
+  mem_t GetAlgorithmParamaters([in] PP_Resource certificate,

[Ryan Sleevi, 2012/02/16 21:29:23]

As... DER?

And why not expose the algorithm itself, why only expose the parameters?

[raymes, 2012/02/16 22:31:29]

This is just what flash required. The format is the same as the Paramaters field
in
http://msdn.microsoft.com/en-us/library/windows/desktop/aa381133(v=vs.85).aspx,
which I guess is DER in our case.

[Ryan Sleevi, 2012/02/16 23:06:33]

Thanks. Yeah, this is DER.

[raymes, 2012/02/21 19:07:40]

Done.

+                               [out] uint32_t length);
+
+  /**
+   * Get the valid start date as a timestamp.
+   */
+  uint32_t GetVaildStart([in] PP_Resource certificate);
+
+  /**
+   * Get the valid end date as a timestamp.
+   */
+  uint32_t GetVaildEnd([in] PP_Resource certificate);
+

[Ryan Sleevi, 2012/02/16 21:29:23]

Typo: Vaild -> Valid

This will definitely cause issues because dates in certificates are stored as
strings, and can therefore represent values up to the year 9999.

I know of a number of certificates that already assert dates larger than a
32-bit time_t / seconds since epoch (I think the comment "timestamp" is woefully
underspecified here), primarily because they take now+30, which yields
expirations in 2042 (> 2038 time_t max)

[raymes, 2012/02/16 22:31:29]

Right, I should have used a larger int. Would changing it to a 64bit integer
suffice? Can update the comment to refer to the epoch.

[Ryan Sleevi, 2012/02/16 23:06:33]

"It would be nice" to expose a PPAPI date type here, these dates are always UTC.

Short of that, a normalized string type (YYYYMMDDHHMMSS) would be better.

Alternatively, PP_Time might be appropriate here.

[raymes, 2012/02/21 19:07:40]

Done.

+  /**
+   * Get the subject public key algorithm ID as a <code>PP_Var</code> string.
+   */
+  PP_Var GetSubjectPublicKeyAlgorithmID([in] PP_Resource certificate);

[Ryan Sleevi, 2012/02/16 21:29:23]

It's unclear what this stores.

Is it a string such as "rsa" ? Is it a specific OID?

[raymes, 2012/02/16 22:31:29]

It's again the OID of the algorithm, I can update the name/comment.

[raymes, 2012/02/21 19:07:40]

Done.

+
+  /**
+   * Get the subject public key as a byte array.
+   */
+  PP_Var GetSubjectPublicKey([in] PP_Resource certificate,
+                            [out] uint32_t length);
+
+  /**
+   * Get the certificate as a byte array encoded in DER format.
+   */
+  mem_t GetDER([in] PP_Resource certificate,
+               [out] uint32_t length);
+
+  /**
+   * Get the subject public key as a byte array.
+   */
+  PP_Var GetSubjectPublicKey([in] PP_Resource certificate,

[Ryan Sleevi, 2012/02/16 21:29:23]

Duplicate declaration to line 95-96

[raymes, 2012/02/16 22:31:29]

Done.

+                            [out] uint32_t length);
+
+  /**
+   * Get the issuers unique ID as a byte array.
+   */
+  mem_t GetIssuerUniqueID([in] PP_Resource certificate,
+                          [out] uint32_t length);
+
+  /**
+   * Get the subjects unique ID as a byte array.

[Ryan Sleevi, 2012/02/16 21:29:23]

What is "unique ID" ?

Do you mean authorityKeyId / subjectKeyId (which are extensions?) Is this some
sort of internal tracking? Is this a normalized form of the distinguished names
(of which there may be multiple certificates with that same subject /
issuer-as-subject)

[raymes, 2012/02/16 22:31:29]

It's
SubjectUniqueId->http://msdn.microsoft.com/en-us/library/windows/desktop/aa377200(v=vs.85).aspx

Again exposed through AS.

On 2012/02/16 21:29:23, Ryan Sleevi wrote:

[Ryan Sleevi, 2012/02/16 23:06:33]

Flash sucks.

I don't think I've ever seen a issuerUniqueId / subjectUniqueId in a certificate
in the wild. We don't currently expose these from X509Certificate, but we should
be able to expose it.

FTR, it's Section 4.1.2.8 in RFC 3280, which was added in X.509 v2, but only
works in the concept of "The Global Directory" from X500, which never existed,
and whose utility was replaced by extensions in X.509 v3 and skid/akid.

+   */
+  mem_t GetSubjectUniqueID([in] PP_Resource certificate,
+                           [out] uint32_t length);
+
+  /**
+   * Get information about the certificate issuer.
+   */
+  PP_Flash_X509Certificate_Principal GetIssuerInfo(PP_Resource certificate);
+
+  /**
+   * Get information about the certificate subject.
+   */
+  PP_Flash_X509Certificate_Principal GetSubjectInfo(PP_Resource certificate);
+};