<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<meta content="text/html; charset=UTF-8">
<style type="text/css" style="">
<!--
p
{margin-top:0;
margin-bottom:0}
-->
</style>
<div dir="ltr">
<div id="x_divtagdefaultwrapper" dir="ltr" style="font-size:12pt; color:#000000; font-family:Calibri,Arial,Helvetica,sans-serif">
<p>Hello Sean,</p>
<p><br>
</p>
<p>That's great news that the change is in JDK9. Will the change be back-ported to a JDK8 update as well?</p>
<p><br>
</p>
<p>Our product is currently on JDK8.</p>
<p><br>
</p>
<div id="x_Signature">
<div id="x_divtagdefaultwrapper" dir="ltr" style="font-size:12pt; color:#000000; font-family:Calibri,Arial,Helvetica,sans-serif">
<p>Thanks,</p>
<p>Chris Fox</p>
</div>
</div>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Sean Mullan <sean.mullan@oracle.com><br>
<b>Sent:</b> Friday, February 17, 2017 10:57:33 AM<br>
<b>To:</b> Christopher Fox; security-dev@openjdk.java.net<br>
<b>Cc:</b> Glen Beasley; Timothy Jackson<br>
<b>Subject:</b> Re: [JDK-8146293] - Proposal to fix RSASSA-PSS AlgorithmChecker constraints for TLS 1.2</font>
<div> </div>
</div>
</div>
<font size="2"><span style="font-size:10pt;">
<div class="PlainText">Hi Chris,<br>
<br>
Comments inline ...<br>
<br>
On 2/10/17 4:41 PM, Christopher Fox wrote:<br>
> We have been looking into supporting RSASSA-PSS signature algorithms<br>
> within the chain of an end-entity certificate used for TLS 1.2. The EE<br>
> certificate itself is not signed with RSASSA-PSS.<br>
><br>
> As mentioned in JDK-8146293<br>
> <<a href="https://bugs.openjdk.java.net/browse/JDK-8146293">https://bugs.openjdk.java.net/browse/JDK-8146293</a>>, we run into the<br>
> exception: java.security.cert.CertificateException: Certificates does<br>
> not conform to algorithm constraints<br>
><br>
> Upon closer inspection we believe there are 2 workarounds for this issue:<br>
><br>
> 1)<br>
> Update sun.security.provider.certpath.AlgorithmChecker#check(java.security.cert.Certificate,<br>
> java.util.Collection<java.lang.String>) to call getSigAlgName from the<br>
> provided certificate (var1), instead of the<br>
> converted sun.security.x509.X509CertImpl (var3).<br>
><br>
> Looking at the code in question:<br>
><br>
> public void check(Certificate var1, Collection<String> var2) throws CertPathValidatorException {<br>
> if(var1 instanceof X509Certificate && this.constraints != null) {<br>
> X509CertImpl var3 = null;<br>
><br>
> try {<br>
> var3 = X509CertImpl.toImpl((X509Certificate)var1);<br>
> } catch (CertificateException var15) {<br>
> throw new CertPathValidatorException(var15);<br>
> }<br>
><br>
> PublicKey var4 = var3.getPublicKey();<br>
> String var5 = var3.getSigAlgName();<br>
> AlgorithmId var6 = null;<br>
><br>
> try {<br>
> var6 = (AlgorithmId)var3.get("x509.algorithm");<br>
> } catch (CertificateException var14) {<br>
> throw new CertPathValidatorException(var14);<br>
> }<br>
><br>
> AlgorithmParameters var7 = var6.getParameters();<br>
> if(!this.constraints.permits(SIGNATURE_PRIMITIVE_SET, var5, var7)) {<br>
> throw new CertPathValidatorException("Algorithm constraints check failed: " + var5, (Throwable)null, (CertPath)null, -1, BasicReason.ALGORITHM_CONSTRAINED);<br>
> } else {<br>
> ....<br>
><br>
> The problem is that the sun.security.x509.X509CertImpl cannot<br>
> convert the RSASSA-PSS algorithm OID to its friendly name when<br>
> var3.getSigAlgName() is called:<br>
><br>
> NOTE: In this case var1 is a instance<br>
> of org.bouncycastle.jce.provider.X509CertificateObject<br>
><br>
> In our tests, making this change results in a successful TLS<br>
> connection without further changes:<br>
><br>
> - Stringvar5 = var3.getSigAlgName();<br>
> + Stringvar5 = ((X509Certificate)var1).getSigAlgName();<br>
<br>
We have just fixed this in JDK 9: <br>
<a href="http://hg.openjdk.java.net/jdk9/dev/jdk/rev/d911fe42d2da">http://hg.openjdk.java.net/jdk9/dev/jdk/rev/d911fe42d2da</a><br>
<br>
> 2) Update sun.security.x509.AlgorithmId to properly map the RSASSA-PSS<br>
> algorithm OID to its friendly name. We have not experimented with this<br>
> option, but believe it would have the same outcome, but with more code<br>
> to change.<br>
<br>
I think that's a more involved changes that will be addressed by <br>
JDK-8146293.<br>
<br>
Thanks,<br>
Sean<br>
</div>
</span></font>
</body>
</html>