Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4427888

Incorrect key usage check for server certificates

    XMLWordPrintable

    Details

    • Subcomponent:
    • Resolved In Build:
      1.0.3
    • CPU:
      x86
    • OS:
      linux, solaris

      Backports

        Description

        clientmanager.Client.getServerProperties(Unknown Source)
                at infoworkspace.security.authenticationui.AuthenticationClient.startAuthentication(Unknown Source)
                at infoworkspace.security.authenticationui.AuthenticationClient.<init>(Unknown Source)
                at infoworkspace.client.clientmanager.Client.logon(Unknown Source)
                at infoworkspace.client.clientmanager.Client$3.run(Unknown Source)
                at java.lang.Thread.run(Unknown Source)



        TESTCASEEND


        Name: krC82822 Date: 03/20/2001


        java version "1.3.0"
        Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0)
        Java HotSpot(TM) Client VM (build 1.3.0, mixed mode)

        The method X509TrustManager.isServerTrusted incorrectly rejects a server
        certificate.

        Running with debugging indicates the following error:
        failed critical extension check: java.lang.Exception: Wrong key usage
        main, SEND SSL v3.1 ALERT: fatal, description = certificate_unknown
        main, WRITE: SSL v3.1 Alert, length = 2

        The method requires that the certificate' s key usage, if present, includes
        digitalSignature. Server certificates are not used for signing. They should
        have keyEncipherment set as their key usage. This is stated in the TLS spec as
        well as Netscape's certificate specification.
        (Review ID: 119099)
        ======================================================================


        ck.prasad@eng 2001-06-21

        Customer Problem Description:
        -----------------------------

        One of our Department of Defense customers is currently having problems related to BugID 4427888. Their organization is serviced by a CA which issues X509 SSL Server certificates (server has an RSA key) with the following v3 extension:

           [5]: ObjectId: 2.5.29.15 Criticality=true
           KeyUsage [
             Key_Encipherment
           ]
         
        As BugID 4427888 correctly points out, JSSE 1.0.2 will not trust such a server even though every other trust criterion (eg: client trusts the server's root CA, dates are valid, subject and hostname matches, et cetera) is satisfied. Instead, JSSE requires digitalSignature in critical keyUsage extensions even though this usage is not required in either the SSL v3.0 protocol or the TLS v1.0 protocol.

        We are expecting many other Department of Defense customers will run into the same difficulty as our current customer. For example, the attached newsgroup posting (at the end of this description) is from an individual in a completely different organization and with a different CA than our customer. Even so, he is having the same problem. As such, requesting our current and future customers to modify their CA policies is not feasible, especially when their policies conform to the requirements of RFC 2246, para. 7.4.2.

        =-=-=-=-= BEGIN comp.lang.java.security posting =-=-=-=-=

        Thread Title: "Using https in java application"
        Post Date: 2001-03-20
        URL: http://groups.google.com/groups?hl=en&lr=&safe=off&ic=1&th=b54b0db7567815f1,3&seekm=00000008.58e87553%40usw-ex0108-192.remarq.com#p

        I am attempting to connect to a web server that is using https
        and http authentication. The particular URL I am trying to
        connect to returns an XML document. I have successfully
        established a connection to this server using IE. Once connected
        in IE, I selected the lock icon and added the certificate
        associated with the URL to IEs certificates.

        I have attempted to export this certificate in both Base64 and
        Binary X509 format and added it to my local .keystore using
        keytool. Unfortunately when I try to connect to this site from a
        Java application I get the following error:

        failed critical extension check: java.lang.Exception: Wrong key usage
        main, SEND SSL v3.0 ALERT: fatal, description = certificate_unknown
        main, WRITE: SSL v3.0 Alert, length = 2
        javax.net.ssl.SSLException: untrusted server cert chain
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.a([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.ssl.AppOutputStream.write([DashoPro-V1.2-120198])
        at java.io.OutputStream.write(OutputStream.java:61)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.www.protocol.https.HttpClient.&lt;init&gt;([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.&lt;init&gt;([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getInputStream([DashoPro-V1.2-120198])
        at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:230)
        at httpclient.URLReader.main(URLReader.java:69)

        I have turned the debugging on for JSSE and I noticed that there
        is a compliant about the certificate. Details below:

        adding as trusted cert: [
        [
          Version: V3
          Subject: CN=scwc17.scott.af.mil, OU=USAF, OU=PKI, OU=DoD, O=U.S. Government, C=US
          Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

          Key: com.sun.rsajca.JSA_RSAPublicKey@67e89
          Validity: [From: Mon Jun 26 18:12:46 EDT 2000,
                       To: Fri Jun 27 18:12:46 EDT 2003]
          Issuer: CN=Med CA-2, OU=PKI, OU=DoD, O=U.S. Government, C=US
          SerialNumber: [ 2458]

        Certificate Extensions: 6
        [1]: ObjectId: 2.5.29.14 Criticality=false
        SubjectKeyIdentifier [
        KeyIdentifier [
        0000: 96 80 87 61 C4 88 5A A4 E2 A0 08 3A 0E 92 39
        AD ...a..Z....:..9.

        0010: A6 68 40 3C .h@<

        ]
        ]

        [2]: ObjectId: 2.5.29.35 Criticality=false
        AuthorityKeyIdentifier [
        KeyIdentifier [
        0000: 09 BC 11 2B 3B 65 79 47 D6 73 63 DC 07 37 69
        16 ...+;eyG.sc..7i.

        0010: 34 CF 35 85 4.5.

        ]

        ]

        [3]: ObjectId: 2.5.29.32 Criticality=false
        Extension unknown: DER encoded OCTET string =
        0000: 04 0F 30 0D 30 0B 06 09 60 86 48 01 65 02 01
        0B ..0.0...`.H.e...

        0010: 03
        ...

        Notice the unknown DER encoded OCTET string message.

        Any help on this problem would be greatly appreciated.

        =-=-=-=-= END comp.lang.java.security posting =-=-=-=-=


        TESTCASEBEGIN
        Server: iPlanet Web Server 4.2 on Windows NT 4.0 SP6a
        Client: JRE 1.2.2-006, JSSE 1.0.2, Windows 2000 SP1

        jre\1.2\bin\java.exe -version
        java version "1.2.2"
        Classic VM (build JDK-1.2.2_006, native threads, symcjit)

        With the above configuration, here is the client's JSSE debug at the initiation of the SSL session:

        *** ClientHello, v3.1
        RandomCookie: GMT: 993160553 bytes = { 68, 244, 215, 11, 190, 155, 41, 144, 99, 100, 51, 225, 114, 113, 69, 139, 181, 202, 250, 106, 129, 7, 202, 250, 13, 86, 15, 130 }
        Session ID: {}
        Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
        Compression Methods: { 0 }
        ***
        [write] MD5 and SHA1 hashes: len = 59
        0000: 01 00 00 37 03 01 3B 32 6D 69 44 F4 D7 0B BE 9B ...7..;2miD.....
        0010: 29 90 63 64 33 E1 72 71 45 8B B5 CA FA 6A 81 07 ).cd3.rqE....j..
        0020: CA FA 0D 56 0F 82 00 00 10 00 05 00 04 00 09 00 ...V............
        0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
        Thread-0, WRITE: SSL v3.1 Handshake, length = 59
        [write] MD5 and SHA1 hashes: len = 77
        0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
        0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
        0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 3B 32 6D .............;2m
        0030: 69 44 F4 D7 0B BE 9B 29 90 63 64 33 E1 72 71 45 iD.....).cd3.rqE
        0040: 8B B5 CA FA 6A 81 07 CA FA 0D 56 0F 82 ....j.....V..
        Thread-0, WRITE: SSL v2, contentType = 22, translated length = 16310
        Thread-0, READ: SSL v3.0 Handshake, length = 921
        *** ServerHello, v3.0
        RandomCookie: GMT: -14136 bytes = { 253, 117, 61, 231, 180, 109, 170, 175, 176, 148, 88, 197, 137, 35, 155, 38, 76, 37, 145, 203, 228, 204, 192, 114, 252, 112, 5, 175 }
        Session ID: {0, 0, 163, 85, 114, 229, 170, 82, 83, 0, 135, 213, 127, 160, 204, 33, 60, 161, 163, 124, 158, 29, 79, 252, 244, 28, 174, 129, 187, 136, 55, 10}
        Cipher Suite: { 0, 4 }
        Compression Method: 0
        ***
        %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
        ** SSL_RSA_WITH_RC4_128_MD5
        [read] MD5 and SHA1 hashes: len = 74
        0000: 02 00 00 46 03 00 00 00 C9 C8 FD 75 3D E7 B4 6D ...F.......u=..m
        0010: AA AF B0 94 58 C5 89 23 9B 26 4C 25 91 CB E4 CC ....X..#.&L%....
        0020: C0 72 FC 70 05 AF 20 00 00 A3 55 72 E5 AA 52 53 .r.p.. ...Ur..RS
        0030: 00 87 D5 7F A0 CC 21 3C A1 A3 7C 9E 1D 4F FC F4 ......!<.....O..
        0040: 1C AE 81 BB 88 37 0A 00 04 00 .....7....
        *** Certificate chain
        chain [0] = [
        [
          Version: V3
          Subject: CN=barrett2.cs.gd-es.com, OU=Engineering, O=Ezenia!, L=Colorado Springs, ST=Colorado, C=US
          Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

          Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@6ccc2da6
          Validity: [From: Wed Jun 20 12:00:56 MDT 2001,
                       To: Thu Jun 20 12:00:56 MDT 2002]
          Issuer: CN=IWS Development CA, O=cs.gd-es.com, L=Colorado Springs, ST=Colorado, C=US
          SerialNumber: [ 3b]

        Certificate Extensions: 5
        [1]: ObjectId: 2.5.29.14 Criticality=false
        SubjectKeyIdentifier [
        KeyIdentifier [
        0000: B3 DF 5E 7B A4 D1 92 66 63 F0 25 C8 5D B4 28 A5 ..^....fc.%.].(.
        0010: F7 79 EE EF .y..
        ]
        ]

        [2]: ObjectId: 2.5.29.32 Criticality=false
        Extension unknown: DER encoded OCTET string =
        0000: 04 32 30 30 30 2E 06 03 55 04 19 30 27 30 17 06 .2000...U..0'0..
        0010: 08 2B 06 01 05 05 07 02 02 30 0B 30 07 16 00 30 .+.......0.0...0
        0020: 03 02 01 01 1A 00 30 0C 06 08 2B 06 01 05 05 07 ......0...+.....
        0030: 02 01 16 00 ....


        [3]: ObjectId: 2.5.29.35 Criticality=false
        AuthorityKeyIdentifier [
        KeyIdentifier [
        0000: 07 5A F4 1F 96 F1 3B 65 0A FA 9E DD BA 38 7E 11 .Z....;e.....8..
        0010: 68 93 D0 40 h..@
        ]

        ]

        [4]: ObjectId: 2.5.29.31 Criticality=false
        Extension unknown: DER encoded OCTET string =
        0000: 04 3C 30 3A 30 38 A0 36 A0 34 86 32 68 74 74 70 .<0:08.6.4.2http
        0010: 3A 2F 2F 73 74 69 6D 65 2E 63 73 2E 67 64 2D 65 ://stime.cs.gd-e
        0020: 73 2E 63 6F 6D 3A 31 30 30 30 37 2F 63 6F 6D 65 s.com:10007/come
        0030: 47 65 74 59 65 72 43 52 4C 73 48 65 72 65 GetYerCRLsHere


        [5]: ObjectId: 2.5.29.15 Criticality=true
        KeyUsage [
          Key_Encipherment
        ]

        ]
          Algorithm: [SHA1withRSA]
          Signature:
        0000: 42 20 BA E2 16 D5 7F 00 05 A6 A8 63 75 38 73 81 B .........cu8s.
        0010: 22 FC 5C 47 54 24 A7 2C 78 BB 0A 97 34 CD 26 C7 ".\GT$.,x...4.&.
        0020: 1E 02 F4 BD 0E DF 20 87 BF 3F 50 7E CD 4F B4 3D ...... ..?P..O.=
        0030: 6C 5F AB 3E 30 CC 07 0D 5C 0D 5E 8D 42 7A DE BC l_.>0...\.^.Bz..
        0040: 95 6E E0 E3 EE AA 35 D2 9B 35 46 73 31 1A F8 AF .n....5..5Fs1...
        0050: 95 F1 6A 63 88 B1 34 38 CE FD 9E 30 D5 6F 41 58 ..jc..48...0.oAX
        0060: A8 B3 91 EF D1 77 9C 32 48 9F 06 BB 2C 0D A7 57 .....w.2H...,..W
        0070: 69 90 41 1C 10 C8 DC AB B5 12 81 17 73 1E 28 35 i.A.........s.(5

        ]
        ***
        add missing root cert: [
        [
          Version: V3
          Subject: CN=IWS Development CA, O=cs.gd-es.com, L=Colorado Springs, ST=Colorado, C=US
          Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

          Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@12002da6
          Validity: [From: Thu Dec 07 00:00:00 MST 2000,
                       To: Tue Dec 07 00:00:00 MST 2032]
          Issuer: CN=IWS Development CA, O=cs.gd-es.com, L=Colorado Springs, ST=Colorado, C=US
          SerialNumber: [ 01]

        Certificate Extensions: 4
        [1]: ObjectId: 2.5.29.14 Criticality=false
        SubjectKeyIdentifier [
        KeyIdentifier [
        0000: 07 5A F4 1F 96 F1 3B 65 0A FA 9E DD BA 38 7E 11 .Z....;e.....8..
        0010: 68 93 D0 40 h..@
        ]
        ]

        [2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
        NetscapeCertType [
           SSL CA
           S/MIME CA
           Object Signing CA]

        [3]: ObjectId: 2.5.29.35 Criticality=false
        AuthorityKeyIdentifier [
        KeyIdentifier [
        0000: 07 5A F4 1F 96 F1 3B 65 0A FA 9E DD BA 38 7E 11 .Z....;e.....8..
        0010: 68 93 D0 40 h..@
        ]

        ]

        [4]: ObjectId: 2.5.29.19 Criticality=true
        BasicConstraints:[
        CA:true
        PathLen: undefined
        ]

        ]
          Algorithm: [MD5withRSA]
          Signature:
        0000: 4D 27 C8 51 99 07 0B 6E 4C F1 FF 4B F1 AB 98 DD M'.Q...nL..K....
        0010: 67 4C C3 C1 18 36 3D FF F1 91 9D E9 8C 1D 16 DB gL...6=.........
        0020: B6 7D 7B 23 A3 2E 06 53 B1 8A B0 F2 0D 63 42 D7 ...#...S.....cB.
        0030: 85 26 6C D3 5D CD D5 8A 80 FC 97 D3 1B 40 E7 FB .&l.]........@..
        0040: C8 29 0C 7A 70 D2 7C AF 35 C7 A0 07 AB A9 C8 E9 .).zp...5.......
        0050: 86 5A 1C 05 56 4F 37 D2 62 5E 27 76 E8 18 52 DB .Z..VO7.b^'v..R.
        0060: F1 E8 0B D6 8A FF E1 54 C5 06 0B 82 D3 8E 8F 71 .......T.......q
        0070: F3 C1 AD 5E E7 25 3F C5 FE 55 BD 52 C2 7A AD A0 ...^.%?..U.R.z..

        ]
        failed critical extension check: java.lang.Exception: Wrong key usage
        Thread-0, SEND SSL v3.0 ALERT: fatal, description = certificate_unknown
        Thread-0, WRITE: SSL v3.0 Alert, length = 2
        javax.net.ssl.SSLException: untrusted server cert chain
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.ssl.ClientHandshaker.a([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.ssl.Handshaker.process_record([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.ssl.AppOutputStream.write([DashoPro-V1.2-120198])
                at java.io.OutputStream.write(Unknown Source)
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.www.protocol.https.HttpClient.&lt;init&gt;([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.&lt;init&gt;([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect([DashoPro-V1.2-120198])
                at infoworkspace.util.Parameters.load(Unknown Source)
                at infoworkspace.client.ServerProperties.<init>(Unknown Source)
                at infoworkspace.client.ClientConfiguration.getServerProperties(Unknown Source)
                at infoworkspace.client.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                ywangsunw Yingxian Wang (Inactive)
                Reporter:
                kryansunw Kevin Ryan (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: