JCE: add OCSP response status check before native verification via wolfSSL_d2i_OCSP_RESPONSE()

Author: cconlon

jni/include/com_wolfssl_wolfcrypt_WolfSSLCertManager.h

@@ -170,6 +170,32 @@ static void removeCallbackCtx(WOLFSSL_CERT_MANAGER* cm)
     }
 }
 
+/* Extract cert DER bytes at given depth from WOLFSSL_X509_STORE_CTX into
+ * a new jbyteArray. Returns NULL if cert not available at depth. */
+static jbyteArray getCertDerAtDepth(JNIEnv* jenv,
+    WOLFSSL_X509_STORE_CTX* store, int depth)
+{
+    jbyteArray der = NULL;
+    WOLFSSL_BUFFER_INFO* certInfo = NULL;
+
+    if (store->certs == NULL || depth < 0 || depth >= store->totalCerts) {
+        return NULL;
+    }
+
+    certInfo = &store->certs[depth];
+    if (certInfo->buffer == NULL || certInfo->length == 0) {
+        return NULL;
+    }
+
+    der = (*jenv)->NewByteArray(jenv, (jsize)certInfo->length);
+    if (der != NULL) {
+        (*jenv)->SetByteArrayRegion(jenv, der, 0, (jsize)certInfo->length,
+            (const jbyte*)certInfo->buffer);
+    }
+
+    return der;
+}
+
 /* Native verify callback that calls into Java verify callback.
  *
  * This is registered with wolfSSL_CertManagerSetVerify() and called
@@ -185,6 +211,7 @@ static int nativeVerifyCallback(int preverify, WOLFSSL_X509_STORE_CTX* store)
     jint result = 0;
     JNIEnv* jenv = NULL;
     VerifyCallbackCtx* ctx = NULL;
+    jbyteArray certDer     = NULL;
     jclass callbackClass   = NULL;
     jmethodID verifyMethod = NULL;
 
@@ -236,28 +263,37 @@ static int nativeVerifyCallback(int preverify, WOLFSSL_X509_STORE_CTX* store)
     error = store->error;
     errorDepth = store->error_depth;
 
+    /* If available, extract cert DER bytes from store context at errorDepth */
+    certDer = getCertDerAtDepth(jenv, store, errorDepth);
+
     /* Find verify() method on callback object */
     callbackClass = (*jenv)->GetObjectClass(jenv, ctx->callback);
     if (callbackClass == NULL) {
+        if (certDer != NULL) {
+            (*jenv)->DeleteLocalRef(jenv, certDer);
+        }
         if (needsDetach) {
             (*ctx->jvm)->DetachCurrentThread(ctx->jvm);
         }
         return 0;
     }
 
     verifyMethod = (*jenv)->GetMethodID(jenv, callbackClass,
-        "verify", "(III)I");
+        "verify", "(III[B)I");
     if (verifyMethod == NULL) {
+        if (certDer != NULL) {
+            (*jenv)->DeleteLocalRef(jenv, certDer);
+        }
         (*jenv)->DeleteLocalRef(jenv, callbackClass);
         if (needsDetach) {
             (*ctx->jvm)->DetachCurrentThread(ctx->jvm);
         }
         return 0;
     }
 
-    /* Call Java callback.verify(preverify, error, errorDepth) */
+    /* Call Java callback.verify(preverify, error, errorDepth, certDer) */
     result = (*jenv)->CallIntMethod(jenv, ctx->callback, verifyMethod,
-        (jint)preverify, (jint)error, (jint)errorDepth);
+        (jint)preverify, (jint)error, (jint)errorDepth, certDer);
 
     /* Check for Java exceptions, reject on exception */
     if ((*jenv)->ExceptionCheck(jenv)) {
@@ -273,6 +309,9 @@ static int nativeVerifyCallback(int preverify, WOLFSSL_X509_STORE_CTX* store)
         store->error = 0;
     }
 
+    if (certDer != NULL) {
+        (*jenv)->DeleteLocalRef(jenv, certDer);
+    }
     (*jenv)->DeleteLocalRef(jenv, callbackClass);
     if (needsDetach) {
         (*ctx->jvm)->DetachCurrentThread(ctx->jvm);
@@ -749,6 +788,69 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_WolfSSLCertManager_CertManager
 #endif
 }
 
+/* Get OCSPResponseStatus from raw OCSP response bytes.
+ *
+ * Uses wolfSSL_d2i_OCSP_RESPONSE() to parse response and
+ * wolfSSL_OCSP_response_status() to extract the status.
+ *
+ * RFC 6960:
+ *   OCSPResponse ::= SEQUENCE {
+ *       responseStatus OCSPResponseStatus,
+ *       responseBytes  [0] EXPLICIT ResponseBytes OPTIONAL }
+ *   OCSPResponseStatus ::= ENUMERATED {
+ *       successful (0), malformedRequest (1), internalError (2),
+ *       tryLater (3), sigRequired (5), unauthorized (6) }
+ *
+ * Returns OCSPResponseStatus ENUMERATED value (0-6) on success, or negative
+ * error code on failure (BAD_FUNC_ARG, MEMORY_E, NOT_COMPILED_IN, or -1 on
+ * parse failure).
+ */
+JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_WolfSSLCertManager_OcspResponseStatus
+  (JNIEnv* env, jclass jcl, jbyteArray response, jint responseSz)
+{
+#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA)
+    int ret = -1;
+    jint arrLen = 0;
+    byte* respBuf = NULL;
+    const unsigned char* p = NULL;
+    OcspResponse* ocspResp = NULL;
+    (void)jcl;
+    (void)responseSz;
+
+    if (env == NULL || response == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    arrLen = (*env)->GetArrayLength(env, response);
+    if (arrLen <= 0) {
+        return BAD_FUNC_ARG;
+    }
+
+    respBuf = (byte*)(*env)->GetByteArrayElements(env, response, NULL);
+    if (respBuf == NULL) {
+        return MEMORY_E;
+    }
+
+    p = (const unsigned char*)respBuf;
+    ocspResp = wolfSSL_d2i_OCSP_RESPONSE(NULL, &p, (int)arrLen);
+    if (ocspResp != NULL) {
+        ret = wolfSSL_OCSP_response_status(ocspResp);
+        wolfSSL_OCSP_RESPONSE_free(ocspResp);
+    }
+
+    (*env)->ReleaseByteArrayElements(env, response, (jbyte*)respBuf, JNI_ABORT);
+
+    return (jint)ret;
+
+#else
+    (void)env;
+    (void)jcl;
+    (void)response;
+    (void)responseSz;
+    return NOT_COMPILED_IN;
+#endif /* HAVE_OCSP && OPENSSL_EXTRA */
+}
+
 JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_WolfSSLCertManager_CertManagerSetVerify
   (JNIEnv* env, jclass jcl, jlong cmPtr, jobject callback)
 {

jni/jni_wolfssl_cert_manager.c

@@ -406,6 +406,36 @@ else if (certIndex >= 0 && trustAnchors != null) {
         }
     }
 
+    /**
+     * Get human readable name for OCSPResponseStatus value.
+     *
+     * Per RFC 6960, OCSPResponseStatus ::= ENUMERATED {
+     *     successful (0), malformedRequest (1), internalError (2),
+     *     tryLater (3), sigRequired (5), unauthorized (6) }
+     *
+     * @param status OCSPResponseStatus value
+     * @return status name string
+     */
+    private String getOcspResponseStatusName(int status) {
+
+        switch (status) {
+            case 0:
+                return "SUCCESSFUL";
+            case 1:
+                return "MALFORMED_REQUEST";
+            case 2:
+                return "INTERNAL_ERROR";
+            case 3:
+                return "TRY_LATER";
+            case 5:
+                return "SIG_REQUIRED";
+            case 6:
+                return "UNAUTHORIZED";
+            default:
+                return "UNKNOWN(" + status + ")";
+        }
+    }
+
     /**
      * Check pre-loaded OCSP response.
      *
@@ -420,6 +450,7 @@ else if (certIndex >= 0 && trustAnchors != null) {
     private void checkPreloadedOcspResponse(X509Certificate cert)
         throws CertPathValidatorException {
 
+        int ocspStatus;
         byte[] response;
         byte[] certDer;
 
@@ -435,14 +466,29 @@ private void checkPreloadedOcspResponse(X509Certificate cert)
                 "CertManager not available for OCSP response checking");
         }
 
+        /* Check OCSP response status before native verification.
+         * Non-successful OCSP responses (e.g. UNAUTHORIZED, TRY_LATER) should
+         * be reported as errors per RFC 6960. Use native wolfSSL to parse the
+         * response status from raw DER bytes. */
+        ocspStatus = WolfSSLCertManager.getOcspResponseStatus(response,
+            response.length);
+        if (ocspStatus > 0) {
+            throw new CertPathValidatorException("OCSP response error: " +
+                getOcspResponseStatusName(ocspStatus));
+        }
+        else if (ocspStatus < 0) {
+            throw new CertPathValidatorException(
+                "Failed to parse OCSP response status: " + ocspStatus);
+        }
+
         /* Load issuer cert so OCSP response signature can be verified */
         loadIssuerForOcspVerification(cert);
 
         try {
             certDer = cert.getEncoded();
 
-            certManager.CertManagerCheckOCSPResponse(
-                response, response.length, certDer, certDer.length);
+            certManager.CertManagerCheckOCSPResponse(response, response.length,
+                certDer, certDer.length);
 
         } catch (CertificateEncodingException e) {
             throw new CertPathValidatorException(

src/main/java/com/wolfssl/provider/jce/WolfCryptPKIXRevocationChecker.java

@@ -84,6 +84,7 @@ static native int CertManagerLoadCRLBuffer(
     static native int CertManagerCheckOCSP(long cm, byte[] cert, int sz);
     static native int CertManagerCheckOCSPResponse(
         long cm, byte[] response, int responseSz, byte[] cert, int certSz);
+    static native int OcspResponseStatus(byte[] response, int responseSz);
     static native int CertManagerSetVerify(long cm, Object callback);
     static native int CertManagerClearVerify(long cm);
 
@@ -188,8 +189,9 @@ public synchronized void CertManagerLoadCA(X509Certificate cert)
         synchronized (cmLock) {
             try {
                 /* Throws WolfCryptException on native error */
-                CertManagerLoadCABuffer(cert.getEncoded(),
-                    cert.getEncoded().length, WolfCrypt.SSL_FILETYPE_ASN1);
+                byte[] encoded = cert.getEncoded();
+                CertManagerLoadCABuffer(encoded, encoded.length,
+                    WolfCrypt.SSL_FILETYPE_ASN1);
             } catch (CertificateEncodingException e) {
                 throw new WolfCryptException(e);
             }
@@ -247,9 +249,9 @@ public synchronized void CertManagerLoadCA(X509Certificate cert, int flags)
 
         synchronized (cmLock) {
             try {
-                CertManagerLoadCABufferEx(cert.getEncoded(),
-                    cert.getEncoded().length, WolfCrypt.SSL_FILETYPE_ASN1,
-                    flags);
+                byte[] encoded = cert.getEncoded();
+                CertManagerLoadCABufferEx(encoded, encoded.length,
+                    WolfCrypt.SSL_FILETYPE_ASN1, flags);
             } catch (CertificateEncodingException e) {
                 throw new WolfCryptException(e);
             }
@@ -292,8 +294,8 @@ public synchronized void CertManagerLoadCAKeyStore(KeyStore ks)
 
                 if (cert != null && cert.getBasicConstraints() >= 0) {
                     /* Will throw WolfCryptException on error */
-                    CertManagerLoadCABuffer(cert.getEncoded(),
-                        cert.getEncoded().length,
+                    byte[] encoded = cert.getEncoded();
+                    CertManagerLoadCABuffer(encoded, encoded.length,
                         WolfCrypt.SSL_FILETYPE_ASN1);
                     loadedCerts++;
                 }
@@ -383,8 +385,9 @@ public synchronized void CertManagerVerify(
         synchronized (cmLock) {
             try {
                 /* Throws WolfCryptException on native error */
-                CertManagerVerifyBuffer(cert.getEncoded(),
-                    cert.getEncoded().length, WolfCrypt.SSL_FILETYPE_ASN1);
+                byte[] encoded = cert.getEncoded();
+                CertManagerVerifyBuffer(encoded, encoded.length,
+                    WolfCrypt.SSL_FILETYPE_ASN1);
             } catch (CertificateEncodingException e) {
                 throw new WolfCryptException(e);
             }
@@ -691,6 +694,38 @@ public synchronized void CertManagerCheckOCSPResponse(
         }
     }
 
+    /**
+     * Get OCSPResponseStatus from raw OCSP response bytes.
+     *
+     * Uses native wolfSSL_d2i_OCSP_RESPONSE() to parse the response and
+     * wolfSSL_OCSP_response_status() to extract the status value per RFC 6960.
+     *
+     * This is a static method that does not require a WolfSSLCertManager
+     * instance.
+     *
+     * @param response raw OCSP response bytes (DER encoded)
+     * @param responseSz size of OCSP response
+     *
+     * @return OCSPResponseStatus value:
+     *         0 = successful,
+     *         1 = malformedRequest,
+     *         2 = internalError,
+     *         3 = tryLater,
+     *         5 = sigRequired,
+     *         6 = unauthorized,
+     *         negative on error (NOT_COMPILED_IN, BAD_FUNC_ARG,
+     *         MEMORY_E, or -1 if response parsing failed)
+     */
+    public static int getOcspResponseStatus(byte[] response, int responseSz) {
+
+        if (response == null || responseSz < 0 ||
+            responseSz > response.length) {
+            return WolfCryptError.BAD_FUNC_ARG.getCode();
+        }
+
+        return OcspResponseStatus(response, responseSz);
+    }
+
     /**
      * Set verification callback for this CertManager.
      *