8268199: Correct certificate requests

Reviewed-by: xuelei, ahgross, rhalade
2025-08-28 23:34:52 +02:00 · 2021-07-08 21:08:49 +00:00 · 2021-07-08 21:08:49 +00:00 · f2c5728a86
commit f2c5728a86
parent 44ce867314
1 changed files with 26 additions and 3 deletions
--- a/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java
+++ b/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java
@ -31,6 +31,7 @@ import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.text.MessageFormat;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashSet;
@ -729,7 +730,7 @@ final class CertificateRequest {
            // the SSLPossession.  Instead, the choosePossession method
            // will use the accepted signature schemes in the message to
            // determine the set of acceptable certificate types to select from.
-            SSLPossession pos = choosePossession(chc);
+            SSLPossession pos = choosePossession(chc, crm);
            if (pos == null) {
                return;
            }
@ -739,8 +740,8 @@ final class CertificateRequest {
                    SSLHandshake.CERTIFICATE_VERIFY);
        }

-        private static SSLPossession choosePossession(HandshakeContext hc)
-                throws IOException {
+        private static SSLPossession choosePossession(HandshakeContext hc,
+                T12CertificateRequestMessage crm) throws IOException {
            if (hc.peerRequestedCertSignSchemes == null ||
                    hc.peerRequestedCertSignSchemes.isEmpty()) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
@ -750,6 +751,15 @@ final class CertificateRequest {
                return null;
            }

+            // Put the CR key type into a more friendly format for searching
+            List<String> crKeyTypes = new ArrayList<>(
+                    Arrays.asList(crm.getKeyTypes()));
+            // For TLS 1.2 only if RSA is a requested key type then we
+            // should also allow RSASSA-PSS.
+            if (crKeyTypes.contains("RSA")) {
+                crKeyTypes.add("RSASSA-PSS");
+            }
+
            Collection<String> checkedKeyTypes = new HashSet<>();
            List<String> supportedKeyTypes = new ArrayList<>();
            for (SignatureScheme ss : hc.peerRequestedCertSignSchemes) {
@ -784,6 +794,19 @@ final class CertificateRequest {
                            "Unsupported authentication scheme: " + ss.name);
                    }
                    continue;
+                } else {
+                    // Any auth object will have a set of allowed key types.
+                    // This set should share at least one common algorithm with
+                    // the CR's allowed key types.
+                    if (Collections.disjoint(crKeyTypes,
+                            Arrays.asList(ka.keyTypes))) {
+                        if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
+                            SSLLogger.warning(
+                                    "Unsupported authentication scheme: " +
+                                            ss.name);
+                        }
+                        continue;
+                    }
                }
                supportedKeyTypes.add(ss.keyAlgorithm);
            }