8206925: Support the certificate_authorities extension

Reviewed-by: mullan
openjdk · May 27, 2020 · 17a2989 · 17a2989
1 parent 6f5e8a2
commit 17a2989
Show file tree

Hide file tree

Showing 8 changed files with 1,089 additions and 98 deletions.
diff --git a/src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java b/src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java
diff --git a/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java b/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -200,14 +200,13 @@ String[] getKeyTypes() {
         }
 
         X500Principal[] getAuthorities() {
-            List<X500Principal> principals =
-                    new ArrayList<>(authorities.size());
+            X500Principal[] principals = new X500Principal[authorities.size()];
+            int i = 0;
             for (byte[] encoded : authorities) {
-                X500Principal principal = new X500Principal(encoded);
-                principals.add(principal);
+                principals[i++] = new X500Principal(encoded);
             }
 
-            return principals.toArray(new X500Principal[0]);
+            return principals;
         }
 
         @Override
@@ -504,14 +503,13 @@ String[] getKeyTypes() {
         }
 
         X500Principal[] getAuthorities() {
-            List<X500Principal> principals =
-                    new ArrayList<>(authorities.size());
+            X500Principal[] principals = new X500Principal[authorities.size()];
+            int i = 0;
             for (byte[] encoded : authorities) {
-                X500Principal principal = new X500Principal(encoded);
-                principals.add(principal);
+                principals[i++] = new X500Principal(encoded);
             }
 
-            return principals.toArray(new X500Principal[0]);
+            return principals;
         }
 
         @Override

diff --git a/src/java.base/share/classes/sun/security/ssl/SSLExtension.java b/src/java.base/share/classes/sun/security/ssl/SSLExtension.java
@@ -407,7 +407,27 @@ enum SSLExtension implements SSLStringizer {
                                 null,
                                 PskKeyExchangeModesExtension.chOnTradeAbsence,
                                 PskKeyExchangeModesExtension.pkemStringizer),
-    CERTIFICATE_AUTHORITIES (0x002F, "certificate_authorities"),
+
+    CH_CERTIFICATE_AUTHORITIES (0x002F, "certificate_authorities",
+                                SSLHandshake.CLIENT_HELLO,
+                                ProtocolVersion.PROTOCOLS_OF_13,
+                                CertificateAuthoritiesExtension.chNetworkProducer,
+                                CertificateAuthoritiesExtension.chOnLoadConsumer,
+                                null,
+                                null,
+                                null,
+                                CertificateAuthoritiesExtension.ssStringizer),
+
+    CR_CERTIFICATE_AUTHORITIES (0x002F, "certificate_authorities",
+                                SSLHandshake.CERTIFICATE_REQUEST,
+                                ProtocolVersion.PROTOCOLS_OF_13,
+                                CertificateAuthoritiesExtension.crNetworkProducer,
+                                CertificateAuthoritiesExtension.crOnLoadConsumer,
+                                null,
+                                null,
+                                null,
+                                CertificateAuthoritiesExtension.ssStringizer),
+
     OID_FILTERS             (0x0030, "oid_filters"),
     POST_HANDSHAKE_AUTH     (0x0030, "post_handshake_auth"),
 
@@ -725,6 +745,50 @@ static final class ClientExtensions {
                 extensions.remove(CH_MAX_FRAGMENT_LENGTH);
             }
 
+            // To switch on certificate_authorities extension in ClientHello.
+            //
+            // Note: Please be careful to enable this extension in ClientHello.
+            //
+            // In practice, if the server certificate cannot be validated by
+            // the underlying programs, the user may manually check the
+            // certificate in order to access the service.  The certificate
+            // could be accepted manually, and the handshake continues.  For
+            // example, the browsers provide the manual option to accept
+            // untrusted server certificate. If this extension is enabled in
+            // the ClientHello handshake message, and the server's certificate
+            // does not chain back to any of the CAs in the extension, then the
+            // server will terminate the handshake and close the connection.
+            // There is no chance for the client to perform the manual check.
+            // Therefore, enabling this extension in ClientHello may lead to
+            // unexpected compatibility issues for such cases.
+            //
+            // According to TLS 1.3 specification [RFC 8446] the maximum size
+            // of the certificate_authorities extension is 2^16 bytes.  The
+            // maximum TLS record size is 2^14 bytes.  If the handshake
+            // message is bigger than maximum TLS record size, it should be
+            // splitted into several records.  In fact, some server
+            // implementations do not allow ClientHello messages bigger than
+            // the maximum TLS record size and will immediately abort the
+            // connection with a fatal alert.  Therefore, if the client trusts
+            // too many certificate authorities, there may be unexpected
+            // interoperability issues.
+            //
+            // Furthermore, if the client trusts more CAs such that it exceeds
+            // the size limit of the extension, enabling this extension in
+            // client side does not really make sense any longer as there is
+            // no way to indicate the server certificate selection accurately.
+            //
+            // In general, a server does not use multiple certificates issued
+            // from different CAs.  It is not expected to use this extension a
+            // lot in practice.  When there is a need to use this extension
+            // in ClientHello handshake message, please take care of the
+            // potential compatibility and interoperability issues above.
+            enableExtension = Utilities.getBooleanProperty(
+                    "jdk.tls.client.enableCAExtension", false);
+            if (!enableExtension) {
+                extensions.remove(CH_CERTIFICATE_AUTHORITIES);
+            }
+
             defaults = Collections.unmodifiableCollection(extensions);
         }
     }

diff --git a/src/java.base/share/classes/sun/security/ssl/X509Authentication.java b/src/java.base/share/classes/sun/security/ssl/X509Authentication.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -230,12 +230,14 @@ private SSLPossession createClientPossession(
             if (chc.conContext.transport instanceof SSLSocketImpl) {
                 clientAlias = km.chooseClientAlias(
                         new String[] { keyType },
-                        chc.peerSupportedAuthorities,
+                        chc.peerSupportedAuthorities == null ? null :
+                                chc.peerSupportedAuthorities.clone(),
                         (SSLSocket)chc.conContext.transport);
             } else if (chc.conContext.transport instanceof SSLEngineImpl) {
                 clientAlias = km.chooseEngineClientAlias(
                         new String[] { keyType },
-                        chc.peerSupportedAuthorities,
+                        chc.peerSupportedAuthorities == null ? null :
+                                chc.peerSupportedAuthorities.clone(),
                         (SSLEngine)chc.conContext.transport);
             }
 
@@ -284,10 +286,14 @@ private SSLPossession createServerPossession(
             String serverAlias = null;
             if (shc.conContext.transport instanceof SSLSocketImpl) {
                 serverAlias = km.chooseServerAlias(keyType,
-                        null, (SSLSocket)shc.conContext.transport);
+                        shc.peerSupportedAuthorities == null ? null :
+                                shc.peerSupportedAuthorities.clone(),
+                        (SSLSocket)shc.conContext.transport);
             } else if (shc.conContext.transport instanceof SSLEngineImpl) {
                 serverAlias = km.chooseEngineServerAlias(keyType,
-                        null, (SSLEngine)shc.conContext.transport);
+                        shc.peerSupportedAuthorities == null ? null :
+                                shc.peerSupportedAuthorities.clone(),
+                        (SSLEngine)shc.conContext.transport);
             }
 
             if (serverAlias == null) {