iaik.security.ssl

Class TLS13OCSPCertStatusChainVerifier

java.lang.Object

iaik.security.ssl.ChainVerifier

iaik.security.ssl.OCSPCertStatusChainVerifier

iaik.security.ssl.TLS13OCSPCertStatusChainVerifier

public class TLS13OCSPCertStatusChainVerifier
extends OCSPCertStatusChainVerifier

This class represents a ChainVerifier to may be used for checking OCSP certificate status information about the peer certificate.

When a TLS version prior 1.2 is used certificate status information may be only provided by the server by sending a certificate_status handshake message in response to a status_request extension sent by the client.

When a TLS version of TLS 1.3 or later is used certificate status information may be provided by both client and server. If the client wants to get certificate status information from the server the client sends a status_request extension in the ClientHello message. The server then can provide certificate status information by including a status_request extension in the certificate entries of the server certificate message.
If the server requests client authentication and wants that the client provides status information along with its certificates the server sends a status_request extension with its certificate_request message. The client then can provide certificate status information by including a status_request extension in the certificate entries of the client certificate message.

When a TLS version prior 1.2 is used this ChainVerifier can be used to check OCSP status information for the server certificate by calling method verifyChain(X509Certificate[] certs, SSLTransport transport, int statusType, byte[] statusRequest, byte[] statusResponse).

When a TLS version of TLS 1.3 or later is used this ChainVerifier can be used to check OCSP status information for both client and server certificates by calling method verifyChain(CertificateEntry[] certEntries, SSLTransport transport, int statusType, byte[] statusRequest).

This class works in the same way as the parent ChainVerifier class, except for that it additionally checks OCSP status information sent by the server.

Since OCSP cannot be handled in a crypto-provider independent way, using this class requires that you have IAIK-JCE (iaik_jce(_full).jar)) in your classpath. Note that by default the standard ChainVerifier is used for certificate chain verification. To enable this TLS13OCSPCertStatusChainVerifier set it for your SSLClientContext:

  SSLContext context = ...;
  ...
  TLS13OCSPCertStatusChainVerifier ocspCertStatusChainVerifier = new TLS13OCSPCertStatusChainVerifier();
  context.setChainVerifier(ocspCertStatusChainVerifier);
 

If the peer has sent an OCSP status information, this class -- after having verified the peer certificate chain -- checks the provided status information and rejects the peer certificate(s) if any of the following conditions occur:

• If the status type is not ocsp
• If the response status is not successful.
• If the response type is not id-pkix-ocsp-basic.
• If the response signature verification fails.
• If the responder is not authorized for signing OCSP responses for the peer certificate(s) (this step, for instance, checks if the response signer cert contains an ocsp_signing ExtendedKeyUsage extension (if the response signer is different from the server certificate issuer); or if the response signer is registered as trusted responder (if trusted responders have been set).
• If the OCSP response does not contain a SingleResponse for the peer certificate
• If the cert status for the peer certificate(s) is not good
• If the single response is out-of-time
• If the status_request message sent to the peer contains responder ids they are checked against the id of the responder. If the id does not match the peer certificate is rejected and a bad_certificate_status_response alert is sent to the peer
• If the status_request message sent to the peer contains a Nonce extension it is checked against the Nonce extension contained in the response. If the response does not contain a Nonce extension or does contain a different Nonce extension, the peer certificate is rejected and a bad_certificate_status_response alert is sent to the peer. Other request extensions are not checked since they cannot be handled in a global way.
• If the response signer is not the peer cert issuer, the response signer cert chain is verified and the peer certificate is rejected if the verification fails.
• If any of the required response/request/certificate parsing operation fails

Note that this ChainVerifier tries to verify status information for any certificate of the peer certificate chain as long as status information is provided for this certificate. This means that this ChainVerifier skips the status information verification for any certificate for which no status information is provided. However, if the status_request extension sent to the peer has been marked as being critical iSaSiLk will reject the peer certificate chain if no status information is provided for the client/server certificate (certificate at index 0 of the peer certificate chain). Note that this check is already done before calling the verifyChain method because the ChainVerifier does not have access to the critical flag of the status_request extension.

See Also:

ChainVerifier, OCSPCertStatusChainVerifier, CertificateStatusRequest

Field Summary

Fields inherited from class iaik.security.ssl.ChainVerifier

CACHE_SIZE, cachedCerts, cacheSize, checkServerName, nullTrusted, trustedCerts

Constructor Summary

Constructors

Constructor and Description
TLS13OCSPCertStatusChainVerifier() Creates a new ChainVerifier.

Method Summary

Modifier and Type	Method and Description
boolean	verifyChain(TLS13Certificate.CertificateEntry[] certEntries, SSLTransport transport, int statusType, byte[] statusRequest) Verifies a TLS 1.3 certificate chain.

Methods inherited from class iaik.security.ssl.OCSPCertStatusChainVerifier

setAccuracy, setTrustedResponders, verifyChain, verifyDelegatedResponderCert

Methods inherited from class iaik.security.ssl.ChainVerifier

addTrustedCertificate, cacheCertificate, cacheCertificates, clearCachedCertificates, clearTrustedCertificates, dumpCertificateChain, getCertificateChain, getCheckServerName, getIssuerCertificate, getTrustedCertificates, getTrustedCertificatesArray, getTrustedPrincipals, getTrustedPrincipalsArray, isCachedCertificate, isTrustedCertificate, removeTrustedCertificate, setCacheSize, setCheckServerName, size, verifyCertificate, verifyChain, verifyClient, verifyServer

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

TLS13OCSPCertStatusChainVerifier

public TLS13OCSPCertStatusChainVerifier()

Creates a new ChainVerifier. Initially the list of trusted certificates is empty.

Method Detail

verifyChain

public boolean verifyChain(TLS13Certificate.CertificateEntry[] certEntries,
                           SSLTransport transport,
                           int statusType,
                           byte[] statusRequest)
                    throws SSLCertificateRuntimeException

Verifies a TLS 1.3 certificate chain.

This method works in the same way as the same-named verifyChain(CertificateEntry[], SSLTransport, int, byte[]) method of the parent ChainVerifier class, but additionally also checks OCSP status information, if provided by the peer in response to a certificate status_request.

The statusRequest parameter is only meaningful if a CertificateStatusRequest extension has sent to the peer. In this case the certificate entries of the peer certificate message may contain status information.

Overrides:

verifyChain in class ChainVerifier

Parameters:

certEntries - the TLS 1.3 certificate entries sent within the TLS 1.3 peer certificate message

transport - the SSLTransport, maybe required to query for information (e.g. client mode) and/or printing debug information

statusType - the type of the certificate status request sent to the peer (and of the status response received from the peer), or -1 if no status_request extension has been sent to the peer

statusRequest - the (TLS) encoded status request sent to the peer, or null if no status_request extension has been sent to the peer

Throws:

SSLCertificateRuntimeException - maybe used by an application to wrap an exception thrown by some self-designed ChainVerifier implementation

See Also:

TLS13OCSPCertStatusChainVerifier