<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif;" dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif;" dir="ltr">
<p>Hello,</p>
<p><br>
</p>
<p>We have been looking into supporting RSASSA-PSS signature algorithms within the chain of an end-entity certificate used for TLS 1.2. The EE certificate itself is not signed with RSASSA-PSS.</p>
<p><br>
</p>
<p>As mentioned in <span><a href="https://bugs.openjdk.java.net/browse/JDK-8146293">JDK-8146293</a>, we run into the exception: <span>java.security.cert.CertificateException: Certificates does not conform to algorithm constraints</span></span></p>
<p><span><span><br>
</span></span></p>
<p><span><span>Upon closer inspection we believe there are 2 workarounds for this issue:</span></span></p>
<p><span><span><br>
</span></span></p>
<p><span><span>1) Update <span>sun.security.provider.certpath.AlgorithmChecker#check(java.security.cert.Certificate, java.util.Collection<java.lang.String>) to call getSigAlgName from the provided certificate (var1), instead of the converted <span>sun.security.x509.X509CertImpl
(var3).</span></span></span></span></p>
<p><span><span><span><span><br>
</span></span></span></span></p>
</div>
<blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;">
<div style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif;" dir="ltr">
<p><span><span><span><span>Looking at the code in question:</span></span></span></span></p>
<p><span><span><span><span><br>
</span></span></span></span></p>
<p><span><span><span><span></span></span></span></span></p>
<pre class="code-java" style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-height: 30em; overflow: auto; white-space: pre-wrap; word-wrap: normal; color: rgb(51, 51, 51); font-size: 12px; background-color: rgb(245, 245, 245);"> <span class="code-keyword" style="color: rgb(0, 0, 145);">public</span> void check(Certificate var1, Collection<<span class="code-object" style="color: rgb(145, 0, 145);">String</span>> var2) <span class="code-keyword" style="color: rgb(0, 0, 145);">throws</span> CertPathValidatorException {
<span class="code-keyword" style="color: rgb(0, 0, 145);">if</span>(var1 <span class="code-keyword" style="color: rgb(0, 0, 145);">instanceof</span> X509Certificate && <span class="code-keyword" style="color: rgb(0, 0, 145);">this</span>.constraints != <span class="code-keyword" style="color: rgb(0, 0, 145);">null</span>) {
X509CertImpl var3 = <span class="code-keyword" style="color: rgb(0, 0, 145);">null</span>;
<span class="code-keyword" style="color: rgb(0, 0, 145);">try</span> {
var3 = X509CertImpl.toImpl((X509Certificate)var1);
} <span class="code-keyword" style="color: rgb(0, 0, 145);">catch</span> (CertificateException var15) {
<span class="code-keyword" style="color: rgb(0, 0, 145);">throw</span> <span class="code-keyword" style="color: rgb(0, 0, 145);">new</span> CertPathValidatorException(var15);
}
PublicKey var4 = var3.getPublicKey();
<span class="code-object" style="color: rgb(145, 0, 145);">String</span> var5 = var3.getSigAlgName();
AlgorithmId var6 = <span class="code-keyword" style="color: rgb(0, 0, 145);">null</span>;
<span class="code-keyword" style="color: rgb(0, 0, 145);">try</span> {
var6 = (AlgorithmId)var3.get(<span class="code-quote" style="color: rgb(0, 145, 0);">"x509.algorithm"</span>);
} <span class="code-keyword" style="color: rgb(0, 0, 145);">catch</span> (CertificateException var14) {
<span class="code-keyword" style="color: rgb(0, 0, 145);">throw</span> <span class="code-keyword" style="color: rgb(0, 0, 145);">new</span> CertPathValidatorException(var14);
}
AlgorithmParameters var7 = var6.getParameters();
<span class="code-keyword" style="color: rgb(0, 0, 145);">if</span>(!<span class="code-keyword" style="color: rgb(0, 0, 145);">this</span>.constraints.permits(SIGNATURE_PRIMITIVE_SET, var5, var7)) {
<span class="code-keyword" style="color: rgb(0, 0, 145);">throw</span> <span class="code-keyword" style="color: rgb(0, 0, 145);">new</span> CertPathValidatorException(<span class="code-quote" style="color: rgb(0, 145, 0);">"Algorithm constraints check failed: "</span> + var5, (Throwable)<span class="code-keyword" style="color: rgb(0, 0, 145);">null</span>, (CertPath)<span class="code-keyword" style="color: rgb(0, 0, 145);">null</span>, -1, BasicReason.ALGORITHM_CONSTRAINED);
} <span class="code-keyword" style="color: rgb(0, 0, 145);">else</span> {
....</pre>
<span>
<div style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif;" dir="ltr">
<span><br>
</span></div>
The problem is that the sun.security.x509.X509CertImpl cannot convert the RSASSA-PSS algorithm OID to its friendly name when var3.getSigAlgName() is called:</span><br>
<p></p>
</div>
<div style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif;" dir="ltr">
<span><br>
</span></div>
<div style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif;" dir="ltr">
<span><img size="11906" contenttype="image/png" id="img648109" style="max-width: 99.9%; user-select: none;" aria-expanded="false" tabindex="0" src="cid:6a0141b3-a283-46ca-9db8-115cafc77a07"><br>
</span></div>
<div style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif;" dir="ltr">
<span>NOTE: In this case var1 is a instance of <span>org.bouncycastle.jce.provider.X509CertificateObject</span></span></div>
<div style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif;" dir="ltr">
<span><br>
</span></div>
<div style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif;" dir="ltr">
<span>In our tests, making this change results in a successful TLS connection without further changes:<br>
<br>
- </span><span class="code-object" style="font-size: 12px; white-space: pre-wrap; color: rgb(145, 0, 145);">String</span><span style="background-color: rgb(245, 245, 245); color: rgb(51, 51, 51); font-size: 12px; white-space: pre-wrap;"> var5 = var3.getSigAlgName();</span></div>
<div style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif;" dir="ltr">
<span style="background-color: rgb(245, 245, 245); color: rgb(51, 51, 51); font-size: 12px; white-space: pre-wrap;">+
</span><span class="code-object" style="font-size: 12px; white-space: pre-wrap; color: rgb(145, 0, 145);">String</span><span style="background-color: rgb(245, 245, 245); color: rgb(51, 51, 51); font-size: 12px; white-space: pre-wrap;"> var5 = ((X509Certificate)var1).getSigAlgName();</span></div>
</blockquote>
<div style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif;" dir="ltr">
<p><br>
</p>
<p>2) Update <span>sun.security.x509.AlgorithmId to properly map the RSASSA-PSS algorithm OID to its friendly name. We have not experimented with this option, but believe it would have the same outcome, but with more code to change.</span></p>
<p><span><br>
</span></p>
<p><span>Any thoughts from the community on which approach would be accepted into the JDK, or alternative suggestions not mentioned here, are appreciated.</span></p>
<p><span><br>
</span></p>
<div id="Signature">
<div id="divtagdefaultwrapper" dir="ltr" style="font-size:12pt; color:#000000; font-family:Calibri,Arial,Helvetica,sans-serif">
<p>Thanks,</p>
<p>Chris Fox</p>
<p>Senior Software Engineer @ MobileIron</p>
</div>
</div>
</div>
</div>
</body>
</html>