JDK-8360289 : Support algorithm constraints and certificate checks in SunX509 key manager
  • Type: CSR
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Priority: P4
  • Status: Finalized
  • Resolution: Unresolved
  • Fix Versions: 26
  • Submitted: 2025-06-23
  • Updated: 2025-07-24
Related Reports
CSR :  
JDK-8359956 - Support algorithm constraints and certificate checks in SunX509 key manager
Description
Summary
-------
Support TLS algorithm constraints and certificate checks in SunX509 key manager which is currently the default key manager. In other words, SunX509 key manager should support the same certificate checks that are supported by PKIX key manager.

Problem
-------
**Background:**

The JSSE TLS handshake code currently calls into SunX509 key manager(`SunX509KeyManagerImpl` class) to find the certificates to use via the following methods:

 - chooseServerAlias

 - chooseEngineServerAlias

 - chooseClientAlias

 - chooseEngineClientAlias


**Problems to be addressed:**

1) Peer supported certificate signature algorithms (sent with `signature_algorithms_cert` extension) are not being checked with default SunX509 key manager. There may be interoperability issue because one side cannot select the right certificate while the other side will reject the selected certificate because on its own algorithm constraints.

2) Local algorithm constraints (`java.security` config file) are not being checked with the default SunX509 key manager. This is something JDK users may expect.

3)  SunX509 key manager doesn't perform certificate checks. In particular, it is *not* guaranteed that:

   - The certificates are within their validity period

   - The certificate extensions allow the certificate to be used for the desired purpose.

Solution
--------
1) Add support for peer supported certificate signature algorithms.

2) Add support for local TLS algorithm constraints.

3) Select the best suited certificate based on validity period and certificate extensions.

Effectively there should be only 2 differences between PKIX and SunX509 key managers:

- PKIX supports multiple key stores through KeyStore.Builder interface while SunX509 supports only a single keystore.
- SunX509 caches its whole key store on initialization thus improving performance. This means that subsequent modifications of the KeyStore have no effect on SunX509 key manager, unlike PKIX key manager.

Specification
-------------
1) New system property to be added which should restore the original SunX509 key manager's behavior when set to `false` if users want to disable the algorithm constraints and certificate checks for some reason. The default value for the property is `true`:

      jdk.tls.SunX509KeyManager.certChecking

2) Update the description of the `SunX509` KeyManagerFactory algorithm in the JDK Providers Guide:
https://docs.oracle.com/en/java/javase/24/security/oracle-providers.html#GUID-7093246A-31A3-4304-AC5F-5FB6400405E2