Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8360289

Support algorithm constraints and certificate checks in SunX509 key manager

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P4 P4
    • 26
    • security-libs
    • None
    • behavioral
    • low
    • Hide
      Customers using local certificates signed with algorithms prohibited by the default configuration (notably MD5 and SHA1) no longer will be able to use such certificates without modifying algorithm constraints in `java.security` config file or setting `jdk.tls.SunX509KeyManager.certChecking` system property to `false`.
      Show
      Customers using local certificates signed with algorithms prohibited by the default configuration (notably MD5 and SHA1) no longer will be able to use such certificates without modifying algorithm constraints in `java.security` config file or setting `jdk.tls.SunX509KeyManager.certChecking` system property to `false`.
    • System or security property
    • JDK

      Summary

      Support TLS algorithm constraints and certificate checks in SunX509 key manager which is currently the default key manager. In other words, SunX509 key manager should support the same certificate checks that are supported by PKIX key manager.

      Problem

      Background:

      The JSSE TLS handshake code currently calls into SunX509 key manager(SunX509KeyManagerImpl class) to find the certificates to use via the following methods:

      • chooseServerAlias

      • chooseEngineServerAlias

      • chooseClientAlias

      • chooseEngineClientAlias

      Problems to be addressed:

      1) Peer supported certificate signature algorithms (sent with signature_algorithms_cert extension) are not being checked with default SunX509 key manager. There may be interoperability issue because one side cannot select the right certificate while the other side will reject the selected certificate because on its own algorithm constraints.

      2) Local algorithm constraints (java.security config file) are not being checked with the default SunX509 key manager. This is something JDK users may expect.

      3) SunX509 key manager doesn't perform certificate checks. In particular, it is not guaranteed that:

      • The certificates are within their validity period

      • The certificate extensions allow the certificate to be used for the desired purpose.

      Solution

      1) Add support for peer supported certificate signature algorithms.

      2) Add support for local TLS algorithm constraints.

      3) Select the best suited certificate based on validity period and certificate extensions.

      Effectively there should be only 2 differences between PKIX and SunX509 key managers:

      • PKIX supports multiple key stores through KeyStore.Builder interface while SunX509 supports only a single keystore.
      • SunX509 caches its whole key store on initialization thus improving performance. This means that subsequent modifications of the KeyStore have no effect on SunX509 key manager, unlike PKIX key manager.

      Specification

      1) New system property to be added which should restore the original SunX509 key manager's behavior when set to false if users want to disable the algorithm constraints and certificate checks for some reason. The default value for the property is true:

        jdk.tls.SunX509KeyManager.certChecking

      2) Update the description of the SunX509 KeyManagerFactory algorithm in the JDK Providers Guide: https://docs.oracle.com/en/java/javase/24/security/oracle-providers.html#GUID-7093246A-31A3-4304-AC5F-5FB6400405E2

            abarashev Artur Barashev
            abarashev Artur Barashev
            Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: