8207258: Distrust TLS server certificates anchored by Symantec Root CAs

Reviewed-by: weijun

src/java.base/share/classes/sun/security/validator/CADistrustPolicy.java

@@ -0,0 +1,103 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package sun.security.validator;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+import java.util.EnumSet;
+
+import sun.security.util.Debug;
+
+/**
+ * Policies for distrusting a certificate authority (CA). See the
+ * jdk.security.caDistrustPolicies security property for more information.
+ */
+enum CADistrustPolicy {
+    /**
+     * Distrust TLS Server certificates anchored by a Symantec root CA and
+     * issued after April 16, 2019. If enabled, this policy is currently
+     * enforced by the PKIX and SunX509 TrustManager implementations of the
+     * SunJSSE provider implementation.
+     */
+    SYMANTEC_TLS {
+        void checkDistrust(String variant, X509Certificate anchor,
+                           X509Certificate ee) throws ValidatorException {
+            if (!variant.equals(Validator.VAR_TLS_SERVER)) {
+                return;
+            }
+            SymantecTLSPolicy.checkDistrust(anchor, ee);
+        }
+    };
+
+    /**
+     * Checks if the end-entity certificate is distrusted.
+     *
+     * @param variant the type of certificate being checked
+     * @param anchor the trust anchor certificate
+     * @param ee the end-entity certificate to check
+     * @throws ValidatorException if the end-entity certificate is distrusted
+     */
+    abstract void checkDistrust(String variant,
+                                X509Certificate anchor,
+                                X509Certificate ee) throws ValidatorException;
+
+    // The policies set in the jdk.security.caDistrustPolicies property.
+    static final EnumSet<CADistrustPolicy> POLICIES = parseProperty();
+    private static EnumSet<CADistrustPolicy> parseProperty() {
+        String property = AccessController.doPrivileged(
+            new PrivilegedAction<>() {
+                @Override
+                public String run() {
+                    return Security.getProperty(
+                        "jdk.security.caDistrustPolicies");
+                }
+            });
+        EnumSet<CADistrustPolicy> set = EnumSet.noneOf(CADistrustPolicy.class);
+        // if property is null or empty, the restrictions are not enforced
+        if (property == null || property.isEmpty()) {
+            return set;
+        }
+        String[] policies = property.split(",");
+        for (String policy : policies) {
+            policy = policy.trim();
+            try {
+                CADistrustPolicy caPolicy =
+                    Enum.valueOf(CADistrustPolicy.class, policy);
+                set.add(caPolicy);
+            } catch (IllegalArgumentException iae) {
+                // ignore unknown values but log it
+                Debug debug = Debug.getInstance("certpath");
+                if (debug != null) {
+                    debug.println("Unknown value for the " +
+                                  "jdk.security.caDistrustPolicies property: "
+                                  + policy);
+                }
+            }
+        }
+        return set;
+    }
+}

src/java.base/share/classes/sun/security/validator/EndEntityChecker.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -133,7 +133,9 @@ class EndEntityChecker {
     }
 
     void check(X509Certificate cert, Object parameter,
-            boolean checkUnresolvedCritExts) throws CertificateException {
+            boolean checkUnresolvedCritExts, X509Certificate anchor)
+            throws CertificateException {
+
         if (variant.equals(Validator.VAR_GENERIC)) {
             return; // no checks
         }
@@ -159,6 +161,12 @@ class EndEntityChecker {
         if (checkUnresolvedCritExts) {
             checkRemainingExtensions(exts);
         }
+
+        // check if certificate should be distrusted according to policies
+        // set in the jdk.security.caDistrustPolicies security property
+        for (CADistrustPolicy policy : CADistrustPolicy.POLICIES) {
+            policy.checkDistrust(variant, anchor, cert);
+        }
     }
 
     /**

src/java.base/share/classes/sun/security/validator/SymantecTLSPolicy.java

@@ -0,0 +1,157 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package sun.security.validator;
+
+import java.security.cert.X509Certificate;
+import java.time.LocalDate;
+import java.time.Month;
+import java.time.ZoneOffset;
+import java.util.Date;
+import java.util.Set;
+
+import sun.security.x509.X509CertImpl;
+
+/**
+ * This class checks if Symantec issued TLS Server certificates should be
+ * restricted.
+ */
+final class SymantecTLSPolicy {
+
+    // SHA-256 certificate fingerprints of distrusted roots
+    private static final Set<String> FINGERPRINTS = Set.of(
+        // cacerts alias: geotrustglobalca
+        // DN: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
+        "FF856A2D251DCD88D36656F450126798CFABAADE40799C722DE4D2B5DB36A73A",
+        // cacerts alias: geotrustprimaryca
+        // DN: CN=GeoTrust Primary Certification Authority,
+        //     O=GeoTrust Inc., C=US
+        "37D51006C512EAAB626421F1EC8C92013FC5F82AE98EE533EB4619B8DEB4D06C",
+        // cacerts alias: geotrustprimarycag2
+        // DN: CN=GeoTrust Primary Certification Authority - G2,
+        //     OU=(c) 2007 GeoTrust Inc. - For authorized use only,
+        //     O=GeoTrust Inc., C=US
+        "5EDB7AC43B82A06A8761E8D7BE4979EBF2611F7DD79BF91C1C6B566A219ED766",
+        // cacerts alias: geotrustprimarycag3
+        // DN: CN=GeoTrust Primary Certification Authority - G3,
+        //     OU=(c) 2008 GeoTrust Inc. - For authorized use only,
+        //     O=GeoTrust Inc., C=US
+        "B478B812250DF878635C2AA7EC7D155EAA625EE82916E2CD294361886CD1FBD4",
+        // cacerts alias: geotrustuniversalca
+        // DN: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
+        "A0459B9F63B22559F5FA5D4C6DB3F9F72FF19342033578F073BF1D1B46CBB912",
+        // cacerts alias: thawteprimaryrootca
+        // DN: CN=thawte Primary Root CA,
+        //     OU="(c) 2006 thawte, Inc. - For authorized use only",
+        //     OU=Certification Services Division, O="thawte, Inc.", C=US
+        "8D722F81A9C113C0791DF136A2966DB26C950A971DB46B4199F4EA54B78BFB9F",
+        // cacerts alias: thawteprimaryrootcag2
+        // DN: CN=thawte Primary Root CA - G2,
+        //     OU="(c) 2007 thawte, Inc. - For authorized use only",
+        //     O="thawte, Inc.", C=US
+        "A4310D50AF18A6447190372A86AFAF8B951FFB431D837F1E5688B45971ED1557",
+        // cacerts alias: thawteprimaryrootcag3
+        // DN: CN=thawte Primary Root CA - G3,
+        //     OU="(c) 2008 thawte, Inc. - For authorized use only",
+        //     OU=Certification Services Division, O="thawte, Inc.", C=US
+        "4B03F45807AD70F21BFC2CAE71C9FDE4604C064CF5FFB686BAE5DBAAD7FDD34C",
+        // cacerts alias: thawtepremiumserverca
+        // DN: EMAILADDRESS=premium-server@thawte.com,
+        //     CN=Thawte Premium Server CA, OU=Certification Services Division,
+        //     O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
+        "3F9F27D583204B9E09C8A3D2066C4B57D3A2479C3693650880505698105DBCE9",
+        // cacerts alias: verisignclass2g2ca
+        // DN: OU=VeriSign Trust Network,
+        //     OU="(c) 1998 VeriSign, Inc. - For authorized use only",
+        //     OU=Class 2 Public Primary Certification Authority - G2,
+        //     O="VeriSign, Inc.", C=US
+        "3A43E220FE7F3EA9653D1E21742EAC2B75C20FD8980305BC502CAF8C2D9B41A1",
+        // cacerts alias: verisignclass3ca
+        // DN: OU=Class 3 Public Primary Certification Authority,
+        //     O="VeriSign, Inc.", C=US
+        "A4B6B3996FC2F306B3FD8681BD63413D8C5009CC4FA329C2CCF0E2FA1B140305",
+        // cacerts alias: verisignclass3g2ca
+        // DN: OU=VeriSign Trust Network,
+        //     OU="(c) 1998 VeriSign, Inc. - For authorized use only",
+        //     OU=Class 3 Public Primary Certification Authority - G2,
+        //     O="VeriSign, Inc.", C=US
+        "83CE3C1229688A593D485F81973C0F9195431EDA37CC5E36430E79C7A888638B",
+        // cacerts alias: verisignclass3g3ca
+        // DN: CN=VeriSign Class 3 Public Primary Certification Authority - G3,
+        //     OU="(c) 1999 VeriSign, Inc. - For authorized use only",
+        //     OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
+        "EB04CF5EB1F39AFA762F2BB120F296CBA520C1B97DB1589565B81CB9A17B7244",
+        // cacerts alias: verisignclass3g4ca
+        // DN: CN=VeriSign Class 3 Public Primary Certification Authority - G4,
+        //     OU="(c) 2007 VeriSign, Inc. - For authorized use only",
+        //     OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
+        "69DDD7EA90BB57C93E135DC85EA6FCD5480B603239BDC454FC758B2A26CF7F79",
+        // cacerts alias: verisignclass3g5ca
+        // DN: CN=VeriSign Class 3 Public Primary Certification Authority - G5,
+        //     OU="(c) 2006 VeriSign, Inc. - For authorized use only",
+        //     OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
+        "9ACFAB7E43C8D880D06B262A94DEEEE4B4659989C3D0CAF19BAF6405E41AB7DF",
+        // cacerts alias: verisignuniversalrootca
+        // DN: CN=VeriSign Universal Root Certification Authority,
+        //     OU="(c) 2008 VeriSign, Inc. - For authorized use only",
+        //     OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
+        "2399561127A57125DE8CEFEA610DDF2FA078B5C8067F4E828290BFB860E84B3C"
+    );
+
+    // Any TLS Server certificate that is anchored by one of the Symantec
+    // roots above and is issued after this date will be distrusted.
+    private static final LocalDate APRIL_16_2019 =
+        LocalDate.of(2019, Month.APRIL, 16);
+
+    /**
+     * This method assumes the eeCert is a TLS Server Cert and chains back to
+     * the anchor.
+     *
+     * @param anchor the trust anchor certificate
+     * @param eeCert the certificate to check
+     * @throws ValidatorException if the certificate is distrusted
+     */
+    static void checkDistrust(X509Certificate anchor,
+                              X509Certificate eeCert)
+                              throws ValidatorException {
+        String fp = (anchor instanceof X509CertImpl)
+                    ? ((X509CertImpl)anchor).getFingerprint("SHA-256")
+                    : X509CertImpl.getFingerprint("SHA-256", anchor);
+        if (FINGERPRINTS.contains(fp)) {
+            // reject if certificate is issued after April 16, 2019
+            Date notBefore = eeCert.getNotBefore();
+            LocalDate ldNotBefore = LocalDate.ofInstant(notBefore.toInstant(),
+                                                        ZoneOffset.UTC);
+            if (ldNotBefore.isAfter(APRIL_16_2019)) {
+                throw new ValidatorException
+                    ("TLS Server certificate issued after " + APRIL_16_2019 +
+                     " and anchored by a distrusted legacy Symantec root CA: "
+                     + anchor.getSubjectX500Principal(),
+                     ValidatorException.T_UNTRUSTED_CERT, anchor);
+            }
+        }
+    }
+
+    private SymantecTLSPolicy() {}
+}

src/java.base/share/classes/sun/security/validator/Validator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -275,7 +275,8 @@ public abstract class Validator {
             boolean checkUnresolvedCritExts =
                     (type == TYPE_PKIX) ? false : true;
             endEntityChecker.check(chain[0], parameter,
-                                   checkUnresolvedCritExts);
+                                   checkUnresolvedCritExts,
+                                   chain[chain.length-1]);
         }
 
         return chain;