1 /*
   2  * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.validator;
  27 
  28 import java.util.*;
  29 
  30 import java.security.cert.*;
  31 
  32 import sun.security.x509.NetscapeCertTypeExtension;
  33 
  34 /**
  35  * Class to check if an end entity cert is suitable for use in some
  36  * context.<p>
  37  *
  38  * This class is used internally by the validator. Currently, seven variants
  39  * are supported defined as VAR_XXX constants in the Validator class:
  40  * <ul>
  41  * <li>Generic. No additional requirements, all certificates are ok.
  42  *
  43  * <li>TLS server. Requires that a String parameter is passed to
  44  * validate that specifies the name of the TLS key exchange algorithm
  45  * in use. See the JSSE X509TrustManager spec for details.
  46  *
  47  * <li>TLS client.
  48  *
  49  * <li>Code signing.
  50  *
  51  * <li>JCE code signing. Some early JCE code signing certs issued to
  52  * providers had incorrect extensions. In this mode the checks
  53  * are relaxed compared to standard code signing checks in order to
  54  * allow these certificates to pass.
  55  *
  56  * <li>Plugin code signing. WebStart and Plugin require their own variant
  57  * which is equivalent to VAR_CODE_SIGNING with additional checks for
  58  * compatibility/special cases. See also PKIXValidator.
  59  *
  60  * <li>TSA Server (see RFC 3161, section 2.3).
  61  *
  62  * </ul>
  63  *
  64  * @author Andreas Sterbenz
  65  */
  66 class EndEntityChecker {
  67 
  68     // extended key usage OIDs for TLS server, TLS client, code signing
  69     // and any usage
  70 
  71     private final static String OID_EXTENDED_KEY_USAGE =
  72                                 SimpleValidator.OID_EXTENDED_KEY_USAGE;
  73 
  74     private final static String OID_EKU_TLS_SERVER = "1.3.6.1.5.5.7.3.1";
  75 
  76     private final static String OID_EKU_TLS_CLIENT = "1.3.6.1.5.5.7.3.2";
  77 
  78     private final static String OID_EKU_CODE_SIGNING = "1.3.6.1.5.5.7.3.3";
  79 
  80     private final static String OID_EKU_TIME_STAMPING = "1.3.6.1.5.5.7.3.8";
  81 
  82     private final static String OID_EKU_ANY_USAGE = "2.5.29.37.0";
  83 
  84     // the Netscape Server-Gated-Cryptography EKU extension OID
  85     private final static String OID_EKU_NS_SGC = "2.16.840.1.113730.4.1";
  86 
  87     // the Microsoft Server-Gated-Cryptography EKU extension OID
  88     private final static String OID_EKU_MS_SGC = "1.3.6.1.4.1.311.10.3.3";
  89 
  90     // the recognized extension OIDs
  91     private final static String OID_SUBJECT_ALT_NAME = "2.5.29.17";
  92 
  93     private final static String NSCT_SSL_CLIENT =
  94                                 NetscapeCertTypeExtension.SSL_CLIENT;
  95 
  96     private final static String NSCT_SSL_SERVER =
  97                                 NetscapeCertTypeExtension.SSL_SERVER;
  98 
  99     private final static String NSCT_CODE_SIGNING =
 100                                 NetscapeCertTypeExtension.OBJECT_SIGNING;
 101 
 102     // bit numbers in the key usage extension
 103     private final static int KU_SIGNATURE = 0;
 104     private final static int KU_KEY_ENCIPHERMENT = 2;
 105     private final static int KU_KEY_AGREEMENT = 4;
 106 
 107     // TLS key exchange algorithms requiring digitalSignature key usage
 108     private final static Collection<String> KU_SERVER_SIGNATURE =
 109         Arrays.asList("DHE_DSS", "DHE_RSA", "ECDHE_ECDSA", "ECDHE_RSA",
 110             "RSA_EXPORT", "UNKNOWN");
 111 
 112     // TLS key exchange algorithms requiring keyEncipherment key usage
 113     private final static Collection<String> KU_SERVER_ENCRYPTION =
 114         Arrays.asList("RSA");
 115 
 116     // TLS key exchange algorithms requiring keyAgreement key usage
 117     private final static Collection<String> KU_SERVER_KEY_AGREEMENT =
 118         Arrays.asList("DH_DSS", "DH_RSA", "ECDH_ECDSA", "ECDH_RSA");
 119 
 120     // variant of this end entity cert checker
 121     private final String variant;
 122 
 123     // type of the validator this checker belongs to
 124     private final String type;
 125 
 126     // the end entity certificate's extensions
 127     private Set<String> exts;
 128 
 129     private EndEntityChecker(String type, String variant) {
 130         this.type = type;
 131         this.variant = variant;
 132     }
 133 
 134     static EndEntityChecker getInstance(String type, String variant) {
 135         return new EndEntityChecker(type, variant);
 136     }
 137 
 138     void check(X509Certificate cert, Object parameter,
 139             boolean checkExtraExtensions) throws CertificateException {
 140         if (variant.equals(Validator.VAR_GENERIC)) {
 141             return; // no checks
 142         }
 143 
 144         exts = getCriticalExtensions(cert);
 145         if (variant.equals(Validator.VAR_TLS_SERVER)) {
 146             checkTLSServer(cert, (String)parameter);
 147         } else if (variant.equals(Validator.VAR_TLS_CLIENT)) {
 148             checkTLSClient(cert);
 149         } else if (variant.equals(Validator.VAR_CODE_SIGNING)) {
 150             checkCodeSigning(cert);
 151         } else if (variant.equals(Validator.VAR_JCE_SIGNING)) {
 152             checkCodeSigning(cert);
 153         } else if (variant.equals(Validator.VAR_PLUGIN_CODE_SIGNING)) {
 154             checkCodeSigning(cert);
 155         } else if (variant.equals(Validator.VAR_TSA_SERVER)) {
 156             checkTSAServer(cert);
 157         } else {
 158             throw new CertificateException("Unknown variant: " + variant);
 159         }
 160 
 161         // if neither VAR_GENERIC variant nor unknown variant
 162         if (checkExtraExtensions) {
 163             checkRemainingExtensions(exts);
 164         }
 165     }
 166 
 167     /**
 168      * Utility method returning the Set of critical extensions for
 169      * certificate cert (never null).
 170      */
 171     private Set<String> getCriticalExtensions(X509Certificate cert) {
 172         Set<String> exts = cert.getCriticalExtensionOIDs();
 173         if (exts == null) {
 174             exts = Collections.emptySet();
 175         }
 176         return exts;
 177     }
 178 
 179     /**
 180      * Utility method checking if there are any unresolved critical extensions.
 181      * @throws CertificateException if so.
 182      */
 183     private void checkRemainingExtensions(Set<String> exts)
 184             throws CertificateException {
 185         // basic constraints irrelevant in EE certs
 186         exts.remove(SimpleValidator.OID_BASIC_CONSTRAINTS);
 187 
 188         // If the subject field contains an empty sequence, the subjectAltName
 189         // extension MUST be marked critical.
 190         // We do not check the validity of the critical extension, just mark
 191         // it recognizable here.
 192         exts.remove(OID_SUBJECT_ALT_NAME);
 193 
 194         if (!exts.isEmpty()) {
 195             throw new CertificateException("Certificate contains unsupported "
 196                 + "critical extensions: " + exts);
 197         }
 198     }
 199 
 200     /**
 201      * Utility method checking if the extended key usage extension in
 202      * certificate cert allows use for expectedEKU.
 203      */
 204     private boolean checkEKU(X509Certificate cert, Set<String> exts,
 205             String expectedEKU) throws CertificateException {
 206         List<String> eku = cert.getExtendedKeyUsage();
 207         if (eku == null) {
 208             return true;
 209         }
 210         return eku.contains(expectedEKU) || eku.contains(OID_EKU_ANY_USAGE);
 211     }
 212 
 213     /**
 214      * Utility method checking if bit 'bit' is set in this certificates
 215      * key usage extension.
 216      * @throws CertificateException if not
 217      */
 218     private boolean checkKeyUsage(X509Certificate cert, int bit)
 219             throws CertificateException {
 220         boolean[] keyUsage = cert.getKeyUsage();
 221         if (keyUsage == null) {
 222             return true;
 223         }
 224         return (keyUsage.length > bit) && keyUsage[bit];
 225     }
 226 
 227     /**
 228      * Check whether this certificate can be used for TLS client
 229      * authentication.
 230      * @throws CertificateException if not.
 231      */
 232     private void checkTLSClient(X509Certificate cert)
 233             throws CertificateException {
 234         if (checkKeyUsage(cert, KU_SIGNATURE) == false) {
 235             throw new ValidatorException
 236                 ("KeyUsage does not allow digital signatures",
 237                 ValidatorException.T_EE_EXTENSIONS, cert);
 238         }
 239 
 240         if (checkEKU(cert, exts, OID_EKU_TLS_CLIENT) == false) {
 241             throw new ValidatorException("Extended key usage does not "
 242                 + "permit use for TLS client authentication",
 243                 ValidatorException.T_EE_EXTENSIONS, cert);
 244         }
 245 
 246         if (!SimpleValidator.getNetscapeCertTypeBit(cert, NSCT_SSL_CLIENT)) {
 247             throw new ValidatorException
 248                 ("Netscape cert type does not permit use for SSL client",
 249                 ValidatorException.T_EE_EXTENSIONS, cert);
 250         }
 251 
 252         // remove extensions we checked
 253         exts.remove(SimpleValidator.OID_KEY_USAGE);
 254         exts.remove(SimpleValidator.OID_EXTENDED_KEY_USAGE);
 255         exts.remove(SimpleValidator.OID_NETSCAPE_CERT_TYPE);
 256     }
 257 
 258     /**
 259      * Check whether this certificate can be used for TLS server authentication
 260      * using the specified authentication type parameter. See X509TrustManager
 261      * specification for details.
 262      * @throws CertificateException if not.
 263      */
 264     private void checkTLSServer(X509Certificate cert, String parameter)
 265             throws CertificateException {
 266         if (KU_SERVER_ENCRYPTION.contains(parameter)) {
 267             if (checkKeyUsage(cert, KU_KEY_ENCIPHERMENT) == false) {
 268                 throw new ValidatorException
 269                         ("KeyUsage does not allow key encipherment",
 270                         ValidatorException.T_EE_EXTENSIONS, cert);
 271             }
 272         } else if (KU_SERVER_SIGNATURE.contains(parameter)) {
 273             if (checkKeyUsage(cert, KU_SIGNATURE) == false) {
 274                 throw new ValidatorException
 275                         ("KeyUsage does not allow digital signatures",
 276                         ValidatorException.T_EE_EXTENSIONS, cert);
 277             }
 278         } else if (KU_SERVER_KEY_AGREEMENT.contains(parameter)) {
 279             if (checkKeyUsage(cert, KU_KEY_AGREEMENT) == false) {
 280                 throw new ValidatorException
 281                         ("KeyUsage does not allow key agreement",
 282                         ValidatorException.T_EE_EXTENSIONS, cert);
 283             }
 284         } else {
 285             throw new CertificateException("Unknown authType: " + parameter);
 286         }
 287 
 288         if (checkEKU(cert, exts, OID_EKU_TLS_SERVER) == false) {
 289             // check for equivalent but now obsolete Server-Gated-Cryptography
 290             // (aka Step-Up, 128 bit) EKU OIDs
 291             if ((checkEKU(cert, exts, OID_EKU_MS_SGC) == false) &&
 292                 (checkEKU(cert, exts, OID_EKU_NS_SGC) == false)) {
 293                 throw new ValidatorException
 294                     ("Extended key usage does not permit use for TLS "
 295                     + "server authentication",
 296                     ValidatorException.T_EE_EXTENSIONS, cert);
 297             }
 298         }
 299 
 300         if (!SimpleValidator.getNetscapeCertTypeBit(cert, NSCT_SSL_SERVER)) {
 301             throw new ValidatorException
 302                 ("Netscape cert type does not permit use for SSL server",
 303                 ValidatorException.T_EE_EXTENSIONS, cert);
 304         }
 305 
 306         // remove extensions we checked
 307         exts.remove(SimpleValidator.OID_KEY_USAGE);
 308         exts.remove(SimpleValidator.OID_EXTENDED_KEY_USAGE);
 309         exts.remove(SimpleValidator.OID_NETSCAPE_CERT_TYPE);
 310     }
 311 
 312     /**
 313      * Check whether this certificate can be used for code signing.
 314      * @throws CertificateException if not.
 315      */
 316     private void checkCodeSigning(X509Certificate cert)
 317             throws CertificateException {
 318         if (checkKeyUsage(cert, KU_SIGNATURE) == false) {
 319             throw new ValidatorException
 320                 ("KeyUsage does not allow digital signatures",
 321                 ValidatorException.T_EE_EXTENSIONS, cert);
 322         }
 323 
 324         if (checkEKU(cert, exts, OID_EKU_CODE_SIGNING) == false) {
 325             throw new ValidatorException
 326                 ("Extended key usage does not permit use for code signing",
 327                 ValidatorException.T_EE_EXTENSIONS, cert);
 328         }
 329 
 330         // do not check Netscape cert type for JCE code signing checks
 331         // (some certs were issued with incorrect extensions)
 332         if (variant.equals(Validator.VAR_JCE_SIGNING) == false) {
 333             if (!SimpleValidator.getNetscapeCertTypeBit(cert, NSCT_CODE_SIGNING)) {
 334                 throw new ValidatorException
 335                     ("Netscape cert type does not permit use for code signing",
 336                     ValidatorException.T_EE_EXTENSIONS, cert);
 337             }
 338             exts.remove(SimpleValidator.OID_NETSCAPE_CERT_TYPE);
 339         }
 340 
 341         // remove extensions we checked
 342         exts.remove(SimpleValidator.OID_KEY_USAGE);
 343         exts.remove(SimpleValidator.OID_EXTENDED_KEY_USAGE);
 344     }
 345 
 346     /**
 347      * Check whether this certificate can be used by a time stamping authority
 348      * server (see RFC 3161, section 2.3).
 349      * @throws CertificateException if not.
 350      */
 351     private void checkTSAServer(X509Certificate cert)
 352             throws CertificateException {
 353         if (checkKeyUsage(cert, KU_SIGNATURE) == false) {
 354             throw new ValidatorException
 355                 ("KeyUsage does not allow digital signatures",
 356                 ValidatorException.T_EE_EXTENSIONS, cert);
 357         }
 358 
 359         if (cert.getExtendedKeyUsage() == null) {
 360             throw new ValidatorException
 361                 ("Certificate does not contain an extended key usage " +
 362                 "extension required for a TSA server",
 363                 ValidatorException.T_EE_EXTENSIONS, cert);
 364         }
 365 
 366         if (checkEKU(cert, exts, OID_EKU_TIME_STAMPING) == false) {
 367             throw new ValidatorException
 368                 ("Extended key usage does not permit use for TSA server",
 369                 ValidatorException.T_EE_EXTENSIONS, cert);
 370         }
 371 
 372         // remove extensions we checked
 373         exts.remove(SimpleValidator.OID_KEY_USAGE);
 374         exts.remove(SimpleValidator.OID_EXTENDED_KEY_USAGE);
 375     }
 376 }