Verification of OCSP Responses signed with RSASSA-PSS fails with Java 11 LTS

Sean Mullan sean.mullan at oracle.com
Wed Sep 29 19:43:43 UTC 2021 

Thank you for reporting this issue. As far as I can tell, it looks like 
the JDK OCSP implementation has not yet been enhanced to support 
RSASSA-PSS signatures.

We will keep an eye out for the bug report you filed but I think it is 
still making its way through our system as I have not seen it yet.

--Sean

On 9/28/21 11:17 AM, can comert wrote:
> Hello everyone,
> 
> I am trying to verify Certificate Revocation Status by using JDK and the 
> preferred way is the OCSP request. I came across certificates provided 
> by a certain Certificate Authority (Procilion) which I can not verify 
> the Revocation Status by using the JDK (I tried with the latest 11 LTS 
> and 16). Openssl on the other hand can verify the OCSP responses.
> 
> Here is the call for the openssl library:
> openssl ocsp -CAfile ROOT.cer -issuer INTERMEDIATE.cer -cert 
> APPLICATION.cer -text -url http://ocsp.spi-cloud.com/status/ 
> <http://ocsp.spi-cloud.com/status/>
> 
> which gives results such as:
> APPLICATION.cer: good
>   This Update: Sep 21 15:31:32 2021 GMT
>   Next Update: Sep 21 16:31:32 2021 GMT
> Response verify OK
> 
> With the Wireshark I can also read the OCSP Request and Response and 
> Response contains status SUCCESSFUL.
> 
> Java runtime throws an exception with message "Parameters required for 
> RSASSA-PSS signatures" during trying to verify the signature of the OCSP 
> Response.
> 
> CA is using a separate certificate with Subject "OCSP Signer" to sign 
> the OCSP Response. This certificate is delivered in the OCSP response 
> and the signer certificate is signed by the same root as the issuer 
> certificate of the certificate under test. Java seems to accept the 
> signer certificate but fails to verify the signature.
> Here is the debug output snaps from the Java Program I wrote to test the 
> revocation check and executed with flag 
> -Djava.security.auth.debug=certpath,ocsp:
> 
> start program
> ...
> certpath: KeySizeConstraints.permits(): RSA
> certpath: Responder's certificate includes the extension 
> id-pkix-ocsp-nocheck.
> certpath: OCSP response is signed by an Authorized Responder
> ...
> certpath: RevocationChecker.check() java.security.SignatureException: 
> Parameters required for RSASSA-PSS signatures
> certpath: RevocationChecker.check() preparing to failover
> ...CRL check also fails due to some other reasons.....
> Parameters required for RSASSA-PSS signatures
> end program
> 
> I have also created a Bug Report for the Open JDK with internal review 
> id:9071579 since I could not find any related issues on the Bug database.
> 
> Root certificate is: procilonGROUPCustomerRootCA02.cer
> Intermediate certificate is: procilonGROUPCustomerCAEDIFACT02.cer
> Both available under https://pki.spi-cloud.com/issuer 
> <https://pki.spi-cloud.com/issuer> (packed as p7b)
> 
> I can provide the example certificates and the Java program which is 
> basically calling CertPathValidator.validate method to validate the 
> revocation status if you need to reproduce the issue.
> 
> Kind Regards,
> Can Cömert
>

More information about the security-dev mailing list