8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs

Author: jerboaa

jdk/src/share/classes/sun/security/validator/CADistrustPolicy.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, 2024, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2019, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -69,6 +69,22 @@ void checkDistrust(String variant, X509Certificate[] chain)
             }
             EntrustTLSPolicy.checkDistrust(chain);
         }
+    },
+
+    /**
+     * Distrust TLS Server certificates anchored by a CAMERFIRMA root CA and
+     * issued after April 15, 2025. If enabled, this policy is currently
+     * enforced by the PKIX and SunX509 TrustManager implementations
+     * of the SunJSSE provider implementation.
+     */
+    CAMERFIRMA_TLS {
+        void checkDistrust(String variant, X509Certificate[] chain)
+                           throws ValidatorException {
+            if (!variant.equals(Validator.VAR_TLS_SERVER)) {
+                return;
+            }
+            CamerfirmaTLSPolicy.checkDistrust(chain);
+        }
     };
 
     /**

jdk/src/share/classes/sun/security/validator/CamerfirmaTLSPolicy.java

@@ -0,0 +1,114 @@
+/*
+ * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package sun.security.validator;
+
+import java.security.cert.X509Certificate;
+import java.time.LocalDate;
+import java.time.Month;
+import java.time.ZoneOffset;
+import java.util.Date;
+import java.util.Map;
+import java.util.Set;
+
+import sun.security.util.Debug;
+import sun.security.x509.X509CertImpl;
+
+/**
+ * This class checks if Camerfirma issued TLS Server certificates should be
+ * restricted.
+ */
+final class CamerfirmaTLSPolicy {
+
+    private static final Debug debug = Debug.getInstance("certpath");
+
+    // SHA-256 certificate fingerprints of distrusted roots
+    private static final Set<String> FINGERPRINTS = Set.of(
+        // cacerts alias: camerfirmachamberscommerceca
+        // DN: CN=Chambers of Commerce Root,
+        //     OU=http://www.chambersign.org,
+        //     O=AC Camerfirma SA CIF A82743287, C=EU
+        "0C258A12A5674AEF25F28BA7DCFAECEEA348E541E6F5CC4EE63B71B361606AC3",
+        // cacerts alias: camerfirmachambersca
+        // DN: CN=Chambers of Commerce Root - 2008,
+        //     O=AC Camerfirma S.A., SERIALNUMBER=A82743287,
+        //     L=Madrid (see current address at www.camerfirma.com/address),
+        //     C=EU
+        "063E4AFAC491DFD332F3089B8542E94617D893D7FE944E10A7937EE29D9693C0",
+        // cacerts alias: camerfirmachambersignca
+        // DN: CN=Global Chambersign Root - 2008,
+        //     O=AC Camerfirma S.A., SERIALNUMBER=A82743287,
+        //     L=Madrid (see current address at www.camerfirma.com/address),
+        //     C=EU
+        "136335439334A7698016A0D324DE72284E079D7B5220BB8FBD747816EEBEBACA"
+    );
+
+    // Any TLS Server certificate that is anchored by one of the Camerfirma
+    // roots above and is issued after this date will be distrusted.
+    private static final LocalDate APRIL_15_2025 =
+        LocalDate.of(2025, Month.APRIL, 15);
+
+    /**
+     * This method assumes the eeCert is a TLS Server Cert and chains back to
+     * the anchor.
+     *
+     * @param chain the end-entity's certificate chain. The end entity cert
+     *              is at index 0, the trust anchor at index n-1.
+     * @throws ValidatorException if the certificate is distrusted
+     */
+    static void checkDistrust(X509Certificate[] chain)
+                              throws ValidatorException {
+        X509Certificate anchor = chain[chain.length-1];
+        String fp = fingerprint(anchor);
+        if (fp == null) {
+            throw new ValidatorException("Cannot generate fingerprint for "
+                + "trust anchor of TLS server certificate");
+        }
+        if (FINGERPRINTS.contains(fp)) {
+            Date notBefore = chain[0].getNotBefore();
+            LocalDate ldNotBefore = LocalDate.ofInstant(notBefore.toInstant(),
+                                                        ZoneOffset.UTC);
+            // reject if certificate is issued after April 15, 2025
+            checkNotBefore(ldNotBefore, APRIL_15_2025, anchor);
+        }
+    }
+
+    private static String fingerprint(X509Certificate cert) {
+        return X509CertImpl.getFingerprint("SHA-256", cert);
+    }
+
+    private static void checkNotBefore(LocalDate notBeforeDate,
+            LocalDate distrustDate, X509Certificate anchor)
+            throws ValidatorException {
+        if (notBeforeDate.isAfter(distrustDate)) {
+            throw new ValidatorException
+                ("TLS Server certificate issued after " + distrustDate +
+                 " and anchored by a distrusted legacy Camerfirma root CA: "
+                 + anchor.getSubjectX500Principal(),
+                 ValidatorException.T_UNTRUSTED_CERT, anchor);
+        }
+    }
+
+    private CamerfirmaTLSPolicy() {}
+}

jdk/src/share/lib/security/java.security-aix

@@ -1215,6 +1215,9 @@ jdk.sasl.disabledMechanisms=
 #   ENTRUST_TLS : Distrust TLS Server certificates anchored by
 #   an Entrust root CA and issued after November 11, 2024.
 #
+#   CAMERFIRMA_TLS : Distrust TLS Server certificates anchored by
+#   a Camerfirma root CA and issued after April 15, 2025.
+#
 # Leading and trailing whitespace surrounding each value are ignored.
 # Unknown values are ignored. If the property is commented out or set to the
 # empty String, no policies are enforced.
@@ -1226,7 +1229,7 @@ jdk.sasl.disabledMechanisms=
 # jdk.certpath.disabledAlgorithms; those restrictions are still enforced even
 # if this property is not enabled.
 #
-jdk.security.caDistrustPolicies=SYMANTEC_TLS,ENTRUST_TLS
+jdk.security.caDistrustPolicies=SYMANTEC_TLS,ENTRUST_TLS,CAMERFIRMA_TLS
 
 #
 # Policies for the proxy_impersonator Kerberos ccache configuration entry

jdk/src/share/lib/security/java.security-linux

@@ -1221,6 +1221,9 @@ jdk.sasl.disabledMechanisms=
 #   ENTRUST_TLS : Distrust TLS Server certificates anchored by
 #   an Entrust root CA and issued after November 11, 2024.
 #
+#   CAMERFIRMA_TLS : Distrust TLS Server certificates anchored by
+#   a Camerfirma root CA and issued after April 15, 2025.
+#
 # Leading and trailing whitespace surrounding each value are ignored.
 # Unknown values are ignored. If the property is commented out or set to the
 # empty String, no policies are enforced.
@@ -1232,7 +1235,7 @@ jdk.sasl.disabledMechanisms=
 # jdk.certpath.disabledAlgorithms; those restrictions are still enforced even
 # if this property is not enabled.
 #
-jdk.security.caDistrustPolicies=SYMANTEC_TLS,ENTRUST_TLS
+jdk.security.caDistrustPolicies=SYMANTEC_TLS,ENTRUST_TLS,CAMERFIRMA_TLS
 
 #
 # Policies for the proxy_impersonator Kerberos ccache configuration entry

jdk/src/share/lib/security/java.security-macosx

@@ -1219,6 +1219,9 @@ jdk.sasl.disabledMechanisms=
 #   ENTRUST_TLS : Distrust TLS Server certificates anchored by
 #   an Entrust root CA and issued after November 11, 2024.
 #
+#   CAMERFIRMA_TLS : Distrust TLS Server certificates anchored by
+#   a Camerfirma root CA and issued after April 15, 2025.
+#
 # Leading and trailing whitespace surrounding each value are ignored.
 # Unknown values are ignored. If the property is commented out or set to the
 # empty String, no policies are enforced.
@@ -1230,7 +1233,7 @@ jdk.sasl.disabledMechanisms=
 # jdk.certpath.disabledAlgorithms; those restrictions are still enforced even
 # if this property is not enabled.
 #
-jdk.security.caDistrustPolicies=SYMANTEC_TLS,ENTRUST_TLS
+jdk.security.caDistrustPolicies=SYMANTEC_TLS,ENTRUST_TLS,CAMERFIRMA_TLS
 
 #
 # Policies for the proxy_impersonator Kerberos ccache configuration entry

jdk/src/share/lib/security/java.security-solaris

@@ -1217,6 +1217,9 @@ jdk.sasl.disabledMechanisms=
 #   ENTRUST_TLS : Distrust TLS Server certificates anchored by
 #   an Entrust root CA and issued after November 11, 2024.
 #
+#   CAMERFIRMA_TLS : Distrust TLS Server certificates anchored by
+#   a Camerfirma root CA and issued after April 15, 2025.
+#
 # Leading and trailing whitespace surrounding each value are ignored.
 # Unknown values are ignored. If the property is commented out or set to the
 # empty String, no policies are enforced.
@@ -1228,7 +1231,7 @@ jdk.sasl.disabledMechanisms=
 # jdk.certpath.disabledAlgorithms; those restrictions are still enforced even
 # if this property is not enabled.
 #
-jdk.security.caDistrustPolicies=SYMANTEC_TLS,ENTRUST_TLS
+jdk.security.caDistrustPolicies=SYMANTEC_TLS,ENTRUST_TLS,CAMERFIRMA_TLS
 
 #
 # Policies for the proxy_impersonator Kerberos ccache configuration entry

jdk/src/share/lib/security/java.security-windows

@@ -1219,6 +1219,9 @@ jdk.sasl.disabledMechanisms=
 #   ENTRUST_TLS : Distrust TLS Server certificates anchored by
 #   an Entrust root CA and issued after November 11, 2024.
 #
+#   CAMERFIRMA_TLS : Distrust TLS Server certificates anchored by
+#   a Camerfirma root CA and issued after April 15, 2025.
+#
 # Leading and trailing whitespace surrounding each value are ignored.
 # Unknown values are ignored. If the property is commented out or set to the
 # empty String, no policies are enforced.
@@ -1230,7 +1233,7 @@ jdk.sasl.disabledMechanisms=
 # jdk.certpath.disabledAlgorithms; those restrictions are still enforced even
 # if this property is not enabled.
 #
-jdk.security.caDistrustPolicies=SYMANTEC_TLS,ENTRUST_TLS
+jdk.security.caDistrustPolicies=SYMANTEC_TLS,ENTRUST_TLS,CAMERFIRMA_TLS
 
 #
 # Policies for the proxy_impersonator Kerberos ccache configuration entry

jdk/test/sun/security/ssl/X509TrustManagerImpl/distrust/Camerfirma.java

@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.File;
+import java.security.Security;
+import java.time.*;
+import java.util.*;
+import javax.net.ssl.*;
+
+/**
+ * @test
+ * @bug 8346587
+ * @summary Check that TLS Server certificates chaining back to distrusted
+ *          Camerfirma roots are invalid
+ * @library /lib/security
+ * @modules java.base/sun.security.validator
+ * @run main/othervm Camerfirma after policyOn invalid
+ * @run main/othervm Camerfirma after policyOff valid
+ * @run main/othervm Camerfirma before policyOn valid
+ * @run main/othervm Camerfirma before policyOff valid
+ */
+
+public class Camerfirma {
+
+    private static final String certPath = "chains" + File.separator + "camerfirma";
+
+    // Each of the roots have a test certificate chain stored in a file
+    // named "<root>-chain.pem".
+    private static String[] rootsToTest = new String[] {
+            "camerfirmachamberscommerceca", "camerfirmachambersca",
+            "camerfirmachambersignca"};
+
+    // Date after the restrictions take effect
+    private static final ZonedDateTime DISTRUST_DATE =
+            LocalDate.of(2025, 04, 16).atStartOfDay(ZoneOffset.UTC);
+
+    public static void main(String[] args) throws Exception {
+
+        // All of the test certificates are signed with SHA-1 so we need
+        // to remove the constraint that disallows SHA-1 certificates.
+        String prop = Security.getProperty("jdk.certpath.disabledAlgorithms");
+        String newProp = prop.replace(", SHA1 jdkCA & usage TLSServer", "");
+        Security.setProperty("jdk.certpath.disabledAlgorithms", newProp);
+
+        Distrust distrust = new Distrust(args);
+
+        X509TrustManager[] tms = new X509TrustManager[]{
+                distrust.getTMF("PKIX", null),
+                distrust.getTMF("SunX509", null)
+        };
+
+        Date notBefore = distrust.getNotBefore(DISTRUST_DATE);
+        distrust.testCertificateChain(certPath, notBefore, tms, rootsToTest);
+    }
+}

jdk/test/sun/security/ssl/X509TrustManagerImpl/distrust/Distrust.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2024, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -196,7 +196,13 @@ public boolean[] getIssuerUniqueID() {
         public boolean[] getSubjectUniqueID() {
             return cert.getSubjectUniqueID();
         }
-        public boolean[] getKeyUsage() { return cert.getKeyUsage(); }
+        public boolean[] getKeyUsage() {
+            // Turn on the Digital Signature bit. Some certs that we want
+            // to use as test certs don't have this bit turned on.
+            boolean[] withDigitalSignature = cert.getKeyUsage();
+            withDigitalSignature[0] = true;
+            return withDigitalSignature;
+        }
         public int getBasicConstraints() { return cert.getBasicConstraints(); }
         public byte[] getEncoded() throws CertificateEncodingException {
             return cert.getEncoded();