X509TrustManager checkServerTrusted with TLSv1.3
[英]X509TrustManager checkServerTrusted with TLSv1.3
问题描述
I'm making a TLS client in java and using the x509TrustManager checkServerTrusted method to validate if server certificates are trusted.
我正在用 java 制作一个 TLS 客户端,并使用x509TrustManager checkServerTrusted方法来验证服务器证书是否可信。
void checkServerTrusted(X509Certificate[] chain,
String authType)
throws CertificateException
authType - the key exchange algorithm used
The docs mention it uses an authType argument which specifies the key exchange algorithm used.文档提到它使用 authType 参数,该参数指定使用的密钥交换算法。 This makes sense for TLS1.2 since the key exchange algorithm can be figured out from the selected cipher.这对 TLS1.2 来说是有意义的,因为可以从所选密码中找出密钥交换算法。 But what about TLS1.3 where there is no key exchange algorithm, what should the authType value be in that case?但是TLS1.3没有密钥交换算法的情况下,authType的值应该是多少呢? How to validate a certificate when using TLS1.3 with this method?使用此方法使用 TLS1.3 时如何验证证书? I'm using openJDK 8.我正在使用 openJDK 8。
1 个解决方案
解决方案1
1 已采纳 2022-05-18 07:18:21
It's "UNKNOWN". 这是“未知”。 Note actual cert-path validation and name check are same as lower protocols;注意实际的证书路径验证和名称检查与较低的协议相同; 1.3 server is not specified to use a cert containing a key and (potentially) KeyUsage matching the keyexchange as in lower protocols, merely one that is signature-capable and matches one of the signature_algorithms values offered by the client -- and JSSE client offers all, at least assuming an EC provider is available which is normally the case in j7 up. 1.3 未指定服务器使用包含密钥和(可能)与较低协议中的密钥交换匹配的 KeyUsage 的证书,只是一个具有签名能力并与客户端提供的 signature_algorithms 值之一匹配的证书——并且 JSSE 客户端提供所有,至少假设有一个 EC 提供程序可用,这在 j7 up 中通常是这种情况。 (1.2, only, specified server cert to match sigalgs and keyexchange.) (仅限 1.2,指定服务器证书以匹配 sigalgs和keyexchange。)
AFAICS the default validator (ie when you use TrustManagerFactory) doesn't actually check this value at all, although it does apply a constraint for sigalgs when present (iein 1.2 or 1.3). AFAICS 默认验证器(即当您使用 TrustManagerFactory 时)实际上根本不检查此值,尽管它在存在时对 sigalgs 应用了约束(即在 1.2 或 1.3 中)。 The TLS specs don't require the client to check this, not even 1.3 which generally requires more receiver checking (ie antiPostelianism) than earlier versions. TLS 规范不要求客户端检查这一点,甚至 1.3 也不需要,它通常比早期版本需要更多的接收器检查(即 antiPostelianism)。 (OTOH the default X509[Extended]KeyManager does use the similar keyType[s] parameter.) (OTOH 默认的X509[Extended]KeyManager确实使用了类似的 keyType[s] 参数。)
PS: do you mean you are calling the standard (X509)TM to validate the cert? PS:您的意思是您正在调用标准(X509)TM 来验证证书吗? If so you don't need to;如果是这样,您不需要; JSSE already does. JSSE 已经做到了。 Or do you mean you are supplying your own class that implements X509TrustManager to be called?或者你的意思是你提供你自己的类来implements X509TrustManager被调用? If so, you should be aware in 7 up (as you've linked) JSSE will add 'endpoint-identification' ie host name checking where applicable to a supplied X509TM.如果是这样,您应该知道在 7 中(如您所链接的)JSSE 将添加“端点识别”,即在适用于提供的 X509TM 的情况下检查主机名。 If you want to control that yourself, you must instead extends X509ExtendedTrustManager as linked at the top of the page you linked.如果您想自己控制它,则必须extends X509ExtendedTrustManager为您链接的页面顶部的链接。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.