1/* 2 * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 27package sun.security.ssl; 28 29import java.net.Socket; 30import javax.net.ssl.SSLSession; 31 32import java.util.*; 33import java.security.*; 34import java.security.cert.*; 35import javax.net.ssl.*; 36 37import sun.security.validator.*; 38import sun.security.util.AnchorCertificates; 39import sun.security.util.HostnameChecker; 40 41/** 42 * This class implements the SunJSSE X.509 trust manager using the internal 43 * validator API in J2SE core. The logic in this class is minimal.<p> 44 * <p> 45 * This class supports both the Simple validation algorithm from previous 46 * JSSE versions and PKIX validation. Currently, it is not possible for the 47 * application to specify PKIX parameters other than trust anchors. This will 48 * be fixed in a future release using new APIs. When that happens, it may also 49 * make sense to separate the Simple and PKIX trust managers into separate 50 * classes. 51 * 52 * @author Andreas Sterbenz 53 */ 54final class X509TrustManagerImpl extends X509ExtendedTrustManager 55 implements X509TrustManager { 56 57 private final String validatorType; 58 59 /** 60 * The Set of trusted X509Certificates. 61 */ 62 private final Collection<X509Certificate> trustedCerts; 63 64 private final PKIXBuilderParameters pkixParams; 65 66 // note that we need separate validator for client and server due to 67 // the different extension checks. They are initialized lazily on demand. 68 private volatile Validator clientValidator, serverValidator; 69 70 private static final Debug debug = Debug.getInstance("ssl"); 71 72 X509TrustManagerImpl(String validatorType, 73 Collection<X509Certificate> trustedCerts) { 74 75 this.validatorType = validatorType; 76 this.pkixParams = null; 77 78 if (trustedCerts == null) { 79 trustedCerts = Collections.<X509Certificate>emptySet(); 80 } 81 82 this.trustedCerts = trustedCerts; 83 84 if (debug != null && Debug.isOn("trustmanager")) { 85 showTrustedCerts(); 86 } 87 } 88 89 X509TrustManagerImpl(String validatorType, PKIXBuilderParameters params) { 90 this.validatorType = validatorType; 91 this.pkixParams = params; 92 // create server validator eagerly so that we can conveniently 93 // get the trusted certificates 94 // clients need it anyway eventually, and servers will not mind 95 // the little extra footprint 96 Validator v = getValidator(Validator.VAR_TLS_SERVER); 97 trustedCerts = v.getTrustedCertificates(); 98 serverValidator = v; 99 100 if (debug != null && Debug.isOn("trustmanager")) { 101 showTrustedCerts(); 102 } 103 } 104 105 @Override 106 public void checkClientTrusted(X509Certificate[] chain, String authType) 107 throws CertificateException { 108 checkTrusted(chain, authType, (Socket)null, true); 109 } 110 111 @Override 112 public void checkServerTrusted(X509Certificate[] chain, String authType) 113 throws CertificateException { 114 checkTrusted(chain, authType, (Socket)null, false); 115 } 116 117 @Override 118 public X509Certificate[] getAcceptedIssuers() { 119 X509Certificate[] certsArray = new X509Certificate[trustedCerts.size()]; 120 trustedCerts.toArray(certsArray); 121 return certsArray; 122 } 123 124 @Override 125 public void checkClientTrusted(X509Certificate[] chain, String authType, 126 Socket socket) throws CertificateException { 127 checkTrusted(chain, authType, socket, true); 128 } 129 130 @Override 131 public void checkServerTrusted(X509Certificate[] chain, String authType, 132 Socket socket) throws CertificateException { 133 checkTrusted(chain, authType, socket, false); 134 } 135 136 @Override 137 public void checkClientTrusted(X509Certificate[] chain, String authType, 138 SSLEngine engine) throws CertificateException { 139 checkTrusted(chain, authType, engine, true); 140 } 141 142 @Override 143 public void checkServerTrusted(X509Certificate[] chain, String authType, 144 SSLEngine engine) throws CertificateException { 145 checkTrusted(chain, authType, engine, false); 146 } 147 148 private Validator checkTrustedInit(X509Certificate[] chain, 149 String authType, boolean isClient) { 150 if (chain == null || chain.length == 0) { 151 throw new IllegalArgumentException( 152 "null or zero-length certificate chain"); 153 } 154 155 if (authType == null || authType.length() == 0) { 156 throw new IllegalArgumentException( 157 "null or zero-length authentication type"); 158 } 159 160 Validator v = null; 161 if (isClient) { 162 v = clientValidator; 163 if (v == null) { 164 synchronized (this) { 165 v = clientValidator; 166 if (v == null) { 167 v = getValidator(Validator.VAR_TLS_CLIENT); 168 clientValidator = v; 169 } 170 } 171 } 172 } else { 173 // assume double checked locking with a volatile flag works 174 // (guaranteed under the new Tiger memory model) 175 v = serverValidator; 176 if (v == null) { 177 synchronized (this) { 178 v = serverValidator; 179 if (v == null) { 180 v = getValidator(Validator.VAR_TLS_SERVER); 181 serverValidator = v; 182 } 183 } 184 } 185 } 186 187 return v; 188 } 189 190 private void checkTrusted(X509Certificate[] chain, String authType, 191 Socket socket, boolean isClient) throws CertificateException { 192 Validator v = checkTrustedInit(chain, authType, isClient); 193 194 X509Certificate[] trustedChain = null; 195 if ((socket != null) && socket.isConnected() && 196 (socket instanceof SSLSocket)) { 197 198 SSLSocket sslSocket = (SSLSocket)socket; 199 SSLSession session = sslSocket.getHandshakeSession(); 200 if (session == null) { 201 throw new CertificateException("No handshake session"); 202 } 203 204 // create the algorithm constraints 205 ProtocolVersion protocolVersion = 206 ProtocolVersion.valueOf(session.getProtocol()); 207 boolean isExtSession = (session instanceof ExtendedSSLSession); 208 AlgorithmConstraints constraints = null; 209 if (protocolVersion.v >= ProtocolVersion.TLS12.v && isExtSession) { 210 ExtendedSSLSession extSession = (ExtendedSSLSession)session; 211 String[] localSupportedSignAlgs = 212 extSession.getLocalSupportedSignatureAlgorithms(); 213 214 constraints = new SSLAlgorithmConstraints( 215 sslSocket, localSupportedSignAlgs, false); 216 } else { 217 constraints = new SSLAlgorithmConstraints(sslSocket, false); 218 } 219 220 // Grab any stapled OCSP responses for use in validation 221 List<byte[]> responseList = Collections.emptyList(); 222 if (!isClient && isExtSession) { 223 responseList = 224 ((ExtendedSSLSession)session).getStatusResponses(); 225 } 226 trustedChain = validate(v, chain, responseList, 227 constraints, isClient ? null : authType); 228 229 // check if EE certificate chains to a public root CA (as 230 // pre-installed in cacerts) 231 boolean chainsToPublicCA = 232 AnchorCertificates.contains(trustedChain[trustedChain.length-1]); 233 234 // check endpoint identity 235 String identityAlg = sslSocket.getSSLParameters(). 236 getEndpointIdentificationAlgorithm(); 237 if (identityAlg != null && identityAlg.length() != 0) { 238 checkIdentity(session, trustedChain[0], identityAlg, isClient, 239 getRequestedServerNames(socket), chainsToPublicCA); 240 } 241 } else { 242 trustedChain = validate(v, chain, Collections.emptyList(), 243 null, isClient ? null : authType); 244 } 245 if (debug != null && Debug.isOn("trustmanager")) { 246 System.out.println("Found trusted certificate:"); 247 System.out.println(trustedChain[trustedChain.length - 1]); 248 } 249 } 250 251 private void checkTrusted(X509Certificate[] chain, String authType, 252 SSLEngine engine, boolean isClient) throws CertificateException { 253 Validator v = checkTrustedInit(chain, authType, isClient); 254 255 X509Certificate[] trustedChain = null; 256 if (engine != null) { 257 SSLSession session = engine.getHandshakeSession(); 258 if (session == null) { 259 throw new CertificateException("No handshake session"); 260 } 261 262 // create the algorithm constraints 263 ProtocolVersion protocolVersion = 264 ProtocolVersion.valueOf(session.getProtocol()); 265 boolean isExtSession = (session instanceof ExtendedSSLSession); 266 AlgorithmConstraints constraints = null; 267 if (protocolVersion.v >= ProtocolVersion.TLS12.v && isExtSession) { 268 ExtendedSSLSession extSession = (ExtendedSSLSession)session; 269 String[] localSupportedSignAlgs = 270 extSession.getLocalSupportedSignatureAlgorithms(); 271 272 constraints = new SSLAlgorithmConstraints( 273 engine, localSupportedSignAlgs, false); 274 } else { 275 constraints = new SSLAlgorithmConstraints(engine, false); 276 } 277 278 // Grab any stapled OCSP responses for use in validation 279 List<byte[]> responseList = Collections.emptyList(); 280 if (!isClient && isExtSession) { 281 responseList = 282 ((ExtendedSSLSession)session).getStatusResponses(); 283 } 284 trustedChain = validate(v, chain, responseList, 285 constraints, isClient ? null : authType); 286 287 // check if EE certificate chains to a public root CA (as 288 // pre-installed in cacerts) 289 boolean chainsToPublicCA = 290 AnchorCertificates.contains(trustedChain[trustedChain.length-1]); 291 292 // check endpoint identity 293 String identityAlg = engine.getSSLParameters(). 294 getEndpointIdentificationAlgorithm(); 295 if (identityAlg != null && identityAlg.length() != 0) { 296 checkIdentity(session, trustedChain[0], identityAlg, isClient, 297 getRequestedServerNames(engine), chainsToPublicCA); 298 } 299 } else { 300 trustedChain = validate(v, chain, Collections.emptyList(), 301 null, isClient ? null : authType); 302 } 303 if (debug != null && Debug.isOn("trustmanager")) { 304 System.out.println("Found trusted certificate:"); 305 System.out.println(trustedChain[trustedChain.length - 1]); 306 } 307 } 308 309 private void showTrustedCerts() { 310 for (X509Certificate cert : trustedCerts) { 311 System.out.println("adding as trusted cert:"); 312 System.out.println(" Subject: " 313 + cert.getSubjectX500Principal()); 314 System.out.println(" Issuer: " 315 + cert.getIssuerX500Principal()); 316 System.out.println(" Algorithm: " 317 + cert.getPublicKey().getAlgorithm() 318 + "; Serial number: 0x" 319 + cert.getSerialNumber().toString(16)); 320 System.out.println(" Valid from " 321 + cert.getNotBefore() + " until " 322 + cert.getNotAfter()); 323 System.out.println(); 324 } 325 } 326 327 private Validator getValidator(String variant) { 328 Validator v; 329 if (pkixParams == null) { 330 v = Validator.getInstance(validatorType, variant, trustedCerts); 331 } else { 332 v = Validator.getInstance(validatorType, variant, pkixParams); 333 } 334 return v; 335 } 336 337 private static X509Certificate[] validate(Validator v, 338 X509Certificate[] chain, List<byte[]> responseList, 339 AlgorithmConstraints constraints, String authType) 340 throws CertificateException { 341 Object o = JsseJce.beginFipsProvider(); 342 try { 343 return v.validate(chain, null, responseList, constraints, authType); 344 } finally { 345 JsseJce.endFipsProvider(o); 346 } 347 } 348 349 // Get string representation of HostName from a list of server names. 350 // 351 // We are only accepting host_name name type in the list. 352 private static String getHostNameInSNI(List<SNIServerName> sniNames) { 353 354 SNIHostName hostname = null; 355 for (SNIServerName sniName : sniNames) { 356 if (sniName.getType() != StandardConstants.SNI_HOST_NAME) { 357 continue; 358 } 359 360 if (sniName instanceof SNIHostName) { 361 hostname = (SNIHostName)sniName; 362 } else { 363 try { 364 hostname = new SNIHostName(sniName.getEncoded()); 365 } catch (IllegalArgumentException iae) { 366 // unlikely to happen, just in case ... 367 if ((debug != null) && Debug.isOn("trustmanager")) { 368 System.out.println("Illegal server name: " + sniName); 369 } 370 } 371 } 372 373 // no more than server name of the same name type 374 break; 375 } 376 377 if (hostname != null) { 378 return hostname.getAsciiName(); 379 } 380 381 return null; 382 } 383 384 // Also used by X509KeyManagerImpl 385 static List<SNIServerName> getRequestedServerNames(Socket socket) { 386 if (socket != null && socket.isConnected() && 387 socket instanceof SSLSocket) { 388 389 SSLSocket sslSocket = (SSLSocket)socket; 390 SSLSession session = sslSocket.getHandshakeSession(); 391 392 if (session != null && (session instanceof ExtendedSSLSession)) { 393 ExtendedSSLSession extSession = (ExtendedSSLSession)session; 394 return extSession.getRequestedServerNames(); 395 } 396 } 397 398 return Collections.<SNIServerName>emptyList(); 399 } 400 401 // Also used by X509KeyManagerImpl 402 static List<SNIServerName> getRequestedServerNames(SSLEngine engine) { 403 if (engine != null) { 404 SSLSession session = engine.getHandshakeSession(); 405 406 if (session != null && (session instanceof ExtendedSSLSession)) { 407 ExtendedSSLSession extSession = (ExtendedSSLSession)session; 408 return extSession.getRequestedServerNames(); 409 } 410 } 411 412 return Collections.<SNIServerName>emptyList(); 413 } 414 415 /* 416 * Per RFC 6066, if an application negotiates a server name using an 417 * application protocol and then upgrades to TLS, and if a server_name 418 * extension is sent, then the extension SHOULD contain the same name 419 * that was negotiated in the application protocol. If the server_name 420 * is established in the TLS session handshake, the client SHOULD NOT 421 * attempt to request a different server name at the application layer. 422 * 423 * According to the above spec, we only need to check either the identity 424 * in server_name extension or the peer host of the connection. Peer host 425 * is not always a reliable fully qualified domain name. The HostName in 426 * server_name extension is more reliable than peer host. So we prefer 427 * the identity checking aginst the server_name extension if present, and 428 * may failove to peer host checking. 429 */ 430 private static void checkIdentity(SSLSession session, 431 X509Certificate cert, 432 String algorithm, 433 boolean isClient, 434 List<SNIServerName> sniNames, 435 boolean chainsToPublicCA) throws CertificateException { 436 437 boolean identifiable = false; 438 String peerHost = session.getPeerHost(); 439 if (isClient) { 440 String hostname = getHostNameInSNI(sniNames); 441 if (hostname != null) { 442 try { 443 checkIdentity(hostname, cert, algorithm, chainsToPublicCA); 444 identifiable = true; 445 } catch (CertificateException ce) { 446 if (hostname.equalsIgnoreCase(peerHost)) { 447 throw ce; 448 } 449 450 // otherwisw, failover to check peer host 451 } 452 } 453 } 454 455 if (!identifiable) { 456 checkIdentity(peerHost, cert, algorithm, chainsToPublicCA); 457 } 458 } 459 460 /* 461 * Identify the peer by its certificate and hostname. 462 * 463 * Lifted from sun.net.www.protocol.https.HttpsClient. 464 */ 465 static void checkIdentity(String hostname, X509Certificate cert, 466 String algorithm) throws CertificateException { 467 checkIdentity(hostname, cert, algorithm, false); 468 } 469 470 private static void checkIdentity(String hostname, X509Certificate cert, 471 String algorithm, boolean chainsToPublicCA) 472 throws CertificateException { 473 if (algorithm != null && algorithm.length() != 0) { 474 // if IPv6 strip off the "[]" 475 if ((hostname != null) && hostname.startsWith("[") && 476 hostname.endsWith("]")) { 477 hostname = hostname.substring(1, hostname.length() - 1); 478 } 479 480 if (algorithm.equalsIgnoreCase("HTTPS")) { 481 HostnameChecker.getInstance(HostnameChecker.TYPE_TLS).match( 482 hostname, cert, chainsToPublicCA); 483 } else if (algorithm.equalsIgnoreCase("LDAP") || 484 algorithm.equalsIgnoreCase("LDAPS")) { 485 HostnameChecker.getInstance(HostnameChecker.TYPE_LDAP).match( 486 hostname, cert, chainsToPublicCA); 487 } else { 488 throw new CertificateException( 489 "Unknown identification algorithm: " + algorithm); 490 } 491 } 492 } 493} 494