有多个匹配的证书时如何选择SSL客户端证书? [英] How is the SSL client certificate chosen when there are multiple matching certificates?
问题描述
这不是设计应该发生的事情,但出于安全考虑,我想知道如何将正确"的证书发送到服务器,假设有多个证书符合由某个人签名的要求CA?
It's not something that should happen by design, but for security concerns, i'm wondering how will the "right" certificate be sent to the server, assuming there are more than one certificates matching the requirement of being signed by a certain CA?
我正在使用一个简单的 SSL JAVA 示例客户端,连接到 Apache HTTPD.
I'm using a simple SSL JAVA example client, connecting to an Apache HTTPD.
我尝试使用 4 个证书进行测试,每次删除所选的一个并记录下一个被选中的人.除了证书sha256"的字典顺序之外,我找不到合理的逻辑(即日期、别名等).这对我来说似乎不太可能...
I tried testing with 4 certificates, each time deleting the chosen one and noting who was chosen next. I couldn't find a reasonable logic (i.e. date, alias name etc.) other than maybe a lexicographic order of the "sha256" of the certificates. that seems unlikely to me...
示例客户端执行类似操作
The example client does something like
System.setProperty("javax.net.ssl.keyStore","device.p12");
System.setProperty("javax.net.ssl.keyStorePassword","password");
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
System.setProperty("javax.net.ssl.trustStore","truststore.jks");
System.setProperty("javax.net.ssl.trustStorePassword","password");
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslSock = (SSLSocket) factory.createSocket("87.69.60.100",443);
BufferedWriter wr = new BufferedWriter(new OutputStreamWriter(sslSock.getOutputStream(), "UTF8"));
wr.write("GET /lather HTTP/1.1\r\nhost: 87.69.60.100\r\n\r\n");
wr.flush();
而Apache是用
And the Apache is configured with
SSLCACertificateFile rootCA.crt
SSLVerifyClient require
我找不到相关文档来回答这个问题.我也想知道 - Apache 是否有可能以某种方式转发多个证书链?(比如行为不端的客户发送了一些奇怪的东西).
I couldn't find the relevant documentation to answer the question. I'm also wondering- is there any chance that the Apache will somehow forward more than one certificates chains? (say with a misbehaving client sending something weird).
谢谢!
推荐答案
需要客户端身份验证的服务器将发送可接受的证书类型列表,可能还会发送可接受的 CA 列表.默认情况下,您的 Java 客户端会应用以下算法:
A server that requires client authentication will send a list of acceptable certificate types, possibly along with a list of acceptable CAs. By default, your Java client then applies the following algorithm:
- 对于服务器接受的每种证书类型(RSA、DSA、EC),在密钥库中查找使用指定算法生成的任何公钥/私钥对
- 如果服务器发送了可接受的 CA 列表,则删除其证书链中不包含列表中任何 CA 的任何密钥对
- 如果剩余至少一个密钥对,则选择第一个对应的私钥;否则返回步骤 1 以获取下一个密钥类型.
客户端证书选择算法未在 RFC 5246,但 Java 的简单默认实现似乎是合理的,如果 EJP 指出将来可能会发生变化.特别是,第一个"几乎是随机的——凭据当前存储在 Map 中,因此它将取决于条目集的迭代顺序.此外,KeyManager 实现是可插入的,OpenJDK 提供了一个NewSun"实现,它通过传递安全属性 ssl.KeyManagerFactory.algorithm=NewSunX509 来激活.第二个还将考虑您的客户端证书的 keyUsage 和 extendedKeyUsage 属性,以及到期日期.
The client certificate choice algorithm isn't specified in RFC 5246, but Java's simple default implementation seems reasonable, if subject to change in the future as noted by EJP. In particular, the 'first' one is pretty much random - credentials are currently stored in a Map, so it is going to depend on iteration order of the entry set. Also, the KeyManager implementations are pluggable, and there is a 'NewSun' implementation available with OpenJDK that is activated by passing the security property ssl.KeyManagerFactory.algorithm=NewSunX509. This second one will also take into account of your client certificates' keyUsage and extendedKeyUsage attributes, as well as the expiry dates.
如果您需要保证从可能性列表中发送的证书,并且您发现默认行为不适合您,您最好的选择是手动创建一个单项密钥库并使用它来初始化 SSLContext,或编写您自己的 X509KeyManager 实现以在 chooseClientAlias 中执行您想要的操作,例如 这个问题 或这个问题.
If you need to guarantee the certificate sent from a list of possibilities and you find that the default behaviours aren't doing it for you, your best option is to manually create a single-entry keystore and use it to initialise an SSLContext, or write your own implemenation of X509KeyManager to do what you want in chooseClientAlias, like in the answers to this question or this question.
这篇关于有多个匹配的证书时如何选择SSL客户端证书?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
