I'm making a TLS client in java and using the x509TrustManager checkServerTrusted method to validate if server certificates are trusted.
void checkServerTrusted(X509Certificate[] chain,
String authType)
throws CertificateException
authType - the key exchange algorithm used
The docs mention it uses an authType argument which specifies the key exchange algorithm used. This makes sense for TLS1.2 since the key exchange algorithm can be figured out from the selected cipher. But what about TLS1.3 where there is no key exchange algorithm, what should the authType value be in that case? How to validate a certificate when using TLS1.3 with this method? I'm using openJDK 8.
CodePudding user response:
It's "UNKNOWN". Note actual cert-path validation and name check are same as lower protocols; 1.3 server is not specified to use a cert containing a key and (potentially) KeyUsage matching the keyexchange as in lower protocols, merely one that is signature-capable and matches one of the signature_algorithms values offered by the client -- and JSSE client offers all, at least assuming an EC provider is available which is normally the case in j7 up. (1.2, only, specified server cert to match sigalgs and keyexchange.)
AFAICS the default validator (i.e. when you use TrustManagerFactory) doesn't actually check this value at all, although it does apply a constraint for sigalgs when present (i.e.in 1.2 or 1.3). The TLS specs don't require the client to check this, not even 1.3 which generally requires more receiver checking (i.e. antiPostelianism) than earlier versions. (OTOH the default X509[Extended]KeyManager does use the similar keyType[s] parameter.)
PS: do you mean you are calling the standard (X509)TM to validate the cert? If so you don't need to; JSSE already does. Or do you mean you are supplying your own class that implements X509TrustManager
to be called? If so, you should be aware in 7 up (as you've linked) JSSE will add 'endpoint-identification' i.e. host name checking where applicable to a supplied X509TM. If you want to control that yourself, you must instead extends X509ExtendedTrustManager
as linked at the top of the page you linked.