8279842: HTTPS Channel Binding support for Java GSS/Kerberos

Co-authored-by: Weijun Wang <weijun.wang@oracle.com>
Reviewed-by: dfuchs, weijun, darcy

src/java.base/share/classes/sun/net/www/http/HttpClient.java

@@ -144,12 +144,27 @@ public class HttpClient extends NetworkClient {
     // Traffic capture tool, if configured. See HttpCapture class for info
     private HttpCapture capture = null;
 
+    /* "jdk.https.negotiate.cbt" property can be set to "always" (always sent), "never" (never sent) or
+     * "domain:a,c.d,*.e.f" (sent to host a, or c.d or to the domain e.f and any of its subdomains). This is
+     * a comma separated list of arbitrary length with no white-space allowed.
+     * If enabled (for a particular destination) then Negotiate/SPNEGO authentication requests will include
+     * a channel binding token for the destination server. The default behavior and setting for the
+     * property is "never"
+     */
+    private static final String spnegoCBT;
+
     private static final PlatformLogger logger = HttpURLConnection.getHttpLogger();
+
     private static void logFinest(String msg) {
         if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
             logger.finest(msg);
         }
     }
+    private static void logError(String msg) {
+        if (logger.isLoggable(PlatformLogger.Level.SEVERE)) {
+            logger.severe(msg);
+        }
+    }
 
     protected volatile String authenticatorKey;
 
@@ -165,6 +180,18 @@ public class HttpClient extends NetworkClient {
         return keepAliveTimeout;
     }
 
+    static String normalizeCBT(String s) {
+        if (s == null || s.equals("never")) {
+            return "never";
+        }
+        if (s.equals("always") || s.startsWith("domain:")) {
+            return s;
+        } else {
+            logError("Unexpected value for \"jdk.https.negotiate.cbt\" system property");
+            return "never";
+        }
+    }
+
     static {
         Properties props = GetPropertyAction.privilegedGetProperties();
         String keepAlive = props.getProperty("http.keepAlive");
@@ -172,6 +199,9 @@ public class HttpClient extends NetworkClient {
         String cacheNTLM = props.getProperty("jdk.ntlm.cache");
         String cacheSPNEGO = props.getProperty("jdk.spnego.cache");
 
+        String s = props.getProperty("jdk.https.negotiate.cbt");
+        spnegoCBT = normalizeCBT(s);
+
         if (keepAlive != null) {
             keepAliveProp = Boolean.parseBoolean(keepAlive);
         } else {
@@ -206,6 +236,10 @@ public class HttpClient extends NetworkClient {
     }
 
 
+    public String getSpnegoCBT() {
+        return spnegoCBT;
+    }
+
     protected HttpClient() {
     }
 

src/java.base/share/classes/sun/net/www/protocol/http/HttpCallerInfo.java

@@ -29,6 +29,7 @@ import java.net.Authenticator;
 import java.net.Authenticator.RequestorType;
 import java.net.InetAddress;
 import java.net.URL;
+import java.security.cert.X509Certificate;
 
 /**
  * Used in HTTP/Negotiate, to feed HTTP request info into JGSS as a HttpCaller,
@@ -51,6 +52,9 @@ public final class HttpCallerInfo {
     public final InetAddress addr;
     public final RequestorType authType;
     public final Authenticator authenticator;
+    // Used to obtain server cert for SPNEGO CBT.
+    // May be null in which case CBT is not set
+    public final X509Certificate serverCert;
 
     /**
      * Create a schemed object based on an un-schemed one.
@@ -65,13 +69,19 @@ public final class HttpCallerInfo {
         this.authType = old.authType;
         this.scheme = scheme;
         this.authenticator =  old.authenticator;
+        this.serverCert =  old.serverCert;
     }
 
     /**
      * Constructor an un-schemed object for site access.
      */
     public HttpCallerInfo(URL url, Authenticator a) {
+        this(url, null, a);
+    }
+
+    public HttpCallerInfo(URL url, X509Certificate serverCert, Authenticator a) {
         this.url= url;
+        this.serverCert= serverCert;
         prompt = "";
         host = url.getHost();
 
@@ -100,9 +110,14 @@ public final class HttpCallerInfo {
      * Constructor an un-schemed object for proxy access.
      */
     public HttpCallerInfo(URL url, String host, int port, Authenticator a) {
+        this(url, host, port, null, a);
+    }
+
+    public HttpCallerInfo(URL url, String host, int port, X509Certificate serverCert, Authenticator a) {
         this.url= url;
         this.host = host;
         this.port = port;
+        this.serverCert = serverCert;
         prompt = "";
         addr = null;
         protocol = url.getProtocol();

src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java

@@ -1739,7 +1739,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
                     AuthenticationHeader authhdr = new AuthenticationHeader (
                             "Proxy-Authenticate",
                             responses,
-                            new HttpCallerInfo(url,
+                            getHttpCallerInfo(url,
                                                http.getProxyHostUsed(),
                                                http.getProxyPortUsed(),
                                                authenticator),
@@ -1814,7 +1814,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
 
                     srvHdr = new AuthenticationHeader (
                             "WWW-Authenticate", responses,
-                            new HttpCallerInfo(url, authenticator),
+                            getHttpCallerInfo(url, authenticator),
                             dontUseNegotiate
                     );
 
@@ -2210,7 +2210,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
                     AuthenticationHeader authhdr = new AuthenticationHeader(
                             "Proxy-Authenticate",
                             responses,
-                            new HttpCallerInfo(url,
+                            getHttpCallerInfo(url,
                                                http.getProxyHostUsed(),
                                                http.getProxyPortUsed(),
                                                authenticator),
@@ -2279,6 +2279,21 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
         responses.reset();
     }
 
+    /**
+     * Overridden in https to also include the server certificate
+     */
+    protected HttpCallerInfo getHttpCallerInfo(URL url, String proxy, int port,
+                                               Authenticator authenticator) {
+        return new HttpCallerInfo(url, proxy, port, authenticator);
+    }
+
+    /**
+     * Overridden in https to also include the server certificate
+     */
+    protected HttpCallerInfo getHttpCallerInfo(URL url, Authenticator authenticator) {
+        return new HttpCallerInfo(url, authenticator);
+    }
+
     static String connectRequestURI(URL url) {
         String host = url.getHost();
         int port = url.getPort();

src/java.base/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java

@@ -1,4 +1,4 @@
-/*
+/**
  * Copyright (c) 2001, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -25,10 +25,13 @@
 
 package sun.net.www.protocol.https;
 
+import java.net.Authenticator;
 import java.net.URL;
 import java.net.Proxy;
 import java.net.SecureCacheResponse;
 import java.security.Principal;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
 import java.io.IOException;
 import java.util.List;
 import java.util.Optional;
@@ -36,6 +39,7 @@ import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import sun.net.www.http.*;
 import sun.net.www.protocol.http.HttpURLConnection;
+import sun.net.www.protocol.http.HttpCallerInfo;
 
 /**
  * HTTPS URL connection support.
@@ -309,4 +313,71 @@ public abstract class AbstractDelegateHttpsURLConnection extends
 
         return ((HttpsClient)http).getSSLSession();
     }
+
+    /*
+     * If no SSL Session available or if the system config does not allow it
+     * don't use the extended caller info (the server cert).
+     * Otherwise return true to include the server cert
+     */
+    private boolean useExtendedCallerInfo(URL url) {
+        HttpsClient https = (HttpsClient)http;
+        if (https.getSSLSession() == null) {
+            return false;
+        }
+        String prop = http.getSpnegoCBT();
+        if (prop.equals("never")) {
+            return false;
+        }
+        String target = url.getHost();
+        if (prop.startsWith("domain:")) {
+            String[] domains = prop.substring(7).split(",");
+            for (String domain : domains) {
+                if (target.equals(domain)) {
+                    return true;
+                }
+                if (domain.startsWith("*.") && target.endsWith(domain.substring(1))) {
+                    return true;
+                }
+            }
+            return false;
+        }
+        return true;
+    }
+
+    @Override
+    protected HttpCallerInfo getHttpCallerInfo(URL url, String proxy, int port,
+                                               Authenticator authenticator)
+    {
+        if (!useExtendedCallerInfo(url)) {
+            return super.getHttpCallerInfo(url, proxy, port, authenticator);
+        }
+        HttpsClient https = (HttpsClient)http;
+        try {
+            Certificate[] certs = https.getServerCertificates();
+            if (certs[0] instanceof X509Certificate x509Cert) {
+                return new HttpCallerInfo(url, proxy, port, x509Cert, authenticator);
+            }
+        } catch (SSLPeerUnverifiedException e) {
+            // ignore
+        }
+        return super.getHttpCallerInfo(url, proxy, port, authenticator);
+    }
+
+    @Override
+    protected HttpCallerInfo getHttpCallerInfo(URL url, Authenticator authenticator)
+    {
+        if (!useExtendedCallerInfo(url)) {
+            return super.getHttpCallerInfo(url, authenticator);
+        }
+        HttpsClient https = (HttpsClient)http;
+        try {
+            Certificate[] certs = https.getServerCertificates();
+            if (certs[0] instanceof X509Certificate x509Cert) {
+                return new HttpCallerInfo(url, x509Cert, authenticator);
+            }
+        } catch (SSLPeerUnverifiedException e) {
+            // ignore
+        }
+        return super.getHttpCallerInfo(url, authenticator);
+    }
 }

src/java.base/share/classes/sun/security/util/ChannelBindingException.java

@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * Thrown by TlsChannelBinding if an error occurs
+ */
+public class ChannelBindingException extends GeneralSecurityException {
+
+    @java.io.Serial
+    private static final long serialVersionUID = -5021387249782788460L;
+
+    /**
+     * Constructs a ChannelBindingException with no detail message. A detail
+     * message is a String that describes this particular exception.
+     */
+    public ChannelBindingException() {
+        super();
+    }
+
+    /**
+     * Constructs a ChannelBindingException with a detail message and
+     * specified cause.
+     */
+    public ChannelBindingException(String msg, Exception e) {
+        super(msg, e);
+    }
+
+    /**
+     * Constructs a ChannelBindingException with a detail message
+     */
+    public ChannelBindingException(String msg) {
+        super(msg);
+    }
+}

src/java.base/share/classes/sun/security/util/TlsChannelBinding.java

@@ -0,0 +1,136 @@
+/*
+ * Copyright (c) 2020, Azul Systems, Inc. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Hashtable;
+
+/**
+ * This class implements the Channel Binding for TLS as defined in
+ * <a href="https://www.ietf.org/rfc/rfc5929.txt">
+ *     Channel Bindings for TLS</a>
+ *
+ * Format of the Channel Binding data is also defined in
+ * <a href="https://www.ietf.org/rfc/rfc5056.txt">
+ *     On the Use of Channel Bindings to Secure Channels</a>
+ * section 2.1.
+ *
+ */
+
+public class TlsChannelBinding {
+
+    public enum TlsChannelBindingType {
+
+        /**
+         * Channel binding on the basis of TLS Finished message.
+         * TLS_UNIQUE is defined by RFC 5929 but is not supported
+         * by the current LDAP stack.
+         */
+        TLS_UNIQUE("tls-unique"),
+
+        /**
+         * Channel binding on the basis of TLS server certificate.
+         */
+        TLS_SERVER_END_POINT("tls-server-end-point");
+
+        public String getName() {
+            return name;
+        }
+
+        private final String name;
+        TlsChannelBindingType(String name) {
+            this.name = name;
+        }
+    }
+
+    /**
+     * Parse given value to see if it is a recognized and supported channel binding type
+     *
+     * @param  cbType
+     * @return TLS Channel Binding type or null if given string is null
+     * @throws ChannelBindingException
+     */
+    public static TlsChannelBindingType parseType(String cbType) throws ChannelBindingException {
+        if (cbType != null) {
+            if (cbType.equals(TlsChannelBindingType.TLS_SERVER_END_POINT.getName())) {
+                return TlsChannelBindingType.TLS_SERVER_END_POINT;
+            } else {
+                throw new ChannelBindingException("Illegal value for channel binding type: " + cbType);
+            }
+        }
+        return null;
+    }
+
+    private final TlsChannelBindingType cbType;
+    private final byte[] cbData;
+
+    /**
+     * Construct tls-server-end-point Channel Binding data
+     * @param serverCertificate
+     * @throws ChannelBindingException
+     */
+    public static TlsChannelBinding create(X509Certificate serverCertificate) throws ChannelBindingException {
+        try {
+            final byte[] prefix =
+                TlsChannelBindingType.TLS_SERVER_END_POINT.getName().concat(":").getBytes();
+            String hashAlg = serverCertificate.getSigAlgName().
+                    replace("SHA", "SHA-").toUpperCase();
+            int ind = hashAlg.indexOf("WITH");
+            if (ind > 0) {
+                hashAlg = hashAlg.substring(0, ind);
+                if (hashAlg.equals("MD5") || hashAlg.equals("SHA-1")) {
+                    hashAlg = "SHA-256";
+                }
+            } else {
+                hashAlg = "SHA-256";
+            }
+            MessageDigest md = MessageDigest.getInstance(hashAlg);
+            byte[] hash = md.digest(serverCertificate.getEncoded());
+            byte[] cbData = Arrays.copyOf(prefix, prefix.length + hash.length );
+            System.arraycopy(hash, 0, cbData, prefix.length, hash.length);
+            return new TlsChannelBinding(TlsChannelBindingType.TLS_SERVER_END_POINT, cbData);
+        } catch (NoSuchAlgorithmException | CertificateEncodingException e) {
+            throw new ChannelBindingException("Cannot create TLS channel binding data", e);
+        }
+    }
+
+    private TlsChannelBinding(TlsChannelBindingType cbType, byte[] cbData) {
+        this.cbType = cbType;
+        this.cbData = cbData;
+    }
+
+    public TlsChannelBindingType getType() {
+        return cbType;
+    }
+
+    public byte[] getData() {
+        return cbData;
+    }
+}