Skip to content
This repository has been archived by the owner on Feb 2, 2023. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
8206925: Support the certificate_authorities extension 
Backport-of: 17a2989
  • Loading branch information
Alexey Bakhtin authored and Yuri Nesterenko committed Aug 20, 2021
1 parent c8350fc commit 239e727
Show file tree
Hide file tree
Showing 8 changed files with 1,089 additions and 98 deletions.
408 changes: 408 additions & 0 deletions src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java
View file

Large diffs are not rendered by default.

20 changes: 9 additions & 11 deletions src/java.base/share/classes/sun/security/ssl/CertificateRequest.java
View file
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -200,14 +200,13 @@ String[] getKeyTypes() {
}

X500Principal[] getAuthorities() {
List<X500Principal> principals =
new ArrayList<>(authorities.size());
X500Principal[] principals = new X500Principal[authorities.size()];
int i = 0;
for (byte[] encoded : authorities) {
X500Principal principal = new X500Principal(encoded);
principals.add(principal);
principals[i++] = new X500Principal(encoded);
}

return principals.toArray(new X500Principal[0]);
return principals;
}

@Override
Expand Down Expand Up @@ -504,14 +503,13 @@ String[] getKeyTypes() {
}

X500Principal[] getAuthorities() {
List<X500Principal> principals =
new ArrayList<>(authorities.size());
X500Principal[] principals = new X500Principal[authorities.size()];
int i = 0;
for (byte[] encoded : authorities) {
X500Principal principal = new X500Principal(encoded);
principals.add(principal);
principals[i++] = new X500Principal(encoded);
}

return principals.toArray(new X500Principal[0]);
return principals;
}

@Override
Expand Down
66 changes: 65 additions & 1 deletion src/java.base/share/classes/sun/security/ssl/SSLExtension.java
View file
Expand Up @@ -407,7 +407,27 @@ enum SSLExtension implements SSLStringizer {
null,
PskKeyExchangeModesExtension.chOnTradeAbsence,
PskKeyExchangeModesExtension.pkemStringizer),
CERTIFICATE_AUTHORITIES (0x002F, "certificate_authorities"),

CH_CERTIFICATE_AUTHORITIES (0x002F, "certificate_authorities",
SSLHandshake.CLIENT_HELLO,
ProtocolVersion.PROTOCOLS_OF_13,
CertificateAuthoritiesExtension.chNetworkProducer,
CertificateAuthoritiesExtension.chOnLoadConsumer,
null,
null,
null,
CertificateAuthoritiesExtension.ssStringizer),

CR_CERTIFICATE_AUTHORITIES (0x002F, "certificate_authorities",
SSLHandshake.CERTIFICATE_REQUEST,
ProtocolVersion.PROTOCOLS_OF_13,
CertificateAuthoritiesExtension.crNetworkProducer,
CertificateAuthoritiesExtension.crOnLoadConsumer,
null,
null,
null,
CertificateAuthoritiesExtension.ssStringizer),

OID_FILTERS (0x0030, "oid_filters"),
POST_HANDSHAKE_AUTH (0x0030, "post_handshake_auth"),

Expand Down Expand Up @@ -725,6 +745,50 @@ static final class ClientExtensions {
extensions.remove(CH_MAX_FRAGMENT_LENGTH);
}

// To switch on certificate_authorities extension in ClientHello.
//
// Note: Please be careful to enable this extension in ClientHello.
//
// In practice, if the server certificate cannot be validated by
// the underlying programs, the user may manually check the
// certificate in order to access the service. The certificate
// could be accepted manually, and the handshake continues. For
// example, the browsers provide the manual option to accept
// untrusted server certificate. If this extension is enabled in
// the ClientHello handshake message, and the server's certificate
// does not chain back to any of the CAs in the extension, then the
// server will terminate the handshake and close the connection.
// There is no chance for the client to perform the manual check.
// Therefore, enabling this extension in ClientHello may lead to
// unexpected compatibility issues for such cases.
//
// According to TLS 1.3 specification [RFC 8446] the maximum size
// of the certificate_authorities extension is 2^16 bytes. The
// maximum TLS record size is 2^14 bytes. If the handshake
// message is bigger than maximum TLS record size, it should be
// splitted into several records. In fact, some server
// implementations do not allow ClientHello messages bigger than
// the maximum TLS record size and will immediately abort the
// connection with a fatal alert. Therefore, if the client trusts
// too many certificate authorities, there may be unexpected
// interoperability issues.
//
// Furthermore, if the client trusts more CAs such that it exceeds
// the size limit of the extension, enabling this extension in
// client side does not really make sense any longer as there is
// no way to indicate the server certificate selection accurately.
//
// In general, a server does not use multiple certificates issued
// from different CAs. It is not expected to use this extension a
// lot in practice. When there is a need to use this extension
// in ClientHello handshake message, please take care of the
// potential compatibility and interoperability issues above.
enableExtension = Utilities.getBooleanProperty(
"jdk.tls.client.enableCAExtension", false);
if (!enableExtension) {
extensions.remove(CH_CERTIFICATE_AUTHORITIES);
}

defaults = Collections.unmodifiableCollection(extensions);
}
}
Expand Down
16 changes: 11 additions & 5 deletions src/java.base/share/classes/sun/security/ssl/X509Authentication.java
View file
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -230,12 +230,14 @@ private SSLPossession createClientPossession(
if (chc.conContext.transport instanceof SSLSocketImpl) {
clientAlias = km.chooseClientAlias(
new String[] { keyType },
chc.peerSupportedAuthorities,
chc.peerSupportedAuthorities == null ? null :
chc.peerSupportedAuthorities.clone(),
(SSLSocket)chc.conContext.transport);
} else if (chc.conContext.transport instanceof SSLEngineImpl) {
clientAlias = km.chooseEngineClientAlias(
new String[] { keyType },
chc.peerSupportedAuthorities,
chc.peerSupportedAuthorities == null ? null :
chc.peerSupportedAuthorities.clone(),
(SSLEngine)chc.conContext.transport);
}

Expand Down Expand Up @@ -284,10 +286,14 @@ private SSLPossession createServerPossession(
String serverAlias = null;
if (shc.conContext.transport instanceof SSLSocketImpl) {
serverAlias = km.chooseServerAlias(keyType,
null, (SSLSocket)shc.conContext.transport);
shc.peerSupportedAuthorities == null ? null :
shc.peerSupportedAuthorities.clone(),
(SSLSocket)shc.conContext.transport);
} else if (shc.conContext.transport instanceof SSLEngineImpl) {
serverAlias = km.chooseEngineServerAlias(keyType,
null, (SSLEngine)shc.conContext.transport);
shc.peerSupportedAuthorities == null ? null :
shc.peerSupportedAuthorities.clone(),
(SSLEngine)shc.conContext.transport);
}

if (serverAlias == null) {
Expand Down

1 comment on commit 239e727

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review

Issues

Please sign in to comment.