diff --git a/Userland/Libraries/LibTLS/Certificate.cpp b/Userland/Libraries/LibTLS/Certificate.cpp index aa05060aa0..2b117a445f 100644 --- a/Userland/Libraries/LibTLS/Certificate.cpp +++ b/Userland/Libraries/LibTLS/Certificate.cpp @@ -349,6 +349,11 @@ Optional Certificate::parse_asn1(ReadonlyBytes buffer, bool) return {}; } + // self issued + { + certificate.is_self_issued = certificate.issuer_identifier_string() == certificate.subject_identifier_string(); + } + // extensions { if (certificate.version == 2) { diff --git a/Userland/Libraries/LibTLS/Certificate.h b/Userland/Libraries/LibTLS/Certificate.h index 694c737927..265cc4b789 100644 --- a/Userland/Libraries/LibTLS/Certificate.h +++ b/Userland/Libraries/LibTLS/Certificate.h @@ -60,9 +60,11 @@ public: bool is_allowed_to_sign_certificate { false }; bool is_certificate_authority { false }; Optional path_length_constraint {}; + bool is_self_issued { false }; static Optional parse_asn1(ReadonlyBytes, bool client_cert = false); + bool is_self_signed(); bool is_valid() const; DeprecatedString subject_identifier_string() const @@ -124,6 +126,9 @@ public: } return cert_name.to_deprecated_string(); } + +private: + Optional m_is_self_signed; }; class DefaultRootCACertificates { diff --git a/Userland/Libraries/LibTLS/TLSv12.cpp b/Userland/Libraries/LibTLS/TLSv12.cpp index bde92fa923..e60b830349 100644 --- a/Userland/Libraries/LibTLS/TLSv12.cpp +++ b/Userland/Libraries/LibTLS/TLSv12.cpp @@ -115,6 +115,23 @@ bool Certificate::is_valid() const return true; } +// https://www.ietf.org/rfc/rfc5280.html#page-12 +bool Certificate::is_self_signed() +{ + if (m_is_self_signed.has_value()) + return *m_is_self_signed; + + // Self-signed certificates are self-issued certificates where the digital + // signature may be verified by the public key bound into the certificate. + if (!this->is_self_issued) + m_is_self_signed.emplace(false); + + // FIXME: Actually check if we sign ourself + + m_is_self_signed.emplace(true); + return *m_is_self_signed; +} + void TLSv12::try_disambiguate_error() const { dbgln("Possible failure cause(s): ");