> With this PR we try to be better in loading certificates from the MacOS > Keychain into a JDK Trust store. > > The current implementation after JDK-8278449 would only load/trust > certificates from an identity (with private key available) and certificates > that have explicit trust set in the user domain (as shown by security > dump-trust-settings). This, however is not sufficient and does not match the > MacOS system behavior, e.g. if you compare with tools like curl or Safari. > > This change does the following: > 1. The native method that reads trust settings will call the API > SecTrustSettingsCopyTrustSettings on a certificate for both, User and Admin > domain. > 2. No trust settings will be reported as "inputTrust" being null. If the > certificate is trusted with no specific records, "inputTrust" will be an > empty list. > 3. The Java Method to add a certificate now checks for "self signed" > certificate not only by checking whether it was signed with its own key but > it must also not be a root certificate that can be used to sign other > certificates. This is done by inspecting the key usage extension. > 4. We now trust certificates that are either "real" self-signed certificates > or certificates that have an explicit trust entry with no sub-records that > would deny the certificate for any purpose. > 5. The check for double aliases has been augmented by comparing whether the > certificate to be added is the same as the one that is already present. This > can happen if a certificate is contained in both, the user and the system > keychain, for instance. > > I have added a test that verifies whether certificates that should be trusted > from "security dump-trust-settings" are contained in the keystore and those > that should be disallowed are absent.
Christoph Langer has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains five additional commits since the last revision: - Do not trust self signed certificates without trust settings - Merge branch 'master' into JDK-8303465 - Check return code of SecTrustSettingsCopyTrustSettings and address review comments - Add some more initializations to avoid crashes - JDK-8303465 ------------- Changes: - all: https://git.openjdk.org/jdk/pull/13945/files - new: https://git.openjdk.org/jdk/pull/13945/files/b14e5f2c..890e12bf Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=13945&range=03 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=13945&range=02-03 Stats: 19714 lines in 628 files changed: 12808 ins; 2901 del; 4005 mod Patch: https://git.openjdk.org/jdk/pull/13945.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/13945/head:pull/13945 PR: https://git.openjdk.org/jdk/pull/13945
