| /* |
| * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. Oracle designates this |
| * particular file as subject to the "Classpath" exception as provided |
| * by Oracle in the LICENSE file that accompanied this code. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| package sun.security.ssl; |
| |
| import java.io.ByteArrayInputStream; |
| import java.io.IOException; |
| import java.nio.ByteBuffer; |
| import java.security.PublicKey; |
| import java.security.cert.CertPathValidatorException; |
| import java.security.cert.CertPathValidatorException.BasicReason; |
| import java.security.cert.CertPathValidatorException.Reason; |
| import java.security.cert.CertificateEncodingException; |
| import java.security.cert.CertificateException; |
| import java.security.cert.CertificateFactory; |
| import java.security.cert.CertificateParsingException; |
| import java.security.cert.X509Certificate; |
| import java.text.MessageFormat; |
| import java.util.ArrayList; |
| import java.util.Arrays; |
| import java.util.Collection; |
| import java.util.Collections; |
| import java.util.HashSet; |
| import java.util.LinkedList; |
| import java.util.List; |
| import java.util.Locale; |
| import javax.net.ssl.SSLEngine; |
| import javax.net.ssl.SSLException; |
| import javax.net.ssl.SSLProtocolException; |
| import javax.net.ssl.SSLSocket; |
| import javax.net.ssl.X509ExtendedTrustManager; |
| import javax.net.ssl.X509TrustManager; |
| import javax.security.auth.x500.X500Principal; |
| import static sun.security.ssl.ClientAuthType.CLIENT_AUTH_REQUIRED; |
| import sun.security.ssl.ClientHello.ClientHelloMessage; |
| import sun.security.ssl.SSLHandshake.HandshakeMessage; |
| import sun.security.ssl.X509Authentication.X509Credentials; |
| import sun.security.ssl.X509Authentication.X509Possession; |
| |
| /** |
| * Pack of the CertificateMessage handshake message. |
| */ |
| final class CertificateMessage { |
| static final SSLConsumer t12HandshakeConsumer = |
| new T12CertificateConsumer(); |
| static final HandshakeProducer t12HandshakeProducer = |
| new T12CertificateProducer(); |
| |
| static final SSLConsumer t13HandshakeConsumer = |
| new T13CertificateConsumer(); |
| static final HandshakeProducer t13HandshakeProducer = |
| new T13CertificateProducer(); |
| |
| /** |
| * The Certificate handshake message for TLS 1.2 and previous |
| * SSL/TLS protocol versions. |
| * |
| * In server mode, the certificate handshake message is sent whenever the |
| * agreed-upon key exchange method uses certificates for authentication. |
| * In client mode, this message is only sent if the server requests a |
| * certificate for client authentication. |
| * |
| * opaque ASN.1Cert<1..2^24-1>; |
| * |
| * SSL 3.0: |
| * struct { |
| * ASN.1Cert certificate_list<1..2^24-1>; |
| * } Certificate; |
| * Note: For SSL 3.0 client authentication, if no suitable certificate |
| * is available, the client should send a no_certificate alert instead. |
| * This alert is only a warning; however, the server may respond with |
| * a fatal handshake failure alert if client authentication is required. |
| * |
| * TLS 1.0/1.1/1.2: |
| * struct { |
| * ASN.1Cert certificate_list<0..2^24-1>; |
| * } Certificate; |
| */ |
| static final class T12CertificateMessage extends HandshakeMessage { |
| final List<byte[]> encodedCertChain; |
| |
| T12CertificateMessage(HandshakeContext handshakeContext, |
| X509Certificate[] certChain) throws SSLException { |
| super(handshakeContext); |
| |
| List<byte[]> encodedCerts = new ArrayList<>(certChain.length); |
| for (X509Certificate cert : certChain) { |
| try { |
| encodedCerts.add(cert.getEncoded()); |
| } catch (CertificateEncodingException cee) { |
| // unlikely |
| throw handshakeContext.conContext.fatal( |
| Alert.INTERNAL_ERROR, |
| "Could not encode certificate (" + |
| cert.getSubjectX500Principal() + ")", cee); |
| } |
| } |
| |
| this.encodedCertChain = encodedCerts; |
| } |
| |
| T12CertificateMessage(HandshakeContext handshakeContext, |
| ByteBuffer m) throws IOException { |
| super(handshakeContext); |
| |
| int listLen = Record.getInt24(m); |
| if (listLen > m.remaining()) { |
| throw handshakeContext.conContext.fatal( |
| Alert.ILLEGAL_PARAMETER, |
| "Error parsing certificate message:no sufficient data"); |
| } |
| if (listLen > 0) { |
| List<byte[]> encodedCerts = new LinkedList<>(); |
| while (listLen > 0) { |
| byte[] encodedCert = Record.getBytes24(m); |
| listLen -= (3 + encodedCert.length); |
| encodedCerts.add(encodedCert); |
| if (encodedCerts.size() > SSLConfiguration.maxCertificateChainLength) { |
| throw new SSLProtocolException( |
| "The certificate chain length (" |
| + encodedCerts.size() |
| + ") exceeds the maximum allowed length (" |
| + SSLConfiguration.maxCertificateChainLength |
| + ")"); |
| } |
| |
| } |
| this.encodedCertChain = encodedCerts; |
| } else { |
| this.encodedCertChain = Collections.emptyList(); |
| } |
| } |
| |
| @Override |
| public SSLHandshake handshakeType() { |
| return SSLHandshake.CERTIFICATE; |
| } |
| |
| @Override |
| public int messageLength() { |
| int msgLen = 3; |
| for (byte[] encodedCert : encodedCertChain) { |
| msgLen += (encodedCert.length + 3); |
| } |
| |
| return msgLen; |
| } |
| |
| @Override |
| public void send(HandshakeOutStream hos) throws IOException { |
| int listLen = 0; |
| for (byte[] encodedCert : encodedCertChain) { |
| listLen += (encodedCert.length + 3); |
| } |
| |
| hos.putInt24(listLen); |
| for (byte[] encodedCert : encodedCertChain) { |
| hos.putBytes24(encodedCert); |
| } |
| } |
| |
| @Override |
| public String toString() { |
| if (encodedCertChain.isEmpty()) { |
| return "\"Certificates\": <empty list>"; |
| } |
| |
| Object[] x509Certs = new Object[encodedCertChain.size()]; |
| try { |
| CertificateFactory cf = CertificateFactory.getInstance("X.509"); |
| int i = 0; |
| for (byte[] encodedCert : encodedCertChain) { |
| Object obj; |
| try { |
| obj = (X509Certificate)cf.generateCertificate( |
| new ByteArrayInputStream(encodedCert)); |
| } catch (CertificateException ce) { |
| obj = encodedCert; |
| } |
| x509Certs[i++] = obj; |
| } |
| } catch (CertificateException ce) { |
| // no X.509 certificate factory service |
| int i = 0; |
| for (byte[] encodedCert : encodedCertChain) { |
| x509Certs[i++] = encodedCert; |
| } |
| } |
| |
| MessageFormat messageFormat = new MessageFormat( |
| "\"Certificates\": [\n" + |
| "{0}\n" + |
| "]", |
| Locale.ENGLISH); |
| Object[] messageFields = { |
| SSLLogger.toString(x509Certs) |
| }; |
| |
| return messageFormat.format(messageFields); |
| } |
| } |
| |
| /** |
| * The "Certificate" handshake message producer for TLS 1.2 and |
| * previous SSL/TLS protocol versions. |
| */ |
| private static final |
| class T12CertificateProducer implements HandshakeProducer { |
| // Prevent instantiation of this class. |
| private T12CertificateProducer() { |
| // blank |
| } |
| |
| @Override |
| public byte[] produce(ConnectionContext context, |
| HandshakeMessage message) throws IOException { |
| // The producing happens in handshake context only. |
| HandshakeContext hc = (HandshakeContext)context; |
| if (hc.sslConfig.isClientMode) { |
| return onProduceCertificate( |
| (ClientHandshakeContext)context, message); |
| } else { |
| return onProduceCertificate( |
| (ServerHandshakeContext)context, message); |
| } |
| } |
| |
| private byte[] onProduceCertificate(ServerHandshakeContext shc, |
| SSLHandshake.HandshakeMessage message) throws IOException { |
| X509Possession x509Possession = null; |
| for (SSLPossession possession : shc.handshakePossessions) { |
| if (possession instanceof X509Possession) { |
| x509Possession = (X509Possession)possession; |
| break; |
| } |
| } |
| |
| if (x509Possession == null) { // unlikely |
| throw shc.conContext.fatal(Alert.INTERNAL_ERROR, |
| "No expected X.509 certificate for server authentication"); |
| } |
| |
| shc.handshakeSession.setLocalPrivateKey( |
| x509Possession.popPrivateKey); |
| shc.handshakeSession.setLocalCertificates(x509Possession.popCerts); |
| T12CertificateMessage cm = |
| new T12CertificateMessage(shc, x509Possession.popCerts); |
| if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
| SSLLogger.fine( |
| "Produced server Certificate handshake message", cm); |
| } |
| |
| // Output the handshake message. |
| cm.write(shc.handshakeOutput); |
| shc.handshakeOutput.flush(); |
| |
| // The handshake message has been delivered. |
| return null; |
| } |
| |
| private byte[] onProduceCertificate(ClientHandshakeContext chc, |
| SSLHandshake.HandshakeMessage message) throws IOException { |
| X509Possession x509Possession = null; |
| for (SSLPossession possession : chc.handshakePossessions) { |
| if (possession instanceof X509Possession) { |
| x509Possession = (X509Possession)possession; |
| break; |
| } |
| } |
| |
| // Report to the server if no appropriate cert was found. For |
| // SSL 3.0, send a no_certificate alert; TLS 1.0/1.1/1.2 uses |
| // an empty cert chain instead. |
| if (x509Possession == null) { |
| if (chc.negotiatedProtocol.useTLS10PlusSpec()) { |
| if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
| SSLLogger.fine( |
| "No X.509 certificate for client authentication, " + |
| "use empty Certificate message instead"); |
| } |
| |
| x509Possession = |
| new X509Possession(null, new X509Certificate[0]); |
| } else { |
| if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
| SSLLogger.fine( |
| "No X.509 certificate for client authentication, " + |
| "send a no_certificate alert"); |
| } |
| |
| chc.conContext.warning(Alert.NO_CERTIFICATE); |
| return null; |
| } |
| } |
| |
| chc.handshakeSession.setLocalPrivateKey( |
| x509Possession.popPrivateKey); |
| if (x509Possession.popCerts != null && |
| x509Possession.popCerts.length != 0) { |
| chc.handshakeSession.setLocalCertificates( |
| x509Possession.popCerts); |
| } else { |
| chc.handshakeSession.setLocalCertificates(null); |
| } |
| T12CertificateMessage cm = |
| new T12CertificateMessage(chc, x509Possession.popCerts); |
| if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
| SSLLogger.fine( |
| "Produced client Certificate handshake message", cm); |
| } |
| |
| // Output the handshake message. |
| cm.write(chc.handshakeOutput); |
| chc.handshakeOutput.flush(); |
| |
| // The handshake message has been delivered. |
| return null; |
| } |
| } |
| |
| /** |
| * The "Certificate" handshake message consumer for TLS 1.2 and |
| * previous SSL/TLS protocol versions. |
| */ |
| static final |
| class T12CertificateConsumer implements SSLConsumer { |
| // Prevent instantiation of this class. |
| private T12CertificateConsumer() { |
| // blank |
| } |
| |
| @Override |
| public void consume(ConnectionContext context, |
| ByteBuffer message) throws IOException { |
| // The consuming happens in handshake context only. |
| HandshakeContext hc = (HandshakeContext)context; |
| |
| // clean up this consumer |
| hc.handshakeConsumers.remove(SSLHandshake.CERTIFICATE.id); |
| |
| T12CertificateMessage cm = new T12CertificateMessage(hc, message); |
| if (hc.sslConfig.isClientMode) { |
| if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
| SSLLogger.fine( |
| "Consuming server Certificate handshake message", cm); |
| } |
| onCertificate((ClientHandshakeContext)context, cm); |
| } else { |
| if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
| SSLLogger.fine( |
| "Consuming client Certificate handshake message", cm); |
| } |
| onCertificate((ServerHandshakeContext)context, cm); |
| } |
| } |
| |
| private void onCertificate(ServerHandshakeContext shc, |
| T12CertificateMessage certificateMessage )throws IOException { |
| List<byte[]> encodedCerts = certificateMessage.encodedCertChain; |
| if (encodedCerts == null || encodedCerts.isEmpty()) { |
| // For empty Certificate messages, we should not expect |
| // a CertificateVerify message to follow |
| shc.handshakeConsumers.remove( |
| SSLHandshake.CERTIFICATE_VERIFY.id); |
| if (shc.sslConfig.clientAuthType != |
| ClientAuthType.CLIENT_AUTH_REQUESTED) { |
| // unexpected or require client authentication |
| throw shc.conContext.fatal(Alert.BAD_CERTIFICATE, |
| "Empty server certificate chain"); |
| } else { |
| return; |
| } |
| } |
| |
| X509Certificate[] x509Certs = |
| new X509Certificate[encodedCerts.size()]; |
| try { |
| CertificateFactory cf = CertificateFactory.getInstance("X.509"); |
| int i = 0; |
| for (byte[] encodedCert : encodedCerts) { |
| x509Certs[i++] = (X509Certificate)cf.generateCertificate( |
| new ByteArrayInputStream(encodedCert)); |
| } |
| } catch (CertificateException ce) { |
| throw shc.conContext.fatal(Alert.BAD_CERTIFICATE, |
| "Failed to parse server certificates", ce); |
| } |
| |
| checkClientCerts(shc, x509Certs); |
| |
| // |
| // update |
| // |
| shc.handshakeCredentials.add( |
| new X509Credentials(x509Certs[0].getPublicKey(), x509Certs)); |
| shc.handshakeSession.setPeerCertificates(x509Certs); |
| } |
| |
| private void onCertificate(ClientHandshakeContext chc, |
| T12CertificateMessage certificateMessage) throws IOException { |
| List<byte[]> encodedCerts = certificateMessage.encodedCertChain; |
| if (encodedCerts == null || encodedCerts.isEmpty()) { |
| throw chc.conContext.fatal(Alert.BAD_CERTIFICATE, |
| "Empty server certificate chain"); |
| } |
| |
| X509Certificate[] x509Certs = |
| new X509Certificate[encodedCerts.size()]; |
| try { |
| CertificateFactory cf = CertificateFactory.getInstance("X.509"); |
| int i = 0; |
| for (byte[] encodedCert : encodedCerts) { |
| x509Certs[i++] = (X509Certificate)cf.generateCertificate( |
| new ByteArrayInputStream(encodedCert)); |
| } |
| } catch (CertificateException ce) { |
| throw chc.conContext.fatal(Alert.BAD_CERTIFICATE, |
| "Failed to parse server certificates", ce); |
| } |
| |
| // Allow server certificate change in client side during |
| // renegotiation after a session-resumption abbreviated |
| // initial handshake? |
| // |
| // DO NOT need to check allowUnsafeServerCertChange here. We only |
| // reserve server certificates when allowUnsafeServerCertChange is |
| // false. |
| if (chc.reservedServerCerts != null && |
| !chc.handshakeSession.useExtendedMasterSecret) { |
| // It is not necessary to check the certificate update if |
| // endpoint identification is enabled. |
| String identityAlg = chc.sslConfig.identificationProtocol; |
| if ((identityAlg == null || identityAlg.isEmpty()) && |
| !isIdentityEquivalent(x509Certs[0], |
| chc.reservedServerCerts[0])) { |
| throw chc.conContext.fatal(Alert.BAD_CERTIFICATE, |
| "server certificate change is restricted " + |
| "during renegotiation"); |
| } |
| } |
| |
| // ask the trust manager to verify the chain |
| if (chc.staplingActive) { |
| // Defer the certificate check until after we've received the |
| // CertificateStatus message. If that message doesn't come in |
| // immediately following this message we will execute the |
| // check from CertificateStatus' absent handler. |
| chc.deferredCerts = x509Certs; |
| } else { |
| // We're not doing stapling, so perform the check right now |
| checkServerCerts(chc, x509Certs); |
| } |
| |
| // |
| // update |
| // |
| chc.handshakeCredentials.add( |
| new X509Credentials(x509Certs[0].getPublicKey(), x509Certs)); |
| chc.handshakeSession.setPeerCertificates(x509Certs); |
| } |
| |
| /* |
| * Whether the certificates can represent the same identity? |
| * |
| * The certificates can be used to represent the same identity: |
| * 1. If the subject alternative names of IP address are present |
| * in both certificates, they should be identical; otherwise, |
| * 2. if the subject alternative names of DNS name are present in |
| * both certificates, they should be identical; otherwise, |
| * 3. if the subject fields are present in both certificates, the |
| * certificate subjects and issuers should be identical. |
| */ |
| private static boolean isIdentityEquivalent(X509Certificate thisCert, |
| X509Certificate prevCert) { |
| if (thisCert.equals(prevCert)) { |
| return true; |
| } |
| |
| // check subject alternative names |
| Collection<List<?>> thisSubjectAltNames = null; |
| try { |
| thisSubjectAltNames = thisCert.getSubjectAlternativeNames(); |
| } catch (CertificateParsingException cpe) { |
| if (SSLLogger.isOn && SSLLogger.isOn("handshake")) { |
| SSLLogger.fine( |
| "Attempt to obtain subjectAltNames extension failed!"); |
| } |
| } |
| |
| Collection<List<?>> prevSubjectAltNames = null; |
| try { |
| prevSubjectAltNames = prevCert.getSubjectAlternativeNames(); |
| } catch (CertificateParsingException cpe) { |
| if (SSLLogger.isOn && SSLLogger.isOn("handshake")) { |
| SSLLogger.fine( |
| "Attempt to obtain subjectAltNames extension failed!"); |
| } |
| } |
| |
| if (thisSubjectAltNames != null && prevSubjectAltNames != null) { |
| // check the iPAddress field in subjectAltName extension |
| // |
| // 7: subject alternative name of type IP. |
| Collection<String> thisSubAltIPAddrs = |
| getSubjectAltNames(thisSubjectAltNames, 7); |
| Collection<String> prevSubAltIPAddrs = |
| getSubjectAltNames(prevSubjectAltNames, 7); |
| if (thisSubAltIPAddrs != null && prevSubAltIPAddrs != null && |
| isEquivalent(thisSubAltIPAddrs, prevSubAltIPAddrs)) { |
| return true; |
| } |
| |
| // check the dNSName field in subjectAltName extension |
| // 2: subject alternative name of type IP. |
| Collection<String> thisSubAltDnsNames = |
| getSubjectAltNames(thisSubjectAltNames, 2); |
| Collection<String> prevSubAltDnsNames = |
| getSubjectAltNames(prevSubjectAltNames, 2); |
| if (thisSubAltDnsNames != null && prevSubAltDnsNames != null && |
| isEquivalent(thisSubAltDnsNames, prevSubAltDnsNames)) { |
| return true; |
| } |
| } |
| |
| // check the certificate subject and issuer |
| X500Principal thisSubject = thisCert.getSubjectX500Principal(); |
| X500Principal prevSubject = prevCert.getSubjectX500Principal(); |
| X500Principal thisIssuer = thisCert.getIssuerX500Principal(); |
| X500Principal prevIssuer = prevCert.getIssuerX500Principal(); |
| |
| return (!thisSubject.getName().isEmpty() && |
| !prevSubject.getName().isEmpty() && |
| thisSubject.equals(prevSubject) && |
| thisIssuer.equals(prevIssuer)); |
| } |
| |
| /* |
| * Returns the subject alternative name of the specified type in the |
| * subjectAltNames extension of a certificate. |
| * |
| * Note that only those subjectAltName types that use String data |
| * should be passed into this function. |
| */ |
| private static Collection<String> getSubjectAltNames( |
| Collection<List<?>> subjectAltNames, int type) { |
| HashSet<String> subAltDnsNames = null; |
| for (List<?> subjectAltName : subjectAltNames) { |
| int subjectAltNameType = (Integer)subjectAltName.get(0); |
| if (subjectAltNameType == type) { |
| String subAltDnsName = (String)subjectAltName.get(1); |
| if ((subAltDnsName != null) && !subAltDnsName.isEmpty()) { |
| if (subAltDnsNames == null) { |
| subAltDnsNames = |
| new HashSet<>(subjectAltNames.size()); |
| } |
| subAltDnsNames.add(subAltDnsName); |
| } |
| } |
| } |
| |
| return subAltDnsNames; |
| } |
| |
| private static boolean isEquivalent(Collection<String> thisSubAltNames, |
| Collection<String> prevSubAltNames) { |
| for (String thisSubAltName : thisSubAltNames) { |
| for (String prevSubAltName : prevSubAltNames) { |
| // Only allow the exactly match. No wildcard character |
| // checking. |
| if (thisSubAltName.equalsIgnoreCase(prevSubAltName)) { |
| return true; |
| } |
| } |
| } |
| |
| return false; |
| } |
| |
| /** |
| * Perform client-side checking of server certificates. |
| * |
| * @param certs an array of {@code X509Certificate} objects presented |
| * by the server in the ServerCertificate message. |
| * |
| * @throws IOException if a failure occurs during validation or |
| * the trust manager associated with the {@code SSLContext} is not |
| * an {@code X509ExtendedTrustManager}. |
| */ |
| static void checkServerCerts(ClientHandshakeContext chc, |
| X509Certificate[] certs) throws IOException { |
| |
| X509TrustManager tm = chc.sslContext.getX509TrustManager(); |
| |
| // find out the key exchange algorithm used |
| // use "RSA" for non-ephemeral "RSA_EXPORT" |
| String keyExchangeString; |
| if (chc.negotiatedCipherSuite.keyExchange == |
| CipherSuite.KeyExchange.K_RSA_EXPORT || |
| chc.negotiatedCipherSuite.keyExchange == |
| CipherSuite.KeyExchange.K_DHE_RSA_EXPORT) { |
| keyExchangeString = CipherSuite.KeyExchange.K_RSA.name; |
| } else { |
| keyExchangeString = chc.negotiatedCipherSuite.keyExchange.name; |
| } |
| |
| try { |
| if (tm instanceof X509ExtendedTrustManager) { |
| if (chc.conContext.transport instanceof SSLEngine) { |
| SSLEngine engine = (SSLEngine)chc.conContext.transport; |
| ((X509ExtendedTrustManager)tm).checkServerTrusted( |
| certs.clone(), |
| keyExchangeString, |
| engine); |
| } else { |
| SSLSocket socket = (SSLSocket)chc.conContext.transport; |
| ((X509ExtendedTrustManager)tm).checkServerTrusted( |
| certs.clone(), |
| keyExchangeString, |
| socket); |
| } |
| } else { |
| // Unlikely to happen, because we have wrapped the old |
| // X509TrustManager with the new X509ExtendedTrustManager. |
| throw new CertificateException( |
| "Improper X509TrustManager implementation"); |
| } |
| |
| // Once the server certificate chain has been validated, set |
| // the certificate chain in the TLS session. |
| chc.handshakeSession.setPeerCertificates(certs); |
| } catch (CertificateException ce) { |
| throw chc.conContext.fatal(getCertificateAlert(chc, ce), ce); |
| } |
| } |
| |
| private static void checkClientCerts(ServerHandshakeContext shc, |
| X509Certificate[] certs) throws IOException { |
| X509TrustManager tm = shc.sslContext.getX509TrustManager(); |
| |
| // find out the types of client authentication used |
| PublicKey key = certs[0].getPublicKey(); |
| String keyAlgorithm = key.getAlgorithm(); |
| String authType; |
| switch (keyAlgorithm) { |
| case "RSA": |
| case "DSA": |
| case "EC": |
| case "RSASSA-PSS": |
| authType = keyAlgorithm; |
| break; |
| default: |
| // unknown public key type |
| authType = "UNKNOWN"; |
| } |
| |
| try { |
| if (tm instanceof X509ExtendedTrustManager) { |
| if (shc.conContext.transport instanceof SSLEngine) { |
| SSLEngine engine = (SSLEngine)shc.conContext.transport; |
| ((X509ExtendedTrustManager)tm).checkClientTrusted( |
| certs.clone(), |
| authType, |
| engine); |
| } else { |
| SSLSocket socket = (SSLSocket)shc.conContext.transport; |
| ((X509ExtendedTrustManager)tm).checkClientTrusted( |
| certs.clone(), |
| authType, |
| socket); |
| } |
| } else { |
| // Unlikely to happen, because we have wrapped the old |
| // X509TrustManager with the new X509ExtendedTrustManager. |
| throw new CertificateException( |
| "Improper X509TrustManager implementation"); |
| } |
| } catch (CertificateException ce) { |
| throw shc.conContext.fatal(Alert.CERTIFICATE_UNKNOWN, ce); |
| } |
| } |
| |
| /** |
| * When a failure happens during certificate checking from an |
| * {@link X509TrustManager}, determine what TLS alert description |
| * to use. |
| * |
| * @param cexc The exception thrown by the {@link X509TrustManager} |
| * |
| * @return A byte value corresponding to a TLS alert description number. |
| */ |
| private static Alert getCertificateAlert( |
| ClientHandshakeContext chc, CertificateException cexc) { |
| // The specific reason for the failure will determine how to |
| // set the alert description value |
| Alert alert = Alert.CERTIFICATE_UNKNOWN; |
| |
| Throwable baseCause = cexc.getCause(); |
| if (baseCause instanceof CertPathValidatorException) { |
| CertPathValidatorException cpve = |
| (CertPathValidatorException)baseCause; |
| Reason reason = cpve.getReason(); |
| if (reason == BasicReason.REVOKED) { |
| alert = chc.staplingActive ? |
| Alert.BAD_CERT_STATUS_RESPONSE : |
| Alert.CERTIFICATE_REVOKED; |
| } else if ( |
| reason == BasicReason.UNDETERMINED_REVOCATION_STATUS) { |
| alert = chc.staplingActive ? |
| Alert.BAD_CERT_STATUS_RESPONSE : |
| Alert.CERTIFICATE_UNKNOWN; |
| } else if (reason == BasicReason.ALGORITHM_CONSTRAINED) { |
| alert = Alert.UNSUPPORTED_CERTIFICATE; |
| } else if (reason == BasicReason.EXPIRED) { |
| alert = Alert.CERTIFICATE_EXPIRED; |
| } else if (reason == BasicReason.INVALID_SIGNATURE || |
| reason == BasicReason.NOT_YET_VALID) { |
| alert = Alert.BAD_CERTIFICATE; |
| } |
| } |
| |
| return alert; |
| } |
| |
| } |
| |
| /** |
| * The certificate entry used in Certificate handshake message for TLS 1.3. |
| */ |
| static final class CertificateEntry { |
| final byte[] encoded; // encoded cert or public key |
| private final SSLExtensions extensions; |
| |
| CertificateEntry(byte[] encoded, SSLExtensions extensions) { |
| this.encoded = encoded; |
| this.extensions = extensions; |
| } |
| |
| private int getEncodedSize() { |
| int extLen = extensions.length(); |
| if (extLen == 0) { |
| extLen = 2; // empty extensions |
| } |
| return 3 + encoded.length + extLen; |
| } |
| |
| @Override |
| public String toString() { |
| MessageFormat messageFormat = new MessageFormat( |
| "\n'{'\n" + |
| "{0}\n" + // X.509 certificate |
| " \"extensions\": '{'\n" + |
| "{1}\n" + |
| " '}'\n" + |
| "'}',", Locale.ENGLISH); |
| |
| Object x509Certs; |
| try { |
| // Don't support certificate type extension (RawPublicKey) yet. |
| CertificateFactory cf = CertificateFactory.getInstance("X.509"); |
| x509Certs = |
| cf.generateCertificate(new ByteArrayInputStream(encoded)); |
| } catch (CertificateException ce) { |
| // no X.509 certificate factory service |
| x509Certs = encoded; |
| } |
| |
| Object[] messageFields = { |
| SSLLogger.toString(x509Certs), |
| Utilities.indent(extensions.toString(), " ") |
| }; |
| |
| return messageFormat.format(messageFields); |
| } |
| } |
| |
| /** |
| * The Certificate handshake message for TLS 1.3. |
| */ |
| static final class T13CertificateMessage extends HandshakeMessage { |
| private final byte[] requestContext; |
| private final List<CertificateEntry> certEntries; |
| |
| T13CertificateMessage(HandshakeContext context, |
| byte[] requestContext, X509Certificate[] certificates) |
| throws SSLException, CertificateException { |
| super(context); |
| |
| this.requestContext = requestContext.clone(); |
| this.certEntries = new LinkedList<>(); |
| for (X509Certificate cert : certificates) { |
| byte[] encoded = cert.getEncoded(); |
| SSLExtensions extensions = new SSLExtensions(this); |
| certEntries.add(new CertificateEntry(encoded, extensions)); |
| } |
| } |
| |
| T13CertificateMessage(HandshakeContext handshakeContext, |
| byte[] requestContext, List<CertificateEntry> certificates) { |
| super(handshakeContext); |
| |
| this.requestContext = requestContext.clone(); |
| this.certEntries = certificates; |
| } |
| |
| T13CertificateMessage(HandshakeContext handshakeContext, |
| ByteBuffer m) throws IOException { |
| super(handshakeContext); |
| |
| // struct { |
| // opaque certificate_request_context<0..2^8-1>; |
| // CertificateEntry certificate_list<0..2^24-1>; |
| // } Certificate; |
| if (m.remaining() < 4) { |
| throw new SSLProtocolException( |
| "Invalid Certificate message: " + |
| "insufficient data (length=" + m.remaining() + ")"); |
| } |
| this.requestContext = Record.getBytes8(m); |
| |
| if (m.remaining() < 3) { |
| throw new SSLProtocolException( |
| "Invalid Certificate message: " + |
| "insufficient certificate entries data (length=" + |
| m.remaining() + ")"); |
| } |
| |
| int listLen = Record.getInt24(m); |
| if (listLen != m.remaining()) { |
| throw new SSLProtocolException( |
| "Invalid Certificate message: " + |
| "incorrect list length (length=" + listLen + ")"); |
| } |
| |
| SSLExtension[] enabledExtensions = |
| handshakeContext.sslConfig.getEnabledExtensions( |
| SSLHandshake.CERTIFICATE); |
| List<CertificateEntry> certList = new LinkedList<>(); |
| while (m.hasRemaining()) { |
| // Note: support only X509 CertificateType right now. |
| byte[] encodedCert = Record.getBytes24(m); |
| if (encodedCert.length == 0) { |
| throw new SSLProtocolException( |
| "Invalid Certificate message: empty cert_data"); |
| } |
| |
| SSLExtensions extensions = |
| new SSLExtensions(this, m, enabledExtensions); |
| certList.add(new CertificateEntry(encodedCert, extensions)); |
| if (certList.size() > SSLConfiguration.maxCertificateChainLength) { |
| throw new SSLProtocolException( |
| "The certificate chain length (" |
| + certList.size() |
| + ") exceeds the maximum allowed length (" |
| + SSLConfiguration.maxCertificateChainLength |
| + ")"); |
| } |
| } |
| |
| this.certEntries = Collections.unmodifiableList(certList); |
| } |
| |
| @Override |
| public SSLHandshake handshakeType() { |
| return SSLHandshake.CERTIFICATE; |
| } |
| |
| @Override |
| public int messageLength() { |
| int msgLen = 4 + requestContext.length; |
| for (CertificateEntry entry : certEntries) { |
| msgLen += entry.getEncodedSize(); |
| } |
| |
| return msgLen; |
| } |
| |
| @Override |
| public void send(HandshakeOutStream hos) throws IOException { |
| int entryListLen = 0; |
| for (CertificateEntry entry : certEntries) { |
| entryListLen += entry.getEncodedSize(); |
| } |
| |
| hos.putBytes8(requestContext); |
| hos.putInt24(entryListLen); |
| for (CertificateEntry entry : certEntries) { |
| hos.putBytes24(entry.encoded); |
| // Is it an empty extensions? |
| if (entry.extensions.length() == 0) { |
| hos.putInt16(0); |
| } else { |
| entry.extensions.send(hos); |
| } |
| } |
| } |
| |
| @Override |
| public String toString() { |
| MessageFormat messageFormat = new MessageFormat( |
| "\"Certificate\": '{'\n" + |
| " \"certificate_request_context\": \"{0}\",\n" + |
| " \"certificate_list\": [{1}\n]\n" + |
| "'}'", |
| Locale.ENGLISH); |
| |
| StringBuilder builder = new StringBuilder(512); |
| for (CertificateEntry entry : certEntries) { |
| builder.append(entry.toString()); |
| } |
| |
| Object[] messageFields = { |
| Utilities.toHexString(requestContext), |
| Utilities.indent(builder.toString()) |
| }; |
| |
| return messageFormat.format(messageFields); |
| } |
| } |
| |
| /** |
| * The "Certificate" handshake message producer for TLS 1.3. |
| */ |
| private static final |
| class T13CertificateProducer implements HandshakeProducer { |
| // Prevent instantiation of this class. |
| private T13CertificateProducer() { |
| // blank |
| } |
| |
| @Override |
| public byte[] produce(ConnectionContext context, |
| HandshakeMessage message) throws IOException { |
| // The producing happens in handshake context only. |
| HandshakeContext hc = (HandshakeContext)context; |
| if (hc.sslConfig.isClientMode) { |
| return onProduceCertificate( |
| (ClientHandshakeContext)context, message); |
| } else { |
| return onProduceCertificate( |
| (ServerHandshakeContext)context, message); |
| } |
| } |
| |
| private byte[] onProduceCertificate(ServerHandshakeContext shc, |
| HandshakeMessage message) throws IOException { |
| ClientHelloMessage clientHello = (ClientHelloMessage)message; |
| |
| SSLPossession pos = choosePossession(shc, clientHello); |
| if (pos == null) { |
| throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE, |
| "No available authentication scheme"); |
| } |
| |
| if (!(pos instanceof X509Possession)) { |
| throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE, |
| "No X.509 certificate for server authentication"); |
| } |
| |
| X509Possession x509Possession = (X509Possession)pos; |
| X509Certificate[] localCerts = x509Possession.popCerts; |
| if (localCerts == null || localCerts.length == 0) { |
| throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE, |
| "No X.509 certificate for server authentication"); |
| } |
| |
| // update the context |
| shc.handshakePossessions.add(x509Possession); |
| shc.handshakeSession.setLocalPrivateKey( |
| x509Possession.popPrivateKey); |
| shc.handshakeSession.setLocalCertificates(localCerts); |
| T13CertificateMessage cm; |
| try { |
| cm = new T13CertificateMessage(shc, (new byte[0]), localCerts); |
| } catch (SSLException | CertificateException ce) { |
| throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE, |
| "Failed to produce server Certificate message", ce); |
| } |
| |
| // Check the OCSP stapling extensions and attempt |
| // to get responses. If the resulting stapleParams is non |
| // null, it implies that stapling is enabled on the server side. |
| shc.stapleParams = StatusResponseManager.processStapling(shc); |
| shc.staplingActive = (shc.stapleParams != null); |
| |
| // Process extensions for each CertificateEntry. |
| // Since there can be multiple CertificateEntries within a |
| // single CT message, we will pin a specific CertificateEntry |
| // into the ServerHandshakeContext so individual extension |
| // producers know which X509Certificate it is processing in |
| // each call. |
| SSLExtension[] enabledCTExts = shc.sslConfig.getEnabledExtensions( |
| SSLHandshake.CERTIFICATE, |
| Arrays.asList(ProtocolVersion.PROTOCOLS_OF_13)); |
| for (CertificateEntry certEnt : cm.certEntries) { |
| shc.currentCertEntry = certEnt; |
| certEnt.extensions.produce(shc, enabledCTExts); |
| } |
| |
| if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
| SSLLogger.fine("Produced server Certificate message", cm); |
| } |
| |
| // Output the handshake message. |
| cm.write(shc.handshakeOutput); |
| shc.handshakeOutput.flush(); |
| |
| // The handshake message has been delivered. |
| return null; |
| } |
| |
| private static SSLPossession choosePossession( |
| HandshakeContext hc, |
| ClientHelloMessage clientHello) throws IOException { |
| if (hc.peerRequestedCertSignSchemes == null || |
| hc.peerRequestedCertSignSchemes.isEmpty()) { |
| if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
| SSLLogger.warning( |
| "No signature_algorithms(_cert) in ClientHello"); |
| } |
| return null; |
| } |
| |
| Collection<String> checkedKeyTypes = new HashSet<>(); |
| for (SignatureScheme ss : hc.peerRequestedCertSignSchemes) { |
| if (checkedKeyTypes.contains(ss.keyAlgorithm)) { |
| if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
| SSLLogger.warning( |
| "Unsupported authentication scheme: " + ss.name); |
| } |
| continue; |
| } |
| |
| // Don't select a signature scheme unless we will be able to |
| // produce a CertificateVerify message later |
| if (SignatureScheme.getPreferableAlgorithm( |
| hc.algorithmConstraints, |
| hc.peerRequestedSignatureSchemes, |
| ss, hc.negotiatedProtocol) == null) { |
| |
| if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
| SSLLogger.warning( |
| "Unable to produce CertificateVerify for " + |
| "signature scheme: " + ss.name); |
| } |
| checkedKeyTypes.add(ss.keyAlgorithm); |
| continue; |
| } |
| |
| SSLAuthentication ka = X509Authentication.valueOf(ss); |
| if (ka == null) { |
| if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
| SSLLogger.warning( |
| "Unsupported authentication scheme: " + ss.name); |
| } |
| checkedKeyTypes.add(ss.keyAlgorithm); |
| continue; |
| } |
| |
| SSLPossession pos = ka.createPossession(hc); |
| if (pos == null) { |
| if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
| SSLLogger.warning( |
| "Unavailable authentication scheme: " + ss.name); |
| } |
| continue; |
| } |
| |
| return pos; |
| } |
| |
| if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
| SSLLogger.warning("No available authentication scheme"); |
| } |
| return null; |
| } |
| |
| private byte[] onProduceCertificate(ClientHandshakeContext chc, |
| HandshakeMessage message) throws IOException { |
| ClientHelloMessage clientHello = (ClientHelloMessage)message; |
| SSLPossession pos = choosePossession(chc, clientHello); |
| X509Certificate[] localCerts; |
| if (pos == null) { |
| if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
| SSLLogger.fine("No available client authentication scheme"); |
| } |
| localCerts = new X509Certificate[0]; |
| } else { |
| chc.handshakePossessions.add(pos); |
| if (!(pos instanceof X509Possession)) { |
| if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
| SSLLogger.fine( |
| "No X.509 certificate for client authentication"); |
| } |
| localCerts = new X509Certificate[0]; |
| } else { |
| X509Possession x509Possession = (X509Possession)pos; |
| localCerts = x509Possession.popCerts; |
| chc.handshakeSession.setLocalPrivateKey( |
| x509Possession.popPrivateKey); |
| } |
| } |
| |
| if (localCerts != null && localCerts.length != 0) { |
| chc.handshakeSession.setLocalCertificates(localCerts); |
| } else { |
| chc.handshakeSession.setLocalCertificates(null); |
| } |
| |
| T13CertificateMessage cm; |
| try { |
| cm = new T13CertificateMessage( |
| chc, chc.certRequestContext, localCerts); |
| } catch (SSLException | CertificateException ce) { |
| throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE, |
| "Failed to produce client Certificate message", ce); |
| } |
| if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
| SSLLogger.fine("Produced client Certificate message", cm); |
| } |
| |
| // Output the handshake message. |
| cm.write(chc.handshakeOutput); |
| chc.handshakeOutput.flush(); |
| |
| // The handshake message has been delivered. |
| return null; |
| } |
| } |
| |
| /** |
| * The "Certificate" handshake message consumer for TLS 1.3. |
| */ |
| private static final class T13CertificateConsumer implements SSLConsumer { |
| // Prevent instantiation of this class. |
| private T13CertificateConsumer() { |
| // blank |
| } |
| |
| @Override |
| public void consume(ConnectionContext context, |
| ByteBuffer message) throws IOException { |
| // The consuming happens in handshake context only. |
| HandshakeContext hc = (HandshakeContext)context; |
| |
| // clean up this consumer |
| hc.handshakeConsumers.remove(SSLHandshake.CERTIFICATE.id); |
| T13CertificateMessage cm = new T13CertificateMessage(hc, message); |
| if (hc.sslConfig.isClientMode) { |
| if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
| SSLLogger.fine( |
| "Consuming server Certificate handshake message", cm); |
| } |
| onConsumeCertificate((ClientHandshakeContext)context, cm); |
| } else { |
| if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
| SSLLogger.fine( |
| "Consuming client Certificate handshake message", cm); |
| } |
| onConsumeCertificate((ServerHandshakeContext)context, cm); |
| } |
| } |
| |
| private void onConsumeCertificate(ServerHandshakeContext shc, |
| T13CertificateMessage certificateMessage )throws IOException { |
| if (certificateMessage.certEntries == null || |
| certificateMessage.certEntries.isEmpty()) { |
| // For empty Certificate messages, we should not expect |
| // a CertificateVerify message to follow |
| shc.handshakeConsumers.remove( |
| SSLHandshake.CERTIFICATE_VERIFY.id); |
| if (shc.sslConfig.clientAuthType == CLIENT_AUTH_REQUIRED) { |
| throw shc.conContext.fatal(Alert.BAD_CERTIFICATE, |
| "Empty client certificate chain"); |
| } else { |
| // optional client authentication |
| return; |
| } |
| } |
| |
| // check client certificate entries |
| X509Certificate[] cliCerts = |
| checkClientCerts(shc, certificateMessage.certEntries); |
| |
| // |
| // update |
| // |
| shc.handshakeCredentials.add( |
| new X509Credentials(cliCerts[0].getPublicKey(), cliCerts)); |
| shc.handshakeSession.setPeerCertificates(cliCerts); |
| } |
| |
| private void onConsumeCertificate(ClientHandshakeContext chc, |
| T13CertificateMessage certificateMessage )throws IOException { |
| if (certificateMessage.certEntries == null || |
| certificateMessage.certEntries.isEmpty()) { |
| throw chc.conContext.fatal(Alert.BAD_CERTIFICATE, |
| "Empty server certificate chain"); |
| } |
| |
| // Each CertificateEntry will have its own set of extensions |
| // which must be consumed. |
| SSLExtension[] enabledExtensions = |
| chc.sslConfig.getEnabledExtensions(SSLHandshake.CERTIFICATE); |
| for (CertificateEntry certEnt : certificateMessage.certEntries) { |
| certEnt.extensions.consumeOnLoad(chc, enabledExtensions); |
| } |
| |
| // check server certificate entries |
| X509Certificate[] srvCerts = |
| checkServerCerts(chc, certificateMessage.certEntries); |
| |
| // |
| // update |
| // |
| chc.handshakeCredentials.add( |
| new X509Credentials(srvCerts[0].getPublicKey(), srvCerts)); |
| chc.handshakeSession.setPeerCertificates(srvCerts); |
| } |
| |
| private static X509Certificate[] checkClientCerts( |
| ServerHandshakeContext shc, |
| List<CertificateEntry> certEntries) throws IOException { |
| X509Certificate[] certs = |
| new X509Certificate[certEntries.size()]; |
| try { |
| CertificateFactory cf = CertificateFactory.getInstance("X.509"); |
| int i = 0; |
| for (CertificateEntry entry : certEntries) { |
| certs[i++] = (X509Certificate)cf.generateCertificate( |
| new ByteArrayInputStream(entry.encoded)); |
| } |
| } catch (CertificateException ce) { |
| throw shc.conContext.fatal(Alert.BAD_CERTIFICATE, |
| "Failed to parse server certificates", ce); |
| } |
| |
| // find out the types of client authentication used |
| String keyAlgorithm = certs[0].getPublicKey().getAlgorithm(); |
| String authType; |
| switch (keyAlgorithm) { |
| case "RSA": |
| case "DSA": |
| case "EC": |
| case "RSASSA-PSS": |
| authType = keyAlgorithm; |
| break; |
| default: |
| // unknown public key type |
| authType = "UNKNOWN"; |
| } |
| |
| try { |
| X509TrustManager tm = shc.sslContext.getX509TrustManager(); |
| if (tm instanceof X509ExtendedTrustManager) { |
| if (shc.conContext.transport instanceof SSLEngine) { |
| SSLEngine engine = (SSLEngine)shc.conContext.transport; |
| ((X509ExtendedTrustManager)tm).checkClientTrusted( |
| certs.clone(), |
| authType, |
| engine); |
| } else { |
| SSLSocket socket = (SSLSocket)shc.conContext.transport; |
| ((X509ExtendedTrustManager)tm).checkClientTrusted( |
| certs.clone(), |
| authType, |
| socket); |
| } |
| } else { |
| // Unlikely to happen, because we have wrapped the old |
| // X509TrustManager with the new X509ExtendedTrustManager. |
| throw new CertificateException( |
| "Improper X509TrustManager implementation"); |
| } |
| |
| // Once the client certificate chain has been validated, set |
| // the certificate chain in the TLS session. |
| shc.handshakeSession.setPeerCertificates(certs); |
| } catch (CertificateException ce) { |
| throw shc.conContext.fatal(Alert.CERTIFICATE_UNKNOWN, ce); |
| } |
| |
| return certs; |
| } |
| |
| private static X509Certificate[] checkServerCerts( |
| ClientHandshakeContext chc, |
| List<CertificateEntry> certEntries) throws IOException { |
| X509Certificate[] certs = |
| new X509Certificate[certEntries.size()]; |
| try { |
| CertificateFactory cf = CertificateFactory.getInstance("X.509"); |
| int i = 0; |
| for (CertificateEntry entry : certEntries) { |
| certs[i++] = (X509Certificate)cf.generateCertificate( |
| new ByteArrayInputStream(entry.encoded)); |
| } |
| } catch (CertificateException ce) { |
| throw chc.conContext.fatal(Alert.BAD_CERTIFICATE, |
| "Failed to parse server certificates", ce); |
| } |
| |
| // find out the types of server authentication used |
| // |
| // Note that the "UNKNOWN" authentication type is sufficient to |
| // check the required digitalSignature KeyUsage for TLS 1.3. |
| String authType = "UNKNOWN"; |
| |
| try { |
| X509TrustManager tm = chc.sslContext.getX509TrustManager(); |
| if (tm instanceof X509ExtendedTrustManager) { |
| if (chc.conContext.transport instanceof SSLEngine) { |
| SSLEngine engine = (SSLEngine)chc.conContext.transport; |
| ((X509ExtendedTrustManager)tm).checkServerTrusted( |
| certs.clone(), |
| authType, |
| engine); |
| } else { |
| SSLSocket socket = (SSLSocket)chc.conContext.transport; |
| ((X509ExtendedTrustManager)tm).checkServerTrusted( |
| certs.clone(), |
| authType, |
| socket); |
| } |
| } else { |
| // Unlikely to happen, because we have wrapped the old |
| // X509TrustManager with the new X509ExtendedTrustManager. |
| throw new CertificateException( |
| "Improper X509TrustManager implementation"); |
| } |
| |
| // Once the server certificate chain has been validated, set |
| // the certificate chain in the TLS session. |
| chc.handshakeSession.setPeerCertificates(certs); |
| } catch (CertificateException ce) { |
| throw chc.conContext.fatal(getCertificateAlert(chc, ce), ce); |
| } |
| |
| return certs; |
| } |
| |
| /** |
| * When a failure happens during certificate checking from an |
| * {@link X509TrustManager}, determine what TLS alert description |
| * to use. |
| * |
| * @param cexc The exception thrown by the {@link X509TrustManager} |
| * |
| * @return A byte value corresponding to a TLS alert description number. |
| */ |
| private static Alert getCertificateAlert( |
| ClientHandshakeContext chc, CertificateException cexc) { |
| // The specific reason for the failure will determine how to |
| // set the alert description value |
| Alert alert = Alert.CERTIFICATE_UNKNOWN; |
| |
| Throwable baseCause = cexc.getCause(); |
| if (baseCause instanceof CertPathValidatorException) { |
| CertPathValidatorException cpve = |
| (CertPathValidatorException)baseCause; |
| Reason reason = cpve.getReason(); |
| if (reason == BasicReason.REVOKED) { |
| alert = chc.staplingActive ? |
| Alert.BAD_CERT_STATUS_RESPONSE : |
| Alert.CERTIFICATE_REVOKED; |
| } else if ( |
| reason == BasicReason.UNDETERMINED_REVOCATION_STATUS) { |
| alert = chc.staplingActive ? |
| Alert.BAD_CERT_STATUS_RESPONSE : |
| Alert.CERTIFICATE_UNKNOWN; |
| } |
| } |
| |
| return alert; |
| } |
| } |
| } |